actionpack 3.1.6 → 3.1.7

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* Do not convert digest auth strings to symbols. CVE-2012-3424
+
 ## Rails 3.1.6 (Jun 12, 2012)
 
 *   nil is removed from array parameter values

data/lib/action_controller/metal/http_authentication.rb

@@ -227,9 +227,9 @@ module ActionController
       end
 
       def decode_credentials(header)
-        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+        HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
         end]
       end
 

data/lib/action_pack/version.rb

@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 1
-    TINY  = 6
+    TINY  = 7
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata

@@ -1,205 +1,199 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: actionpack
-version: !ruby/object:Gem::Version 
-  hash: 15
+version: !ruby/object:Gem::Version
+  version: 3.1.7
   prerelease: 
-  segments: 
-  - 3
-  - 1
-  - 6
-  version: 3.1.6
 platform: ruby
-authors: 
+authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-06-12 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-07-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 3
-        - 1
-        - 6
-        version: 3.1.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: activemodel
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 3
-        - 1
-        - 6
-        version: 3.1.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rack-cache
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: rack-cache
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: builder
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: i18n
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 0
-        - 6
-        version: "0.6"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.6'
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 3
-        - 6
+      - !ruby/object:Gem::Version
         version: 1.3.6
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 0
-        - 6
-        - 1
+      - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: rack-mount
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+- !ruby/object:Gem::Dependency
+  name: rack-mount
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 59
-        segments: 
-        - 0
-        - 8
-        - 2
+      - !ruby/object:Gem::Version
         version: 0.8.2
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: sprockets
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 2
-        - 0
-        - 4
+      - !ruby/object:Gem::Version
+        version: 0.8.2
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 2.0.4
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.4
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 2
-        - 7
-        - 0
+      - !ruby/object:Gem::Version
         version: 2.7.0
   type: :runtime
-  version_requirements: *id010
-- !ruby/object:Gem::Dependency 
-  name: tzinfo
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+- !ruby/object:Gem::Dependency
+  name: tzinfo
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 41
-        segments: 
-        - 0
-        - 3
-        - 29
+      - !ruby/object:Gem::Version
         version: 0.3.29
   type: :development
-  version_requirements: *id011
-description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.29
+description: Web apps on Rails. Simple, battle-tested conventions for building and
+  testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - CHANGELOG.md
 - README.rdoc
 - MIT-LICENSE
@@ -390,38 +384,27 @@ files:
 - lib/sprockets/static_compiler.rb
 homepage: http://www.rubyonrails.org
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-requirements: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
 - none
 rubyforge_project: 
-rubygems_version: 1.8.22
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []
-