actionpack 3.2.7.rc1 → 3.2.7

data/CHANGELOG.md

@@ -1,5 +1,7 @@
 ## Rails 3.2.7 (unreleased) ##
 
+* Do not convert digest auth strings to symbols. CVE-2012-3424
+  
 * Bump Journey requirements to 1.0.4
 
 * Add support for optional root segments containing slashes

data/lib/action_controller/metal/http_authentication.rb

@@ -227,9 +227,9 @@ module ActionController
       end
 
       def decode_credentials(header)
-        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+        HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
         end]
       end
 

data/lib/action_pack/version.rb

@@ -3,7 +3,7 @@ module ActionPack
     MAJOR = 3
     MINOR = 2
     TINY  = 7
-    PRE   = "rc1"
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

metadata

@@ -1,196 +1,183 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: actionpack
-version: !ruby/object:Gem::Version 
-  hash: 2249827423
-  prerelease: 6
-  segments: 
-  - 3
-  - 2
-  - 7
-  - rc
-  - 1
-  version: 3.2.7.rc1
+version: !ruby/object:Gem::Version
+  version: 3.2.7
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-07-23 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-07-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 2249827423
-        segments: 
-        - 3
-        - 2
-        - 7
-        - rc
-        - 1
-        version: 3.2.7.rc1
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.7
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: activemodel
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.7
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 2249827423
-        segments: 
-        - 3
-        - 2
-        - 7
-        - rc
-        - 1
-        version: 3.2.7.rc1
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.7
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rack-cache
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.7
+- !ruby/object:Gem::Dependency
+  name: rack-cache
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: builder
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        - 0
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 1.4.0
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 0
-        - 6
-        - 1
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: journey
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 31
-        segments: 
-        - 1
-        - 0
-        - 4
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+- !ruby/object:Gem::Dependency
+  name: journey
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 1.0.4
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: sprockets
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 2
-        - 1
-        - 3
+      - !ruby/object:Gem::Version
+        version: 1.0.4
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 2.1.3
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.1.3
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 2
-        - 7
-        - 0
+      - !ruby/object:Gem::Version
         version: 2.7.0
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: tzinfo
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 41
-        segments: 
-        - 0
-        - 3
-        - 29
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+- !ruby/object:Gem::Dependency
+  name: tzinfo
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 0.3.29
   type: :development
-  version_requirements: *id010
-description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.29
+description: Web apps on Rails. Simple, battle-tested conventions for building and
+  testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - CHANGELOG.md
 - README.rdoc
 - MIT-LICENSE
@@ -384,40 +371,27 @@ files:
 - lib/sprockets/static_compiler.rb
 homepage: http://www.rubyonrails.org
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">"
-    - !ruby/object:Gem::Version 
-      hash: 25
-      segments: 
-      - 1
-      - 3
-      - 1
-      version: 1.3.1
-requirements: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
 - none
 rubyforge_project: 
-rubygems_version: 1.8.22
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []
-