activesupport 6.1.7.3 → 6.1.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '08925ee6844118b92f0574ccff73c19cb3cb114f9666a0f0a49d5c33a313fcf3'
-  data.tar.gz: e2e43e6cc370cfc52567071f0d53bc00e39767987530f64b5a32ec03016eceda
+  metadata.gz: b56b4918f12cca3fb75097f3b3fbd61e3e9f2ab8b4decc69c33a98ffca556b1b
+  data.tar.gz: 8c063b8ab0508738f3cccd883ccb3dc54459232aeff10ebc037ef34e424c6957
 SHA512:
-  metadata.gz: 3ec45336e7d88f27c3737279c6bad52cc313208205e937bdd3df72c269106ed6064be74e36fb925826856f8558aeb4e7bc3c9ff9076d11032f060ecd51d8083b
-  data.tar.gz: f356a689c99bccfe6aad84c76497a6e19e2ea2f415a91dd96c7095f962c3cc2cda87278364fd2b7d06450b4bbd503d9628772878afa311934ff6a771287eedca
+  metadata.gz: 863d31ccc7d7a0ec8910363869b433491768b213c80d15b58a98e68295c8b51c98837efa13533bc75c552fa4a85d7c9e375f6220f813f1d0162fc4322671f999
+  data.tar.gz: fedfac33f0f6e5a6256dfe188c1a57eb90dd6e7c1a4516ffebf91b947a918c1f338ca235da7adce9895baadb005d2b8247504cf4ac315e5ff94654b251aac823

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## Rails 6.1.7.5 (August 22, 2023) ##
+
+*   Use a temporary file for storing unencrypted files while editing
+
+    [CVE-2023-38037]
+
+
+## Rails 6.1.7.4 (June 26, 2023) ##
+
+*   No changes.
+
+
 ## Rails 6.1.7.3 (March 13, 2023) ##
 
 *   Implement SafeBuffer#bytesplice

data/lib/active_support/encrypted_file.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "pathname"
-require "tmpdir"
+require "tempfile"
 require "active_support/message_encryptor"
 
 module ActiveSupport
@@ -69,17 +69,16 @@ module ActiveSupport
 
     private
       def writing(contents)
-        tmp_file = "#{Process.pid}.#{content_path.basename.to_s.chomp('.enc')}"
-        tmp_path = Pathname.new File.join(Dir.tmpdir, tmp_file)
-        tmp_path.binwrite contents
+        Tempfile.create(["", "-" + content_path.basename.to_s.chomp(".enc")]) do |tmp_file|
+          tmp_path = Pathname.new(tmp_file)
+          tmp_path.binwrite contents
 
-        yield tmp_path
+          yield tmp_path
 
-        updated_contents = tmp_path.binread
+          updated_contents = tmp_path.binread
 
-        write(updated_contents) if updated_contents != contents
-      ensure
-        FileUtils.rm(tmp_path) if tmp_path&.exist?
+          write(updated_contents) if updated_contents != contents
+        end
       end
 
 

data/lib/active_support/gem_version.rb

@@ -10,7 +10,7 @@ module ActiveSupport
     MAJOR = 6
     MINOR = 1
     TINY  = 7
-    PRE   = "3"
+    PRE   = "5"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 6.1.7.3
+  version: 6.1.7.5
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-13 00:00:00.000000000 Z
+date: 2023-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -357,10 +357,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.7.3/activesupport/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.7.3/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.7.5/activesupport/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.7.5/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.7.3/activesupport
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.7.5/activesupport
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options:
@@ -379,7 +379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.3
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: A toolkit of support libraries and Ruby core extensions extracted from the