activesupport 7.0.7 → 7.0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80a7bd049eb2334eb8d890f9c6e9aa59ac18ad0f389901ab2095325f975c9bf3
-  data.tar.gz: 6c81983a51ecab1619501c6408dd72bcda286ac4a8f10f7238d911c88a89a074
+  metadata.gz: 733fa9e6d5f4467a483a122dfe050d937a35e4e10fad7ff632b23a038d5e1bf6
+  data.tar.gz: 2ce35780ffe33472b8356cb9d37cf902b3818fd4c25b4af7714fb54511db797c
 SHA512:
-  metadata.gz: e5dc3de073888174d4cf67504cf410cd40930f91b7a6acc3e2cb070443f0001921500ec12b759dbb1889b03452b006bd9eb1df27f66a7e9453e0ee71d0e28b90
-  data.tar.gz: c36cc3363dd654026af0f821737b0775de90111e4d8f4e1e7b1a27f42345d110d254c308080fc0f6c7e8e62a63e0ce7e08c69978609c137fd9d0a49cd348aa09
+  metadata.gz: 450ee340fabf8a3931a202fa426758a362cf4d7121a46737dbb7c97ac4c7151cb968e87edefbc6ec71b0da02d399194824b93d312c9a02f2295789bbf5e56490
+  data.tar.gz: e0b77ecd1a551bf8a8e12b057d03143137a447727873fc202edb64371320c61d9ce28af86d5adf36d6ad3fc2eeccc9e6cfeef45f278b0f5b9af67a92218273f4

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## Rails 7.0.7.1 (August 22, 2023) ##
+
+*   Use a temporary file for storing unencrypted files while editing
+
+    [CVE-2023-38037]
+
+
 ## Rails 7.0.7 (August 09, 2023) ##
 
 *   Fix `Cache::NullStore` with local caching for repeated reads.

data/lib/active_support/encrypted_file.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "pathname"
-require "tmpdir"
+require "tempfile"
 require "active_support/message_encryptor"
 
 module ActiveSupport
@@ -81,17 +81,16 @@ module ActiveSupport
 
     private
       def writing(contents)
-        tmp_file = "#{Process.pid}.#{content_path.basename.to_s.chomp('.enc')}"
-        tmp_path = Pathname.new File.join(Dir.tmpdir, tmp_file)
-        tmp_path.binwrite contents
+        Tempfile.create(["", "-" + content_path.basename.to_s.chomp(".enc")]) do |tmp_file|
+          tmp_path = Pathname.new(tmp_file)
+          tmp_path.binwrite contents
 
-        yield tmp_path
+          yield tmp_path
 
-        updated_contents = tmp_path.binread
+          updated_contents = tmp_path.binread
 
-        write(updated_contents) if updated_contents != contents
-      ensure
-        FileUtils.rm(tmp_path) if tmp_path&.exist?
+          write(updated_contents) if updated_contents != contents
+        end
       end
 
 

data/lib/active_support/gem_version.rb

@@ -10,7 +10,7 @@ module ActiveSupport
     MAJOR = 7
     MINOR = 0
     TINY  = 7
-    PRE   = nil
+    PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 7.0.7
+  version: 7.0.7.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-09 00:00:00.000000000 Z
+date: 2023-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -359,10 +359,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.7/activesupport/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.7/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.7.1/activesupport/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.7.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.7/activesupport
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.7.1/activesupport
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options:
@@ -381,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: A toolkit of support libraries and Ruby core extensions extracted from the