[DRE-commits] [SCM] ruby-actionpack-3.2.git branch, master, updated. debian/3.2.6-2-1-g6035afc
Antonio Terceiro
terceiro at debian.org
Sat Aug 4 12:31:45 UTC 2012
The following commit has been merged in the master branch:
commit 6035afc9728e6b0636ade4392ea06038b10c41bd
Author: Antonio Terceiro <terceiro at debian.org>
Date: Sat Aug 4 09:30:18 2012 -0300
Prepare upload to unstable
diff --git a/debian/changelog b/debian/changelog
index ee82412..c89736f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ruby-actionpack-3.2 (3.2.6-3) unstable; urgency=high
+
+ * Add patch by Aaron Patterson for CVE-2012-3424 (Closes: #683370)
+
+ -- Antonio Terceiro <terceiro at debian.org> Sat, 04 Aug 2012 09:28:12 -0300
+
ruby-actionpack-3.2 (3.2.6-2) unstable; urgency=low
* Bump build dependency to gem2deb >= 0.3.0~
diff --git a/debian/patches/CVE-2012-3424.patch b/debian/patches/CVE-2012-3424.patch
new file mode 100644
index 0000000..8fdf1f2
--- /dev/null
+++ b/debian/patches/CVE-2012-3424.patch
@@ -0,0 +1,22 @@
+Description: Do not convert digest auth strings to symbols.
+Author: Aaron Patterson <aaron.patterson at gmail.com>
+
+---
+
+Origin: upstream, https://github.com/rails/rails/commit/27311fef5efa598f281649074255834546d2b4ec
+Forwarded: not-needed
+
+--- ruby-actionpack-3.2-3.2.6.orig/lib/action_controller/metal/http_authentication.rb
++++ ruby-actionpack-3.2-3.2.6/lib/action_controller/metal/http_authentication.rb
+@@ -227,9 +227,9 @@ module ActionController
+ end
+
+ def decode_credentials(header)
+- Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
++ HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+ key, value = pair.split('=', 2)
+- [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
++ [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
+ end]
+ end
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d5adff9
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2012-3424.patch
--
ruby-actionpack-3.2.git
More information about the Pkg-ruby-extras-commits
mailing list