[DRE-commits] [SCM] ruby-activemodel-3.2.git branch, master, updated. debian/3.2.13-4-12-gc9317f9

[Christian Hofstaedtler]

The following commit has been merged in the master branch:
commit b422343aa80d01a3b78496f641566a100f72cc2c
Author: Christian Hofstaedtler <christian at hofstaedtler.name>
Date:   Mon Jun 3 17:50:55 2013 +0200

    Remove upstream patch CVE-2013-0276

diff --git a/debian/patches/CVE-2013-0276.patch b/debian/patches/CVE-2013-0276.patch
deleted file mode 100644
index fe3374a..0000000
--- a/debian/patches/CVE-2013-0276.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001
-From: joernchen of Phenoelit <joernchen at phenoelit.de>
-Date: Sat, 9 Feb 2013 15:46:44 -0800
-Subject: [PATCH] Fix issue with attr_protected where malformed input could
- circumvent protection
-
-Fixes: CVE-2013-0276
----
- activemodel/lib/active_model/attribute_methods.rb                       | 2 +-
- activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
---- a/lib/active_model/attribute_methods.rb
-+++ b/lib/active_model/attribute_methods.rb
-@@ -365,7 +365,7 @@ module ActiveModel
-             end
- 
-             @prefix, @suffix = options[:prefix] || '', options[:suffix] || ''
--            @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/
-+            @regex = /\A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})\z/
-             @method_missing_target = "#{@prefix}attribute#{@suffix}"
-             @method_name = "#{prefix}%s#{suffix}"
-           end
---- a/lib/active_model/mass_assignment_security/permission_set.rb
-+++ b/lib/active_model/mass_assignment_security/permission_set.rb
-@@ -19,7 +19,7 @@ module ActiveModel
-     protected
- 
-       def remove_multiparameter_id(key)
--        key.to_s.gsub(/\(.+/, '')
-+        key.to_s.gsub(/\(.+/m, '')
-       end
-     end
- 
diff --git a/debian/patches/series b/debian/patches/series
index 38dbc7b..55525fb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
 remove-rubygems-requirement.patch
-CVE-2013-0276.patch

-- 
ruby-activemodel-3.2.git