[DRE-commits] [ruby-activerecord-3.2] 06/06: Remove obsolete patches

Tue Apr 29 10:54:30 UTC 2014

This is an automated email from the git hooks/post-receive script.

ondrej pushed a commit to annotated tag debian/3.2.16-1
in repository ruby-activerecord-3.2.

commit 5a94ad6ce25fb8146591bce27525476dea97d983
Author: Ondřej Surý <ondrej at sury.org>
Date:   Thu Dec 5 10:46:50 2013 +0100

    Remove obsolete patches
---
 debian/patches/3-2-dynamic_finder_injection.patch | 32 -----------------------
 debian/patches/CVE-2013-0155.patch                | 25 ------------------
 debian/patches/CVE-2013-1854.patch                | 22 ----------------
 debian/patches/series                             |  3 ---
 4 files changed, 82 deletions(-)

diff --git a/debian/patches/3-2-dynamic_finder_injection.patch b/debian/patches/3-2-dynamic_finder_injection.patch
deleted file mode 100644
index f2e5121..0000000
--- a/debian/patches/3-2-dynamic_finder_injection.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 325669f0795a9148fd31f7f496a40dc8e114ef52 Mon Sep 17 00:00:00 2001
-From: Aaron Patterson <aaron.patterson at gmail.com>
-Date: Sun, 23 Dec 2012 11:07:07 -0800
-Subject: [PATCH] CVE-2012-5664 options hashes should only be extracted if
- there are extra parameters
-
----
- lib/active_record/dynamic_matchers.rb |    7 ++++++-
- test/cases/finder_test.rb             |   12 ++++++++++++
- 2 files changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/lib/active_record/dynamic_matchers.rb b/lib/active_record/dynamic_matchers.rb
-index b6b8e24..f15d0b7 100644
---- a/lib/active_record/dynamic_matchers.rb
-+++ b/lib/active_record/dynamic_matchers.rb
-@@ -40,7 +40,12 @@ module ActiveRecord
-           METHOD
-           send(method_id, *arguments)
-         elsif match.finder?
--          options = arguments.extract_options!
-+          options = if arguments.length > attribute_names.size
-+                      arguments.extract_options!
-+                    else
-+                      {}
-+                    end
-+
-           relation = options.any? ? scoped(options) : scoped
-           relation.send :find_by_attributes, match, attribute_names, *arguments, &block
-         elsif match.instantiator?
--- 
-1.7.10.2 (Apple Git-33)
-
diff --git a/debian/patches/CVE-2013-0155.patch b/debian/patches/CVE-2013-0155.patch
deleted file mode 100644
index 4ab9f2a..0000000
--- a/debian/patches/CVE-2013-0155.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From b7d666e95aee11e441908278425d16deef87cefb Mon Sep 17 00:00:00 2001
-From: Aaron Patterson <aaron.patterson at gmail.com>
-Date: Fri, 4 Jan 2013 12:02:22 -0800
-Subject: [PATCH 1/2] * Strip nils from collections on JSON and XML posts.
- [CVE-2013-0155] * dealing with empty hashes. Thanks
- Damien Mathieu
-
-diff --git a/lib/active_record/relation/predicate_builder.rb b/lib/active_record/relation/predicate_builder.rb
-index 6b118b4..b31fdfd 100644
---- a/lib/active_record/relation/predicate_builder.rb
-+++ b/lib/active_record/relation/predicate_builder.rb
-@@ -6,7 +6,12 @@ module ActiveRecord
- 
-         if allow_table_name && value.is_a?(Hash)
-           table = Arel::Table.new(column, engine)
--          build_from_hash(engine, value, table, false)
-+
-+          if value.empty?
-+            '1 = 2'
-+          else
-+            build_from_hash(engine, value, table, false)
-+          end
-         else
-           column = column.to_s
- 
diff --git a/debian/patches/CVE-2013-1854.patch b/debian/patches/CVE-2013-1854.patch
deleted file mode 100644
index 6293196..0000000
--- a/debian/patches/CVE-2013-1854.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- a/lib/active_record/relation.rb
-+++ b/lib/active_record/relation.rb
-@@ -464,7 +464,7 @@ module ActiveRecord
-         node.left.relation.name == table_name
-       }
- 
--      Hash[equalities.map { |where| [where.left.name, where.right] }]
-+      Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access
-     end
- 
-     def scope_for_create
---- a/lib/active_record/relation/predicate_builder.rb
-+++ b/lib/active_record/relation/predicate_builder.rb
-@@ -20,7 +20,7 @@ module ActiveRecord
-             table = Arel::Table.new(table_name, engine)
-           end
- 
--          attribute = table[column.to_sym]
-+          attribute = table[column]
- 
-           case value
-           when ActiveRecord::Relation
diff --git a/debian/patches/series b/debian/patches/series
index 14181fc..2d73934 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1 @@
 Remove_rubygems_dependency.patch
-3-2-dynamic_finder_injection.patch
-CVE-2013-0155.patch
-CVE-2013-1854.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-activerecord-3.2.git

