packages/rubygem-railties
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:e0d39fb9c44f56a105bcd8b9a8559dc057cdb42c
Branches Tags
packages:main
..
compare: packages:6344fd98fa62a0e2340dc3832008efdbc2d83969
Branches Tags
packages:main

No commits in common. "e0d39fb9c44f56a105bcd8b9a8559dc057cdb42c" and "6344fd98fa62a0e2340dc3832008efdbc2d83969" have entirely different histories.
e0d39fb9c4 ... 6344fd98fa

9 changed files with 87 additions and 228 deletions
Show Stats Expand all files Collapse all files

59
CVE-2023-38037.patch
View File

@ -1,59 +0,0 @@
From a21d6edf35a60383dfa6c4da49e4b1aef5f00731 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron@rubyonrails.org>
Date: Tue, 22 Aug 2023 09:58:43 -0700
Subject: [PATCH] Use a temporary file for storing unencrypted files while
editing
Origin: https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
When we're editing the contents of encrypted files, we should use the
`Tempfile` class because it creates temporary files with restrictive
permissions. This prevents other users on the same system from reading
the contents of those files while the user is editing them.
[CVE-2023-38037]
---
.../lib/active_support/encrypted_file.rb | 17 ++++++++---------
activesupport/test/encrypted_file_test.rb | 8 ++++++++
railties/lib/rails/secrets.rb | 18 ++++++++++--------
3 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/railties/lib/rails/secrets.rb b/railties/lib/rails/secrets.rb
index 54ba53c03b981..913d5e57c1bfb 100644
--- a/railties/lib/rails/secrets.rb
+++ b/railties/lib/rails/secrets.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
require "yaml"
+require "tempfile"
require "active_support/message_encryptor"
module Rails
@@ -87,17 +88,18 @@ def preprocess(path)
end
def writing(contents)
- tmp_file = "#{File.basename(path)}.#{Process.pid}"
- tmp_path = File.join(Dir.tmpdir, tmp_file)
- IO.binwrite(tmp_path, contents)
+ file_name = "#{File.basename(path)}.#{Process.pid}"
- yield tmp_path
+ Tempfile.create(["", "-" + file_name]) do |tmp_file|
+ tmp_path = Pathname.new(tmp_file)
+ tmp_path.binwrite contents
- updated_contents = IO.binread(tmp_path)
+ yield tmp_path
- write(updated_contents) if updated_contents != contents
- ensure
- FileUtils.rm(tmp_path) if File.exist?(tmp_path)
+ updated_contents = tmp_path.binread
+
+ write(updated_contents) if updated_contents != contents
+ end
end
def encryptor

BIN
rails-7.0.7-tools.txz
View File

Binary file not shown.

BIN
railties-5.2.4.4.gem Normal file
View File

Binary file not shown.

BIN
railties-7.0.7-tests.txz
View File

Binary file not shown.

BIN
railties-7.0.7.gem
View File

Binary file not shown.

33
rubygem-railties-5.1.5-check-value-of-result-source-location.patch Normal file
View File

@ -0,0 +1,33 @@
From b25471833462b769df5d20fb4019aee46881489e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Mar 2018 21:40:58 +0100
Subject: [PATCH] Check value of result.source_location in
test_unit/reporter.rb#format_rerun_snippet
With Ruby 2.5 format_rerun_snippet can return nil, which crashes the test
suite, F.e.:
TestUnitReporterTest#test_outputs_failures_inline:
NoMethodError: undefined method `sub' for nil:NilClass
test/test_unit/reporter_test.rb:62:in `block in <class:TestUnitReporterTest>'
bin/rails test test/test_unit/reporter_test.rb:61
---
railties/lib/rails/test_unit/reporter.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/railties/lib/rails/test_unit/reporter.rb b/railties/lib/rails/test_unit/reporter.rb
index 28b93ce..86d769d 100644
--- a/railties/lib/rails/test_unit/reporter.rb
+++ b/railties/lib/rails/test_unit/reporter.rb
@@ -68,7 +68,7 @@ def format_line(result)
end
def format_rerun_snippet(result)
- location, line = if result.respond_to?(:source_location)
+ location, line = if result.respond_to?(:source_location) && result.source_location
result.source_location
else
result.method(result.name).source_location
--
1.8.3.1

48
rubygem-railties-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch
View File

@ -1,48 +0,0 @@
From df0de681dc1873534ecd2fc8371e1f2562984b68 Mon Sep 17 00:00:00 2001
From: John Crepezzi <john.crepezzi@gmail.com>
Date: Thu, 16 Jun 2022 08:34:05 -0400
Subject: [PATCH] Remove the multi-call form of assert_called_with
The `assert_called_with` helper allows passing a multi-dimensional array to
mock multiple calls to the same method for a given block. This works
fine now, but when adding support for real kwargs arguments to line up with
recent upgrades in Minitest, this approach is no longer workable because
we can't pass multiple sets of differing kwargs.
Rather than complicated this method further, this commit removes the
multi-call form of `assert_called_with` and modifies the tests that
currently make use of that functionality to just use the underlying
`Minitest::Mock` calls.
Co-authored-by: Eileen M. Uchitelle <eileencodes@gmail.com>
---
railties/test/generators/actions_test.rb | 14 ++--
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/railties/test/generators/actions_test.rb b/railties/test/generators/actions_test.rb
index f62754fe0813e..6b5cdcf781922 100644
--- a/railties/test/generators/actions_test.rb
+++ b/railties/test/generators/actions_test.rb
@@ -734,11 +734,17 @@ def assert_runs(commands, config = {}, &block)
config_matcher = ->(actual_config) do
assert_equal config, actual_config.slice(*config.keys)
end if config
- args = Array(commands).map { |command| [command, *config_matcher] }
-
- assert_called_with(generator, :run, args) do
- block.call
- end
+
+ mock = Minitest::Mock.new
+
+ Array(commands).each do |command|
+ args = [command, *config_matcher]
+ mock.expect(:call, nil, args)
+ end
+
+ generator.stub(:run, mock, &block)
+
+ assert_mock(mock)
end
def assert_routes(*route_commands)

175
rubygem-railties.spec
View File

@ -1,44 +1,31 @@
%global gem_name railties
%bcond_with bootstrap
%bcond_with webpacker
%bcond_with test
%{?_with_bootstrap: %global bootstrap 1}
%global bootstrap 1
Name: rubygem-%{gem_name}
Version: 7.0.7
Release: 2
Version: 5.2.4.4
Release: 3
Summary: Tools for creating, working with, and running Rails applications
License: MIT
URL: http://rubyonrails.org
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# Get the test suite:
# git clone http://github.com/rails/rails.git
# cd rails/railties && git archive -v -o railties-7.0.7-tests.txz v7.0.7 test/
Source1: %{gem_name}-%{version}-tests.txz
# The tools are needed for the test suite, are however unpackaged in gem file.
# You may check it out like so
# git clone http://github.com/rails/rails.git --no-checkout
# cd rails && git archive -v -o rails-7.0.7-tools.txz v7.0.7 tools/
Source2: rails-%{version}-tools.txz
# Fixes for Minitest 5.16+
# https://github.com/rails/rails/pull/45380
Patch1: rubygem-railties-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch
Patch2: CVE-2023-38037.patch
Recommends: ruby(irb)
Source1: https://github.com/rails/rails/archive/v%{version}.tar.gz
# Check value of result.source_location in
# test_unit/reporter.rb#format_rerun_snippet
# https://github.com/rails/rails/pull/32297
Patch0: rubygem-railties-5.1.5-check-value-of-result-source-location.patch
Suggests: %{_bindir}/sqlite3
BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(did_you_mean)
%if %{without bootstrap}
BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(actioncable) = %{version}
BuildRequires: rubygem(actionmailer) = %{version} rubygem(actionpack) = %{version}
BuildRequires: rubygem(activerecord) = %{version} rubygem(activesupport) = %{version}
BuildRequires: rubygem(activestorage) = %{version} rubygem(bundler) rubygem(method_source)
BuildRequires: rubygem(rake) >= 0.8.7 rubygem(rack-cache) rubygem(sqlite3) rubygem(puma)
BuildRequires: rubygem(bootsnap) rubygem(capybara) sqlite rubygem(sprockets-rails)
BuildRequires: rubygem(thor) >= 0.18.1 rubygem(turbolinks) git
BuildRequires: rubygem(jquery-rails) rubygem(uglifier) rubygem(rails) nodejs
BuildRequires: rubygem(actioncable) = %{version} ruby(irb) rubygem(importmap-rails)
%if %{with webpacker}
BuildRequires: %{_bindir}/webpacker
%endif
%if ! 0%{?bootstrap}
BuildRequires: rubygem(jquery-rails) rubygem(uglifier) rubygem(rails) %{_bindir}/node
%endif
Requires: rubygem(bundler)
BuildArch: noarch
%description
Rails internals: application bootup, plugins, generators, and rake tasks.
@ -55,15 +42,13 @@ BuildArch: noarch
Documentation for %{name}.
%prep
%setup -q -n %{gem_name}-%{version} -b1 -b2
%patch2 -p2
pushd %{_builddir}
%patch1 -p2
%setup -q -c -T
%gem_install -n %{SOURCE0}
pushd .%{gem_instdir}
%patch0 -p2
popd
%build
gem build ../%{gem_name}-%{version}.gemspec
%gem_install
%install
mkdir -p %{buildroot}%{gem_dir}
@ -74,7 +59,7 @@ cp -p .%{_bindir}/* \
%{buildroot}%{_bindir}/
find %{buildroot}%{gem_instdir}/exe -type f | xargs chmod a+x
%if %{without bootstrap}
%if %{with test}
%check
ln -s %{gem_dir}/specifications/rails-%{version}.gemspec .%{gem_dir}/gems/rails.gemspec
ln -s %{gem_dir}/gems/activesupport-%{version}/ .%{gem_dir}/gems/activesupport
@ -84,10 +69,9 @@ ln -s %{gem_dir}/gems/activerecord-%{version}/ .%{gem_dir}/gems/activerecord
ln -s %{gem_dir}/gems/actionview-%{version}/ .%{gem_dir}/gems/actionview
ln -s %{gem_dir}/gems/actioncable-%{version}/ .%{gem_dir}/gems/actioncable
ln -s ${PWD}%{gem_instdir} .%{gem_dir}/gems/railties
mkdir -p .%{gem_dir}/gems/tmp/templates/app_template
pushd .%{gem_dir}/gems/railties
ln -s %{_builddir}/tools ..
mv %{_builddir}/test .
tar xzf %{SOURCE1}
ln -s rails-%{version}/railties/test test
echo '%{version}' > ../RAILS_VERSION
touch ../Gemfile
echo 'gem "actioncable"' >> ../Gemfile
@ -109,85 +93,49 @@ echo 'gem "puma"' >> ../Gemfile
echo 'gem "bootsnap"' >> ../Gemfile
echo 'gem "capybara"' >> ../Gemfile
echo 'gem "irb"' >> ../Gemfile
echo 'gem "importmap-rails"' >> ../Gemfile
%if ! 0%{?bootstrap}
echo 'gem "jquery-rails"' >> ../Gemfile
echo 'gem "rails"' >> ../Gemfile
echo 'gem "uglifier", require: false' >> ../Gemfile
%else
mv test/application/assets_test.rb{,.disable}
mv test/application/asset_debugging_test.rb{,.disable}
sed -i '/def test_scaffold_.*tests_pass_by_default$/,/^ end$/ s/^/#/' test/application/rake_test.rb
sed -i '/def test_rake_routes_with_rake_options$/,/^ end$/ s/^/#/' test/application/rake_test.rb
sed -i '/def test_rails_routes_displays_message_when_no_routes_are_defined$/,/^ end$/ s/^/#/' test/application/rake_test.rb
sed -i '/def test_rails_routes_calls_the_route_inspector$/,/^ end$/ s/^/#/' test/application/rake_test.rb
sed -i '/def test_generated_controller_works_with_rails_test$/,/^ end$/ s/^/#/' test/application/test_runner_test.rb
sed -i '/def test_generated_scaffold_works_with_rails_test$/,/^ end$/ s/^/#/' test/application/test_runner_test.rb
mv test/application/bin_setup_test.rb{,.disable}
mv test/test_unit/reporter_test.rb{,.disable}
mv test/application/configuration/custom_test.rb{,.disable}
sed -i '/def test_generation_runs_bundle_install_with_full_and_mountable$/,/^ end$/ s/^/#/' test/generators/plugin_generator_test.rb
sed -i '/def test_generate_application_.*_when_does_not_exist_in_mountable_engine$/,/^ end$/ s/^/#/' test/generators/plugin_generator_test.rb
sed -i '/def test_controller_tests_pass_by_default_inside_mountable_engine$/,/^ end$/ s/^/#/' test/generators/scaffold_controller_generator_test.rb
sed -i '/def test_controller_tests_pass_by_default_inside_full_engine$/,/^ end$/ s/^/#/' test/generators/scaffold_controller_generator_test.rb
sed -i '/def test_application_new_exits_with_message_and_non_zero_code_when_generating_inside_existing_rails_directory$/,/^ end$/ s/^/#/' test/generators/app_generator_test.rb
sed -i '/def test_application_new_show_help_message_inside_existing_rails_directory$/,/^ end$/ s/^/#/' test/generators/app_generator_test.rb
%endif
sed -i '/^ def test_sqlite3_db_without_defined_rails_root$/,/^ end$/ s/^/#/' test/commands/dbconsole_test.rb
sed -i '/test "database middleware doesn.t initialize when activerecord is not in frameworks" do$/,/^ end$/ s/^/#/' \
test/application/initializers/frameworks_test.rb
sed -i '/test "i18n files have lower priority than application ones" do$/,/^ end$/ s/^/#/' \
test/railties/engine_test.rb
sed -i '/def test_system_tests_are_run_through_rake_test_when_given_in_TEST$/,/^ end$/ s/^/#/' \
test/application/test_runner_test.rb
sed -i '/def test_reset_sessions_before_rollback_on_system_tests$/,/^ end$/ s/^/#/' \
test/application/test_runner_test.rb
sed -i '/test "database middleware doesn.t initialize when activerecord is not in frameworks" do$/,/^ end$/ s/^/#/' \
test/application/initializers/frameworks_test.rb
sed -i '/def test_output_inline_by_default$/,/^ end$/ s/^/#/' \
test/generators/plugin_test_runner_test.rb
mv test/application/rake/dbs_test.rb{,.disable}
sed -i '/test "i18n files have lower priority than application ones" do$/,/^ end$/ s/^/#/' \
test/railties/engine_test.rb
sed -i -e '/require..minitest.retry./ s/^/#/' \
test/isolation/abstract_unit.rb
mv test/commands/dbconsole_test.rb{,.disable}
sed -i '/^ def test_new_application_load_defaults$/,/^ end$/ s/^/#/' \
test/generators/app_generator_test.rb
sed -i 's/^\(\s*secrets\.secret_\)token/\1key_base/' \
test/path_generation_test.rb
export RUBYOPT="-I${PWD}/../railties/lib"
export PATH="${PWD}/../railties/exe:$PATH"
export BUNDLE_GEMFILE=${PWD}/../Gemfile
# Uses Bundler.require(...)
mv test/generators/test_runner_in_engine_test.rb{,.disable}
mv test/generators/plugin_generator_test.rb{,.disable}
# yarn requires network access
sed -i -e '/^\s*sh .yarn/ s/^/#/g' \
test/isolation/abstract_unit.rb
%if %{without webpacker}
sed -i -e '/^\s*sh .bin.rails webpacker/ s/^/#/g' \
test/isolation/abstract_unit.rb
mv -v test/app_loader_test.rb{,.disable}
mv -v test/engine/test_test.rb{,.disable}
mv -v test/secrets_test.rb{,.disable}
for tname in \
railtie \
engine \
mounted_engine \
;do
mv -v test/railties/${tname}_test.rb{,.disable}
done
for tname in \
credentials \
encrypted \
initializers \
notes \
routes \
secrets \
server \
;do
mv -v test/commands/${tname}_test.rb{,.disable}
done
rm -rf test/application/
sed -i -e '/^\s*def test_scaffold_tests_pass_by_default_inside_mountable_engine/ a \ skip' \
-e '/^\s*def test_scaffold_tests_pass_by_default_inside_namespaced_mountable_engine/ a \ skip' \
-e '/^\s*def test_scaffold_tests_pass_by_default_inside_full_engine/ a \ skip' \
-e '/^\s*def test_scaffold_tests_pass_by_default_inside_api_full_engine/ a \ skip' \
-e '/^\s*def test_scaffold_tests_pass_by_default_inside_api_mountable_engine/ a \ skip' \
test/generators/scaffold_generator_test.rb
%endif
# Tests does not seem to work with importmap-rails now
# Error: Don't know how to build task 'turbo:install'
mv test/generators/app_generator_test.rb{,.disable}
sed -i -e '/^\s*test "outputs errors inline" do/ a \ skip' \
-e '/^\s*test "outputs colored failed results" do/ a \ skip' \
test/test_unit/reporter_test.rb
sed -i -e '/^\s*test "outputs colored failed results" do/ a \ skip' \
-e '/^\s*test "outputs errors inline" do/ a \ skip' \
test/test_unit/reporter_test.rb
sed -i '/^\s*def test_template_is_executed_when_supplied_an_https_path/ a \ skip' \
test/generators/shared_generator_tests.rb
# Disable malfunctioning test
sed -i '/^\s*def test_create_migrations/ a \ skip' \
test/generators/action_mailbox_install_generator_test.rb
git config --global init.defaultBranch master
find test -type f -name '*_test.rb' -print0 | \
sort -z | \
xargs -0 -n1 -i sh -c "echo '* Test file: {}'; ruby -Itest -- '{}' || exit 255"
@ -210,21 +158,6 @@ popd
%doc %{gem_instdir}/README.rdoc
%changelog
* Mon Sep 11 2023 wangkai <13474090681@163.com> - 7.0.7-2
- Fix CVE-2023-38037
* Thu Aug 17 2023 Ge Wang <wang__ge@126.com> - 7.0.7-1
- Upgrade to version 7.0.7
* Thu Jan 19 2023 wangkai <wangkai385@h-partners.com> - 7.0.4-1
- Upgrade to version 7.0.4
* Fri Mar 04 2022 jiangxinyu <jiangxinyu@kylinos.cn> - 6.1.4.1-1
- update to 6.1.4.1
* Tue Apr 6 2021 lingsheng <lingsheng@huawei.com> - 5.2.4.4-4
- Add requires ruby-devel sqlite-devel
* Tue Apr 6 2021 lingsheng <lingsheng@huawei.com> - 5.2.4.4-3
- Add requires rubygem(bundler)

BIN
v5.2.4.4.tar.gz Normal file
View File

Binary file not shown.