Merge branch '3-2-sec' into 3-2-stable

2026-01-08 22:27:59 -05:00 · 2014-07-02 14:18:47 -03:00
parent 3622858ed5 53c845cb18
commit c43f20a404
18 changed files with 58 additions and 12 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-3.2.18
+3.2.19
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,5 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
 *   Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
    `options[:raise]`.

--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/activemodel/lib/active_model/version.rb
+++ b/activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,12 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Fix SQL Injection Vulnerability in 'bitstring' quoting.
+
+    Fixes CVE-2014-3482.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
          when 'xml'   then "xml '#{quote_string(value)}'"
          when /^bit/
            case value
-            when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-            when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+            when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+            when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
            end
          else
            super
@@ -1160,7 +1160,7 @@ module ActiveRecord
        FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:

        def exec_no_cache(sql, binds)
-          @connection.async_exec(sql)
+          @connection.async_exec(sql, [])
        end

        def exec_cache(sql, binds)
--- a/activerecord/lib/active_record/version.rb
+++ b/activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
          assert_equal 'f', @conn.type_cast(false, nil)
          assert_equal 'f', @conn.type_cast(false, c)
        end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
      end
    end
  end
--- a/activeresource/CHANGELOG.md
+++ b/activeresource/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/activeresource/lib/active_resource/version.rb
+++ b/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Make sure Active Support configurations are applied correctly.
+
+    Before this change configuration set using `config.active_support`
+    would not be set.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/activesupport/lib/active_support/version.rb
+++ b/activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##

 * No changes.
--- a/railties/lib/rails/version.rb
+++ b/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--- a/version.rb
+++ b/version.rb
@@ -2,7 +2,7 @@ module Rails
  module VERSION #:nodoc:
    MAJOR = 3
    MINOR = 2
-    TINY  = 18
+    TINY  = 19
    PRE   = nil

    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
@@ -1 +1 @@
 .2.18
 .2.19