[rubygem-activerecord/f17] Fix for CVE-2012-6496.

Fri Jan 4 15:22:06 UTC 2013

commit 830a32bc9962ecca773883c9f6faf3092b1e8349
Author: Vít Ondruch <vondruch at redhat.com>
Date:   Fri Jan 4 16:14:53 2013 +0100

    Fix for CVE-2012-6496.

 ...18-CVE-2012-6496-dynamic_finder_injection.patch |   32 ++++++++++++++++++++
 rubygem-activerecord.spec                          |   10 +++++-
 2 files changed, 41 insertions(+), 1 deletions(-)
---

diff --git a/rubygem-activerecord-3.0.18-CVE-2012-6496-dynamic_finder_injection.patch b/rubygem-activerecord-3.0.18-CVE-2012-6496-dynamic_finder_injection.patch
new file mode 100644
index 0000000..ba59d48
--- /dev/null
+++ b/rubygem-activerecord-3.0.18-CVE-2012-6496-dynamic_finder_injection.patch
@@ -0,0 +1,32 @@
+From 3542641ebd83a31f6b633b7af30ae6f37e563a1b Mon Sep 17 00:00:00 2001
+From: Aaron Patterson <aaron.patterson at gmail.com>
+Date: Sun, 23 Dec 2012 11:07:07 -0800
+Subject: [PATCH] CVE-2012-5664 options hashes should only be extracted if
+ there are extra parameters
+
+---
+ activerecord/lib/active_record/base.rb |    6 +++++-
+ activerecord/test/cases/finder_test.rb |   12 ++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
+index f89b949..a05623d 100644
+--- a/activerecord/lib/active_record/base.rb
++++ b/activerecord/lib/active_record/base.rb
+@@ -988,7 +988,11 @@ module ActiveRecord #:nodoc:
+             attribute_names = match.attribute_names
+             super unless all_attributes_exists?(attribute_names)
+             if match.finder?
+-              options = arguments.extract_options!
++              options = if arguments.length > attribute_names.size
++                          arguments.extract_options!
++                        else
++                          {}
++                        end
+               relation = options.any? ? construct_finder_arel(options, current_scoped_methods) : scoped
+               relation.send :find_by_attributes, match, attribute_names, *arguments
+             elsif match.instantiator?
+-- 
+1.7.10.2 (Apple Git-33)
+
+
diff --git a/rubygem-activerecord.spec b/rubygem-activerecord.spec
index 51f32d9..8ebcfc1 100644
--- a/rubygem-activerecord.spec
+++ b/rubygem-activerecord.spec
@@ -7,7 +7,7 @@ Summary: Implements the ActiveRecord pattern for ORM
 Name: rubygem-%{gem_name}
 Epoch: 1
 Version: 3.0.11
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
@@ -42,6 +42,10 @@ Patch3: activerecord-3.0.13-CVE-2012-2661-predicate-builder-should-not-recurse-f
 # https://bugzilla.redhat.com/show_bug.cgi?id=831573
 Patch4: activerecord-3.0.15-CVE-2012-2695-additional-fix-for-CVE-2012-2661.patch
 
+# Fixes CVE-2012-6496
+# https://bugzilla.redhat.com/show_bug.cgi?id=889649
+Patch5: rubygem-activerecord-3.0.18-CVE-2012-6496-dynamic_finder_injection.patch
+
 Requires: ruby(abi) = %{rubyabi}
 Requires: ruby(rubygems)
 Requires: rubygem(activesupport) = %{version}
@@ -90,6 +94,7 @@ pushd ./%{gem_instdir}
 %patch1 -p0
 %patch3 -p2
 %patch4 -p2
+%patch5 -p2
 popd
 
 pushd .%{gem_dir}
@@ -160,6 +165,9 @@ popd
 %{gem_spec}
 
 %changelog
+* Fri Jan 04 2013 Vít Ondruch <vondruch at redhat.com> - 1:3.0.11-4
+- Fix for CVE-2012-6496.
+
 * Mon Jun 18 2012 Vít Ondruch <vondruch at redhat.com> - 1:3.0.11-3
 - Fix for CVE-2012-2695.
 
