6 changed files with 0 additions and 191 deletions
--- a/CVE-2024-26144.patch
+++ b/CVE-2024-26144.patch
@ -1,60 +0,0 @@
-From 78fe149509fac5b05e54187aaaef216fbb5fd0d3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
- <rafael@rubyonrails.org>
-Date: Thu, 3 Aug 2023 16:00:34 -0400
-Subject: [PATCH] Merge pull request #48869 from
- brunoprietog/disable-session-active-storage-proxy-controllers
-
-Disable session in ActiveStorage blobs and representations proxy controllers
-
-[CVE-2024-26144]
---
- activestorage/CHANGELOG.md                           |  8 ++++++++
- .../active_storage/blobs/proxy_controller.rb         |  1 +
- .../representations/proxy_controller.rb              |  1 +
- .../concerns/active_storage/disable_session.rb       | 12 ++++++++++++
- 4 files changed, 22 insertions(+)
- create mode 100644 activestorage/app/controllers/concerns/active_storage/disable_session.rb
-
-diff --git a/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb b/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb
-index 9b4993f240738..0a70d1d7dfc48 100644
--- a/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb
-+++ b/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb
-@@ -4,6 +4,7 @@
- class ActiveStorage::Blobs::ProxyController < ActiveStorage::BaseController
-   include ActiveStorage::SetBlob
-   include ActiveStorage::SetHeaders
-+  include ActiveStorage::DisableSession
- 
-   def show
-     http_cache_forever public: true do
-diff --git a/activestorage/app/controllers/active_storage/representations/proxy_controller.rb b/activestorage/app/controllers/active_storage/representations/proxy_controller.rb
-index e1ebba109fa8d..5ac55fc6e9bcd 100644
--- a/activestorage/app/controllers/active_storage/representations/proxy_controller.rb
-+++ b/activestorage/app/controllers/active_storage/representations/proxy_controller.rb
-@@ -3,6 +3,7 @@
- # Proxy files through application. This avoids having a redirect and makes files easier to cache.
- class ActiveStorage::Representations::ProxyController < ActiveStorage::Representations::BaseController
-   include ActiveStorage::SetHeaders
-+  include ActiveStorage::DisableSession
- 
-   def show
-     http_cache_forever public: true do
-diff --git a/activestorage/app/controllers/concerns/active_storage/disable_session.rb b/activestorage/app/controllers/concerns/active_storage/disable_session.rb
-new file mode 100644
-index 0000000000000..200ad7c9d23ac
--- /dev/null
-+++ b/activestorage/app/controllers/concerns/active_storage/disable_session.rb
-@@ -0,0 +1,12 @@
-+# frozen_string_literal: true
-+
-+# This concern disables the session in order to allow caching by default in some CDNs as CloudFlare.
-+module ActiveStorage::DisableSession
-+  extend ActiveSupport::Concern
-+
-+  included do
-+    before_action do
-+      request.session_options[:skip] = true
-+    end
-+  end
-+end
--- a/activestorage-6.1.4.1-tests.txz
+++ b/activestorage-6.1.4.1-tests.txz
--- a/activestorage-6.1.4.1.gem
+++ b/activestorage-6.1.4.1.gem
--- a/rails-6.1.4.1-tools.txz
+++ b/rails-6.1.4.1-tools.txz
--- a/rubygem-activestorage.spec
+++ b/rubygem-activestorage.spec
@ -1,127 +0,0 @@
-%global gem_name activestorage
-%bcond_without bootstrap
-%bcond_with ffmpeg
-Name:                rubygem-%{gem_name}
-Version:             6.1.4.1
-Release:             2
-Summary:             Local and cloud file storage framework
-License:             MIT
-URL:                 http://rubyonrails.org
-Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
-# The gem doesn't ship with the test suite.
-# You may check it out like so
-# git clone https://github.com/rails/rails.git
-# cd rails/activestorage && git archive -v -o activestorage-6.1.4.1-tests.txz v6.1.4.1 test/
-Source1:             %{gem_name}-%{version}-tests.txz
-# The tools are needed for the test suite, are however unpackaged in gem file.
-# You may check it out like so
-# git clone http://github.com/rails/rails.git --no-checkout
-# cd rails && git archive -v -o rails-6.1.4.1-tools.txz v6.1.4.1 tools/
-Source2:             rails-%{version}-tools.txz
-# https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
-Patch0:              CVE-2024-26144.patch
-BuildRequires:       ruby(release) rubygems-devel ruby
-%if %{without bootstrap}
-BuildRequires:       rubygem(actionpack) = %{version} rubygem(activerecord) = %{version}
-BuildRequires:       rubygem(activejob) = %{version} rubygem(railties) = %{version}
-BuildRequires:       rubygem(rails) = %{version} rubygem(sprockets-rails) rubygem(connection_pool)
-BuildRequires:       rubygem(image_processing) rubygem(sqlite3)
-%{?with_ffmpeg:BuildRequires: %{_bindir}/ffmpeg}
-BuildRequires:       %{_bindir}/mutool %{_bindir}/pdftoppm
-%endif
-Suggests:            %{_bindir}/mutool
-Suggests:            %{_bindir}/pdftoppm
-Suggests:            %{_bindir}/ffmpeg
-BuildArch:           noarch
-%description
-Attach cloud and local files in Rails applications.
-
-%package doc
-Summary:             Documentation for %{name}
-Requires:            %{name} = %{version}-%{release}
-BuildArch:           noarch
-%description doc
-Documentation for %{name}.
-
-%prep
-%setup -q -n %{gem_name}-%{version} -b1 -b2
-%patch0 -p2
-
-%build
-gem build ../%{gem_name}-%{version}.gemspec
-%gem_install
-
-%install
-mkdir -p %{buildroot}%{gem_dir}
-cp -a .%{gem_dir}/* \
-        %{buildroot}%{gem_dir}/
-
-%check
-%if %{without bootstrap}
-ln -s %{gem_dir}/specifications/rails-%{version}.gemspec .%{gem_dir}/gems/rails.gemspec
-ln -s %{gem_dir}/gems/railties-%{version}/ .%{gem_dir}/gems/railties
-ln -s %{gem_dir}/gems/activerecord-%{version}/ .%{gem_dir}/gems/activerecord
-ln -s %{gem_dir}/gems/activejob-%{version}/ .%{gem_dir}/gems/activejob
-ln -s %{gem_dir}/gems/actionpack-%{version}/ .%{gem_dir}/gems/actionpack
-ln -s %{gem_dir}/gems/activesupport-%{version}/ .%{gem_dir}/gems/activesupport
-ln -s ${PWD}%{gem_instdir} .%{gem_dir}/gems/%{gem_name}
-pushd .%{gem_dir}/gems/%{gem_name}
-ln -s %{_builddir}/tools ..
-cp -a %{_builddir}/test .
-touch Gemfile
-echo 'gem "actionpack"' >> ../Gemfile
-echo 'gem "activerecord"' >> ../Gemfile
-echo 'gem "activejob"' >> ../Gemfile
-echo 'gem "sprockets-rails"' >> ../Gemfile
-echo 'gem "image_processing"' >> ../Gemfile
-echo 'gem "rails"' >> ../Gemfile
-echo 'gem "sqlite3"' >> ../Gemfile
-%if %{without ffmpeg}
-mv test/analyzer/video_analyzer_test.rb{,.disable}
-mv test/previewer/video_previewer_test.rb{,.disable}
-for f in \
-  models/preview \
-  models/representation \
-  %{nil}
-do
-sed -i '/^  test ".* MP4 video.*" do$/,/^  end$/ s/^/#/g' \
-  test/${f}_test.rb
-done
-%endif
-sed -i -e '/test "optimized variation of GIF"/ a skip' \
-    -e '/thumbnail variation of extensionless GIF/ a skip' \
-  test/models/variant_test.rb
-export RUBYOPT="-I${PWD}/../%{gem_name}/lib"
-export PATH="${PWD}/../%{gem_name}/exe:$PATH"
-export BUNDLE_GEMFILE=${PWD}/../Gemfile
-ruby -Ilib:test -e 'Dir.glob "./test/**/*_test.rb", &method(:require)'
-popd
-%endif
-
-%files
-%dir %{gem_instdir}
-%license %{gem_instdir}/MIT-LICENSE
-%{gem_instdir}/app
-%{gem_instdir}/config
-%{gem_instdir}/db
-%{gem_libdir}
-%exclude %{gem_cache}
-%{gem_spec}
-
-%files doc
-%doc %{gem_docdir}
-%doc %{gem_instdir}/CHANGELOG.md
-%doc %{gem_instdir}/README.md
-
-%changelog
-* Wed Feb 28 2024 yaoxin <yao_xin001@hoperun.com> - 6.1.4.1-2
- Fix CVE-2024-26144
-
-* Wed Mar 02 2022 jiangxinyu <jiangxinyu@kylinos.cn> - 6.1.4.1-1
- update to 6.1.4.1
-
-* Mon Feb  8 2021 sunguoshuai<sunguoshuai@huawei.com>- 5.2.4.4-1
- Upgrade to 5.2.4.4
-
-* Wed Aug 12 2020 chengzihan <chengzihan2@huawei.com> - 5.2.3-1
- Package init
--- a/rubygem-activestorage.yaml
+++ b/rubygem-activestorage.yaml
@ -1,4 +0,0 @@
-version_control: github
-src_repo: rails/rails
-tag_prefix: "^v"
-seperator: "."