Bug#965269: marked as done (ruby-gon: ftbfs with rails 6 in experimental)

[Debian Bug Tracking System]

Your message dated Sun, 01 Nov 2020 10:49:16 +0000
with message-id <e1kzave-000j4v...@fasolo.debian.org>
and subject line Bug#965269: fixed in ruby-gon 6.4.0-1
has caused the Debian Bug report #965269,
regarding ruby-gon: ftbfs with rails 6 in experimental
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
965269: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby-gon
Version: 6.3.2-1
Severity: important
User: pkg-ruby-extras-maintain...@lists.alioth.debian.org
Usertags: rails6-transition
Control: forwarded -1 https://github.com/gazay/gon/issues/262

Hi,

This package's autopkgtest and rebuilds failed with rails 6 currently in
experimental. rails 6 will be uploaded to unstable in two weeks, so
please make sure this package is ready for rails 6. The severity of
this bug will be raised to serious after rails 6 is uploaded to
unstable.


Relevant errors,

Failures:

 1) Gon#include_gon outputs correct js with a script string
    Failure/Error:
      expect(@base.include_gon).to eq(wrap_script(
                                'window.gon={};' +
                                %Q(gon.str="#{escaped_str}";))
      )

expected: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"\\u003c/script\\u003e\\u003cscript\\u003ealert('!')\\u003c/script\\u003e\";\n//]]>\n</script>" got: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"</script><script>alert('!')</script>\";\n//]]>\n</script>"

      (compared using ==)

      Diff:
      @@ -1,6 +1,6 @@
       <script>
       //<![CDATA[

-window.gon={};gon.str="\u003c/script\u003e\u003cscript\u003ealert('!')\u003c/script\u003e";

      +window.gon={};gon.str="</script><script>alert('!')</script>";
       //]]>
       </script>

# ./spec/gon/basic_spec.rb:118:in `block (3 levels) in <top (required)>'

Finished in 0.82567 seconds (files took 3.3 seconds to load)
72 examples, 1 failure


Same is forwarded upstream https://github.com/gazay/gon/issues/262

--- End Message ---

--- Begin Message ---

Source: ruby-gon
Source-Version: 6.4.0-1
Done: Sruthi Chandran <s...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ruby-gon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 965...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sruthi Chandran <s...@debian.org> (supplier of updated ruby-gon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Nov 2020 15:46:41 +0530
Source: ruby-gon
Architecture: source
Version: 6.4.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Sruthi Chandran <s...@debian.org>
Closes: 965269 970938
Changes:
 ruby-gon (6.4.0-1) unstable; urgency=medium
 .
   [ Sruthi Chandran ]
   * Team upload
   * New upstream release (Closes: #965269, #970938) (Fixes: CVE-2020-25739)
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Submit.
Checksums-Sha1:
 9728f746f4959af29f3e1538e4e7d4522869d622 1943 ruby-gon_6.4.0-1.dsc
 ed3a9745d1821233725a63671dbdae5843dfb046 153597 ruby-gon_6.4.0.orig.tar.gz
 9e36beb1cd960530dd53aa9b36528e2235a47eb3 4516 ruby-gon_6.4.0-1.debian.tar.xz
 bad6b983f4d96cc63bba00d3b1688377e5c0845c 9951 ruby-gon_6.4.0-1_amd64.buildinfo
Checksums-Sha256:
 c5dd897fc382aa0c2d185bde175a496c19bf7f0f724ef9b23ace455423b315eb 1943 
ruby-gon_6.4.0-1.dsc
 41b53c2d4cdb54ed912473a132add63236b13b198d656dd73673c9f1d76c90e4 153597 
ruby-gon_6.4.0.orig.tar.gz
 94cb6343cd3473fe31ebf76dd78cb9359bba405fc630a6a54f3e5688811645c3 4516 
ruby-gon_6.4.0-1.debian.tar.xz
 1a623f5919e6e345f6e06208015e549ad9affe1e2f9b23f7f8633289695281c1 9951 
ruby-gon_6.4.0-1_amd64.buildinfo
Files:
 d49d31845242cc9d7738d42fb3b85b4d 1943 ruby optional ruby-gon_6.4.0-1.dsc
 e0d52be4e90691c043a885000298bac6 153597 ruby optional 
ruby-gon_6.4.0.orig.tar.gz
 28996ff333bdf4cc7b747dd5a4b83549 4516 ruby optional 
ruby-gon_6.4.0-1.debian.tar.xz
 181a632b091f067d24a1a214d0816d50 9951 ruby optional 
ruby-gon_6.4.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEcd3Fxr6GmkZB13n+x+ob4VdN7V0FAl+ejeAACgkQx+ob4VdN
7V0A0QwAjbgNwdp07y9FSfJqbnrObXUgW8Ct4vlpIFtfVf15envgGtx1b0BWTkzQ
TOaikED9WrZEbHCbOn6JEOOtqbkA1zTKpaVDPiW1O3hpJe4C+hbBJDA5dZXqMsDA
yb8boVPvioSVspV46j1+JG+x6/bDEJT11kFzir0rf11Hwm0sLzy6M21FN9B6Z4cq
Y5pJGD+s97j7kdtmqoCFE9qGlnsIKK8GH+nL5lcS/Qgq3bgf4KLpTMYvP0/K+nBu
+oraSTax08Ne0aO/qxnO4oQi6Mfg1dTMXntjufG7LsSjNz7ZI/ga7M1pbvtJLOv9
Y1hv/Yr4UBFiznoI05orMMY4RC+TdeD7ujWiCwJGLYVxE0C3CMqhz2W4FLcKkFa9
N/wJRqqqaJ1v8F2VHgvAWiKegzCt4nwGwRr6PFZWxo9NA8bJvg5qBG8fhMLZ+fC2
o773aDykKNH1RtSAPi8E4jyLZqYyKQ2gwDCATxOomt2QHhQnupxJeNlXv9eMjKyg
UwfpyzUL
=+XUG
-----END PGP SIGNATURE-----

--- End Message ---