From c6ca6461aae0ca91fa30cbb2754d362d85df3d0a Mon Sep 17 00:00:00 2001
From: Chris Heald <cheald@gmail.com>
Date: Tue, 8 Jan 2013 14:12:28 -0700
Subject: [PATCH] Update to Rails 3.2.11 and add manual backstop patches for CVE-2013-0156

---
 Gemfile                              |  6 ++----
 Gemfile.lock                         | 71 ++++++++++++++++++++++++++++++++++-------------------------------------
 config/initializers/cve-2013-0156.rb |  3 +++
 3 files changed, 39 insertions(+), 41 deletions(-)
 create mode 100644 config/initializers/cve-2013-0156.rb

diff --git a/Gemfile b/Gemfile
index ec966e6..a410b3d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source 'http://rubygems.org'
 
-gem 'rails', '3.2.8'
+gem 'rails', '3.2.11'
 gem 'mongoid', '~> 2.4.10'
 gem 'mongoid_rails_migrations'
 gem 'devise', '~> 1.5.3'
@@ -107,6 +107,4 @@ group :assets do
   gem 'therubyracer', :platform => :ruby  # C Ruby (MRI) or Rubinius, but NOT Windows
   gem 'uglifier',     '>= 1.0.3'
   gem 'underscore-rails'
-end
-
-gem 'turbo-sprockets-rails3'
+end
\ No newline at end of file
diff --git a/Gemfile.lock b/Gemfile.lock
index 372cb1f..5f7f174 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -9,35 +9,35 @@ GEM
   remote: http://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
+    actionmailer (3.2.11)
+      actionpack (= 3.2.11)
       mail (~> 2.4.4)
     actionmailer_inline_css (1.3.1)
       actionmailer (>= 3.0.0)
       nokogiri (>= 1.4.4)
       premailer (>= 1.7.1)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    actionpack (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
       rack (~> 1.4.0)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    activerecord (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
+    activeresource (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
+    activesupport (3.2.11)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     addressable (2.3.2)
@@ -131,7 +131,7 @@ GEM
       has_scope (~> 0.5.0)
       responders (~> 0.6)
     journey (1.0.4)
-    json (1.7.5)
+    json (1.7.6)
     jwt (0.1.5)
       multi_json (>= 1.0)
     kaminari (0.14.1)
@@ -166,7 +166,7 @@ GEM
       bundler (>= 1.0.0)
       rails (>= 3.0.0)
       railties (>= 3.0.0)
-    multi_json (1.3.6)
+    multi_json (1.5.0)
     multi_xml (0.5.1)
     multipart-post (1.1.5)
     net-scp (1.0.4)
@@ -220,7 +220,7 @@ GEM
       slop (>= 2.4.4, < 3)
     pry-rails (0.2.0)
       pry
-    rack (1.4.1)
+    rack (1.4.3)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-ssl (1.3.2)
@@ -228,25 +228,25 @@ GEM
     rack-ssl-enforcer (0.2.4)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
+    rails (3.2.11)
+      actionmailer (= 3.2.11)
+      actionpack (= 3.2.11)
+      activerecord (= 3.2.11)
+      activeresource (= 3.2.11)
+      activesupport (= 3.2.11)
       bundler (~> 1.0)
-      railties (= 3.2.8)
+      railties (= 3.2.11)
     rails_autolink (1.0.9)
       rails (~> 3.1)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
+    railties (3.2.11)
+      actionpack (= 3.2.11)
+      activesupport (= 3.2.11)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     raindrops (0.10.0)
-    rake (0.9.2.2)
+    rake (10.0.3)
     rbx-require-relative (0.0.9)
     rdoc (3.12)
       json (~> 1.4)
@@ -286,8 +286,9 @@ GEM
       rubyzip
     simple_oauth (0.1.9)
     slop (2.4.4)
-    sprockets (2.1.3)
+    sprockets (2.2.2)
       hike (~> 1.2)
+      multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     therubyracer (0.10.2)
@@ -299,13 +300,10 @@ GEM
     thor (0.16.0)
     tilt (1.3.3)
     timecop (0.3.5)
-    treetop (1.4.10)
+    treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    turbo-sprockets-rails3 (0.2.12)
-      railties (>= 3.1.0, < 3.2.9)
-      sprockets (>= 2.0.0)
-    tzinfo (0.3.33)
+    tzinfo (0.3.35)
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
@@ -364,7 +362,7 @@ DEPENDENCIES
   pry-rails
   rack-ssl
   rack-ssl-enforcer
-  rails (= 3.2.8)
+  rails (= 3.2.11)
   rails_autolink (~> 1.0.9)
   ri_cal
   rspec-rails (~> 2.6)
@@ -374,7 +372,6 @@ DEPENDENCIES
   therubyracer
   thin
   timecop
-  turbo-sprockets-rails3
   uglifier (>= 1.0.3)
   underscore-rails
   unicorn
diff --git a/config/initializers/cve-2013-0156.rb b/config/initializers/cve-2013-0156.rb
new file mode 100644
index 0000000..3af798b
--- /dev/null
+++ b/config/initializers/cve-2013-0156.rb
@@ -0,0 +1,3 @@
+ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
+ActiveSupport::XmlMini::PARSING.delete("symbol") 
+ActiveSupport::XmlMini::PARSING.delete("yaml") 
--
libgit2 0.21.2