rpms/rubygem-actionpack/EL-5 import.log, NONE, 1.1 rubygem-actionpack-2.1.2-CVE-2008-5189.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 rubygem-actionpack.spec, 1.5, 1.6 sources, 1.5, 1.6

Jeroen van Meeuwen kanarip at fedoraproject.org
Fri Feb 27 15:59:15 UTC 2009 

Author: kanarip

Update of /cvs/pkgs/rpms/rubygem-actionpack/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5617/EL-5

Modified Files:
	.cvsignore rubygem-actionpack.spec sources 
Added Files:
	import.log rubygem-actionpack-2.1.2-CVE-2008-5189.patch 
Log Message:
2.1.1-2


--- NEW FILE import.log ---
rubygem-actionpack-2_1_1-2_fc10:EL-5:rubygem-actionpack-2.1.1-2.fc10.src.rpm:1235750305

rubygem-actionpack-2.1.2-CVE-2008-5189.patch:

--- NEW FILE rubygem-actionpack-2.1.2-CVE-2008-5189.patch ---
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
index 1d9f667..56dace0 100755
--- a/actionpack/lib/action_controller/response.rb
+++ b/actionpack/lib/action_controller/response.rb
@@ -30,9 +30,9 @@ module ActionController
 
     def redirect(to_url, response_status)
       self.headers["Status"] = response_status
-      self.headers["Location"] = to_url
+      self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
 
-      self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
+      self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
     end
 
     def prepare!



Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore	16 Sep 2008 19:10:38 -0000	1.5
+++ .cvsignore	27 Feb 2009 15:58:45 -0000	1.6
@@ -1 +1 @@
-actionpack-2.1.1.gem
+actionpack-2.1.1.tgz


Index: rubygem-actionpack.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/rubygem-actionpack.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- rubygem-actionpack.spec	16 Sep 2008 19:10:38 -0000	1.5
+++ rubygem-actionpack.spec	27 Feb 2009 15:58:45 -0000	1.6
@@ -7,15 +7,17 @@
 Summary: Web-flow and rendering framework putting the VC in MVC
 Name: rubygem-%{gemname}
 Version: 2.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
-Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem
+Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.tgz
+Patch1: rubygem-actionpack-2.1.2-CVE-2008-5189.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: rubygems
 Requires: rubygem(activesupport) = %{version}
 BuildRequires: rubygems
+BuildRequires: rubygem-rake
 BuildArch: noarch
 Provides: rubygem(%{gemname}) = %{version}
 
@@ -26,14 +28,17 @@
 
 
 %prep
+%setup -q -n %{gemname}-%{version}
+%patch1 -p2
 
 %build
+rake gem
 
 %install
 rm -rf %{buildroot}
 mkdir -p %{buildroot}%{gemdir}
 gem install --local --install-dir %{buildroot}%{gemdir} \
-            --force --rdoc %{SOURCE0}
+            --force --rdoc pkg/%{gemname}-%{version}.gem
 
 sed -i -e 1d %{buildroot}%{geminstdir}/lib/action_controller/session/drb_server.rb
 
@@ -57,6 +62,9 @@
 
 
 %changelog
+* Thu Feb 26 2009 Jeroen van Meeuwen <kanarip at fedoraproject.org> - 2.1.1-2
+- Fix CVE-2008-5189
+
 * Tue Sep 16 2008 David Lutterkort <dlutter at redhat.com> - 2.1.1-1
 - New version (fixes CVE-2008-4094)
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources	16 Sep 2008 19:10:38 -0000	1.5
+++ sources	27 Feb 2009 15:58:45 -0000	1.6
@@ -1 +1 @@
-b26ef2136ec19dcd5dbc22d27bdbb884  actionpack-2.1.1.gem
+5dbe7b440ec5cc09c090aeace4896d9e  actionpack-2.1.1.tgz

More information about the fedora-extras-commits mailing list