rpms/rubygem-actionpack/EL-5 import.log, NONE, 1.1 rubygem-actionpack-2.1.2-CVE-2008-5189.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 rubygem-actionpack.spec, 1.5, 1.6 sources, 1.5, 1.6
Jeroen van Meeuwen
kanarip at fedoraproject.org
Fri Feb 27 15:59:15 UTC 2009
- Previous message (by thread): rpms/rubygem-actionpack/F-9 import.log, NONE, 1.1 rubygem-actionpack-2.1.2-CVE-2008-5189.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 rubygem-actionpack.spec, 1.6, 1.7 sources, 1.6, 1.7
- Next message (by thread): rpms/xorg-x11-drv-cirrus/devel cirrus-1.2.0-qemu.patch, NONE, 1.1 xorg-x11-drv-cirrus.spec, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kanarip
Update of /cvs/pkgs/rpms/rubygem-actionpack/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5617/EL-5
Modified Files:
.cvsignore rubygem-actionpack.spec sources
Added Files:
import.log rubygem-actionpack-2.1.2-CVE-2008-5189.patch
Log Message:
2.1.1-2
--- NEW FILE import.log ---
rubygem-actionpack-2_1_1-2_fc10:EL-5:rubygem-actionpack-2.1.1-2.fc10.src.rpm:1235750305
rubygem-actionpack-2.1.2-CVE-2008-5189.patch:
--- NEW FILE rubygem-actionpack-2.1.2-CVE-2008-5189.patch ---
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
index 1d9f667..56dace0 100755
--- a/actionpack/lib/action_controller/response.rb
+++ b/actionpack/lib/action_controller/response.rb
@@ -30,9 +30,9 @@ module ActionController
def redirect(to_url, response_status)
self.headers["Status"] = response_status
- self.headers["Location"] = to_url
+ self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
- self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
end
def prepare!
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore 16 Sep 2008 19:10:38 -0000 1.5
+++ .cvsignore 27 Feb 2009 15:58:45 -0000 1.6
@@ -1 +1 @@
-actionpack-2.1.1.gem
+actionpack-2.1.1.tgz
Index: rubygem-actionpack.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/rubygem-actionpack.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- rubygem-actionpack.spec 16 Sep 2008 19:10:38 -0000 1.5
+++ rubygem-actionpack.spec 27 Feb 2009 15:58:45 -0000 1.6
@@ -7,15 +7,17 @@
Summary: Web-flow and rendering framework putting the VC in MVC
Name: rubygem-%{gemname}
Version: 2.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Development/Languages
License: MIT
URL: http://www.rubyonrails.org
-Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem
+Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.tgz
+Patch1: rubygem-actionpack-2.1.2-CVE-2008-5189.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: rubygems
Requires: rubygem(activesupport) = %{version}
BuildRequires: rubygems
+BuildRequires: rubygem-rake
BuildArch: noarch
Provides: rubygem(%{gemname}) = %{version}
@@ -26,14 +28,17 @@
%prep
+%setup -q -n %{gemname}-%{version}
+%patch1 -p2
%build
+rake gem
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{gemdir}
gem install --local --install-dir %{buildroot}%{gemdir} \
- --force --rdoc %{SOURCE0}
+ --force --rdoc pkg/%{gemname}-%{version}.gem
sed -i -e 1d %{buildroot}%{geminstdir}/lib/action_controller/session/drb_server.rb
@@ -57,6 +62,9 @@
%changelog
+* Thu Feb 26 2009 Jeroen van Meeuwen <kanarip at fedoraproject.org> - 2.1.1-2
+- Fix CVE-2008-5189
+
* Tue Sep 16 2008 David Lutterkort <dlutter at redhat.com> - 2.1.1-1
- New version (fixes CVE-2008-4094)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/rubygem-actionpack/EL-5/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources 16 Sep 2008 19:10:38 -0000 1.5
+++ sources 27 Feb 2009 15:58:45 -0000 1.6
@@ -1 +1 @@
-b26ef2136ec19dcd5dbc22d27bdbb884 actionpack-2.1.1.gem
+5dbe7b440ec5cc09c090aeace4896d9e actionpack-2.1.1.tgz
- Previous message (by thread): rpms/rubygem-actionpack/F-9 import.log, NONE, 1.1 rubygem-actionpack-2.1.2-CVE-2008-5189.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 rubygem-actionpack.spec, 1.6, 1.7 sources, 1.6, 1.7
- Next message (by thread): rpms/xorg-x11-drv-cirrus/devel cirrus-1.2.0-qemu.patch, NONE, 1.1 xorg-x11-drv-cirrus.spec, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list