diff options
author | Mo Morsi <mmorsi@redhat.com> | 2011-06-17 10:06:52 -0400 |
---|---|---|
committer | Mo Morsi <mmorsi@redhat.com> | 2011-06-17 10:06:52 -0400 |
commit | b7b20f3144dd4dac42d25b2df5f0f1700884d363 (patch) | |
tree | 8691bde90b4bdaeee5b483479c01e34f28c2cb55 /rubygem-actionpack.spec | |
parent | 6415f27dc2928e0ed75ba1f5f339d19d3dbcff1a (diff) | |
download | rubygem-actionpack-b7b20f3144dd4dac42d25b2df5f0f1700884d363.tar.gz rubygem-actionpack-b7b20f3144dd4dac42d25b2df5f0f1700884d363.tar.xz rubygem-actionpack-b7b20f3144dd4dac42d25b2df5f0f1700884d363.zip |
fix for cve-2011-2197
Diffstat (limited to 'rubygem-actionpack.spec')
-rw-r--r-- | rubygem-actionpack.spec | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec index 393c402..befe029 100644 --- a/rubygem-actionpack.spec +++ b/rubygem-actionpack.spec @@ -9,7 +9,7 @@ Summary: Web-flow and rendering framework putting the VC in MVC Name: rubygem-%{gemname} Epoch: 1 Version: 3.0.5 -Release: 2%{?dist} +Release: 3%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -38,6 +38,13 @@ Patch2: actionpack-tests-fix.patch Patch3: actionpack-downgrade-dependencies.patch +# CVE-2011-2197 +# http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications +# FIXES: https://gist.github.com/b2ceb626fc2bcdfe497f +# https://github.com/rails/rails/commit/c6503f48bd13c696fcc81f2a4a87b8cd7c009657 +# https://github.com/rails/rails/commit/2e757bc298cef715e5c56945161bbd84f2610729 +Patch4: cve-2011-2197-actionpack-fix.patch + Requires: rubygems Requires: rubygem(activesupport) = %{version} Requires: rubygem(activemodel) = %{version} @@ -95,6 +102,7 @@ pushd .%{geminstdir} %patch0 -p0 %patch1 -p0 %patch2 -p0 +%patch4 -p0 # create missing symlink pushd test/fixtures/layout_tests/layouts/ @@ -165,6 +173,9 @@ rake test --trace %changelog +* Thu Jun 16 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-3 +- Include fix for CVE-2011-2197 + * Fri Jun 03 2011 Vít Ondruch <vondruch@redhat.com> - 1:3.0.5-2 - Removed regin and multimap dependencies. They were added into rack-mount where they actually belongs. |