diff options
Diffstat (limited to 'rubygem-actionpack.spec')
-rw-r--r-- | rubygem-actionpack.spec | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec index 61e6799..b76cdd8 100644 --- a/rubygem-actionpack.spec +++ b/rubygem-actionpack.spec @@ -7,7 +7,7 @@ Summary: Web-flow and rendering framework putting the VC in MVC Name: rubygem-%{gem_name} Epoch: 1 Version: 3.0.11 -Release: 1%{?dist} +Release: 2%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -36,6 +36,14 @@ Patch2: actionpack-tests-fix.patch Patch3: actionpack-downgrade-dependencies.patch +# Fixes CVE-2012-1098 +# https://bugzilla.redhat.com/show_bug.cgi?id=799275 +Patch4: actionpack-safe-buffer-slice-fix.patch + +# Fixes CVE-2012-1099 +# https://bugzilla.redhat.com/show_bug.cgi?id=799276 +Patch5: actionpack-select-options-XSS-fix.patch + Requires: ruby(rubygems) Requires: rubygem(activesupport) = %{version} Requires: rubygem(activemodel) = %{version} @@ -94,6 +102,8 @@ pushd .%{gem_instdir} %patch0 -p0 %patch1 -p0 %patch2 -p0 +%patch4 -p2 +%patch5 -p2 # create missing symlink pushd test/fixtures/layout_tests/layouts/ @@ -165,6 +175,10 @@ rake test --trace %changelog +* Tue Mar 06 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-2 +- Fix for CVE-2012-1098. +- Fix for CVE-2012-1099. + * Tue Jan 31 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-1 - Rebuilt for Ruby 1.9.3. - Updated to ActionPack 3.0.11. |