diff --git a/.cvsignore b/.cvsignore
index 0fe501c..ba9a5a0 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-actionpack-2.1.1.gem
+actionpack-2.1.1.tgz
diff --git a/import.log b/import.log
new file mode 100644
index 0000000..cba27d8
--- /dev/null
+++ b/import.log
@@ -0,0 +1 @@
+rubygem-actionpack-2_1_1-2_fc10:F-9:rubygem-actionpack-2.1.1-2.fc10.src.rpm:1235750232
diff --git a/rubygem-actionpack-2.1.2-CVE-2008-5189.patch b/rubygem-actionpack-2.1.2-CVE-2008-5189.patch
new file mode 100644
index 0000000..16f7cbe
--- /dev/null
+++ b/rubygem-actionpack-2.1.2-CVE-2008-5189.patch
@@ -0,0 +1,17 @@
+diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
+index 1d9f667..56dace0 100755
+--- a/actionpack/lib/action_controller/response.rb
++++ b/actionpack/lib/action_controller/response.rb
+@@ -30,9 +30,9 @@ module ActionController
+ 
+     def redirect(to_url, response_status)
+       self.headers["Status"] = response_status
+-      self.headers["Location"] = to_url
++      self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
+ 
+-      self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
++      self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
+     end
+ 
+     def prepare!
+
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index aad0df6..a46e76a 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -7,15 +7,17 @@
 Summary: Web-flow and rendering framework putting the VC in MVC
 Name: rubygem-%{gemname}
 Version: 2.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
-Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem
+Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.tgz
+Patch1: rubygem-actionpack-2.1.2-CVE-2008-5189.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: rubygems
 Requires: rubygem(activesupport) = %{version}
 BuildRequires: rubygems
+BuildRequires: rubygem-rake
 BuildArch: noarch
 Provides: rubygem(%{gemname}) = %{version}
 
@@ -26,14 +28,17 @@ unit/integration testing that doesn't require a browser.
 
 
 %prep
+%setup -q -n %{gemname}-%{version}
+%patch1 -p2
 
 %build
+rake gem
 
 %install
 rm -rf %{buildroot}
 mkdir -p %{buildroot}%{gemdir}
 gem install --local --install-dir %{buildroot}%{gemdir} \
-            --force --rdoc %{SOURCE0}
+            --force --rdoc pkg/%{gemname}-%{version}.gem
 
 sed -i -e 1d %{buildroot}%{geminstdir}/lib/action_controller/session/drb_server.rb
 
@@ -57,6 +62,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Thu Feb 26 2009 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.1.1-2
+- Fix CVE-2008-5189
+
 * Tue Sep 16 2008 David Lutterkort <dlutter@redhat.com> - 2.1.1-1
 - New version (fixes CVE-2008-4094)
 
diff --git a/sources b/sources
index 20a95b3..6084d43 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b26ef2136ec19dcd5dbc22d27bdbb884  actionpack-2.1.1.gem
+5dbe7b440ec5cc09c090aeace4896d9e  actionpack-2.1.1.tgz