| |
@@ -5,13 +5,16 @@
|
| |
Summary: Ruby-based web application framework
|
| |
Name: rubygem-%{gem_name}
|
| |
Version: 2.0.0
|
| |
- Release: 2%{?dist}
|
| |
+ Release: 3%{?dist}
|
| |
License: MIT
|
| |
URL: http://www.sinatrarb.com/
|
| |
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
| |
# git clone https://github.com/sinatra/sinatra.git && cd sinatra
|
| |
# git checkout v2.0.0 && tar czvf sinatra-2.0.0-tests.tgz test/
|
| |
Source1: %{gem_name}-%{version}-tests.tgz
|
| |
+ # Fix XSS in the 400 Bad Request page.
|
| |
+ # https://github.com/sinatra/sinatra/commit/1278686
|
| |
+ Patch0: rubygem-sinatra-2.0.0-escape-invalid-query-params.patch
|
| |
BuildRequires: rubygems-devel
|
| |
%if ! 0%{?bootstrap}
|
| |
BuildRequires: rubygem(rack) >= 2.0
|
| |
@@ -58,6 +61,8 @@
|
| |
|
| |
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
| |
|
| |
+ %patch0 -p1
|
| |
+
|
| |
%build
|
| |
gem build %{gem_name}.gemspec
|
| |
%gem_install
|
| |
@@ -108,6 +113,9 @@
|
| |
%{gem_instdir}/examples
|
| |
|
| |
%changelog
|
| |
+ * Wed Jun 13 2018 Jun Aruga <jaruga@redhat.com> - 1:2.0.0-3
|
| |
+ - Fix XSS in the 400 Bad Request page (CVE-2018-11627, rhbz#1585218).
|
| |
+
|
| |
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.0-2
|
| |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
| |
|
| |
jaruga
commented 6 years ago
This PR is for f27 branch.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1585218
I did below tests.
Can you review this PR such as changelog and commit's comment.
https://koji.fedoraproject.org/koji/taskinfo?taskID=27596113
I am going to check if security issue is actually fixed by this patch.