diff --git a/CVE-2020-8151.patch b/CVE-2020-8151.patch deleted file mode 100644 index 373afbf7991a09f895689e7c03d50310595a8645..0000000000000000000000000000000000000000 --- a/CVE-2020-8151.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 83740a86bff7f0fa7d0caba5406ee125736cd133 Mon Sep 17 00:00:00 2001 -From: Aaron Patterson -Date: Fri, 8 Oct 2021 14:33:44 +0800 -Subject: [PATCH] Properly encode ID parameters to avoid prossible -information - -[CVE-2020-8151] - ---- - lib/active_resource/base.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/active_resource/base.rb b/lib/active_resource/base.rb -index 3576d0c..913ba45 100644 ---- a/lib/active_resource/base.rb -+++ b/lib/active_resource/base.rb -@@ -763,7 +763,7 @@ module ActiveResource - check_prefix_options(prefix_options) - - prefix_options, query_options = split_options(prefix_options) if query_options.nil? -- "#{prefix(prefix_options)}#{collection_name}/#{URI.parser.escape id.to_s}#{format_extension}#{query_string(query_options)}" -+ "#{prefix(prefix_options)}#{collection_name}/#{URI.encode_www_form_component(id.to_s)}#{format_extension}#{query_string(query_options)}" - end - - # Gets the new element path for REST resources. --- -2.27.0 - diff --git a/activeresource-5.0.0.gem b/activeresource-5.0.0.gem deleted file mode 100644 index 6ea73e64bf0fc5b224a2735933a179dd78aa5989..0000000000000000000000000000000000000000 Binary files a/activeresource-5.0.0.gem and /dev/null differ diff --git a/activeresource-5.1.1-tests.tar.gz b/activeresource-5.1.1-tests.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..95cf65c8ac3f10d385a95e6e4d40f5e01892419d Binary files /dev/null and b/activeresource-5.1.1-tests.tar.gz differ diff --git a/activeresource-5.1.1.gem b/activeresource-5.1.1.gem new file mode 100644 index 0000000000000000000000000000000000000000..79e2828ea1ecc55e931ebcc4ae3abdfba83a2a83 Binary files /dev/null and b/activeresource-5.1.1.gem differ diff --git a/rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch b/rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch deleted file mode 100644 index 5776931c909ee294712ff464713cacaeb9230520..0000000000000000000000000000000000000000 --- a/rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 984181f2b26fe78c94f52d81aed72e25f3d16bf4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Thu, 1 Jun 2017 13:12:51 +0200 -Subject: [PATCH] Always load 'abstract_unit' on the top of test file. - -This helps to prevent issues such as: - -~~~ -+ ruby -Itest -e 'Dir.glob "./test/**/*_test.rb", &method(:require)' -/builddir/build/BUILD/activeresource-5.0.0/usr/share/gems/gems/activeresource-5.0.0/test/threadsafe_attributes_test.rb:1:in `': uninitialized constant ActiveSupport (NameError) -from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' -from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' -from -e:1:in `glob' -from -e:1:in `
' -~~~ ---- - test/cases/collection_test.rb | 2 ++ - test/threadsafe_attributes_test.rb | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/test/cases/collection_test.rb b/test/cases/collection_test.rb -index 025d3ca..9722375 100644 ---- a/test/cases/collection_test.rb -+++ b/test/cases/collection_test.rb -@@ -1,3 +1,5 @@ -+require 'abstract_unit' -+ - class CollectionTest < ActiveSupport::TestCase - def setup - @collection = ActiveResource::Collection.new -diff --git a/test/threadsafe_attributes_test.rb b/test/threadsafe_attributes_test.rb -index 7c3151d..e2459c7 100644 ---- a/test/threadsafe_attributes_test.rb -+++ b/test/threadsafe_attributes_test.rb -@@ -1,3 +1,5 @@ -+require 'abstract_unit' -+ - class ThreadsafeAttributesTest < ActiveSupport::TestCase - - class TestClass --- -2.12.2 - diff --git a/rubygem-activeresource.spec b/rubygem-activeresource.spec index 8ae309c0e019b05f848c1b7936a566d757f66cfb..f1a5462e672d09e239e96e7cedab85d7594898a9 100644 --- a/rubygem-activeresource.spec +++ b/rubygem-activeresource.spec @@ -1,18 +1,16 @@ %global gem_name activeresource Name: rubygem-%{gem_name} Epoch: 1 -Version: 5.0.0 -Release: 2 +Version: 5.1.1 +Release: 1 Summary: REST modeling framework (part of Rails) License: MIT URL: http://www.rubyonrails.org -Source0: https://rubygems.org/gems/activeresource-5.0.0.gem -Source1: https://github.com/rails/activeresource/archive/v5.0.0.tar.gz -Patch0: rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch -Patch1: CVE-2020-8151.patch +Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem +Source1: %{gem_name}-%{version}-tests.tar.gz BuildRequires: ruby(release) rubygems-devel ruby rubygem(activemodel) >= 5.0 BuildRequires: rubygem(activesupport) >= 5.0 rubygem(activemodel-serializers-xml) -BuildRequires: rubygem(bundler) rubygem(mocha) +BuildRequires: rubygem(activejob) rubygem(mocha) rubygem(rexml) BuildArch: noarch %description REST on Rails. Wrap your RESTful web app with Ruby classes and work with them @@ -27,13 +25,10 @@ BuildArch: noarch Documentation for %{name}. %prep -gem unpack %{SOURCE0} -%setup -q -D -T -n %{gem_name}-%{version} -gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec -%patch1 -p1 +%setup -q -n %{gem_name}-%{version} -b 1 %build -gem build %{gem_name}.gemspec +gem build ../%{gem_name}-%{version}.gemspec %gem_install %install @@ -42,18 +37,19 @@ cp -a .%{gem_dir}/* \ %{buildroot}%{gem_dir}/ %check -cp %{gem_name}.gemspec .%{gem_instdir} pushd .%{gem_instdir} -tar xzvf %{SOURCE1} -cd %{gem_name}-%{version} -cat %{PATCH0} | patch -p1 -echo 'gemspec' > Gemfile -sed -i '/rake/ s/^/#/' %{gem_name}.gemspec -ruby -Itest -e 'Dir.glob "./test/**/*_test.rb", &method(:require)' +# Move the tests into place +ln -s %{_builddir}/test test + +# Bundler just complicates everything. +sed -i "/bundler/ s/^/#/" test/abstract_unit.rb + +ruby -Ilib:test -e 'Dir.glob "./test/**/*_test.rb", &method(:require)' popd %files %dir %{gem_instdir} +%license %{gem_instdir}/MIT-LICENSE %{gem_libdir} %exclude %{gem_cache} %{gem_spec} @@ -63,6 +59,9 @@ popd %doc %{gem_instdir}/README.rdoc %changelog +* Thur Mar 3 2022 liqiuyu - 5.1.1-1 +- update to 5.1.1 + * Fri Oct 8 2021 liwu - 5.0.0-2 - Fix CVE-2020-8151 diff --git a/v5.0.0.tar.gz b/v5.0.0.tar.gz deleted file mode 100644 index 4c20a9f551966843a58ae50b628e464a9ac064a8..0000000000000000000000000000000000000000 Binary files a/v5.0.0.tar.gz and /dev/null differ