!25 [sync] PR-23: Upgrade to 6.1.4.1

From: @openeuler-sync-bot 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek

CVE-2021-22885.patch

@@ -1,53 +0,0 @@
-From be6dd1c705551823db13b47ca76b0a6540e21135 Mon Sep 17 00:00:00 2001
-From: Gannon McGibbon <gannon.mcgibbon@shopify.com>
-Date: Thu, 18 Feb 2021 13:17:08 -0500
-Subject: [PATCH] Prevent string polymorphic route arguments
-
-url_for supports building polymorphic URLs via an array
-of arguments (usually symbols and records). If an array is passed,
-strings can result in unwanted route helper calls.
-
-CVE-2021-22885
----
- .../action_dispatch/routing/polymorphic_routes.rb    | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/polymorphic_routes.rb b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/polymorphic_routes.rb
-index 6da869c..84b78e1 100644
---- a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/polymorphic_routes.rb
-+++ b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/polymorphic_routes.rb
-@@ -288,10 +288,12 @@ module ActionDispatch
- 
-             args = []
- 
--            route = record_list.map { |parent|
-+            route = record_list.map do |parent|
-               case parent
--              when Symbol, String
-+              when Symbol
-                 parent.to_s
-+              when String
-+                raise(ArgumentError, "Please use symbols for polymorphic route arguments.")
-               when Class
-                 args << parent
-                 parent.model_name.singular_route_key
-@@ -299,12 +301,14 @@ module ActionDispatch
-                 args << parent.to_model
-                 parent.to_model.model_name.singular_route_key
-               end
--            }
-+            end
- 
-             route <<
-             case record
--            when Symbol, String
-+            when Symbol
-               record.to_s
-+            when String
-+              raise(ArgumentError, "Please use symbols for polymorphic route arguments.")
-             when Class
-               @key_strategy.call record.model_name
-             else
--- 
-2.23.0
-

CVE-2021-22904.patch

@@ -1,29 +0,0 @@
-From f97d14a056c9b6ec6bf46d24e0c04b4893e78d41 Mon Sep 17 00:00:00 2001
-From: Aaron Patterson <aaron@rubyonrails.org>
-Date: Tue, 4 May 2021 15:49:21 -0700
-Subject: [PATCH] Prevent slow regex when parsing host authorization header
-
-The old regex could take too long when parsing an authorization header,
-and this could potentially cause a DoS vulnerability
-
-[CVE-2021-22904]
----
- .../lib/action_controller/metal/http_authentication.rb          | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
-index 01676f3..d2e6674 100644
---- a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
-+++ b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
-@@ -406,7 +406,7 @@ module ActionController
-     module Token
-       TOKEN_KEY = "token="
-       TOKEN_REGEX = /^(Token|Bearer)\s+/
--      AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/
-+      AUTHN_PAIR_DELIMITERS = /(?:,|;|\t)/
-       extend self
- 
-       module ControllerMethods
--- 
-2.23.0
-

rubygem-actionpack.spec

@@ -1,57 +1,79 @@
 %global gem_name actionpack
-%{?_with_bootstrap: %global bootstrap 1}
+%bcond_with bootstrap
-%global bootstrap 1
-Name:                rubygem-%{gem_name}
-Epoch:               1
-Version:             5.2.4.4
-Release:             3
-Summary:             Web-flow and rendering framework putting the VC in MVC (part of Rails)
-License:             MIT
-URL:                 http://rubyonrails.org
-Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
-Source1:             https://github.com/rails/rails/archive/v5.2.4.4.tar.gz
-Patch0:              CVE-2021-22885.patch
-Patch1:              CVE-2021-22904.patch
 
-BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2
+Name:		rubygem-%{gem_name}
-%if ! 0%{?bootstrap}
+Epoch:		1
-BuildRequires:       rubygem(activemodel) = %{version} rubygem(activerecord) = %{version}
+Version:	6.1.4.1
-BuildRequires:       rubygem(activesupport) = %{version} rubygem(actionview) = %{version}
+Release: 	1
-BuildRequires:       rubygem(railties) = %{version} rubygem(rack) rubygem(rack-cache)
+Summary: 	Web-flow and rendering framework putting the VC in MVC (part of Rails)
-BuildRequires:       rubygem(rack-test) rubygem(puma) rubygem(capybara) >= 2.13.0
+License: 	MIT
+URL: 		http://rubyonrails.org
+Source0: 	https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Source1: 	%{gem_name}-%{version}-tests.txz
+Source2: 	rails-%{version}-tools.txz
+
+# Let's keep Requires and BuildRequires sorted alphabeticaly
+BuildRequires: 	ruby(release)
+BuildRequires: 	rubygems-devel
+BuildRequires: 	ruby >= 2.2.2
+%if %{without bootstrap}
+BuildRequires: 	rubygem(activemodel) = %{version}
+BuildRequires: 	rubygem(activerecord) = %{version}
+BuildRequires: 	rubygem(activesupport) = %{version}
+BuildRequires: 	rubygem(actionview) = %{version}
+BuildRequires: 	rubygem(railties) = %{version}
+BuildRequires: 	rubygem(rack)
+BuildRequires: 	rubygem(rack-cache)
+BuildRequires: 	rubygem(rack-test)
+BuildRequires: 	rubygem(puma)
+BuildRequires: 	rubygem(capybara) >= 3.26
+BuildRequires: 	rubygem(selenium-webdriver)
+BuildRequires: 	rubygem(rexml)
 %endif
-BuildArch:           noarch
+BuildRequires:  rubygem(did_you_mean)
+BuildArch: 	noarch
+
 %description
 Eases web-request routing, handling, and response as a half-way front,
 half-way page controller. Implemented with specific emphasis on enabling easy
 unit/integration testing that doesn't require a browser.
 
-%package doc
+%package 	doc
-Summary:             Documentation for %{name}
+Summary: 	Documentation for %{name}
-Requires:            %{name} = %{epoch}:%{version}-%{release}
+Requires: 	%{name} = %{epoch}:%{version}-%{release}
-BuildArch:           noarch
+BuildArch:	noarch
-%description doc
+
+%description 	doc
 Documentation for %{name}.
 
 %prep
-%setup -q -c -T
+%setup -q -n %{gem_name}-%{version}%{?prerelease} -b1 -b2
-%gem_install -n %{SOURCE0}
-%patch0 -p1
-%patch1 -p1
 
 %build
+gem build ../%{gem_name}-%{version}%{?prerelease}.gemspec
+%gem_install
 
 %install
 mkdir -p %{buildroot}%{gem_dir}
 cp -a .%{gem_dir}/* \
         %{buildroot}%{gem_dir}/
-%if ! 0%{?bootstrap}
 
+
+%if %{without bootstrap}
 %check
 pushd .%{gem_instdir}
-tar xzvf %{SOURCE1}
+ln -s %{_builddir}/tools ..
-cd rails-%{version}/%{gem_name}
+cp -a %{_builddir}/test .
-ruby -Ilib:test -e 'Dir.glob "./test/**/*_test.rb", &method(:require)'
+for tname in 'rendering a relative path with dot' 'rendering a relative path'; do
+  sed -i "/^\s* test \"$tname\" do/ a \      skip" \
+    test/controller/new_base/render_file_test.rb
+done
+
+sed -i '/\s*"browserName" => "\S*"\s*$/ d' test/dispatch/system_testing/driver_test.rb
+find test -type f -name '*_test.rb' -print0 | \
+  sort -z | \
+  xargs -0 -n1 -i sh -c "echo '* Test file: {}'; ruby -Ilib:test -- '{}' || exit 255"
+
 popd
 %endif
 
@@ -68,6 +90,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Thu May 03 2022 wangkerong <wangkerong@h-partners.com>- 6.1.4.1-1
+- Upgrade to 6.1.4.1
+
 * Mon Jun 28 2021 wangyue<wangyue92@huawei.com> - 5.2.4.4-3
 - Fix CVE-2021-22904