update to 5.1.1

(cherry picked from commit 9746d9ac4e06728a8fc86dbd8948640963484de8)
2022-03-03 11:38:39 +08:00 · 2022-03-03 11:38:39 +08:00 · ea21d77d79
commit ea21d77d79
parent c9067b8c58
7 changed files with 18 additions and 90 deletions
--- a/CVE-2020-8151.patch
+++ b/CVE-2020-8151.patch
@ -1,28 +0,0 @@
 From 83740a86bff7f0fa7d0caba5406ee125736cd133 Mon Sep 17 00:00:00 2001
 From: Aaron Patterson <tenderlove@ruby-lang.org>
 Date: Fri, 8 Oct 2021 14:33:44 +0800
 Subject: [PATCH] Properly encode ID parameters to avoid prossible
 information
 [CVE-2020-8151]
 ---
 lib/active_resource/base.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/active_resource/base.rb b/lib/active_resource/base.rb
 index 3576d0c..913ba45 100644
 --- a/lib/active_resource/base.rb
 +++ b/lib/active_resource/base.rb
@@ -763,7 +763,7 @@ module ActiveResource
         check_prefix_options(prefix_options)
         prefix_options, query_options = split_options(prefix_options) if query_options.nil?
 -        "#{prefix(prefix_options)}#{collection_name}/#{URI.parser.escape id.to_s}#{format_extension}#{query_string(query_options)}"
 +        "#{prefix(prefix_options)}#{collection_name}/#{URI.encode_www_form_component(id.to_s)}#{format_extension}#{query_string(query_options)}"
       end
       # Gets the new element path for REST resources.
 -- 
 2.27.0
--- a/activeresource-5.0.0.gem
+++ b/activeresource-5.0.0.gem
--- a/activeresource-5.1.1-tests.tar.gz
+++ b/activeresource-5.1.1-tests.tar.gz
--- a/activeresource-5.1.1.gem
+++ b/activeresource-5.1.1.gem
--- a/rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch
+++ b/rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch
@ -1,43 +0,0 @@
 From 984181f2b26fe78c94f52d81aed72e25f3d16bf4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Thu, 1 Jun 2017 13:12:51 +0200
 Subject: [PATCH] Always load 'abstract_unit' on the top of test file.
 This helps to prevent issues such as:
 ~~~
 + ruby -Itest -e 'Dir.glob "./test/**/*_test.rb", &method(:require)'
 /builddir/build/BUILD/activeresource-5.0.0/usr/share/gems/gems/activeresource-5.0.0/test/threadsafe_attributes_test.rb:1:in `<top (required)>': uninitialized constant ActiveSupport (NameError)
 from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require'
 from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require'
 from -e:1:in `glob'
 from -e:1:in `<main>'
 ~~~
 ---
 test/cases/collection_test.rb      | 2 ++
 test/threadsafe_attributes_test.rb | 2 ++
 2 files changed, 4 insertions(+)
 diff --git a/test/cases/collection_test.rb b/test/cases/collection_test.rb
 index 025d3ca..9722375 100644
 --- a/test/cases/collection_test.rb
 +++ b/test/cases/collection_test.rb
@@ -1,3 +1,5 @@
 +require 'abstract_unit'
 +
 class CollectionTest < ActiveSupport::TestCase
   def setup
     @collection = ActiveResource::Collection.new
 diff --git a/test/threadsafe_attributes_test.rb b/test/threadsafe_attributes_test.rb
 index 7c3151d..e2459c7 100644
 --- a/test/threadsafe_attributes_test.rb
 +++ b/test/threadsafe_attributes_test.rb
@@ -1,3 +1,5 @@
 +require 'abstract_unit'
 +
 class ThreadsafeAttributesTest < ActiveSupport::TestCase
   class TestClass
 -- 
 2.12.2
--- a/rubygem-activeresource.spec
+++ b/rubygem-activeresource.spec
@ -1,18 +1,16 @@
 %global gem_name activeresource
 Name:                rubygem-%{gem_name}
 Epoch:               1
-Version:             5.0.0
+Version:             5.1.1
-Release:             2
+Release:             1
 Summary:             REST modeling framework (part of Rails)
 License:             MIT
 URL:                 http://www.rubyonrails.org
-Source0:             https://rubygems.org/gems/activeresource-5.0.0.gem
+Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
-Source1:             https://github.com/rails/activeresource/archive/v5.0.0.tar.gz
+Source1:             %{gem_name}-%{version}-tests.tar.gz
 Patch0:              rubygem-activeresource-5.0.0-Always-load-abstract_unit-on-the-top-of-test-file.patch
 Patch1:              CVE-2020-8151.patch
 BuildRequires:       ruby(release) rubygems-devel ruby rubygem(activemodel) >= 5.0
 BuildRequires:       rubygem(activesupport) >= 5.0 rubygem(activemodel-serializers-xml)
-BuildRequires:       rubygem(bundler) rubygem(mocha)
+BuildRequires:       rubygem(activejob) rubygem(mocha) rubygem(rexml)
 BuildArch:           noarch
 %description
 REST on Rails. Wrap your RESTful web app with Ruby classes and work with them
@ -27,13 +25,10 @@ BuildArch:           noarch
 Documentation for %{name}.
 %prep
-gem unpack %{SOURCE0}
+%setup -q -n %{gem_name}-%{version} -b 1
 %setup -q -D -T -n  %{gem_name}-%{version}
 gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
 %patch1 -p1
 %build
-gem build %{gem_name}.gemspec
+gem build ../%{gem_name}-%{version}.gemspec
 %gem_install
 %install
@ -42,18 +37,19 @@ cp -a .%{gem_dir}/* \
        %{buildroot}%{gem_dir}/
 %check
 cp %{gem_name}.gemspec .%{gem_instdir}
 pushd .%{gem_instdir}
-tar xzvf %{SOURCE1}
+# Move the tests into place
-cd %{gem_name}-%{version}
+ln -s %{_builddir}/test test
-cat %{PATCH0} | patch -p1
+
-echo 'gemspec' > Gemfile
+# Bundler just complicates everything.
-sed -i '/rake/ s/^/#/' %{gem_name}.gemspec
+sed -i "/bundler/ s/^/#/" test/abstract_unit.rb
-ruby -Itest -e 'Dir.glob "./test/**/*_test.rb", &method(:require)'
+
 ruby -Ilib:test -e 'Dir.glob "./test/**/*_test.rb", &method(:require)'
 popd
 %files
 %dir %{gem_instdir}
 %license %{gem_instdir}/MIT-LICENSE
 %{gem_libdir}
 %exclude %{gem_cache}
 %{gem_spec}
@ -63,6 +59,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 %changelog
 * Thur Mar 3 2022 liqiuyu <liqiuyu@kylinos.cn> - 5.1.1-1
 - update to 5.1.1
 * Fri Oct 8 2021 liwu <liwu13@huawei.com> - 5.0.0-2
 - Fix CVE-2020-8151
--- a/v5.0.0.tar.gz
+++ b/v5.0.0.tar.gz