!11 Fix CVE-2024-27285

From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001

CVE-2024-27285.patch

@@ -0,0 +1,27 @@
+From d78fc393d603c4fc35975969296ed381146a29d4 Mon Sep 17 00:00:00 2001
+From: Aviv Keller <38299977+RedYetiDev@users.noreply.github.com>
+Date: Wed, 28 Feb 2024 12:57:39 -0500
+Subject: [PATCH] Update frames.erb
+
+---
+ templates/default/fulldoc/html/frames.erb | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/templates/default/fulldoc/html/frames.erb b/templates/default/fulldoc/html/frames.erb
+index e803bcd6c..994aee97e 100644
+--- a/templates/default/fulldoc/html/frames.erb
++++ b/templates/default/fulldoc/html/frames.erb
+@@ -5,10 +5,10 @@
+ 	<title><%= options.title %></title>
+ </head>
+ <script type="text/javascript">
+-  var match = unescape(window.location.hash).match(/^#!(.+)/);
++  var match = decodeURIComponent(window.location.hash).match(/^#!(.+)/);
+   var name = match ? match[1] : '<%= url_for_main %>';
+-  name = name.replace(/^(\w+):\/\//, '').replace(/^\/\//, '');
+-  window.top.location = name;
++  name = name.replace(/^((\w*):)?[\/\\]*/gm, '').trim();
++  window.top.location.replace(name)
+ </script>
+ <noscript>
+   <h1>Oops!</h1>

rubygem-yard.spec

@@ -1,13 +1,19 @@
 %global gem_name yard
 Name:                rubygem-%{gem_name}
-Version:             0.9.12
-Release:             1
+Version:             0.9.34
+Release:             2
 Summary:             Documentation tool for consistent and usable documentation in Ruby
 License:             MIT and (BSD or Ruby)
 URL:                 http://yardoc.org
-Source0:             https://rubygems.org/gems/yard-%{version}.gem
-BuildRequires:       ruby(release) rubygems-devel ruby rubygem(RedCloth) rubygem(bundler)
-BuildRequires:       rubygem(rspec) rubygem(redcarpet) rubygem(rack)
+Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
+# git clone http://github.com/lsegal/yard
+# cd yard && git archive -v -o yard-0.9.34-spec.txz v0.9.34 spec/
+Source1:             %{gem_name}-%{version}-spec.txz
+# https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4
+Patch0:              CVE-2024-27285.patch
+
+BuildRequires:       ruby(release) rubygems-devel ruby rubygem(RedCloth) rubygem(asciidoctor) rubygem(bundler)
+BuildRequires:       rubygem(rspec) rubygem(redcarpet) rubygem(rack) rubygem(webrick)
 BuildArch:           noarch
 %description
 YARD is a documentation generation tool for the Ruby programming language.
@@ -23,7 +29,8 @@ BuildArch:           noarch
 Documentation for %{name}.
 
 %prep
-%setup -q -n  %{gem_name}-%{version}
+%setup -q -n  %{gem_name}-%{version} -b1
+%patch0 -p1
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -36,14 +43,14 @@ cp -a .%{gem_dir}/* \
 mkdir -p %{buildroot}%{_bindir}
 cp -a .%{_bindir}/* \
         %{buildroot}%{_bindir}/
-find %{buildroot}%{gem_instdir} -type f | xargs chmod a-x
-find %{buildroot}%{gem_instdir}/bin -type f | xargs chmod a+x
+find %{buildroot}%{gem_instdir}/bin -type f | xargs chmod 0755
 
 %check
 pushd .%{gem_instdir}
-sed -i '/bundler\/setup/ s/^/#/' spec/spec_helper.rb
-sed -i '/allow(File)\.to receive(:exist?).with(\/\\\.yardopts$\/)/ i\      allow(File).to receive(:exist?).and_return(true)' spec/cli/server_spec.rb
-sed -i '/expect(File)\.to receive(:file?).with(%r{\/\\\.yard\/yri_cache$})\.and_return(false)/ i\      allow(File).to receive(:file?).and_return(false)' spec/cli/yri_spec.rb
+cp -r %{_builddir}/spec .
+
+sed -i spec/cli/diff_spec.rb -e '\@"searches for .gem file"@s|\([ \t]it \)|\txit |'
+
 rspec -r spec_helper spec
 popd
 
@@ -52,11 +59,12 @@ popd
 %{_bindir}/yard
 %{_bindir}/yardoc
 %{_bindir}/yri
-%exclude %{gem_instdir}/.yardopts
+%exclude %{gem_instdir}/.*
 %license %{gem_instdir}/LEGAL
 %license %{gem_instdir}/LICENSE
 %{gem_instdir}/bin
 %{gem_libdir}
+%{gem_instdir}/po
 %{gem_instdir}/templates
 %exclude %{gem_cache}
 %{gem_spec}
@@ -65,12 +73,24 @@ popd
 %doc %{gem_docdir}
 %doc %{gem_instdir}/CHANGELOG.md
 %doc %{gem_instdir}/README.md
-%{gem_instdir}/Rakefile
-%{gem_instdir}/benchmarks
+%{gem_plugin}
 %doc %{gem_instdir}/docs
-%{gem_instdir}/spec
-%{gem_instdir}/%{gem_name}.gemspec
 
 %changelog
+* Thu Feb 29 2024 yaoxin <yao_xin001@hoperun.com> - 0.9.34-2
+- Fix CVE-2024-27285
+
+* Tue Aug 1 2023 liyanan <thistleslyn@163.com> - 0.9.34-1
+- Update to 0.9.34
+
+* Tue Jan 17 2023 caodongxia <caodongxia@h-partners.com> - 0.9.28-1
+- update to 0.9.28
+
+* Sat Jan 22 2022 liyanan <liyanan32@huawei.com> - 0.9.26-2
+- Fix build error for Ruby 3
+
+* Mon Jul 26 2021 houyingchao <houyingchao@huawei.com> - 0.9.26-1
+- Upgrade to 0.9.26
+
 * Sat Aug 8 2020 yanan li <liyanan032@huawei.com> - 0.9.12-1
 - Package init