Update to rack-protection 2.0.8.1.

Resolves: rhbz#1744277 Resolves: rhbz#1800024
5 years ago · f64a95542e
parent 231a595909
commit f64a95542e
4 changed files with 93 additions and 36 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,5 @@
 /rack-protection-2.0.0.gem
 /rack-protection-2.0.3-tests.tgz
 /rack-protection-2.0.3.gem
 /rack-protection-2.0.8.1-spec.tar.gz
 /rack-protection-2.0.8.1.gem
--- a/rubygem-rack-protection-2.0.8.1-Fix-failing-tests.patch
+++ b/rubygem-rack-protection-2.0.8.1-Fix-failing-tests.patch
@ -0,0 +1,34 @@
 From 750aa3b0de06dad41539bdb402123b5416a3475d Mon Sep 17 00:00:00 2001
 From: Jordan Owens <jkowens@gmail.com>
 Date: Tue, 10 Mar 2020 10:24:05 -0400
 Subject: [PATCH] Fix failing tests
 Rack added support for Multi-part ranges and apparently changed the
 format of cookie expires timestamp format to match specs.
 ---
 .../spec/lib/rack/protection/cookie_tossing_spec.rb  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 diff --git a/rack-protection/spec/lib/rack/protection/cookie_tossing_spec.rb b/rack-protection/spec/lib/rack/protection/cookie_tossing_spec.rb
 index af46ffc2b..f973bd476 100644
 --- a/rack-protection/spec/lib/rack/protection/cookie_tossing_spec.rb
 +++ b/rack-protection/spec/lib/rack/protection/cookie_tossing_spec.rb
@@ -28,12 +28,12 @@
       get '/some/path', {}, 'HTTP_COOKIE' => 'rack.%73ession=EVIL_SESSION_TOKEN; rack.session=EVIL_SESSION_TOKEN; rack.session=SESSION_TOKEN'
       expected_header = <<-END.chomp
 -rack.%2573ession=; domain=example.org; path=/; expires=Thu, 01 Jan 1970 00:00:00 -0000
 -rack.%2573ession=; domain=example.org; path=/some; expires=Thu, 01 Jan 1970 00:00:00 -0000
 -rack.%2573ession=; domain=example.org; path=/some/path; expires=Thu, 01 Jan 1970 00:00:00 -0000
 -rack.session=; domain=example.org; path=/; expires=Thu, 01 Jan 1970 00:00:00 -0000
 -rack.session=; domain=example.org; path=/some; expires=Thu, 01 Jan 1970 00:00:00 -0000
 -rack.session=; domain=example.org; path=/some/path; expires=Thu, 01 Jan 1970 00:00:00 -0000
 +rack.%2573ession=; domain=example.org; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
 +rack.%2573ession=; domain=example.org; path=/some; expires=Thu, 01 Jan 1970 00:00:00 GMT
 +rack.%2573ession=; domain=example.org; path=/some/path; expires=Thu, 01 Jan 1970 00:00:00 GMT
 +rack.session=; domain=example.org; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
 +rack.session=; domain=example.org; path=/some; expires=Thu, 01 Jan 1970 00:00:00 GMT
 +rack.session=; domain=example.org; path=/some/path; expires=Thu, 01 Jan 1970 00:00:00 GMT
 END
       expect(last_response.headers['Set-Cookie']).to eq(expected_header)
     end
--- a/rubygem-rack-protection.spec
+++ b/rubygem-rack-protection.spec
@ -1,63 +1,78 @@
 %global gem_name rack-protection
-%{?_with_bootstrap: %global bootstrap 1}
+%bcond_with bootstrap
-
+
-Summary:        Ruby gem that protects against typical web attacks
+Name: rubygem-%{gem_name}
-Name:           rubygem-%{gem_name}
+Version: 2.0.8.1
-Version:        2.0.3
+Release: 1%{?dist}
-Release:        5%{?dist}
+Summary: Ruby gem that protects against typical web attacks
-License:        MIT
+License: MIT
-URL:            http://github.com/sinatra/sinatra/tree/master/rack-protection
+URL: http://sinatrarb.com/protection/
-Source0:        https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
 # git clone https://github.com/sinatra/sinatra.git && cd sinatra/rack-protection
-# git checkout v2.0.3 && tar czvf rack-protection-2.0.3-tests.tgz spec/
+# git archive -v -o rack-protection-2.0.8.1-spec.tar.gz v2.0.8.1 spec/
-Source1: %{gem_name}-%{version}-tests.tgz
+Source1: %{gem_name}-%{version}-spec.tar.gz
 # Fix test failure due to Rack 2.2.2 incompatibility.
 # https://github.com/sinatra/sinatra/pull/1605
 Patch0: rubygem-rack-protection-2.0.8.1-Fix-failing-tests.patch
 BuildRequires: ruby(release)
-BuildRequires:  rubygems-devel
+BuildRequires: rubygems-devel
 BuildRequires: ruby
-%if ! 0%{?bootstrap}
+%if %{without bootstrap}
-BuildRequires:  rubygem(rack)
+BuildRequires: rubygem(rack)
-BuildRequires:  rubygem(rspec)
+BuildRequires: rubygem(rspec)
-BuildRequires:  rubygem(rack-test)
+BuildRequires: rubygem(rack-test)
 %endif
-BuildArch:      noarch
+BuildArch: noarch
 %description
-This gem protects against typical web attacks.
+Protect against typical web attacks, works with all Rack apps, including
-Should work for all Rack apps, including Rails.
+Rails.
 %package        doc
 Summary:        Documentation for %{name}
-Requires:       %{name} = %{version}-%{release}
+%package doc
 Summary: Documentation for %{name}
 Requires: %{name} = %{version}-%{release}
 BuildArch: noarch
-%description    doc
+%description doc
-This package contains documentation for %{name}.
+Documentation for %{name}.
 %prep
-%setup -q -c -T
+%setup -q -n %{gem_name}-%{version} -b 1
-%gem_install -n %{SOURCE0}
+
 pushd %{_builddir}
 %patch0 -p2
 popd
 %build
 # Create the gem as gem install only works on a gem file
 gem build ../%{gem_name}-%{version}.gemspec
 # %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
 # by default, so that we can move it into the buildroot in %%install
 %gem_install
 %install
 mkdir -p %{buildroot}%{gem_dir}
 cp -a .%{gem_dir}/* \
        %{buildroot}%{gem_dir}/
-%if ! 0%{?bootstrap}
+
 %if %{without bootstrap}
 %check
 pushd .%{gem_instdir}
-tar xzvf %{SOURCE1}
+ln -s %{_builddir}/spec spec
 rspec -r 'spec_helper' spec
 rspec -r 'spec_helper' spec
 popd
 %endif
 %install
 %{__mkdir_p} %{buildroot}%{gem_dir}
 cp -rv .%{gem_dir}/* %{buildroot}%{gem_dir}
 %files
 %dir %{gem_instdir}
 %license %{gem_instdir}/License
 %{gem_libdir}
 %exclude %{gem_instdir}/rack-protection.gemspec
 %exclude %{gem_cache}
 %{gem_spec}
@ -66,8 +81,14 @@ cp -rv .%{gem_dir}/* %{buildroot}%{gem_dir}
 %{gem_instdir}/Gemfile
 %doc %{gem_instdir}/README.md
 %{gem_instdir}/Rakefile
 %{gem_instdir}/rack-protection.gemspec
 %changelog
 * Tue Apr 28 2020 Vít Ondruch <vondruch@redhat.com> - 2.0.8.1-1
 - Update to rack-protection 2.0.8.1.
  Resolves: rhbz#1744277
  Resolves: rhbz#1800024
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rack-protection-2.0.3-tests.tgz) = 430e7a9b2a15a51faa8a8dfe892129b2d97874f9de3c5f1e2fc39f6cb46dc65bc4a39e32998377b8899dd4c67021c4097027cc26e4889b663ee7f0884171929e
+SHA512 (rack-protection-2.0.8.1-spec.tar.gz) = 50b96342aeeb7c17b71cab22433d2bb0bc78c4919cfe7b45d41d2a0595c7b5bfb08883158abf5306ee32bfea63a3b08a450c425a1b5e4ed1389e64f2c9015aad
-SHA512 (rack-protection-2.0.3.gem) = 396d1b45783e0b6782b479b6ba77c2eb23c2a6a2b695a631b7a4b9ace661471325d4d321a40ba7c8090964e68b5dd8f9c92c4843464e6d6ff178aecf9996f338
+SHA512 (rack-protection-2.0.8.1.gem) = 264aef904d9ae1c38197ad4ad44f1638905bd180fc4bb402c47856c37168059e8e975ca2de5518b1e5cebf79b970024b7d9f5f8b8908880451357dea5e428562
`@ -1,2 +1,2 @@`
	`SHA512 (rack-protection-2.0.3-tests.tgz) = 430e7a9b2a15a51faa8a8dfe892129b2d97874f9de3c5f1e2fc39f6cb46dc65bc4a39e32998377b8899dd4c67021c4097027cc26e4889b663ee7f0884171929e`	`SHA512 (rack-protection-2.0.8.1-spec.tar.gz) = 50b96342aeeb7c17b71cab22433d2bb0bc78c4919cfe7b45d41d2a0595c7b5bfb08883158abf5306ee32bfea63a3b08a450c425a1b5e4ed1389e64f2c9015aad`
	`SHA512 (rack-protection-2.0.3.gem) = 396d1b45783e0b6782b479b6ba77c2eb23c2a6a2b695a631b7a4b9ace661471325d4d321a40ba7c8090964e68b5dd8f9c92c4843464e6d6ff178aecf9996f338`	`SHA512 (rack-protection-2.0.8.1.gem) = 264aef904d9ae1c38197ad4ad44f1638905bd180fc4bb402c47856c37168059e8e975ca2de5518b1e5cebf79b970024b7d9f5f8b8908880451357dea5e428562`