%{?scl:%scl_package rubygem-%{gem_name}}

%{!?scl:%global pkg_name %{name}}

%global gem_name actionview

%global bootstrap 0

Name: %{?scl_prefix}rubygem-%{gem_name}

Version: 4.1.5

Release: 5%{?dist}

Summary: Rendering framework putting the V in MVC (part of Rails)

Group: Development/Languages

License: MIT

URL: http://www.rubyonrails.org

Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem

# git clone http://github.com/rails/rails.git

# cd rails/actionview/

# git checkout v4.1.5

# tar czvf activesupport-4.1.5-tests.tgz test/

Source1: %{gem_name}-%{version}-tests.tgz

# Fix CVE-2016-0752 Possible Information Leak Vulnerability

# https://bugzilla.redhat.com/show_bug.cgi?id=1301963

Patch0: rubygem-actionview-4.1.14.1-CVE-2016-0752-fix-possible-information-leak-vulnerability.patch

Patch1: rubygem-actionview-4.1.14.1-CVE-2016-0752-fix-possible-information-leak-vulnerability-tests.patch

# Fix CVE-2016-2097: Directory traversal and information leak.

# https://bugzilla.redhat.com/show_bug.cgi?id=1310043

Patch2: rubygem-actionview-4.1.14.2-CVE-2016-2097-render_data_leak_2.patch

Patch3: rubygem-actionview-4.1.14.2-CVE-2016-2097-render_data_leak_2-tests.patch

# Fix CVE-2016-2098: Code injection vulnerability.

# https://bugzilla.redhat.com/show_bug.cgi?id=1310054

Patch4: rubygem-actionview-4.1.14.2-secure_inline_with_params.patch

Patch5: rubygem-actionview-4.1.14.2-secure_inline_with_params-tests.patch

Requires: %{?scl_prefix_ruby}ruby(release)

Requires: %{?scl_prefix_ruby}ruby(rubygems)

Requires: %{?scl_prefix}rubygem(builder) >= 3.1

Requires: %{?scl_prefix}rubygem(builder) < 4.0

Requires: %{?scl_prefix}rubygem(erubis) >= 2.7.0

Requires: %{?scl_prefix}rubygem(erubis) < 3.0

Requires: %{?scl_prefix}rubygem(activesupport) = %{version}

BuildRequires: %{?scl_prefix_ruby}ruby(release)

BuildRequires: %{?scl_prefix_ruby}rubygems-devel

%if 0%{bootstrap} < 1

BuildRequires: %{?scl_prefix}rubygem(activesupport) = %{version}

BuildRequires: %{?scl_prefix}rubygem(activerecord) = %{version}

BuildRequires: %{?scl_prefix}rubygem(actionpack) = %{version}

BuildRequires: %{?scl_prefix}rubygem(sqlite3)

BuildRequires: %{?scl_prefix_ruby}rubygem(minitest)

BuildRequires: %{?scl_prefix}rubygem(mocha) >= 0.9.8

%endif

BuildArch: noarch

Provides: %{?scl_prefix}rubygem(%{gem_name}) = %{version}

%description

Simple, battle-tested conventions and helpers for building web pages.

%package doc

Summary: Documentation for %{pkg_name}

Group: Documentation

Requires: %{?scl_prefix}%{pkg_name} = %{version}-%{release}

BuildArch: noarch

%description doc

Documentation for %{pkg_name}.

%prep

%setup -n %{pkg_name}-%{version} -q -c -T

%{?scl:scl enable %{scl} - << \EOF}

%gem_install -n %{SOURCE0}

%{?scl:EOF}

pushd .%{gem_instdir}

%patch0 -p2

%patch2 -p2

%patch4 -p2

popd

%build

%install

mkdir -p %{buildroot}%{gem_dir}

cp -pa .%{gem_dir}/* \

        %{buildroot}%{gem_dir}/

%if 0%{bootstrap} < 1

%check

pushd .%{gem_instdir}

tar xzvf %{SOURCE1} -C .

patch -F 0 -p2 < %{PATCH1}

patch -p2 < %{PATCH3}

patch -p2 < %{PATCH5}

# This requires rails git structure and only requires bundler in the end

sed -i "s|require File.expand_path('../../../load_paths', __FILE__)||" ./test/abstract_unit.rb

sed -i '16,18d' ./test/active_record_unit.rb

# Run separately as we need to avoid superclass mismatch errors

%{?scl:scl enable %{scl} - << \EOF}

ruby -Ilib:test -e "Dir.glob('./test/{actionpack,activerecord,lib}/*_test.rb').each {|t| require t}"

%{?scl:EOF}

%{?scl:scl enable %{scl} - << \EOF}

ruby -Ilib:test -e "Dir.glob('./test/template/*_test.rb').each {|t| require t}"

%{?scl:EOF}

popd

%endif

%files

%dir %{gem_instdir}

%{gem_libdir}

%exclude %{gem_cache}

%{gem_spec}

%doc %{gem_instdir}/MIT-LICENSE

%files doc

%doc %{gem_docdir}

%doc %{gem_instdir}/README.rdoc

%doc %{gem_instdir}/CHANGELOG.md

%changelog

* Mon Mar 07 2016 Vít Ondruch <vondruch@redhat.com> - 4.1.5-5

- Fix directory traversal and information leak.

  Resolves: CVE-2016-2097

- Fix code injection vulnerability.

  Resolves: CVE-2016-2098

* Thu Feb 11 2016 Pavel Valena <pvalena@redhat.com> - 4.1.5-4

- Fix Possible Information Leak Vulnerability - rhbz#1301963

  - Resolves: CVE-2016-0752

* Tue Jan 27 2015 Josef Stribny <jstribny@redhat.com> - 4.1.5-3

- Enable tests

* Thu Jan 22 2015 Josef Stribny <jstribny@redhat.com> - 4.1.5-2

- Convert to SCL

* Mon Aug 25 2014 Josef Stribny <jstribny@redhat.com> - 4.1.5-1

- Update to actionview 4.1.5

* Fri Jul 04 2014 Josef Stribny <jstribny@redhat.com> - 4.1.4-1

- Update to actionview 4.1.4

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.1.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu May 22 2014 Josef Stribny <jstribny@redhat.com> - 4.1.1-1

- Update to ActionView 4.1.1

* Tue Apr 15 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-2

- Unpack test suite in %%check

- Adjust tests to run with all dependencies

* Thu Apr 10 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-1

- Initial package