RPM - rubygem-rails 1:3.0.5-2.fc15 - includes changes from Rails 3.0.8
Lukas Zapletal
lzap+fed at redhat.com
Thu Aug 18 07:55:35 UTC 2011
On 08/17/2011 12:07 PM, Ivan Nečas wrote:
> Do we have to count on this kind of version differences between Gems and
> RPMs, or there was some problem in packaging?
I guess we call this "backporting" :-)
If you check the SRPM, you will find there is the patch you are
referring to. The thing is - we (or ruby-sig in this case) backport
important (security related etc) fixes in the released versions. In this
case its 3.0.5.
It is not possible to upgrade to 3.0.8 because Fedora 15 is considered
as "stable". We are not rolling Gentoo :-) The only way to fix a
particular problem is to provide a patch file in the SRPM and bump the
epoch number (number three in this case). The gold rule is not to modify
the source tarball. For more info see Fedora Packaging Guidelines.
Do this (having yum-utils installed):
$ yumdownloader --source rubygem-activesupport
Unpack the SRPM (or install it) and find this file:
$ md5sum cve-2011-2197-fix.patch
883d8eac854ded578f4d3f3e371fedc4 cve-2011-2197-fix.patch
Here we go...
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
It's more Katello problem - you (we) should all develop on the very same
rubygems as users do have. In this case you use original gem files vs
gems from RPMs. That is the reason why you see the error in the development.
--
Later,
Lukas "lzap" Zapletal
More information about the ruby-sig
mailing list