From e92f1273b50942b4c92c7367921f3fe8783ae78d Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Fri, 22 Jul 2011 09:37:19 -0400
Subject: Fix potential XSS vulnerability in rename hint

---
 cgit.spec | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'cgit.spec')

diff --git a/cgit.spec b/cgit.spec
index cfba28d..23c0b9d 100644
--- a/cgit.spec
+++ b/cgit.spec
@@ -20,7 +20,7 @@ make V=1 %{?_smp_mflags} \\\
 
 Name:           cgit
 Version:        0.9.0.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A fast web interface for git
 
 Group:          Development/Tools
@@ -31,6 +31,9 @@ Source1:        http://www.kernel.org/pub/software/scm/git/git-%{gitver}.tar.bz2
 Source2:        cgitrc
 Source3:        cgit.httpd
 Source4:        README.SELinux
+# http://hjemli.net/pipermail/cgit/2011-July/000276.html
+# http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d
+Patch0:         0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 BuildRequires:  asciidoc
@@ -51,6 +54,7 @@ Cgit is a fast web interface for git.  It uses caching to increase performance.
 
 %prep
 %setup -q -a 1
+%patch0 -p1
 
 # setup the git dir
 rm -rf git
@@ -94,6 +98,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Jul 22 2011 Todd Zullinger <tmz@pobox.com> - 0.9.0.2-2
+- Fix potential XSS vulnerability in rename hint
+
 * Thu Jul 21 2011 Todd Zullinger <tmz@pobox.com> - 0.9.0.2-1
 - Update to 0.9.0.2
 
-- 
cgit