From f902b89ccc5833ec727922c2fb3c0ceffbb6eef2 Mon Sep 17 00:00:00 2001
From: Toshio くらとみ <toshio@fedoraproject.org>
Date: Jan 29 2008 03:59:40 +0000
Subject: - Patch was a backport from CP-3.x. Fix with the 2.x version.


---

diff --git a/cherrypy-2.2.1-security-sessionfilter.patch b/cherrypy-2.2.1-security-sessionfilter.patch
index f523501..7f0e977 100644
--- a/cherrypy-2.2.1-security-sessionfilter.patch
+++ b/cherrypy-2.2.1-security-sessionfilter.patch
@@ -5,7 +5,7 @@ diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.
              raise SessionStoragePathNotConfiguredError()
          fileName = self.SESSION_PREFIX + id
          file_path = os.path.join(storage_path, fileName)
-+        if not os.path.normpath(filePath).startswith(storagePath):
++        if not os.path.normpath(file_path).startswith(storagePath):
 +            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
          return file_path
      
diff --git a/python-cherrypy.spec b/python-cherrypy.spec
index 3588b33..72329ab 100644
--- a/python-cherrypy.spec
+++ b/python-cherrypy.spec
@@ -2,7 +2,7 @@
 
 Name:           python-cherrypy
 Version:        2.2.1
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        A pythonic, object-oriented web development framework
 Group:          Development/Libraries
 License:        BSD
@@ -58,6 +58,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/*
 
 %changelog
+* Mon Jan 28 2008 Toshio Kuratomi <toshio@fedoraproject.org> 2.2.1-10
+- Patch was a backport from CP-3.x.  Fix with the 2.x version.
+
 * Thu Jan 22 2008 Toshio Kuratomi <toshio@fedoraproject.org> 2.2.1-9
 - Add egg-info so that the new TurboGears can build against cherrypy on F-7
   and F-8 as well as Rawhide.