head 1.25; access; symbols pkgsrc-2026Q1:1.24.0.12 pkgsrc-2026Q1-base:1.24 pkgsrc-2025Q4:1.24.0.10 pkgsrc-2025Q4-base:1.24 pkgsrc-2025Q3:1.24.0.8 pkgsrc-2025Q3-base:1.24 pkgsrc-2025Q2:1.24.0.6 pkgsrc-2025Q2-base:1.24 pkgsrc-2025Q1:1.24.0.4 pkgsrc-2025Q1-base:1.24 pkgsrc-2024Q4:1.24.0.2 pkgsrc-2024Q4-base:1.24 pkgsrc-2024Q3:1.22.0.4 pkgsrc-2024Q3-base:1.22 pkgsrc-2024Q2:1.22.0.2 pkgsrc-2024Q2-base:1.22 pkgsrc-2024Q1:1.21.0.2 pkgsrc-2024Q1-base:1.21 pkgsrc-2023Q4:1.20.0.4 pkgsrc-2023Q4-base:1.20 pkgsrc-2023Q3:1.20.0.2 pkgsrc-2023Q3-base:1.20 pkgsrc-2023Q2:1.18.0.4 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.18.0.2 pkgsrc-2023Q1-base:1.18 pkgsrc-2022Q4:1.15.0.4 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.15.0.2 pkgsrc-2022Q3-base:1.15 pkgsrc-2022Q2:1.13.0.2 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.11.0.2 pkgsrc-2022Q1-base:1.11 pkgsrc-2021Q4:1.9.0.2 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.6.0.2 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.4.0.2 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.2.0.2 pkgsrc-2021Q1-base:1.2; locks; strict; comment @# @; 1.25 date 2026.05.05.08.17.46; author taca; state dead; branches; next 1.24; commitid lr4jZbS8kTvMiBEG; 1.24 date 2024.10.27.14.29.39; author taca; state Exp; branches; next 1.23; commitid Hc9Aloo1cXEtcjvF; 1.23 date 2024.10.21.14.58.56; author taca; state Exp; branches; next 1.22; commitid e99DE75ugU8myxuF; 1.22 date 2024.06.05.16.21.34; author taca; state Exp; branches; next 1.21; commitid pKKVOz5I73fQrOcF; 1.21 date 2024.02.24.14.42.39; author taca; state Exp; branches 1.21.2.1; next 1.20; commitid dMa293WgUtfbbHZE; 1.20 date 2023.08.26.15.23.28; author taca; state Exp; branches; next 1.19; commitid Yo4AOkqx9V2TfjCE; 1.19 date 2023.06.27.13.35.17; author taca; state Exp; branches; next 1.18; commitid O8aF69XeGtOlAAuE; 1.18 date 2023.03.15.13.31.48; author taca; state Exp; branches 1.18.4.1; next 1.17; commitid qVRHt7J0cHGoUdhE; 1.17 date 2023.01.25.13.27.09; author taca; state Exp; branches; next 1.16; commitid nbgl0tWcCcersVaE; 1.16 date 2023.01.19.14.31.10; author taca; state Exp; branches; next 1.15; commitid 8ZJ1ksyFQnUn0aaE; 1.15 date 2022.09.10.08.24.41; author taca; state Exp; branches 1.15.4.1; next 1.14; commitid 6Sb0ZyedTcCJbiTD; 1.14 date 2022.07.13.14.46.23; author taca; state Exp; branches; next 1.13; commitid b5k4UpOSswlfcKLD; 1.13 date 2022.06.07.15.05.22; author taca; state Exp; branches 1.13.2.1; next 1.12; commitid 94DP7iCcELNvs7HD; 1.12 date 2022.05.05.03.34.36; author taca; state Exp; branches; next 1.11; commitid 34P9gWbnHmgfHOCD; 1.11 date 2022.03.13.15.11.50; author taca; state Exp; branches 1.11.2.1; next 1.10; commitid cTFn59RGFpn7g4wD; 1.10 date 2022.02.13.07.35.04; author taca; state Exp; branches; next 1.9; commitid dxMDajEabLleDqsD; 1.9 date 2021.12.19.05.24.29; author taca; state Exp; branches 1.9.2.1; next 1.8; commitid nPzwQkcLZiB3IdlD; 1.8 date 2021.10.26.10.19.24; author nia; state Exp; branches; next 1.7; commitid XMBRkrafc79x2jeD; 1.7 date 2021.10.07.13.44.01; author nia; state Exp; branches; next 1.6; commitid TK9Y8OXA04EYMSbD; 1.6 date 2021.08.22.07.16.46; author taca; state Exp; branches; next 1.5; commitid rFBRgwR8X8mH9W5D; 1.5 date 2021.07.04.08.00.06; author taca; state Exp; branches; next 1.4; commitid R01q5cb4BoS8YDZC; 1.4 date 2021.05.08.14.08.55; author taca; state Exp; branches; next 1.3; commitid xT7hp1Cwoc8eQlSC; 1.3 date 2021.04.11.13.28.01; author taca; state Exp; branches; next 1.2; commitid ojVj9UR3VuKWtSOC; 1.2 date 2021.02.28.15.42.39; author taca; state Exp; branches; next 1.1; commitid 7pqUCCXfZTplzuJC; 1.1 date 2021.02.14.13.55.16; author taca; state Exp; branches; next ; commitid cEi1vy7WpFZ1rGHC; 1.21.2.1 date 2024.06.13.17.16.48; author bsiegert; state Exp; branches; next ; commitid 2kq3Ai7NKk3TuQdF; 1.18.4.1 date 2023.06.30.18.41.55; author bsiegert; state Exp; branches; next ; commitid NnnxBbs8ehPBb0vE; 1.15.4.1 date 2023.03.04.14.10.22; author spz; state Exp; branches; next ; commitid z0Mpayg7Eu2CtOfE; 1.13.2.1 date 2022.07.23.19.35.07; author spz; state Exp; branches; next ; commitid 0ogLPDtEKXGqt3ND; 1.11.2.1 date 2022.06.04.09.31.41; author spz; state Exp; branches; next ; commitid 6heywWYUC6I3IHGD; 1.9.2.1 date 2022.03.03.19.11.59; author bsiegert; state Exp; branches; next ; commitid ZRy4g549ae7uUNuD; desc @@ 1.25 log @www/ruby-rails61: remove related packages Ruby on Rails 6.1 EOL since 2024-10-23 and it was kept for Redmine 5.1. @ text @$NetBSD: distinfo,v 1.24 2024/10/27 14:29:39 taca Exp $ BLAKE2s (activejob-6.1.7.10.gem) = 6f4e9386266271a1fd3a1b8ab8bf42432c921e90da529e0e97cfcbb5ad2139c2 SHA512 (activejob-6.1.7.10.gem) = 80608245cb178bf89ead78705a144113e0ea9656d89865f3533be565450363ee9623b3cc95f28aab938ff787f09b00fc3e2c2b0d69526de7de0ecd119eebe03b Size (activejob-6.1.7.10.gem) = 32768 bytes @ 1.24 log @www/ruby-rails61: update to 6.1.7.10 Security fix of ruby-action-mailer61. Other packages have no change except their version. Action Mailer * Fix NoMethodError in block_format helper [Michael Leimstaedtner] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2024/10/21 14:58:56 taca Exp $ @ 1.23 log @www/ruby-rails61: update to 6.1.7.9 Update Ruby on Rails 6.1 to 6.1.7.9. Active Support * No changes. Active Model * No changes. Active Record * No changes. Action View * No changes. Action Pack * Avoid regex backtracking in HTTP Token authentication [CVE-2024-47887] * Avoid regex backtracking in query parameter filtering [CVE-2024-41128] Active Job * No changes. Action Mailer * Avoid regex backtracking in block_format helper [CVE-2024-47889] Action Cable * No changes. Active Storage * No changes. Action Mailbox * No changes. Action Text * Avoid backtracing in plain_text_for_blockquote_node [CVE-2024-47888] Railties * No changes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2024/06/05 16:21:34 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.9.gem) = 0b6c60a8e80db4a8322f19b0a3462164dcce07f3dd7f4e1c4872ee3c65616c91 SHA512 (activejob-6.1.7.9.gem) = b6bb4e5eee012afa5024dfb4c425ff9928c99263c98bf6c64da3b95c51d21ae2ffe5dd5532b39fd658af63ac4c0b8786915561afff1a6256ad47577f51863620 Size (activejob-6.1.7.9.gem) = 32768 bytes @ 1.22 log @www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:39 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.8.gem) = bbdbfd86337fecd5bbcd7f4e6ee9ca5f67aacf890b0c01bfc7137e8c6b143d45 SHA512 (activejob-6.1.7.8.gem) = 33e552b596dc2e37e0bc51be470b9c865feccf76e255c699cbe241b903dcd1837a45848ea0a5c8a61cbcb280a98f1e244ae1c77ac35045587ac4ba4b9e0bd926 Size (activejob-6.1.7.8.gem) = 32768 bytes @ 1.21 log @www/rails61: update to 6.1.7.7 Update rails61 and related pacakges to 6.1.7.7 This includes security fix for CVE-2024-26144, devel/ruby-activestorage61. Active Storage * Disables the session in ActiveStorage::Blobs::ProxyController and ActiveStorage::Representations::ProxyController in order to allow caching by default in some CDNs as CloudFlare Fixes #44136 Bruno Prieto @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2023/08/26 15:23:28 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.7.gem) = 80fa70bc60d591415651f1625d079790ea498ff7aed02a933ba264b7f1f2a9b4 SHA512 (activejob-6.1.7.7.gem) = 2d3c11d323ecaac84c528dcc183682e25ca192e774d58c72c17a7ef9dc2f00d57752c89fd04462c496a61825c32117f8ada053c7e2f536233de5cba79331556a Size (activejob-6.1.7.7.gem) = 32768 bytes @ 1.21.2.1 log @Pullup ticket #6861 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.22 - devel/ruby-activejob61/distinfo 1.22 - devel/ruby-activemodel61/distinfo 1.22 - devel/ruby-activestorage61/distinfo 1.22 - devel/ruby-activesupport61/distinfo 1.22 - devel/ruby-railties61/distinfo 1.22 - lang/ruby/rails.mk 1.162 - mail/ruby-actionmailbox61/distinfo 1.22 - mail/ruby-actionmailer61/distinfo 1.22 - textproc/ruby-actiontext61/distinfo 1.22 - www/ruby-actioncable61/distinfo 1.22 - www/ruby-actionpack61/distinfo 1.22 - www/ruby-actionview61/distinfo 1.22 - www/ruby-rails61/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 5 16:21:36 UTC 2024 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:39 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.8.gem) = bbdbfd86337fecd5bbcd7f4e6ee9ca5f67aacf890b0c01bfc7137e8c6b143d45 SHA512 (activejob-6.1.7.8.gem) = 33e552b596dc2e37e0bc51be470b9c865feccf76e255c699cbe241b903dcd1837a45848ea0a5c8a61cbcb280a98f1e244ae1c77ac35045587ac4ba4b9e0bd926 Size (activejob-6.1.7.8.gem) = 32768 bytes @ 1.20 log @www/ruby-rails61: update to 6.1.7.6 6.1.7.5 (2023-08-22) Active Support * Use a temporary file for storing unencrypted files while editing [CVE-2023-38037] 6.1.7.6 (2023-08-22) * No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2023/06/27 13:35:17 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.6.gem) = 6beb7b0d5bf38b7959fe3ca30dd418403102854c57ee18930ee013ea94f794db SHA512 (activejob-6.1.7.6.gem) = 62fe7204ef974388f0757532fc2021d1eeb2636fa6b510a2c396d9695f0faf6247ab1a4db8992bc3e72d38987d3ffe36de06636deb31e1f92d0de6d53ccc252d Size (activejob-6.1.7.6.gem) = 32768 bytes @ 1.19 log @www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:48 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.4.gem) = c34f6355e380958bfb301da5000e6d1232a9a7ca600d2daabe3a1acc90e4cb40 SHA512 (activejob-6.1.7.4.gem) = e1b9370b43e35292e48ddba85a8d2890bb0b2e49a9078ebda8e9d0294166889d75e40b54c321da414c69e7a14789ddd0089c94d4dc75ebfd7bd2667b21631aba Size (activejob-6.1.7.4.gem) = 32768 bytes @ 1.18 log @www/ruby-rails61: update to 6.1.7.3 6.1.7.3 (2023-03-13) Active Support * Implement SafeBuffer#bytesplice [CVE-2023-28120] Action View * Ignore certain data-* attributes in rails-ujs when element is contenteditable [CVE-2023-23913] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2023/01/25 13:27:09 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.3.gem) = bb105272e6ffffd74269baf157c9f6ffe92da16c262dd856fbba2938d198ae5a SHA512 (activejob-6.1.7.3.gem) = 92664b9bbdc128dd1931b7c42b0a11f6e45dbce42def115d89dcc874f4db88a8d42200c66bdb9e2ed9367f435a4334f02cbac8f8a52b58599d0d33359fafe328 Size (activejob-6.1.7.3.gem) = 32768 bytes @ 1.18.4.1 log @Pullup ticket #6766 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.19 - devel/ruby-activejob61/distinfo 1.19 - devel/ruby-activemodel61/distinfo 1.19 - devel/ruby-activestorage61/distinfo 1.19 - devel/ruby-activesupport61/distinfo 1.19 - devel/ruby-railties61/distinfo 1.19 - lang/ruby/rails.mk 1.146 - mail/ruby-actionmailbox61/distinfo 1.19 - mail/ruby-actionmailer61/distinfo 1.19 - textproc/ruby-actiontext61/distinfo 1.19 - www/ruby-actioncable61/distinfo 1.19 - www/ruby-actionpack61/distinfo 1.19 - www/ruby-actionview61/distinfo 1.19 - www/ruby-rails61/distinfo 1.19 --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 27 13:35:19 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:48 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.4.gem) = c34f6355e380958bfb301da5000e6d1232a9a7ca600d2daabe3a1acc90e4cb40 SHA512 (activejob-6.1.7.4.gem) = e1b9370b43e35292e48ddba85a8d2890bb0b2e49a9078ebda8e9d0294166889d75e40b54c321da414c69e7a14789ddd0089c94d4dc75ebfd7bd2667b21631aba Size (activejob-6.1.7.4.gem) = 32768 bytes @ 1.17 log @www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/01/19 14:31:10 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.2.gem) = b180f8b0176c120777df26e4e8456afc9bfebd3c6535ad6e837751469a717597 SHA512 (activejob-6.1.7.2.gem) = 3ab115abc4d1812483dbcf41949134dc0944a86b70affd4d4baa11d10e92a0c744f38576b0b3ea86b510f22566a5c63d37a47a9085253be8be3016fe75fb1900 Size (activejob-6.1.7.2.gem) = 32768 bytes @ 1.16 log @www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:41 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.1.gem) = 159096cd8e602befe0f31d9e2ea43c44c08e4f943182405dac7366be1b170450 SHA512 (activejob-6.1.7.1.gem) = f8bef513c6a0bb553b4ef02fb78182fc54b5f6a116b2d91faf7757ccd6195fd79f3fbe93eb0a51779df6572ff028bb3c027ec3cdf848123fb5d85cbf0ec4aab5 Size (activejob-6.1.7.1.gem) = 32768 bytes @ 1.15 log @www/ruby-rails61: update to 6.1.7 Ruby on Rails 6.1.7 release on 9th September 2022. Active Record and Active Storage are updated: Active Record * Symbol is allowed by default for YAML columns Étienne Barrié * Fix ActiveRecord::Store to serialize as a regular Hash Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess which is wasteful and cause problem with YAML safe_load. Jean Boussier * Fix PG.connect keyword arguments deprecation warning on ruby 2.7 Fixes . Nikita Vasilevsky Active Storage * Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0. fatkodima @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/07/13 14:46:23 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.gem) = 3f3fd512cef04459da0e52cfec02040b5beedd651b52a14845ebecba5a68a9fc SHA512 (activejob-6.1.7.gem) = 1446156f14e8f5fbdcd625ff67a94a8b43b99aaba8571e3ebd912dbd48d35071235431b1f03091e362c8c5699f497cf77da07d806837e0a0847a9fd8b22780c0 Size (activejob-6.1.7.gem) = 32768 bytes @ 1.15.4.1 log @Pullup ticket #6733 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: distinfo update devel/ruby-activemodel61: distinfo update devel/ruby-activestorage61: distinfo update devel/ruby-activesupport61: security update devel/ruby-railties61: distinfo update mail/ruby-actionmailbox61: distinfo update mail/ruby-actionmailer61: distinfo update textproc/ruby-actiontext61: sdistinfo update www/ruby-actioncable61: distinfo update www/ruby-actionpack61: security update www/ruby-actionview61: distinfo update www/ruby-rails61: distinfo update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.16-1.17 - devel/ruby-activejob61/distinfo 1.16-1.17 - devel/ruby-activemodel61/distinfo 1.16-1.17 - devel/ruby-activestorage61/distinfo 1.16-1.17 - devel/ruby-activesupport61/distinfo 1.16-1.17 - devel/ruby-railties61/distinfo 1.16-1.17 - lang/ruby/rails.mk 1.139,1.141 - mail/ruby-actionmailbox61/distinfo 1.16-1.17 - mail/ruby-actionmailer61/distinfo 1.16-1.17 - textproc/ruby-actiontext61/distinfo 1.16-1.17 - www/ruby-actioncable61/distinfo 1.16-1.17 - www/ruby-actionpack61/Makefile 1.4 - www/ruby-actionpack61/distinfo 1.16-1.17 - www/ruby-actionview61/distinfo 1.16-1.17 - www/ruby-rails61/distinfo 1.16-1.17 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Jan 19 14:31:11 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: Makefile distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jan 25 13:27:10 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:41 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.7.2.gem) = b180f8b0176c120777df26e4e8456afc9bfebd3c6535ad6e837751469a717597 SHA512 (activejob-6.1.7.2.gem) = 3ab115abc4d1812483dbcf41949134dc0944a86b70affd4d4baa11d10e92a0c744f38576b0b3ea86b510f22566a5c63d37a47a9085253be8be3016fe75fb1900 Size (activejob-6.1.7.2.gem) = 32768 bytes @ 1.14 log @www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.6.1.gem) = 5a63ad6c738c433d68fbf739e11a688b4a259c3762d4d78c5563a4e802946bd6 SHA512 (activejob-6.1.6.1.gem) = 706cfd210e075b8e84bb19555ac40335ba68631e754dfc07d4671d842778cb01ff6de896fed093edd216d0ffddd3e999595d60c9970260bcec99d73f1ccff791 Size (activejob-6.1.6.1.gem) = 32768 bytes @ 1.13 log @www/ruby-rails61: update to 6.1.6 Ruby on Rails 6.1.6 (2022-05-12) Active Support * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML. Action View * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag. Action Pack * Allow Content Security Policy DSL to generate for API responses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/05/05 03:34:36 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.6.gem) = f2c27a75302814c8596f85bda13d71b29f876241fff267daf1473b4e4a5483eb SHA512 (activejob-6.1.6.gem) = 726256fb8218354e26b5b950486fc14142e7435e0e05d680864aed61533912cc15e81ac06a11ce35ded39c7e6f0f311b23deffc0761fe8e62194a364276a094c Size (activejob-6.1.6.gem) = 32768 bytes @ 1.13.2.1 log @Pullup ticket #6655 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.14 - devel/ruby-activejob61/distinfo 1.14 - devel/ruby-activemodel61/distinfo 1.14 - devel/ruby-activestorage61/distinfo 1.14 - devel/ruby-activesupport61/distinfo 1.14 - devel/ruby-railties61/Makefile 1.4 - devel/ruby-railties61/distinfo 1.14 - lang/ruby/rails.mk 1.131 - mail/ruby-actionmailbox61/distinfo 1.14 - mail/ruby-actionmailer61/distinfo 1.14 - textproc/ruby-actiontext61/distinfo 1.14 - www/ruby-actioncable61/distinfo 1.14 - www/ruby-actionpack61/distinfo 1.14 - www/ruby-actionview61/distinfo 1.14 - www/ruby-rails61/distinfo 1.14 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 14:46:24 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: Makefile distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.6.1.gem) = 5a63ad6c738c433d68fbf739e11a688b4a259c3762d4d78c5563a4e802946bd6 SHA512 (activejob-6.1.6.1.gem) = 706cfd210e075b8e84bb19555ac40335ba68631e754dfc07d4671d842778cb01ff6de896fed093edd216d0ffddd3e999595d60c9970260bcec99d73f1ccff791 Size (activejob-6.1.6.1.gem) = 32768 bytes @ 1.12 log @Update rest of Ruby on Rails 61 components. No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2022/03/13 15:11:50 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.5.1.gem) = af53c43fbc9df1b47ab93c323880d46fc726fa5f0fe3b92e87218eddd4432867 SHA512 (activejob-6.1.5.1.gem) = b3961cc784e6ebf7799db312e305f8fa679c773d65fff12a7459b3798e3c689f449db1823e9f20ec2a56074df3bb12ade2b9e9c55c951d8e7bd5f0e7c71ec66c Size (activejob-6.1.5.1.gem) = 32768 bytes @ 1.11 log @www/ruby-rails61: update to 6.1.4.7 Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up to pkgsrc-2021Q4. Changes are in devel/ruby-activestorage61 only. ## Rails 6.1.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2022/02/13 07:35:04 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.4.7.gem) = 0f7db5ef5b8cf5031a143fd20906c4e188ba344390830e05883fd36ac2fecf4d SHA512 (activejob-6.1.4.7.gem) = b4ef6cf7a84302490a040efb4a7519d3f4452cbc1b5f13b4e83d0ee851dae111604b2a8211e6292668348afb429e2c4a9acd0013a6798f685964fd27e7857bde Size (activejob-6.1.4.7.gem) = 32768 bytes @ 1.11.2.1 log @Pullup ticket #6630 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update lang/ruby: version info update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.12 - devel/ruby-activejob61/distinfo 1.12 - devel/ruby-activemodel61/distinfo 1.12 - devel/ruby-activestorage61/Makefile 1.5 - devel/ruby-activestorage61/distinfo 1.12 - devel/ruby-activesupport61/Makefile 1.4 - devel/ruby-activesupport61/distinfo 1.12 - devel/ruby-railties61/distinfo 1.12 - lang/ruby/rails.mk 1.121 - mail/ruby-actionmailbox61/PLIST 1.2 - mail/ruby-actionmailbox61/distinfo 1.12 - mail/ruby-actionmailer61/PLIST 1.2 - mail/ruby-actionmailer61/distinfo 1.12 - textproc/ruby-actiontext61/distinfo 1.12 - www/ruby-actioncable61/distinfo 1.12 - www/ruby-actionpack61/distinfo 1.12 - www/ruby-actionview61/distinfo 1.12 - www/ruby-rails61/distinfo 1.12 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:38:25 UTC 2022 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:21 UTC 2022 Modified Files: pkgsrc/devel/ruby-activesupport61: Makefile distinfo Log Message: devel/ruby-activesupport61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Add the method `ERB::Util.xml_name_escape` to escape dangerous characters in names of tags and names of attributes, following the specification of XML. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveSupport::Duration.build` to support negative values. The algorithm to collect the `parts` of the `ActiveSupport::Duration` ignored the sign of the `value` and accumulated incorrect part values. This impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but not `ActiveSupport::Duration#eql?` (which is dependent on `value`). *Caleb Buxton*, *Braden Staudacher* * `Time#change` and methods that call it (eg. `Time#advance`) will now return a `Time` with the timezone argument provided, if the caller was initialized with a timezone argument. Fixes [#42467](https://github.com/rails/rails/issues/42467). *Alex Ghiculescu* * Clone to keep extended Logger methods for tagged logger. *Orhan Toy* * `assert_changes` works on including `ActiveSupport::Assertions` module. *Pedro Medeiros* To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:57 UTC 2022 Modified Files: pkgsrc/devel/ruby-activemodel61: distinfo Log Message: devel/ruby-activemodel61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Clear secure password cache if password is set to `nil` Before: user.password = 'something' user.password = nil user.password # => 'something' Now: user.password = 'something' user.password = nil user.password # => nil *Markus Doits* * Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup` Passing a last positional argument `{}` would be incorrectly considered as keyword argument. *Benoit Daloze* * Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object. *Ryuta Kamizono* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:29:32 UTC 2022 Modified Files: pkgsrc/www/ruby-actionview61: distinfo Log Message: www/ruby-actionview61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option `:escape_attributes` to `:escape`, to simplify by applying the option to the whole tag. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG. *Nate Berkopec* * Add `autocomplete="off"` to all generated hidden fields. Fixes #42610. *Ryan Baumann* * Fix `current_page?` when URL has trailing slash. This fixes the `current_page?` helper when the given URL has a trailing slash, and is an absolute URL or also has query params. Fixes #33956. *Jonathan Hefner* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:02 UTC 2022 Modified Files: pkgsrc/www/ruby-actionpack61: distinfo Log Message: www/ruby-actionpack61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 6.1.5 (March 09, 2022) ## * Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, "https://example.com"] } end ``` With this fix the policy generated from above will now be valid. *Edouard Chin* * Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813. *Nikita Vyrko* * Dup arrays that get "converted". Fixes #43681. *Aaron Patterson* * Don't show deprecation warning for equal paths. *Anton Rieder* * Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094. *Alex Ghiculescu* * Add fallback host for SystemTestCase driven by RackTest. Fixes #42780. *Petrik de Heus* * Add more detail about what hosts are allowed. *Alex Ghiculescu* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:33 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo Log Message: databases/ruby-activerecord61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6. Ruby 2.6 and 2.7 have slightly different implementations of the `String#@@-` method. In Ruby 2.6, the receiver of the `String#@@-` method is modified under certain circumstances. This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only fixed in Ruby 2.7. Before the changes in this commit, the `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally calls the `String#@@-` method, could also modify an input string argument in Ruby 2.6 -- changing a tainted, unfrozen string into a tainted, frozen string. Fixes #43056 *Eric O'Hanlon* * Fix migration compatibility to create SQLite references/belongs_to column as integer when migration version is 6.0. `reference`/`belongs_to` in migrations with version 6.0 were creating columns as bigint instead of integer for the SQLite Adapter. *Marcelo Lauxen* * Fix dbconsole for 3-tier config. *Eileen M. Uchitelle* * Better handle SQL queries with invalid encoding. ```ruby Post.create(name: "broken \xC8 UTF-8") ``` Would cause all adapters to fail in a non controlled way in the code responsible to detect write queries. The query is now properly passed to the database connection, which might or might not be able to handle it, but will either succeed or failed in a more correct way. *Jean Boussier* * Ignore persisted in-memory records when merging target lists. *Kevin Sjöberg* * Fix regression bug that caused ignoring additional conditions for preloading `has_many` through relations. Fixes #43132 *Alexander Pauly* * Fix `ActiveRecord::InternalMetadata` to not be broken by `config.active_record.record_timestamps = false` Since the model always create the timestamp columns, it has to set them, otherwise it breaks various DB management tasks. Fixes #42983 *Jean Boussier* * Fix duplicate active record objects on `inverse_of`. *Justin Carvalho* * Fix duplicate objects stored in has many association after save. Fixes #42549. *Alex Ghiculescu* * Fix performance regression in `CollectionAssocation#build`. *Alex Ghiculescu* * Fix retrieving default value for text column for MariaDB. *fatkodima* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:02 UTC 2022 Modified Files: pkgsrc/devel/ruby-activestorage61: Makefile distinfo Log Message: devel/ruby-activestorage61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Attachments can be deleted after their association is no longer defined. Fixes #42514 *Don Sisco* To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:47 UTC 2022 Modified Files: pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo Log Message: mail/ruby-actionmailbox61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Add `attachments` to the list of permitted parameters for inbound emails conductor. When using the conductor to test inbound emails with attachments, this prevents an unpermitted parameter warning in default configurations, and prevents errors for applications that set: ```ruby config.action_controller.action_on_unpermitted_parameters = :raise ``` *David Jones*, *Dana Henke* To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:28 UTC 2022 Modified Files: pkgsrc/www/ruby-actioncable61: distinfo Log Message: www/ruby-actioncable61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * The Action Cable client now ensures successful channel subscriptions: * The client maintains a set of pending subscriptions until either the server confirms the subscription or the channel is torn down. * Rectifies the race condition where an unsubscribe is rapidly followed by a subscribe (on the same channel identifier) and the requests are handled out of order by the ActionCable server, thereby ignoring the subscribe command. *Daniel Spinosa* * Truncate broadcast logging messages. *J Smith* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:59 UTC 2022 Modified Files: pkgsrc/devel/ruby-railties61: distinfo Log Message: devel/ruby-railties61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it. This order plays better with shared namespaces. *Xavier Noria* * Handle paths with spaces when editing credentials. *Alex Ghiculescu* * Support Psych 4 when loading secrets. *Nat Morcos* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:33:27 UTC 2022 Modified Files: pkgsrc/textproc/ruby-actiontext61: distinfo Log Message: textproc/ruby-actiontext61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix Action Text extra trix content wrapper. *Alexandre Ruban* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:34:37 UTC 2022 Modified Files: pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/mail/ruby-actionmailer61: PLIST distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: Update rest of Ruby on Rails 61 components. No change except version. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (activejob-6.1.5.1.gem) = af53c43fbc9df1b47ab93c323880d46fc726fa5f0fe3b92e87218eddd4432867 SHA512 (activejob-6.1.5.1.gem) = b3961cc784e6ebf7799db312e305f8fa679c773d65fff12a7459b3798e3c689f449db1823e9f20ec2a56074df3bb12ade2b9e9c55c951d8e7bd5f0e7c71ec66c Size (activejob-6.1.5.1.gem) = 32768 bytes @ 1.10 log @www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2021/12/19 05:24:29 taca Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.4.6.gem) = 6b8bf08ca207d8bcc7aa52580488849c15c05993e394e9adcfb2737e62302067 SHA512 (activejob-6.1.4.6.gem) = 46e009c35b1dc0f78033398fb69e2726d89622b07f6051b91ab26d2a361188b5b9b4759400538b125a53bc313ae81ce09a30549d832cb37155654787aafaebbe Size (activejob-6.1.4.6.gem) = 32768 bytes @ 1.9 log @devel/ruby-activejob61: update to 6.1.4.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2021/10/26 10:19:24 nia Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.4.4.gem) = a74dc460daee6aaa43f8e56d8078d2d9723a579e98d18ba21ca859c6b7b2a9d0 SHA512 (activejob-6.1.4.4.gem) = a521c63c1af7031aae8496414261dad3b5b66fa69fa44187a48d31e1cb7fb7cc040fa4eef54599cbcb8d2bb5cc042fd5a0a38ace39b2aed5dd00424201996331 Size (activejob-6.1.4.4.gem) = 32768 bytes @ 1.9.2.1 log @Pullup ticket #6589 - requested by taca www/wuby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.10 - devel/ruby-activejob61/distinfo 1.10 - devel/ruby-activemodel61/distinfo 1.10 - devel/ruby-activestorage61/distinfo 1.10 - devel/ruby-activesupport61/distinfo 1.10 - devel/ruby-railties61/distinfo 1.10 - lang/ruby/rails.mk 1.113 - mail/ruby-actionmailbox61/distinfo 1.10 - mail/ruby-actionmailer61/distinfo 1.10 - textproc/ruby-actiontext61/distinfo 1.10 - www/ruby-actioncable61/distinfo 1.10 - www/ruby-actionpack61/distinfo 1.10 - www/ruby-actionview61/distinfo 1.10 - www/ruby-rails61/distinfo 1.10 --- Module Name: pkgsrc Committed By: taca Date: Sun Feb 13 07:35:06 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (activejob-6.1.4.6.gem) = 6b8bf08ca207d8bcc7aa52580488849c15c05993e394e9adcfb2737e62302067 SHA512 (activejob-6.1.4.6.gem) = 46e009c35b1dc0f78033398fb69e2726d89622b07f6051b91ab26d2a361188b5b9b4759400538b125a53bc313ae81ce09a30549d832cb37155654787aafaebbe Size (activejob-6.1.4.6.gem) = 32768 bytes @ 1.8 log @archivers: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Could not be committed due to merge conflict: devel/py-traitlets/distinfo The following distfiles were unfetchable (note: some may be only fetched conditionally): ./devel/pvs/distinfo pvs-3.2-solaris.tgz ./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 13:44:01 nia Exp $ d3 3 a5 3 BLAKE2s (activejob-6.1.4.1.gem) = 20187af9b8dde2df68ba7daebe922fef104e6fdced231717f52591b8e5136b5f SHA512 (activejob-6.1.4.1.gem) = 8011c7afc09559f740193ea1d4ce17d6cf79ad35742c1c983e50fb23ac994e307a7eacf321f23599306f114ee1f842abc5735fc1a8d4927bf5e594fadeeb5b0b Size (activejob-6.1.4.1.gem) = 32768 bytes @ 1.7 log @devel: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2021/08/22 07:16:46 taca Exp $ d3 1 a3 1 RMD160 (activejob-6.1.4.1.gem) = e7473cae66319cefe73e2a23e847d407cf8beba8 @ 1.6 log @www/ruby-rails61: update to 6.1.4.1 Update Ruby on Rails 6.1 pacakges to 6.1.4.1. Real changes are in Action Pack (www/ruby-actionpack61). ## Rails 6.1.4.1 (August 19, 2021) ## * [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2021/07/04 08:00:06 taca Exp $ a2 1 SHA1 (activejob-6.1.4.1.gem) = a72ce072f80d0a868cee87655530b628bfdd870e @ 1.5 log @EDITOR=emacsclient; cvs commit: update to 6.0.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/05/08 14:08:55 taca Exp $ d3 4 a6 4 SHA1 (activejob-6.1.4.gem) = 819aebecdea6bf5f3ef90ab981ce23a6b99bf5b0 RMD160 (activejob-6.1.4.gem) = 9f7ce17014f4644f0049c34c7c1ba30fad4bb1f8 SHA512 (activejob-6.1.4.gem) = 34da5a38b0a8542848ed6d4b01bb6d6f4cd75e4d9b714b7c6eef7d21f8ab100a886d9eed9b6ef04e232eb58f9cbfe128bd46cb3644f0f41e9df9bf8f516aef26 Size (activejob-6.1.4.gem) = 32768 bytes @ 1.4 log @www/ruby-rails61: update to 6.1.3.2 Real changes are in www/ruby-actionpack61 only. ## Rails 6.1.3.2 (May 05, 2021) ## * Prevent open redirects by correctly escaping the host allow list CVE-2021-22903 * Prevent catastrophic backtracking during mime parsing CVE-2021-22902 * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/04/11 13:28:01 taca Exp $ d3 4 a6 4 SHA1 (activejob-6.1.3.2.gem) = 6abcc2651023f73a2738dec99771ce15567b434e RMD160 (activejob-6.1.3.2.gem) = 6828633534260184ea2a630384546dc95dde1c45 SHA512 (activejob-6.1.3.2.gem) = 0b632891796ff6eaa74754405c795e280309c68b2081623c5a5f5f99cfaf8764f79890aec126762595783b12bd58784f1240d9cf7f17ec3fa5cecade75bf5777 Size (activejob-6.1.3.2.gem) = 32768 bytes @ 1.3 log @www/ruby-rails61: update to 6.1.3.1 Real changes are in devel/devel/ruby-activestorage61 only. ## Rails 6.1.3.1 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. *George Claghorn* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/02/28 15:42:39 taca Exp $ d3 4 a6 4 SHA1 (activejob-6.1.3.1.gem) = 35fc442a2feaf760c50eda45553fc5b58576a594 RMD160 (activejob-6.1.3.1.gem) = 29b246483dbb554ed1301cf094a8894fcef847a3 SHA512 (activejob-6.1.3.1.gem) = 16305f7a6f3b82afda9b89d1b6e9423e6d4d098c6c1048da1e900773fde7d17b3b9b25c8bc669e9059bc4ccfd4529bba26e9c9cd1ce1988b14983b8099fc7136 Size (activejob-6.1.3.1.gem) = 32768 bytes @ 1.2 log @www/ruby-rails61: update to 6.1.3 Rails 6.1.3 (February 17, 2021) [ActionPack] * Re-define routes when not set correctly via inheritance. *John Hawthorn* [ActiveRecord] * Fix the MySQL adapter to always set the right collation and charset to the connection session. *Rafael Mendonça França* * Fix MySQL adapter handling of time objects when prepared statements are enabled. *Rafael Mendonça França* * Fix scoping in enum fields using conditions that would generate an IN clause. *Ryuta Kamizono* * Skip optimised #exist? query when #include? is called on a relation with a having clause Relations that have aliased select values AND a having clause that references an aliased select value would generate an error when #include? was called, due to an optimisation that would generate call #exists? on the relation instead, which effectively alters the select values of the query (and thus removes the aliased select values), but leaves the having clause intact. Because the having clause is then referencing an aliased column that is no longer present in the simplified query, an ActiveRecord::InvalidStatement error was raised. An sample query affected by this problem: Author.select('COUNT(*) as total_posts', 'authors.*') .joins(:posts) .group(:id) .having('total_posts > 2') .include?(Author.first) This change adds an addition check to the condition that skips the simplified #exists? query, which simply checks for the presence of a having clause. Fixes #41417 *Michael Smart* * Increment postgres prepared statement counter before making a prepared statement, so if the statement is aborted without Rails knowledge (e.g., if app gets kill -9d during long-running query or due to Rack::Timeout), app won't end up in perpetual crash state for being inconsistent with Postgres. *wbharding*, *Martin Tepper* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2021/02/14 13:55:16 taca Exp $ d3 4 a6 4 SHA1 (activejob-6.1.3.gem) = 818e49a1ff8bbeaf162625d712eff8dffe868af4 RMD160 (activejob-6.1.3.gem) = 4bff8becde6d0fb7f166b6c368f37d258e55ece6 SHA512 (activejob-6.1.3.gem) = 1e4d1c1c390c7709b6aeaa10615315c06157bb61e58a35a2c8215d407b36d97f4b4d063dede9518f4b70a964ff671b963a18d7b741a87227a6618a81d03b550f Size (activejob-6.1.3.gem) = 32768 bytes @ 1.1 log @devel/ruby-activejob61: add package version 6.1.2.1 Active Job is a framework for declaring jobs and making them run on a variety of queueing backends. These jobs can be everything from regularly scheduled clean-ups, to billing charges, to mailings. Anything that can be chopped up into small units of work and run in parallel, really. It also serves as the backend for Action Mailer's #deliver_later functionality that makes it easy to turn any mailing into a job for running later. That's one of the most common jobs in a modern web application: Sending emails outside of the request-response cycle, so the user doesn't have to wait on it. The main point is to ensure that all Rails apps will have a job infrastructure in place, even if it's in the form of an "immediate runner". We can then have framework features and other gems build on top of that, without having to worry about API differences between Delayed Job and Resque. Picking your queuing backend becomes more of an operational concern, then. And you'll be able to switch between them without having to rewrite your jobs. This is for Ruby on Rails 6.1. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (activejob-6.1.2.1.gem) = 1afb6ee68e2bac5326bf7a4f1420af17c3fcadb8 RMD160 (activejob-6.1.2.1.gem) = c9ed391bb45830e78cd3b4765cc0468dfd58a1a1 SHA512 (activejob-6.1.2.1.gem) = 3032249ef99253785433dbb26cf0e357a717a01d2f49ea8504f3ff539e5e53c9659b7c363b2e7f817b7d1d29c05c8f365dd625c8e28034756f80cac284de56b7 Size (activejob-6.1.2.1.gem) = 32768 bytes @