head 1.25; access; symbols pkgsrc-2026Q1:1.24.0.12 pkgsrc-2026Q1-base:1.24 pkgsrc-2025Q4:1.24.0.10 pkgsrc-2025Q4-base:1.24 pkgsrc-2025Q3:1.24.0.8 pkgsrc-2025Q3-base:1.24 pkgsrc-2025Q2:1.24.0.6 pkgsrc-2025Q2-base:1.24 pkgsrc-2025Q1:1.24.0.4 pkgsrc-2025Q1-base:1.24 pkgsrc-2024Q4:1.24.0.2 pkgsrc-2024Q4-base:1.24 pkgsrc-2024Q3:1.22.0.4 pkgsrc-2024Q3-base:1.22 pkgsrc-2024Q2:1.22.0.2 pkgsrc-2024Q2-base:1.22 pkgsrc-2024Q1:1.21.0.2 pkgsrc-2024Q1-base:1.21 pkgsrc-2023Q4:1.20.0.4 pkgsrc-2023Q4-base:1.20 pkgsrc-2023Q3:1.20.0.2 pkgsrc-2023Q3-base:1.20 pkgsrc-2023Q2:1.18.0.4 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.18.0.2 pkgsrc-2023Q1-base:1.18 pkgsrc-2022Q4:1.15.0.4 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.15.0.2 pkgsrc-2022Q3-base:1.15 pkgsrc-2022Q2:1.13.0.2 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.11.0.2 pkgsrc-2022Q1-base:1.11 pkgsrc-2021Q4:1.9.0.2 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.6.0.2 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.4.0.2 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.2.0.2 pkgsrc-2021Q1-base:1.2; locks; strict; comment @# @; 1.25 date 2026.05.05.08.17.45; author taca; state dead; branches; next 1.24; commitid lr4jZbS8kTvMiBEG; 1.24 date 2024.10.27.14.29.39; author taca; state Exp; branches; next 1.23; commitid Hc9Aloo1cXEtcjvF; 1.23 date 2024.10.21.14.58.56; author taca; state Exp; branches; next 1.22; commitid e99DE75ugU8myxuF; 1.22 date 2024.06.05.16.21.34; author taca; state Exp; branches; next 1.21; commitid pKKVOz5I73fQrOcF; 1.21 date 2024.02.24.14.42.39; author taca; state Exp; branches 1.21.2.1; next 1.20; commitid dMa293WgUtfbbHZE; 1.20 date 2023.08.26.15.23.28; author taca; state Exp; branches; next 1.19; commitid Yo4AOkqx9V2TfjCE; 1.19 date 2023.06.27.13.35.17; author taca; state Exp; branches; next 1.18; commitid O8aF69XeGtOlAAuE; 1.18 date 2023.03.15.13.31.47; author taca; state Exp; branches 1.18.4.1; next 1.17; commitid qVRHt7J0cHGoUdhE; 1.17 date 2023.01.25.13.27.09; author taca; state Exp; branches; next 1.16; commitid nbgl0tWcCcersVaE; 1.16 date 2023.01.19.14.31.10; author taca; state Exp; branches; next 1.15; commitid 8ZJ1ksyFQnUn0aaE; 1.15 date 2022.09.10.08.24.40; author taca; state Exp; branches 1.15.4.1; next 1.14; commitid 6Sb0ZyedTcCJbiTD; 1.14 date 2022.07.13.14.46.23; author taca; state Exp; branches; next 1.13; commitid b5k4UpOSswlfcKLD; 1.13 date 2022.06.07.15.05.22; author taca; state Exp; branches 1.13.2.1; next 1.12; commitid 94DP7iCcELNvs7HD; 1.12 date 2022.05.05.03.28.21; author taca; state Exp; branches; next 1.11; commitid UhyFD16i1XXaFOCD; 1.11 date 2022.03.13.15.11.50; author taca; state Exp; branches 1.11.2.1; next 1.10; commitid cTFn59RGFpn7g4wD; 1.10 date 2022.02.13.07.35.04; author taca; state Exp; branches; next 1.9; commitid dxMDajEabLleDqsD; 1.9 date 2021.12.19.05.23.00; author taca; state Exp; branches 1.9.2.1; next 1.8; commitid 0mGXTx0ojVQxHdlD; 1.8 date 2021.10.26.10.19.25; author nia; state Exp; branches; next 1.7; commitid XMBRkrafc79x2jeD; 1.7 date 2021.10.07.13.44.02; author nia; state Exp; branches; next 1.6; commitid TK9Y8OXA04EYMSbD; 1.6 date 2021.08.22.07.16.46; author taca; state Exp; branches; next 1.5; commitid rFBRgwR8X8mH9W5D; 1.5 date 2021.07.04.07.58.17; author taca; state Exp; branches; next 1.4; commitid xKD7UGPFjqMsXDZC; 1.4 date 2021.05.08.14.08.55; author taca; state Exp; branches; next 1.3; commitid xT7hp1Cwoc8eQlSC; 1.3 date 2021.04.11.13.28.01; author taca; state Exp; branches; next 1.2; commitid ojVj9UR3VuKWtSOC; 1.2 date 2021.02.28.15.42.39; author taca; state Exp; branches; next 1.1; commitid 7pqUCCXfZTplzuJC; 1.1 date 2021.02.14.13.53.25; author taca; state Exp; branches; next ; commitid evyAVRpMy36eqGHC; 1.21.2.1 date 2024.06.13.17.16.49; author bsiegert; state Exp; branches; next ; commitid 2kq3Ai7NKk3TuQdF; 1.18.4.1 date 2023.06.30.18.41.55; author bsiegert; state Exp; branches; next ; commitid NnnxBbs8ehPBb0vE; 1.15.4.1 date 2023.03.04.14.10.22; author spz; state Exp; branches; next ; commitid z0Mpayg7Eu2CtOfE; 1.13.2.1 date 2022.07.23.19.35.07; author spz; state Exp; branches; next ; commitid 0ogLPDtEKXGqt3ND; 1.11.2.1 date 2022.06.04.09.31.41; author spz; state Exp; branches; next ; commitid 6heywWYUC6I3IHGD; 1.9.2.1 date 2022.03.03.19.11.59; author bsiegert; state Exp; branches; next ; commitid ZRy4g549ae7uUNuD; desc @@ 1.25 log @www/ruby-rails61: remove related packages Ruby on Rails 6.1 EOL since 2024-10-23 and it was kept for Redmine 5.1. @ text @$NetBSD: distinfo,v 1.24 2024/10/27 14:29:39 taca Exp $ BLAKE2s (activesupport-6.1.7.10.gem) = 78a49265ee517bb86f2717e2e418eafc452737ffb9167559f5a79bcf0b5474ff SHA512 (activesupport-6.1.7.10.gem) = a8e1cf4284e63ce77ba5a3570ed1d2a12392e2b27ac4d15bc6a1582fcc1bed146e9c05f03bca711126dea79babc477d88f1a36af27b41ae2872a01f9e8ae573d Size (activesupport-6.1.7.10.gem) = 221184 bytes @ 1.24 log @www/ruby-rails61: update to 6.1.7.10 Security fix of ruby-action-mailer61. Other packages have no change except their version. Action Mailer * Fix NoMethodError in block_format helper [Michael Leimstaedtner] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2024/10/21 14:58:56 taca Exp $ @ 1.23 log @www/ruby-rails61: update to 6.1.7.9 Update Ruby on Rails 6.1 to 6.1.7.9. Active Support * No changes. Active Model * No changes. Active Record * No changes. Action View * No changes. Action Pack * Avoid regex backtracking in HTTP Token authentication [CVE-2024-47887] * Avoid regex backtracking in query parameter filtering [CVE-2024-41128] Active Job * No changes. Action Mailer * Avoid regex backtracking in block_format helper [CVE-2024-47889] Action Cable * No changes. Active Storage * No changes. Action Mailbox * No changes. Action Text * Avoid backtracing in plain_text_for_blockquote_node [CVE-2024-47888] Railties * No changes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2024/06/05 16:21:34 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.9.gem) = e69fa69952952b2f0d97c5d6731f24ba86b55b14e0733520a87cc35007b95556 SHA512 (activesupport-6.1.7.9.gem) = 127b92049d654131d01847026b10c95dee02fcdc5177fc06da82b37603f06b72fa38b75431bc0429a67ec6c3e82832661d43605f21a07feb02e6ecfd29ec4965 Size (activesupport-6.1.7.9.gem) = 220672 bytes @ 1.22 log @www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:39 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.8.gem) = 9072f673a4a1777562b461b73fdbbbc49b4bd92d699232c19cf0617e4686afd5 SHA512 (activesupport-6.1.7.8.gem) = fc1585303895345d59d6cfa94d24445840150b72d199a4eb27af5d086c16a8f5aeb11b846ceb9dfdcee8cdce185453c2d6f791bd0f07db4cd58f12b025691ad6 Size (activesupport-6.1.7.8.gem) = 220672 bytes @ 1.21 log @www/rails61: update to 6.1.7.7 Update rails61 and related pacakges to 6.1.7.7 This includes security fix for CVE-2024-26144, devel/ruby-activestorage61. Active Storage * Disables the session in ActiveStorage::Blobs::ProxyController and ActiveStorage::Representations::ProxyController in order to allow caching by default in some CDNs as CloudFlare Fixes #44136 Bruno Prieto @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2023/08/26 15:23:28 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.7.gem) = 1ee26f6cfa7ee7a2762b79236278a8378b1c4216d7581a196369225ec2834e4d SHA512 (activesupport-6.1.7.7.gem) = 94c3d6893301501a632036358ad21cff8cf05dbfc5a27edac08aec134b58e2d097be067255832cdc6ac3271f699f685608e8519b460acc6ed8771ba04f903e07 Size (activesupport-6.1.7.7.gem) = 220672 bytes @ 1.21.2.1 log @Pullup ticket #6861 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.22 - devel/ruby-activejob61/distinfo 1.22 - devel/ruby-activemodel61/distinfo 1.22 - devel/ruby-activestorage61/distinfo 1.22 - devel/ruby-activesupport61/distinfo 1.22 - devel/ruby-railties61/distinfo 1.22 - lang/ruby/rails.mk 1.162 - mail/ruby-actionmailbox61/distinfo 1.22 - mail/ruby-actionmailer61/distinfo 1.22 - textproc/ruby-actiontext61/distinfo 1.22 - www/ruby-actioncable61/distinfo 1.22 - www/ruby-actionpack61/distinfo 1.22 - www/ruby-actionview61/distinfo 1.22 - www/ruby-rails61/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 5 16:21:36 UTC 2024 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:39 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.8.gem) = 9072f673a4a1777562b461b73fdbbbc49b4bd92d699232c19cf0617e4686afd5 SHA512 (activesupport-6.1.7.8.gem) = fc1585303895345d59d6cfa94d24445840150b72d199a4eb27af5d086c16a8f5aeb11b846ceb9dfdcee8cdce185453c2d6f791bd0f07db4cd58f12b025691ad6 Size (activesupport-6.1.7.8.gem) = 220672 bytes @ 1.20 log @www/ruby-rails61: update to 6.1.7.6 6.1.7.5 (2023-08-22) Active Support * Use a temporary file for storing unencrypted files while editing [CVE-2023-38037] 6.1.7.6 (2023-08-22) * No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2023/06/27 13:35:17 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.6.gem) = 4ee77d1a3cf5cfad04ec426f93ddece4cf2d111c1e8d5029b2aaa9437b94bd1f SHA512 (activesupport-6.1.7.6.gem) = a4cb1bdbb4c0fe56c0a66c255e0b6c2355effbf7ee283c889e88e086adb19d61940f4eb74000aeb70f2ca9dac186489259058cf07124305c029126fd3ecb101f Size (activesupport-6.1.7.6.gem) = 220672 bytes @ 1.19 log @www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:47 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.4.gem) = e36c7e3cc5f1a3d95f75f2784a8f582c6a2e037c3ec9e5279482dbcc980f1800 SHA512 (activesupport-6.1.7.4.gem) = 67f146d414b47923aaed728bdc038759ee98ea031ee0e510cfdde727f1eaa2cf4e71fa53e9a9490435dc91a94fa59c4b9a8f20554915b788557b630a6e4e0a5b Size (activesupport-6.1.7.4.gem) = 220672 bytes @ 1.18 log @www/ruby-rails61: update to 6.1.7.3 6.1.7.3 (2023-03-13) Active Support * Implement SafeBuffer#bytesplice [CVE-2023-28120] Action View * Ignore certain data-* attributes in rails-ujs when element is contenteditable [CVE-2023-23913] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2023/01/25 13:27:09 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.3.gem) = 64ce29f54da07b684e2d8ad20c33a5c74d6eb44e751115824c3e100ba2c642df SHA512 (activesupport-6.1.7.3.gem) = 84c5d6e4ebd3e27ab3b1657968505ca8a9ac49d3d76ba55968d7d6cab4fe6b1689b80551f1343c71042255efae413e08ad9b5869e18c233a30f5acb76a7f0e6e Size (activesupport-6.1.7.3.gem) = 220672 bytes @ 1.18.4.1 log @Pullup ticket #6766 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.19 - devel/ruby-activejob61/distinfo 1.19 - devel/ruby-activemodel61/distinfo 1.19 - devel/ruby-activestorage61/distinfo 1.19 - devel/ruby-activesupport61/distinfo 1.19 - devel/ruby-railties61/distinfo 1.19 - lang/ruby/rails.mk 1.146 - mail/ruby-actionmailbox61/distinfo 1.19 - mail/ruby-actionmailer61/distinfo 1.19 - textproc/ruby-actiontext61/distinfo 1.19 - www/ruby-actioncable61/distinfo 1.19 - www/ruby-actionpack61/distinfo 1.19 - www/ruby-actionview61/distinfo 1.19 - www/ruby-rails61/distinfo 1.19 --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 27 13:35:19 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:47 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.4.gem) = e36c7e3cc5f1a3d95f75f2784a8f582c6a2e037c3ec9e5279482dbcc980f1800 SHA512 (activesupport-6.1.7.4.gem) = 67f146d414b47923aaed728bdc038759ee98ea031ee0e510cfdde727f1eaa2cf4e71fa53e9a9490435dc91a94fa59c4b9a8f20554915b788557b630a6e4e0a5b Size (activesupport-6.1.7.4.gem) = 220672 bytes @ 1.17 log @www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/01/19 14:31:10 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.2.gem) = e6ab41f4091f5b78cb96710fcf401328cffa10f45525c370368695544ea63e1b SHA512 (activesupport-6.1.7.2.gem) = c2ca14bd7800139264c787ac8012cb6348c094fc664928e1f43d447b048bb327b7c06b3a3d5c650bdb3bb4aef7ebb742fc41c4d561072ba9da27bca97534e8e9 Size (activesupport-6.1.7.2.gem) = 220672 bytes @ 1.16 log @www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:40 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.1.gem) = 2a3a97f44d2ea1de177ed63d361d324e841620f26b3d78fb008da98ebb54fb86 SHA512 (activesupport-6.1.7.1.gem) = f943e3f257143af3e11a0ea909eaf6cb508259a8d8f8dd582e9cbd66247dedcc42b4b70b1fbe7016cff3baf6dd06a41694cb20bc4e5c5db1314911c973239bc6 Size (activesupport-6.1.7.1.gem) = 220672 bytes @ 1.15 log @www/ruby-rails61: update to 6.1.7 Ruby on Rails 6.1.7 release on 9th September 2022. Active Record and Active Storage are updated: Active Record * Symbol is allowed by default for YAML columns Étienne Barrié * Fix ActiveRecord::Store to serialize as a regular Hash Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess which is wasteful and cause problem with YAML safe_load. Jean Boussier * Fix PG.connect keyword arguments deprecation warning on ruby 2.7 Fixes . Nikita Vasilevsky Active Storage * Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0. fatkodima @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/07/13 14:46:23 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.gem) = bf27745388a9cfb3b207b9f6050e3eb388da52ce9267642f4974a59b1a0d36d1 SHA512 (activesupport-6.1.7.gem) = 22217d203ac381ee73b1b3c7a88f6993c629a20cf083f6410e4b765b87263e2c5d3e63958c9ea8dfdd5fd1320c4d9ef77adb6a906a9a9b253095dcf1e3f787d4 Size (activesupport-6.1.7.gem) = 220672 bytes @ 1.15.4.1 log @Pullup ticket #6733 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: distinfo update devel/ruby-activemodel61: distinfo update devel/ruby-activestorage61: distinfo update devel/ruby-activesupport61: security update devel/ruby-railties61: distinfo update mail/ruby-actionmailbox61: distinfo update mail/ruby-actionmailer61: distinfo update textproc/ruby-actiontext61: sdistinfo update www/ruby-actioncable61: distinfo update www/ruby-actionpack61: security update www/ruby-actionview61: distinfo update www/ruby-rails61: distinfo update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.16-1.17 - devel/ruby-activejob61/distinfo 1.16-1.17 - devel/ruby-activemodel61/distinfo 1.16-1.17 - devel/ruby-activestorage61/distinfo 1.16-1.17 - devel/ruby-activesupport61/distinfo 1.16-1.17 - devel/ruby-railties61/distinfo 1.16-1.17 - lang/ruby/rails.mk 1.139,1.141 - mail/ruby-actionmailbox61/distinfo 1.16-1.17 - mail/ruby-actionmailer61/distinfo 1.16-1.17 - textproc/ruby-actiontext61/distinfo 1.16-1.17 - www/ruby-actioncable61/distinfo 1.16-1.17 - www/ruby-actionpack61/Makefile 1.4 - www/ruby-actionpack61/distinfo 1.16-1.17 - www/ruby-actionview61/distinfo 1.16-1.17 - www/ruby-rails61/distinfo 1.16-1.17 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Jan 19 14:31:11 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: Makefile distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jan 25 13:27:10 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:40 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.7.2.gem) = e6ab41f4091f5b78cb96710fcf401328cffa10f45525c370368695544ea63e1b SHA512 (activesupport-6.1.7.2.gem) = c2ca14bd7800139264c787ac8012cb6348c094fc664928e1f43d447b048bb327b7c06b3a3d5c650bdb3bb4aef7ebb742fc41c4d561072ba9da27bca97534e8e9 Size (activesupport-6.1.7.2.gem) = 220672 bytes @ 1.14 log @www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.6.1.gem) = 2d429a1e9dbb41892f13e72fc83c1089721caf654d8febf118f556771431d650 SHA512 (activesupport-6.1.6.1.gem) = d1bd130f8cb93cc353d216f6ed7a3ba6f9a6ef82f702bbfd718ce16f610f0481453c510205970669e52b9e3cd6abf9ae50a904ce84362f1169cfd2935caedde7 Size (activesupport-6.1.6.1.gem) = 220672 bytes @ 1.13 log @www/ruby-rails61: update to 6.1.6 Ruby on Rails 6.1.6 (2022-05-12) Active Support * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML. Action View * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag. Action Pack * Allow Content Security Policy DSL to generate for API responses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/05/05 03:28:21 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.6.gem) = 4982993682be86cb9110ab7c98f6e408acad3d40ffbad73ef5178935ec346382 SHA512 (activesupport-6.1.6.gem) = 786d5707792aeed11cb334b6db0ba487302d968e6d4f82d0ad5c6464e3e78a33a96d6e790b506221f629608eb3edd57c6a9e3c84919147226c42ce38aa619b66 Size (activesupport-6.1.6.gem) = 220672 bytes @ 1.13.2.1 log @Pullup ticket #6655 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.14 - devel/ruby-activejob61/distinfo 1.14 - devel/ruby-activemodel61/distinfo 1.14 - devel/ruby-activestorage61/distinfo 1.14 - devel/ruby-activesupport61/distinfo 1.14 - devel/ruby-railties61/Makefile 1.4 - devel/ruby-railties61/distinfo 1.14 - lang/ruby/rails.mk 1.131 - mail/ruby-actionmailbox61/distinfo 1.14 - mail/ruby-actionmailer61/distinfo 1.14 - textproc/ruby-actiontext61/distinfo 1.14 - www/ruby-actioncable61/distinfo 1.14 - www/ruby-actionpack61/distinfo 1.14 - www/ruby-actionview61/distinfo 1.14 - www/ruby-rails61/distinfo 1.14 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 14:46:24 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: Makefile distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.6.1.gem) = 2d429a1e9dbb41892f13e72fc83c1089721caf654d8febf118f556771431d650 SHA512 (activesupport-6.1.6.1.gem) = d1bd130f8cb93cc353d216f6ed7a3ba6f9a6ef82f702bbfd718ce16f610f0481453c510205970669e52b9e3cd6abf9ae50a904ce84362f1169cfd2935caedde7 Size (activesupport-6.1.6.1.gem) = 220672 bytes @ 1.12 log @devel/ruby-activesupport61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Add the method `ERB::Util.xml_name_escape` to escape dangerous characters in names of tags and names of attributes, following the specification of XML. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveSupport::Duration.build` to support negative values. The algorithm to collect the `parts` of the `ActiveSupport::Duration` ignored the sign of the `value` and accumulated incorrect part values. This impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but not `ActiveSupport::Duration#eql?` (which is dependent on `value`). *Caleb Buxton*, *Braden Staudacher* * `Time#change` and methods that call it (eg. `Time#advance`) will now return a `Time` with the timezone argument provided, if the caller was initialized with a timezone argument. Fixes [#42467](https://github.com/rails/rails/issues/42467). *Alex Ghiculescu* * Clone to keep extended Logger methods for tagged logger. *Orhan Toy* * `assert_changes` works on including `ActiveSupport::Assertions` module. *Pedro Medeiros* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2022/03/13 15:11:50 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.5.1.gem) = 337af410ef63ec55c9cfb752ed519287e29ac9f965dc61892458f0b78c00c285 SHA512 (activesupport-6.1.5.1.gem) = d3e2e442236e5abea3d3bd258d782e1406ebfd66840104bc5d1f4830c2e3b058cfb0f0d0cf097d4e261fd291a1e56e89c2c6a5664927ca3c3a8f366f139333fc Size (activesupport-6.1.5.1.gem) = 220672 bytes @ 1.11 log @www/ruby-rails61: update to 6.1.4.7 Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up to pkgsrc-2021Q4. Changes are in devel/ruby-activestorage61 only. ## Rails 6.1.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2022/02/13 07:35:04 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.4.7.gem) = dca85318e9a9d3a90a4697d4e654e122d0f9350a594ff8b22f16bc906bc07980 SHA512 (activesupport-6.1.4.7.gem) = 39a59530f016dcf1db8a1c56bbcf77ec4f0ba11201844a65a2e2ebefbfc5f670f3b0b481d4ef7d79e4e1a1bdad12034376fc220fa36592e554fa6c03cfe46f41 Size (activesupport-6.1.4.7.gem) = 219648 bytes @ 1.11.2.1 log @Pullup ticket #6630 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update lang/ruby: version info update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.12 - devel/ruby-activejob61/distinfo 1.12 - devel/ruby-activemodel61/distinfo 1.12 - devel/ruby-activestorage61/Makefile 1.5 - devel/ruby-activestorage61/distinfo 1.12 - devel/ruby-activesupport61/Makefile 1.4 - devel/ruby-activesupport61/distinfo 1.12 - devel/ruby-railties61/distinfo 1.12 - lang/ruby/rails.mk 1.121 - mail/ruby-actionmailbox61/PLIST 1.2 - mail/ruby-actionmailbox61/distinfo 1.12 - mail/ruby-actionmailer61/PLIST 1.2 - mail/ruby-actionmailer61/distinfo 1.12 - textproc/ruby-actiontext61/distinfo 1.12 - www/ruby-actioncable61/distinfo 1.12 - www/ruby-actionpack61/distinfo 1.12 - www/ruby-actionview61/distinfo 1.12 - www/ruby-rails61/distinfo 1.12 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:38:25 UTC 2022 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:21 UTC 2022 Modified Files: pkgsrc/devel/ruby-activesupport61: Makefile distinfo Log Message: devel/ruby-activesupport61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Add the method `ERB::Util.xml_name_escape` to escape dangerous characters in names of tags and names of attributes, following the specification of XML. *lvaro Martn Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveSupport::Duration.build` to support negative values. The algorithm to collect the `parts` of the `ActiveSupport::Duration` ignored the sign of the `value` and accumulated incorrect part values. This impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but not `ActiveSupport::Duration#eql?` (which is dependent on `value`). *Caleb Buxton*, *Braden Staudacher* * `Time#change` and methods that call it (eg. `Time#advance`) will now return a `Time` with the timezone argument provided, if the caller was initialized with a timezone argument. Fixes [#42467](https://github.com/rails/rails/issues/42467). *Alex Ghiculescu* * Clone to keep extended Logger methods for tagged logger. *Orhan Toy* * `assert_changes` works on including `ActiveSupport::Assertions` module. *Pedro Medeiros* To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:57 UTC 2022 Modified Files: pkgsrc/devel/ruby-activemodel61: distinfo Log Message: devel/ruby-activemodel61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Clear secure password cache if password is set to `nil` Before: user.password = 'something' user.password = nil user.password # => 'something' Now: user.password = 'something' user.password = nil user.password # => nil *Markus Doits* * Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup` Passing a last positional argument `{}` would be incorrectly considered as keyword argument. *Benoit Daloze* * Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object. *Ryuta Kamizono* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:29:32 UTC 2022 Modified Files: pkgsrc/www/ruby-actionview61: distinfo Log Message: www/ruby-actionview61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option `:escape_attributes` to `:escape`, to simplify by applying the option to the whole tag. *lvaro Martn Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG. *Nate Berkopec* * Add `autocomplete="off"` to all generated hidden fields. Fixes #42610. *Ryan Baumann* * Fix `current_page?` when URL has trailing slash. This fixes the `current_page?` helper when the given URL has a trailing slash, and is an absolute URL or also has query params. Fixes #33956. *Jonathan Hefner* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:02 UTC 2022 Modified Files: pkgsrc/www/ruby-actionpack61: distinfo Log Message: www/ruby-actionpack61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 6.1.5 (March 09, 2022) ## * Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, "https://example.com"] } end ``` With this fix the policy generated from above will now be valid. *Edouard Chin* * Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813. *Nikita Vyrko* * Dup arrays that get "converted". Fixes #43681. *Aaron Patterson* * Don't show deprecation warning for equal paths. *Anton Rieder* * Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094. *Alex Ghiculescu* * Add fallback host for SystemTestCase driven by RackTest. Fixes #42780. *Petrik de Heus* * Add more detail about what hosts are allowed. *Alex Ghiculescu* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:33 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo Log Message: databases/ruby-activerecord61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6. Ruby 2.6 and 2.7 have slightly different implementations of the `String#@@-` method. In Ruby 2.6, the receiver of the `String#@@-` method is modified under certain circumstances. This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only fixed in Ruby 2.7. Before the changes in this commit, the `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally calls the `String#@@-` method, could also modify an input string argument in Ruby 2.6 -- changing a tainted, unfrozen string into a tainted, frozen string. Fixes #43056 *Eric O'Hanlon* * Fix migration compatibility to create SQLite references/belongs_to column as integer when migration version is 6.0. `reference`/`belongs_to` in migrations with version 6.0 were creating columns as bigint instead of integer for the SQLite Adapter. *Marcelo Lauxen* * Fix dbconsole for 3-tier config. *Eileen M. Uchitelle* * Better handle SQL queries with invalid encoding. ```ruby Post.create(name: "broken \xC8 UTF-8") ``` Would cause all adapters to fail in a non controlled way in the code responsible to detect write queries. The query is now properly passed to the database connection, which might or might not be able to handle it, but will either succeed or failed in a more correct way. *Jean Boussier* * Ignore persisted in-memory records when merging target lists. *Kevin Sjberg* * Fix regression bug that caused ignoring additional conditions for preloading `has_many` through relations. Fixes #43132 *Alexander Pauly* * Fix `ActiveRecord::InternalMetadata` to not be broken by `config.active_record.record_timestamps = false` Since the model always create the timestamp columns, it has to set them, otherwise it breaks various DB management tasks. Fixes #42983 *Jean Boussier* * Fix duplicate active record objects on `inverse_of`. *Justin Carvalho* * Fix duplicate objects stored in has many association after save. Fixes #42549. *Alex Ghiculescu* * Fix performance regression in `CollectionAssocation#build`. *Alex Ghiculescu* * Fix retrieving default value for text column for MariaDB. *fatkodima* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:02 UTC 2022 Modified Files: pkgsrc/devel/ruby-activestorage61: Makefile distinfo Log Message: devel/ruby-activestorage61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Attachments can be deleted after their association is no longer defined. Fixes #42514 *Don Sisco* To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:47 UTC 2022 Modified Files: pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo Log Message: mail/ruby-actionmailbox61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Add `attachments` to the list of permitted parameters for inbound emails conductor. When using the conductor to test inbound emails with attachments, this prevents an unpermitted parameter warning in default configurations, and prevents errors for applications that set: ```ruby config.action_controller.action_on_unpermitted_parameters = :raise ``` *David Jones*, *Dana Henke* To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:28 UTC 2022 Modified Files: pkgsrc/www/ruby-actioncable61: distinfo Log Message: www/ruby-actioncable61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * The Action Cable client now ensures successful channel subscriptions: * The client maintains a set of pending subscriptions until either the server confirms the subscription or the channel is torn down. * Rectifies the race condition where an unsubscribe is rapidly followed by a subscribe (on the same channel identifier) and the requests are handled out of order by the ActionCable server, thereby ignoring the subscribe command. *Daniel Spinosa* * Truncate broadcast logging messages. *J Smith* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:59 UTC 2022 Modified Files: pkgsrc/devel/ruby-railties61: distinfo Log Message: devel/ruby-railties61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it. This order plays better with shared namespaces. *Xavier Noria* * Handle paths with spaces when editing credentials. *Alex Ghiculescu* * Support Psych 4 when loading secrets. *Nat Morcos* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:33:27 UTC 2022 Modified Files: pkgsrc/textproc/ruby-actiontext61: distinfo Log Message: textproc/ruby-actiontext61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix Action Text extra trix content wrapper. *Alexandre Ruban* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:34:37 UTC 2022 Modified Files: pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/mail/ruby-actionmailer61: PLIST distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: Update rest of Ruby on Rails 61 components. No change except version. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (activesupport-6.1.5.1.gem) = 337af410ef63ec55c9cfb752ed519287e29ac9f965dc61892458f0b78c00c285 SHA512 (activesupport-6.1.5.1.gem) = d3e2e442236e5abea3d3bd258d782e1406ebfd66840104bc5d1f4830c2e3b058cfb0f0d0cf097d4e261fd291a1e56e89c2c6a5664927ca3c3a8f366f139333fc Size (activesupport-6.1.5.1.gem) = 220672 bytes @ 1.10 log @www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2021/12/19 05:23:00 taca Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.4.6.gem) = 3105e2ca78b64e5fdaf214fc0f80295bba83dce9b0b980d20ecf8253c94927f9 SHA512 (activesupport-6.1.4.6.gem) = b57b42a7b2cfd309ff9be5cd2d70f6f8727948366e6e7046c5a997070a679c4ba43bd64df261d8cf84c153b7ce4f5bd11b52496b9c4ade799af44be852c13cfd Size (activesupport-6.1.4.6.gem) = 219648 bytes @ 1.9 log @devel/ruby-activesupport61: update to 6.1.4.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2021/10/26 10:19:25 nia Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.4.4.gem) = b32254622b4a8ca83c34901984af79bf4da45aeaa68350c8c87ce582ca06a58c SHA512 (activesupport-6.1.4.4.gem) = 05170f054cbb16e6421e3805ee78a759abe80046aad3d4b293d747366ab510e3878e40131eb66757ff2ab1c2d6752109676e4cc94a5ce76d0d173f5643d7cc2c Size (activesupport-6.1.4.4.gem) = 219648 bytes @ 1.9.2.1 log @Pullup ticket #6589 - requested by taca www/wuby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.10 - devel/ruby-activejob61/distinfo 1.10 - devel/ruby-activemodel61/distinfo 1.10 - devel/ruby-activestorage61/distinfo 1.10 - devel/ruby-activesupport61/distinfo 1.10 - devel/ruby-railties61/distinfo 1.10 - lang/ruby/rails.mk 1.113 - mail/ruby-actionmailbox61/distinfo 1.10 - mail/ruby-actionmailer61/distinfo 1.10 - textproc/ruby-actiontext61/distinfo 1.10 - www/ruby-actioncable61/distinfo 1.10 - www/ruby-actionpack61/distinfo 1.10 - www/ruby-actionview61/distinfo 1.10 - www/ruby-rails61/distinfo 1.10 --- Module Name: pkgsrc Committed By: taca Date: Sun Feb 13 07:35:06 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (activesupport-6.1.4.6.gem) = 3105e2ca78b64e5fdaf214fc0f80295bba83dce9b0b980d20ecf8253c94927f9 SHA512 (activesupport-6.1.4.6.gem) = b57b42a7b2cfd309ff9be5cd2d70f6f8727948366e6e7046c5a997070a679c4ba43bd64df261d8cf84c153b7ce4f5bd11b52496b9c4ade799af44be852c13cfd Size (activesupport-6.1.4.6.gem) = 219648 bytes @ 1.8 log @archivers: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Could not be committed due to merge conflict: devel/py-traitlets/distinfo The following distfiles were unfetchable (note: some may be only fetched conditionally): ./devel/pvs/distinfo pvs-3.2-solaris.tgz ./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 13:44:02 nia Exp $ d3 3 a5 3 BLAKE2s (activesupport-6.1.4.1.gem) = ebb87a42c0a767ea4c237da830dcaef1f05758876f3bf22415dca41bcdbf2041 SHA512 (activesupport-6.1.4.1.gem) = f3bd8dcfaafa3e1ad57fce217f5bbf74255b10656f24b7bb8d8c1bda764b499810174b14eec3e21659d35ff359bb2bbe656a18a3684eefd50554691c0d2185cc Size (activesupport-6.1.4.1.gem) = 219648 bytes @ 1.7 log @devel: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2021/08/22 07:16:46 taca Exp $ d3 1 a3 1 RMD160 (activesupport-6.1.4.1.gem) = ede0859be6d34260e5954b951410ddfcc890b4b8 @ 1.6 log @www/ruby-rails61: update to 6.1.4.1 Update Ruby on Rails 6.1 pacakges to 6.1.4.1. Real changes are in Action Pack (www/ruby-actionpack61). ## Rails 6.1.4.1 (August 19, 2021) ## * [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2021/07/04 07:58:17 taca Exp $ a2 1 SHA1 (activesupport-6.1.4.1.gem) = 996116792fc0bc3ba1680e4ae370f8b4263439d6 @ 1.5 log @devel/ruby-activesupport61: update to 6.0.4 Active Support * MemCacheStore: convert any underlying value (including false) to an Entry. See #42559. (Alex Ghiculescu) * Fix bug in number_with_precision when using large BigDecimal values. Fixes #42302. (Federico Aldunate, Zachary Scott) * Check byte size instead of length on secure_compare. (Tietew) * Fix Time.at to not lose :in option. (Ryuta Kamizono) * Require a path for config.cache_store = :file_store. (Alex Ghiculescu) * Avoid having to store complex object in the default translation file. (Rafael Mendonça França) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/05/08 14:08:55 taca Exp $ d3 4 a6 4 SHA1 (activesupport-6.1.4.gem) = 4dbb3059370dec8e8dbe7aae81197f5f748680f1 RMD160 (activesupport-6.1.4.gem) = e0656bc3d70c66768463f31cf2c9212e5a72d9e0 SHA512 (activesupport-6.1.4.gem) = 20a551bd6ac66e8631cac5f61d791b87659f9716e968328739509280a1ed10c0a1caa72f0e869c4b2ec110188de8d67bae40cbfe6d105ce5638d57fc4c974138 Size (activesupport-6.1.4.gem) = 219648 bytes @ 1.4 log @www/ruby-rails61: update to 6.1.3.2 Real changes are in www/ruby-actionpack61 only. ## Rails 6.1.3.2 (May 05, 2021) ## * Prevent open redirects by correctly escaping the host allow list CVE-2021-22903 * Prevent catastrophic backtracking during mime parsing CVE-2021-22902 * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/04/11 13:28:01 taca Exp $ d3 4 a6 4 SHA1 (activesupport-6.1.3.2.gem) = c9ac15d65ae7983e861b2a6dadb38be5bef9010d RMD160 (activesupport-6.1.3.2.gem) = 61b616be73abe91d1ba7f58646113d1e4d634090 SHA512 (activesupport-6.1.3.2.gem) = 47cc9ef0f83fa29b04fc341c76453b939f015f6c99a49566e8785bfd4db351387b486972aa0b697dda7b339321333b548e73c918c6567a25a539008c514e9029 Size (activesupport-6.1.3.2.gem) = 219136 bytes @ 1.3 log @www/ruby-rails61: update to 6.1.3.1 Real changes are in devel/devel/ruby-activestorage61 only. ## Rails 6.1.3.1 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. *George Claghorn* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/02/28 15:42:39 taca Exp $ d3 4 a6 4 SHA1 (activesupport-6.1.3.1.gem) = 4764dc4c48f64aab82ca301e981d75ca336f0c59 RMD160 (activesupport-6.1.3.1.gem) = c5a66238782b9995328dfaa807c84d93624681b3 SHA512 (activesupport-6.1.3.1.gem) = f592f7d044a975e3333dabc8473c5b8c07a6aabc56f0d8783ef5e5838451edd7a999e4f37d64cf6da4498dbdffd5d9cbd8b464f599ef20b4bfa21651a35782b4 Size (activesupport-6.1.3.1.gem) = 219136 bytes @ 1.2 log @www/ruby-rails61: update to 6.1.3 Rails 6.1.3 (February 17, 2021) [ActionPack] * Re-define routes when not set correctly via inheritance. *John Hawthorn* [ActiveRecord] * Fix the MySQL adapter to always set the right collation and charset to the connection session. *Rafael Mendonça França* * Fix MySQL adapter handling of time objects when prepared statements are enabled. *Rafael Mendonça França* * Fix scoping in enum fields using conditions that would generate an IN clause. *Ryuta Kamizono* * Skip optimised #exist? query when #include? is called on a relation with a having clause Relations that have aliased select values AND a having clause that references an aliased select value would generate an error when #include? was called, due to an optimisation that would generate call #exists? on the relation instead, which effectively alters the select values of the query (and thus removes the aliased select values), but leaves the having clause intact. Because the having clause is then referencing an aliased column that is no longer present in the simplified query, an ActiveRecord::InvalidStatement error was raised. An sample query affected by this problem: Author.select('COUNT(*) as total_posts', 'authors.*') .joins(:posts) .group(:id) .having('total_posts > 2') .include?(Author.first) This change adds an addition check to the condition that skips the simplified #exists? query, which simply checks for the presence of a having clause. Fixes #41417 *Michael Smart* * Increment postgres prepared statement counter before making a prepared statement, so if the statement is aborted without Rails knowledge (e.g., if app gets kill -9d during long-running query or due to Rack::Timeout), app won't end up in perpetual crash state for being inconsistent with Postgres. *wbharding*, *Martin Tepper* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2021/02/14 13:53:25 taca Exp $ d3 4 a6 4 SHA1 (activesupport-6.1.3.gem) = a2b0a82a48369866c5639701cb0dba924e2a0dcd RMD160 (activesupport-6.1.3.gem) = e0a1e1f14f0249f97d878d264133eaa1df2872a7 SHA512 (activesupport-6.1.3.gem) = 0cad1a00c41fa9d23d6374659d8db588a24cf129551c3ef821b0daeaa14376ab2ae7faff40c123e71155ab9460f6da5479a8e165f7e323c7433c739f423d3612 Size (activesupport-6.1.3.gem) = 219136 bytes @ 1.1 log @devel/ruby-activesupport61: add package version 6.1.2.1 A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. This is for Ruby on Rails 6.1. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (activesupport-6.1.2.1.gem) = ce5eec22b31eb7ecad6f8394b348db2785ec2495 RMD160 (activesupport-6.1.2.1.gem) = 7e95062db3c857fbe134639ab8516432783f6a40 SHA512 (activesupport-6.1.2.1.gem) = 9d5e2b2b0df869d1b5c174572fe4c8e277c61f7bfb351249709ed4436aaa3dc8aa6ead00c78d260fc8dee1bf6dc7a333bf7627376b69d78e5008de0650b91c8d Size (activesupport-6.1.2.1.gem) = 219136 bytes @