head 1.7; access; symbols pkgsrc-2026Q1:1.6.0.2 pkgsrc-2026Q1-base:1.6 pkgsrc-2025Q4:1.4.0.2 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.3.0.6 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.4 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.2 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.1.0.2 pkgsrc-2024Q4-base:1.1; locks; strict; comment @# @; 1.7 date 2026.03.29.13.59.32; author taca; state Exp; branches; next 1.6; commitid 37zstE4sEoBPnSzG; 1.6 date 2026.02.11.07.51.14; author taca; state Exp; branches 1.6.2.1; next 1.5; commitid V9sohjKsFVi7PVtG; 1.5 date 2026.01.18.15.51.11; author taca; state Exp; branches; next 1.4; commitid lE7JXqnTKIkCfTqG; 1.4 date 2025.10.08.14.09.48; author taca; state Exp; branches; next 1.3; commitid eEGpoc5xDgP7YLdG; 1.3 date 2025.03.16.12.29.40; author taca; state Exp; branches 1.3.6.1; next 1.2; commitid J9OBfIjpP9Ti2iNF; 1.2 date 2025.02.09.10.31.31; author taca; state Exp; branches; next 1.1; commitid bF5YcAkXawMwvMIF; 1.1 date 2024.12.13.17.19.29; author taca; state Exp; branches; next ; commitid MiBSDMHsHdJ1DmBF; 1.6.2.1 date 2026.03.31.13.07.12; author maya; state Exp; branches; next ; commitid LgnFjI9MGE9V18AG; 1.3.6.1 date 2025.10.23.02.28.51; author maya; state Exp; branches; next ; commitid t7v5gru4P32NBDfG; desc @@ 1.7 log @devel/ruby-redmine60: update to 6.0.9 6.0.9 (2026-03-16) This release contains security fixes. [Code cleanup/refactoring] * Patch #43872: Update GitHub Actions workflow dependencies [Database] * Patch #43668: Serialize address limit checks during email_addresses#create [Issues] * Feature #43837: Add a hint to the issue relation add form that clarifies multiple comma-separated issue IDs are accepted [Issues filter] * Patch #43736: author.group filter test fix [Issues list] * Defect #31972: An empty group_count badge is displayed when grouped with created_on [Permissions and roles] * Feature #43659: Set minimum width for Permission column in permission report [Security] * Defect #43661: Unsafe eval usage in AttachmentsHelper * Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM * Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped user name * Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter) * Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation * Defect #43830: User who is allowed to view only their own time entries can retrieve other users' time entry details by directly specifying the TimeEntry ID via the REST API * Defect #43840: Update Nokogiri to 1.19.1 [Text formatting] * Defect #40918: Wiki "Edit this section" does not extract SeText headings correctly in CommonMark Markdown [UI] * Defect #43804: Custom field preview does not work on bulk issue edit * Defect #43869: Default assignee selected by category is not shown in UI @ text @$NetBSD: patch-Gemfile,v 1.6 2026/02/11 07:51:14 taca Exp $ * Relax dependency. * Do not load gem for developemt and test. --- Gemfile.orig 2026-03-17 07:40:04.000000000 +0000 +++ Gemfile @@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org' ruby '>= 3.1.0', '< 3.4.0' -gem 'rails', '7.2.3' +gem 'rails', '~>7.2.3' gem 'rouge', '~> 4.5' gem 'mini_mime', '~> 1.1.0' gem "actionpack-xml_parser" @@@@ -13,15 +13,15 @@@@ gem 'nokogiri', Gem.ruby_version >= Gem: gem 'i18n', '~> 1.14.1' gem 'rbpdf', '~> 1.21.4' gem 'addressable' -gem 'rubyzip', '~> 2.3.0' +gem 'rubyzip', '>= 2.3.0' gem 'propshaft', '~> 1.1.0' gem 'rack', '>= 3.1.3' # Ruby Standard Gems -gem 'csv', '~> 3.2.8' -gem 'net-imap', '~> 0.4.20' +gem 'csv', '>= 3.2.8' +gem 'net-imap', '>= 0.4.20' gem 'net-pop', '~> 0.1.2' -gem 'net-smtp', '~> 0.4.0' +gem 'net-smtp', '>= 0.4.0' # Windows does not include zoneinfo files, so bundle the tzinfo-data gem gem 'tzinfo-data', platforms: [:mingw, :x64_mingw, :mswin] @@@@ -31,23 +31,23 @@@@ gem 'rotp', '>= 5.0.0' gem 'rqrcode' # HTML pipeline and sanitization -gem "html-pipeline", "~> 2.13.2" +gem "html-pipeline", ">= 2.13.2" gem "sanitize", "~> 6.0" # Optional gem for LDAP authentication group :ldap do - gem 'net-ldap', '~> 0.17.0' + gem 'net-ldap', '>= 0.17.0' end # Optional gem for exporting the gantt to a PNG file group :minimagick do - gem 'mini_magick', '~> 5.0.1' + gem 'mini_magick', '>= 5.0.1' end # Optional CommonMark support, not for JRuby group :common_mark do gem "commonmarker", '~> 0.23.8' - gem 'deckar01-task_list', '2.3.2' + gem 'deckar01-task_list', '>=2.3.2' end # Include database gems for the adapters found in the database @@@@ -75,7 +75,7 @@@@ if File.exist?(database_file) when /postgresql/ gem 'pg', '~> 1.5.3' when /sqlite3/ - gem 'sqlite3', '~> 1.7.0' + gem 'sqlite3', '>= 1.7.0' when /sqlserver/ gem 'tiny_tds', '~> 2.1.2' gem 'activerecord-sqlserver-adapter', '~> 7.2.0' @@@@ -94,6 +94,7 @@@@ group :development, :test do gem 'debug' end +if false group :development do gem 'listen', '~> 3.3' gem 'yard', require: false @@@@ -118,6 +119,7 @@@@ group :test do # `bin/rails test` fails at startup with minitest >= 6.0 gem 'minitest', '< 6.0' end +end local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local") if File.exist?(local_gemfile) @ 1.6 log @devel/ruby-redmine60: package overhaul * Move MESSAGE to README-pkgsrc. * Change dependency to textproc/ruby-actionpack-xml_parser. * Fix various dependency in Gemfile. * Add dependency to databases/ruby-with_advisory_lock53 with mysql option. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.5 2026/01/18 15:51:11 taca Exp $ d6 1 a6 1 --- Gemfile.orig 2026-01-06 02:25:03.000000000 +0000 d8 1 a8 1 @@@@ -2,26 +2,26 @@@@ source 'https://rubygems.org' d17 1 a17 5 gem 'roadie-rails', '~> 3.2.0' gem 'marcel' gem 'mail', '~> 2.8.1' -gem 'nokogiri', '~> 1.18.3' +gem 'nokogiri', '>= 1.18.3' d29 2 a30 2 +gem 'csv', '>=3.2.8' +gem 'net-imap', '>=0.4.20' d33 1 a33 1 +gem 'net-smtp', '>=0.4.0' @ 1.6.2.1 log @Pullup ticket #7064 - requested by taca devel/ruby-redmine60: Security fix Revisions pulled up: - devel/ruby-redmine60/Makefile 1.13 - devel/ruby-redmine60/PLIST 1.7 - devel/ruby-redmine60/distinfo 1.9 - devel/ruby-redmine60/patches/patch-Gemfile 1.7 --- Module Name: pkgsrc Committed By: taca Date: Sun Mar 29 13:59:32 UTC 2026 Modified Files: pkgsrc/devel/ruby-redmine60: Makefile PLIST distinfo pkgsrc/devel/ruby-redmine60/patches: patch-Gemfile Log Message: devel/ruby-redmine60: update to 6.0.9 6.0.9 (2026-03-16) This release contains security fixes. [Code cleanup/refactoring] * Patch #43872: Update GitHub Actions workflow dependencies [Database] * Patch #43668: Serialize address limit checks during email_addresses#create [Issues] * Feature #43837: Add a hint to the issue relation add form that clarifies multiple comma-separated issue IDs are accepted [Issues filter] * Patch #43736: author.group filter test fix [Issues list] * Defect #31972: An empty group_count badge is displayed when grouped with created_on [Permissions and roles] * Feature #43659: Set minimum width for Permission column in permission report [Security] * Defect #43661: Unsafe eval usage in AttachmentsHelper * Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM * Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped user name * Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter) * Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation * Defect #43830: User who is allowed to view only their own time entries can retrieve other users' time entry details by directly specifying the TimeEntry ID via the REST API * Defect #43840: Update Nokogiri to 1.19.1 [Text formatting] * Defect #40918: Wiki "Edit this section" does not extract SeText headings correctly in CommonMark Markdown [UI] * Defect #43804: Custom field preview does not work on bulk issue edit * Defect #43869: Default assignee selected by category is not shown in UI @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.6 2026/02/11 07:51:14 taca Exp $ d6 1 a6 1 --- Gemfile.orig 2026-03-17 07:40:04.000000000 +0000 d8 1 a8 1 @@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org' d17 5 a21 1 @@@@ -13,15 +13,15 @@@@ gem 'nokogiri', Gem.ruby_version >= Gem: d33 2 a34 2 +gem 'csv', '>= 3.2.8' +gem 'net-imap', '>= 0.4.20' d37 1 a37 1 +gem 'net-smtp', '>= 0.4.0' @ 1.5 log @devel/ruby-redmine60: update to 6.0.8 6.0.8 (2026-01-05) Code cleanup/refactoring * Defect #43441: Fix failures in test/system/issues_test.rb * Patch #43638: Update copyright year to 2026 Custom fields * Defect #43521: Saving a custom field fails with 500 when regular expression is invalid Gems support * Defect #43609: Tests fail with minitest 6.0 Issues list * Defect #43283: Overdue due date text does not turn light gray when issue is selected No category * Patch #43275: Remove continue-on-error: true from the system test job in GitHub CI Rails support * Patch #43633: Update Rails to 7.2.3 Security * Defect #43451: PostScript disguised as PDF can lead to arbitrary file operations via thumbnail generation * Defect #43634: Authorization bypass in Redmine allows modification of attachment metadata on invisible issues * Defect #43635: Authorization bypass in Redmine allows deletion of attachment on invisible issues external SCM * Defect #43525: "label_added" is not translated in the repository revision view legend Text formatting * Defect #43612: Inline code rendering does not preserve multiple spaces Translations * Patch #43490: Japanese translation update (jstoolbar-ja.js) for 6.0-stable UI * Defect #43378: Column headers are slightly shifted to the right in tables in list views * Defect #43527: Login and Email columns are unexpectedly center-aligned on the Users page since Redmine 5.1 @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.4 2025/10/08 14:09:48 taca Exp $ d78 16 @ 1.4 log @devel/ruby-redmine60: update to 6.0.7 6.0.7 (2025-09-21) [Administration] * Defect #43174: CookieOverflow error when deleting a tracker used by many projects [Code cleanup/refactoring] * Patch #43035: Remove empty rubyonrails.yml on 6.0-stable branch [Documentation] * Defect #43204: Adds missing documentation for issue macro to fr and ru languages [Gantt] * Defect #43014: Content in selected columns overflows to the right in Gantt chart [Importers] * Defect #42957: Incorrect "for" attribute in labels of issue relations import [Issues] * Defect #43192: Done ratio interval in issue context menu does not respect Done Ratio Interval setting [Rails support] * Patch #43141: Update Rails to 7.2.2.2 [Security] * Defect #42998: Username and password stored in login form * Defect #43083: Information disclosure in Two-Factor Authentication * Defect #43161: When copying issues, all existing custom values are set to the new issue without sufficient validation [SCM] * Defect #43002: RepositoriesSubversionControllerTest fails in 5.1-stable due to missing foo.js in test repository [Translations] * Patch #42971: Italian translation update for 6.0-stable [UI] * Defect #43004: Watchers list is not properly displayed in Gantt table * Defect #43175: Fix some issues with missing or misplaced html tags * Patch #43008: Display icon-actions on hover with the same color as links * Patch #43196: Improve spacing of checkboxes in CSV export options dialog @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.3 2025/03/16 12:29:40 taca Exp $ d6 1 a6 1 --- Gemfile.orig 2025-09-21 10:15:05.000000000 +0000 d8 1 a8 1 @@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org' d12 2 a13 2 -gem 'rails', '7.2.2.2' +gem 'rails', '~>7.2.2' d17 25 a41 1 @@@@ -31,17 +31,17 @@@@ gem 'rotp', '>= 5.0.0' d62 7 @ 1.3 log @lang/ruby-redmine60: update to 6.0.4 This is security release. 6.0.4 (2025-03-10) [Administration] * Feature #42008: Expose default Rails health check endpoint "/up" for load balancers and uptime monitoring [Code cleanup/refactoring] * Defect #42200: InlineAutocompleteSystemTest login test fails randomly * Patch #42244: Fix random failures in IssuesTest#test_bulk_copy due to StaleElementReferenceError [Custom fields] * Defect #42233: Float custom values with ',' as decimal separator are not converted to '.' and cause SQL errors when sorting or summing [Gems support] * Defect #42245: 5.1-stable: Redmine fails to start with error: Unknown database adapter `"mysql2"` found in config/database.yml [No category] * Feature #30069: Use GitHub Actions as a secondary CI solution to run tests through the existing mirroring [Project settings] * Defect #42192: Project settings members tab may raise ArgumentError if orphaned member records exist [Security] * Defect #42238: Stored Cross-Site Scripting (XSS) in custom query * Defect #42326: Stored Cross-Site Scripting (XSS) in macros * Defect #42352: ProjectQuery leaks details of private projects * Defect #42194: /my/account does not correctly enforce sudo mode * Patch #42333: Update Nokogiri to 1.18.3 [Time tracking] * Defect #42172: `format_hours` method produces incorrect output for negative time values when `Setting.timespan_format` is "minutes" [Translations] * Defect #42170: Fix Turkish translation of field_assignable * Patch #42239: Czech translation update for 6.0-stable [UI] * Defect #42229: Latest news box on home page misses icons [UI - Responsive] * Defect #42182: Poor color contrast of icons on flyout menu @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.2 2025/02/09 10:31:31 taca Exp $ d6 1 a6 1 --- Gemfile.orig 2025-03-10 23:30:05.000000000 +0000 d12 1 a12 1 -gem 'rails', '7.2.2.1' @ 1.3.6.1 log @Pullup ticket #7021 - requested by taca devel/ruby-redmine60: Security fix Revisions pulled up: - devel/ruby-redmine60/Makefile 1.9 - devel/ruby-redmine60/distinfo 1.6 - devel/ruby-redmine60/patches/patch-Gemfile 1.4 --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 8 14:09:48 UTC 2025 Modified Files: pkgsrc/devel/ruby-redmine60: Makefile distinfo pkgsrc/devel/ruby-redmine60/patches: patch-Gemfile Log Message: devel/ruby-redmine60: update to 6.0.7 6.0.7 (2025-09-21) [Administration] * Defect #43174: CookieOverflow error when deleting a tracker used by many projects [Code cleanup/refactoring] * Patch #43035: Remove empty rubyonrails.yml on 6.0-stable branch [Documentation] * Defect #43204: Adds missing documentation for issue macro to fr and ru languages [Gantt] * Defect #43014: Content in selected columns overflows to the right in Gantt chart [Importers] * Defect #42957: Incorrect "for" attribute in labels of issue relations import [Issues] * Defect #43192: Done ratio interval in issue context menu does not respect Done Ratio Interval setting [Rails support] * Patch #43141: Update Rails to 7.2.2.2 [Security] * Defect #42998: Username and password stored in login form * Defect #43083: Information disclosure in Two-Factor Authentication * Defect #43161: When copying issues, all existing custom values are set to the new issue without sufficient validation [SCM] * Defect #43002: RepositoriesSubversionControllerTest fails in 5.1-stable due to missing foo.js in test repository [Translations] * Patch #42971: Italian translation update for 6.0-stable [UI] * Defect #43004: Watchers list is not properly displayed in Gantt table * Defect #43175: Fix some issues with missing or misplaced html tags * Patch #43008: Display icon-actions on hover with the same color as links * Patch #43196: Improve spacing of checkboxes in CSV export options dialog @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- Gemfile.orig 2025-09-21 10:15:05.000000000 +0000 d12 1 a12 1 -gem 'rails', '7.2.2.2' @ 1.2 log @devel/ruby-redmine60: update to 6.0.3 6.0.3 (2025-01-29) Accounts / authentication * Defect #41930: Redirection after signing in fails when the back_url includes a port number Activity view * Defect #42003: Misalignment of icons and titles in Activity view * Defect #42070: Whitespace missing after hyphen between project name and event title in Activity view * Feature #42038: Improve readability by adjusting font sizes and colors in activity view and search results Attachments * Defect #42084: Placeholder icon for non-existent thumbnail flickers rapidly on hover Code cleanup/refactoring * Defect #42088: Fix incorrect syntax in application.css on 6.0-stable * Patch #41961: Use "fixtures :all" to ensure consistent test data and improve test reliability * Patch #42089: Fix Lint workflow error on 6.0-stable due to unsupported ruby/setup-ruby on Ubuntu 24.04 * Patch #42140: Update footer copyright year to 2025 Gantt * Defect #41925: Context menu submenus close unexpectedly on Gantt chart due to z-index conflict Gems support * Defect #42013: Redmine fails to start with error: Unknown database adapter "mysql2" found in config/database.yml Issues * Defect #42066: NoMethodError exception occurs in IssuePriority#high and #low when both default and active priorities are absent Permissions and roles * Defect #42106: Member roles are incorrectly added when a user's memberships are updated Rails support * Defect #42113: Redmine 5.x not starting with ActiveSupport Logger error * Patch #41970: Updates Rails to 7.2.2.1 UI * Defect #42023: Search results page uses legacy icons * Defect #42051: "Font used for text areas" setting causes inconsistent font size * Defect #42117: Key-value list reorder icon uses legacy icon * Defect #42126: The member table layout breaks due to .icon class on td elements * Defect #42130: Multiselect toggle uses legacy icons * Feature #42005: Improve readability of error pages by updating fonts and layout * Feature #42072: Adjust font size for breadcrumb and subtitle to improve readability and consistency @ text @d1 1 a1 1 $NetBSD: patch-Gemfile,v 1.1 2024/12/13 17:19:29 taca Exp $ d6 1 a6 1 --- Gemfile.orig 2025-01-29 07:55:01.000000000 +0000 @ 1.1 log @devel/ruby-redmine60: add package version 6.0.2 Redmine is a flexible project management web application using the Ruby on Rails framework, it is cross-platform and cross-database. Redmine 6.0 introduces these new features in these categories: * Redmine 6 has been upgraded to Rails 7.2 * Ruby 3.3 is now supported and support for Ruby 2.7 and 3.0 has been dropped * Asset pipeline integration using Propshaft has been enabled * Support for Markdown has been removed * Icons have been replaced with SVG icons provided by Tabler * UI tweaks * New features and enhancements, some of them being long awaited features * API changes * Security improvement: User visibility changed from "all" to "member of visible projects" for new roles and existing builtin roles (#38853) @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- Gemfile.orig 2024-11-12 19:25:01.000000000 +0000 d12 1 a12 1 -gem 'rails', '7.2.2' d38 1 a38 1 @@@@ -68,7 +68,7 @@@@ if File.exist?(database_file) @