head	1.3;
access;
symbols
	pkgsrc-2026Q2:1.3.0.2
	pkgsrc-2026Q2-base:1.3
	pkgsrc-2026Q1:1.1.0.2
	pkgsrc-2026Q1-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2026.06.16.14.34.56;	author taca;	state Exp;
branches;
next	1.2;
commitid	9AQ4848XGCIv22KG;

1.2
date	2026.03.29.13.57.44;	author taca;	state Exp;
branches;
next	1.1;
commitid	oQAzIbLXJKddnSzG;

1.1
date	2026.02.11.07.53.37;	author taca;	state Exp;
branches
	1.1.2.1;
next	;
commitid	NWdBBjiJTO6WPVtG;

1.1.2.1
date	2026.03.31.13.02.19;	author maya;	state Exp;
branches;
next	;
commitid	4h6ElakR41Qe08AG;


desc
@@


1.3
log
@devel/ruby-redmine61: update to 6.1.3

This release addresss multiple security vulnerabilities along with various
bug fixes and improvements.

Code cleanup/refactoring

* Defect #43985: Flaky IssuesSystemTest caused by `!page.has_css?`
* Defect #44010: Too much INFO log of asset paths when starting Rails
* Defect #44072:
  OauthProviderSystemTest#test_application_creation_and_authorization fails
  randomly
* Patch #44073: TimeEntryTest#test_should_not_accept_closed_issue fails
  randomly depending on locale

Documentation

* Defect #43906: Wiki help does not display localized content for locales
  with a region subtag
* Defect #43920: German and Tamil CommonMark wiki help pages lack the Alerts
  section
* Patch #43447: Update INSTALL document to mention additional_environment.rb
* Patch #43896: Remove obsolete db:migrate:upgrade_plugin_migrations step
  from doc/UPGRADING
* Patch #43897: Use `bin/rails` instead of `rake` in documentation
* Patch #43929: German translation for Alerts section on CommonMark wiki
  help page
* Patch #43930: Add blockquote formatting in CommonMark wiki help pages

Issues

* Defect #44042: Watchers section in the sidebar is incorrectly updated when
  watching a subtasks or related issue via context menu

Projects

* Defect #43910: Projects with the identifiers "autocomplete" or
  "bulk_destroy" cannot perform some operations

REST API

* Defect #43698: ArgumentError occurs on /oauth/authorize when REST API is
  disabled

Rails support

* Patch #43909: Update Rails to 7.2.3.1

SCM

* Defect #43964: `IconsHelper#scm_change_icon` ignores passed options
* Patch #43966: Tighten SVN repository URL validation

Security

* Patch #43986: Improve the `config.filter_parameters` setting
* Defect #43951: Bulk attachment download bypasses View files permission for
  project/version attachments
* Defect #44109: PreAuth leak name of private Projects
* Defect #44118: Any project member with add_issue_notes permission can add
  notes to private issues they cannot view, via the MailHandler reply
  dispatch
* Defect #44138: Stored XSS in Textile formatter due to
  restore_redmine_links
* Defect #44145: PostScript execution in Redmine::Thumbnail.generate via %%
  DSC-comment prefix
* Defect #44146: Time-entry API hidden custom-field leak
* Defect #44174: OAuth scope enforcement bypass in user account

Translations

* Defect #43921: Tamil CommonMark help page incorrectly translates CSS
  property names
* Patch #43922: Japanese translation update for `recent_pages` macro help on
  `project` and `include_subprojects` options
* Patch #44005: Fix French translation of label_auto_watch_on_issue_created

UI

* Defect #43984: Current page background in pagination overflows its border
* Defect #44069: Remove redundant underline from abbr elements
* Defect #44127: Replace legacy group avatar icon with SVG
* Defect #44170: Toggling between board and list in projects query do not
  work properly
@
text
@$NetBSD: patch-Gemfile,v 1.2 2026/03/29 13:57:44 taca Exp $

* Relax dependency.
* Do not load gem for developemt and test.

--- Gemfile.orig	2026-06-15 19:25:05.000000000 +0000
+++ Gemfile
@@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org'
 
 ruby '>= 3.2.0', '< 3.5.0'
 
-gem 'rails', '7.2.3.1'
+gem 'rails', '~> 7.2.3.1'
 gem 'rouge', '~> 4.5'
 gem 'mini_mime', '~> 1.1.0'
 gem "actionpack-xml_parser"
@@@@ -38,17 +38,17 @@@@ gem 'rotp', '>= 5.0.0'
 gem 'rqrcode'
 
 # HTML pipeline and sanitization
-gem "html-pipeline", "~> 2.13.2"
+gem "html-pipeline", ">= 2.13.2"
 gem "sanitize", "~> 6.0"
 
 # Optional gem for LDAP authentication
 group :ldap do
-  gem 'net-ldap', '~> 0.17.0'
+  gem 'net-ldap', '>= 0.17.0'
 end
 
 # Optional gem for exporting the gantt to a PNG file
 group :minimagick do
-  gem 'mini_magick', '~> 5.2.0'
+  gem 'mini_magick', '>= 5.2.0'
 end
 
 # Include database gems for the adapters found in the database
@@@@ -79,7 +79,7 @@@@ if File.exist?(database_file)
       when /postgresql/
         gem 'pg', '~> 1.5.3'
       when /sqlite3/
-        gem 'sqlite3', '~> 2.5.0'
+        gem 'sqlite3', '>= 2.5.0'
       when /sqlserver/
         gem 'tiny_tds', '~> 2.1.2'
         gem 'activerecord-sqlserver-adapter', '~> 7.2.0'
@@@@ -94,6 +94,7 @@@@ else
   warn("Please configure your config/database.yml first")
 end
 
+if false
 group :development, :test do
   gem 'debug'
 end
@@@@ -125,6 +126,7 @@@@ group :test do
   # Lock minitest to 5.x until a Rails release includes support for minitest 6.0
   gem 'minitest', '~> 5.27'
 end
+end
 
 local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
 if File.exist?(local_gemfile)
@


1.2
log
@devel/ruby-redmine61: update to 6.1.2

6.1.2 (2026-03-16)

This release contains security fixes.

[Calendar]

* Defect #43718: Issue beginning/ending arrows should be flipped in RTL
  calendars

[Code cleanup/refactoring]

* Patch #43649: Remove MySQL 5.7-related comments from database.yml.example
* Patch #43713: Add missing entries "apps" and "shield-check" to
  icon_source.yml
* Patch #43872: Update GitHub Actions workflow dependencies

[Database]

* Patch #43668: Serialize address limit checks during email_addresses#create

[Issues]

* Defect #33610: Submitting the issue edit form without changes unexpectedly
  updates updated_on
* Feature #43837: Add a hint to the issue relation add form that clarifies
  multiple comma-separated issue IDs are accepted

[Issues filter]

* Patch #43736: author.group filter test fix

[Issues list]

* Defect #31972: An empty group_count badge is displayed when grouped with
  created_on

[Performance]

* Defect #43651: Searching issues with searchable custom fields causes a
  performance regression on MySQL

[Permissions and roles]

* Feature #43659: Set minimum width for Permission column in permission
  report

[Security]

* Defect #43661: Unsafe eval usage in AttachmentsHelper
* Defect #43690: Directory Traversal via Backslash-Separated Paths in
  Filesystem SCM
* Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped
  user name
* Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter)
* Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query
  Filter Generation
* Defect #43830: User who is allowed to view only their own time entries can
  retrieve other users' time entry details by directly specifying the
  TimeEntry ID via the REST API
* Defect #43840: Update Nokogiri to 1.19.1

[Text formatting]

* Defect #40918: Wiki "Edit this section" does not extract SeText headings
  correctly in CommonMark Markdown
* Defect #43662: Cursor may move to incorrect position when pasting inline
  images from clipboard

[Themes]

* Feature #43087: Allow to change icons sprites from theme

[UI]

* Defect #43664: Project menu tab left/right buttons are broken in RTL
  layout
* Defect #43672: Indent icons for subtasks and subprojects in list tables
  are misplaced in RTL layout
* Defect #43674: Unintended global `ol` styling in changeset CSS
* Defect #43675: "Add filter" dropdown in query form appears on the wrong
  side in RTL layout
* Defect #43714: Arrow buttons for Available/Selected columns are misleading
  in the issues query form on RTL layouts
* Defect #43715: Project selector does not indent subprojects in RTL layout
* Defect #43804: Custom field preview does not work on bulk issue edit
* Defect #43869: Default assignee selected by category is not shown in UI

[Wiki]

* Feature #43631: Add "include_subprojects" parameter to recent_pages macro
  to include pages from subprojects
@
text
@d1 1
a1 1
$NetBSD: patch-Gemfile,v 1.1 2026/02/11 07:53:37 taca Exp $
d6 1
a6 1
--- Gemfile.orig	2026-03-17 07:40:07.000000000 +0000
d12 2
a13 2
-gem 'rails', '7.2.3'
+gem 'rails', '~> 7.2.3'
@


1.1
log
@devel/ruby-redmine61: add version 6.1.1

Note: ruby-redmine61 also supports Ruby 3.4.

Redmine is a flexible project management web application using the
Ruby on Rails framework, it is cross-platform and cross-database.

Redmine 6.1 introduces these new features in these categories:

* Redmine 6 has been upgraded to Rails 7.2
* Ruby 3.3 is now supported and support for Ruby 2.7 and 3.0 has been dropped
* Asset pipeline integration using Propshaft has been enabled
* Support for Markdown has been removed
* Icons have been replaced with SVG icons provided by Tabler
* UI tweaks
* New features and enhancements, some of them being long awaited features
* API changes
* Security improvement:
  User visibility changed from "all" to "member of visible projects" for new
  roles and existing builtin roles (#38853)
@
text
@d1 1
a1 1
$NetBSD$
d6 1
a6 1
--- Gemfile.orig	2026-01-06 02:25:05.000000000 +0000
d8 1
a8 1
@@@@ -2,14 +2,14 @@@@ source 'https://rubygems.org'
a16 8
 gem 'roadie-rails', '~> 3.3.0'
 gem 'marcel'
 gem 'mail', '~> 2.8.1'
-gem 'nokogiri', '~> 1.18.3'
+gem 'nokogiri', '~> 1.18'
 gem 'i18n', '~> 1.14.1'
 gem 'rbpdf', '~> 1.21.4'
 gem 'addressable'
@


1.1.2.1
log
@Pullup ticket #7063 - requested by taca
devel/ruby-redmine61: Security fix

Revisions pulled up:
- devel/ruby-redmine61/Makefile                                 1.2
- devel/ruby-redmine61/PLIST                                    1.2
- devel/ruby-redmine61/distinfo                                 1.2
- devel/ruby-redmine61/patches/patch-Gemfile                    1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Mar 29 13:57:44 UTC 2026

   Modified Files:
   	pkgsrc/devel/ruby-redmine61: Makefile PLIST distinfo
   	pkgsrc/devel/ruby-redmine61/patches: patch-Gemfile

   Log Message:
   devel/ruby-redmine61: update to 6.1.2

   6.1.2 (2026-03-16)

   This release contains security fixes.

   [Calendar]

   * Defect #43718: Issue beginning/ending arrows should be flipped in RTL
     calendars

   [Code cleanup/refactoring]

   * Patch #43649: Remove MySQL 5.7-related comments from database.yml.example
   * Patch #43713: Add missing entries "apps" and "shield-check" to
     icon_source.yml
   * Patch #43872: Update GitHub Actions workflow dependencies

   [Database]

   * Patch #43668: Serialize address limit checks during email_addresses#create

   [Issues]

   * Defect #33610: Submitting the issue edit form without changes unexpectedly
     updates updated_on
   * Feature #43837: Add a hint to the issue relation add form that clarifies
     multiple comma-separated issue IDs are accepted

   [Issues filter]

   * Patch #43736: author.group filter test fix

   [Issues list]

   * Defect #31972: An empty group_count badge is displayed when grouped with
     created_on

   [Performance]

   * Defect #43651: Searching issues with searchable custom fields causes a
     performance regression on MySQL

   [Permissions and roles]

   * Feature #43659: Set minimum width for Permission column in permission
     report

   [Security]

   * Defect #43661: Unsafe eval usage in AttachmentsHelper
   * Defect #43690: Directory Traversal via Backslash-Separated Paths in
     Filesystem SCM
   * Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped
     user name
   * Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter)
   * Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query
     Filter Generation
   * Defect #43830: User who is allowed to view only their own time entries can
     retrieve other users' time entry details by directly specifying the
     TimeEntry ID via the REST API
   * Defect #43840: Update Nokogiri to 1.19.1

   [Text formatting]

   * Defect #40918: Wiki "Edit this section" does not extract SeText headings
     correctly in CommonMark Markdown
   * Defect #43662: Cursor may move to incorrect position when pasting inline
     images from clipboard

   [Themes]

   * Feature #43087: Allow to change icons sprites from theme

   [UI]

   * Defect #43664: Project menu tab left/right buttons are broken in RTL
     layout
   * Defect #43672: Indent icons for subtasks and subprojects in list tables
     are misplaced in RTL layout
   * Defect #43674: Unintended global `ol` styling in changeset CSS
   * Defect #43675: "Add filter" dropdown in query form appears on the wrong
     side in RTL layout
   * Defect #43714: Arrow buttons for Available/Selected columns are misleading
     in the issues query form on RTL layouts
   * Defect #43715: Project selector does not indent subprojects in RTL layout
   * Defect #43804: Custom field preview does not work on bulk issue edit
   * Defect #43869: Default assignee selected by category is not shown in UI

   [Wiki]

   * Feature #43631: Add "include_subprojects" parameter to recent_pages macro
     to include pages from subprojects
@
text
@d6 1
a6 1
--- Gemfile.orig	2026-03-17 07:40:07.000000000 +0000
d8 1
a8 1
@@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org'
d17 8
@