head 1.2; access; symbols pkgsrc-2026Q1:1.1.0.2 pkgsrc-2026Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2026.03.29.13.57.44; author taca; state Exp; branches; next 1.1; commitid oQAzIbLXJKddnSzG; 1.1 date 2026.02.11.07.53.37; author taca; state Exp; branches 1.1.2.1; next ; commitid NWdBBjiJTO6WPVtG; 1.1.2.1 date 2026.03.31.13.02.19; author maya; state Exp; branches; next ; commitid 4h6ElakR41Qe08AG; desc @@ 1.2 log @devel/ruby-redmine61: update to 6.1.2 6.1.2 (2026-03-16) This release contains security fixes. [Calendar] * Defect #43718: Issue beginning/ending arrows should be flipped in RTL calendars [Code cleanup/refactoring] * Patch #43649: Remove MySQL 5.7-related comments from database.yml.example * Patch #43713: Add missing entries "apps" and "shield-check" to icon_source.yml * Patch #43872: Update GitHub Actions workflow dependencies [Database] * Patch #43668: Serialize address limit checks during email_addresses#create [Issues] * Defect #33610: Submitting the issue edit form without changes unexpectedly updates updated_on * Feature #43837: Add a hint to the issue relation add form that clarifies multiple comma-separated issue IDs are accepted [Issues filter] * Patch #43736: author.group filter test fix [Issues list] * Defect #31972: An empty group_count badge is displayed when grouped with created_on [Performance] * Defect #43651: Searching issues with searchable custom fields causes a performance regression on MySQL [Permissions and roles] * Feature #43659: Set minimum width for Permission column in permission report [Security] * Defect #43661: Unsafe eval usage in AttachmentsHelper * Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM * Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped user name * Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter) * Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation * Defect #43830: User who is allowed to view only their own time entries can retrieve other users' time entry details by directly specifying the TimeEntry ID via the REST API * Defect #43840: Update Nokogiri to 1.19.1 [Text formatting] * Defect #40918: Wiki "Edit this section" does not extract SeText headings correctly in CommonMark Markdown * Defect #43662: Cursor may move to incorrect position when pasting inline images from clipboard [Themes] * Feature #43087: Allow to change icons sprites from theme [UI] * Defect #43664: Project menu tab left/right buttons are broken in RTL layout * Defect #43672: Indent icons for subtasks and subprojects in list tables are misplaced in RTL layout * Defect #43674: Unintended global `ol` styling in changeset CSS * Defect #43675: "Add filter" dropdown in query form appears on the wrong side in RTL layout * Defect #43714: Arrow buttons for Available/Selected columns are misleading in the issues query form on RTL layouts * Defect #43715: Project selector does not indent subprojects in RTL layout * Defect #43804: Custom field preview does not work on bulk issue edit * Defect #43869: Default assignee selected by category is not shown in UI [Wiki] * Feature #43631: Add "include_subprojects" parameter to recent_pages macro to include pages from subprojects @ text @$NetBSD: patch-Gemfile,v 1.1 2026/02/11 07:53:37 taca Exp $ * Relax dependency. * Do not load gem for developemt and test. --- Gemfile.orig 2026-03-17 07:40:07.000000000 +0000 +++ Gemfile @@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org' ruby '>= 3.2.0', '< 3.5.0' -gem 'rails', '7.2.3' +gem 'rails', '~> 7.2.3' gem 'rouge', '~> 4.5' gem 'mini_mime', '~> 1.1.0' gem "actionpack-xml_parser" @@@@ -38,17 +38,17 @@@@ gem 'rotp', '>= 5.0.0' gem 'rqrcode' # HTML pipeline and sanitization -gem "html-pipeline", "~> 2.13.2" +gem "html-pipeline", ">= 2.13.2" gem "sanitize", "~> 6.0" # Optional gem for LDAP authentication group :ldap do - gem 'net-ldap', '~> 0.17.0' + gem 'net-ldap', '>= 0.17.0' end # Optional gem for exporting the gantt to a PNG file group :minimagick do - gem 'mini_magick', '~> 5.2.0' + gem 'mini_magick', '>= 5.2.0' end # Include database gems for the adapters found in the database @@@@ -79,7 +79,7 @@@@ if File.exist?(database_file) when /postgresql/ gem 'pg', '~> 1.5.3' when /sqlite3/ - gem 'sqlite3', '~> 2.5.0' + gem 'sqlite3', '>= 2.5.0' when /sqlserver/ gem 'tiny_tds', '~> 2.1.2' gem 'activerecord-sqlserver-adapter', '~> 7.2.0' @@@@ -94,6 +94,7 @@@@ else warn("Please configure your config/database.yml first") end +if false group :development, :test do gem 'debug' end @@@@ -125,6 +126,7 @@@@ group :test do # Lock minitest to 5.x until a Rails release includes support for minitest 6.0 gem 'minitest', '~> 5.27' end +end local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local") if File.exist?(local_gemfile) @ 1.1 log @devel/ruby-redmine61: add version 6.1.1 Note: ruby-redmine61 also supports Ruby 3.4. Redmine is a flexible project management web application using the Ruby on Rails framework, it is cross-platform and cross-database. Redmine 6.1 introduces these new features in these categories: * Redmine 6 has been upgraded to Rails 7.2 * Ruby 3.3 is now supported and support for Ruby 2.7 and 3.0 has been dropped * Asset pipeline integration using Propshaft has been enabled * Support for Markdown has been removed * Icons have been replaced with SVG icons provided by Tabler * UI tweaks * New features and enhancements, some of them being long awaited features * API changes * Security improvement: User visibility changed from "all" to "member of visible projects" for new roles and existing builtin roles (#38853) @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- Gemfile.orig 2026-01-06 02:25:05.000000000 +0000 d8 1 a8 1 @@@@ -2,14 +2,14 @@@@ source 'https://rubygems.org' a16 8 gem 'roadie-rails', '~> 3.3.0' gem 'marcel' gem 'mail', '~> 2.8.1' -gem 'nokogiri', '~> 1.18.3' +gem 'nokogiri', '~> 1.18' gem 'i18n', '~> 1.14.1' gem 'rbpdf', '~> 1.21.4' gem 'addressable' @ 1.1.2.1 log @Pullup ticket #7063 - requested by taca devel/ruby-redmine61: Security fix Revisions pulled up: - devel/ruby-redmine61/Makefile 1.2 - devel/ruby-redmine61/PLIST 1.2 - devel/ruby-redmine61/distinfo 1.2 - devel/ruby-redmine61/patches/patch-Gemfile 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Mar 29 13:57:44 UTC 2026 Modified Files: pkgsrc/devel/ruby-redmine61: Makefile PLIST distinfo pkgsrc/devel/ruby-redmine61/patches: patch-Gemfile Log Message: devel/ruby-redmine61: update to 6.1.2 6.1.2 (2026-03-16) This release contains security fixes. [Calendar] * Defect #43718: Issue beginning/ending arrows should be flipped in RTL calendars [Code cleanup/refactoring] * Patch #43649: Remove MySQL 5.7-related comments from database.yml.example * Patch #43713: Add missing entries "apps" and "shield-check" to icon_source.yml * Patch #43872: Update GitHub Actions workflow dependencies [Database] * Patch #43668: Serialize address limit checks during email_addresses#create [Issues] * Defect #33610: Submitting the issue edit form without changes unexpectedly updates updated_on * Feature #43837: Add a hint to the issue relation add form that clarifies multiple comma-separated issue IDs are accepted [Issues filter] * Patch #43736: author.group filter test fix [Issues list] * Defect #31972: An empty group_count badge is displayed when grouped with created_on [Performance] * Defect #43651: Searching issues with searchable custom fields causes a performance regression on MySQL [Permissions and roles] * Feature #43659: Set minimum width for Permission column in permission report [Security] * Defect #43661: Unsafe eval usage in AttachmentsHelper * Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM * Defect #43691: DOM (Stored) XSS in @@mention autocomplete via unescaped user name * Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter) * Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation * Defect #43830: User who is allowed to view only their own time entries can retrieve other users' time entry details by directly specifying the TimeEntry ID via the REST API * Defect #43840: Update Nokogiri to 1.19.1 [Text formatting] * Defect #40918: Wiki "Edit this section" does not extract SeText headings correctly in CommonMark Markdown * Defect #43662: Cursor may move to incorrect position when pasting inline images from clipboard [Themes] * Feature #43087: Allow to change icons sprites from theme [UI] * Defect #43664: Project menu tab left/right buttons are broken in RTL layout * Defect #43672: Indent icons for subtasks and subprojects in list tables are misplaced in RTL layout * Defect #43674: Unintended global `ol` styling in changeset CSS * Defect #43675: "Add filter" dropdown in query form appears on the wrong side in RTL layout * Defect #43714: Arrow buttons for Available/Selected columns are misleading in the issues query form on RTL layouts * Defect #43715: Project selector does not indent subprojects in RTL layout * Defect #43804: Custom field preview does not work on bulk issue edit * Defect #43869: Default assignee selected by category is not shown in UI [Wiki] * Feature #43631: Add "include_subprojects" parameter to recent_pages macro to include pages from subprojects @ text @d6 1 a6 1 --- Gemfile.orig 2026-03-17 07:40:07.000000000 +0000 d8 1 a8 1 @@@@ -2,7 +2,7 @@@@ source 'https://rubygems.org' d17 8 @