head 1.25; access; symbols pkgsrc-2026Q1:1.24.0.12 pkgsrc-2026Q1-base:1.24 pkgsrc-2025Q4:1.24.0.10 pkgsrc-2025Q4-base:1.24 pkgsrc-2025Q3:1.24.0.8 pkgsrc-2025Q3-base:1.24 pkgsrc-2025Q2:1.24.0.6 pkgsrc-2025Q2-base:1.24 pkgsrc-2025Q1:1.24.0.4 pkgsrc-2025Q1-base:1.24 pkgsrc-2024Q4:1.24.0.2 pkgsrc-2024Q4-base:1.24 pkgsrc-2024Q3:1.22.0.4 pkgsrc-2024Q3-base:1.22 pkgsrc-2024Q2:1.22.0.2 pkgsrc-2024Q2-base:1.22 pkgsrc-2024Q1:1.21.0.2 pkgsrc-2024Q1-base:1.21 pkgsrc-2023Q4:1.20.0.4 pkgsrc-2023Q4-base:1.20 pkgsrc-2023Q3:1.20.0.2 pkgsrc-2023Q3-base:1.20 pkgsrc-2023Q2:1.18.0.4 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.18.0.2 pkgsrc-2023Q1-base:1.18 pkgsrc-2022Q4:1.15.0.4 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.15.0.2 pkgsrc-2022Q3-base:1.15 pkgsrc-2022Q2:1.13.0.2 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.11.0.2 pkgsrc-2022Q1-base:1.11 pkgsrc-2021Q4:1.9.0.2 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.6.0.2 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.4.0.2 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.2.0.2 pkgsrc-2021Q1-base:1.2; locks; strict; comment @# @; 1.25 date 2026.05.05.08.17.47; author taca; state dead; branches; next 1.24; commitid lr4jZbS8kTvMiBEG; 1.24 date 2024.10.27.14.29.39; author taca; state Exp; branches; next 1.23; commitid Hc9Aloo1cXEtcjvF; 1.23 date 2024.10.21.14.58.57; author taca; state Exp; branches; next 1.22; commitid e99DE75ugU8myxuF; 1.22 date 2024.06.05.16.21.35; author taca; state Exp; branches; next 1.21; commitid pKKVOz5I73fQrOcF; 1.21 date 2024.02.24.14.42.40; author taca; state Exp; branches 1.21.2.1; next 1.20; commitid dMa293WgUtfbbHZE; 1.20 date 2023.08.26.15.23.28; author taca; state Exp; branches; next 1.19; commitid Yo4AOkqx9V2TfjCE; 1.19 date 2023.06.27.13.35.17; author taca; state Exp; branches; next 1.18; commitid O8aF69XeGtOlAAuE; 1.18 date 2023.03.15.13.31.48; author taca; state Exp; branches 1.18.4.1; next 1.17; commitid qVRHt7J0cHGoUdhE; 1.17 date 2023.01.25.13.27.09; author taca; state Exp; branches; next 1.16; commitid nbgl0tWcCcersVaE; 1.16 date 2023.01.19.14.31.10; author taca; state Exp; branches; next 1.15; commitid 8ZJ1ksyFQnUn0aaE; 1.15 date 2022.09.10.08.24.41; author taca; state Exp; branches 1.15.4.1; next 1.14; commitid 6Sb0ZyedTcCJbiTD; 1.14 date 2022.07.13.14.46.23; author taca; state Exp; branches; next 1.13; commitid b5k4UpOSswlfcKLD; 1.13 date 2022.06.07.15.05.22; author taca; state Exp; branches 1.13.2.1; next 1.12; commitid 94DP7iCcELNvs7HD; 1.12 date 2022.05.05.03.29.32; author taca; state Exp; branches; next 1.11; commitid Bo7Q4A2IjPbAFOCD; 1.11 date 2022.03.13.15.11.51; author taca; state Exp; branches 1.11.2.1; next 1.10; commitid cTFn59RGFpn7g4wD; 1.10 date 2022.02.13.07.35.05; author taca; state Exp; branches; next 1.9; commitid dxMDajEabLleDqsD; 1.9 date 2021.12.19.05.25.03; author taca; state Exp; branches 1.9.2.1; next 1.8; commitid Yy1qxSyAMadgIdlD; 1.8 date 2021.10.26.11.30.54; author nia; state Exp; branches; next 1.7; commitid Gv0TNLbuylhFsjeD; 1.7 date 2021.10.07.15.08.38; author nia; state Exp; branches; next 1.6; commitid kEwAbZZbki9jhTbD; 1.6 date 2021.08.22.07.16.46; author taca; state Exp; branches; next 1.5; commitid rFBRgwR8X8mH9W5D; 1.5 date 2021.07.04.08.01.02; author taca; state Exp; branches; next 1.4; commitid mnNXVKm2t1xvYDZC; 1.4 date 2021.05.08.14.08.56; author taca; state Exp; branches; next 1.3; commitid xT7hp1Cwoc8eQlSC; 1.3 date 2021.04.11.13.28.01; author taca; state Exp; branches; next 1.2; commitid ojVj9UR3VuKWtSOC; 1.2 date 2021.02.28.15.42.40; author taca; state Exp; branches; next 1.1; commitid 7pqUCCXfZTplzuJC; 1.1 date 2021.02.14.13.58.16; author taca; state Exp; branches; next ; commitid fVBeCcZL8263sGHC; 1.21.2.1 date 2024.06.13.17.16.50; author bsiegert; state Exp; branches; next ; commitid 2kq3Ai7NKk3TuQdF; 1.18.4.1 date 2023.06.30.18.41.56; author bsiegert; state Exp; branches; next ; commitid NnnxBbs8ehPBb0vE; 1.15.4.1 date 2023.03.04.14.10.23; author spz; state Exp; branches; next ; commitid z0Mpayg7Eu2CtOfE; 1.13.2.1 date 2022.07.23.19.35.08; author spz; state Exp; branches; next ; commitid 0ogLPDtEKXGqt3ND; 1.11.2.1 date 2022.06.04.09.31.42; author spz; state Exp; branches; next ; commitid 6heywWYUC6I3IHGD; 1.9.2.1 date 2022.03.03.19.12.00; author bsiegert; state Exp; branches; next ; commitid ZRy4g549ae7uUNuD; desc @@ 1.25 log @www/ruby-rails61: remove related packages Ruby on Rails 6.1 EOL since 2024-10-23 and it was kept for Redmine 5.1. @ text @$NetBSD: distinfo,v 1.24 2024/10/27 14:29:39 taca Exp $ BLAKE2s (actionview-6.1.7.10.gem) = 8ee5757269cb293589ad9b68dfe502ddf76943fc24389318cdfe32cb766e442e SHA512 (actionview-6.1.7.10.gem) = 1ba8bc9ba98e7024ed25f124aeb0677410e45a58642f7c63e00182cb02321b483091d12f0e5f023fbc4e6b58ce7da3ec8171a1f0d89b7c9322bf77e74e6e9afe Size (actionview-6.1.7.10.gem) = 172544 bytes @ 1.24 log @www/ruby-rails61: update to 6.1.7.10 Security fix of ruby-action-mailer61. Other packages have no change except their version. Action Mailer * Fix NoMethodError in block_format helper [Michael Leimstaedtner] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2024/10/21 14:58:57 taca Exp $ @ 1.23 log @www/ruby-rails61: update to 6.1.7.9 Update Ruby on Rails 6.1 to 6.1.7.9. Active Support * No changes. Active Model * No changes. Active Record * No changes. Action View * No changes. Action Pack * Avoid regex backtracking in HTTP Token authentication [CVE-2024-47887] * Avoid regex backtracking in query parameter filtering [CVE-2024-41128] Active Job * No changes. Action Mailer * Avoid regex backtracking in block_format helper [CVE-2024-47889] Action Cable * No changes. Active Storage * No changes. Action Mailbox * No changes. Action Text * Avoid backtracing in plain_text_for_blockquote_node [CVE-2024-47888] Railties * No changes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2024/06/05 16:21:35 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.9.gem) = 0ebd5c9ca8940a27599ebec852f2562b7efeb18e14ee96fca90a838495e48ce1 SHA512 (actionview-6.1.7.9.gem) = 630d0eb75aba653ff4e068c4dd2d563cfbc63ebe6f48cd22bc2055d717dd81b726b7a20226a21e13e7b2e930b9be3036dee2aa5c9542c9baed5bd641db95ad80 Size (actionview-6.1.7.9.gem) = 172544 bytes @ 1.22 log @www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:40 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.8.gem) = 86ce31e692a5b43c4b49549218c4420b12324d8c1527f957c8e133ef32b2ee59 SHA512 (actionview-6.1.7.8.gem) = 5c2bc38ef3fedad37e4ffcc9727844d7f566a2cd09133c66dbe37b6d3b64d7012c55ac6c4112cb2477c3972d34e77f375d0a8e7b88aceb0700faffa13918ab99 Size (actionview-6.1.7.8.gem) = 172544 bytes @ 1.21 log @www/rails61: update to 6.1.7.7 Update rails61 and related pacakges to 6.1.7.7 This includes security fix for CVE-2024-26144, devel/ruby-activestorage61. Active Storage * Disables the session in ActiveStorage::Blobs::ProxyController and ActiveStorage::Representations::ProxyController in order to allow caching by default in some CDNs as CloudFlare Fixes #44136 Bruno Prieto @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2023/08/26 15:23:28 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.7.gem) = 110b8994c5ebb61d0af53eccdd81418ca5737bbb35b5fdec785344fb91623490 SHA512 (actionview-6.1.7.7.gem) = 673e104068c0dcca090f5c19c8c456e59bf2bb1b0b27f6300786299346c1d90d56294a75284efdaf6ca571e41e0307f385272118ca6abe5bc0ed83307a1ed773 Size (actionview-6.1.7.7.gem) = 172544 bytes @ 1.21.2.1 log @Pullup ticket #6861 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.22 - devel/ruby-activejob61/distinfo 1.22 - devel/ruby-activemodel61/distinfo 1.22 - devel/ruby-activestorage61/distinfo 1.22 - devel/ruby-activesupport61/distinfo 1.22 - devel/ruby-railties61/distinfo 1.22 - lang/ruby/rails.mk 1.162 - mail/ruby-actionmailbox61/distinfo 1.22 - mail/ruby-actionmailer61/distinfo 1.22 - textproc/ruby-actiontext61/distinfo 1.22 - www/ruby-actioncable61/distinfo 1.22 - www/ruby-actionpack61/distinfo 1.22 - www/ruby-actionview61/distinfo 1.22 - www/ruby-rails61/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 5 16:21:36 UTC 2024 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:40 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.8.gem) = 86ce31e692a5b43c4b49549218c4420b12324d8c1527f957c8e133ef32b2ee59 SHA512 (actionview-6.1.7.8.gem) = 5c2bc38ef3fedad37e4ffcc9727844d7f566a2cd09133c66dbe37b6d3b64d7012c55ac6c4112cb2477c3972d34e77f375d0a8e7b88aceb0700faffa13918ab99 Size (actionview-6.1.7.8.gem) = 172544 bytes @ 1.20 log @www/ruby-rails61: update to 6.1.7.6 6.1.7.5 (2023-08-22) Active Support * Use a temporary file for storing unencrypted files while editing [CVE-2023-38037] 6.1.7.6 (2023-08-22) * No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2023/06/27 13:35:17 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.6.gem) = 4f55e09791dd5fec2169497ad4bd906890ddc841c3e7f512393925442fdf77cf SHA512 (actionview-6.1.7.6.gem) = 29f8dcbe68c5fce1b13c9b8c67f668fd632e74e1d3775087f6becff226b324d2a69c62645a16cfb6ad331747596a59f5dfdd37a48563d35556883b68417dcece Size (actionview-6.1.7.6.gem) = 172544 bytes @ 1.19 log @www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:48 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.4.gem) = 6e330732310e25e2c706deebc7afd2bf2649568798cad3a9698425f8218b23d5 SHA512 (actionview-6.1.7.4.gem) = 5c065183c7fc16011a694ad9b986a0f8e8332421e572ca9c47f27ef06361ee9f5d8095a7b7dfff1911fda263a73d279261397c96555635c93b62985d2314439f Size (actionview-6.1.7.4.gem) = 172544 bytes @ 1.18 log @www/ruby-rails61: update to 6.1.7.3 6.1.7.3 (2023-03-13) Active Support * Implement SafeBuffer#bytesplice [CVE-2023-28120] Action View * Ignore certain data-* attributes in rails-ujs when element is contenteditable [CVE-2023-23913] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2023/01/25 13:27:09 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.3.gem) = 5a86a627c42d24d8bf130f68755f419d11b2080b6ab7be61118686794dc3c335 SHA512 (actionview-6.1.7.3.gem) = 7e697683e275930b3059f8a65600efeff497b4cd1749d7921431322252961a33e70704fcd064a34b02113de53574633f61fc7db6e5fd41e28009bf660e7f1c07 Size (actionview-6.1.7.3.gem) = 172544 bytes @ 1.18.4.1 log @Pullup ticket #6766 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.19 - devel/ruby-activejob61/distinfo 1.19 - devel/ruby-activemodel61/distinfo 1.19 - devel/ruby-activestorage61/distinfo 1.19 - devel/ruby-activesupport61/distinfo 1.19 - devel/ruby-railties61/distinfo 1.19 - lang/ruby/rails.mk 1.146 - mail/ruby-actionmailbox61/distinfo 1.19 - mail/ruby-actionmailer61/distinfo 1.19 - textproc/ruby-actiontext61/distinfo 1.19 - www/ruby-actioncable61/distinfo 1.19 - www/ruby-actionpack61/distinfo 1.19 - www/ruby-actionview61/distinfo 1.19 - www/ruby-rails61/distinfo 1.19 --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 27 13:35:19 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:48 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.4.gem) = 6e330732310e25e2c706deebc7afd2bf2649568798cad3a9698425f8218b23d5 SHA512 (actionview-6.1.7.4.gem) = 5c065183c7fc16011a694ad9b986a0f8e8332421e572ca9c47f27ef06361ee9f5d8095a7b7dfff1911fda263a73d279261397c96555635c93b62985d2314439f Size (actionview-6.1.7.4.gem) = 172544 bytes @ 1.17 log @www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/01/19 14:31:10 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.2.gem) = 29df136f9fac04754f1b58b6eb1f239b682aac52822ca899cc4e08f5fc3f3fb6 SHA512 (actionview-6.1.7.2.gem) = 8e3f0c2fd87047390f786b7e7a00915c0ed65bb09ca4d91e4e41694152f05fe39df184460ac5c3dc194cc0b49484bab25dba71ca391469524f904f33d43d876d Size (actionview-6.1.7.2.gem) = 172032 bytes @ 1.16 log @www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:41 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.1.gem) = c6effc3f9e01e3b8ea78ccbed39061ff75cc18feee7d016818c7c61d5732c9c8 SHA512 (actionview-6.1.7.1.gem) = 5572e0e53c0c8aed71b542638c6a978f30c5ac4e51f53bce331de235db522ce4b8968f5096e1d9a4c9f8ea626ded6cf5936ab8845f597676a66e5aeaef725c7a Size (actionview-6.1.7.1.gem) = 172032 bytes @ 1.15 log @www/ruby-rails61: update to 6.1.7 Ruby on Rails 6.1.7 release on 9th September 2022. Active Record and Active Storage are updated: Active Record * Symbol is allowed by default for YAML columns Étienne Barrié * Fix ActiveRecord::Store to serialize as a regular Hash Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess which is wasteful and cause problem with YAML safe_load. Jean Boussier * Fix PG.connect keyword arguments deprecation warning on ruby 2.7 Fixes . Nikita Vasilevsky Active Storage * Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0. fatkodima @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/07/13 14:46:23 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.gem) = 8f5da6c1e8b00afda7e87c1430401ffe51350ca4ed2163ceeb6d37ab8addf7a0 SHA512 (actionview-6.1.7.gem) = 3726c3ce4218cc40cbed9807aa0e192357a352557c60b6f6f7e1bbc4a2a840c961568b2c611a6b5beec8fe06c139781fc8ebafbe1d01682acb071e60f9911475 Size (actionview-6.1.7.gem) = 172032 bytes @ 1.15.4.1 log @Pullup ticket #6733 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: distinfo update devel/ruby-activemodel61: distinfo update devel/ruby-activestorage61: distinfo update devel/ruby-activesupport61: security update devel/ruby-railties61: distinfo update mail/ruby-actionmailbox61: distinfo update mail/ruby-actionmailer61: distinfo update textproc/ruby-actiontext61: sdistinfo update www/ruby-actioncable61: distinfo update www/ruby-actionpack61: security update www/ruby-actionview61: distinfo update www/ruby-rails61: distinfo update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.16-1.17 - devel/ruby-activejob61/distinfo 1.16-1.17 - devel/ruby-activemodel61/distinfo 1.16-1.17 - devel/ruby-activestorage61/distinfo 1.16-1.17 - devel/ruby-activesupport61/distinfo 1.16-1.17 - devel/ruby-railties61/distinfo 1.16-1.17 - lang/ruby/rails.mk 1.139,1.141 - mail/ruby-actionmailbox61/distinfo 1.16-1.17 - mail/ruby-actionmailer61/distinfo 1.16-1.17 - textproc/ruby-actiontext61/distinfo 1.16-1.17 - www/ruby-actioncable61/distinfo 1.16-1.17 - www/ruby-actionpack61/Makefile 1.4 - www/ruby-actionpack61/distinfo 1.16-1.17 - www/ruby-actionview61/distinfo 1.16-1.17 - www/ruby-rails61/distinfo 1.16-1.17 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Jan 19 14:31:11 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: Makefile distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jan 25 13:27:10 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:41 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.7.2.gem) = 29df136f9fac04754f1b58b6eb1f239b682aac52822ca899cc4e08f5fc3f3fb6 SHA512 (actionview-6.1.7.2.gem) = 8e3f0c2fd87047390f786b7e7a00915c0ed65bb09ca4d91e4e41694152f05fe39df184460ac5c3dc194cc0b49484bab25dba71ca391469524f904f33d43d876d Size (actionview-6.1.7.2.gem) = 172032 bytes @ 1.14 log @www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.6.1.gem) = b6c1c9bfbb3399c156cc27e5b61316bb794f6b2ad8f857a8f822ac8ae5807d89 SHA512 (actionview-6.1.6.1.gem) = 68729c969f79837204698d651822f848c5db3ebce6c484f68b103067f997c88c6b239469ed97fa9f975f45373c7b5c490ddae4cae5f0e3e0e894217d0407a47d Size (actionview-6.1.6.1.gem) = 172032 bytes @ 1.13 log @www/ruby-rails61: update to 6.1.6 Ruby on Rails 6.1.6 (2022-05-12) Active Support * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML. Action View * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag. Action Pack * Allow Content Security Policy DSL to generate for API responses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/05/05 03:29:32 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.6.gem) = 97182e1d24b4f770b159de9303958a858d211efa85f86af0dc07dc1e2d59d236 SHA512 (actionview-6.1.6.gem) = e41df540b79536157c681ffc6c938775c3180bac6f82cef472a40a24382fd32afe05ea76fd67041edc0af32426a3f345b5a4e412fc28706c9f9b02557b540668 Size (actionview-6.1.6.gem) = 172032 bytes @ 1.13.2.1 log @Pullup ticket #6655 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.14 - devel/ruby-activejob61/distinfo 1.14 - devel/ruby-activemodel61/distinfo 1.14 - devel/ruby-activestorage61/distinfo 1.14 - devel/ruby-activesupport61/distinfo 1.14 - devel/ruby-railties61/Makefile 1.4 - devel/ruby-railties61/distinfo 1.14 - lang/ruby/rails.mk 1.131 - mail/ruby-actionmailbox61/distinfo 1.14 - mail/ruby-actionmailer61/distinfo 1.14 - textproc/ruby-actiontext61/distinfo 1.14 - www/ruby-actioncable61/distinfo 1.14 - www/ruby-actionpack61/distinfo 1.14 - www/ruby-actionview61/distinfo 1.14 - www/ruby-rails61/distinfo 1.14 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 14:46:24 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: Makefile distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:22 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.6.1.gem) = b6c1c9bfbb3399c156cc27e5b61316bb794f6b2ad8f857a8f822ac8ae5807d89 SHA512 (actionview-6.1.6.1.gem) = 68729c969f79837204698d651822f848c5db3ebce6c484f68b103067f997c88c6b239469ed97fa9f975f45373c7b5c490ddae4cae5f0e3e0e894217d0407a47d Size (actionview-6.1.6.1.gem) = 172032 bytes @ 1.12 log @www/ruby-actionview61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option `:escape_attributes` to `:escape`, to simplify by applying the option to the whole tag. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG. *Nate Berkopec* * Add `autocomplete="off"` to all generated hidden fields. Fixes #42610. *Ryan Baumann* * Fix `current_page?` when URL has trailing slash. This fixes the `current_page?` helper when the given URL has a trailing slash, and is an absolute URL or also has query params. Fixes #33956. *Jonathan Hefner* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2022/03/13 15:11:51 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.5.1.gem) = 0b42f114c52b45a33098049853e36a935eca6d90ce84ae756c7d8a8767c140c0 SHA512 (actionview-6.1.5.1.gem) = 6b3a241aa3d4d15b74c766281a18ee950f0eff97fba013acf648804a73042406a66af9172856c0e3f98715728ca3a067b5ab24068a53541287b8d04a3fdcd747 Size (actionview-6.1.5.1.gem) = 172032 bytes @ 1.11 log @www/ruby-rails61: update to 6.1.4.7 Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up to pkgsrc-2021Q4. Changes are in devel/ruby-activestorage61 only. ## Rails 6.1.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2022/02/13 07:35:05 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.4.7.gem) = 44be8646b9265431f7e2c92010cd982f590b4600dedde17b80dc5bf2e4f244a1 SHA512 (actionview-6.1.4.7.gem) = ecd96b954b2746aaf32da6f4f21bae87fd0d8a60c24843b852ba0f623489037f0b84e808bdd5a75d073d5d0e69db9dce0fa400b96091c4e660e9de6dc69fc52f Size (actionview-6.1.4.7.gem) = 171520 bytes @ 1.11.2.1 log @Pullup ticket #6630 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update lang/ruby: version info update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.12 - devel/ruby-activejob61/distinfo 1.12 - devel/ruby-activemodel61/distinfo 1.12 - devel/ruby-activestorage61/Makefile 1.5 - devel/ruby-activestorage61/distinfo 1.12 - devel/ruby-activesupport61/Makefile 1.4 - devel/ruby-activesupport61/distinfo 1.12 - devel/ruby-railties61/distinfo 1.12 - lang/ruby/rails.mk 1.121 - mail/ruby-actionmailbox61/PLIST 1.2 - mail/ruby-actionmailbox61/distinfo 1.12 - mail/ruby-actionmailer61/PLIST 1.2 - mail/ruby-actionmailer61/distinfo 1.12 - textproc/ruby-actiontext61/distinfo 1.12 - www/ruby-actioncable61/distinfo 1.12 - www/ruby-actionpack61/distinfo 1.12 - www/ruby-actionview61/distinfo 1.12 - www/ruby-rails61/distinfo 1.12 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:38:25 UTC 2022 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:21 UTC 2022 Modified Files: pkgsrc/devel/ruby-activesupport61: Makefile distinfo Log Message: devel/ruby-activesupport61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Add the method `ERB::Util.xml_name_escape` to escape dangerous characters in names of tags and names of attributes, following the specification of XML. *lvaro Martn Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveSupport::Duration.build` to support negative values. The algorithm to collect the `parts` of the `ActiveSupport::Duration` ignored the sign of the `value` and accumulated incorrect part values. This impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but not `ActiveSupport::Duration#eql?` (which is dependent on `value`). *Caleb Buxton*, *Braden Staudacher* * `Time#change` and methods that call it (eg. `Time#advance`) will now return a `Time` with the timezone argument provided, if the caller was initialized with a timezone argument. Fixes [#42467](https://github.com/rails/rails/issues/42467). *Alex Ghiculescu* * Clone to keep extended Logger methods for tagged logger. *Orhan Toy* * `assert_changes` works on including `ActiveSupport::Assertions` module. *Pedro Medeiros* To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:57 UTC 2022 Modified Files: pkgsrc/devel/ruby-activemodel61: distinfo Log Message: devel/ruby-activemodel61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Clear secure password cache if password is set to `nil` Before: user.password = 'something' user.password = nil user.password # => 'something' Now: user.password = 'something' user.password = nil user.password # => nil *Markus Doits* * Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup` Passing a last positional argument `{}` would be incorrectly considered as keyword argument. *Benoit Daloze* * Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object. *Ryuta Kamizono* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:29:32 UTC 2022 Modified Files: pkgsrc/www/ruby-actionview61: distinfo Log Message: www/ruby-actionview61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option `:escape_attributes` to `:escape`, to simplify by applying the option to the whole tag. *lvaro Martn Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG. *Nate Berkopec* * Add `autocomplete="off"` to all generated hidden fields. Fixes #42610. *Ryan Baumann* * Fix `current_page?` when URL has trailing slash. This fixes the `current_page?` helper when the given URL has a trailing slash, and is an absolute URL or also has query params. Fixes #33956. *Jonathan Hefner* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:02 UTC 2022 Modified Files: pkgsrc/www/ruby-actionpack61: distinfo Log Message: www/ruby-actionpack61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 6.1.5 (March 09, 2022) ## * Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, "https://example.com"] } end ``` With this fix the policy generated from above will now be valid. *Edouard Chin* * Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813. *Nikita Vyrko* * Dup arrays that get "converted". Fixes #43681. *Aaron Patterson* * Don't show deprecation warning for equal paths. *Anton Rieder* * Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094. *Alex Ghiculescu* * Add fallback host for SystemTestCase driven by RackTest. Fixes #42780. *Petrik de Heus* * Add more detail about what hosts are allowed. *Alex Ghiculescu* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:33 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo Log Message: databases/ruby-activerecord61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6. Ruby 2.6 and 2.7 have slightly different implementations of the `String#@@-` method. In Ruby 2.6, the receiver of the `String#@@-` method is modified under certain circumstances. This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only fixed in Ruby 2.7. Before the changes in this commit, the `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally calls the `String#@@-` method, could also modify an input string argument in Ruby 2.6 -- changing a tainted, unfrozen string into a tainted, frozen string. Fixes #43056 *Eric O'Hanlon* * Fix migration compatibility to create SQLite references/belongs_to column as integer when migration version is 6.0. `reference`/`belongs_to` in migrations with version 6.0 were creating columns as bigint instead of integer for the SQLite Adapter. *Marcelo Lauxen* * Fix dbconsole for 3-tier config. *Eileen M. Uchitelle* * Better handle SQL queries with invalid encoding. ```ruby Post.create(name: "broken \xC8 UTF-8") ``` Would cause all adapters to fail in a non controlled way in the code responsible to detect write queries. The query is now properly passed to the database connection, which might or might not be able to handle it, but will either succeed or failed in a more correct way. *Jean Boussier* * Ignore persisted in-memory records when merging target lists. *Kevin Sjberg* * Fix regression bug that caused ignoring additional conditions for preloading `has_many` through relations. Fixes #43132 *Alexander Pauly* * Fix `ActiveRecord::InternalMetadata` to not be broken by `config.active_record.record_timestamps = false` Since the model always create the timestamp columns, it has to set them, otherwise it breaks various DB management tasks. Fixes #42983 *Jean Boussier* * Fix duplicate active record objects on `inverse_of`. *Justin Carvalho* * Fix duplicate objects stored in has many association after save. Fixes #42549. *Alex Ghiculescu* * Fix performance regression in `CollectionAssocation#build`. *Alex Ghiculescu* * Fix retrieving default value for text column for MariaDB. *fatkodima* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:02 UTC 2022 Modified Files: pkgsrc/devel/ruby-activestorage61: Makefile distinfo Log Message: devel/ruby-activestorage61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Attachments can be deleted after their association is no longer defined. Fixes #42514 *Don Sisco* To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:47 UTC 2022 Modified Files: pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo Log Message: mail/ruby-actionmailbox61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Add `attachments` to the list of permitted parameters for inbound emails conductor. When using the conductor to test inbound emails with attachments, this prevents an unpermitted parameter warning in default configurations, and prevents errors for applications that set: ```ruby config.action_controller.action_on_unpermitted_parameters = :raise ``` *David Jones*, *Dana Henke* To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:28 UTC 2022 Modified Files: pkgsrc/www/ruby-actioncable61: distinfo Log Message: www/ruby-actioncable61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * The Action Cable client now ensures successful channel subscriptions: * The client maintains a set of pending subscriptions until either the server confirms the subscription or the channel is torn down. * Rectifies the race condition where an unsubscribe is rapidly followed by a subscribe (on the same channel identifier) and the requests are handled out of order by the ActionCable server, thereby ignoring the subscribe command. *Daniel Spinosa* * Truncate broadcast logging messages. *J Smith* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:59 UTC 2022 Modified Files: pkgsrc/devel/ruby-railties61: distinfo Log Message: devel/ruby-railties61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it. This order plays better with shared namespaces. *Xavier Noria* * Handle paths with spaces when editing credentials. *Alex Ghiculescu* * Support Psych 4 when loading secrets. *Nat Morcos* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:33:27 UTC 2022 Modified Files: pkgsrc/textproc/ruby-actiontext61: distinfo Log Message: textproc/ruby-actiontext61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix Action Text extra trix content wrapper. *Alexandre Ruban* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:34:37 UTC 2022 Modified Files: pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/mail/ruby-actionmailer61: PLIST distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: Update rest of Ruby on Rails 61 components. No change except version. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (actionview-6.1.5.1.gem) = 0b42f114c52b45a33098049853e36a935eca6d90ce84ae756c7d8a8767c140c0 SHA512 (actionview-6.1.5.1.gem) = 6b3a241aa3d4d15b74c766281a18ee950f0eff97fba013acf648804a73042406a66af9172856c0e3f98715728ca3a067b5ab24068a53541287b8d04a3fdcd747 Size (actionview-6.1.5.1.gem) = 172032 bytes @ 1.10 log @www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2021/12/19 05:25:03 taca Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.4.6.gem) = cbe5d9c57613790e87f1d16140f358dcdaccbfa7184e8f318744dcf691fe2c14 SHA512 (actionview-6.1.4.6.gem) = 88bee81c3273e903e0d19a02ded10790428c30c7baf9caeefb766eb015a512876f97cbc916b3131f92bfd34358fbad2345611709a2f38779d8aec9f1a97f2dfc Size (actionview-6.1.4.6.gem) = 171520 bytes @ 1.9 log @www/ruby-actionview61: update to 6.1.4.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2021/10/26 11:30:54 nia Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.4.4.gem) = ff2e6c3e6921f8c616d2c261cfb37695d7db8390654b16ecb011272b38adabde SHA512 (actionview-6.1.4.4.gem) = 05ffdcf3f2222f1b1ab4a7a0162f30e9231dff25ebbb756d038e9ced0eed5fa9c6a2729996535a698804c4455503578cd67094b20513f940ada8f3cfd7ebf53f Size (actionview-6.1.4.4.gem) = 171520 bytes @ 1.9.2.1 log @Pullup ticket #6589 - requested by taca www/wuby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.10 - devel/ruby-activejob61/distinfo 1.10 - devel/ruby-activemodel61/distinfo 1.10 - devel/ruby-activestorage61/distinfo 1.10 - devel/ruby-activesupport61/distinfo 1.10 - devel/ruby-railties61/distinfo 1.10 - lang/ruby/rails.mk 1.113 - mail/ruby-actionmailbox61/distinfo 1.10 - mail/ruby-actionmailer61/distinfo 1.10 - textproc/ruby-actiontext61/distinfo 1.10 - www/ruby-actioncable61/distinfo 1.10 - www/ruby-actionpack61/distinfo 1.10 - www/ruby-actionview61/distinfo 1.10 - www/ruby-rails61/distinfo 1.10 --- Module Name: pkgsrc Committed By: taca Date: Sun Feb 13 07:35:06 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (actionview-6.1.4.6.gem) = cbe5d9c57613790e87f1d16140f358dcdaccbfa7184e8f318744dcf691fe2c14 SHA512 (actionview-6.1.4.6.gem) = 88bee81c3273e903e0d19a02ded10790428c30c7baf9caeefb766eb015a512876f97cbc916b3131f92bfd34358fbad2345611709a2f38779d8aec9f1a97f2dfc Size (actionview-6.1.4.6.gem) = 171520 bytes @ 1.8 log @www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 15:08:38 nia Exp $ d3 3 a5 3 BLAKE2s (actionview-6.1.4.1.gem) = fd012324634a118ee92e3b5c3ab58409dd1f3444bf20723244a404172785e69f SHA512 (actionview-6.1.4.1.gem) = 2f4dd851c7137e9d74264e582c8ccc08976b8009ec923280d3c3e97f4d732bd5cd0dff7b3cedf9e5cc94a96694e07d6b099bc62f8aba3cc46cba7d09f5f7746b Size (actionview-6.1.4.1.gem) = 171520 bytes @ 1.7 log @www: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2021/08/22 07:16:46 taca Exp $ d3 1 a3 1 RMD160 (actionview-6.1.4.1.gem) = 04a5aa1e9103420c15995d480af6b94635b3ec1c @ 1.6 log @www/ruby-rails61: update to 6.1.4.1 Update Ruby on Rails 6.1 pacakges to 6.1.4.1. Real changes are in Action Pack (www/ruby-actionpack61). ## Rails 6.1.4.1 (August 19, 2021) ## * [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2021/07/04 08:01:02 taca Exp $ a2 1 SHA1 (actionview-6.1.4.1.gem) = 66bbee3671061638932ac50dd6a07c9c2a27f933 @ 1.5 log @dirs; EDITOR=emacsclient; cvs commit: update to 6.1.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/05/08 14:08:56 taca Exp $ d3 4 a6 4 SHA1 (actionview-6.1.4.gem) = a9b89f32cb1411d811833d84780045bc531a1dbf RMD160 (actionview-6.1.4.gem) = 350b37c06e5b7b5baacc32d14001efe88d97cb44 SHA512 (actionview-6.1.4.gem) = 97745ec7c7c8e0060038985233723de4cf0282ccc75689251aacafeb93b40537fa37ddc8efbbb6b3b3d51ac82c12db966034aad30d6987148c39ba973f5d86a7 Size (actionview-6.1.4.gem) = 171520 bytes @ 1.4 log @www/ruby-rails61: update to 6.1.3.2 Real changes are in www/ruby-actionpack61 only. ## Rails 6.1.3.2 (May 05, 2021) ## * Prevent open redirects by correctly escaping the host allow list CVE-2021-22903 * Prevent catastrophic backtracking during mime parsing CVE-2021-22902 * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/04/11 13:28:01 taca Exp $ d3 4 a6 4 SHA1 (actionview-6.1.3.2.gem) = c3ea9125b5e53f3bb8ffa6713ab2360315a1dd12 RMD160 (actionview-6.1.3.2.gem) = 7ad20679d1b3f387cf55c27482217ccd8112c237 SHA512 (actionview-6.1.3.2.gem) = 9da15c7a7edb6bb64dcb187b553847d8a2b312fb1044398dcdd206248287a5e83c3929430011191c3e6f5bb0cd1393f9bae2a0b6621fe19897efd34b8511302c Size (actionview-6.1.3.2.gem) = 171008 bytes @ 1.3 log @www/ruby-rails61: update to 6.1.3.1 Real changes are in devel/devel/ruby-activestorage61 only. ## Rails 6.1.3.1 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. *George Claghorn* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/02/28 15:42:40 taca Exp $ d3 4 a6 4 SHA1 (actionview-6.1.3.1.gem) = c3f6ab5576bc1d049261c453be17182ce14e4620 RMD160 (actionview-6.1.3.1.gem) = 99a65ea5a981eda96b04c3e4f82f27e7d45477ad SHA512 (actionview-6.1.3.1.gem) = e2e5018912258933de77f7fa9392dc209576bf922960051ae78d42453f936cab2347f93cba81f82397b8979683e8e58f577ba295a6f64085d3ea61cfae63b10a Size (actionview-6.1.3.1.gem) = 171008 bytes @ 1.2 log @www/ruby-rails61: update to 6.1.3 Rails 6.1.3 (February 17, 2021) [ActionPack] * Re-define routes when not set correctly via inheritance. *John Hawthorn* [ActiveRecord] * Fix the MySQL adapter to always set the right collation and charset to the connection session. *Rafael Mendonça França* * Fix MySQL adapter handling of time objects when prepared statements are enabled. *Rafael Mendonça França* * Fix scoping in enum fields using conditions that would generate an IN clause. *Ryuta Kamizono* * Skip optimised #exist? query when #include? is called on a relation with a having clause Relations that have aliased select values AND a having clause that references an aliased select value would generate an error when #include? was called, due to an optimisation that would generate call #exists? on the relation instead, which effectively alters the select values of the query (and thus removes the aliased select values), but leaves the having clause intact. Because the having clause is then referencing an aliased column that is no longer present in the simplified query, an ActiveRecord::InvalidStatement error was raised. An sample query affected by this problem: Author.select('COUNT(*) as total_posts', 'authors.*') .joins(:posts) .group(:id) .having('total_posts > 2') .include?(Author.first) This change adds an addition check to the condition that skips the simplified #exists? query, which simply checks for the presence of a having clause. Fixes #41417 *Michael Smart* * Increment postgres prepared statement counter before making a prepared statement, so if the statement is aborted without Rails knowledge (e.g., if app gets kill -9d during long-running query or due to Rack::Timeout), app won't end up in perpetual crash state for being inconsistent with Postgres. *wbharding*, *Martin Tepper* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2021/02/14 13:58:16 taca Exp $ d3 4 a6 4 SHA1 (actionview-6.1.3.gem) = 3f2db1f16e016c5ddac4b123163a0b2cea1536fc RMD160 (actionview-6.1.3.gem) = 2e142be9c738a36cf3bbcc79f082ac04e1c04841 SHA512 (actionview-6.1.3.gem) = 9fd1bc2003c9489473201a8f49bcf935cb775b0e215fdb205ca0cd41988cb7933573839b33ad893a8619e3f358fe07c2581b5bc9a49ade329931a2033963f626 Size (actionview-6.1.3.gem) = 171008 bytes @ 1.1 log @www/ruby-actionview61: add package version 6.1.2.1 Action View provides simple, battle-tested conventions and helpers for building web pages. This is for Ruby on Rails 6.1. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (actionview-6.1.2.1.gem) = 9c24c237b21a6ff42760bef8b9b244459bf294bb RMD160 (actionview-6.1.2.1.gem) = 74a4f88d33a7c393da91b14e954a4445da4c641d SHA512 (actionview-6.1.2.1.gem) = 1115a3ff54f6ad1cdc1202972f7db443e3b8812c81c0a48d04e3bbd42fbd684544367c7a2de274c7d8328cc88650854848a0b5031be9d9b4c58f779b694bfc98 Size (actionview-6.1.2.1.gem) = 171008 bytes @