head 1.25; access; symbols pkgsrc-2026Q1:1.24.0.12 pkgsrc-2026Q1-base:1.24 pkgsrc-2025Q4:1.24.0.10 pkgsrc-2025Q4-base:1.24 pkgsrc-2025Q3:1.24.0.8 pkgsrc-2025Q3-base:1.24 pkgsrc-2025Q2:1.24.0.6 pkgsrc-2025Q2-base:1.24 pkgsrc-2025Q1:1.24.0.4 pkgsrc-2025Q1-base:1.24 pkgsrc-2024Q4:1.24.0.2 pkgsrc-2024Q4-base:1.24 pkgsrc-2024Q3:1.22.0.4 pkgsrc-2024Q3-base:1.22 pkgsrc-2024Q2:1.22.0.2 pkgsrc-2024Q2-base:1.22 pkgsrc-2024Q1:1.21.0.2 pkgsrc-2024Q1-base:1.21 pkgsrc-2023Q4:1.20.0.4 pkgsrc-2023Q4-base:1.20 pkgsrc-2023Q3:1.20.0.2 pkgsrc-2023Q3-base:1.20 pkgsrc-2023Q2:1.18.0.4 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.18.0.2 pkgsrc-2023Q1-base:1.18 pkgsrc-2022Q4:1.15.0.4 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.15.0.2 pkgsrc-2022Q3-base:1.15 pkgsrc-2022Q2:1.13.0.2 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.11.0.2 pkgsrc-2022Q1-base:1.11 pkgsrc-2021Q4:1.9.0.2 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.6.0.2 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.4.0.2 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.2.0.2 pkgsrc-2021Q1-base:1.2; locks; strict; comment @# @; 1.25 date 2026.05.05.08.17.50; author taca; state dead; branches; next 1.24; commitid lr4jZbS8kTvMiBEG; 1.24 date 2024.10.27.14.29.40; author taca; state Exp; branches; next 1.23; commitid Hc9Aloo1cXEtcjvF; 1.23 date 2024.10.21.14.58.58; author taca; state Exp; branches; next 1.22; commitid e99DE75ugU8myxuF; 1.22 date 2024.06.05.16.21.35; author taca; state Exp; branches; next 1.21; commitid pKKVOz5I73fQrOcF; 1.21 date 2024.02.24.14.42.41; author taca; state Exp; branches 1.21.2.1; next 1.20; commitid dMa293WgUtfbbHZE; 1.20 date 2023.08.26.15.23.29; author taca; state Exp; branches; next 1.19; commitid Yo4AOkqx9V2TfjCE; 1.19 date 2023.06.27.13.35.18; author taca; state Exp; branches; next 1.18; commitid O8aF69XeGtOlAAuE; 1.18 date 2023.03.15.13.31.49; author taca; state Exp; branches 1.18.4.1; next 1.17; commitid qVRHt7J0cHGoUdhE; 1.17 date 2023.01.25.13.27.10; author taca; state Exp; branches; next 1.16; commitid nbgl0tWcCcersVaE; 1.16 date 2023.01.19.14.31.11; author taca; state Exp; branches; next 1.15; commitid 8ZJ1ksyFQnUn0aaE; 1.15 date 2022.09.10.08.24.42; author taca; state Exp; branches 1.15.4.1; next 1.14; commitid 6Sb0ZyedTcCJbiTD; 1.14 date 2022.07.13.14.46.24; author taca; state Exp; branches; next 1.13; commitid b5k4UpOSswlfcKLD; 1.13 date 2022.06.07.15.05.23; author taca; state Exp; branches 1.13.2.1; next 1.12; commitid 94DP7iCcELNvs7HD; 1.12 date 2022.05.05.03.34.36; author taca; state Exp; branches; next 1.11; commitid 34P9gWbnHmgfHOCD; 1.11 date 2022.03.13.15.11.52; author taca; state Exp; branches 1.11.2.1; next 1.10; commitid cTFn59RGFpn7g4wD; 1.10 date 2022.02.13.07.35.06; author taca; state Exp; branches; next 1.9; commitid dxMDajEabLleDqsD; 1.9 date 2021.12.19.05.32.02; author taca; state Exp; branches 1.9.2.1; next 1.8; commitid g9vNikWDWg8EKdlD; 1.8 date 2021.10.26.11.31.04; author nia; state Exp; branches; next 1.7; commitid Gv0TNLbuylhFsjeD; 1.7 date 2021.10.07.15.08.46; author nia; state Exp; branches; next 1.6; commitid kEwAbZZbki9jhTbD; 1.6 date 2021.08.22.07.16.47; author taca; state Exp; branches; next 1.5; commitid rFBRgwR8X8mH9W5D; 1.5 date 2021.07.04.08.05.51; author taca; state Exp; branches; next 1.4; commitid OgG1bH492eW80EZC; 1.4 date 2021.05.08.14.08.57; author taca; state Exp; branches; next 1.3; commitid xT7hp1Cwoc8eQlSC; 1.3 date 2021.04.11.13.28.02; author taca; state Exp; branches; next 1.2; commitid ojVj9UR3VuKWtSOC; 1.2 date 2021.02.28.15.42.41; author taca; state Exp; branches; next 1.1; commitid 7pqUCCXfZTplzuJC; 1.1 date 2021.02.14.14.10.02; author taca; state Exp; branches; next ; commitid fRoL5aCdyu68wGHC; 1.21.2.1 date 2024.06.13.17.16.50; author bsiegert; state Exp; branches; next ; commitid 2kq3Ai7NKk3TuQdF; 1.18.4.1 date 2023.06.30.18.41.56; author bsiegert; state Exp; branches; next ; commitid NnnxBbs8ehPBb0vE; 1.15.4.1 date 2023.03.04.14.10.23; author spz; state Exp; branches; next ; commitid z0Mpayg7Eu2CtOfE; 1.13.2.1 date 2022.07.23.19.35.08; author spz; state Exp; branches; next ; commitid 0ogLPDtEKXGqt3ND; 1.11.2.1 date 2022.06.04.09.31.42; author spz; state Exp; branches; next ; commitid 6heywWYUC6I3IHGD; 1.9.2.1 date 2022.03.03.19.12.00; author bsiegert; state Exp; branches; next ; commitid ZRy4g549ae7uUNuD; desc @@ 1.25 log @www/ruby-rails61: remove related packages Ruby on Rails 6.1 EOL since 2024-10-23 and it was kept for Redmine 5.1. @ text @$NetBSD: distinfo,v 1.24 2024/10/27 14:29:40 taca Exp $ BLAKE2s (rails-6.1.7.10.gem) = dab2c4b2046440ef9131ddaf65352a2c740f74c8890d08eba972d42c9f18f54d SHA512 (rails-6.1.7.10.gem) = d3fcb7fcb15729ac76318ff5dec00ec042e1735864420a31d3ec584df029a3b7cef95363c6030435ac5d0888d773e83366c89b38edc9d37773be8b60d1524f35 Size (rails-6.1.7.10.gem) = 6656 bytes @ 1.24 log @www/ruby-rails61: update to 6.1.7.10 Security fix of ruby-action-mailer61. Other packages have no change except their version. Action Mailer * Fix NoMethodError in block_format helper [Michael Leimstaedtner] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2024/10/21 14:58:58 taca Exp $ @ 1.23 log @www/ruby-rails61: update to 6.1.7.9 Update Ruby on Rails 6.1 to 6.1.7.9. Active Support * No changes. Active Model * No changes. Active Record * No changes. Action View * No changes. Action Pack * Avoid regex backtracking in HTTP Token authentication [CVE-2024-47887] * Avoid regex backtracking in query parameter filtering [CVE-2024-41128] Active Job * No changes. Action Mailer * Avoid regex backtracking in block_format helper [CVE-2024-47889] Action Cable * No changes. Active Storage * No changes. Action Mailbox * No changes. Action Text * Avoid backtracing in plain_text_for_blockquote_node [CVE-2024-47888] Railties * No changes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2024/06/05 16:21:35 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.9.gem) = b99b3c8b08a550c203df3bb87ee470d102bb5d9520dc2420884f8078d28b35c9 SHA512 (rails-6.1.7.9.gem) = 31b12f28e4263e689870583bfa2136f4a65e0f7ef8d4a25634d565a84834088371a37ef2c428fb56d02f0ae828b613453e1db90137be3a9c4ab67f866189b6e6 Size (rails-6.1.7.9.gem) = 6656 bytes @ 1.22 log @www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:41 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.8.gem) = eca08a07d2ebd8401393a61b448fe22cf3177916d2e3799cde10d535de972309 SHA512 (rails-6.1.7.8.gem) = 67ced8230133c48b4759749c911f74f9c89550430f166b35a7f31a77acefb3d153da2467b6050c916969ef8695a1d275b7bfdab024fb15b46ce641ec32a4a6ef Size (rails-6.1.7.8.gem) = 6656 bytes @ 1.21 log @www/rails61: update to 6.1.7.7 Update rails61 and related pacakges to 6.1.7.7 This includes security fix for CVE-2024-26144, devel/ruby-activestorage61. Active Storage * Disables the session in ActiveStorage::Blobs::ProxyController and ActiveStorage::Representations::ProxyController in order to allow caching by default in some CDNs as CloudFlare Fixes #44136 Bruno Prieto @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2023/08/26 15:23:29 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.7.gem) = 12e21f23ba14ed4f79b62a088c1fa134b1c0d347405696d1cc0e2391e00db02e SHA512 (rails-6.1.7.7.gem) = 3566fe89b223227e337d23e8a863a12d7b9557bc80e90aef8ae44c30c270348569b78d83c5f9667a81656440f41161aa0e982f0840f4d3846b787a436bdc3e89 Size (rails-6.1.7.7.gem) = 6656 bytes @ 1.21.2.1 log @Pullup ticket #6861 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.22 - devel/ruby-activejob61/distinfo 1.22 - devel/ruby-activemodel61/distinfo 1.22 - devel/ruby-activestorage61/distinfo 1.22 - devel/ruby-activesupport61/distinfo 1.22 - devel/ruby-railties61/distinfo 1.22 - lang/ruby/rails.mk 1.162 - mail/ruby-actionmailbox61/distinfo 1.22 - mail/ruby-actionmailer61/distinfo 1.22 - textproc/ruby-actiontext61/distinfo 1.22 - www/ruby-actioncable61/distinfo 1.22 - www/ruby-actionpack61/distinfo 1.22 - www/ruby-actionview61/distinfo 1.22 - www/ruby-rails61/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 5 16:21:36 UTC 2024 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.8 Security fix for CVE-2024-28103 (www/ruby-actionpack61 package). Ruby on Rails 6.1.7.8 (2024-06-04) Action Pack * Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/02/24 14:42:41 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.8.gem) = eca08a07d2ebd8401393a61b448fe22cf3177916d2e3799cde10d535de972309 SHA512 (rails-6.1.7.8.gem) = 67ced8230133c48b4759749c911f74f9c89550430f166b35a7f31a77acefb3d153da2467b6050c916969ef8695a1d275b7bfdab024fb15b46ce641ec32a4a6ef Size (rails-6.1.7.8.gem) = 6656 bytes @ 1.20 log @www/ruby-rails61: update to 6.1.7.6 6.1.7.5 (2023-08-22) Active Support * Use a temporary file for storing unencrypted files while editing [CVE-2023-38037] 6.1.7.6 (2023-08-22) * No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2023/06/27 13:35:18 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.6.gem) = 7bddacedb5261b8f3895e26a7d07282fc488c0ba76445285993eedd601814e00 SHA512 (rails-6.1.7.6.gem) = c2233f8e92d2d4ad02f03c189a5a94cc97c40e35ca1423cfcdbea92f46f7cb73be595ef979c8a7f734c92bb76dbb85b4653d92a7d91f51361693b2369a184a22 Size (rails-6.1.7.6.gem) = 6656 bytes @ 1.19 log @www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:49 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.4.gem) = aef6d176275f57a3d3083282017b53a3e2b764d7369104c17465929ab52752ff SHA512 (rails-6.1.7.4.gem) = 76acdcdb9d882d5e4f9fdc039e407b52ac15625f267cea932f28d724ca05d468a21a699d235fbd8b11cd0b4b2de8517fa608ef469df6d6c5c609fefbd9a169a8 Size (rails-6.1.7.4.gem) = 6656 bytes @ 1.18 log @www/ruby-rails61: update to 6.1.7.3 6.1.7.3 (2023-03-13) Active Support * Implement SafeBuffer#bytesplice [CVE-2023-28120] Action View * Ignore certain data-* attributes in rails-ujs when element is contenteditable [CVE-2023-23913] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2023/01/25 13:27:10 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.3.gem) = 5958a38ef3ebfb5c61650e269e2fc934e350f2d710eb838b1cf37460646db921 SHA512 (rails-6.1.7.3.gem) = ff4b22af73e72ecdfb6ae9c6ae060d2881eb74456ba5cdd81b27a21e55193dd593f4a11ed1b6a22af49e5d7cf3b9c921cfa0e03c8984da7fa5975ea7696184b0 Size (rails-6.1.7.3.gem) = 6656 bytes @ 1.18.4.1 log @Pullup ticket #6766 - requested by taca www/ruby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.19 - devel/ruby-activejob61/distinfo 1.19 - devel/ruby-activemodel61/distinfo 1.19 - devel/ruby-activestorage61/distinfo 1.19 - devel/ruby-activesupport61/distinfo 1.19 - devel/ruby-railties61/distinfo 1.19 - lang/ruby/rails.mk 1.146 - mail/ruby-actionmailbox61/distinfo 1.19 - mail/ruby-actionmailer61/distinfo 1.19 - textproc/ruby-actiontext61/distinfo 1.19 - www/ruby-actioncable61/distinfo 1.19 - www/ruby-actionpack61/distinfo 1.19 - www/ruby-actionview61/distinfo 1.19 - www/ruby-rails61/distinfo 1.19 --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 27 13:35:19 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/rails61: update to 6.1.7.4 Rails 6.1.7.4 (2023-06-26) Action Pack * Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362] *Zack Deveau* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/03/15 13:31:49 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.4.gem) = aef6d176275f57a3d3083282017b53a3e2b764d7369104c17465929ab52752ff SHA512 (rails-6.1.7.4.gem) = 76acdcdb9d882d5e4f9fdc039e407b52ac15625f267cea932f28d724ca05d468a21a699d235fbd8b11cd0b4b2de8517fa608ef469df6d6c5c609fefbd9a169a8 Size (rails-6.1.7.4.gem) = 6656 bytes @ 1.17 log @www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/01/19 14:31:11 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.2.gem) = 890447e053d041953b8950f6bb4b2462b2ac69480cefe18d29b9eb0e19cfff6d SHA512 (rails-6.1.7.2.gem) = 28ca21666905462d7663aa5fb0ea4e5b2058235b3243408ecf474073e48eb97473e94367323df5476b159912510d96262e92fb5b2791b995180c6a7adf59ea44 Size (rails-6.1.7.2.gem) = 6656 bytes @ 1.16 log @www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:42 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.1.gem) = 3a21aaf334dd581bddf807df6cf1938fb61d2eaf86b426e007e485414d41fce8 SHA512 (rails-6.1.7.1.gem) = 286d4a3376d10245ad34d737344ea107694452b1183fb54810465b9568ad9b9681d6697c42e116b847f79476a17949723d3d7543860314a966809a9052036d3e Size (rails-6.1.7.1.gem) = 6656 bytes @ 1.15 log @www/ruby-rails61: update to 6.1.7 Ruby on Rails 6.1.7 release on 9th September 2022. Active Record and Active Storage are updated: Active Record * Symbol is allowed by default for YAML columns Étienne Barrié * Fix ActiveRecord::Store to serialize as a regular Hash Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess which is wasteful and cause problem with YAML safe_load. Jean Boussier * Fix PG.connect keyword arguments deprecation warning on ruby 2.7 Fixes . Nikita Vasilevsky Active Storage * Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0. fatkodima @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/07/13 14:46:24 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.gem) = 4afd2f6f5e8c3a4553a37288c19c16353cb6c770ab1f8bbc4f6fe479692206be SHA512 (rails-6.1.7.gem) = e89151c39c62748983e83b11a4c092874489df30329e377097448802a76851d7c1c340180b19b056d3e3658c8157a076ca9b4e68c8cd6bc3819811509c3e80d5 Size (rails-6.1.7.gem) = 6656 bytes @ 1.15.4.1 log @Pullup ticket #6733 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: distinfo update devel/ruby-activemodel61: distinfo update devel/ruby-activestorage61: distinfo update devel/ruby-activesupport61: security update devel/ruby-railties61: distinfo update mail/ruby-actionmailbox61: distinfo update mail/ruby-actionmailer61: distinfo update textproc/ruby-actiontext61: sdistinfo update www/ruby-actioncable61: distinfo update www/ruby-actionpack61: security update www/ruby-actionview61: distinfo update www/ruby-rails61: distinfo update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.16-1.17 - devel/ruby-activejob61/distinfo 1.16-1.17 - devel/ruby-activemodel61/distinfo 1.16-1.17 - devel/ruby-activestorage61/distinfo 1.16-1.17 - devel/ruby-activesupport61/distinfo 1.16-1.17 - devel/ruby-railties61/distinfo 1.16-1.17 - lang/ruby/rails.mk 1.139,1.141 - mail/ruby-actionmailbox61/distinfo 1.16-1.17 - mail/ruby-actionmailer61/distinfo 1.16-1.17 - textproc/ruby-actiontext61/distinfo 1.16-1.17 - www/ruby-actioncable61/distinfo 1.16-1.17 - www/ruby-actionpack61/Makefile 1.4 - www/ruby-actionpack61/distinfo 1.16-1.17 - www/ruby-actionview61/distinfo 1.16-1.17 - www/ruby-rails61/distinfo 1.16-1.17 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Jan 19 14:31:11 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: Makefile distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.1 Rails 6.1.7.1 (2023-01-17) devel/ruby-activesupport61 * Avoid regex backtracking in Inflector.underscore [CVE-2023-22796] www/ruby-actionpack61 * Avoid regex backtracking on If-None-Match header [CVE-2023-22795] * Use string#split instead of regex for domain parts [CVE-2023-22792] databases/ruby-activerecord61 * Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794] * Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jan 25 13:27:10 UTC 2023 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.7.2 Rails 6.1.7.2 (2023-01-24) www/ruby-actionpack61 * Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/09/10 08:24:42 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.7.2.gem) = 890447e053d041953b8950f6bb4b2462b2ac69480cefe18d29b9eb0e19cfff6d SHA512 (rails-6.1.7.2.gem) = 28ca21666905462d7663aa5fb0ea4e5b2058235b3243408ecf474073e48eb97473e94367323df5476b159912510d96262e92fb5b2791b995180c6a7adf59ea44 Size (rails-6.1.7.2.gem) = 6656 bytes @ 1.14 log @www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:23 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.6.1.gem) = a7d54dd9ef562da483e155f0941c9f97c73a09ac16164efc7bbc2417c35839c8 SHA512 (rails-6.1.6.1.gem) = 90ef98bbedd76feb4c1835062069cc5afd5bf5c191cd0858efe03dc5fa80194773ec7b21a3296a24089178faa14f1cd68f8e9d934f362b03ebeef81998a7f18c Size (rails-6.1.6.1.gem) = 6656 bytes @ 1.13 log @www/ruby-rails61: update to 6.1.6 Ruby on Rails 6.1.6 (2022-05-12) Active Support * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML. Action View * Fix and add protections for XSS in ActionView::Helpers and ERB::Util. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag. Action Pack * Allow Content Security Policy DSL to generate for API responses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/05/05 03:34:36 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.6.gem) = 5257df5c9e5efdfe6bff2fe664243974fb753c300798ba5467002393ac10ba6d SHA512 (rails-6.1.6.gem) = 60639b4247029d90ef12dffad37a007672d0cc3672316da540ed38e7d6c8a2702ed51e5a48797e1db5beffa042007cc9a134924d8f1f242f49f0c470c80f750f Size (rails-6.1.6.gem) = 6656 bytes @ 1.13.2.1 log @Pullup ticket #6655 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.14 - devel/ruby-activejob61/distinfo 1.14 - devel/ruby-activemodel61/distinfo 1.14 - devel/ruby-activestorage61/distinfo 1.14 - devel/ruby-activesupport61/distinfo 1.14 - devel/ruby-railties61/Makefile 1.4 - devel/ruby-railties61/distinfo 1.14 - lang/ruby/rails.mk 1.131 - mail/ruby-actionmailbox61/distinfo 1.14 - mail/ruby-actionmailer61/distinfo 1.14 - textproc/ruby-actiontext61/distinfo 1.14 - www/ruby-actioncable61/distinfo 1.14 - www/ruby-actionpack61/distinfo 1.14 - www/ruby-actionview61/distinfo 1.14 - www/ruby-rails61/distinfo 1.14 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 14:46:24 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: Makefile distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.6.1 Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only. databases/ruby-activerecord61 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/06/07 15:05:23 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.6.1.gem) = a7d54dd9ef562da483e155f0941c9f97c73a09ac16164efc7bbc2417c35839c8 SHA512 (rails-6.1.6.1.gem) = 90ef98bbedd76feb4c1835062069cc5afd5bf5c191cd0858efe03dc5fa80194773ec7b21a3296a24089178faa14f1cd68f8e9d934f362b03ebeef81998a7f18c Size (rails-6.1.6.1.gem) = 6656 bytes @ 1.12 log @Update rest of Ruby on Rails 61 components. No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2022/03/13 15:11:52 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.5.1.gem) = 6f2be740278671625286b3c7675fa0d623bb5cfc196ab466e5bf7f184c27ef1d SHA512 (rails-6.1.5.1.gem) = 852ff9009d6820161458db0df255db96d85584453716f2b67d273558fcdb4ce9ea5c09f46dbb54a10015c327cf660ab04d5c613608beb7fd9e8a61824fc8c6f4 Size (rails-6.1.5.1.gem) = 6656 bytes @ 1.11 log @www/ruby-rails61: update to 6.1.4.7 Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up to pkgsrc-2021Q4. Changes are in devel/ruby-activestorage61 only. ## Rails 6.1.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2022/02/13 07:35:06 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.4.7.gem) = 3186b2635736c598025a351b5177960431aa7658d4f95b57a98f46e44ae8a2bb SHA512 (rails-6.1.4.7.gem) = 1a2407d6257017246d4c66f999d325bdd73dc655124c4077b56cee4502c3e50b2b9cf399b2dd39d339c3a6fac86e29b22edab2799b76026dee0ca31b85b6fbc5 Size (rails-6.1.4.7.gem) = 6656 bytes @ 1.11.2.1 log @Pullup ticket #6630 - requested by taca databases/ruby-activerecord61: security update devel/ruby-activejob61: security update devel/ruby-activemodel61: security update devel/ruby-activestorage61: security update devel/ruby-activesupport61: security update devel/ruby-railties61: security update lang/ruby: version info update mail/ruby-actionmailbox61: security update mail/ruby-actionmailer61: security update textproc/ruby-actiontext61: security update www/ruby-actioncable61: security update www/ruby-actionpack61: security update www/ruby-actionview61: security update www/ruby-rails61: security update Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.12 - devel/ruby-activejob61/distinfo 1.12 - devel/ruby-activemodel61/distinfo 1.12 - devel/ruby-activestorage61/Makefile 1.5 - devel/ruby-activestorage61/distinfo 1.12 - devel/ruby-activesupport61/Makefile 1.4 - devel/ruby-activesupport61/distinfo 1.12 - devel/ruby-railties61/distinfo 1.12 - lang/ruby/rails.mk 1.121 - mail/ruby-actionmailbox61/PLIST 1.2 - mail/ruby-actionmailbox61/distinfo 1.12 - mail/ruby-actionmailer61/PLIST 1.2 - mail/ruby-actionmailer61/distinfo 1.12 - textproc/ruby-actiontext61/distinfo 1.12 - www/ruby-actioncable61/distinfo 1.12 - www/ruby-actionpack61/distinfo 1.12 - www/ruby-actionview61/distinfo 1.12 - www/ruby-rails61/distinfo 1.12 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:38:25 UTC 2022 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:21 UTC 2022 Modified Files: pkgsrc/devel/ruby-activesupport61: Makefile distinfo Log Message: devel/ruby-activesupport61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Add the method `ERB::Util.xml_name_escape` to escape dangerous characters in names of tags and names of attributes, following the specification of XML. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveSupport::Duration.build` to support negative values. The algorithm to collect the `parts` of the `ActiveSupport::Duration` ignored the sign of the `value` and accumulated incorrect part values. This impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but not `ActiveSupport::Duration#eql?` (which is dependent on `value`). *Caleb Buxton*, *Braden Staudacher* * `Time#change` and methods that call it (eg. `Time#advance`) will now return a `Time` with the timezone argument provided, if the caller was initialized with a timezone argument. Fixes [#42467](https://github.com/rails/rails/issues/42467). *Alex Ghiculescu* * Clone to keep extended Logger methods for tagged logger. *Orhan Toy* * `assert_changes` works on including `ActiveSupport::Assertions` module. *Pedro Medeiros* To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:28:57 UTC 2022 Modified Files: pkgsrc/devel/ruby-activemodel61: distinfo Log Message: devel/ruby-activemodel61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Clear secure password cache if password is set to `nil` Before: user.password = 'something' user.password = nil user.password # => 'something' Now: user.password = 'something' user.password = nil user.password # => nil *Markus Doits* * Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup` Passing a last positional argument `{}` would be incorrectly considered as keyword argument. *Benoit Daloze* * Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object. *Ryuta Kamizono* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:29:32 UTC 2022 Modified Files: pkgsrc/www/ruby-actionview61: distinfo Log Message: www/ruby-actionview61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`. Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option `:escape_attributes` to `:escape`, to simplify by applying the option to the whole tag. *Álvaro Martín Fraguas* ## Rails 6.1.5 (March 09, 2022) ## * `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG. *Nate Berkopec* * Add `autocomplete="off"` to all generated hidden fields. Fixes #42610. *Ryan Baumann* * Fix `current_page?` when URL has trailing slash. This fixes the `current_page?` helper when the given URL has a trailing slash, and is an absolute URL or also has query params. Fixes #33956. *Jonathan Hefner* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:02 UTC 2022 Modified Files: pkgsrc/www/ruby-actionpack61: distinfo Log Message: www/ruby-actionpack61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 6.1.5 (March 09, 2022) ## * Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, "https://example.com"] } end ``` With this fix the policy generated from above will now be valid. *Edouard Chin* * Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813. *Nikita Vyrko* * Dup arrays that get "converted". Fixes #43681. *Aaron Patterson* * Don't show deprecation warning for equal paths. *Anton Rieder* * Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094. *Alex Ghiculescu* * Add fallback host for SystemTestCase driven by RackTest. Fixes #42780. *Petrik de Heus* * Add more detail about what hosts are allowed. *Alex Ghiculescu* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:30:33 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo Log Message: databases/ruby-activerecord61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6. Ruby 2.6 and 2.7 have slightly different implementations of the `String#@@-` method. In Ruby 2.6, the receiver of the `String#@@-` method is modified under certain circumstances. This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only fixed in Ruby 2.7. Before the changes in this commit, the `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally calls the `String#@@-` method, could also modify an input string argument in Ruby 2.6 -- changing a tainted, unfrozen string into a tainted, frozen string. Fixes #43056 *Eric O'Hanlon* * Fix migration compatibility to create SQLite references/belongs_to column as integer when migration version is 6.0. `reference`/`belongs_to` in migrations with version 6.0 were creating columns as bigint instead of integer for the SQLite Adapter. *Marcelo Lauxen* * Fix dbconsole for 3-tier config. *Eileen M. Uchitelle* * Better handle SQL queries with invalid encoding. ```ruby Post.create(name: "broken \xC8 UTF-8") ``` Would cause all adapters to fail in a non controlled way in the code responsible to detect write queries. The query is now properly passed to the database connection, which might or might not be able to handle it, but will either succeed or failed in a more correct way. *Jean Boussier* * Ignore persisted in-memory records when merging target lists. *Kevin Sjöberg* * Fix regression bug that caused ignoring additional conditions for preloading `has_many` through relations. Fixes #43132 *Alexander Pauly* * Fix `ActiveRecord::InternalMetadata` to not be broken by `config.active_record.record_timestamps = false` Since the model always create the timestamp columns, it has to set them, otherwise it breaks various DB management tasks. Fixes #42983 *Jean Boussier* * Fix duplicate active record objects on `inverse_of`. *Justin Carvalho* * Fix duplicate objects stored in has many association after save. Fixes #42549. *Alex Ghiculescu* * Fix performance regression in `CollectionAssocation#build`. *Alex Ghiculescu* * Fix retrieving default value for text column for MariaDB. *fatkodima* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:02 UTC 2022 Modified Files: pkgsrc/devel/ruby-activestorage61: Makefile distinfo Log Message: devel/ruby-activestorage61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Attachments can be deleted after their association is no longer defined. Fixes #42514 *Don Sisco* To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:31:47 UTC 2022 Modified Files: pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo Log Message: mail/ruby-actionmailbox61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Add `attachments` to the list of permitted parameters for inbound emails conductor. When using the conductor to test inbound emails with attachments, this prevents an unpermitted parameter warning in default configurations, and prevents errors for applications that set: ```ruby config.action_controller.action_on_unpermitted_parameters = :raise ``` *David Jones*, *Dana Henke* To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:28 UTC 2022 Modified Files: pkgsrc/www/ruby-actioncable61: distinfo Log Message: www/ruby-actioncable61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * The Action Cable client now ensures successful channel subscriptions: * The client maintains a set of pending subscriptions until either the server confirms the subscription or the channel is torn down. * Rectifies the race condition where an unsubscribe is rapidly followed by a subscribe (on the same channel identifier) and the requests are handled out of order by the ActionCable server, thereby ignoring the subscribe command. *Daniel Spinosa* * Truncate broadcast logging messages. *J Smith* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:32:59 UTC 2022 Modified Files: pkgsrc/devel/ruby-railties61: distinfo Log Message: devel/ruby-railties61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it. This order plays better with shared namespaces. *Xavier Noria* * Handle paths with spaces when editing credentials. *Alex Ghiculescu* * Support Psych 4 when loading secrets. *Nat Morcos* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:33:27 UTC 2022 Modified Files: pkgsrc/textproc/ruby-actiontext61: distinfo Log Message: textproc/ruby-actiontext61: update to 6.1.5.1 ## Rails 6.1.5.1 (April 26, 2022) ## * No changes. ## Rails 6.1.5 (March 09, 2022) ## * Fix Action Text extra trix content wrapper. *Alexandre Ruban* To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu May 5 03:34:37 UTC 2022 Modified Files: pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/mail/ruby-actionmailer61: PLIST distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: Update rest of Ruby on Rails 61 components. No change except version. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (rails-6.1.5.1.gem) = 6f2be740278671625286b3c7675fa0d623bb5cfc196ab466e5bf7f184c27ef1d SHA512 (rails-6.1.5.1.gem) = 852ff9009d6820161458db0df255db96d85584453716f2b67d273558fcdb4ce9ea5c09f46dbb54a10015c327cf660ab04d5c613608beb7fd9e8a61824fc8c6f4 Size (rails-6.1.5.1.gem) = 6656 bytes @ 1.10 log @www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2021/12/19 05:32:02 taca Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.4.6.gem) = 96c776ed88e9db949a5d6a75c58733f000378640547b6b7d30cacd78786ba0c1 SHA512 (rails-6.1.4.6.gem) = 11057f84ab3138c2e3b69cc8a7e9193be2449d71863474cf2bfdd7ab34eb5e38bd6f8f132377efa62b60e825d8a4d591b2a267323363ad5fce5d83f08e22a24c Size (rails-6.1.4.6.gem) = 6656 bytes @ 1.9 log @www/ruby-rails61: update to 6.1.4.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2021/10/26 11:31:04 nia Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.4.4.gem) = 5d19cf89209a539f3031dea3efe6c4489abff8ac34741f35424a1d9a57a89877 SHA512 (rails-6.1.4.4.gem) = 4c7086277c9882c6797a877c37d1e920035d772008413ecfa1b2570bd5b7f62081347bbadca10dbac747a6b1380463ac72d16b09698e7217064c39ca84683741 Size (rails-6.1.4.4.gem) = 6656 bytes @ 1.9.2.1 log @Pullup ticket #6589 - requested by taca www/wuby-rails61: security fix Revisions pulled up: - databases/ruby-activerecord61/distinfo 1.10 - devel/ruby-activejob61/distinfo 1.10 - devel/ruby-activemodel61/distinfo 1.10 - devel/ruby-activestorage61/distinfo 1.10 - devel/ruby-activesupport61/distinfo 1.10 - devel/ruby-railties61/distinfo 1.10 - lang/ruby/rails.mk 1.113 - mail/ruby-actionmailbox61/distinfo 1.10 - mail/ruby-actionmailer61/distinfo 1.10 - textproc/ruby-actiontext61/distinfo 1.10 - www/ruby-actioncable61/distinfo 1.10 - www/ruby-actionpack61/distinfo 1.10 - www/ruby-actionview61/distinfo 1.10 - www/ruby-rails61/distinfo 1.10 --- Module Name: pkgsrc Committed By: taca Date: Sun Feb 13 07:35:06 UTC 2022 Modified Files: pkgsrc/databases/ruby-activerecord61: distinfo pkgsrc/devel/ruby-activejob61: distinfo pkgsrc/devel/ruby-activemodel61: distinfo pkgsrc/devel/ruby-activestorage61: distinfo pkgsrc/devel/ruby-activesupport61: distinfo pkgsrc/devel/ruby-railties61: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox61: distinfo pkgsrc/mail/ruby-actionmailer61: distinfo pkgsrc/textproc/ruby-actiontext61: distinfo pkgsrc/www/ruby-actioncable61: distinfo pkgsrc/www/ruby-actionpack61: distinfo pkgsrc/www/ruby-actionview61: distinfo pkgsrc/www/ruby-rails61: distinfo Log Message: www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (rails-6.1.4.6.gem) = 96c776ed88e9db949a5d6a75c58733f000378640547b6b7d30cacd78786ba0c1 SHA512 (rails-6.1.4.6.gem) = 11057f84ab3138c2e3b69cc8a7e9193be2449d71863474cf2bfdd7ab34eb5e38bd6f8f132377efa62b60e825d8a4d591b2a267323363ad5fce5d83f08e22a24c Size (rails-6.1.4.6.gem) = 6656 bytes @ 1.8 log @www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 15:08:46 nia Exp $ d3 3 a5 3 BLAKE2s (rails-6.1.4.1.gem) = 3587812ed0a69c614aa867e421f65e384437fd1179733dba23574dbe0aa40023 SHA512 (rails-6.1.4.1.gem) = 789f44bc43d84ada313592a2dde046d853cdffa4c79f4b98669285647290cf2166b68c1b286902e87bfddf6e3b8f31b4bd1ca5f386fb598332adb64a05ce0f26 Size (rails-6.1.4.1.gem) = 6656 bytes @ 1.7 log @www: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2021/08/22 07:16:47 taca Exp $ d3 1 a3 1 RMD160 (rails-6.1.4.1.gem) = 640f1e0e60e63c3f953e3f8b0ad1a24bda8e0ef8 @ 1.6 log @www/ruby-rails61: update to 6.1.4.1 Update Ruby on Rails 6.1 pacakges to 6.1.4.1. Real changes are in Action Pack (www/ruby-actionpack61). ## Rails 6.1.4.1 (August 19, 2021) ## * [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2021/07/04 08:05:51 taca Exp $ a2 1 SHA1 (rails-6.1.4.1.gem) = 5deb1d184845dedfabc20de7e8bd42805ca7eee9 @ 1.5 log @www/ruby-rails61: update to 6.1.4 No change except version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/05/08 14:08:57 taca Exp $ d3 4 a6 4 SHA1 (rails-6.1.4.gem) = 1f84b056c1cf423970749987a8d074d0fac77954 RMD160 (rails-6.1.4.gem) = a41209b343c5fefafcc7d646dd4d83f61ded93af SHA512 (rails-6.1.4.gem) = 21455a0abca2a4aacbcd24fa5650dbf69c2a16fab88493070038491aeae84ffdcefe5e44bfd89af03b88906b62cd54ebd29092dc9676711133bed52c50516cfd Size (rails-6.1.4.gem) = 6656 bytes @ 1.4 log @www/ruby-rails61: update to 6.1.3.2 Real changes are in www/ruby-actionpack61 only. ## Rails 6.1.3.2 (May 05, 2021) ## * Prevent open redirects by correctly escaping the host allow list CVE-2021-22903 * Prevent catastrophic backtracking during mime parsing CVE-2021-22902 * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/04/11 13:28:02 taca Exp $ d3 4 a6 4 SHA1 (rails-6.1.3.2.gem) = 59f84f75e8d9977463b6e8b76b019e6e85aeed16 RMD160 (rails-6.1.3.2.gem) = dd99a0ba399120e9b7fb1301f043e9882991383a SHA512 (rails-6.1.3.2.gem) = 18d0ad80cedc92f0090b4f918a2005a94956613b4888b782c0249549f904fbcce8190de75b2d1b403cb9b3a430091f13e57969a59574e1f8335286970eba938b Size (rails-6.1.3.2.gem) = 6656 bytes @ 1.3 log @www/ruby-rails61: update to 6.1.3.1 Real changes are in devel/devel/ruby-activestorage61 only. ## Rails 6.1.3.1 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. *George Claghorn* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/02/28 15:42:41 taca Exp $ d3 4 a6 4 SHA1 (rails-6.1.3.1.gem) = 73b2668d32c2f963974df236f4e552e184f391ba RMD160 (rails-6.1.3.1.gem) = a740828b8e0bebe7639272c601d066b45fc0ac01 SHA512 (rails-6.1.3.1.gem) = 4a938c7341da3b1c4cb831bb2c16554f2868716a24f5db39f95d6ffb0f0b6c017fcd1ec4d7010f0c9a011517600912efae9eea2d8cf7d1350edd31e6e9f84568 Size (rails-6.1.3.1.gem) = 6656 bytes @ 1.2 log @www/ruby-rails61: update to 6.1.3 Rails 6.1.3 (February 17, 2021) [ActionPack] * Re-define routes when not set correctly via inheritance. *John Hawthorn* [ActiveRecord] * Fix the MySQL adapter to always set the right collation and charset to the connection session. *Rafael Mendonça França* * Fix MySQL adapter handling of time objects when prepared statements are enabled. *Rafael Mendonça França* * Fix scoping in enum fields using conditions that would generate an IN clause. *Ryuta Kamizono* * Skip optimised #exist? query when #include? is called on a relation with a having clause Relations that have aliased select values AND a having clause that references an aliased select value would generate an error when #include? was called, due to an optimisation that would generate call #exists? on the relation instead, which effectively alters the select values of the query (and thus removes the aliased select values), but leaves the having clause intact. Because the having clause is then referencing an aliased column that is no longer present in the simplified query, an ActiveRecord::InvalidStatement error was raised. An sample query affected by this problem: Author.select('COUNT(*) as total_posts', 'authors.*') .joins(:posts) .group(:id) .having('total_posts > 2') .include?(Author.first) This change adds an addition check to the condition that skips the simplified #exists? query, which simply checks for the presence of a having clause. Fixes #41417 *Michael Smart* * Increment postgres prepared statement counter before making a prepared statement, so if the statement is aborted without Rails knowledge (e.g., if app gets kill -9d during long-running query or due to Rack::Timeout), app won't end up in perpetual crash state for being inconsistent with Postgres. *wbharding*, *Martin Tepper* @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2021/02/14 14:10:02 taca Exp $ d3 4 a6 4 SHA1 (rails-6.1.3.gem) = 4456dd92b6db0e60a96f724748e307d3dcec92e4 RMD160 (rails-6.1.3.gem) = 016a07f3d1ffe3fc63cf25d9e616e7c0cbe976d5 SHA512 (rails-6.1.3.gem) = 085d05096d14c1132c43291b4082f7db9ddb4ae0674e058e38f821524c17fe86d302c56b28b30fbda6f0883e9ab079fa9afdc2d02a9121478e8c2d7d9b39b8a4 Size (rails-6.1.3.gem) = 6656 bytes @ 1.1 log @www/ruby-rails61: add package version 6.1.2.1 Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration. This is for Ruby on Rails 6.1. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (rails-6.1.2.1.gem) = 75528f9ad6fe71026b3c10d04646735a9a181ee9 RMD160 (rails-6.1.2.1.gem) = f0e9b063312fb6af3f9bbf167cb6e71e66b94185 SHA512 (rails-6.1.2.1.gem) = a604ed34d3fab4a549d7bbe1054ba396ee201116b1cc26e466776ba3bf78a6c09b7178d79927b87c04ab17ec49801c7c1a41683c9ff50559b06ee986c88e00b6 Size (rails-6.1.2.1.gem) = 6656 bytes @