![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / devel / ruby-activestorage60
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.22, Sun Sep 3 15:50:52 2023 UTC (3 weeks ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.21: +1 -1
lines
FILE REMOVED
Remove Ruby on Rails 6.0 packages. Ruby on Rails 6.0 reached EOL.
Revision 1.20.4.1 / (download) - annotate - [select for diffs], Sat Mar 4 13:58:15 2023 UTC (6 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q4
Changes since 1.20: +4 -4
lines
Diff to previous 1.20 (colored) next main 1.21 (colored)
Pullup ticket #6732 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: distinfo update
devel/ruby-activemodel60: distinfo update
devel/ruby-activestorage60: distinfo update
devel/ruby-activesupport60: distinfo update
devel/ruby-railties60: distinfo update
mail/ruby-actionmailbox60: distinfo update
mail/ruby-actionmailer60: distinfo update
textproc/ruby-actiontext60: distinfo update
www/ruby-actioncable60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionview60: distinfo update
www/ruby-rails60: distinfo update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.21
- devel/ruby-activejob60/distinfo 1.21
- devel/ruby-activemodel60/distinfo 1.21
- devel/ruby-activestorage60/distinfo 1.21
- devel/ruby-activesupport60/distinfo 1.21
- devel/ruby-railties60/distinfo 1.21
- lang/ruby/rails.mk 1.138
- mail/ruby-actionmailbox60/distinfo 1.21
- mail/ruby-actionmailer60/distinfo 1.21
- textproc/ruby-actiontext60/distinfo 1.21
- www/ruby-actioncable60/distinfo 1.21
- www/ruby-actionpack60/Makefile 1.5
- www/ruby-actionpack60/distinfo 1.21
- www/ruby-actionview60/distinfo 1.21
- www/ruby-rails60/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:27:26 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: Makefile distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.6.1
Only databases/ruby-activerecord61 has updated.
Rails 6.0.6.1 (2023-01-17)
* Make `sanitize_as_sql_comment` more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack60/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-rails60/distinfo
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jan 19 14:27:25 2023 UTC (8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.20: +4 -4
lines
Diff to previous 1.20 (colored)
www/ruby-rails60: update to 6.0.6.1 Only databases/ruby-activerecord61 has updated. Rails 6.0.6.1 (2023-01-17) * Make `sanitize_as_sql_comment` more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. [CVE-2023-22794]
Revision 1.20 / (download) - annotate - [select for diffs], Sat Sep 10 08:19:00 2022 UTC (12 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Branch point for: pkgsrc-2022Q4
Changes since 1.19: +4 -4
lines
Diff to previous 1.19 (colored)
www/ruby-rails60: update to 6.0.6 Ruby on Rails 6.0.6 release on 9th September 2022 and Active Record is only updated. databases/ruby-activerecord60 * Symbol is allowed by default for YAML columns tienne Barrié
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Sat Jul 23 19:15:51 2022 UTC (14 months ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored) next main 1.19 (colored)
Pullup ticket #6654 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.19
- devel/ruby-activejob60/distinfo 1.19
- devel/ruby-activemodel60/distinfo 1.19
- devel/ruby-activestorage60/distinfo 1.19
- devel/ruby-activesupport60/distinfo 1.19
- devel/ruby-railties60/Makefile 1.5
- devel/ruby-railties60/distinfo 1.19
- lang/ruby/rails.mk 1.130
- mail/ruby-actionmailbox60/distinfo 1.19
- mail/ruby-actionmailer60/distinfo 1.19
- textproc/ruby-actiontext60/distinfo 1.19
- www/ruby-actioncable60/distinfo 1.19
- www/ruby-actionpack60/distinfo 1.19
- www/ruby-actionview60/distinfo 1.19
- www/ruby-rails60/distinfo 1.19
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:44:10 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.5.1
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties60/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-rails60/distinfo
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jul 13 14:44:09 2022 UTC (14 months, 1 week ago) by taca
Branch: MAIN
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored)
www/ruby-rails60: update to 6.0.5.1 Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only. databases/ruby-activerecord60 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224]
Revision 1.18 / (download) - annotate - [select for diffs], Tue Jun 7 14:59:21 2022 UTC (15 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base
Branch point for: pkgsrc-2022Q2
Changes since 1.17: +4 -4
lines
Diff to previous 1.17 (colored)
www/ruby-rails60: update to 6.0.5
Ruby on Rails 6.0.5 (2022-05-12)
Active Support
* Fix tag helper regression.
Action Text
* Disentangle Action Text from ApplicationController
Allow Action Text to be used without having an ApplicationController
defined.
This makes sure:
- Action Text attachments render the correct URL host in mailers.
- an ActionController::Renderer isn't allocated per request.
- Sidekiq doesn't hang with the "classic" autoloader.
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Sat Jun 4 09:17:02 2022 UTC (15 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q1
Changes since 1.16: +4 -4
lines
Diff to previous 1.16 (colored) next main 1.17 (colored)
Pullup ticket #6629 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
lang/ruby: version info update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.17
- devel/ruby-activejob60/distinfo 1.17
- devel/ruby-activemodel60/distinfo 1.17
- devel/ruby-activestorage60/distinfo 1.17
- devel/ruby-activesupport60/distinfo 1.17
- devel/ruby-railties60/distinfo 1.17
- lang/ruby/rails.mk 1.120
- mail/ruby-actionmailbox60/distinfo 1.17
- mail/ruby-actionmailer60/distinfo 1.17
- textproc/ruby-actiontext60/distinfo 1.17
- www/ruby-actioncable60/distinfo 1.17
- www/ruby-actionpack60/distinfo 1.17
- www/ruby-actionview60/distinfo 1.17
- www/ruby-rails60/distinfo 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:20:39 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 6.0.4.8
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:21:25 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Áìvaro Martíî Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:12 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Áìvaro Martíî Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:48 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:24:55 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
Update rest of Ruby on Rails 60 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails60/distinfo
Revision 1.17 / (download) - annotate - [select for diffs], Thu May 5 03:24:54 2022 UTC (16 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.16: +4 -4
lines
Diff to previous 1.16 (colored)
Update rest of Ruby on Rails 60 components. No change except version.
Revision 1.16 / (download) - annotate - [select for diffs], Sun Mar 13 15:08:22 2022 UTC (18 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base
Branch point for: pkgsrc-2022Q1
Changes since 1.15: +4 -4
lines
Diff to previous 1.15 (colored)
www/ruby-rails60: update to 6.0.4.7 Changes are in devel/ruby-activestorage60 only. ## Rails 6.0.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831]
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Thu Mar 3 19:06:02 2022 UTC (18 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
Pullup ticket #6588 - requested by taca
www/ruby-rails60: security fix
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.15
- devel/ruby-activejob60/distinfo 1.15
- devel/ruby-activemodel60/distinfo 1.15
- devel/ruby-activestorage60/distinfo 1.15
- devel/ruby-activesupport60/distinfo 1.15
- devel/ruby-railties60/distinfo 1.15
- lang/ruby/rails.mk 1.112
- mail/ruby-actionmailbox60/distinfo 1.15
- mail/ruby-actionmailer60/distinfo 1.15
- textproc/ruby-actiontext60/distinfo 1.15
- www/ruby-actioncable60/distinfo 1.15
- www/ruby-actionpack60/distinfo 1.15
- www/ruby-actionview60/distinfo 1.15
- www/ruby-rails60/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 13 07:31:23 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.4.6
This update contains security fix for CVE-2022-23633 in ruby-actionpack60.
Active Support 6.0.4.6 (2022-02-11)
* Fix Reloader method signature to work with the new Executor signature.
Action Pack 6.0.4.6
6.0.4.5 (2022-02-11)
* Under certain circumstances, the middleware isn't informed that the
response body has been fully closed which result in request state
not being fully reset before the next request.
[CVE-2022-23633]
Other packages have no change.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Feb 13 07:31:22 2022 UTC (19 months, 1 week ago) by taca
Branch: MAIN
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
www/ruby-rails60: update to 6.0.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack60. Active Support 6.0.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.0.4.6 6.0.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change.
Revision 1.14 / (download) - annotate - [select for diffs], Sun Dec 19 05:17:54 2021 UTC (21 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
devel/ruby-activestorage60: update to 6.0.4.4 No change except version.
Revision 1.13 / (download) - annotate - [select for diffs], Tue Oct 26 10:19:25 2021 UTC (22 months, 4 weeks ago) by nia
Branch: MAIN
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
archivers: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Could not be committed due to merge conflict: devel/py-traitlets/distinfo The following distfiles were unfetchable (note: some may be only fetched conditionally): ./devel/pvs/distinfo pvs-3.2-solaris.tgz ./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
Revision 1.12 / (download) - annotate - [select for diffs], Thu Oct 7 13:44:02 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.11: +1 -2
lines
Diff to previous 1.11 (colored)
devel: Remove SHA1 hashes for distfiles
Revision 1.11 / (download) - annotate - [select for diffs], Sun Aug 22 07:12:51 2021 UTC (2 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.10: +5 -5
lines
Diff to previous 1.10 (colored)
www/ruby-rails60: update to 6.0.4.1 Update Ruby on Rails 6.0 pacakges to 6.0.4.1. Real changes are in Action Pack (www/ruby-actionpack60). ## Rails 6.0.4.1 (August 19, 2021) ## * [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Jul 4 06:58:38 2021 UTC (2 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.9: +5 -5
lines
Diff to previous 1.9 (colored)
www/ruby-rails60: update to 6.0.4
Ruby on Rails 6.0.4 (2021-06-15), including security fixes.
Active Support
* Fixed issue in ActiveSupport::Cache::RedisCacheStore not passing
options to read_multi causing fetch_multi to not work properly.
(Rajesh Sharma)
* with_options copies its options hash again to avoid leaking mutations.
Fixes #39343. (Eugene Kenny)
Active Record
* Only warn about negative enums if a positive form that would cause
conflicts exists. Fixes #39065. (Alex Ghiculescu)
* Allow the inverse of a has_one association that was previously
autosaved to be loaded. Fixes #34255. (Steven Weber)
* Reset statement cache for association if table_name is changed.
Fixes #36453. (Ryuta Kamizono)
* Type cast extra select for eager loading. (Ryuta Kamizono)
* Prevent collection associations from being autosaved multiple times.
Fixes #39173. (Eugene Kenny)
* Resolve issue with insert_all unique_by option when used with
expression index.
When the :unique_by option of ActiveRecord::Persistence.insert_all
and ActiveRecord::Persistence.upsert_all was used with the name of
an expression index, an error was raised. Adding a guard around the
formatting behavior for the :unique_by corrects this.
Usage:
create_table :books, id: :integer, force: true do |t|
t.column :name, :string
t.index "lower(name)", unique: true
end
Book.insert_all [{ name: "MyTest" }], unique_by: :index_books_on_lower_name
Fixes #39516. (Austen Madden)
* Fix preloading for polymorphic association with custom scope.
(Ryuta Kamizono)
* Allow relations with different SQL comments in the or method.
(Takumi Shotoku)
* Resolve conflict between counter cache and optimistic locking.
Bump an Active Record instance's lock version after updating its
counter cache. This avoids raising an unnecessary
ActiveRecord::StaleObjectError upon subsequent transactions by
maintaining parity with the corresponding database record's
lock_version column. Fixes #16449. (Aaron Lipman)
* Fix through association with source/through scope which has joins.
(Ryuta Kamizono)
* Fix through association to respect source scope for includes/preload.
(Ryuta Kamizono)
* Fix eager load with Arel joins to maintain the original joins order.
(Ryuta Kamizono)
* Fix group by count with eager loading + order + limit/offset.
(Ryuta Kamizono)
* Fix left joins order when merging multiple left joins from different
associations. (Ryuta Kamizono)
* Fix index creation to preserve index comment in bulk change table on
MySQL. (Ryuta Kamizono)
* Change remove_foreign_key to not check :validate option if database
doesn't support the feature. (Ryuta Kamizono)
* Fix the result of aggregations to maintain duplicated "group by"
fields. (Ryuta Kamizono)
* Do not return duplicated records when using preload. (Bogdan Gusiev)
Action View
* SanitizeHelper.sanitized_allowed_attributes and
SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's
class method. Fixes #39586. (Taufiq Muhammadi)
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
* Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which
are inherently safe to transport. Validation accepts both urlsafe
tokens, and strict-encoded tokens for backwards compatibility.
In Rails 5.2.5, the CSRF token format is accidentally changed to
urlsafe-encoded. If you upgrade apps from 5.2.5, set the config
urlsafe_csrf_tokens = true.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
(Scott Blum, tienne Barrié)
* Signed and encrypted cookies can now store false as their value when
action_dispatch.use_cookies_with_metadata is enabled. (Rolandas
Barysas)
Active Storage
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print
margins. This matches the behavior of the MuPDF previewer. (Vincent
Robert)
Railties
* Allow relative paths with trailing slashes to be passed to rails
test. (Eugene Kenny)
* Return a 405 Method Not Allowed response when a request uses an
unknown HTTP method. Fixes #38998. (Loren Norman)
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 8 14:02:34 2021 UTC (2 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.8: +5 -5
lines
Diff to previous 1.8 (colored)
www/ruby-rails60: update to 6.0.3.7
Real changes are in www/ruby-actionpack60 only.
## Rails 6.0.3.7 (May 05, 2021) ##
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
Revision 1.8 / (download) - annotate - [select for diffs], Sun Apr 11 13:24:57 2021 UTC (2 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.7: +5 -5
lines
Diff to previous 1.7 (colored)
www/ruby-rails60: update to 6.0.3.6
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Revision 1.7 / (download) - annotate - [select for diffs], Thu Feb 11 14:30:07 2021 UTC (2 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.6: +5 -5
lines
Diff to previous 1.6 (colored)
www/ruby-rails60: update to 6.0.3.5
databases/ruby-activerecord60:
## Rails 6.0.3.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
www/ruby-actionpack60
## Rails 6.0.3.5 (February 10, 2021) ##
* Prevent open redirect when allowed host starts with a dot
[CVE-2021-22881]
Thanks to @tktech (https://hackerone.com/tktech) for reporting this
issue and the patch!
*Aaron Patterson*
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Fri Oct 23 16:25:01 2020 UTC (2 years, 11 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.5: +5 -5
lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pullup ticket #6344 - requested by taca www/ruby-rails60: security fix Revisions pulled up: - databases/ruby-activerecord60/distinfo 1.6 - devel/ruby-activejob60/distinfo 1.6 - devel/ruby-activemodel60/distinfo 1.6 - devel/ruby-activestorage60/distinfo 1.6 - devel/ruby-activesupport60/distinfo 1.6 - devel/ruby-railties60/distinfo 1.6 - lang/ruby/rails.mk 1.91 - mail/ruby-actionmailbox60/distinfo 1.6 - mail/ruby-actionmailer60/distinfo 1.6 - textproc/ruby-actiontext60/distinfo 1.6 - www/ruby-actioncable60/distinfo 1.6 - www/ruby-actionpack60/distinfo 1.6 - www/ruby-actionview60/distinfo 1.6 - www/ruby-rails60/Makefile 1.5 - www/ruby-rails60/distinfo 1.6 --- Module Name: pkgsrc Committed By: taca Date: Mon Oct 19 14:50:32 UTC 2020 Modified Files: pkgsrc/databases/ruby-activerecord60: distinfo pkgsrc/devel/ruby-activejob60: distinfo pkgsrc/devel/ruby-activemodel60: distinfo pkgsrc/devel/ruby-activestorage60: distinfo pkgsrc/devel/ruby-activesupport60: distinfo pkgsrc/devel/ruby-railties60: distinfo pkgsrc/lang/ruby: rails.mk pkgsrc/mail/ruby-actionmailbox60: distinfo pkgsrc/mail/ruby-actionmailer60: distinfo pkgsrc/textproc/ruby-actiontext60: distinfo pkgsrc/www/ruby-actioncable60: distinfo pkgsrc/www/ruby-actionpack60: distinfo pkgsrc/www/ruby-actionview60: distinfo pkgsrc/www/ruby-rails60: Makefile distinfo Log Message: www/ruby-rails60: update to 6.0.3.4 Update Ruby on Rails 6.0 related packages to 6.0.3.4. This is security fix for ruby-actionpack60. ## Rails 6.0.3.4 (October 07, 2020) ## * [CVE-2020-8264] Prevent XSS in Actionable Exceptions
Revision 1.6 / (download) - annotate - [select for diffs], Mon Oct 19 14:50:31 2020 UTC (2 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.5: +5 -5
lines
Diff to previous 1.5 (colored)
www/ruby-rails60: update to 6.0.3.4 Update Ruby on Rails 6.0 related packages to 6.0.3.4. This is security fix for ruby-actionpack60. ## Rails 6.0.3.4 (October 07, 2020) ## * [CVE-2020-8264] Prevent XSS in Actionable Exceptions
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 10 14:30:03 2020 UTC (3 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.4: +5 -5
lines
Diff to previous 1.4 (colored)
www/ruby-rails60: update to 6.0.3.3
Update Ruby on Rails 60 to 6.0.3.3.
Security fix in ruby-actionview60.
## Rails 6.0.3.3 (September 09, 2020) ##
* [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
*Jonathan Hefner*
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jun 18 13:38:46 2020 UTC (3 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.3: +5 -5
lines
Diff to previous 1.3 (colored)
lang/rails60: update to 6.0.3.2 Update Ruby on Rails to 6.0.3.2. www/ruby-actionpack60 is the really updated package and other packages have no change except version. CHANGELOG of www/ruby-actionpack60 is here: ## Rails 6.0.3.2 (June 17, 2020) ## * [CVE-2020-8185] Only allow ActionableErrors if show_detailed_exceptions is enabled
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Thu Jun 4 08:51:17 2020 UTC (3 years, 3 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.1: +5 -5
lines
Diff to previous 1.1 (colored) next main 1.2 (colored)
Pullup ticket #6214 - requested by taca
www/ruby-rails60: security fix
Revisions pulled up:
- databases/ruby-activerecord60/PLIST 1.2
- databases/ruby-activerecord60/distinfo 1.2-1.3
- devel/ruby-activejob60/distinfo 1.2-1.3
- devel/ruby-activemodel60/distinfo 1.2-1.3
- devel/ruby-activestorage60/distinfo 1.2-1.3
- devel/ruby-activesupport60/distinfo 1.2-1.3
- devel/ruby-railties60/distinfo 1.2-1.3
- mail/ruby-actionmailbox60/distinfo 1.2-1.3
- mail/ruby-actionmailer60/distinfo 1.2-1.3
- textproc/ruby-actiontext60/distinfo 1.2-1.3
- www/ruby-actioncable60/distinfo 1.2-1.3
- www/ruby-actionpack60/distinfo 1.2-1.3
- www/ruby-actionview60/distinfo 1.2-1.3
- www/ruby-rails60/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:15:25 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3
Update ruby-activesupport60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* `Array#to_sentence` no longer returns a frozen string.
Before:
['one', 'two'].to_sentence.frozen?
# => true
After:
['one', 'two'].to_sentence.frozen?
# => false
*Nicolas Dular*
* Update `ActiveSupport::Messages::Metadata#fresh?` to work for cookies with expiry set when
`ActiveSupport.parse_json_times = true`.
*Christian Gregg*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: updat to 6.0.3
Update ruby-activemodel60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3
Update ruby-activejob60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* While using `perform_enqueued_jobs` test helper enqueued jobs must be stored for the later check with
`assert_enqueued_with`.
*Dmitry Polushkin*
* Add queue name support to Que adapter
*Brad Nauta*, *Wojciech Wntrzak*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:17:34 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3
Update ruby-actionview60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* annotated_source_code returns an empty array so TemplateErrors without a
template in the backtrace are surfaced properly by DebugExceptions.
*Guilherme Mansur*, *Kasper Timm Hansen*
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
*Guilherme Mansur*, *Gannon McGibbon*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:09 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3
Update ruby-actionpack60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Include child session assertion count in ActionDispatch::IntegrationTest
`IntegrationTest#open_session` uses `dup` to create the new session, which
meant it had its own copy of `@assertions`. This prevented the assertions
from being correctly counted and reported.
Child sessions now have their `attr_accessor` overriden to delegate to the
root session.
Fixes #32142
*Sam Bostock*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:56 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: PLIST distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3
Update ruby-activerecord60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Recommend applications don't use the `database` kwarg in `connected_to`
The database kwarg in `connected_to` was meant to be used for one-off scripts but is often used in requests. This is really dangerous because it re-establishes a connection every time. It's deprecated in 6.1 and will be removed in 6.2 without replacement. This change soft deprecates it in 6.0 by removing documentation.
*Eileen M. Uchitelle*
* Fix support for PostgreSQL 11+ partitioned indexes.
*Sebastián Palma*
* Add support for beginless ranges, introduced in Ruby 2.7.
*Josh Goodall*
* Fix insert_all with enum values
Fixes #38716.
*Joel Blum*
* Regexp-escape table name for MS SQL
Add `Regexp.escape` to one method in ActiveRecord, so that table names with regular expression characters in them work as expected. Since MS SQL Server uses "[" and "]" to quote table and column names, and those characters are regular expression characters, methods like `pluck` and `select` fail in certain cases when used with the MS SQL Server adapter.
*Larry Reid*
* Store advisory locks on their own named connection.
Previously advisory locks were taken out against a connection when a migration started. This works fine in single database applications but doesn't work well when migrations need to open new connections which results in the lock getting dropped.
In order to fix this we are storing the advisory lock on a new connection with the connection specification name `AdisoryLockBase`. The caveat is that we need to maintain at least 2 connections to a database while migrations are running in order to do this.
*Eileen M. Uchitelle*, *John Crepezzi*
* Ensure `:reading` connections always raise if a write is attempted.
Now Rails will raise an `ActiveRecord::ReadOnlyError` if any connection on the reading handler attempts to make a write. If your reading role needs to write you should name the role something other than `:reading`.
*Eileen M. Uchitelle*
* Enforce fresh ETag header after a collection's contents change by adding
ActiveRecord::Relation#cache_key_with_version. This method will be used by
ActionController::ConditionalGet to ensure that when collection cache versioning
is enabled, requests using ConditionalGet don't return the same ETag header
after a collection is modified. Fixes #38078.
*Aaron Lipman*
* A database URL can now contain a querystring value that contains an equal sign. This is needed to support passing PostgresSQL `options`.
*Joshua Flanagan*
* Retain explicit selections on the base model after applying `includes` and `joins`.
Resolves #34889.
*Patrick Rebsch*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:09 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3
Update ruby-actionmailer60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:46 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3
Update ruby-actionmailbox60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Update Mandrill inbound email route to respond appropriately to HEAD requests for URL health checks from Mandrill.
*Bill Cromie*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:21:24 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3
Update to ruby-actioncable60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3
Update ruby-railties60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Cache compiled view templates when running tests by default
When generating a new app without `--skip-spring`, caching classes is
disabled in `environments/test.rb`. This implicitly disables caching
view templates too. This change will enable view template caching by
adding this to the generated `environments/test.rb`:
````ruby
config.action_view.cache_template_loading = true
````
*Jorge Manrubia*
* `Rails::Application#eager_load!` is available again to load application code
manually as it was possible in previous versions.
Please, note this is not integrated with the whole eager loading logic that
runs when Rails boots with eager loading enabled, you can think of this
method as a vanilla recursive code loader.
This ability has been restored because there are some use cases for it, such
as indexers that need to have all application classes and modules in memory.
*Xavier Noria*
* Generators that inherit from NamedBase respect `--force` option
*Josh Brody*
* Regression fix: The Rake task `zeitwerk:check` supports eager loaded
namespaces which do not have eager load paths, like the recently added
`i18n`. These namespaces are only required to respond to `eager_load!`.
*Xavier Noria*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3
Update ruby-activestorage60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:23:36 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3
Update ruby-actiontext60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:24:28 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3
Finally, update ruby-rails60 to 6.0.3.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:10:27 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3.1
Update ruby-activesupport60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:10 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: update to 6.0.3.1
Update ruby-activemodel60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:43 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3.1
Update ruby-activejob60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:16 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3.1
Update ruby-actionview60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:50 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3.1
Update ruby-actionpack60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:13:24 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3.1
Update ruby-activerecord60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:04 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3.1
Update ruby-actionmailer60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:41 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3.1
Update ruby-actionmailbox60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:14 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3.1
Update ruby-actioncable60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:47 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3.1
Update ruby-railties60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:16:26 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3.1
Update ruby-activestorage60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:01 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3.1
Update ruby-actiontext60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:45 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3.1.
Finally, update ruby-rails60 to 6.0.3.1.
Revision 1.3 / (download) - annotate - [select for diffs], Tue May 19 17:16:26 2020 UTC (3 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.2: +5 -5
lines
Diff to previous 1.2 (colored)
devel/ruby-activestorage60: update to 6.0.3.1 Update ruby-activestorage60 to 6.0.3.1. ## Rails 6.0.3.1 (May 18, 2020) ## * [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
Revision 1.2 / (download) - annotate - [select for diffs], Sat May 16 14:22:55 2020 UTC (3 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.1: +5 -5
lines
Diff to previous 1.1 (colored)
devel/ruby-activestorage60: update to 6.0.3 Update ruby-activestorage60 to 6.0.3. ## Rails 6.0.3 (May 06, 2020) ## * No changes.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Mar 20 17:08:50 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base
Branch point for: pkgsrc-2020Q1
devel/ruby-activestorage60: add package version 6.0.2.2 Add ruby-activestorage60 package version 6.0.2.2. # Active Storage Active Storage makes it simple to upload and reference files in cloud services like [Amazon S3](https://aws.amazon.com/s3/), [Google Cloud Storage](https://cloud.google.com/storage/docs/), or [Microsoft Azure Storage](https://azure.microsoft.com/en-us/services/storage/), and attach those files to Active Records. Supports having one main service and mirrors in other services for redundancy. It also provides a disk service for testing or local deployments, but the focus is on cloud storage. Files can be uploaded from the server to the cloud or directly from the client to the cloud. Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) supported transformation. This is for Ruby on Rails 6.0.