The NetBSD Project

CVS log for pkgsrc/devel/ruby-railties61/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / devel / ruby-railties61

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.20 / (download) - annotate - [select for diffs], Sat Aug 26 15:23:29 2023 UTC (4 weeks, 1 day ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)

www/ruby-rails61: update to 6.1.7.6

6.1.7.5 (2023-08-22)

Active Support

* Use a temporary file for storing unencrypted files while editing
  [CVE-2023-38037]

6.1.7.6 (2023-08-22)

* No changes between this and 6.1.7.5.  This release was just to fix file
  permissions in the previous release.

Revision 1.18.4.1 / (download) - annotate - [select for diffs], Fri Jun 30 18:41:55 2023 UTC (2 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2023Q2
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored) next main 1.19 (colored)

Pullup ticket #6766 - requested by taca
www/ruby-rails61: security fix

Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.19
- devel/ruby-activejob61/distinfo                               1.19
- devel/ruby-activemodel61/distinfo                             1.19
- devel/ruby-activestorage61/distinfo                           1.19
- devel/ruby-activesupport61/distinfo                           1.19
- devel/ruby-railties61/distinfo                                1.19
- lang/ruby/rails.mk                                            1.146
- mail/ruby-actionmailbox61/distinfo                            1.19
- mail/ruby-actionmailer61/distinfo                             1.19
- textproc/ruby-actiontext61/distinfo                           1.19
- www/ruby-actioncable61/distinfo                               1.19
- www/ruby-actionpack61/distinfo                                1.19
- www/ruby-actionview61/distinfo                                1.19
- www/ruby-rails61/distinfo                                     1.19

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jun 27 13:35:19 UTC 2023

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/devel/ruby-activemodel61: distinfo
   	pkgsrc/devel/ruby-activestorage61: distinfo
   	pkgsrc/devel/ruby-activesupport61: distinfo
   	pkgsrc/devel/ruby-railties61: distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: distinfo
   	pkgsrc/textproc/ruby-actiontext61: distinfo
   	pkgsrc/www/ruby-actioncable61: distinfo
   	pkgsrc/www/ruby-actionpack61: distinfo
   	pkgsrc/www/ruby-actionview61: distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   www/rails61: update to 6.1.7.4

   Rails 6.1.7.4 (2023-06-26)

   Action Pack

   *   Raise an exception if illegal characters are provide to redirect_to
       [CVE-2023-28362]

       *Zack Deveau*

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jun 27 13:35:18 2023 UTC (2 months, 4 weeks ago) by taca
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

www/rails61: update to 6.1.7.4

Rails 6.1.7.4 (2023-06-26)

Action Pack

*   Raise an exception if illegal characters are provide to redirect_to
    [CVE-2023-28362]

    *Zack Deveau*

Revision 1.18 / (download) - annotate - [select for diffs], Wed Mar 15 13:31:49 2023 UTC (6 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q1-base, pkgsrc-2023Q1
Branch point for: pkgsrc-2023Q2
Changes since 1.17: +4 -4 lines
Diff to previous 1.17 (colored)

www/ruby-rails61: update to 6.1.7.3

6.1.7.3 (2023-03-13)

Active Support

* Implement SafeBuffer#bytesplice

  [CVE-2023-28120]

Action View

* Ignore certain data-* attributes in rails-ujs when element is
  contenteditable

  [CVE-2023-23913]

Revision 1.15.4.1 / (download) - annotate - [select for diffs], Sat Mar 4 14:10:23 2023 UTC (6 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q4
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Pullup ticket #6733 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: distinfo update
devel/ruby-activemodel61: distinfo update
devel/ruby-activestorage61: distinfo update
devel/ruby-activesupport61: security update
devel/ruby-railties61: distinfo update
mail/ruby-actionmailbox61: distinfo update
mail/ruby-actionmailer61: distinfo update
textproc/ruby-actiontext61: sdistinfo update
www/ruby-actioncable61: distinfo update
www/ruby-actionpack61: security update
www/ruby-actionview61: distinfo update
www/ruby-rails61: distinfo update


Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.16-1.17
- devel/ruby-activejob61/distinfo                               1.16-1.17
- devel/ruby-activemodel61/distinfo                             1.16-1.17
- devel/ruby-activestorage61/distinfo                           1.16-1.17
- devel/ruby-activesupport61/distinfo                           1.16-1.17
- devel/ruby-railties61/distinfo                                1.16-1.17
- lang/ruby/rails.mk                                            1.139,1.141
- mail/ruby-actionmailbox61/distinfo                            1.16-1.17
- mail/ruby-actionmailer61/distinfo                             1.16-1.17
- textproc/ruby-actiontext61/distinfo                           1.16-1.17
- www/ruby-actioncable61/distinfo                               1.16-1.17
- www/ruby-actionpack61/Makefile                                1.4
- www/ruby-actionpack61/distinfo                                1.16-1.17
- www/ruby-actionview61/distinfo                                1.16-1.17
- www/ruby-rails61/distinfo                                     1.16-1.17

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 19 14:31:11 UTC 2023

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/devel/ruby-activemodel61: distinfo
   	pkgsrc/devel/ruby-activestorage61: distinfo
   	pkgsrc/devel/ruby-activesupport61: distinfo
   	pkgsrc/devel/ruby-railties61: distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: distinfo
   	pkgsrc/textproc/ruby-actiontext61: distinfo
   	pkgsrc/www/ruby-actioncable61: distinfo
   	pkgsrc/www/ruby-actionpack61: Makefile distinfo
   	pkgsrc/www/ruby-actionview61: distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   www/ruby-rails61: update to 6.1.7.1

   Rails 6.1.7.1 (2023-01-17)

   devel/ruby-activesupport61

   * Avoid regex backtracking in Inflector.underscore

       [CVE-2023-22796]

   www/ruby-actionpack61

   * Avoid regex backtracking on If-None-Match header

     [CVE-2023-22795]

   * Use string#split instead of regex for domain parts

     [CVE-2023-22792]

   databases/ruby-activerecord61

   * Make sanitize_as_sql_comment more strict

     Though this method was likely never meant to take user input, it was
     attempting sanitization. That sanitization could be bypassed with
     carefully crafted input.

     This commit makes the sanitization more robust by replacing any
     occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
     first pass to remove one surrounding comment to avoid compatibility
     issues for users relying on the existing removal.

     This also clarifies in the documentation of annotate that it should not
     be provided user input.

     [CVE-2023-22794]

   * Added integer width check to PostgreSQL::Quoting

     Given a value outside the range for a 64bit signed integer type
     PostgreSQL will treat the column type as numeric. Comparing
     integer values against numeric values can result in a slow
     sequential scan.

     This behavior is configurable via
     ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

     [CVE-2022-44566]


   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo
   cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jan 25 13:27:10 UTC 2023

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/devel/ruby-activemodel61: distinfo
   	pkgsrc/devel/ruby-activestorage61: distinfo
   	pkgsrc/devel/ruby-activesupport61: distinfo
   	pkgsrc/devel/ruby-railties61: distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: distinfo
   	pkgsrc/textproc/ruby-actiontext61: distinfo
   	pkgsrc/www/ruby-actioncable61: distinfo
   	pkgsrc/www/ruby-actionpack61: distinfo
   	pkgsrc/www/ruby-actionview61: distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   www/ruby-rails61: update to 6.1.7.2

   Rails 6.1.7.2 (2023-01-24)

   www/ruby-actionpack61

   *   Fix `domain: :all` for two letter TLD

       This fixes a compatibility issue introduced in our previous security
       release when using `domain: :all` with a two letter but single level top
       level domain domain (like `.ca`, rather than `.co.uk`).


   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo
   cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo

Revision 1.17 / (download) - annotate - [select for diffs], Wed Jan 25 13:27:10 2023 UTC (7 months, 4 weeks ago) by taca
Branch: MAIN
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)

www/ruby-rails61: update to 6.1.7.2

Rails 6.1.7.2 (2023-01-24)

www/ruby-actionpack61

*   Fix `domain: :all` for two letter TLD

    This fixes a compatibility issue introduced in our previous security
    release when using `domain: :all` with a two letter but single level top
    level domain domain (like `.ca`, rather than `.co.uk`).

Revision 1.16 / (download) - annotate - [select for diffs], Thu Jan 19 14:31:11 2023 UTC (8 months ago) by taca
Branch: MAIN
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

www/ruby-rails61: update to 6.1.7.1

Rails 6.1.7.1 (2023-01-17)

devel/ruby-activesupport61

* Avoid regex backtracking in Inflector.underscore

    [CVE-2023-22796]

www/ruby-actionpack61

* Avoid regex backtracking on If-None-Match header

  [CVE-2023-22795]

* Use string#split instead of regex for domain parts

  [CVE-2023-22792]

databases/ruby-activerecord61

* Make sanitize_as_sql_comment more strict

  Though this method was likely never meant to take user input, it was
  attempting sanitization. That sanitization could be bypassed with
  carefully crafted input.

  This commit makes the sanitization more robust by replacing any
  occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
  first pass to remove one surrounding comment to avoid compatibility
  issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not
  be provided user input.

  [CVE-2023-22794]

* Added integer width check to PostgreSQL::Quoting

  Given a value outside the range for a 64bit signed integer type
  PostgreSQL will treat the column type as numeric. Comparing
  integer values against numeric values can result in a slow
  sequential scan.

  This behavior is configurable via
  ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

  [CVE-2022-44566]

Revision 1.15 / (download) - annotate - [select for diffs], Sat Sep 10 08:24:42 2022 UTC (12 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Branch point for: pkgsrc-2022Q4
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

www/ruby-rails61: update to 6.1.7

Ruby on Rails 6.1.7 release on 9th September 2022.
Active Record and Active Storage are updated:


Active Record

* Symbol is allowed by default for YAML columns

  tienne Barri├ę

* Fix ActiveRecord::Store to serialize as a regular Hash

  Previously it would serialize as an
  ActiveSupport::HashWithIndifferentAccess which is wasteful and cause
  problem with YAML safe_load.

  Jean Boussier

* Fix PG.connect keyword arguments deprecation warning on ruby 2.7

  Fixes .

  Nikita Vasilevsky


Active Storage

* Respect Active Record's primary_key_type in Active Storage
  migrations. Backported from 7.0.

  fatkodima

Revision 1.13.2.1 / (download) - annotate - [select for diffs], Sat Jul 23 19:35:08 2022 UTC (14 months ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)

Pullup ticket #6655 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update


Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.14
- devel/ruby-activejob61/distinfo                               1.14
- devel/ruby-activemodel61/distinfo                             1.14
- devel/ruby-activestorage61/distinfo                           1.14
- devel/ruby-activesupport61/distinfo                           1.14
- devel/ruby-railties61/Makefile                                1.4
- devel/ruby-railties61/distinfo                                1.14
- lang/ruby/rails.mk                                            1.131
- mail/ruby-actionmailbox61/distinfo                            1.14
- mail/ruby-actionmailer61/distinfo                             1.14
- textproc/ruby-actiontext61/distinfo                           1.14
- www/ruby-actioncable61/distinfo                               1.14
- www/ruby-actionpack61/distinfo                                1.14
- www/ruby-actionview61/distinfo                                1.14
- www/ruby-rails61/distinfo                                     1.14

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 13 14:46:24 UTC 2022

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/devel/ruby-activemodel61: distinfo
   	pkgsrc/devel/ruby-activestorage61: distinfo
   	pkgsrc/devel/ruby-activesupport61: distinfo
   	pkgsrc/devel/ruby-railties61: Makefile distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: distinfo
   	pkgsrc/textproc/ruby-actiontext61: distinfo
   	pkgsrc/www/ruby-actioncable61: distinfo
   	pkgsrc/www/ruby-actionpack61: distinfo
   	pkgsrc/www/ruby-actionview61: distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   www/ruby-rails61: update to 6.1.6.1

   Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.

   databases/ruby-activerecord61

   * Change ActiveRecord::Coders::YAMLColumn default to safe_load

     This adds two new configuration options The configuration options are as
     follows:

   	o config.active_storage.use_yaml_unsafe_load

     When set to true, this configuration option tells Rails to use the old
     "unsafe" YAML loading strategy, maintaining the existing behavior but
     leaving the possible escalation vulnerability in place.  Setting this
     option to true is *not* recommended, but can aid in upgrading.

   	o config.active_record.yaml_column_permitted_classes

     The "safe YAML" loading method does not allow all classes to be
     deserialized by default.  This option allows you to specify classes deemed
     "safe" in your application.  For example, if your application uses Symbol
     and Time in serialized data, you can add Symbol and Time to the allowed
     list as follows:

   	config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]

     [CVE-2022-32224]


   To generate a diff of this commit:
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo
   cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo

Revision 1.14 / (download) - annotate - [select for diffs], Wed Jul 13 14:46:24 2022 UTC (14 months, 1 week ago) by taca
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)

www/ruby-rails61: update to 6.1.6.1

Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.

databases/ruby-activerecord61

* Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as
  follows:

	o config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old
  "unsafe" YAML loading strategy, maintaining the existing behavior but
  leaving the possible escalation vulnerability in place.  Setting this
  option to true is *not* recommended, but can aid in upgrading.

	o config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be
  deserialized by default.  This option allows you to specify classes deemed
  "safe" in your application.  For example, if your application uses Symbol
  and Time in serialized data, you can add Symbol and Time to the allowed
  list as follows:


	config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]


  [CVE-2022-32224]

Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 7 15:05:23 2022 UTC (15 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base
Branch point for: pkgsrc-2022Q2
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

www/ruby-rails61: update to 6.1.6

Ruby on Rails 6.1.6 (2022-05-12)

Active Support

* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters in
  names of tags and names of attributes, following the specification of XML.


Action View

* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Escape dangerous characters in names of tags and names of attributes in
  the tag helpers, following the XML specification. Rename the option
  :escape_attributes to :escape, to simplify by applying the option to the
  whole tag.


Action Pack

* Allow Content Security Policy DSL to generate for API responses.

Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sat Jun 4 09:31:41 2022 UTC (15 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q1
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)

Pullup ticket #6630 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
lang/ruby: version info update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update

Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.12
- devel/ruby-activejob61/distinfo                               1.12
- devel/ruby-activemodel61/distinfo                             1.12
- devel/ruby-activestorage61/Makefile                           1.5
- devel/ruby-activestorage61/distinfo                           1.12
- devel/ruby-activesupport61/Makefile                           1.4
- devel/ruby-activesupport61/distinfo                           1.12
- devel/ruby-railties61/distinfo                                1.12
- lang/ruby/rails.mk                                            1.121
- mail/ruby-actionmailbox61/PLIST                               1.2
- mail/ruby-actionmailbox61/distinfo                            1.12
- mail/ruby-actionmailer61/PLIST                                1.2
- mail/ruby-actionmailer61/distinfo                             1.12
- textproc/ruby-actiontext61/distinfo                           1.12
- www/ruby-actioncable61/distinfo                               1.12
- www/ruby-actionpack61/distinfo                                1.12
- www/ruby-actionview61/distinfo                                1.12
- www/ruby-rails61/distinfo                                     1.12

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:38:25 UTC 2022

   Modified Files:
   	pkgsrc/lang/ruby: rails.mk

   Log Message:
   lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1


   To generate a diff of this commit:
   cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:28:21 UTC 2022

   Modified Files:
   	pkgsrc/devel/ruby-activesupport61: Makefile distinfo

   Log Message:
   devel/ruby-activesupport61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.

       Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
       in names of tags and names of attributes, following the specification of XML.

       *┴ývaro MartÝţ Fraguas*

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Fix `ActiveSupport::Duration.build` to support negative values.

       The algorithm to collect the `parts` of the `ActiveSupport::Duration`
       ignored the sign of the `value` and accumulated incorrect part values. This
       impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
       not `ActiveSupport::Duration#eql?` (which is dependent on `value`).

       *Caleb Buxton*, *Braden Staudacher*

   *   `Time#change` and methods that call it (eg. `Time#advance`) will now
       return a `Time` with the timezone argument provided, if the caller was
       initialized with a timezone argument.

       Fixes [#42467](https://github.com/rails/rails/issues/42467).

       *Alex Ghiculescu*

   *   Clone to keep extended Logger methods for tagged logger.

       *Orhan Toy*

   *   `assert_changes` works on including `ActiveSupport::Assertions` module.

       *Pedro Medeiros*


   To generate a diff of this commit:
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:28:57 UTC 2022

   Modified Files:
   	pkgsrc/devel/ruby-activemodel61: distinfo

   Log Message:
   devel/ruby-activemodel61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Clear secure password cache if password is set to `nil`

       Before:

          user.password = 'something'
          user.password = nil

          user.password # => 'something'

       Now:

          user.password = 'something'
          user.password = nil

          user.password # => nil

       *Markus Doits*

   *   Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup`

       Passing a last positional argument `{}` would be incorrectly considered as keyword argument.

       *Benoit Daloze*

   *   Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object.

       *Ryuta Kamizono*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:29:32 UTC 2022

   Modified Files:
   	pkgsrc/www/ruby-actionview61: distinfo

   Log Message:
   www/ruby-actionview61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.

       Escape dangerous characters in names of tags and names of attributes in the
       tag helpers, following the XML specification. Rename the option
       `:escape_attributes` to `:escape`, to simplify by applying the option to the
       whole tag.

       *┴ývaro MartÝţ Fraguas*

   ## Rails 6.1.5 (March 09, 2022) ##

   *   `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
       types, such as JPG or SVG.

       *Nate Berkopec*

   *   Add `autocomplete="off"` to all generated hidden fields.

       Fixes #42610.

       *Ryan Baumann*

   *   Fix `current_page?` when URL has trailing slash.

       This fixes the `current_page?` helper when the given URL has a trailing slash,
       and is an absolute URL or also has query params.

       Fixes #33956.

       *Jonathan Hefner*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:30:02 UTC 2022

   Modified Files:
   	pkgsrc/www/ruby-actionpack61: distinfo

   Log Message:
   www/ruby-actionpack61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   Allow Content Security Policy DSL to generate for API responses.

       *Tim Wade*

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Fix `content_security_policy` returning invalid directives.

       Directives such as `self`, `unsafe-eval` and few others were not
       single quoted when the directive was the result of calling a lambda
       returning an array.

       ```ruby
       content_security_policy do |policy|
         policy.frame_ancestors lambda { [:self, "https://example.com"] }
       end
       ```

       With this fix the policy generated from above will now be valid.

       *Edouard Chin*

   *   Update `HostAuthorization` middleware to render debug info only
       when `config.consider_all_requests_local` is set to true.

       Also, blocked host info is always logged with level `error`.

       Fixes #42813.

       *Nikita Vyrko*

   *   Dup arrays that get "converted".

       Fixes #43681.

       *Aaron Patterson*

   *   Don't show deprecation warning for equal paths.

       *Anton Rieder*

   *   Fix crash in `ActionController::Instrumentation` with invalid HTTP formats.

       Fixes #43094.

       *Alex Ghiculescu*

   *   Add fallback host for SystemTestCase driven by RackTest.

       Fixes #42780.

       *Petrik de Heus*

   *   Add more detail about what hosts are allowed.

       *Alex Ghiculescu*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:30:33 UTC 2022

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo

   Log Message:
   databases/ruby-activerecord61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.

       Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` method.
       In Ruby 2.6, the receiver of the `String#@-` method is modified under certain circumstances.
       This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
       fixed in Ruby 2.7.

       Before the changes in this commit, the
       `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
       calls the `String#@-` method, could also modify an input string argument in Ruby 2.6 --
       changing a tainted, unfrozen string into a tainted, frozen string.

       Fixes #43056

       *Eric O'Hanlon*

   *   Fix migration compatibility to create SQLite references/belongs_to column as integer when
       migration version is 6.0.

       `reference`/`belongs_to` in migrations with version 6.0 were creating columns as
       bigint instead of integer for the SQLite Adapter.

       *Marcelo Lauxen*

   *   Fix dbconsole for 3-tier config.

       *Eileen M. Uchitelle*

   *   Better handle SQL queries with invalid encoding.

       ```ruby
       Post.create(name: "broken \xC8 UTF-8")
       ```

       Would cause all adapters to fail in a non controlled way in the code
       responsible to detect write queries.

       The query is now properly passed to the database connection, which might or might
       not be able to handle it, but will either succeed or failed in a more correct way.

       *Jean Boussier*

   *   Ignore persisted in-memory records when merging target lists.

       *Kevin Sj÷Ôerg*

   *   Fix regression bug that caused ignoring additional conditions for preloading
       `has_many` through relations.

       Fixes #43132

       *Alexander Pauly*

   *   Fix `ActiveRecord::InternalMetadata` to not be broken by
       `config.active_record.record_timestamps = false`

       Since the model always create the timestamp columns, it has to set them, otherwise it breaks
       various DB management tasks.

       Fixes #42983

       *Jean Boussier*

   *   Fix duplicate active record objects on `inverse_of`.

       *Justin Carvalho*

   *   Fix duplicate objects stored in has many association after save.

       Fixes #42549.

       *Alex Ghiculescu*

   *   Fix performance regression in `CollectionAssocation#build`.

       *Alex Ghiculescu*

   *   Fix retrieving default value for text column for MariaDB.

       *fatkodima*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:31:02 UTC 2022

   Modified Files:
   	pkgsrc/devel/ruby-activestorage61: Makefile distinfo

   Log Message:
   devel/ruby-activestorage61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Attachments can be deleted after their association is no longer defined.

       Fixes #42514

       *Don Sisco*


   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:31:47 UTC 2022

   Modified Files:
   	pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo

   Log Message:
   mail/ruby-actionmailbox61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Add `attachments` to the list of permitted parameters for inbound emails conductor.

       When using the conductor to test inbound emails with attachments, this prevents an
       unpermitted parameter warning in default configurations, and prevents errors for
       applications that set:

       ```ruby
       config.action_controller.action_on_unpermitted_parameters = :raise
       ```

       *David Jones*, *Dana Henke*


   To generate a diff of this commit:
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:32:28 UTC 2022

   Modified Files:
   	pkgsrc/www/ruby-actioncable61: distinfo

   Log Message:
   www/ruby-actioncable61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   The Action Cable client now ensures successful channel subscriptions:

       * The client maintains a set of pending subscriptions until either
         the server confirms the subscription or the channel is torn down.
       * Rectifies the race condition where an unsubscribe is rapidly followed
         by a subscribe (on the same channel identifier) and the requests are
         handled out of order by the ActionCable server, thereby ignoring the
         subscribe command.

       *Daniel Spinosa*

   *   Truncate broadcast logging messages.

       *J Smith*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:32:59 UTC 2022

   Modified Files:
   	pkgsrc/devel/ruby-railties61: distinfo

   Log Message:
   devel/ruby-railties61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it.
       This order plays better with shared namespaces.

       *Xavier Noria*

   *   Handle paths with spaces when editing credentials.

       *Alex Ghiculescu*

   *   Support Psych 4 when loading secrets.

       *Nat Morcos*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:33:27 UTC 2022

   Modified Files:
   	pkgsrc/textproc/ruby-actiontext61: distinfo

   Log Message:
   textproc/ruby-actiontext61: update to 6.1.5.1

   ## Rails 6.1.5.1 (April 26, 2022) ##

   *   No changes.

   ## Rails 6.1.5 (March 09, 2022) ##

   *   Fix Action Text extra trix content wrapper.

       *Alexandre Ruban*


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  5 03:34:37 UTC 2022

   Modified Files:
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: PLIST distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   Update rest of Ruby on Rails 61 components.

   No change except version.


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo

Revision 1.12 / (download) - annotate - [select for diffs], Thu May 5 03:32:59 2022 UTC (16 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)

devel/ruby-railties61: update to 6.1.5.1

## Rails 6.1.5.1 (April 26, 2022) ##

*   No changes.


## Rails 6.1.5 (March 09, 2022) ##

*   In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it.
    This order plays better with shared namespaces.

    *Xavier Noria*

*   Handle paths with spaces when editing credentials.

    *Alex Ghiculescu*

*   Support Psych 4 when loading secrets.

    *Nat Morcos*

Revision 1.11 / (download) - annotate - [select for diffs], Sun Mar 13 15:11:51 2022 UTC (18 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base
Branch point for: pkgsrc-2022Q1
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)

www/ruby-rails61: update to 6.1.4.7

Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.

Changes are in devel/ruby-activestorage61 only.


## Rails 6.1.4.7 (March 08, 2022) ##

* Added image transformation validation via configurable allow-list.

 Variant now offers a configurable allow-list for
 transformation methods in addition to a configurable deny-list for arguments.

 [CVE-2022-21831]

Revision 1.9.2.1 / (download) - annotate - [select for diffs], Thu Mar 3 19:11:59 2022 UTC (18 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)

Pullup ticket #6589 - requested by taca
www/wuby-rails61: security fix

Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.10
- devel/ruby-activejob61/distinfo                               1.10
- devel/ruby-activemodel61/distinfo                             1.10
- devel/ruby-activestorage61/distinfo                           1.10
- devel/ruby-activesupport61/distinfo                           1.10
- devel/ruby-railties61/distinfo                                1.10
- lang/ruby/rails.mk                                            1.113
- mail/ruby-actionmailbox61/distinfo                            1.10
- mail/ruby-actionmailer61/distinfo                             1.10
- textproc/ruby-actiontext61/distinfo                           1.10
- www/ruby-actioncable61/distinfo                               1.10
- www/ruby-actionpack61/distinfo                                1.10
- www/ruby-actionview61/distinfo                                1.10
- www/ruby-rails61/distinfo                                     1.10

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Feb 13 07:35:06 UTC 2022

   Modified Files:
   	pkgsrc/databases/ruby-activerecord61: distinfo
   	pkgsrc/devel/ruby-activejob61: distinfo
   	pkgsrc/devel/ruby-activemodel61: distinfo
   	pkgsrc/devel/ruby-activestorage61: distinfo
   	pkgsrc/devel/ruby-activesupport61: distinfo
   	pkgsrc/devel/ruby-railties61: distinfo
   	pkgsrc/lang/ruby: rails.mk
   	pkgsrc/mail/ruby-actionmailbox61: distinfo
   	pkgsrc/mail/ruby-actionmailer61: distinfo
   	pkgsrc/textproc/ruby-actiontext61: distinfo
   	pkgsrc/www/ruby-actioncable61: distinfo
   	pkgsrc/www/ruby-actionpack61: distinfo
   	pkgsrc/www/ruby-actionview61: distinfo
   	pkgsrc/www/ruby-rails61: distinfo

   Log Message:
   www/ruby-rails61: update to 6.1.4.6

   This update contains security fix for CVE-2022-23633 in ruby-actionpack61.

   Active Support 6.1.4.6 (2022-02-11)

   * Fix Reloader method signature to work with the new Executor signature.

   Action Pack 6.1.4.5 (2022-02-11)

   * Under certain circumstances, the middleware isn't informed that the
     response body has been fully closed which result in request state
     not being fully reset before the next request.

     [CVE-2022-23633]

   Other packages have no change.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Feb 13 07:35:06 2022 UTC (19 months, 1 week ago) by taca
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)

www/ruby-rails61: update to 6.1.4.6

This update contains security fix for CVE-2022-23633 in ruby-actionpack61.

Active Support 6.1.4.6 (2022-02-11)

* Fix Reloader method signature to work with the new Executor signature.

Action Pack 6.1.4.5 (2022-02-11)

* Under certain circumstances, the middleware isn't informed that the
  response body has been fully closed which result in request state
  not being fully reset before the next request.

  [CVE-2022-23633]

Other packages have no change.

Revision 1.9 / (download) - annotate - [select for diffs], Sun Dec 19 05:30:49 2021 UTC (21 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

devel/ruby-railties61: update to 6.1.4.4

## Rails 6.1.4.4 (December 15, 2021) ##

*   No changes.


## Rails 6.1.4.3 (December 14, 2021) ##

*   Allow localhost with a port by default in development

    [Fixes: #43864]

Revision 1.8 / (download) - annotate - [select for diffs], Tue Oct 26 10:19:42 2021 UTC (22 months, 4 weeks ago) by nia
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Could not be committed due to merge conflict:
devel/py-traitlets/distinfo

The following distfiles were unfetchable (note: some may be only fetched
conditionally):

./devel/pvs/distinfo pvs-3.2-solaris.tgz
./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip

Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 7 13:44:18 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)

devel: Remove SHA1 hashes for distfiles

Revision 1.6 / (download) - annotate - [select for diffs], Sun Aug 22 07:16:47 2021 UTC (2 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)

www/ruby-rails61: update to 6.1.4.1

Update Ruby on Rails 6.1 pacakges to 6.1.4.1.

Real changes are in Action Pack (www/ruby-actionpack61).


## Rails 6.1.4.1 (August 19, 2021) ##

*   [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware.

    Specially crafted "X-Forwarded-Host" headers in combination with certain
    "allowed host" formats can cause the Host Authorization middleware in Action
    Pack to redirect users to a malicious website.

Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 4 08:04:56 2021 UTC (2 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.4: +5 -5 lines
Diff to previous 1.4 (colored)

devel/ruby-railties61: update to 6.1.4

Railties

* Fix compatibility with psych >= 4.

  Starting in Psych 4.0.0 YAML.load behaves like YAML.safe_load.  To
  preserve compatibility Rails.application.config_for now uses
  YAML.unsafe_load if available.  (Jean Boussier)

* Ensure Rails.application.config_for always cast hashes to
  ActiveSupport::OrderedOptions.  (Jean Boussier)

* Fix create migration generator with --pretend option.  (euxx)

Revision 1.4 / (download) - annotate - [select for diffs], Sat May 8 14:08:56 2021 UTC (2 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

www/ruby-rails61: update to 6.1.3.2

Real changes are in www/ruby-actionpack61 only.

## Rails 6.1.3.2 (May 05, 2021) ##

*   Prevent open redirects by correctly escaping the host allow list
    CVE-2021-22903

*   Prevent catastrophic backtracking during mime parsing
    CVE-2021-22902

*   Prevent regex DoS in HTTP token authentication
    CVE-2021-22904

*   Prevent string polymorphic route arguments.

    `url_for` supports building polymorphic URLs via an array
    of arguments (usually symbols and records). If a developer passes a
    user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    *Gannon McGibbon*

Revision 1.3 / (download) - annotate - [select for diffs], Sun Apr 11 13:28:02 2021 UTC (2 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.2: +5 -5 lines
Diff to previous 1.2 (colored)

www/ruby-rails61: update to 6.1.3.1

Real changes are in devel/devel/ruby-activestorage61 only.

## Rails 6.1.3.1 (March 26, 2021) ##

*  Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
   mime types data.

   *George Claghorn*

Revision 1.2 / (download) - annotate - [select for diffs], Sun Feb 28 15:42:40 2021 UTC (2 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.1: +5 -5 lines
Diff to previous 1.1 (colored)

www/ruby-rails61: update to 6.1.3

Rails 6.1.3 (February 17, 2021)

[ActionPack]

* Re-define routes when not set correctly via inheritance.

    *John Hawthorn*

[ActiveRecord]

* Fix the MySQL adapter to always set the right collation and charset
  to the connection session.

    *Rafael Mendon├ža Fran├ža*

* Fix MySQL adapter handling of time objects when prepared statements
  are enabled.

    *Rafael Mendon├ža Fran├ža*

* Fix scoping in enum fields using conditions that would generate
  an IN clause.

    *Ryuta Kamizono*

* Skip optimised #exist? query when #include? is called on a relation
  with a having clause

  Relations that have aliased select values AND a having clause that
  references an aliased select value would generate an error when
  #include? was called, due to an optimisation that would generate
  call #exists? on the relation instead, which effectively alters
  the select values of the query (and thus removes the aliased select
  values), but leaves the having clause intact. Because the having
  clause is then referencing an aliased column that is no longer
  present in the simplified query, an ActiveRecord::InvalidStatement
  error was raised.

  An sample query affected by this problem:

    Author.select('COUNT(*) as total_posts', 'authors.*')
          .joins(:posts)
          .group(:id)
          .having('total_posts > 2')
          .include?(Author.first)

  This change adds an addition check to the condition that skips the
  simplified #exists? query, which simply checks for the presence of
  a having clause.

  Fixes #41417

    *Michael Smart*

* Increment postgres prepared statement counter before making a
  prepared statement, so if the statement is aborted without Rails
  knowledge (e.g., if app gets kill -9d during long-running query or
  due to Rack::Timeout), app won't end up in perpetual crash state for
  being inconsistent with Postgres.

    *wbharding*, *Martin Tepper*

Revision 1.1 / (download) - annotate - [select for diffs], Sun Feb 14 14:06:30 2021 UTC (2 years, 7 months ago) by taca
Branch: MAIN

devel/ruby-railties61: add package version 6.1.2.1

Railties -- Gluing the Engine to the Rails

Railties is responsible for gluing all frameworks together. Overall, it:

* handles the bootstrapping process for a Rails application;

* manages the +rails+ command line interface;

* and provides the Rails generators core.

This is for Ruby on Rails 6.1.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>