The NetBSD Project

CVS log for pkgsrc/www/ruby-actionpack32/Attic/distinfo

[BACK] Up to [] / pkgsrc / www / ruby-actionpack32

Request diff between arbitrary revisions

Default branch: MAIN
Current tag: MAIN

Revision 1.26, Sun Mar 3 15:59:57 2019 UTC (3 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.25: +1 -1 lines

www/ruby-actionpack32:: remove package

Remove ruby-actionpack32, a part of Ruby on Rails 3.2 packages which is
already EOL.

Revision 1.25 / (download) - annotate - [select for diffs], Tue Jul 18 14:06:28 2017 UTC (23 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-
Changes since 1.24: +5 -5 lines
Diff to previous 1.24 (colored)

Update ruby-actionpack32 to

* Add missing require to files
* Remove dead code and ensure values are strings before calling gsub
* Fix failing tests on 3-2-stable branch

Revision 1.24 / (download) - annotate - [select for diffs], Sun Aug 21 05:58:45 2016 UTC (2 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.23: +5 -5 lines
Diff to previous 1.23 (colored)

Update ruby-actionpack32 to

Fix CVE-2016-6316, XSS vulnerability in Action View.

Revision 1.23 / (download) - annotate - [select for diffs], Sat Mar 5 05:27:42 2016 UTC (3 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Branch point for: pkgsrc-2016Q2
Changes since 1.22: +5 -5 lines
Diff to previous 1.22 (colored)

Update ruby-actionpack32 to

Fixes CVE-2016-2097 and CVE-2016-2098.

Revision 1.22 / (download) - annotate - [select for diffs], Mon Feb 1 13:48:02 2016 UTC (3 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)

Note update of ruby-actionpack32 to

* Use secure string comparisons for basic auth username / password.
* Stop caching mime types globally.  (CVE-2016-0751)
* Don't short-circuit reject_if proc.  (CVE-2015-7577)
* Allow :file to be outside rails root, but anything else must be inside
  the rails view directory.  (CVE-2016-0752)

Revision 1.21 / (download) - annotate - [select for diffs], Wed Nov 4 02:47:32 2015 UTC (3 years, 7 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)

Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Jun 22 13:53:15 2015 UTC (4 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)

Update ruby-actionpack32 to 3.2.22.

## Rails 3.2.22 (Jun 16, 2015) ##

* No changes.

Revision 1.19 / (download) - annotate - [select for diffs], Tue Nov 18 15:46:18 2014 UTC (4 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

Update ruby-actionpack32 to 3.2.21.

Fix CVE-2014-7829 security problem.

Revision 1.18 / (download) - annotate - [select for diffs], Sat Nov 1 15:00:56 2014 UTC (4 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.17: +4 -4 lines
Diff to previous 1.17 (colored)

Update ruby-actionpack32 to 3.2.20.

Security fix for CVE-2014-7818.

Revision 1.17 / (download) - annotate - [select for diffs], Sun Jul 6 07:41:42 2014 UTC (4 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)

Update ruby-actionpack32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

*   Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with

    This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.

    *Shota Fukumori (sora_h)*

Revision 1.16 / (download) - annotate - [select for diffs], Sun May 11 10:04:15 2014 UTC (5 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base
Branch point for: pkgsrc-2014Q2
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

Update www/ruby-actionpack32 to 3.2.18.

## Rails 3.2.18 (May 6, 2014) ##

*   Only accept actions without File::SEPARATOR in the name.

    This will avoid directory traversal in implicit render.

    Fixes: CVE-2014-0130

    *Rafael Mendon¾­®á Fran¾­®á*

Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 2 15:03:02 2014 UTC (5 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

Update ruby-actionpack32 to 3.2.17.

*   Use the reference for the mime type to get the format

    Fixes: CVE-2014-0082

*   Escape format, negative_format and units options of number helpers

    Fixes: CVE-2014-0081

Revision 1.14 / (download) - annotate - [select for diffs], Wed Dec 4 15:45:38 2013 UTC (5 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)

Update ruby-actionpack32 to 3.2.16, security update.

* Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
* Stop using i18n's built in HTML error handling.  Fixes: CVE-2013-4491
* Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
* Only use valid mime type symbols as cache keys CVE-2013-6414

Revision 1.13 / (download) - annotate - [select for diffs], Fri Oct 18 15:27:20 2013 UTC (5 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

Update ruby-actionpack32 to 3.2.15.

## Rails 3.2.15 (Oct 16, 2013) ##

* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for
  spoofing attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are

  Fixes #12410
  Backports #10844

  *Tamir Duberstein*

* Fix the assert_recognizes test method so that it works when there are
  constraints on the querystring.

  Issue/Pull Request #9368
  Backport #5219

  *Brian Hahn*

* Fix to render partial by context(#11605).

  *Kassio Borges*

* Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to`
  does not show user-supplied message.

  Issue: when `assert_redirected_to` fails due to the response redirect not
  matching the expected redirect the user-supplied message (second parameter)
  is not shown. This message is only shown if the response is not a redirect.

  *Alexey Chernenkov*

Revision 1.12 / (download) - annotate - [select for diffs], Wed Sep 11 13:35:31 2013 UTC (5 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)

Update ruby-actionpack32 to 3.2.14

*   Merge `:action` from routing scope and assign endpoint if both `:controller`
    and `:action` are present. The endpoint assignment only occurs if there is
    no `:to` present in the options hash so should only affect routes using the
    shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    *Yves Senn*, *Andrew White*

*   Always escape the result of `link_to_unless` method.


        link_to_unless(true, '<b>Showing</b>', '')
        # => "<b>Showing</b>"


        link_to_unless(true, '<b>Showing</b>', '')
        # => "&lt;b&gt;Showing&lt;/b&gt;"


*   Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating
    different URIs.


        # => "<img alt=\"Google\" src=\"/assets/HTTP://\" />"
        # => "<img alt=\"Google\" src=\"\" />"


        # => "<img alt=\"Google\" src=\"HTTP://\" />"
        # => "<img alt=\"Google\" src=\"\" />"

    *David Celis + Rafael Mendon¾­®á Fran¾­®á*

*   Fix explicit names on multiple file fields. If a file field tag has
    the multiple option, it is turned into an array field (appending `[]`),
    but if an explicit name is passed to `file_field` the `[]` is not
    Fixes #9830.

    *Ryan McGeary*

Revision 1.11 / (download) - annotate - [select for diffs], Tue Mar 19 16:13:26 2013 UTC (6 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)

Update ruby-actionpack32 to 3.2.13.

This is part of security update of Ruby on Rails 3.2.13 and changes are
too many to write here.  Please refer

Revision 1.10 / (download) - annotate - [select for diffs], Tue Feb 12 14:31:52 2013 UTC (6 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)

Update ruby-actionpack32 to 3.2.12.

Change of version only.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 9 12:43:59 2013 UTC (6 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Update ruby-actionpack32 to 3.2.11.

## Rails 3.2.11 ##

* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]

Revision 1.8 / (download) - annotate - [select for diffs], Sat Jan 5 14:21:27 2013 UTC (6 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Update ruby-actionpack32 to 3.2.10.

Only version has updated.

Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 16 14:11:35 2012 UTC (6 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)

Update ruby-actionpack32 to 3.9.2.

## Rails 3.2.9 (unreleased) ##

*   Clear url helpers when reloading routes.

    *Santiago Pastorino*

*   Revert the shorthand routes scoped with `:module` option fix
    This added a regression since it is changing the URL mapping.
    This makes the stable release backward compatible.

    *Rafael Mendonça França*

*   Revert the `assert_template` fix to not pass with ever string that matches the template name.
    This added a regression since people were relying on this buggy behavior.
    This will introduce back #3849 but this stable release will be backward compatible.
    Fixes #8068.

    *Rafael Mendonça França*

*   Revert the rename of internal variable on ActionController::TemplateAssertions to prevent
    naming collisions. This added a regression related with shoulda-matchers, since it is
    expecting the [instance variable @layouts](
    This will introduce back #7459 but this stable release will be backward compatible.
    Fixes #8068.

    *Rafael Mendonça França*

*   Accept :remote as symbolic option for `link_to` helper. *Riley Lynch*

*   Warn when the `:locals` option is passed to `assert_template` outside of a view test case
    Fix #3415

    *Yves Senn*

*   Rename internal variables on ActionController::TemplateAssertions to prevent
    naming collisions. @partials, @templates and @layouts are now prefixed with an underscore.
    Fix #7459

    *Yves Senn*

*   `resource` and `resources` don't modify the passed options hash
    Fix #7777

    *Yves Senn*

*   Precompiled assets include aliases from foo.js to foo/index.js and vice versa.

        # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
        config.assets.precompile = [ 'phone.css' ]

        # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
        config.assets.precompile = [ 'phone/index.css' ]

        # Both of these work with either precompile thanks to their aliases.
        <%= stylesheet_link_tag 'phone', media: 'all' %>
        <%= stylesheet_link_tag 'phone/index', media: 'all' %>

    *Jeremy Kemper*

*   `assert_template` is no more passing with what ever string that matches
    with the template name.

    Before when we have a template `/layout/hello.html.erb`, `assert_template`
    was passing with any string that matches. This behavior allowed false
    positive like:

        assert_template "layout"
        assert_template "out/hello"

    Now it only passes with:

        assert_template "layout/hello"
        assert_template "hello"

    Fixes #3849.


*   Handle `ActionDispatch::Http::UploadedFile` like `Rack::Test::UploadedFile`, don't call to_param on it. Since
    `Rack::Test::UploadedFile` isn't API compatible this is needed to test file uploads that rely on `tempfile`
    being available.

    *Tim Vandecasteele*

*   Respect `config.digest = false` for `asset_path`

    Previously, the `asset_path` internals only respected the `:digest`
    option, but ignored the global config setting. This meant that
    `config.digest = false` could not be used in conjunction with
    `config.compile = false` this corrects the behavior.

    *Peter Wagenet*

*   Fix #7646, the log now displays the correct status code when an exception is raised.

    *Yves Senn*

*   Fix handling of date selects when using both disabled and discard options.
    Fixes #7431.

    *Vasiliy Ermolovich*

*   Fix select_tag when option_tags is nil.
    Fixes #7404.

    *Sandeep Ravichandran*

*   `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*

*   Support cookie jar options (e.g., domain :all) for all session stores.
    Fixes GH#3047, GH#2483.

    *Ravil Bayramgalin*

*   Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile
    will usually intercept the response and just uses the path directly, so no reason to open the file. This performance
    improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.

    *Jeremy Kemper & Erich Menge*

Revision 1.6 / (download) - annotate - [select for diffs], Sun Aug 12 12:40:00 2012 UTC (6 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)

Update ruby-actionpack32 to 3.2.8.

## Rails 3.2.8 (Aug 9, 2012) ##

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed

  *Marek from Nethemba ( & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
  value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value, there
  is a potential for XSS attacks.
  Vulnerable code will look something like this:

    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

Revision 1.5 / (download) - annotate - [select for diffs], Tue Jul 31 12:55:32 2012 UTC (6 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)

Update ruby-actionpack32 to 3.2.7.

## Rails 3.2.7 (unreleased) ##

* Do not convert digest auth strings to symbols. CVE-2012-3424

* Bump Journey requirements to 1.0.4

* Add support for optional root segments containing slashes

* Fixed bug creating invalid HTML in select options

* Show in log correct wrapped keys

* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered
  instead of line continuations.

* ActionController::Metal doesn't have logger method, check it and then

* ActionController::Caching depends on RackDelegation and

Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 13 15:15:59 2012 UTC (7 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)

Update www/ruby-actionpack32 to 3.2.6.

## Rails 3.2.6 (Jun 12, 2012) ##

*   nil is removed from array parameter values


*   Deprecate `:confirm` in favor of `':data => { :confirm => "Text" }'` option
    for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and
    `submit_tag` helpers.

    *Carlos Galdino*

*   Allow to use mounted_helpers (helpers for accessing mounted engines) in
    ActionView::TestCase. *Piotr Sarnacki*

*   Include mounted_helpers (helpers for accessing mounted engines) in
    ActionDispatch::IntegrationTest by default. *Piotr Sarnacki*

Revision 1.3 / (download) - annotate - [select for diffs], Sat Jun 2 01:40:25 2012 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)

Update ruby-actionpack32 to 3.2.5.

3.2.4 had some regression related problem.

## Rails 3.2.4 (May 31, 2012) ##

*   Deprecate old APIs for highlight, excerpt and word_wrap *Jeremy Walker*

*   Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to`, `button_tag` and `submit_tag` helpers.

    *Carlos Galdino + Rafael Mendonça França*

*   Deprecate `:mouseover` option for `image_tag` helper. *Rafael Mendonça França*

*   Deprecate `button_to_function` and `link_to_function` helpers. *Rafael Mendonça França*

*   Don't break Haml with textarea newline fix.  GH #393, #4000, #5190, #5191

*   Fix options handling on labels. GH #2492, #5614

*   Added config.action_view.embed_authenticity_token_in_remote_forms to deal
    with regression from 16ee611fa

*   Set rendered_format when doing render :inline. GH #5632

*   Fix the redirect when it receive blocks with arity of 1. Closes #5677

*   Strip [nil] from parameters hash. Thanks to Ben Murphy for
    reporting this! CVE-2012-2660

Revision 1.2 / (download) - annotate - [select for diffs], Sun Apr 29 13:00:28 2012 UTC (7 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.1: +4 -4 lines
Diff to previous 1.1 (colored)

Update www/ruby-actionpack32 to 3.3.2.

## Rails 3.2.3 (unreleased) ##

*   Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*

*   Fix #5632, render :inline set the proper rendered format. *Santiago Pastorino*

*   Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in *James Coleman*

*   Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*

*   Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*

*   Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
    check that info. Closes #5245. *Santiago Pastorino*

*   Fix #5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*

*   Upgrade rack-cache to 1.2. *José Valim*

*   ActionController::SessionManagement is deprecated. *Santiago Pastorino*

*   Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*

*   Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*

*   Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*

*   Fixes layout rendering regression from 3.2.2. *José Valim*

Revision 1.1 / (download) - annotate - [select for diffs], Sun Mar 18 06:47:55 2012 UTC (7 years, 3 months ago) by taca
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>