[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2012Q2 2012-08-20T07:54:04Z 2012-08-20T07:54:04Z sbd sbd 2012-08-20T07:54:04Z urn:sha1:51a622c60111da3d312e5cc3f1483f5dd5b2c4ee Ruby on Rails 3.0.17 security update. Revisions pulled up: - databases/ruby-activerecord3/distinfo 1.15 - devel/ruby-activemodel/distinfo 1.15 - devel/ruby-activesupport3/distinfo 1.16 - devel/ruby-railties/distinfo 1.15 - lang/ruby/rails.mk 1.28 - mail/ruby-actionmailer3/distinfo 1.17 - www/ruby-actionpack3/distinfo 1.16 - www/ruby-activeresource3/distinfo 1.15 - www/ruby-rails3/distinfo 1.16 --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:44:22 UTC 2012 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails 3.0.17. --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:44:58 UTC 2012 Modified Files: pkgsrc/devel/ruby-activesupport3: distinfo Log Message: Update ruby-activesupport3 to 3.0.17. ## Rails 3.0.17 (Aug 9, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:45:45 UTC 2012 Modified Files: pkgsrc/devel/ruby-activemodel: distinfo Log Message: Update ruby-activemodel to 3.0.17. ## Rails 3.0.17 (Aug 9, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:46:45 UTC 2012 Modified Files: pkgsrc/www/ruby-actionpack3: distinfo Log Message: Update ruby-actionpack3 to 3.0.17 ## Rails 3.0.17 (Aug 9, 2012) * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the helper doesn't correctly handle malformed html. As a result an attacker can execute arbitrary javascript through the use of specially crafted malformed html. *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino* * When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. Vulnerable code will look something like this: select_tag("name", options, :prompt => UNTRUSTED_INPUT) *Santiago Pastorino* --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:47:45 UTC 2012 Modified Files: pkgsrc/databases/ruby-activerecord3: distinfo Log Message: Update ruby-activerecord3 to 3.0.17. ## Rails 3.0.17 (Aug 9, 2012) * Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252) --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:48:26 UTC 2012 Modified Files: pkgsrc/mail/ruby-actionmailer3: distinfo Log Message: Update ruby-actionmailer3 to 3.0.17. ## Rails 3.0.17 (Aug 9, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:49:01 UTC 2012 Modified Files: pkgsrc/devel/ruby-railties: distinfo Log Message: Update ruby-railties to 3.0.17. ## Rails 3.0.17 (Aug 9, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 09:50:41 UTC 2012 Modified Files: pkgsrc/www/ruby-rails3: distinfo Log Message: Update ruby-rails3 to 3.0.17. This is a meta-like package and no changes. --- Module Name: pkgsrc Committed By: taca Date: Wed Aug 15 15:58:23 UTC 2012 Modified Files: pkgsrc/www/ruby-activeresource3: distinfo Log Message: Oops, missed from commit for ruby-activeresource3. 2012-08-12T14:06:57Z tron tron 2012-08-12T14:06:57Z urn:sha1:de674122bc2d5f240bd896f7db450de236b013da databases/ruby-activerecord3: security update devel/ruby-activemodel: security update devel/ruby-activesupport3: security update devel/ruby-railties: security update mail/ruby-actionmailer3: security update mail/ruby-mail22/Makefile www/ruby-actionpack3: security update www/ruby-activeresource3: security update www/ruby-rails3: security update Revisions pulled up: - databases/ruby-activerecord3/distinfo 1.14 - devel/ruby-activemodel/distinfo 1.14 - devel/ruby-activesupport3/distinfo 1.15 - devel/ruby-railties/distinfo 1.14 - lang/ruby/rails.mk 1.25 - mail/ruby-actionmailer3/distinfo 1.16 - mail/ruby-mail22/Makefile 1.5 - www/ruby-actionpack3/distinfo 1.15 - www/ruby-activeresource3/distinfo 1.14 - www/ruby-rails3/distinfo 1.15 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:20:08 UTC 2012 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails to 3.0.16. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:21:03 UTC 2012 Modified Files: pkgsrc/devel/ruby-activesupport3: distinfo Log Message: Update ruby-activesupport3 to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:21:54 UTC 2012 Modified Files: pkgsrc/devel/ruby-activemodel: distinfo Log Message: Update ruby-activemodel to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:22:56 UTC 2012 Modified Files: pkgsrc/www/ruby-activeresource3: distinfo Log Message: Update ruby-activeresource3 to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:24:29 UTC 2012 Modified Files: pkgsrc/www/ruby-actionpack3: distinfo Log Message: Update ruby-actionpack3 to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * Do not convert digest auth strings to symbols. CVE-2012-3424 ## Rails 3.0.14 (Jun 12, 2012) * nil is removed from array parameter values CVE-2012-2694 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:25:14 UTC 2012 Modified Files: pkgsrc/databases/ruby-activerecord3: distinfo Log Message: Update ruby-activerecord3 to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well. CVE-2012-2695 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:25:49 UTC 2012 Modified Files: pkgsrc/mail/ruby-actionmailer3: distinfo Log Message: Update ruby-actionmailer3 to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:26:47 UTC 2012 Modified Files: pkgsrc/devel/ruby-railties: distinfo Log Message: Update ruby-railties to 3.0.16. ## Rails 3.0.16 (Jul 26, 2012) * No changes. ## Rails 3.0.14 (Jun 12, 2012) * No changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 12:27:36 UTC 2012 Modified Files: pkgsrc/www/ruby-rails3: distinfo Log Message: Update ruby-rails3 to 3.0.16. This is a meta-like package and no changes. --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 31 13:02:49 UTC 2012 Modified Files: pkgsrc/mail/ruby-mail22: Makefile Log Message: Bump PKGREVISION to reflect dependency to devel/ruby-activesupport3. 2012-06-14T14:47:52Z taca taca 2012-06-14T14:47:52Z urn:sha1:33f7c598907ac1bdd55b1efe10a8ffe60ea0b0dc pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later. ## Rails 3.0.14 (Jun 12, 2012) * No changes. 2012-06-02T01:27:07Z taca taca 2012-06-02T01:27:07Z urn:sha1:9cffdd6850280ce3bbf264201bf7df1a2932751c * Rails 3.0.13 (May 31, 2012) * Stop SafeBuffer#clone_empty from issuing warnings 2012-03-18T05:21:55Z taca taca 2012-03-18T05:21:55Z urn:sha1:c9196852d3d87ded60f5cc2a57f360975b7fc57b Merged CVE-2012-1099 fix. 2012-03-03T04:47:13Z taca taca 2012-03-03T04:47:13Z urn:sha1:a5297eb886e24dd5edffef453689ca8606fbc5aa devel/ruby-activesupport3 devel/ruby-activesupport31 www/ruby-actionpack3 www/ruby-actionpack31 And bump each PKGREVISION. 2011-12-13T15:53:37Z taca taca 2011-12-13T15:53:37Z urn:sha1:c9569db33d4490da1013208ab1adcdd213fe9f2b * Don't hard code RUBY_RAILS2_VERSION in DISTNAME. 2011-11-19T15:32:34Z taca taca 2011-11-19T15:32:34Z urn:sha1:210c8500a7e6759e14b3ca71e8f23cd3d300a1cc 2011-08-17T14:16:45Z taca taca 2011-08-17T14:16:45Z urn:sha1:9836e53dacda1b0a37e52ca63b8f9736558a3668 * Rails 3.0.10 * Delayed backtrace scrubbing in `load_missing_constant` until we actually raise the exception 2011-06-17T13:50:48Z taca taca 2011-06-17T13:50:48Z urn:sha1:40cba5500b78f5559fe9f9b9e6045fd2e0d818df These are update of the version only.