| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Ruby on Rails 3.0.17 security update.
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.15
- devel/ruby-activemodel/distinfo 1.15
- devel/ruby-activesupport3/distinfo 1.16
- devel/ruby-railties/distinfo 1.15
- lang/ruby/rails.mk 1.28
- mail/ruby-actionmailer3/distinfo 1.17
- www/ruby-actionpack3/distinfo 1.16
- www/ruby-activeresource3/distinfo 1.15
- www/ruby-rails3/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:22 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.0.17.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:58 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:45:45 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:46:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.17
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:47:45 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:48:26 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:49:01 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:50:41 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.17.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 15:58:23 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Oops, missed from commit for ruby-activeresource3.
|
|
databases/ruby-activerecord3: security update
devel/ruby-activemodel: security update
devel/ruby-activesupport3: security update
devel/ruby-railties: security update
mail/ruby-actionmailer3: security update
mail/ruby-mail22/Makefile
www/ruby-actionpack3: security update
www/ruby-activeresource3: security update
www/ruby-rails3: security update
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.14
- devel/ruby-activemodel/distinfo 1.14
- devel/ruby-activesupport3/distinfo 1.15
- devel/ruby-railties/distinfo 1.14
- lang/ruby/rails.mk 1.25
- mail/ruby-actionmailer3/distinfo 1.16
- mail/ruby-mail22/Makefile 1.5
- www/ruby-actionpack3/distinfo 1.15
- www/ruby-activeresource3/distinfo 1.14
- www/ruby-rails3/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:20:08 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails to 3.0.16.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:03 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:54 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:22:56 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Update ruby-activeresource3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:24:29 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:14 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:26:47 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:27:36 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.16.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 13:02:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-mail22: Makefile
Log Message:
Bump PKGREVISION to reflect dependency to devel/ruby-activesupport3.
|
|
pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
|
|
* Rails 3.0.13 (May 31, 2012)
* No changes.
|
|
pkgsrc change only:
* Tweak COMMENT.
* Strict dependency to devel/ruby-i18n_05.
|
|
Since there was a small window having bad dependency, bump PKGREVISION.
|
|
* Allow dependency to newer ruby-i18n.
Bump PKGREVISION.
|
|
|
|
Bump version only.
|
|
|
|
These are update of the version only.
|
|
Changed version only.
|
|
|
|
*Rails 3.0.6 (April 5, 2011)
* Fix when database column name has some symbolic characters
(e.g. Oracle CASE# VARCHAR2(20)) #5818 #6850 [Robert Pankowecki,
Santiago Pastorino]
* Fix length validation for fixnums #6556 [Andriy Tyurnikov]
* Fix i18n key collision with namespaced models #6448 [yves.senn]
|
|
It is version update only.
* Switch to use lang/ruby/rails.mk.
|
|
existed but patches directory wasn't cvs added...
Bump PKGREVISION.
|
|
* More strict dependency reflect gemspec's description.
* It is update of version only for Ruby on Rails 3.0.4 update.
|
|
No change except version, it is part of Rails 3.0.1.
|
|
Active Model provides a known set of interfaces for usage in model classes.
They allow for Action Pack helpers to interact with non-ActiveRecord models,
for example. Active Model also helps building custom ORMs for use outside of
the Rails framework.
(This is part of Ruby on Rails 3.)
|
