From b05da69301286b0d122084ce1560bb13a4000f70 Mon Sep 17 00:00:00 2001 From: bsiegert Date: Sun, 23 Oct 2022 11:30:41 +0000 Subject: Pullup ticket #6690 - requested by taca devel/ruby-redmine50: security fix Revisions pulled up: - devel/ruby-redmine50/Makefile 1.4 - devel/ruby-redmine50/PLIST 1.2 - devel/ruby-redmine50/distinfo 1.3 - devel/ruby-redmine50/patches/patch-Gemfile 1.3 --- Module Name: pkgsrc Committed By: taca Date: Sun Oct 9 15:32:55 UTC 2022 Modified Files: pkgsrc/devel/ruby-redmine50: Makefile PLIST distinfo pkgsrc/devel/ruby-redmine50/patches: patch-Gemfile Log Message: devel/ruby-redmine50: update to 5.0.3 5.0.3 (2022-10-02) [Code cleanup/refactoring] * Defect #37609: Remove obsolete remnant public/images/openid-bg.gif * Defect #37449: Passing a wrong parameter to `with_settings` in UserTest::test_random_password_include_required_characters [Filters] * Defect #36940: Chained custom field filter doesn't work for User fields * Defect #37349: Chained custom field filter for User fields returns 500 internal server error when filtering after a float value [Issues] * Defect #37369: Mention auto-complete not works in bulk-edit comments * Defect #37499: Default query should not be applied if the query is not allowed to be set as the default * Defect #37473: Focus IssueId not working when linking issues [Issues list] * Defect #37268: Performance problem with Redmine 4.2.7 and 5.0.2 [Rails support] * Patch #37452: Update Rails to 6.1.7 [Security] * Defect #37492: Update jQuery UI to 1.13.2 [SCM] * Defect #33953: Repository tab is not displayed if no repository is set as the main repository * Defect #36258: Support revision without any message in Mercurial repositories * Defect #37585: Do not show "History" tab for content in Filesystem repository * Defect #37626: Diff of a javascript file in repository module is not displayed with layout * Defect #37718: Repository browser does not show "+" (plus sign) in filename [SCM extra] * Defect #37562: POST Requests to repository WS fail with "Can't verify CSRF token authenticity" [Text formatting] * Defect #37237: Common Markdown Formatter does not render all properties on HTML elements * Patch #37713: Add rel="noopener" to all external links that would open a new tab/window * Defect #37379: Thumbnail macro does not work when a file is attached and preview is displayed immediately [Translations] * Defect #37529: Fix mistranslation of label button_create_and_follow in Russian translation * Defect #37603: Missing translation for label_default_queries.for_this_user * Patch #35613: German translation update of Wiki syntax help for 5.0-stable * Patch #37263: Lithuanian translation update for 5.0-stable * Patch #37698: Persian translation update for 4.2-stable [UI] * Defect #36901: Jump to project is misaligned in Safari 15.4 and later * Defect #37282: Subtask isn't displayed correctly since 4.2.7 * Defect #37481: Fix the unintentional selection of rows with the context menu * Defect #37566: The number of the ordered list in the project description is not displayed and the indentation does not match the unordered list --- devel/ruby-redmine50/Makefile | 16 ++++++---------- devel/ruby-redmine50/PLIST | 9 +++++---- devel/ruby-redmine50/distinfo | 10 +++++----- devel/ruby-redmine50/patches/patch-Gemfile | 16 ++++++++-------- 4 files changed, 24 insertions(+), 27 deletions(-) diff --git a/devel/ruby-redmine50/Makefile b/devel/ruby-redmine50/Makefile index 060e7f0a7c9..3138e3bfa72 100644 --- a/devel/ruby-redmine50/Makefile +++ b/devel/ruby-redmine50/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.3 2022/09/10 13:16:20 taca Exp $ +# $NetBSD: Makefile,v 1.3.2.1 2022/10/23 11:30:41 bsiegert Exp $ DISTNAME= redmine-${RM_VERSION} PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/} -PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= https://www.redmine.org/releases/ @@ -11,7 +10,7 @@ HOMEPAGE= https://www.redmine.org/ COMMENT= Flexible project management web application LICENSE= gnu-gpl-v2 # and so on. -RM_VERSION= 5.0.2 +RM_VERSION= 5.0.3 NO_BUILD= yes @@ -19,9 +18,7 @@ RUBY_VERSIONS_ACCEPTED= 27 30 31 RUBY_RAILS_ACCEPTED= 61 -OVERRIDE_GEMSPEC+= nokogiri>=1.11.0 mini_mime>=1.0.1 csv>=3.1.1 - -DEPENDS+= ${RUBY_PKGPREFIX}-bundler>=1.5.0:../../misc/ruby-bundler +DEPENDS+= ${RUBY_PKGPREFIX}-bundler>=1.12.0:../../misc/ruby-bundler DEPENDS+= ${RUBY_RAILS_DEPENDS} DEPENDS+= ${RUBY_PKGPREFIX}-rouge>=3.28:../../www/ruby-rouge DEPENDS+= ${RUBY_PKGPREFIX}-request_store>=1.5.0<1.6:../../www/ruby-request_store @@ -32,20 +29,19 @@ DEPENDS+= ${RUBY_PKGPREFIX}-roadie-rails${RUBY_RAILS}>=3.0.0<3.1:../../mail/ruby DEPENDS+= ${RUBY_PKGPREFIX}-marcel>=1.0.0:../../devel/ruby-marcel DEPENDS+= ${RUBY_PKGPREFIX}-mail>=2.7.1<2.8:../../mail/ruby-mail DEPENDS+= ${RUBY_PKGPREFIX}-csv>=3.2.0<3.3:../../textproc/ruby-csv -DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.13.0<1.14:../../textproc/ruby-nokogiri +DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.13.4<1.14:../../textproc/ruby-nokogiri DEPENDS+= ${RUBY_PKGPREFIX}-i18n>=1.10.0<1.11:../../devel/ruby-i18n DEPENDS+= ${RUBY_PKGPREFIX}-rbpdf>=1.20.0<1.21:../../print/ruby-rbpdf DEPENDS+= ${RUBY_PKGPREFIX}-addressable>=0:../../net/ruby-addressable DEPENDS+= ${RUBY_PKGPREFIX}-zip>=2.3.0<2.4:../../archivers/ruby-zip -#DEPENDS+= ${RUBY_PKGPREFIX}-tzinfo-data>=1:../../time/ruby-tzinfo-data DEPENDS+= ${RUBY_PKGPREFIX}-rotp>=6.2.0:../../security/ruby-rotp DEPENDS+= ${RUBY_PKGPREFIX}-rqrcode>=1.2.0:../../textproc/ruby-rqrcode DEPENDS+= ${RUBY_PKGPREFIX}-net-ldap>=0.17.0<0.18:../../net/ruby-net-ldap DEPENDS+= ${RUBY_PKGPREFIX}-mini-magick>=4.11.0<4.12:../../graphics/ruby-mini-magick DEPENDS+= ${RUBY_PKGPREFIX}-redcarpet>=3.5.1<3.6:../../textproc/ruby-redcarpet DEPENDS+= ${RUBY_PKGPREFIX}-deckar01-task_list>=2.3.2:../../textproc/ruby-deckar01-task_list -DEPENDS+= ${RUBY_PKGPREFIX}-html-pipeline>=2.13.2<2.15:../../textproc/ruby-html-pipeline -DEPENDS+= ${RUBY_PKGPREFIX}-commonmarker>=0.23.1:../../textproc/ruby-commonmarker +DEPENDS+= ${RUBY_PKGPREFIX}-html-pipeline>=2.13.2<3:../../textproc/ruby-html-pipeline +DEPENDS+= ${RUBY_PKGPREFIX}-commonmarker>=0.23.1<1:../../textproc/ruby-commonmarker DEPENDS+= ${RUBY_PKGPREFIX}-sanitize>=6.0<7:../../textproc/ruby-sanitize .include "../../lang/ruby/modules.mk" diff --git a/devel/ruby-redmine50/PLIST b/devel/ruby-redmine50/PLIST index 2b6e818b497..21f332f4d3c 100644 --- a/devel/ruby-redmine50/PLIST +++ b/devel/ruby-redmine50/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2022/09/03 13:53:58 taca Exp $ +@comment $NetBSD: PLIST,v 1.1.2.1 2022/10/23 11:30:41 bsiegert Exp $ bin/redmine50_generate_secret_token${RUBY_SUFFIX}.sh bin/redmine50_load_default_data${RUBY_SUFFIX}.sh bin/redmine50_migrate_db${RUBY_SUFFIX}.sh @@ -1267,6 +1267,8 @@ share/${RUBY_NAME}-redmine50/public/help/da/wiki_syntax_detailed_markdown.html share/${RUBY_NAME}-redmine50/public/help/da/wiki_syntax_detailed_textile.html share/${RUBY_NAME}-redmine50/public/help/da/wiki_syntax_markdown.html share/${RUBY_NAME}-redmine50/public/help/da/wiki_syntax_textile.html +share/${RUBY_NAME}-redmine50/public/help/de/wiki_syntax_common_mark.html +share/${RUBY_NAME}-redmine50/public/help/de/wiki_syntax_detailed_common_mark.html share/${RUBY_NAME}-redmine50/public/help/de/wiki_syntax_detailed_markdown.html share/${RUBY_NAME}-redmine50/public/help/de/wiki_syntax_detailed_textile.html share/${RUBY_NAME}-redmine50/public/help/de/wiki_syntax_markdown.html @@ -1536,7 +1538,6 @@ share/${RUBY_NAME}-redmine50/public/images/milestone_late.png share/${RUBY_NAME}-redmine50/public/images/milestone_todo.png share/${RUBY_NAME}-redmine50/public/images/move.png share/${RUBY_NAME}-redmine50/public/images/news.png -share/${RUBY_NAME}-redmine50/public/images/openid-bg.gif share/${RUBY_NAME}-redmine50/public/images/package.png share/${RUBY_NAME}-redmine50/public/images/plugin.png share/${RUBY_NAME}-redmine50/public/images/project_marker.png @@ -1627,7 +1628,7 @@ share/${RUBY_NAME}-redmine50/public/javascripts/i18n/datepicker-uk.js share/${RUBY_NAME}-redmine50/public/javascripts/i18n/datepicker-vi.js share/${RUBY_NAME}-redmine50/public/javascripts/i18n/datepicker-zh-CN.js share/${RUBY_NAME}-redmine50/public/javascripts/i18n/datepicker-zh-TW.js -share/${RUBY_NAME}-redmine50/public/javascripts/jquery-3.6.0-ui-1.13.1-ujs-6.1.3.1.js +share/${RUBY_NAME}-redmine50/public/javascripts/jquery-3.6.1-ui-1.13.2-ujs-6.1.7.js share/${RUBY_NAME}-redmine50/public/javascripts/jstoolbar/common_mark.js share/${RUBY_NAME}-redmine50/public/javascripts/jstoolbar/jstoolbar.js share/${RUBY_NAME}-redmine50/public/javascripts/jstoolbar/lang/jstoolbar-ar.js @@ -1699,7 +1700,7 @@ share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/images/ui-icons_777620_25 share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/images/ui-icons_777777_256x240.png share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/images/ui-icons_cc0000_256x240.png share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/images/ui-icons_ffffff_256x240.png -share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/jquery-ui-1.13.1.css +share/${RUBY_NAME}-redmine50/public/stylesheets/jquery/jquery-ui-1.13.2.css share/${RUBY_NAME}-redmine50/public/stylesheets/jstoolbar.css share/${RUBY_NAME}-redmine50/public/stylesheets/responsive.css share/${RUBY_NAME}-redmine50/public/stylesheets/rtl.css diff --git a/devel/ruby-redmine50/distinfo b/devel/ruby-redmine50/distinfo index affd1b1ce78..d13422519bc 100644 --- a/devel/ruby-redmine50/distinfo +++ b/devel/ruby-redmine50/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.2 2022/09/10 15:54:46 taca Exp $ +$NetBSD: distinfo,v 1.2.2.1 2022/10/23 11:30:41 bsiegert Exp $ -BLAKE2s (redmine-5.0.2.tar.gz) = 9007851c68874012f6fcf8544362bcafcb6ddad31d556581b1281d7e2e7971bf -SHA512 (redmine-5.0.2.tar.gz) = aeb0486b2193b0c622f878b67089f9628a59c28bc7a6d3660756dd8047e13b199198d2b7cf42d04c1235f06567e4c4f572d529f964edb862fcd19e2ce7febbdc -Size (redmine-5.0.2.tar.gz) = 3104135 bytes -SHA1 (patch-Gemfile) = 65475eb402da669944819d7ac97d14bb19fd90ad +BLAKE2s (redmine-5.0.3.tar.gz) = 47710138cd38b6d442ad952d4bb1e3cdd016b6bd64bf172ce8636311a219b550 +SHA512 (redmine-5.0.3.tar.gz) = ad790e1674485c7a2e9c59d6f653de7b90dcc673fb979d0433bf275bcdc2a794fe9cf78788fce928a111e3e8cbc296230a57702d9e0ea8f317f7a00cc3d8481b +Size (redmine-5.0.3.tar.gz) = 3113409 bytes +SHA1 (patch-Gemfile) = e98a0dd810e1b55daf8ea4f70c35b96dba619035 SHA1 (patch-config_additional__environment.rb.example) = 7ad913800c5f31fdd9b71aa92294bdbeea7b77fe SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff diff --git a/devel/ruby-redmine50/patches/patch-Gemfile b/devel/ruby-redmine50/patches/patch-Gemfile index ae86e49cbee..ce480e8bd5d 100644 --- a/devel/ruby-redmine50/patches/patch-Gemfile +++ b/devel/ruby-redmine50/patches/patch-Gemfile @@ -1,23 +1,23 @@ -$NetBSD: patch-Gemfile,v 1.2 2022/09/10 13:16:20 taca Exp $ +$NetBSD: patch-Gemfile,v 1.2.2.1 2022/10/23 11:30:41 bsiegert Exp $ * Relax dependency. * Do not load gem for developemt and test. ---- Gemfile.orig 2022-06-21 05:20:45.000000000 +0000 +--- Gemfile.orig 2022-10-02 20:10:35.000000000 +0000 +++ Gemfile @@ -3,9 +3,9 @@ source 'https://rubygems.org' ruby '>= 2.5.0', '< 3.2.0' gem 'bundler', '>= 1.12.0' --gem 'rails', '6.1.6' -+gem 'rails', '~> 6.1' +-gem 'rails', '6.1.7' ++gem 'rails', '~>6.1' gem 'globalid', '~> 0.4.2' if Gem.ruby_version < Gem::Version.new('2.6.0') -gem 'rouge', '~> 3.28.0' +gem 'rouge', '~> 3.28' gem 'request_store', '~> 1.5.0' gem 'mini_mime', '~> 1.1.0' gem "actionpack-xml_parser" -@@ -46,8 +46,8 @@ gem 'redcarpet', '~> 3.5.1', groups: [:m +@@ -48,8 +48,8 @@ gem 'redcarpet', '~> 3.5.1', groups: [:m # Optional CommonMark support, not for JRuby group :common_mark do @@ -28,7 +28,7 @@ $NetBSD: patch-Gemfile,v 1.2 2022/09/10 13:16:20 taca Exp $ gem "sanitize", "~> 6.0" gem 'deckar01-task_list', '2.3.2' end -@@ -67,7 +67,7 @@ if File.exist?(database_file) +@@ -69,7 +69,7 @@ if File.exist?(database_file) when 'mysql2' gem "mysql2", "~> 0.5.0", :platforms => [:mri, :mingw, :x64_mingw] when /postgresql/ @@ -37,7 +37,7 @@ $NetBSD: patch-Gemfile,v 1.2 2022/09/10 13:16:20 taca Exp $ when /sqlite3/ gem "sqlite3", "~> 1.4.0", :platforms => [:mri, :mingw, :x64_mingw] when /sqlserver/ -@@ -84,6 +84,7 @@ else +@@ -86,6 +86,7 @@ else warn("Please configure your config/database.yml first") end @@ -45,7 +45,7 @@ $NetBSD: patch-Gemfile,v 1.2 2022/09/10 13:16:20 taca Exp $ group :development do gem 'listen', '~> 3.3' gem "yard" -@@ -104,6 +105,7 @@ group :test do +@@ -106,6 +107,7 @@ group :test do gem 'rubocop-performance', '~> 1.13.0' gem 'rubocop-rails', '~> 2.14.0' end -- cgit v1.2.3