[pkgsrc/trunk]: pkgsrc/www/ruby-actionpack3 Update ruby-actionpack3 to 3.0.17

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c1bc34928acd
branches:  trunk
changeset: 607454:c1bc34928acd
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun Aug 12 09:46:45 2012 +0000

description:
Update ruby-actionpack3 to 3.0.17

## Rails 3.0.17 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
  value is not escaped.  If untrusted data is not escaped, and is supplied as
  the prompt value, there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

diffstat:

 www/ruby-actionpack3/distinfo |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (13 lines):

diff -r bf031a35b2fe -r c1bc34928acd www/ruby-actionpack3/distinfo
--- a/www/ruby-actionpack3/distinfo     Sun Aug 12 09:45:45 2012 +0000
+++ b/www/ruby-actionpack3/distinfo     Sun Aug 12 09:46:45 2012 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.15 2012/07/31 12:24:29 taca Exp $
+$NetBSD: distinfo,v 1.16 2012/08/12 09:46:45 taca Exp $
 
-SHA1 (actionpack-3.0.16.gem) = e07eb21b957a1d3fc08c8dd49c709cebe5274625
-RMD160 (actionpack-3.0.16.gem) = 9bcb8da14d62e84dfc8a181872634f1c5f2a3eec
-Size (actionpack-3.0.16.gem) = 355328 bytes
+SHA1 (actionpack-3.0.17.gem) = d376046160772c1ef74804ed24173c998482b7b7
+RMD160 (actionpack-3.0.17.gem) = 498c240a97f86c3f6f4a7d336a5d16952d513aba
+Size (actionpack-3.0.17.gem) = 355840 bytes