CVS commit: [pkgsrc-2012Q2] pkgsrc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc
From: "Steven Drake" <sbd%netbsd.org@localhost>
Date: Mon, 20 Aug 2012 07:54:06 +0000
Module Name:    pkgsrc
Committed By:   sbd
Date:           Mon Aug 20 07:54:05 UTC 2012

Modified Files:
        pkgsrc/databases/ruby-activerecord3 [pkgsrc-2012Q2]: distinfo
        pkgsrc/devel/ruby-activemodel [pkgsrc-2012Q2]: distinfo
        pkgsrc/devel/ruby-activesupport3 [pkgsrc-2012Q2]: distinfo
        pkgsrc/devel/ruby-railties [pkgsrc-2012Q2]: distinfo
        pkgsrc/lang/ruby [pkgsrc-2012Q2]: rails.mk
        pkgsrc/mail/ruby-actionmailer3 [pkgsrc-2012Q2]: distinfo
        pkgsrc/www/ruby-actionpack3 [pkgsrc-2012Q2]: distinfo
        pkgsrc/www/ruby-activeresource3 [pkgsrc-2012Q2]: distinfo
        pkgsrc/www/ruby-rails3 [pkgsrc-2012Q2]: distinfo

Log Message:
Pullup ticket #3903 - requested by taca
Ruby on Rails 3.0.17 security update.

Revisions pulled up:
- databases/ruby-activerecord3/distinfo                         1.15
- devel/ruby-activemodel/distinfo                               1.15
- devel/ruby-activesupport3/distinfo                            1.16
- devel/ruby-railties/distinfo                                  1.15
- lang/ruby/rails.mk                                            1.28
- mail/ruby-actionmailer3/distinfo                              1.17
- www/ruby-actionpack3/distinfo                                 1.16
- www/ruby-activeresource3/distinfo                             1.15
- www/ruby-rails3/distinfo                                      1.16

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:44:22 UTC 2012

   Modified Files:
        pkgsrc/lang/ruby: rails.mk

   Log Message:
   Start update of Ruby on Rails 3.0.17.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:44:58 UTC 2012

   Modified Files:
        pkgsrc/devel/ruby-activesupport3: distinfo

   Log Message:
   Update ruby-activesupport3 to 3.0.17.

   ## Rails 3.0.17 (Aug 9, 2012)

   * No changes.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:45:45 UTC 2012

   Modified Files:
        pkgsrc/devel/ruby-activemodel: distinfo

   Log Message:
   Update ruby-activemodel to 3.0.17.

   ## Rails 3.0.17 (Aug 9, 2012)

   * No changes.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:46:45 UTC 2012

   Modified Files:
        pkgsrc/www/ruby-actionpack3: distinfo

   Log Message:
   Update ruby-actionpack3 to 3.0.17

   ## Rails 3.0.17 (Aug 9, 2012)

   * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, 
the
     helper doesn't correctly handle malformed html.  As a result an attacker 
can
     execute arbitrary javascript through the use of specially crafted malformed
     html.

     *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

   * When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
     value is not escaped.  If untrusted data is not escaped, and is supplied as
     the prompt value, there is a potential for XSS attacks.
     Vulnerable code will look something like this:
       select_tag("name", options, :prompt => UNTRUSTED_INPUT)

     *Santiago Pastorino*

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:47:45 UTC 2012

   Modified Files:
        pkgsrc/databases/ruby-activerecord3: distinfo

   Log Message:
   Update ruby-activerecord3 to 3.0.17.

   ## Rails 3.0.17 (Aug 9, 2012)

   * Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:48:26 UTC 2012

   Modified Files:
        pkgsrc/mail/ruby-actionmailer3: distinfo

   Log Message:
   Update ruby-actionmailer3 to 3.0.17.

   ## Rails 3.0.17 (Aug 9, 2012)

   * No changes.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:49:01 UTC 2012

   Modified Files:
        pkgsrc/devel/ruby-railties: distinfo

   Log Message:
   Update ruby-railties to 3.0.17.

   ## Rails 3.0.17 (Aug 9, 2012)

   * No changes.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Aug 12 09:50:41 UTC 2012

   Modified Files:
        pkgsrc/www/ruby-rails3: distinfo

   Log Message:
   Update ruby-rails3 to 3.0.17.

   This is a meta-like package and no changes.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Aug 15 15:58:23 UTC 2012

   Modified Files:
        pkgsrc/www/ruby-activeresource3: distinfo

   Log Message:
   Oops, missed from commit for ruby-activeresource3.


To generate a diff of this commit:
cvs rdiff -u -r1.13.2.1 -r1.13.2.2 \
    pkgsrc/databases/ruby-activerecord3/distinfo
cvs rdiff -u -r1.13.2.1 -r1.13.2.2 pkgsrc/devel/ruby-activemodel/distinfo
cvs rdiff -u -r1.14.2.1 -r1.14.2.2 pkgsrc/devel/ruby-activesupport3/distinfo
cvs rdiff -u -r1.13.2.1 -r1.13.2.2 pkgsrc/devel/ruby-railties/distinfo
cvs rdiff -u -r1.24.2.3 -r1.24.2.4 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.15.2.1 -r1.15.2.2 pkgsrc/mail/ruby-actionmailer3/distinfo
cvs rdiff -u -r1.14.2.1 -r1.14.2.2 pkgsrc/www/ruby-actionpack3/distinfo
cvs rdiff -u -r1.13.2.1 -r1.13.2.2 pkgsrc/www/ruby-activeresource3/distinfo
cvs rdiff -u -r1.14.2.1 -r1.14.2.2 pkgsrc/www/ruby-rails3/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Prev by Date: CVS commit: pkgsrc/lang/gcc47
Next by Date: CVS commit: pkgsrc/net/ocamlnet
Previous by Thread: CVS commit: pkgsrc/lang/gcc47
Next by Thread: CVS commit: pkgsrc/net/ocamlnet
Indexes:
Home | Main Index | Thread Index | Old Index