Navigation:
Browse pkgsrc
(this page) 2024-06-05 18:40:51 by Takahiro Kambe | Files touched by this commit (14) |  |
Log message:
www/ruby-rails70: update to 7.0.8.4
Security fix for CVE-2024-34341 (textproc/ruby-actiontext70) and
CVE-2024-28103 (www/ruby-actionpack61 package).
Ruby on Rails 7.0.8.3 (2024-05-17)
Action Text
Sanitize ActionText HTML ContentAttachment in Trix edit view
[CVE-2024-34341]
Ruby on Rails 7.0.8.4 (2024-06-04)
Action Pack
* Include the HTTP Permissions-Policy on non-HTML Content-Types
[CVE-2024-28103]
|
| 2024-06-05 18:21:36 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.7.8
Security fix for CVE-2024-28103 (www/ruby-actionpack61 package).
Ruby on Rails 6.1.7.8 (2024-06-04)
Action Pack
* Include the HTTP Permissions-Policy on non-HTML Content-Types
[CVE-2024-28103]
|
| 2024-06-02 17:57:59 by Takahiro Kambe | Files touched by this commit (3) | |
Log message: lang/ruby33: update to 3.3.2 3.3.2 (2024-05-30) * Bug #20493: Segfault on rb_io_getline_fast * Bug #20450: Ruby 3.3.1 broken with bootsnap * Bug #20169: GC.compact can raises EFAULT on IO * Bug #20192: YJIT in 3.3.0 miscompiles yield with keyword splats * Bug #20307: Hash#update from compare_by_identity hash can have unfrozen string keys * Bug #20511: Update bundled reline gem version to v0.5.7 * Bug #20204: 3.3.0 YJIT rises TypeError instead of ArgumentError with some incorrect calls * Bug #20195: 3.3.0 YJIT mishandles ruby2_keywords splat into methods taking a rest parameter * Bug #20288: rb_fiber_scheduler_close exceptions are not handled in rb_fiber_scheduler_set. * Bug #20286: TracePoint does not emit thread_end event when thread exits with exception * Bug #20292: Abort ruby by String#initialize * Bug #20445: Reduce if for decreasing counter on OP_REPEAT_INC * Bug #20296: Complex(:sym, exception: false) generate exception with weird timing * Bug #20322: rb_enc_interned_str_cstr doesn't accept null pointer for encoding * Bug #20289: Bug in Zlib::GzipReader#eof? breaks reading certain sizes of gzipped files. * Bug #20393: after_fork_ruby clears all pending interrupts for both parent and child process. * Bug #20305: commit 1d2d25dcadda0764f303183ac091d0c87b432566 breaks grapheme_clusters * Bug #20342: Top level public, private and ruby2_keywords do not work in wrapped load * Bug #20413: Enumerator can block fiber scheduler. * Bug #20427: Backport: Heap buffer overflow in Array#sort! when block modifies target array * Bug #20414: Fiber#raise should recurse to resumed_fiber rather than failing. * Bug #20453: Pointer being freed was not allocated in Regexp timeout * Bug #20494: Non-default directories are not searched when checking for a gmp header * Bug #20094: Inline while loop behavior changed unexpectedly in 3.3.0 * Bug #20502: Backport pthread_kill fix to Ruby 3.3 * Bug #20431: Ruby 3.3.0 build fail with make: *** [io_buffer.o] Error 1 * Bug #20500: Non-system directories are not searched when checking for jemalloc headers and libs, and building enc |
| 2024-05-26 02:15:32 by Takahiro Kambe | Files touched by this commit (1) |
Log message: lang/ruby/gem.mk: try removing empty directories Try removing empty directories in order to remove junk from "make print-PLIST". |
| 2024-04-28 15:03:00 by Thomas Klausner | Files touched by this commit (1) |
Log message: ruby: remove two dead master sites |
| 2024-04-25 17:12:05 by Takahiro Kambe | Files touched by this commit (7) | |
Log message: lang/ruby33: update to 3.3.1 This is security release. Note CVE-2024-27280 and CVE-2024-27281 were already fixed by ruby31-base-3.3.0nb1. 3.3.1 (2024-04-23) * CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search * CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc |
| 2024-04-25 17:06:11 by Takahiro Kambe | Files touched by this commit (5) | |
Log message: lang/ruby32-base: update to 3.2.4 This is security release. Note CVE-2024-27280 and CVE-2024-27281 were already fixed by ruby31-base-3.2.3nb3. 3.2.4 (2024-04-23) * CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search * CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc * CVE-2024-27280: Buffer overread vulnerability in StringIO |
| 2024-04-25 16:51:54 by Takahiro Kambe | Files touched by this commit (10) | |
Log message: lang/ruby31-base: update to 3.1.5 This is security release. Note CVE-2024-27280 and CVE-2024-27281 were already fixed by ruby31-base-3.1.4nb3. 3.1.5 (2024-04-23) Security release. * CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search * CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc * CVE-2024-27280: Buffer overread vulnerability in StringIO |
| 2024-03-23 16:15:52 by Takahiro Kambe | Files touched by this commit (5) |
Log message: lang/ruby33: fix CVE-2024-27281 Update rdoc to 6.6.3.1 to fix for CVE-2024-27281. Bump PKGREVISION. |
| 2024-03-23 15:47:13 by Takahiro Kambe | Files touched by this commit (5) |
Log message: lang/ruby32-base: fix CVE-2024-27281 Update rdoc to 6.5.1.1 to fix for CVE-2024-27281. Bump PKGREVISION. |
New packages: