Navigation:
Browse pkgsrc
(this page) 2023-06-29 17:37:17 by Takahiro Kambe | Files touched by this commit (6) |  |
Log message: lang/ruby30-base: update bundled gem uri to 0.10.3 Fix CVE-2023-36617: ReDoS vulnerability in URI. Bump PKGREVISION. |
| 2023-06-27 15:39:05 by Takahiro Kambe | Files touched by this commit (14) |
Log message:
www/ruby-rails70
Rails 7.0.5.1 (2023-06-26)
Action Pack
* Raise an exception if illegal characters are provide to redirect_to
[CVE-2023-28362]
*Zack Deveau*
|
| 2023-06-27 15:35:19 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/rails61: update to 6.1.7.4
Rails 6.1.7.4 (2023-06-26)
Action Pack
* Raise an exception if illegal characters are provide to redirect_to
[CVE-2023-28362]
*Zack Deveau*
|
| 2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319) |
Log message: Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html |
| 2023-05-30 19:01:54 by Takahiro Kambe | Files touched by this commit (1) |
Log message: lang/ruby: drop ruby27 support Proper support for ruby32, too. |
| 2023-05-30 17:53:28 by Takahiro Kambe | Files touched by this commit (1) |
Log message: lang/ruby: drop support for Ruby 2.7 |
| 2023-05-28 03:54:18 by Takahiro Kambe | Files touched by this commit (15) | |
Log message: www/ruby-rails70: update to 7.0.5 7.0.5 (2023-05-24) Changes are too many to write here, please refer <https://github.com/rails/rails/releases/tag/v7.0.5> in detail. |
| 2023-04-01 11:26:58 by Takahiro Kambe | Files touched by this commit (3) | |
Log message: lang/ruby32: update to 3.2.2 Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023 Ruby 3.2.2 has been released. This release includes security fixes. Please check the topics below for details. * CVE-2023-28755: ReDoS vulnerability in URI * CVE-2023-28756: ReDoS vulnerability in Time What's Changed * Backport [Bug #19158] for Ruby 3.2 by hsbt · Pull Request #7356 * Bug #19415: Incorrect circularity warning for concurrent requires * Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages * Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark * Bug #19444: YJIT String#+@ miscompilations * Bug #19445: Segmentation fault with Numeric#step * Bug #19439: Marshal.load doesn't load Regexp instance variables * Bug #19459: Is length of IO::Buffer#read required or optional? * Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send * Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses * Bug #19469: Crash when resizing generic iv list * Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7 * Bug #19467: Some linear_time regexp does not match in linear time * Bug #19476: Regexp unexpected partial match * Bug #19536: Frozen status loss when moving objects * Bug #19485: Unexpected behavior in squiggly heredocs * Bug #19471: Regexp::compile does not handle :timeout argument * Use URI-0.12.1 for Ruby 3.2 by hsbt · Pull Request #7603 * Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt · Pull Request #7479 * Merge Time-0.2.2 by hsbt · Pull Request #7623 Note: This list is automatically generated by tool/gen-github-release.rb. Because of this, some commits may be missing. |
| 2023-04-01 11:17:15 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: lang/ruby31: update to 3.1.4 Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023 Ruby 3.1.4 has been released. This release includes security fixes. Please check the topics below for details. * CVE-2023-28755: ReDoS vulnerability in URI * CVE-2023-28756: ReDoS vulnerability in Time What's Changed * Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is applied * Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot * Bug #18629: block args array splatting assigns to higher scope _ var * Bug #18765: Wrong description introduced by https://github.com/ruby/ruby/pull/4938/files * Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present at buildtime * Bug #19292: Time object's wday, yday, and isdst returns broken value (and so does to_a) when kwarg in: 'UTC' was given * Bug #19305: TracePoint#parameters segfaults when certain method creation pattern is used * Bug #19319: Crash in rb_str_casemap * Bug #19316: YJIT crash in 3.2.0 * Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS environment variable * Bug #19320: Crash during compaction while traversing the stack * Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO. * Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS environment variable * Bug #19398: Memory leak in WeakMap * Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+ * Bug #19415: Incorrect circularity warning for concurrent requires * Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark * Bug #19445: Segmentation fault with Numeric#step * Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7 * Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1 * Bug #18748: Range#cover? returns true for beginless range of different type * Bug #18827: __ENCODING__ is not set to the source encoding when saving script lines * Bug #19242: Circular cause by Marshal * Bug #19243: Windows: Dir.home returns string in wrong encoding * Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext builds * Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter crash when combined with Ractors * Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction * Bug #19485: Unexpected behavior in squiggly heredocs Note: This list is automatically generated by tool/gen-github-release.rb. Because of this, some commits may be missing. |
| 2023-04-01 11:08:51 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: lang/ruby30: update to 3.0.6 Ruby 3.0.6 Released Posted by usa on 30 Mar 2023 Ruby 3.0.6 has been released. This release includes security fixes. Please check the topics below for details. * CVE-2023-28755: ReDoS vulnerability in URI * CVE-2023-28756: ReDoS vulnerability in Time This release also includes some bug fixes. See the GitHub releases for further details. After this release, we end the normal maintenance phase of Ruby 3.0, and Ruby 3.0 enters the security maintenance phase. This means that we will no longer backport any bug fixes to Ruby 3.0 except security fixes. The term of the security maintenance phase is scheduled for a year. Ruby 3.0 reaches EOL and its official support ends by the end of the security maintenance phase. Therefore, we recommend that you start to plan upgrade to Ruby 3.1 or 3.2. |
New packages: