Log message:
lang/ruby27: update to 2.7.8

Ruby 2.7.8 Released			Posted by usa on 30 Mar 2023

Ruby 2.7.8 has been released.

This release includes security fixes. Please check the topics below for
details.

* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time

This release also includes some build problem fixes. See the GitHub releases
for further details.

After this release, Ruby 2.7 reaches EOL.  In other words, this is expected
to be the last release of Ruby 2.7 series.  We will not release Ruby 2.7.9
even if a security vulnerability is found (but could release if a severe
regression is found).  We recommend all Ruby 2.7 users to start migration to
Ruby 3.2, 3.1, or 3.0 immediately.

Log message:
www/ruby-rails70: update to 7.0.4.3

7.0.4.3 (2023-03-13)

Active Support

* Implement SafeBuffer#bytesplice

  [CVE-2023-28120]

Action View

* Ignore certain data-* attributes in rails-ujs when element is
  contenteditable

  [CVE-2023-23913]

Log message:
www/ruby-rails61: update to 6.1.7.3

6.1.7.3 (2023-03-13)

Active Support

* Implement SafeBuffer#bytesplice

  [CVE-2023-28120]

Action View

* Ignore certain data-* attributes in rails-ujs when element is
  contenteditable

  [CVE-2023-23913]

Log message:
www/ruby-rails70: update to 7.0.4.2

Rails 7.0.4.2 (2023-01-24)

*   Fix `domain: :all` for two letter TLD

    This fixes a compatibility issue introduced in our previous security
    release when using `domain: :all` with a two letter but single level top
    level domain domain (like `.ca`, rather than `.co.uk`).

Log message:
www/ruby-rails61: update to 6.1.7.2

Rails 6.1.7.2 (2023-01-24)

www/ruby-actionpack61

*   Fix `domain: :all` for two letter TLD

    This fixes a compatibility issue introduced in our previous security
    release when using `domain: :all` with a two letter but single level top
    level domain domain (like `.ca`, rather than `.co.uk`).

Log message:
lang/ruby/Makefile.common: add "used by" lines

Log message:
lang/ruby/rubyversion.mk: add Ruby 3.2 support

* Add support Ruby 3.2.0.
* Clear included gems into default gem and bundled gem up.

Log message:
www/ruby-rails70: update to 7.0.4.1

Rails 7.0.4.1 (2023-01-17)

devel/ruby-activesupport70

* Avoid regex backtracking in Inflector.underscore

  [CVE-2023-22796]

www/ruby-actionpack70

* Fix sec issue with _url_host_allowed?

  Disallow certain strings from `_url_host_allowed?` to avoid a redirect
  to malicious sites.

  [CVE-2023-22797]

* Avoid regex backtracking on If-None-Match header

  [CVE-2023-22795]

* Use string#split instead of regex for domain parts

  [CVE-2023-22792]

databases/ruby-activerecord70

* Make sanitize_as_sql_comment more strict

  Though this method was likely never meant to take user input, it was
  attempting sanitization. That sanitization could be bypassed with
  carefully crafted input.

  This commit makes the sanitization more robust by replacing any
  occurrances of "/*" or "*/" with "/ *" or \ 
"* /". It also performs a
  first pass to remove one surrounding comment to avoid compatibility
  issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not
  be provided user input.

  [CVE-2023-22794]

* Added integer width check to PostgreSQL::Quoting

  Given a value outside the range for a 64bit signed integer type
  PostgreSQL will treat the column type as numeric. Comparing
  integer values against numeric values can result in a slow
  sequential scan.

  This behavior is configurable via
  ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

  [CVE-2022-44566]

Log message:
www/ruby-rails61: update to 6.1.7.1

Rails 6.1.7.1 (2023-01-17)

devel/ruby-activesupport61

* Avoid regex backtracking in Inflector.underscore

    [CVE-2023-22796]

www/ruby-actionpack61

* Avoid regex backtracking on If-None-Match header

  [CVE-2023-22795]

* Use string#split instead of regex for domain parts

  [CVE-2023-22792]

databases/ruby-activerecord61

* Make sanitize_as_sql_comment more strict

  Though this method was likely never meant to take user input, it was
  attempting sanitization. That sanitization could be bypassed with
  carefully crafted input.

  This commit makes the sanitization more robust by replacing any
  occurrances of "/*" or "*/" with "/ *" or \ 
"* /". It also performs a
  first pass to remove one surrounding comment to avoid compatibility
  issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not
  be provided user input.

  [CVE-2023-22794]

* Added integer width check to PostgreSQL::Quoting

  Given a value outside the range for a 64bit signed integer type
  PostgreSQL will treat the column type as numeric. Comparing
  integer values against numeric values can result in a slow
  sequential scan.

  This behavior is configurable via
  ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

  [CVE-2022-44566]

Log message:
www/ruby-rails60: update to 6.0.6.1

Only databases/ruby-activerecord61 has updated.

Rails 6.0.6.1 (2023-01-17)

* Make `sanitize_as_sql_comment` more strict

  Though this method was likely never meant to take user input, it was
  attempting sanitization. That sanitization could be bypassed with
  carefully crafted input.

  This commit makes the sanitization more robust by replacing any
  occurrances of "/*" or "*/" with "/ *" or \ 
"* /". It also performs a
  first pass to remove one surrounding comment to avoid compatibility
  issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not
  be provided user input.

  [CVE-2023-22794]