pkgsrc.se | The NetBSD package collection

Next | Query returned 21 messages, browsing 11 to 20 | Previous

CVS Commit History:

2022-03-27 08:30:00 by Thomas Klausner | Files touched by this commit (24)

Log message:
ruby*: fix rails version in COMMENT

2022-03-13 16:11:52 by Takahiro Kambe | Files touched by this commit (14) | Package updated

Log message:
www/ruby-rails61: update to 6.1.4.7

Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.

Changes are in devel/ruby-activestorage61 only.

## Rails 6.1.4.7 (March 08, 2022) ##

* Added image transformation validation via configurable allow-list.

 Variant now offers a configurable allow-list for
 transformation methods in addition to a configurable deny-list for arguments.

 [CVE-2022-21831]

2022-02-13 08:35:06 by Takahiro Kambe | Files touched by this commit (14) | Package updated

Log message:
www/ruby-rails61: update to 6.1.4.6

This update contains security fix for CVE-2022-23633 in ruby-actionpack61.

Active Support 6.1.4.6 (2022-02-11)

* Fix Reloader method signature to work with the new Executor signature.

Action Pack 6.1.4.5 (2022-02-11)

* Under certain circumstances, the middleware isn't informed that the
  response body has been fully closed which result in request state
  not being fully reset before the next request.

  [CVE-2022-23633]

Other packages have no change.

2021-12-19 06:28:25 by Takahiro Kambe | Files touched by this commit (1) | Package updated

Log message:
mail/ruby-actionmailer61: update to 6.1.4.4

No change except version.

2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356)

Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch

2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)

Log message:
mail: Remove SHA1 hashes for distfiles

2021-07-04 10:03:24 by Takahiro Kambe | Files touched by this commit (1) | Package updated

Log message:
mail/ruby-actionmailer61: update to 6.1.4

No change except version.

2021-05-08 16:08:57 by Takahiro Kambe | Files touched by this commit (14) | Package updated

Log message:
www/ruby-rails61: update to 6.1.3.2

Real changes are in www/ruby-actionpack61 only.

## Rails 6.1.3.2 (May 05, 2021) ##

*   Prevent open redirects by correctly escaping the host allow list
    CVE-2021-22903

*   Prevent catastrophic backtracking during mime parsing
    CVE-2021-22902

*   Prevent regex DoS in HTTP token authentication
    CVE-2021-22904

*   Prevent string polymorphic route arguments.

    `url_for` supports building polymorphic URLs via an array
    of arguments (usually symbols and records). If a developer passes a
    user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    *Gannon McGibbon*

2021-04-11 15:28:02 by Takahiro Kambe | Files touched by this commit (15) | Package updated

Log message:
www/ruby-rails61: update to 6.1.3.1

Real changes are in devel/devel/ruby-activestorage61 only.

## Rails 6.1.3.1 (March 26, 2021) ##

*  Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
   mime types data.

   *George Claghorn*

2021-02-28 16:42:41 by Takahiro Kambe | Files touched by this commit (13) | Package updated

Log message:
www/ruby-rails61: update to 6.1.3

Rails 6.1.3 (February 17, 2021)

[ActionPack]

* Re-define routes when not set correctly via inheritance.

    *John Hawthorn*

[ActiveRecord]

* Fix the MySQL adapter to always set the right collation and charset
  to the connection session.

    *Rafael Mendonça França*

* Fix MySQL adapter handling of time objects when prepared statements
  are enabled.

    *Rafael Mendonça França*

* Fix scoping in enum fields using conditions that would generate
  an IN clause.

    *Ryuta Kamizono*

* Skip optimised #exist? query when #include? is called on a relation
  with a having clause

  Relations that have aliased select values AND a having clause that
  references an aliased select value would generate an error when
  #include? was called, due to an optimisation that would generate
  call #exists? on the relation instead, which effectively alters
  the select values of the query (and thus removes the aliased select
  values), but leaves the having clause intact. Because the having
  clause is then referencing an aliased column that is no longer
  present in the simplified query, an ActiveRecord::InvalidStatement
  error was raised.

  An sample query affected by this problem:

    Author.select('COUNT(*) as total_posts', 'authors.*')
          .joins(:posts)
          .group(:id)
          .having('total_posts > 2')
          .include?(Author.first)

  This change adds an addition check to the condition that skips the
  simplified #exists? query, which simply checks for the presence of
  a having clause.

  Fixes #41417

    *Michael Smart*

* Increment postgres prepared statement counter before making a
  prepared statement, so if the statement is aborted without Rails
  knowledge (e.g., if app gets kill -9d during long-running query or
  due to Rack::Timeout), app won't end up in perpetual crash state for
  being inconsistent with Postgres.

    *wbharding*, *Martin Tepper*

Next | Query returned 21 messages, browsing 11 to 20 | Previous