Navigation:
Browse pkgsrc
(this page) 2012-03-18 09:08:17 by Takahiro Kambe | Files touched by this commit (5) |  |
Log message: Remove ruby-actionpack, say good-by to Ruby on Rails 2. |
| 2011-12-13 16:57:27 by Takahiro Kambe | Files touched by this commit (1) |
Log message: * Switch to use RUBY_RAILS_SUPPORTED. * Don't hard code RUBY_RAILS2_VERSION in DISTNAME. |
| 2011-08-17 16:13:32 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack package to 2.3.14: 2.3.14: Security Fix: 1. The code in Ruby on Rails 2.3 which sets the response content type performs insufficient sanitization of the values provided. This means that applications which let the user provide an arbitrary Content-Type header for the response are vulnerable to response splitting attacks. 2. The strip_tags helper in Ruby on Rails is designed to remove all HTML tags from a string. By using specially crafted values an attacker can confuse the parser and cause HTML tags to be injected into the response. This can be exploited to inject arbitrary javascript into the rendered page. Future releases of Ruby on Rails are likely to replace the current HTML tokenizer with one provided by libxml to reduce the likelihood of errors such as these in the future. In the meantime users can install the loofah gem[1] which should enhance both the performance and reliability of the HTML sanitization helpers. |
| 2011-06-11 05:13:46 by Takahiro Kambe | Files touched by this commit (8) |
Log message: Update Ruby on Rails supporting packages to 2.3.12. Exact changes are unknown but some bug fixes. |
| 2011-03-23 15:27:15 by Takahiro Kambe | Files touched by this commit (5) |
Log message: Switch to utilize lang/ruby/rail.mk. |
| 2011-02-09 13:40:52 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update ruby-actionpack package to 2.3.11. * More strict dependency reflect gemspec's description. *2.3.11 (February 9, 2011)* * Two security fixes. CVE-2011-0446, CVE-2011-0447 |
| 2010-10-15 13:37:05 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update www/ruby-actionpack package to 2.3.10. No change except version, it is part of Rails 2.3.10. Change depending pattern to prevent ruby-activesupport 3.0.0 and later. |
| 2010-10-14 13:41:26 by OBATA Akio | Files touched by this commit (1) |
Log message: ruby-actionpack-2.3.9 require rack-1.1.0, not compatible with rack-1.2.1 from www/ruby-rack, change dependency pattern. Bump PKGREVISION. |
2010-09-10 14:44:06 by Takahiro Kambe | Files touched by this commit (3) |  |
Log message:
Update www/ruby-actionpack to 2.3.9.
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Add LICENSE.
* Update dependency according to gemspec.
*2.3.9 (September 4, 2010)*
* Version bump.
*2.3.8 (May 24, 2010)*
* HTML safety: fix compatibility *without* the optional rails_xss plugin.
*2.3.7 (May 24, 2010)*
* HTML safety: fix compatibility with the optional rails_xss plugin. [Nathan \
Weizenbaum, Santiago Pastorino]
*2.3.6 (May 23, 2010)*
* JSON: set Base.include_root_in_json = true to include a root value in the \
JSON: {"post": {"title": ...}}. Mirrors the Active Record \
option. #2584 [Matthew Moore, Joe Martinez, Elad Meidar, Santiago Pastorino]
* Ruby 1.9: ERB template encoding using a magic comment at the top of the file. \
[Jeremy Kemper]
<%# encoding: utf-8 %>
* Fixed that default locale templates should be used if the current locale \
template is missing [DHH]
* Fixed that PrototypeHelper#update_page should return html_safe [DHH]
* Fixed that much of DateHelper wouldn't return html_safe? strings [DHH]
* Fixed that fragment caching should return a cache hit as html_safe (or it \
would all just get escaped) [DHH]
* Introduce String#html_safe for rails_xss plugin and forward-compatibility with \
Rails 3. [Michael Koziarski, Santiago Pastorino, Jos«± Ignacio Costa]
* Added :alert, :notice, and :flash as options to \
ActionController::Base#redirect_to that'll automatically set the proper flash \
before the redirection [DHH]. Examples:
flash[:notice] = 'Post was created'
redirect_to(@post)
...becomes:
redirect_to(@post, :notice => 'Post was created')
* Added ActionController::Base#notice/= and ActionController::Base#alert/= as a \
convenience accessors in both the controller and the view for flash[:notice]/= \
and flash[:alert]/= [DHH]
* Added cookies.permanent, cookies.signed, and cookies.permanent.signed accessor \
for common cookie actions [DHH]. Examples:
cookies.permanent[:prefers_open_id] = true
# => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 \
03:24:16 GMT
cookies.signed[:discount] = 45
# => Set-Cookie: \
discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
cookies.signed[:discount]
# => 45 (if the cookie was changed, you'll get a InvalidSignature exception)
cookies.permanent.signed[:remember_me] = current_user.id
# => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; \
path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
...to use the signed cookies, you need to set a secret to \
ActionController::Base.cookie_verifier_secret (automatically done in \
config/initializers/cookie_verification_secret.rb for new Rails applications).
|
| 2009-12-02 00:24:24 by Min Sik Kim | Files touched by this commit (14) |
Log message: Update rails packages to 2.3.5. This fixes a cross-site scripting vulnerability in ruby-actionpack. Major changes: - Improved compatibility with Ruby 1.9 - RailsXss plugin availability - Fixes for the Nokogiri backend for XmlMini |
New packages: