Path to this page:
Subject: CVS commit: [pkgsrc-2022Q2] pkgsrc
From: S.P.Zeidler
Date: 2022-07-23 19:05:53
Message id: 20220723170553.AC832FB1A@cvs.NetBSD.org
Log Message:
Pullup ticket #6653 - requested by taca
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.15
- devel/ruby-activejob52/distinfo 1.15
- devel/ruby-activemodel52/distinfo 1.15
- devel/ruby-activestorage52/distinfo 1.15
- devel/ruby-activesupport52/distinfo 1.15
- devel/ruby-railties52/Makefile 1.4
- devel/ruby-railties52/distinfo 1.15
- lang/ruby/rails.mk 1.129
- mail/ruby-actionmailer52/distinfo 1.15
- www/ruby-actioncable52/distinfo 1.15
- www/ruby-actionpack52/distinfo 1.15
- www/ruby-actionview52/distinfo 1.15
- www/ruby-rails52/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:41:09 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-activestorage52: distinfo
pkgsrc/devel/ruby-activesupport52: distinfo
pkgsrc/devel/ruby-railties52: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-actionpack52: distinfo
pkgsrc/www/ruby-actionview52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.8.1
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application \
uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activestorage52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activesupport52/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties52/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.128 -r1.129 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionpack52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionview52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-rails52/distinfo
Files: