Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc
From: Steven Drake
Date: 2012-08-20 10:22:29
Message id: 20120820082229.BD508175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3904 - requested by taca
Ruby on Rails 3.2.8 security update

Revisions pulled up:
- databases/ruby-activerecord32/distinfo                        1.6
- devel/ruby-activemodel32/distinfo                             1.6
- devel/ruby-activesupport32/distinfo                           1.6
- devel/ruby-railties32/distinfo                                1.6
- lang/ruby/rails.mk                                            1.30
- mail/ruby-actionmailer32/distinfo                             1.6
- www/ruby-actionpack32/distinfo                                1.6
- www/ruby-activeresource32/distinfo                            1.6
- www/ruby-rails32/distinfo                                     1.6

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:37:06 UTC 2012

   Modified Files:
   	pkgsrc/lang/ruby: rails.mk

   Log Message:
   Start update of Ruby on Rails 3.2.8.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:38:09 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activesupport32: distinfo

   Log Message:
   Update ruby-activesupport32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   * Fix ActiveSupport integration with Mocha > 0.12.1. *Mike Gunderloy*

   * Reverted the deprecation of ActiveSupport::JSON::Variable.
     *Rafael Mendonça França*

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:38:41 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-activemodel32: distinfo

   Log Message:
   Update ruby-activemodel32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:40:00 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-actionpack32: distinfo

   Log Message:
   Update ruby-actionpack32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
     helper doesn't correctly handle malformed html.  As a result an attacker can
     execute arbitrary javascript through the use of specially crafted malformed
     html.

     *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

   * When a "prompt" value is supplied to the `select_tag` helper, the \ 
"prompt"
     value is not escaped.
     If untrusted data is not escaped, and is supplied as the prompt value, there
     is a potential for XSS attacks.
     Vulnerable code will look something like this:

       select_tag("name", options, :prompt => UNTRUSTED_INPUT)

     *Santiago Pastorino*

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:41:02 UTC 2012

   Modified Files:
   	pkgsrc/databases/ruby-activerecord32: distinfo

   Log Message:
   Update ruby-activerecord32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   * Do not consider the numeric attribute as changed if the old value is zero
     and the new value is not a string.
     Fixes #7237.

     *Rafael Mendonça França*

   * Removes the deprecation of `update_attribute`. *fxn*

   * Reverted the deprecation of `composed_of`. *Rafael Mendonça França*

   * Reverted the deprecation of `*_sql` association options. They will be
     deprecated in 4.0 instead. *Jon Leighton*

   * Do not eager load AR session store. ActiveRecord::SessionStore depends on
     the abstract store in Action Pack. Eager loading this class would break
     client code that eager loads Active Record standalone.
     Fixes #7160

     *Xavier Noria*

   * Do not set RAILS_ENV to "development" when using `db:test:prepare` and
     related rake tasks.
     This was causing the truncation of the development database data when using
     RSpec.

     Fixes #7175.

     *Rafael Mendonça França*

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:41:37 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-activeresource32: distinfo

   Log Message:
   Update ruby-activeresource32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:42:14 UTC 2012

   Modified Files:
   	pkgsrc/mail/ruby-actionmailer32: distinfo

   Log Message:
   Update ruby-actionmailer32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   *   No changes.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:43:08 UTC 2012

   Modified Files:
   	pkgsrc/devel/ruby-railties32: distinfo

   Log Message:
   Update ruby-railties32 to 3.2.8.

   ## Rails 3.2.8 (Aug 9, 2012) ##

   * ERB scaffold generator use the `:data => { :confirm => \ 
"Text" }` syntax
     instead of `:confirm`.

     *Rafael Mendonça França*

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Aug 12 12:44:30 UTC 2012

   Modified Files:
   	pkgsrc/www/ruby-rails32: distinfo

   Log Message:
   Update ruby-rails32 to 3.2.8.

   This is a meta-like package and no changes.

Files:
RevisionActionfile
1.4.2.2modifypkgsrc/databases/ruby-activerecord32/distinfo
1.4.2.2modifypkgsrc/devel/ruby-activemodel32/distinfo
1.4.2.2modifypkgsrc/devel/ruby-activesupport32/distinfo
1.4.2.2modifypkgsrc/devel/ruby-railties32/distinfo
1.24.2.6modifypkgsrc/lang/ruby/rails.mk
1.4.2.2modifypkgsrc/mail/ruby-actionmailer32/distinfo
1.4.2.2modifypkgsrc/www/ruby-actionpack32/distinfo
1.4.2.2modifypkgsrc/www/ruby-activeresource32/distinfo
1.4.2.2modifypkgsrc/www/ruby-rails32/distinfo