pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc
From: Takahiro Kambe
Date: 2023-01-19 15:27:26
Message id: 20230119142726.6EDDAFA90@cvs.NetBSD.org

Log Message:
www/ruby-rails60: update to 6.0.6.1

Only databases/ruby-activerecord61 has updated.

Rails 6.0.6.1 (2023-01-17)

* Make `sanitize_as_sql_comment` more strict

  Though this method was likely never meant to take user input, it was
  attempting sanitization. That sanitization could be bypassed with
  carefully crafted input.

  This commit makes the sanitization more robust by replacing any
  occurrances of "/*" or "*/" with "/ *" or \ 
"* /". It also performs a
  first pass to remove one surrounding comment to avoid compatibility
  issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not
  be provided user input.

  [CVE-2023-22794]

Files:

Revision	Action	file
1.21	modify	pkgsrc/databases/ruby-activerecord60/distinfo
1.21	modify	pkgsrc/devel/ruby-activejob60/distinfo
1.21	modify	pkgsrc/devel/ruby-activemodel60/distinfo
1.21	modify	pkgsrc/devel/ruby-activestorage60/distinfo
1.21	modify	pkgsrc/devel/ruby-activesupport60/distinfo
1.21	modify	pkgsrc/devel/ruby-railties60/distinfo
1.138	modify	pkgsrc/lang/ruby/rails.mk
1.21	modify	pkgsrc/mail/ruby-actionmailbox60/distinfo
1.21	modify	pkgsrc/mail/ruby-actionmailer60/distinfo
1.21	modify	pkgsrc/textproc/ruby-actiontext60/distinfo
1.21	modify	pkgsrc/www/ruby-actioncable60/distinfo
1.5	modify	pkgsrc/www/ruby-actionpack60/Makefile
1.21	modify	pkgsrc/www/ruby-actionpack60/distinfo
1.21	modify	pkgsrc/www/ruby-actionview60/distinfo
1.21	modify	pkgsrc/www/ruby-rails60/distinfo