pkgsrc.se | The NetBSD package collection

NOTICE: This package has been removed from pkgsrc

./www/ruby-actionpack3, Toolkit for building modeling frameworks (part of Rails 3.0)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ]

Branch: CURRENT, Version: 3.0.20, Package name: ruby193-actionpack-3.0.20, Maintainer: pkgsrc-users

Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.

Required to run:
[time/ruby-tzinfo] [textproc/ruby-builder] [devel/ruby-activemodel] [lang/ruby193-base] [devel/ruby-i18n_05] [www/ruby-rack-mount06] [www/ruby-rack-test05] [www/ruby-erubis26] [www/ruby-rack12]

Master sites:

SHA1: 79ec243f6ec301b0a73ad45f89d4ea2335f90346
RMD160: a15687d6fa11624d8caab4c062bcdbe9be90dbff
Filesize: 346.5 KB

Version history: (Expand)

(2013-02-18) Package deleted from pkgsrc
(2013-01-29) Updated to version: ruby193-actionpack-3.0.20
(2013-01-13) Updated to version: ruby193-actionpack-3.0.19
(2013-01-06) Updated to version: ruby193-actionpack-3.0.18
(2012-08-12) Updated to version: ruby193-actionpack-3.0.17
(2012-07-31) Updated to version: ruby193-actionpack-3.0.16

CVS history: (Expand)

2013-02-17 09:51:52 by Takahiro Kambe | Files touched by this commit (4) | Package removed

Log message:
Remove ruby-actionpack3.
It is part of Ruby on Rails 3.0 which isn't supported any more.

2013-01-29 16:41:17 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack3 to 3.0.20.

No change except version.

2013-01-09 13:28:04 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack3 to 3.0.19.

## Rails 3.0.19

* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]

2012-08-12 11:46:45 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack3 to 3.0.17

## Rails 3.0.17 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the \ 
"prompt"
  value is not escaped.  If untrusted data is not escaped, and is supplied as
  the prompt value, there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

2012-07-31 14:24:29 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack3 to 3.0.16.

## Rails 3.0.16 (Jul 26, 2012)

* Do not convert digest auth strings to symbols. CVE-2012-3424

## Rails 3.0.14 (Jun 12, 2012)

*   nil is removed from array parameter values

    CVE-2012-2694

2012-06-14 16:49:17 by Takahiro Kambe | Files touched by this commit (2)

Log message:
Update ruby-actionpack3.

pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.

## Rails 3.0.14 (Jun 12, 2012)

*   nil is removed from array parameter values

    CVE-2012-2694

2012-06-02 03:28:24 by Takahiro Kambe | Files touched by this commit (3)

Log message:
Update ruby-actionpack3 to 3.0.13.

* Rails 3.0.13 (May 31, 2012)

* Strip null bytes from Location header

* load the encoding converter to work around [ruby-core:41556] when switching
  encodings

* Avoid inspecting the whole route set, closes #1525

* whitelist protocols for auto_link

* Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  CVE-2012-2660

2012-03-28 17:20:01 by Takahiro Kambe | Files touched by this commit (1)

Log message:
More strict dependency to ruby-i18n_05.

Bump PKGREVISION.