./www/ruby-actionpack52, Toolkit for building modeling frameworks (part of Rails 5.2)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.2.6, Package name: ruby27-actionpack52-5.2.6, Maintainer: pkgsrc-users

Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.

This is for Ruby on Rails 5.2.


Required to run:
[www/ruby-rack] [www/ruby-rack-test] [lang/ruby26-base] [www/ruby-actionview52]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 209.5 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030)
Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
   2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033)
Log message:
www: Remove SHA1 hashes for distfiles
   2021-07-04 08:24:47 by Takahiro Kambe | Files touched by this commit (12) | Package updated
Log message:
www/ruby-rails52: update to 5.2.6

Ruby on Rails 5.2.6 (2021-05-05)

There are changes in www/ruby-actionpack52 only, including security fix.

Action Pack

* Accept base64_urlsafe CSRF tokens to make forward compatible.

  Base64 strict-encoded CSRF tokens are not inherently websafe, which
  makes them difficult to deal with.  For example, the common practice
  of sending the CSRF token to a browser in a client-readable cookie
  does not work properly out of the box: the value has to be
  url-encoded and decoded to survive transport.

  In this version, we generate Base64 urlsafe-encoded CSRF tokens,
  which are inherently safe to transport.  Validation accepts both
  urlsafe tokens, and strict-encoded tokens for backwards
  compatibility.

  How the tokes are encoded is controllr by the
  action_controller.urlsafe_csrf_tokens config.

  In Rails 5.2.5, the CSRF token format was accidentally changed to
  urlsafe-encoded.

  Atention: If you already upgraded your application to 5.2.5, set the
  config urlsafe_csrf_tokens to true, otherwise your form submission
  will start to fail during the deploy of this new version.

	Rails.application.config.action_controller.urlsafe_csrf_tokens = true

  If you are upgrading from 5.2.4.x, you don't need to change this
  configuration.

  Scott Blum, Étienne Barrié
   2021-04-11 15:20:09 by Takahiro Kambe | Files touched by this commit (13) | Package updated
Log message:
www/ruby-rails52: update to 5.2.5

Real changes are in devel/ruby-activestorage52 only.

## Rails 5.2.5 (March 26, 2021) ##

*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
    mime types data.

    *George Claghorn*

*   The Poppler PDF previewer renders a preview image using the original
    document's crop box rather than its media box, hiding print margins. This
    matches the behavior of the MuPDF previewer.

    *Vincent Robert*
   2021-02-11 15:23:42 by Takahiro Kambe | Files touched by this commit (12) | Package updated
Log message:
www/rails52: update to 5.2.4.5

## Rails 5.2.4.5 (February 10, 2021) ##

*   Fix possible DoS vector in PostgreSQL money type

    Carefully crafted input can cause a DoS via the regular expressions used
    for validating the money format in the PostgreSQL adapter.  This patch
    fixes the regexp.

    Thanks to @dee-see from Hackerone for this patch!

    [CVE-2021-22880]

    *Aaron Patterson*
   2020-09-10 16:13:12 by Takahiro Kambe | Files touched by this commit (12) | Package updated
Log message:
www/ruby-rails52: update to  5.2.4.4

Update Ruby on Rails 52 to 5.2.4.4.

Security fix in ruby-actionview52.

## Rails 5.2.4.4 (September 09, 2020) ##

*   [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper

    *Jonathan Hefner*
   2020-05-19 17:36:58 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
www/ruby-actionpack52: update to 5.2.4.3

Update ruby-actionpack52 to 5.2.4.3.

## Rails 5.2.4.3 (May 18, 2020) ##

*   [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used \ 
to reconstruct a per-form token

*   [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value \ 
instead of the raw @parameters hash
   2020-03-20 16:40:25 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
www/ruby-actionpack52: update to 5.2.4.2

Update ruby-actionpack52 to 5.2.4.2.

## Rails 5.2.4.1 (December 18, 2019) ##

*   Fix possible information leak / session hijacking vulnerability.

    The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it \ 
requires the
    gem dalli to be updated as well.

    CVE-2019-16782.

## Rails 5.2.4 (November 27, 2019) ##

*   No changes.