- Update rails and friends to 3.2.8

- Document security issue in 3.2.7 [1] Submitted by: bdrewery [1] Reviewed by: swills [1] Security: 31db9a18-e289-11e1-a57d-080027a27dbf
svn path=/head/; revision=302373
2012-08-10 02:50:53 +00:00 · 2012-08-10 02:50:53 +00:00 · b73b27a91a · 2021-03-31 03:12:20 +00:00
commit b73b27a91a
parent b4a6cb421f
17 changed files with 69 additions and 24 deletions
--- a/databases/rubygem-activemodel/Makefile
+++ b/databases/rubygem-activemodel/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	activemodel
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG

--- a/databases/rubygem-activemodel/distinfo
+++ b/databases/rubygem-activemodel/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/activemodel-3.2.7.gem) = 3f26d0a483707fd1afa51d3d223edb4dc3a58f64b17967c5fdd3438a9878eabb
-SIZE (rubygem/activemodel-3.2.7.gem) = 45056
+SHA256 (rubygem/activemodel-3.2.8.gem) = 1b923af58a49050026148d3707d2f291f251e3788594e0f666e60d9052a4a527
+SIZE (rubygem/activemodel-3.2.8.gem) = 45056
--- a/databases/rubygem-activerecord/Makefile
+++ b/databases/rubygem-activerecord/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	activerecord
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG

--- a/databases/rubygem-activerecord/distinfo
+++ b/databases/rubygem-activerecord/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/activerecord-3.2.7.gem) = ac88108e26250dfb47174c1236d2b53d180c95a67893d07d8bd0a1b43860447a
-SIZE (rubygem/activerecord-3.2.7.gem) = 389632
+SHA256 (rubygem/activerecord-3.2.8.gem) = 5cf7c68f8921708c84df3035c4274b6cc2a25510b52ef5a4037581fdeff30deb
+SIZE (rubygem/activerecord-3.2.8.gem) = 390144
--- a/devel/rubygem-activesupport/Makefile
+++ b/devel/rubygem-activesupport/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	activesupport
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	devel rubygems
 MASTER_SITES=	RG

--- a/devel/rubygem-activesupport/distinfo
+++ b/devel/rubygem-activesupport/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/activesupport-3.2.7.gem) = 57ead42bd8d4405d2f180436a47059f13f586f7034a25d03614735d151f7ad67
-SIZE (rubygem/activesupport-3.2.7.gem) = 314880
+SHA256 (rubygem/activesupport-3.2.8.gem) = 708b2067c4a50a1118fcae61e008741fcd37d0d9faadab433f8760ee67524aef
+SIZE (rubygem/activesupport-3.2.8.gem) = 314880
--- a/mail/rubygem-actionmailer/Makefile
+++ b/mail/rubygem-actionmailer/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	actionmailer
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	mail rubygems
 MASTER_SITES=	RG

--- a/mail/rubygem-actionmailer/distinfo
+++ b/mail/rubygem-actionmailer/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/actionmailer-3.2.7.gem) = 215ac28cd776d5829fefd0a6309957aac90a7b2d2b2ea0ba13ab28eb599f5380
-SIZE (rubygem/actionmailer-3.2.7.gem) = 27136
+SHA256 (rubygem/actionmailer-3.2.8.gem) = e11fc08905b7f65137db2b1d97fe75d1920e516e442b1b32ffa863293b85bf51
+SIZE (rubygem/actionmailer-3.2.8.gem) = 27136
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -52,6 +52,51 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
+    <topic>rubygem-rails -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>rubygem-rails</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+      <package>
+	<name>rubygem-actionpack</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+      <package>
+	<name>rubygem-activesupport</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Rails core team reports:</p>
+	<blockquote cite="http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/">
+	  <p>This version contains three important security fixes, please upgrade immediately.</p>
+	  <p>One of security fixes impacts all users and is related to HTML escaping code. The
+	     other two fixes impacts people using select_tag's prompt option and strip_tags
+	     helper from ActionPack.</p>
+	  <p>CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.</p>
+	  <p>CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.</p>
+	  <p>CVE-2012-3465 XSS Vulnerability in strip_tags.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-3463</cvename>
+      <cvename>CVE-2012-3464</cvename>
+      <cvename>CVE-2012-3465</cvename>
+      <url>https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ</url>
+      <url>https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J</url>
+      <url>https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J</url>
+      <url>http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/</url>
+    </references>
+    <dates>
+      <discovery>2012-08-08</discovery>
+      <entry>2012-08-10</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="8675efd5-e22c-11e1-a808-002354ed89bc">
    <topic>sudosh -- buffer overflow</topic>
    <affects>
--- a/www/rubygem-actionpack/Makefile
+++ b/www/rubygem-actionpack/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	actionpack
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG

--- a/www/rubygem-actionpack/distinfo
+++ b/www/rubygem-actionpack/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/actionpack-3.2.7.gem) = 1b56a3c9daddf4c0dfda66ac7482c6e2f80c95a0c1d36045f60a6b19f08f148f
-SIZE (rubygem/actionpack-3.2.7.gem) = 379392
+SHA256 (rubygem/actionpack-3.2.8.gem) = e21eef12e2aaf5df30bab49ab1efbddb992781411a0e6f0ac67fc697901e08fd
+SIZE (rubygem/actionpack-3.2.8.gem) = 379392
--- a/www/rubygem-activeresource/Makefile
+++ b/www/rubygem-activeresource/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	activeresource
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG

--- a/www/rubygem-activeresource/distinfo
+++ b/www/rubygem-activeresource/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/activeresource-3.2.7.gem) = 1c3e60e79abf585677c96e552b49741484dfc3f6e39ef1e0a9ef5bcdf7456cac
-SIZE (rubygem/activeresource-3.2.7.gem) = 36864
+SHA256 (rubygem/activeresource-3.2.8.gem) = c2a056f792864190c03d5fa5e0dec2d7926d4f0c5c6331084031de592ccf435a
+SIZE (rubygem/activeresource-3.2.8.gem) = 36864
--- a/www/rubygem-rails/Makefile
+++ b/www/rubygem-rails/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	rails
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG

--- a/www/rubygem-rails/distinfo
+++ b/www/rubygem-rails/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/rails-3.2.7.gem) = 8aad4faaabd497b3c4f07a02b9720e3111c7fa0967cf7d4d7a9c18b88d13997f
-SIZE (rubygem/rails-3.2.7.gem) = 3584
+SHA256 (rubygem/rails-3.2.8.gem) = f671d492f91e52e203c99cd989682df89993abaca8b4861732afe1413ead7fcc
+SIZE (rubygem/rails-3.2.8.gem) = 3584
--- a/www/rubygem-railties/Makefile
+++ b/www/rubygem-railties/Makefile
@ -5,7 +5,7 @@
 # $FreeBSD$

 PORTNAME=	railties
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG

--- a/www/rubygem-railties/distinfo
+++ b/www/rubygem-railties/distinfo
@ -1,2 +1,2 @@
-SHA256 (rubygem/railties-3.2.7.gem) = 260544fa15fc05f48feab4b753be30216c954e6b81a00719d7aaae8d0887acc0
-SIZE (rubygem/railties-3.2.7.gem) = 1629696
+SHA256 (rubygem/railties-3.2.8.gem) = a4d3d7cea3490bf352f51cc6897e4ea62c9ee12a75671cfff55cc6f3450a5bff
+SIZE (rubygem/railties-3.2.8.gem) = 1630208