Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Aug 2012 02:50:54 +0000 (UTC)
From:      Steve Wills <swills@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r302373 - in head: databases/rubygem-activemodel databases/rubygem-activerecord devel/rubygem-activesupport mail/rubygem-actionmailer security/vuxml www/rubygem-actionpack www/rubygem-a...
Message-ID:  <201208100250.q7A2osY2083143@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: swills
Date: Fri Aug 10 02:50:53 2012
New Revision: 302373
URL: http://svn.freebsd.org/changeset/ports/302373

Log:
  - Update rails and friends to 3.2.8
  - Document security issue in 3.2.7 [1]
  
  Submitted by:	bdrewery [1]
  Reviewed by:	swills [1]
  Security:	31db9a18-e289-11e1-a57d-080027a27dbf

Modified:
  head/databases/rubygem-activemodel/Makefile
  head/databases/rubygem-activemodel/distinfo
  head/databases/rubygem-activerecord/Makefile
  head/databases/rubygem-activerecord/distinfo
  head/devel/rubygem-activesupport/Makefile
  head/devel/rubygem-activesupport/distinfo
  head/mail/rubygem-actionmailer/Makefile
  head/mail/rubygem-actionmailer/distinfo
  head/security/vuxml/vuln.xml
  head/www/rubygem-actionpack/Makefile
  head/www/rubygem-actionpack/distinfo
  head/www/rubygem-activeresource/Makefile
  head/www/rubygem-activeresource/distinfo
  head/www/rubygem-rails/Makefile
  head/www/rubygem-rails/distinfo
  head/www/rubygem-railties/Makefile
  head/www/rubygem-railties/distinfo

Modified: head/databases/rubygem-activemodel/Makefile
==============================================================================
--- head/databases/rubygem-activemodel/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/databases/rubygem-activemodel/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	activemodel
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG
 

Modified: head/databases/rubygem-activemodel/distinfo
==============================================================================
--- head/databases/rubygem-activemodel/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/databases/rubygem-activemodel/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activemodel-3.2.7.gem) = 3f26d0a483707fd1afa51d3d223edb4dc3a58f64b17967c5fdd3438a9878eabb
-SIZE (rubygem/activemodel-3.2.7.gem) = 45056
+SHA256 (rubygem/activemodel-3.2.8.gem) = 1b923af58a49050026148d3707d2f291f251e3788594e0f666e60d9052a4a527
+SIZE (rubygem/activemodel-3.2.8.gem) = 45056

Modified: head/databases/rubygem-activerecord/Makefile
==============================================================================
--- head/databases/rubygem-activerecord/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/databases/rubygem-activerecord/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	activerecord
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG
 

Modified: head/databases/rubygem-activerecord/distinfo
==============================================================================
--- head/databases/rubygem-activerecord/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/databases/rubygem-activerecord/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activerecord-3.2.7.gem) = ac88108e26250dfb47174c1236d2b53d180c95a67893d07d8bd0a1b43860447a
-SIZE (rubygem/activerecord-3.2.7.gem) = 389632
+SHA256 (rubygem/activerecord-3.2.8.gem) = 5cf7c68f8921708c84df3035c4274b6cc2a25510b52ef5a4037581fdeff30deb
+SIZE (rubygem/activerecord-3.2.8.gem) = 390144

Modified: head/devel/rubygem-activesupport/Makefile
==============================================================================
--- head/devel/rubygem-activesupport/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/devel/rubygem-activesupport/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	activesupport
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	devel rubygems
 MASTER_SITES=	RG
 

Modified: head/devel/rubygem-activesupport/distinfo
==============================================================================
--- head/devel/rubygem-activesupport/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/devel/rubygem-activesupport/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activesupport-3.2.7.gem) = 57ead42bd8d4405d2f180436a47059f13f586f7034a25d03614735d151f7ad67
-SIZE (rubygem/activesupport-3.2.7.gem) = 314880
+SHA256 (rubygem/activesupport-3.2.8.gem) = 708b2067c4a50a1118fcae61e008741fcd37d0d9faadab433f8760ee67524aef
+SIZE (rubygem/activesupport-3.2.8.gem) = 314880

Modified: head/mail/rubygem-actionmailer/Makefile
==============================================================================
--- head/mail/rubygem-actionmailer/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/mail/rubygem-actionmailer/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	actionmailer
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	mail rubygems
 MASTER_SITES=	RG
 

Modified: head/mail/rubygem-actionmailer/distinfo
==============================================================================
--- head/mail/rubygem-actionmailer/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/mail/rubygem-actionmailer/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/actionmailer-3.2.7.gem) = 215ac28cd776d5829fefd0a6309957aac90a7b2d2b2ea0ba13ab28eb599f5380
-SIZE (rubygem/actionmailer-3.2.7.gem) = 27136
+SHA256 (rubygem/actionmailer-3.2.8.gem) = e11fc08905b7f65137db2b1d97fe75d1920e516e442b1b32ffa863293b85bf51
+SIZE (rubygem/actionmailer-3.2.8.gem) = 27136

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/security/vuxml/vuln.xml	Fri Aug 10 02:50:53 2012	(r302373)
@@ -52,6 +52,51 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
+    <topic>rubygem-rails -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>rubygem-rails</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+      <package>
+	<name>rubygem-actionpack</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+      <package>
+	<name>rubygem-activesupport</name>
+	<range><lt>3.2.8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Rails core team reports:</p>
+	<blockquote cite="http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/">;
+	  <p>This version contains three important security fixes, please upgrade immediately.</p>
+	  <p>One of security fixes impacts all users and is related to HTML escaping code. The
+	     other two fixes impacts people using select_tag's prompt option and strip_tags
+	     helper from ActionPack.</p>
+	  <p>CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.</p>
+	  <p>CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.</p>
+	  <p>CVE-2012-3465 XSS Vulnerability in strip_tags.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-3463</cvename>
+      <cvename>CVE-2012-3464</cvename>
+      <cvename>CVE-2012-3465</cvename>
+      <url>https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ</url>;
+      <url>https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J</url>;
+      <url>https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J</url>;
+      <url>http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/</url>;
+    </references>
+    <dates>
+      <discovery>2012-08-08</discovery>
+      <entry>2012-08-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8675efd5-e22c-11e1-a808-002354ed89bc">
     <topic>sudosh -- buffer overflow</topic>
     <affects>

Modified: head/www/rubygem-actionpack/Makefile
==============================================================================
--- head/www/rubygem-actionpack/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-actionpack/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	actionpack
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-actionpack/distinfo
==============================================================================
--- head/www/rubygem-actionpack/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-actionpack/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/actionpack-3.2.7.gem) = 1b56a3c9daddf4c0dfda66ac7482c6e2f80c95a0c1d36045f60a6b19f08f148f
-SIZE (rubygem/actionpack-3.2.7.gem) = 379392
+SHA256 (rubygem/actionpack-3.2.8.gem) = e21eef12e2aaf5df30bab49ab1efbddb992781411a0e6f0ac67fc697901e08fd
+SIZE (rubygem/actionpack-3.2.8.gem) = 379392

Modified: head/www/rubygem-activeresource/Makefile
==============================================================================
--- head/www/rubygem-activeresource/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-activeresource/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	activeresource
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-activeresource/distinfo
==============================================================================
--- head/www/rubygem-activeresource/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-activeresource/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activeresource-3.2.7.gem) = 1c3e60e79abf585677c96e552b49741484dfc3f6e39ef1e0a9ef5bcdf7456cac
-SIZE (rubygem/activeresource-3.2.7.gem) = 36864
+SHA256 (rubygem/activeresource-3.2.8.gem) = c2a056f792864190c03d5fa5e0dec2d7926d4f0c5c6331084031de592ccf435a
+SIZE (rubygem/activeresource-3.2.8.gem) = 36864

Modified: head/www/rubygem-rails/Makefile
==============================================================================
--- head/www/rubygem-rails/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-rails/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	rails
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-rails/distinfo
==============================================================================
--- head/www/rubygem-rails/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-rails/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/rails-3.2.7.gem) = 8aad4faaabd497b3c4f07a02b9720e3111c7fa0967cf7d4d7a9c18b88d13997f
-SIZE (rubygem/rails-3.2.7.gem) = 3584
+SHA256 (rubygem/rails-3.2.8.gem) = f671d492f91e52e203c99cd989682df89993abaca8b4861732afe1413ead7fcc
+SIZE (rubygem/rails-3.2.8.gem) = 3584

Modified: head/www/rubygem-railties/Makefile
==============================================================================
--- head/www/rubygem-railties/Makefile	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-railties/Makefile	Fri Aug 10 02:50:53 2012	(r302373)
@@ -5,7 +5,7 @@
 # $FreeBSD$
 
 PORTNAME=	railties
-PORTVERSION=	3.2.7
+PORTVERSION=	3.2.8
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-railties/distinfo
==============================================================================
--- head/www/rubygem-railties/distinfo	Fri Aug 10 01:29:39 2012	(r302372)
+++ head/www/rubygem-railties/distinfo	Fri Aug 10 02:50:53 2012	(r302373)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/railties-3.2.7.gem) = 260544fa15fc05f48feab4b753be30216c954e6b81a00719d7aaae8d0887acc0
-SIZE (rubygem/railties-3.2.7.gem) = 1629696
+SHA256 (rubygem/railties-3.2.8.gem) = a4d3d7cea3490bf352f51cc6897e4ea62c9ee12a75671cfff55cc6f3450a5bff
+SIZE (rubygem/railties-3.2.8.gem) = 1630208

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208100250.q7A2osY2083143>