From owner-svn-ports-head@FreeBSD.ORG Thu Apr 11 11:30:05 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5495BDDA; Thu, 11 Apr 2013 11:30:05 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4497236B; Thu, 11 Apr 2013 11:30:05 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3BBU5L1038799; Thu, 11 Apr 2013 11:30:05 GMT (envelope-from bdrewery@svn.freebsd.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3BBU1hO038745; Thu, 11 Apr 2013 11:30:01 GMT (envelope-from bdrewery@svn.freebsd.org) Message-Id: <201304111130.r3BBU1hO038745@svn.freebsd.org> From: Bryan Drewery Date: Thu, 11 Apr 2013 11:30:01 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r315783 - in head: databases/rubygem-activemodel databases/rubygem-activerecord devel/rubygem-activesupport mail/rubygem-actionmailer mail/rubygem-mail security/vuxml www/rubygem-action... X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2013 11:30:05 -0000 Author: bdrewery Date: Thu Apr 11 11:30:00 2013 New Revision: 315783 URL: http://svnweb.freebsd.org/changeset/ports/315783 Log: - Update to 3.2.13 to fix security vulnerabilities - Update rubygem-mail to 2.5.3 as rubygem-actionmailer-3.2.13 requires it PR: ports/177709 Submitted by: Geoffroy Desvernay With hat: ruby Approved by: portmgr (implicit) Reviewed by: miwi Security: db0c4b00-a24c-11e2-9601-000d601460a4 Modified: head/databases/rubygem-activemodel/Makefile head/databases/rubygem-activemodel/distinfo head/databases/rubygem-activerecord/Makefile head/databases/rubygem-activerecord/distinfo head/devel/rubygem-activesupport/Makefile head/devel/rubygem-activesupport/distinfo head/mail/rubygem-actionmailer/Makefile head/mail/rubygem-actionmailer/distinfo head/mail/rubygem-mail/Makefile head/mail/rubygem-mail/distinfo head/security/vuxml/vuln.xml head/www/rubygem-actionpack/Makefile head/www/rubygem-actionpack/distinfo head/www/rubygem-activeresource/Makefile head/www/rubygem-activeresource/distinfo head/www/rubygem-rails/Makefile head/www/rubygem-rails/distinfo head/www/rubygem-railties/Makefile head/www/rubygem-railties/distinfo Modified: head/databases/rubygem-activemodel/Makefile ============================================================================== --- head/databases/rubygem-activemodel/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/databases/rubygem-activemodel/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= activemodel -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= databases rubygems MASTER_SITES= RG Modified: head/databases/rubygem-activemodel/distinfo ============================================================================== --- head/databases/rubygem-activemodel/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/databases/rubygem-activemodel/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/activemodel-3.2.12.gem) = 0edb1514612f49767c091e5fe873f8480606755af01f042fcc79f906bd9883f0 -SIZE (rubygem/activemodel-3.2.12.gem) = 44544 +SHA256 (rubygem/activemodel-3.2.13.gem) = c5c269b02b3d39eea3d4d8cc132319828a1a0a8e06c857a1310f80caa94fec52 +SIZE (rubygem/activemodel-3.2.13.gem) = 45056 Modified: head/databases/rubygem-activerecord/Makefile ============================================================================== --- head/databases/rubygem-activerecord/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/databases/rubygem-activerecord/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= activerecord -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= databases rubygems MASTER_SITES= RG Modified: head/databases/rubygem-activerecord/distinfo ============================================================================== --- head/databases/rubygem-activerecord/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/databases/rubygem-activerecord/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/activerecord-3.2.12.gem) = d16b747d7ed852e8ba3fbedd41731660463499678cec988e17c7b337b68f883a -SIZE (rubygem/activerecord-3.2.12.gem) = 291328 +SHA256 (rubygem/activerecord-3.2.13.gem) = 05ed0718b25202e6f1907c02f1bc55c5996962d7a4692272a3fd882dbcccb9fc +SIZE (rubygem/activerecord-3.2.13.gem) = 294400 Modified: head/devel/rubygem-activesupport/Makefile ============================================================================== --- head/devel/rubygem-activesupport/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/devel/rubygem-activesupport/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= activesupport -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= devel rubygems MASTER_SITES= RG Modified: head/devel/rubygem-activesupport/distinfo ============================================================================== --- head/devel/rubygem-activesupport/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/devel/rubygem-activesupport/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/activesupport-3.2.12.gem) = 4f53fa55e0aeb00f40c677c29e23da23bea2104edf160bbdf3af38d9f39d38be -SIZE (rubygem/activesupport-3.2.12.gem) = 287744 +SHA256 (rubygem/activesupport-3.2.13.gem) = 1e39ca69876634a38e344dd079d92b3ab27e1bde0b979b04d0e3252591a451ed +SIZE (rubygem/activesupport-3.2.13.gem) = 288768 Modified: head/mail/rubygem-actionmailer/Makefile ============================================================================== --- head/mail/rubygem-actionmailer/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/mail/rubygem-actionmailer/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= actionmailer -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= mail rubygems MASTER_SITES= RG Modified: head/mail/rubygem-actionmailer/distinfo ============================================================================== --- head/mail/rubygem-actionmailer/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/mail/rubygem-actionmailer/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/actionmailer-3.2.12.gem) = 87511b97ba5db5659eeecee6618dd3b3824498e136ad97f2d9318d70cbf74c66 -SIZE (rubygem/actionmailer-3.2.12.gem) = 22016 +SHA256 (rubygem/actionmailer-3.2.13.gem) = 06d83e3627598cf79e39b5cacc8c450693609bfc863d0c003114a995cb0a5c4f +SIZE (rubygem/actionmailer-3.2.13.gem) = 22016 Modified: head/mail/rubygem-mail/Makefile ============================================================================== --- head/mail/rubygem-mail/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/mail/rubygem-mail/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -1,12 +1,8 @@ -# Ports collection makefile for: rubygem-mail -# Date created: 30 Aug 2010 -# Whom: Eric Freeman -# +# Created by: Eric Freeman # $FreeBSD$ -# PORTNAME= mail -PORTVERSION= 2.4.4 +PORTVERSION= 2.5.3 PORTEPOCH= 1 CATEGORIES= mail rubygems MASTER_SITES= RG Modified: head/mail/rubygem-mail/distinfo ============================================================================== --- head/mail/rubygem-mail/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/mail/rubygem-mail/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/mail-2.4.4.gem) = 237625b7e70f8cd9615658e0963c9880094a974cfa9dda7325e3537bcba7be45 -SIZE (rubygem/mail-2.4.4.gem) = 121856 +SHA256 (rubygem/mail-2.5.3.gem) = 338dfc39e30665402aade821584970502e1e039fd972731fc95beff3991ad9a9 +SIZE (rubygem/mail-2.5.3.gem) = 269312 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Apr 11 10:03:50 2013 (r315782) +++ head/security/vuxml/vuln.xml Thu Apr 11 11:30:00 2013 (r315783) @@ -51,6 +51,60 @@ Note: Please add new entries to the beg --> + + rubygem-rails -- multiple vulnerabilities + + + rubygem-rails + 3.2.13 + + + rubygem-actionpack + 3.2.13 + + + rubygem-activerecord + 3.2.13 + + + rubygem-activesupport + 3.2.13 + + + + +

Ruby on Rails team reports:

+
+

Rails versions 3.2.13 has been released. This release + contains important security fixes. It is recommended + users upgrade as soon as possible.

+

Four vulnerabilities have been discovered and fixed:

+
    +
  1. (CVE-2013-1854) Symbol DoS vulnerability in Active Record
    2. +
  2. (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
    3. +
  3. (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
    4. +
  4. (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails
    5. +
+
+ + + + CVE-2013-1854 + CVE-2013-1856 + CVE-2013-1856 + CVE-2013-1857 + http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/ + https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0 + https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8 + https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI + https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI + + + 2013-03-18 + 2013-04-10 + + + NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode Modified: head/www/rubygem-actionpack/Makefile ============================================================================== --- head/www/rubygem-actionpack/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-actionpack/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= actionpack -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= www rubygems MASTER_SITES= RG Modified: head/www/rubygem-actionpack/distinfo ============================================================================== --- head/www/rubygem-actionpack/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-actionpack/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/actionpack-3.2.12.gem) = f32a027d87014aff404cfc2dac5c4a1077d81a9815cf1e1adc5a1f601cd5e8a6 -SIZE (rubygem/actionpack-3.2.12.gem) = 287232 +SHA256 (rubygem/actionpack-3.2.13.gem) = bc782459a0ea262e78e10a47d61ec1dfd37070a220766466f4e013c5f36873d4 +SIZE (rubygem/actionpack-3.2.13.gem) = 289280 Modified: head/www/rubygem-activeresource/Makefile ============================================================================== --- head/www/rubygem-activeresource/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-activeresource/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= activeresource -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= www rubygems MASTER_SITES= RG Modified: head/www/rubygem-activeresource/distinfo ============================================================================== --- head/www/rubygem-activeresource/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-activeresource/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/activeresource-3.2.12.gem) = d111d4d401d24b8b2236e9c946020123e4f99b40bb02cdd8c4ae373b923dbe36 -SIZE (rubygem/activeresource-3.2.12.gem) = 37888 +SHA256 (rubygem/activeresource-3.2.13.gem) = 3414f1db511b5cf2fa81a7638859b398b0ee6e0bdbbb9530254d8c86198197e4 +SIZE (rubygem/activeresource-3.2.13.gem) = 37888 Modified: head/www/rubygem-rails/Makefile ============================================================================== --- head/www/rubygem-rails/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-rails/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= rails -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= www rubygems MASTER_SITES= RG Modified: head/www/rubygem-rails/distinfo ============================================================================== --- head/www/rubygem-rails/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-rails/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/rails-3.2.12.gem) = bff3605849350b46cceab64e0b9136cd8743d45db902160c19bbd06fc9a956ca -SIZE (rubygem/rails-3.2.12.gem) = 4608 +SHA256 (rubygem/rails-3.2.13.gem) = dfc57cb7d289513dd89a99db6f714fbdb407223160abf98293b74be07724bcb8 +SIZE (rubygem/rails-3.2.13.gem) = 4608 Modified: head/www/rubygem-railties/Makefile ============================================================================== --- head/www/rubygem-railties/Makefile Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-railties/Makefile Thu Apr 11 11:30:00 2013 (r315783) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= railties -PORTVERSION= 3.2.12 +PORTVERSION= 3.2.13 CATEGORIES= www rubygems MASTER_SITES= RG Modified: head/www/rubygem-railties/distinfo ============================================================================== --- head/www/rubygem-railties/distinfo Thu Apr 11 10:03:50 2013 (r315782) +++ head/www/rubygem-railties/distinfo Thu Apr 11 11:30:00 2013 (r315783) @@ -1,2 +1,2 @@ -SHA256 (rubygem/railties-3.2.12.gem) = bcf15c2eef2a0bc1aa208304b89199287ed91243500ef9e212a187546cf01c35 -SIZE (rubygem/railties-3.2.12.gem) = 1591296 +SHA256 (rubygem/railties-3.2.13.gem) = 294fa4eb64c8b5fe1ebb60145f8faa4b5ca50eecab9db4805e36e94cadc38b07 +SIZE (rubygem/railties-3.2.13.gem) = 1587200