Bug 177709 - [PATCH] www/rubygem-rails and co: update to 3.2.13
Summary: [PATCH] www/rubygem-rails and co: update to 3.2.13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-08 12:30 UTC by geoffroy desvernay
Modified: 2013-04-11 12:40 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (7.90 KB, patch)
2013-04-08 12:30 UTC, geoffroy desvernay
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description geoffroy desvernay 2013-04-08 12:30:01 UTC
	- Update to 3.2.13
	(quick patch - may have to be reviewed by someone more fluent than I'm with ruby and gems)
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-04-08 12:30:15 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ruby

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Bryan Drewery freebsd_committer freebsd_triage 2013-04-10 20:22:27 UTC
Responsible Changed
From-To: ruby->bdrewery

I'll take it.
Comment 3 Bryan Drewery freebsd_committer freebsd_triage 2013-04-11 12:30:10 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 4 dfilter service freebsd_committer freebsd_triage 2013-04-11 12:30:22 UTC
Author: bdrewery
Date: Thu Apr 11 11:30:00 2013
New Revision: 315783
URL: http://svnweb.freebsd.org/changeset/ports/315783

Log:
  - Update to 3.2.13 to fix security vulnerabilities
  - Update rubygem-mail to 2.5.3 as rubygem-actionmailer-3.2.13 requires it
  
  PR:		ports/177709
  Submitted by:	Geoffroy Desvernay <dgeo@centrale-marseille.fr>
  With hat:	ruby
  Approved by:	portmgr (implicit)
  Reviewed by:	miwi
  Security:	db0c4b00-a24c-11e2-9601-000d601460a4

Modified:
  head/databases/rubygem-activemodel/Makefile
  head/databases/rubygem-activemodel/distinfo
  head/databases/rubygem-activerecord/Makefile
  head/databases/rubygem-activerecord/distinfo
  head/devel/rubygem-activesupport/Makefile
  head/devel/rubygem-activesupport/distinfo
  head/mail/rubygem-actionmailer/Makefile
  head/mail/rubygem-actionmailer/distinfo
  head/mail/rubygem-mail/Makefile
  head/mail/rubygem-mail/distinfo
  head/security/vuxml/vuln.xml
  head/www/rubygem-actionpack/Makefile
  head/www/rubygem-actionpack/distinfo
  head/www/rubygem-activeresource/Makefile
  head/www/rubygem-activeresource/distinfo
  head/www/rubygem-rails/Makefile
  head/www/rubygem-rails/distinfo
  head/www/rubygem-railties/Makefile
  head/www/rubygem-railties/distinfo

Modified: head/databases/rubygem-activemodel/Makefile
==============================================================================
--- head/databases/rubygem-activemodel/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/databases/rubygem-activemodel/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	activemodel
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG
 

Modified: head/databases/rubygem-activemodel/distinfo
==============================================================================
--- head/databases/rubygem-activemodel/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/databases/rubygem-activemodel/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activemodel-3.2.12.gem) = 0edb1514612f49767c091e5fe873f8480606755af01f042fcc79f906bd9883f0
-SIZE (rubygem/activemodel-3.2.12.gem) = 44544
+SHA256 (rubygem/activemodel-3.2.13.gem) = c5c269b02b3d39eea3d4d8cc132319828a1a0a8e06c857a1310f80caa94fec52
+SIZE (rubygem/activemodel-3.2.13.gem) = 45056

Modified: head/databases/rubygem-activerecord/Makefile
==============================================================================
--- head/databases/rubygem-activerecord/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/databases/rubygem-activerecord/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	activerecord
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	databases rubygems
 MASTER_SITES=	RG
 

Modified: head/databases/rubygem-activerecord/distinfo
==============================================================================
--- head/databases/rubygem-activerecord/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/databases/rubygem-activerecord/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activerecord-3.2.12.gem) = d16b747d7ed852e8ba3fbedd41731660463499678cec988e17c7b337b68f883a
-SIZE (rubygem/activerecord-3.2.12.gem) = 291328
+SHA256 (rubygem/activerecord-3.2.13.gem) = 05ed0718b25202e6f1907c02f1bc55c5996962d7a4692272a3fd882dbcccb9fc
+SIZE (rubygem/activerecord-3.2.13.gem) = 294400

Modified: head/devel/rubygem-activesupport/Makefile
==============================================================================
--- head/devel/rubygem-activesupport/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/devel/rubygem-activesupport/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	activesupport
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	devel rubygems
 MASTER_SITES=	RG
 

Modified: head/devel/rubygem-activesupport/distinfo
==============================================================================
--- head/devel/rubygem-activesupport/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/devel/rubygem-activesupport/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activesupport-3.2.12.gem) = 4f53fa55e0aeb00f40c677c29e23da23bea2104edf160bbdf3af38d9f39d38be
-SIZE (rubygem/activesupport-3.2.12.gem) = 287744
+SHA256 (rubygem/activesupport-3.2.13.gem) = 1e39ca69876634a38e344dd079d92b3ab27e1bde0b979b04d0e3252591a451ed
+SIZE (rubygem/activesupport-3.2.13.gem) = 288768

Modified: head/mail/rubygem-actionmailer/Makefile
==============================================================================
--- head/mail/rubygem-actionmailer/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/mail/rubygem-actionmailer/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	actionmailer
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	mail rubygems
 MASTER_SITES=	RG
 

Modified: head/mail/rubygem-actionmailer/distinfo
==============================================================================
--- head/mail/rubygem-actionmailer/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/mail/rubygem-actionmailer/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/actionmailer-3.2.12.gem) = 87511b97ba5db5659eeecee6618dd3b3824498e136ad97f2d9318d70cbf74c66
-SIZE (rubygem/actionmailer-3.2.12.gem) = 22016
+SHA256 (rubygem/actionmailer-3.2.13.gem) = 06d83e3627598cf79e39b5cacc8c450693609bfc863d0c003114a995cb0a5c4f
+SIZE (rubygem/actionmailer-3.2.13.gem) = 22016

Modified: head/mail/rubygem-mail/Makefile
==============================================================================
--- head/mail/rubygem-mail/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/mail/rubygem-mail/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,12 +1,8 @@
-# Ports collection makefile for:	rubygem-mail
-# Date created:				30 Aug 2010
-# Whom:					Eric Freeman <freebsdports@chillibear.com>
-#
+# Created by: Eric Freeman <freebsdports@chillibear.com>
 # $FreeBSD$
-#
 
 PORTNAME=	mail
-PORTVERSION=	2.4.4
+PORTVERSION=	2.5.3
 PORTEPOCH=	1
 CATEGORIES=	mail rubygems
 MASTER_SITES=	RG

Modified: head/mail/rubygem-mail/distinfo
==============================================================================
--- head/mail/rubygem-mail/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/mail/rubygem-mail/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/mail-2.4.4.gem) = 237625b7e70f8cd9615658e0963c9880094a974cfa9dda7325e3537bcba7be45
-SIZE (rubygem/mail-2.4.4.gem) = 121856
+SHA256 (rubygem/mail-2.5.3.gem) = 338dfc39e30665402aade821584970502e1e039fd972731fc95beff3991ad9a9
+SIZE (rubygem/mail-2.5.3.gem) = 269312

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/security/vuxml/vuln.xml	Thu Apr 11 11:30:00 2013	(r315783)
@@ -51,6 +51,60 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="db0c4b00-a24c-11e2-9601-000d601460a4">
+    <topic>rubygem-rails -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>rubygem-rails</name>
+	<range><lt>3.2.13</lt></range>
+      </package>
+      <package>
+	<name>rubygem-actionpack</name>
+	<range><lt>3.2.13</lt></range>
+      </package>
+      <package>
+	<name>rubygem-activerecord</name>
+	<range><lt>3.2.13</lt></range>
+      </package>
+      <package>
+	<name>rubygem-activesupport</name>
+	<range><lt>3.2.13</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Ruby on Rails team reports:</p>
+	<blockquote cite="http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/">
+	  <p>Rails versions 3.2.13 has been released. This release
+	  contains important security fixes.  It is recommended
+	  users upgrade as soon as possible.</p>
+	  <p>Four vulnerabilities have been discovered and fixed:</p>
+	  <ol>
+	    <li>(CVE-2013-1854) Symbol DoS vulnerability in Active Record</li>
+	    <li>(CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack</li>
+	    <li>(CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users</li>
+	    <li>(CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails</li>
+	  </ol>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2013-1854</cvename>
+	<cvename>CVE-2013-1856</cvename>
+	<cvename>CVE-2013-1856</cvename>
+	<cvename>CVE-2013-1857</cvename>
+	<url>http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/</url>
+	<url>https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0</url>
+	<url>https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8</url>
+	<url>https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI</url>
+	<url>https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI</url>
+    </references>
+    <dates>
+      <discovery>2013-03-18</discovery>
+      <entry>2013-04-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="1431f2d6-a06e-11e2-b9e0-001636d274f3">
     <topic>NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode</topic>
     <affects>

Modified: head/www/rubygem-actionpack/Makefile
==============================================================================
--- head/www/rubygem-actionpack/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-actionpack/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	actionpack
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-actionpack/distinfo
==============================================================================
--- head/www/rubygem-actionpack/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-actionpack/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/actionpack-3.2.12.gem) = f32a027d87014aff404cfc2dac5c4a1077d81a9815cf1e1adc5a1f601cd5e8a6
-SIZE (rubygem/actionpack-3.2.12.gem) = 287232
+SHA256 (rubygem/actionpack-3.2.13.gem) = bc782459a0ea262e78e10a47d61ec1dfd37070a220766466f4e013c5f36873d4
+SIZE (rubygem/actionpack-3.2.13.gem) = 289280

Modified: head/www/rubygem-activeresource/Makefile
==============================================================================
--- head/www/rubygem-activeresource/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-activeresource/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	activeresource
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-activeresource/distinfo
==============================================================================
--- head/www/rubygem-activeresource/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-activeresource/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/activeresource-3.2.12.gem) = d111d4d401d24b8b2236e9c946020123e4f99b40bb02cdd8c4ae373b923dbe36
-SIZE (rubygem/activeresource-3.2.12.gem) = 37888
+SHA256 (rubygem/activeresource-3.2.13.gem) = 3414f1db511b5cf2fa81a7638859b398b0ee6e0bdbbb9530254d8c86198197e4
+SIZE (rubygem/activeresource-3.2.13.gem) = 37888

Modified: head/www/rubygem-rails/Makefile
==============================================================================
--- head/www/rubygem-rails/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-rails/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	rails
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-rails/distinfo
==============================================================================
--- head/www/rubygem-rails/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-rails/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/rails-3.2.12.gem) = bff3605849350b46cceab64e0b9136cd8743d45db902160c19bbd06fc9a956ca
-SIZE (rubygem/rails-3.2.12.gem) = 4608
+SHA256 (rubygem/rails-3.2.13.gem) = dfc57cb7d289513dd89a99db6f714fbdb407223160abf98293b74be07724bcb8
+SIZE (rubygem/rails-3.2.13.gem) = 4608

Modified: head/www/rubygem-railties/Makefile
==============================================================================
--- head/www/rubygem-railties/Makefile	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-railties/Makefile	Thu Apr 11 11:30:00 2013	(r315783)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	railties
-PORTVERSION=	3.2.12
+PORTVERSION=	3.2.13
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 

Modified: head/www/rubygem-railties/distinfo
==============================================================================
--- head/www/rubygem-railties/distinfo	Thu Apr 11 10:03:50 2013	(r315782)
+++ head/www/rubygem-railties/distinfo	Thu Apr 11 11:30:00 2013	(r315783)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/railties-3.2.12.gem) = bcf15c2eef2a0bc1aa208304b89199287ed91243500ef9e212a187546cf01c35
-SIZE (rubygem/railties-3.2.12.gem) = 1591296
+SHA256 (rubygem/railties-3.2.13.gem) = 294fa4eb64c8b5fe1ebb60145f8faa4b5ca50eecab9db4805e36e94cadc38b07
+SIZE (rubygem/railties-3.2.13.gem) = 1587200
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"