Wed Jun 22 15:39:58 2022 UTC ()
devel/ruby-redmin42: update to 4.2.7

From release announce on 2022-06-21:

Redmine 4.2.7 and 5.0.2 have been released and are available for download,
you can review the changes in the Changelog.

These maintenance releases fixes some important issues and multiple security
fixes that were found in the latest Redmine 4.2.* and 5.0.* versions.

Security:

1. Updates commonmark gem version to 0.23.4 when Ruby >= 2.6 is used in
   order to fix a remote code execution vulnerability.  Because the fixed
   version of the gem doesn't support Ruby 2.5, those instances that are
   using Redmine 5.0.*, Commonmark and Ruby 2.5, it is highly recommended to
   update Ruby version to at least 2.6 because it's the only way to get the
   update and the fix.  Also, the next major Redmine version (5.1.0) already
   dropped support for Ruby 2.5 (#37159).

2. Updates jQuery UI to 1.31.1 to fix 3 medium severity XSS vulnerabilities

3. Fixes unauthorised Information Leak in QueryAssociationColumn and
   QueryAssociationCustomFieldColumn when the user has no permission to view
   on the associated object

Many thanks to Liane Hampe and Felix Sch辰fer for reporting these security
issues and to Holger Just and Felix Sch辰fer for their work on fixing all
these issues.


(taca)
diff -r1.10 -r1.11 pkgsrc/devel/ruby-redmine42/Makefile
diff -r1.2 -r1.3 pkgsrc/devel/ruby-redmine42/PLIST
diff -r1.9 -r1.10 pkgsrc/devel/ruby-redmine42/distinfo
cvs diff -r1.10 -r1.11 pkgsrc/devel/ruby-redmine42/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/Attic/Makefile 2022/06/15 14:22:55 1.10
+++ pkgsrc/devel/ruby-redmine42/Attic/Makefile 2022/06/22 15:39:58 1.11
@@ -1,28 +1,28 @@ @@ -1,28 +1,28 @@
1# $NetBSD: Makefile,v 1.10 2022/06/15 14:22:55 taca Exp $ 1# $NetBSD: Makefile,v 1.11 2022/06/22 15:39:58 taca Exp $
2 2
3DISTNAME= redmine-${RM_VERSION} 3DISTNAME= redmine-${RM_VERSION}
4PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/} 4PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/}
5CATEGORIES= devel 5CATEGORIES= devel
6MASTER_SITES= https://www.redmine.org/releases/ 6MASTER_SITES= https://www.redmine.org/releases/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= https://www.redmine.org/ 9HOMEPAGE= https://www.redmine.org/
10COMMENT= Flexible project management web application 10COMMENT= Flexible project management web application
11LICENSE= gnu-gpl-v2 # and so on. 11LICENSE= gnu-gpl-v2 # and so on.
12 12
13USE_TOOLS+= pax 13USE_TOOLS+= pax
14 14
15RM_VERSION= 4.2.6 15RM_VERSION= 4.2.7
16 16
17NO_BUILD= yes 17NO_BUILD= yes
18 18
19RUBY_VERSIONS_ACCEPTED= 26 27 19RUBY_VERSIONS_ACCEPTED= 26 27
20 20
21RUBY_RAILS_ACCEPTED= 52 21RUBY_RAILS_ACCEPTED= 52
22 22
23OVERRIDE_GEMSPEC+= csv>=3.1.1 i18n>=1.8.2 nokogiri>=1.11.0 \ 23OVERRIDE_GEMSPEC+= csv>=3.1.1 i18n>=1.8.2 nokogiri>=1.11.0 \
24 mini_mime>=1.0.1 24 mini_mime>=1.0.1
25 25
26REPLACE_RUBY+= bin/* 26REPLACE_RUBY+= bin/*
27REPLACE_RUBY+= extra/mail_handler/rdm-mailhandler.rb 27REPLACE_RUBY+= extra/mail_handler/rdm-mailhandler.rb
28REPLACE_RUBY+= extra/svn/reposman.rb 28REPLACE_RUBY+= extra/svn/reposman.rb
cvs diff -r1.2 -r1.3 pkgsrc/devel/ruby-redmine42/Attic/PLIST (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/Attic/PLIST 2022/04/03 05:36:02 1.2
+++ pkgsrc/devel/ruby-redmine42/Attic/PLIST 2022/06/22 15:39:58 1.3
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.2 2022/04/03 05:36:02 taca Exp $ 1@comment $NetBSD: PLIST,v 1.3 2022/06/22 15:39:58 taca Exp $
2bin/redmine42_generate_secret_token${RUBY_SUFFIX}.sh 2bin/redmine42_generate_secret_token${RUBY_SUFFIX}.sh
3bin/redmine42_load_default_data${RUBY_SUFFIX}.sh 3bin/redmine42_load_default_data${RUBY_SUFFIX}.sh
4bin/redmine42_migrate_db${RUBY_SUFFIX}.sh 4bin/redmine42_migrate_db${RUBY_SUFFIX}.sh
5bin/redmine42_migrate_plugins${RUBY_SUFFIX}.sh 5bin/redmine42_migrate_plugins${RUBY_SUFFIX}.sh
6${RUBY_EG}-redmine42/additional_environment.rb.example 6${RUBY_EG}-redmine42/additional_environment.rb.example
7${RUBY_EG}-redmine42/configuration.yml.example 7${RUBY_EG}-redmine42/configuration.yml.example
8${RUBY_EG}-redmine42/database.yml.example 8${RUBY_EG}-redmine42/database.yml.example
9${PLIST.unicorn}${RUBY_EG}-redmine42/unicorn.rb.example 9${PLIST.unicorn}${RUBY_EG}-redmine42/unicorn.rb.example
10share/${RUBY_NAME}-redmine42/CONTRIBUTING.md 10share/${RUBY_NAME}-redmine42/CONTRIBUTING.md
11share/${RUBY_NAME}-redmine42/Gemfile 11share/${RUBY_NAME}-redmine42/Gemfile
12${PLIST.unicorn}share/${RUBY_NAME}-redmine42/Gemfile.local 12${PLIST.unicorn}share/${RUBY_NAME}-redmine42/Gemfile.local
13share/${RUBY_NAME}-redmine42/README.rdoc 13share/${RUBY_NAME}-redmine42/README.rdoc
14share/${RUBY_NAME}-redmine42/Rakefile 14share/${RUBY_NAME}-redmine42/Rakefile
@@ -1603,27 +1603,27 @@ share/${RUBY_NAME}-redmine42/public/java @@ -1603,27 +1603,27 @@ share/${RUBY_NAME}-redmine42/public/java
1603share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-ro.js 1603share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-ro.js
1604share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-ru.js 1604share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-ru.js
1605share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sk.js 1605share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sk.js
1606share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sl.js 1606share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sl.js
1607share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sq.js 1607share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sq.js
1608share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sr.js 1608share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sr.js
1609share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sv.js 1609share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-sv.js
1610share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-th.js 1610share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-th.js
1611share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-tr.js 1611share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-tr.js
1612share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-uk.js 1612share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-uk.js
1613share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-vi.js 1613share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-vi.js
1614share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-zh-CN.js 1614share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-zh-CN.js
1615share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-zh-TW.js 1615share/${RUBY_NAME}-redmine42/public/javascripts/i18n/datepicker-zh-TW.js
1616share/${RUBY_NAME}-redmine42/public/javascripts/jquery-3.5.1-ui-1.12.1-ujs-5.2.4.5.js 1616share/${RUBY_NAME}-redmine42/public/javascripts/jquery-3.6.0-ui-1.13.1-ujs-5.2.4.5.js
1617share/${RUBY_NAME}-redmine42/public/javascripts/jquery-migrate-3.3.2.min.js 1617share/${RUBY_NAME}-redmine42/public/javascripts/jquery-migrate-3.3.2.min.js
1618share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/jstoolbar.js 1618share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/jstoolbar.js
1619share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-ar.js 1619share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-ar.js
1620share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-az.js 1620share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-az.js
1621share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-bg.js 1621share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-bg.js
1622share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-bs.js 1622share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-bs.js
1623share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-ca.js 1623share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-ca.js
1624share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-cs.js 1624share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-cs.js
1625share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-da.js 1625share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-da.js
1626share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-de.js 1626share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-de.js
1627share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-en-gb.js 1627share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-en-gb.js
1628share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-en.js 1628share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-en.js
1629share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-es-pa.js 1629share/${RUBY_NAME}-redmine42/public/javascripts/jstoolbar/lang/jstoolbar-es-pa.js
@@ -1675,27 +1675,27 @@ share/${RUBY_NAME}-redmine42/public/java @@ -1675,27 +1675,27 @@ share/${RUBY_NAME}-redmine42/public/java
1675share/${RUBY_NAME}-redmine42/public/javascripts/tablesort-5.2.1.number.min.js 1675share/${RUBY_NAME}-redmine42/public/javascripts/tablesort-5.2.1.number.min.js
1676share/${RUBY_NAME}-redmine42/public/javascripts/tribute-5.1.3.min.js 1676share/${RUBY_NAME}-redmine42/public/javascripts/tribute-5.1.3.min.js
1677share/${RUBY_NAME}-redmine42/public/javascripts/tribute.min.js.map 1677share/${RUBY_NAME}-redmine42/public/javascripts/tribute.min.js.map
1678share/${RUBY_NAME}-redmine42/public/plugin_assets/empty 1678share/${RUBY_NAME}-redmine42/public/plugin_assets/empty
1679share/${RUBY_NAME}-redmine42/public/stylesheets/application.css 1679share/${RUBY_NAME}-redmine42/public/stylesheets/application.css
1680share/${RUBY_NAME}-redmine42/public/stylesheets/context_menu.css 1680share/${RUBY_NAME}-redmine42/public/stylesheets/context_menu.css
1681share/${RUBY_NAME}-redmine42/public/stylesheets/context_menu_rtl.css 1681share/${RUBY_NAME}-redmine42/public/stylesheets/context_menu_rtl.css
1682share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_444444_256x240.png 1682share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_444444_256x240.png
1683share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_555555_256x240.png 1683share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_555555_256x240.png
1684share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_777620_256x240.png 1684share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_777620_256x240.png
1685share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_777777_256x240.png 1685share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_777777_256x240.png
1686share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_cc0000_256x240.png 1686share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_cc0000_256x240.png
1687share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_ffffff_256x240.png 1687share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/images/ui-icons_ffffff_256x240.png
1688share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/jquery-ui-1.12.1.css 1688share/${RUBY_NAME}-redmine42/public/stylesheets/jquery/jquery-ui-1.13.1.css
1689share/${RUBY_NAME}-redmine42/public/stylesheets/jstoolbar.css 1689share/${RUBY_NAME}-redmine42/public/stylesheets/jstoolbar.css
1690share/${RUBY_NAME}-redmine42/public/stylesheets/responsive.css 1690share/${RUBY_NAME}-redmine42/public/stylesheets/responsive.css
1691share/${RUBY_NAME}-redmine42/public/stylesheets/rtl.css 1691share/${RUBY_NAME}-redmine42/public/stylesheets/rtl.css
1692share/${RUBY_NAME}-redmine42/public/stylesheets/scm.css 1692share/${RUBY_NAME}-redmine42/public/stylesheets/scm.css
1693share/${RUBY_NAME}-redmine42/public/stylesheets/tribute-5.1.3.css 1693share/${RUBY_NAME}-redmine42/public/stylesheets/tribute-5.1.3.css
1694share/${RUBY_NAME}-redmine42/public/themes/README 1694share/${RUBY_NAME}-redmine42/public/themes/README
1695share/${RUBY_NAME}-redmine42/public/themes/alternate/stylesheets/application.css 1695share/${RUBY_NAME}-redmine42/public/themes/alternate/stylesheets/application.css
1696share/${RUBY_NAME}-redmine42/public/themes/classic/images/home.png 1696share/${RUBY_NAME}-redmine42/public/themes/classic/images/home.png
1697share/${RUBY_NAME}-redmine42/public/themes/classic/images/wrench.png 1697share/${RUBY_NAME}-redmine42/public/themes/classic/images/wrench.png
1698share/${RUBY_NAME}-redmine42/public/themes/classic/stylesheets/application.css 1698share/${RUBY_NAME}-redmine42/public/themes/classic/stylesheets/application.css
1699share/${RUBY_NAME}-redmine42/test/application_system_test_case.rb 1699share/${RUBY_NAME}-redmine42/test/application_system_test_case.rb
1700share/${RUBY_NAME}-redmine42/test/controllers/empty 1700share/${RUBY_NAME}-redmine42/test/controllers/empty
1701share/${RUBY_NAME}-redmine42/test/coverage/html_formatter.rb 1701share/${RUBY_NAME}-redmine42/test/coverage/html_formatter.rb
cvs diff -r1.9 -r1.10 pkgsrc/devel/ruby-redmine42/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/Attic/distinfo 2022/06/15 14:22:55 1.9
+++ pkgsrc/devel/ruby-redmine42/Attic/distinfo 2022/06/22 15:39:58 1.10
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
1$NetBSD: distinfo,v 1.9 2022/06/15 14:22:55 taca Exp $ 1$NetBSD: distinfo,v 1.10 2022/06/22 15:39:58 taca Exp $
2 2
3BLAKE2s (redmine-4.2.6.tar.gz) = 3e87ec7b1a4568d0d46cc8868d3ecd8481687411fce813eb50e50f5e0a7058de 3BLAKE2s (redmine-4.2.7.tar.gz) = 3e692c8190c896d0f40deb94a709494448622d68a03531323effdc015af0d8ad
4SHA512 (redmine-4.2.6.tar.gz) = 4071783917627927c0239cd3fefbc04a48706c28cd63b7fb09b5d234698b5847cc66f27dd717ee8d144385174471361b73b781799f02b73a49e141a6cbdd4077 4SHA512 (redmine-4.2.7.tar.gz) = 6654aec3981de8b26de416d253c22c91d881dd7df54192ce41e6e99213c6f4b0947ce213fe484c18117f8701d0528ebb23fe3acf335f84638eeddd972b601be9
5Size (redmine-4.2.6.tar.gz) = 3041632 bytes 5Size (redmine-4.2.7.tar.gz) = 3042676 bytes
6SHA1 (patch-Gemfile) = 45289d38e0209c7393c199e5e915afca8f25fb7b 6SHA1 (patch-Gemfile) = 45289d38e0209c7393c199e5e915afca8f25fb7b
7SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff 7SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff