Sat Dec 3 06:40:09 2022 UTC ()
devel/ruby-redmine42: update to 4.2.9

4.2.9 (2022-12-01)

This is security release.

* Fix CVE-2022-44031: Persistent XSS in textile formatting due to blockquote
  citation (#37751)

* Fix CVE-2021-44637: Redmine contains a cross-site scripting vulnerability
  (#37767)

* Open Redirect in attachments#download_all (#37880)


(taca)
diff -r1.16 -r1.17 pkgsrc/devel/ruby-redmine42/Makefile
diff -r1.11 -r1.12 pkgsrc/devel/ruby-redmine42/distinfo
diff -r1.7 -r1.8 pkgsrc/devel/ruby-redmine42/patches/patch-Gemfile
cvs diff -r1.16 -r1.17 pkgsrc/devel/ruby-redmine42/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/Attic/Makefile 2022/10/10 03:24:52 1.16
+++ pkgsrc/devel/ruby-redmine42/Attic/Makefile 2022/12/03 06:40:09 1.17
@@ -1,28 +1,28 @@ @@ -1,28 +1,28 @@
1# $NetBSD: Makefile,v 1.16 2022/10/10 03:24:52 taca Exp $ 1# $NetBSD: Makefile,v 1.17 2022/12/03 06:40:09 taca Exp $
2 2
3DISTNAME= redmine-${RM_VERSION} 3DISTNAME= redmine-${RM_VERSION}
4PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/} 4PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/}
5CATEGORIES= devel 5CATEGORIES= devel
6MASTER_SITES= https://www.redmine.org/releases/ 6MASTER_SITES= https://www.redmine.org/releases/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= https://www.redmine.org/ 9HOMEPAGE= https://www.redmine.org/
10COMMENT= Flexible project management web application 10COMMENT= Flexible project management web application
11LICENSE= gnu-gpl-v2 # and so on. 11LICENSE= gnu-gpl-v2 # and so on.
12 12
13USE_TOOLS+= pax 13USE_TOOLS+= pax
14 14
15RM_VERSION= 4.2.8 15RM_VERSION= 4.2.9
16 16
17NO_BUILD= yes 17NO_BUILD= yes
18 18
19RUBY_VERSIONS_ACCEPTED= 27 19RUBY_VERSIONS_ACCEPTED= 27
20 20
21RUBY_RAILS_ACCEPTED= 52 21RUBY_RAILS_ACCEPTED= 52
22 22
23OVERRIDE_GEMSPEC+= csv>=3.1.1 i18n>=1.8.2 mini_mime>=1.0.1 23OVERRIDE_GEMSPEC+= csv>=3.1.1 i18n>=1.8.2 mini_mime>=1.0.1
24 24
25REPLACE_RUBY+= bin/* 25REPLACE_RUBY+= bin/*
26REPLACE_RUBY+= extra/mail_handler/rdm-mailhandler.rb 26REPLACE_RUBY+= extra/mail_handler/rdm-mailhandler.rb
27REPLACE_RUBY+= extra/svn/reposman.rb 27REPLACE_RUBY+= extra/svn/reposman.rb
28REPLACE_RUBY+= public/dispatch.fcgi.example 28REPLACE_RUBY+= public/dispatch.fcgi.example
cvs diff -r1.11 -r1.12 pkgsrc/devel/ruby-redmine42/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/Attic/distinfo 2022/10/09 15:31:46 1.11
+++ pkgsrc/devel/ruby-redmine42/Attic/distinfo 2022/12/03 06:40:09 1.12
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
1$NetBSD: distinfo,v 1.11 2022/10/09 15:31:46 taca Exp $ 1$NetBSD: distinfo,v 1.12 2022/12/03 06:40:09 taca Exp $
2 2
3BLAKE2s (redmine-4.2.8.tar.gz) = 680e3838dc1c094b38e053edac9099c015bae2ed77ebb9d8cc439722eff63b8e 3BLAKE2s (redmine-4.2.9.tar.gz) = f13f82335fd8c8d069a51dd556ff4487d7b5f90b9cab0eb569bd49099c4b8fe7
4SHA512 (redmine-4.2.8.tar.gz) = 0cb2d1d8d700503855ac626a056413035cd14d46b6fca0a312461ab112c990b2eaeaa4212c3be5738df8c145160ac4ae0dfb1c2d21586e953452d09b782cc748 4SHA512 (redmine-4.2.9.tar.gz) = b0c6cade20dbcb4dd5c88081fb44f63dc3687b3735d47572e71bfeff0e17d2e4c9281afc10cf3b9679ab1e492a71a260a1d3fac5b660af5226849ccac4e0dd36
5Size (redmine-4.2.8.tar.gz) = 3043322 bytes 5Size (redmine-4.2.9.tar.gz) = 3043566 bytes
6SHA1 (patch-Gemfile) = 5b3dcc200f2e62ebec6e1ad0be4217ac06229869 6SHA1 (patch-Gemfile) = 995dc55fcf3f8b77eade831d24918b0445180366
7SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff 7SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff
cvs diff -r1.7 -r1.8 pkgsrc/devel/ruby-redmine42/patches/Attic/patch-Gemfile (expand / switch to unified diff)

--- pkgsrc/devel/ruby-redmine42/patches/Attic/patch-Gemfile 2022/10/09 15:31:46 1.7
+++ pkgsrc/devel/ruby-redmine42/patches/Attic/patch-Gemfile 2022/12/03 06:40:09 1.8
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: patch-Gemfile,v 1.7 2022/10/09 15:31:46 taca Exp $ 1$NetBSD: patch-Gemfile,v 1.8 2022/12/03 06:40:09 taca Exp $
2 2
3Relax dependency. 3Relax dependency.
4 4
5--- Gemfile.orig 2022-10-02 20:10:08.000000000 +0000 5--- Gemfile.orig 2022-12-01 15:40:06.000000000 +0000
6+++ Gemfile 6+++ Gemfile
7@@ -3,17 +3,17 @@ source 'https://rubygems.org' 7@@ -3,17 +3,17 @@ source 'https://rubygems.org'
8 ruby '>= 2.4.0', '< 2.8.0' 8 ruby '>= 2.4.0', '< 2.8.0'
9 gem 'bundler', '>= 1.12.0' 9 gem 'bundler', '>= 1.12.0'
10  10
11-gem 'rails', '5.2.8.1' 11-gem 'rails', '5.2.8.1'
12+gem 'rails', '~> 5.2.8' 12+gem 'rails', '~> 5.2.8'
13 gem 'sprockets', '~> 3.7.2' if RUBY_VERSION < '2.5' 13 gem 'sprockets', '~> 3.7.2' if RUBY_VERSION < '2.5'
14 gem 'globalid', '~> 0.4.2' if Gem.ruby_version < Gem::Version.new('2.6.0') 14 gem 'globalid', '~> 0.4.2' if Gem.ruby_version < Gem::Version.new('2.6.0')
15-gem 'rouge', '~> 3.26.0' 15-gem 'rouge', '~> 3.26.0'
16+gem 'rouge', '>= 3.26.0' 16+gem 'rouge', '>= 3.26.0'
17 gem 'request_store', '~> 1.5.0' 17 gem 'request_store', '~> 1.5.0'
18-gem "mini_mime", "~> 1.0.1" 18-gem "mini_mime", "~> 1.0.1"
@@ -34,40 +34,41 @@ Relax dependency. @@ -34,40 +34,41 @@ Relax dependency.
34+gem 'i18n', '~> 1.8' 34+gem 'i18n', '~> 1.8'
35 gem "rbpdf", "~> 1.20.0" 35 gem "rbpdf", "~> 1.20.0"
36 gem 'addressable' 36 gem 'addressable'
37 gem 'rubyzip', '~> 2.3.0' 37 gem 'rubyzip', '~> 2.3.0'
38@@ -70,7 +70,7 @@ if File.exist?(database_file) 38@@ -70,7 +70,7 @@ if File.exist?(database_file)
39 when 'mysql2' 39 when 'mysql2'
40 gem "mysql2", "~> 0.5.0", :platforms => [:mri, :mingw, :x64_mingw] 40 gem "mysql2", "~> 0.5.0", :platforms => [:mri, :mingw, :x64_mingw]
41 when /postgresql/ 41 when /postgresql/
42- gem "pg", "~> 1.2.2", :platforms => [:mri, :mingw, :x64_mingw] 42- gem "pg", "~> 1.2.2", :platforms => [:mri, :mingw, :x64_mingw]
43+ gem "pg", "~> 1.2", :platforms => [:mri, :mingw, :x64_mingw] 43+ gem "pg", "~> 1.2", :platforms => [:mri, :mingw, :x64_mingw]
44 when /sqlite3/ 44 when /sqlite3/
45 gem "sqlite3", "~> 1.4.0", :platforms => [:mri, :mingw, :x64_mingw] 45 gem "sqlite3", "~> 1.4.0", :platforms => [:mri, :mingw, :x64_mingw]
46 when /sqlserver/ 46 when /sqlserver/
47@@ -87,26 +87,6 @@ else 47@@ -87,27 +87,6 @@ else
48 warn("Please configure your config/database.yml first") 48 warn("Please configure your config/database.yml first")
49 end 49 end
50  50
51-group :development do 51-group :development do
52- gem "yard" 52- gem "yard"
53-end 53-end
54- 54-
55-group :test do 55-group :test do
56- gem "rails-dom-testing" 56- gem "rails-dom-testing"
57- gem 'mocha', '>= 1.4.0' 57- gem 'mocha', (Gem.ruby_version < Gem::Version.new('2.7.0') ? ['>= 1.4.0', '< 2.0.0'] : '>= 1.4.0')
58- gem 'simplecov', '~> 0.18.5', :require => false 58- gem 'simplecov', '~> 0.18.5', :require => false
59- gem "ffi", platforms: [:mingw, :x64_mingw, :mswin] 59- gem "ffi", platforms: [:mingw, :x64_mingw, :mswin]
60- # For running system tests 60- # For running system tests
61- gem 'puma' 61- # TODO: Remove version specification once Capybara supports Puma 6
 62- gem 'puma', '< 6.0.0'
62- gem 'capybara', '~> 3.31.0' 63- gem 'capybara', '~> 3.31.0'
63- gem "selenium-webdriver" 64- gem "selenium-webdriver", "~> 3.142.7"
64- gem 'webdrivers', '~> 4.4', require: false 65- gem 'webdrivers', '~> 4.4', require: false
65- # RuboCop 66- # RuboCop
66- gem 'rubocop', '~> 1.12.0' 67- gem 'rubocop', '~> 1.12.0'
67- gem 'rubocop-performance', '~> 1.10.1' 68- gem 'rubocop-performance', '~> 1.10.1'
68- gem 'rubocop-rails', '~> 2.9.0' 69- gem 'rubocop-rails', '~> 2.9.0'
69-end 70-end
70- 71-
71 local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local") 72 local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
72 if File.exists?(local_gemfile) 73 if File.exists?(local_gemfile)
73 eval_gemfile local_gemfile 74 eval_gemfile local_gemfile