[pkgsrc/trunk]: pkgsrc/www/ruby-actionpack32 Update ruby-actionpack32 to 3.2.8.

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6b6d4f5c6c87
branches:  trunk
changeset: 607478:6b6d4f5c6c87
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun Aug 12 12:40:00 2012 +0000

description:
Update ruby-actionpack32 to 3.2.8.

## Rails 3.2.8 (Aug 9, 2012) ##

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
  value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value, there
  is a potential for XSS attacks.
  Vulnerable code will look something like this:

    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

diffstat:

 www/ruby-actionpack32/distinfo |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (13 lines):

diff -r c46ace8ee2f0 -r 6b6d4f5c6c87 www/ruby-actionpack32/distinfo
--- a/www/ruby-actionpack32/distinfo    Sun Aug 12 12:38:41 2012 +0000
+++ b/www/ruby-actionpack32/distinfo    Sun Aug 12 12:40:00 2012 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2012/07/31 12:55:32 taca Exp $
+$NetBSD: distinfo,v 1.6 2012/08/12 12:40:00 taca Exp $
 
-SHA1 (actionpack-3.2.7.gem) = 8a9d298a5ba4a88fb3c412c31a99f356572c77fd
-RMD160 (actionpack-3.2.7.gem) = 93e2d53b8c5a64f6e7ef5a803c0605bbe1c8f9fc
-Size (actionpack-3.2.7.gem) = 379392 bytes
+SHA1 (actionpack-3.2.8.gem) = ccc63cc2fcb3131b92d45cf5834aa629857d7258
+RMD160 (actionpack-3.2.8.gem) = ec71996e73831ea346d8e060234a7f7a73881908
+Size (actionpack-3.2.8.gem) = 379392 bytes