CVS commit: pkgsrc/devel/ruby-redmine50

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Sat Dec  3 06:41:42 UTC 2022

Modified Files:
        pkgsrc/devel/ruby-redmine50: Makefile distinfo
        pkgsrc/devel/ruby-redmine50/patches: patch-Gemfile

Log Message:
devel/ruby-redmine50: update to 5.0.4

5.0.4 (2022-12-01)

This is security release.

* Fix CVE-2022-44030: Access Control Issue in attachments#download_all
  (#37772)

* Fix CVE-2022-44031: Persistent XSS in textile formatting due to blockquote
  citation (#37751)

* Fix CVE-2021-44637: Redmine contains a cross-site scripting vulnerability
  (#37767)

* Open Redirect in attachments#download_all (#37880)


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/ruby-redmine50/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-redmine50/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/ruby-redmine50/Makefile
diff -u pkgsrc/devel/ruby-redmine50/Makefile:1.5 pkgsrc/devel/ruby-redmine50/Makefile:1.6
--- pkgsrc/devel/ruby-redmine50/Makefile:1.5    Thu Dec  1 12:19:09 2022
+++ pkgsrc/devel/ruby-redmine50/Makefile        Sat Dec  3 06:41:42 2022
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.5 2022/12/01 12:19:09 jperkin Exp $
+# $NetBSD: Makefile,v 1.6 2022/12/03 06:41:42 taca Exp $
 
 DISTNAME=      redmine-${RM_VERSION}
 PKGNAME=       ${RUBY_PKGPREFIX}-${DISTNAME:S/redmine/redmine${RM_VER}/}
@@ -10,7 +10,7 @@ HOMEPAGE=     https://www.redmine.org/
 COMMENT=       Flexible project management web application
 LICENSE=       gnu-gpl-v2 # and so on.
 
-RM_VERSION=    5.0.3
+RM_VERSION=    5.0.4
 
 NO_BUILD=      yes
 

Index: pkgsrc/devel/ruby-redmine50/distinfo
diff -u pkgsrc/devel/ruby-redmine50/distinfo:1.3 pkgsrc/devel/ruby-redmine50/distinfo:1.4
--- pkgsrc/devel/ruby-redmine50/distinfo:1.3    Sun Oct  9 15:32:55 2022
+++ pkgsrc/devel/ruby-redmine50/distinfo        Sat Dec  3 06:41:42 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.3 2022/10/09 15:32:55 taca Exp $
+$NetBSD: distinfo,v 1.4 2022/12/03 06:41:42 taca Exp $
 
-BLAKE2s (redmine-5.0.3.tar.gz) = 47710138cd38b6d442ad952d4bb1e3cdd016b6bd64bf172ce8636311a219b550
-SHA512 (redmine-5.0.3.tar.gz) = ad790e1674485c7a2e9c59d6f653de7b90dcc673fb979d0433bf275bcdc2a794fe9cf78788fce928a111e3e8cbc296230a57702d9e0ea8f317f7a00cc3d8481b
-Size (redmine-5.0.3.tar.gz) = 3113409 bytes
-SHA1 (patch-Gemfile) = e98a0dd810e1b55daf8ea4f70c35b96dba619035
+BLAKE2s (redmine-5.0.4.tar.gz) = e33640331e7045baf015ff373c1fae06689a28db5eb25cddfd3cfbbfb1710bc2
+SHA512 (redmine-5.0.4.tar.gz) = e1c0693ae1d4c71de7bef8d78b42e2d81cd53a2bd0bdfa83778528f40b5d43bb118e8e22f29112130f3082ddafd0c8931b05d5409e7a3f8a23dc619c5d84cf78
+Size (redmine-5.0.4.tar.gz) = 3114593 bytes
+SHA1 (patch-Gemfile) = 97e7503de8194ea68e72c499bbcccaaa037e0332
 SHA1 (patch-config_additional__environment.rb.example) = 7ad913800c5f31fdd9b71aa92294bdbeea7b77fe
 SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff

Index: pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile
diff -u pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile:1.3 pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile:1.4
--- pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile:1.3       Sun Oct  9 15:32:55 2022
+++ pkgsrc/devel/ruby-redmine50/patches/patch-Gemfile   Sat Dec  3 06:41:42 2022
@@ -1,9 +1,9 @@
-$NetBSD: patch-Gemfile,v 1.3 2022/10/09 15:32:55 taca Exp $
+$NetBSD: patch-Gemfile,v 1.4 2022/12/03 06:41:42 taca Exp $
 
 * Relax dependency.
 * Do not load gem for developemt and test.
 
---- Gemfile.orig       2022-10-02 20:10:35.000000000 +0000
+--- Gemfile.orig       2022-12-01 15:40:32.000000000 +0000
 +++ Gemfile
 @@ -3,9 +3,9 @@ source 'https://rubygems.org'
  ruby '>= 2.5.0', '< 3.2.0'
@@ -17,17 +17,15 @@ $NetBSD: patch-Gemfile,v 1.3 2022/10/09 
  gem 'request_store', '~> 1.5.0'
  gem 'mini_mime', '~> 1.1.0'
  gem "actionpack-xml_parser"
-@@ -48,8 +48,8 @@ gem 'redcarpet', '~> 3.5.1', groups: [:m
+@@ -48,7 +48,7 @@ gem 'redcarpet', '~> 3.5.1', groups: [:m
  
  # Optional CommonMark support, not for JRuby
  group :common_mark do
 -  gem "html-pipeline", "~> 2.13.2"
--  gem "commonmarker", (Gem.ruby_version < Gem::Version.new('2.6.0') ? '0.21.0' : '0.23.4')
 +  gem "html-pipeline", "~> 2.13"
-+  gem "commonmarker", (Gem.ruby_version < Gem::Version.new('2.6.0') ? '0.21.0' : '~> 0.23')
+   gem "commonmarker", (Gem.ruby_version < Gem::Version.new('2.6.0') ? '0.21.0' : '~> 0.23.6')
    gem "sanitize", "~> 6.0"
    gem 'deckar01-task_list', '2.3.2'
- end
 @@ -69,7 +69,7 @@ if File.exist?(database_file)
        when 'mysql2'
          gem "mysql2", "~> 0.5.0", :platforms => [:mri, :mingw, :x64_mingw]
@@ -45,7 +43,7 @@ $NetBSD: patch-Gemfile,v 1.3 2022/10/09 
  group :development do
    gem 'listen', '~> 3.3'
    gem "yard"
-@@ -106,6 +107,7 @@ group :test do
+@@ -107,6 +108,7 @@ group :test do
    gem 'rubocop-performance', '~> 1.13.0'
    gem 'rubocop-rails', '~> 2.14.0'
  end