gentoo auto-resync : 15:07:2022 - 19:43:32

author: V3n3RiX <venerix@koprulu.sector> 2022-07-15 19:43:32 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-07-15 19:43:32 +0100
commit: fa1962ff69701bd9c0f15fb225cdbfb487125e0e (patch)
tree: 85b35bd5a3c73ea562768237a25da176adef5744 /www-apps/redmine
parent: bd8ca999980e9c0c9ae40a11789c858bb58769e3 (diff)
4 files changed, 40 insertions, 241 deletions
diff --git a/www-apps/redmine/Manifest b/www-apps/redmine/Manifest
index 69d82e2fb84a..0c08150353ac 100644
--- a/www-apps/redmine/Manifest
+++ b/www-apps/redmine/Manifest
@@ -1,10 +1,9 @@
 AUX 10_redmine_vhost.conf 314 BLAKE2B 6e687093ed220c8a275f43d002d9661a36a0602001e4783b036bea0daac86810ce034573da5f3ac65e7f556af77db93849d93931de909bfbac1313e7fe705120 SHA512 5c6628b353167056a33f8b1be4332f7d3fb6b31e4457dbe1968ff1123c8d7bc607e175307636cd83d683715e9973fc8c87720aa35224e75fab81b074c7bab604
 AUX additional_environment.rb 322 BLAKE2B 26571ffcbc43431058a685000e00870ec41d266c4cdf46e077018bbbac34a5c818fccb19508c76dd56f53bc31d3e469e61302d36825ba36a5d851cfa73b0a0ef SHA512 1a4b649bc036372a47782a089c2b3db244ea4dd5437f2d931b6c7c4578f5aa104c8b8493da4a3f2874aac0380527604807ec2062525dcd392425b9b22c84f9bf
 AUX redmine-3.initd 1269 BLAKE2B 1c0f561fa1c13c899b17b7c707ac6beaa9090a9ec98657f7ddce2e653241d7388392f22eaf35a85f5de96c3a0c32a4b67f0003725c371ef1ffb1f76c56d989b4 SHA512 c0ec931313d8b684cc8d2ab59e0c6d6fd159202420a3849cbb09a62f4fae7f6c3ec071b58fc17d838247c7c573a92de0ecdab7de995fd2391c4bd66001335ece
+AUX redmine-4.2.7-rails-yaml-safe_load.patch 1002 BLAKE2B 78ee82fae3d16dcb54fc61137ce9f8f51b6809d28f8b3292100502f9927c423d64024fee7662d2d06d4a71be4e94b1d0cf7bb401221ca7f49c1df5a023b89918 SHA512 cd45f50d0f1f73996b091a15b99f5bd466214cb94b60b03268b4689f49ef0058bef23c18acffa23d79bdc4766daee4218a4a5b9d40043f2b91330ad928918b51
 AUX redmine.confd 267 BLAKE2B d2f4f34ac6ac2aadfe5371831fb5dba6dc6e58fd26197528ebe27d9f4faa3dc8b9c495e77841b8a2e67db7093c76cbcda24b9548da0d10268d105b5dde0bb023 SHA512 4e4a700f1540b5e82df6ca610a94adcb08929f5ca75e605e40372b18ccc395515cdd53451ba2b3e3d9bdf129d9052a7218f6323d526c1ffb2540254d279c8d94
 AUX redmine.logrotate 106 BLAKE2B 0c725d812b4a6caae29ed55d0b948a3dc14369aa550994d55ca3aa41e0c1e34962d26da4a46c99fdbdcdd600c12f2d386559af53a2e48d55b5d670372be65b60 SHA512 c7e611dc5e662e5b2126c77a333081708e552f2980efb835dc8560cd5e1929c6923e5e6e4e45604fe662b9bd5ef433678eb900e797cee34bbb1b80fb55eed0e1
-DIST redmine-4.1.5.tar.gz 2722929 BLAKE2B 83c9c974bbfecfcb796833640ed9b3cb4b2e2550714e702d9b024a41f676c2c71f8e6f4119b2519654556451313a0276a4dbe307f41747466b0034f415cde662 SHA512 cf4020bff11b13986989e312db1e7ee459f4391ec7326f59a4f493fb0c95be87d19196377da60ac083801b7c792dc012769350b684e20dd887c431c0c18cc851
-DIST redmine-4.2.3.tar.gz 3039136 BLAKE2B 68656da4a9a43139ab78b70e7e7364cbc776a75ea3069962086c49ea2ca965739efc47d6709b0068d94a884eaa6b56a641826ffbb16276cc8d686374a88d9e75 SHA512 456117b0d5d72ee58c87def84327e29f79937fa71098b48a80103e3e6653648c0df46afcc4f533803384ba7413e690538deeee33e263d86dd9e4e5dec65144e3
-EBUILD redmine-4.1.5.ebuild 6783 BLAKE2B f38a88860cfb25cb1d8b353feea94b2022508fded695d82b0c3ab1044c539b4929ccb1a9e8b8dcdd29e793c75b78ec76ecd2f839f30fd8726a6259a0441749e4 SHA512 2df24ff810aa0513edd620c8dbe9e222381b896eb63f14abf027aba4f2350691de665b8333efaa53502cfcd026ecd0ca9e433b98bd84440b53b1d6b33658f50a
-EBUILD redmine-4.2.3.ebuild 6974 BLAKE2B 1c0617a830ddfba65b86811fec00d65b90db586b060df715954a1fb25ae069ee9a46a88e836b670a781b6694bee5e972bba304bb46d4e430bb412d9728a912ba SHA512 22439e771ac9fe6c6c943eea48829bd54078c558450165bc292f1d732b0453523d794307715868905753b39331ca151559750564ff8702f0b36c53eaeee98fc5
+DIST redmine-4.2.7.tar.gz 3042676 BLAKE2B 023448a6b1ea20ef0d924def19f661a6d1099f3ab6fe0c887e4e8782773bcc63488075d86f3dc70d8ebf87d44e6b6b242be4a1fb4b5cce5cc361f6f39e99e6d4 SHA512 6654aec3981de8b26de416d253c22c91d881dd7df54192ce41e6e99213c6f4b0947ce213fe484c18117f8701d0528ebb23fe3acf335f84638eeddd972b601be9
+EBUILD redmine-4.2.7.ebuild 7053 BLAKE2B e40fcc6bb07843879945f032ce2a5a8f96e5e4fe20841c7f1dee1aa5f53775bb8d6d1c6c377bfe7e56824c99b335eeb3ac6dd58bdf4c8910ec6d50ae40c6c876 SHA512 40e82f668cca35c61eb8f0429b5000fa6de27c4f6512f2b21e10cc2ae350786121548d47537ebd0fb4fa18e4939d2b2eb9c561ed6172732131dbc50ca87bf0da
 MISC metadata.xml 659 BLAKE2B 1598079638eae3152ded1c8129eac0386737c2eb827e3e0d4d16cfa5506acebbb12e51c2084e43d43ff5c3ff220bfde3e7e0d84c4b03502b2f1b593543442d50 SHA512 ac1674ad83f39871d410c338915fba222c6cddf310b62abd7eb3725dba294b1595c291cb8f87debf7e350e67703c7b30ccba223c3b8a7692e916d2a17adb4434
diff --git a/www-apps/redmine/files/redmine-4.2.7-rails-yaml-safe_load.patch b/www-apps/redmine/files/redmine-4.2.7-rails-yaml-safe_load.patch
new file mode 100644
index 000000000000..dcd4bdb51073
--- /dev/null
+++ b/www-apps/redmine/files/redmine-4.2.7-rails-yaml-safe_load.patch
@@ -0,0 +1,29 @@
+From 8eb7563204e6c9b3a1fcff453c08ed4824b20bc6 Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Wed, 13 Jul 2022 13:52:18 +0300
+Subject: [PATCH] Added compatibility option for recent Rails
+
+Rails 5.2.8.1, 6.0.5.1, 6.1.6.1 and 7.0.3.1 fixes CVE-2022-32224 which
+breaks compatibility with old implementation of YAML.unsafe_load.
+
+Added `config.active_record.yaml_column_permitted_classes = [Symbol]` to
+configuration of application to workaround issue.
+---
+ config/application.rb | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/config/application.rb b/config/application.rb
+index bba468f38..78557d376 100644
+--- a/config/application.rb
++++ b/config/application.rb
+@@ -32,6 +32,7 @@ module RedmineApp
+ 
+     config.active_record.store_full_sti_class = true
+     config.active_record.default_timezone = :local
++    config.active_record.yaml_column_permitted_classes = [Symbol]
+ 
+     config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"
+ 
+-- 
+2.35.1
+
diff --git a/www-apps/redmine/redmine-4.1.5.ebuild b/www-apps/redmine/redmine-4.1.5.ebuild
deleted file mode 100644
index f331ffe6d232..000000000000
--- a/www-apps/redmine/redmine-4.1.5.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-USE_RUBY="ruby26"
-inherit depend.apache ruby-ng
-
-DESCRIPTION="Flexible project management web application using the Ruby on Rails framework"
-HOMEPAGE="https://www.redmine.org/"
-SRC_URI="https://www.redmine.org/releases/${P}.tar.gz"
-
-KEYWORDS="~amd64"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="imagemagick fastcgi ldap markdown mysql passenger postgres sqlite"
-
-DEPS="
-	fastcgi? ( dev-ruby/fcgi )
-	imagemagick? ( dev-ruby/mini_magick )
-	ldap? ( dev-ruby/ruby-net-ldap )
-	markdown? ( >=dev-ruby/redcarpet-3.5.1 )
-	mysql? ( >=dev-ruby/mysql2-0.5.0:0.5 )
-	passenger? ( www-apache/passenger )
-	postgres? ( >=dev-ruby/pg-1.1.4:1 )
-	sqlite? ( >=dev-ruby/sqlite3-1.4.0 )
-	dev-ruby/actionpack-xml_parser:2
-	dev-ruby/csv:3
-	>=dev-ruby/i18n-1.6.0:1
-	>=dev-ruby/mail-2.7.1
-	dev-ruby/marcel
-	dev-ruby/mimemagic
-	>=dev-ruby/mini_mime-1.0.1
-	>=dev-ruby/nokogiri-1.11.1
-	dev-ruby/rails:5.2
-	>=dev-ruby/rbpdf-1.20.0
-	dev-ruby/request_store:0
-	>=dev-ruby/roadie-rails-2.1.0
-	>=dev-ruby/rouge-3.12.0
-	>=dev-ruby/ruby-openid-2.9.2
-	dev-ruby/rack-openid
-"
-
-ruby_add_bdepend "${DEPS}"
-
-RDEPEND="
-	acct-group/redmine
-	acct-user/redmine
-"
-
-REDMINE_DIR="/var/lib/${PN}"
-
-all_ruby_prepare() {
-	rm -fr log files/delete.me .github || die
-
-	# bug #406605
-	rm .{git,hg}ignore || die
-
-	# newenvd not working here
-	cat > "${T}/50${PN}" <<-EOF || die
-		CONFIG_PROTECT="${EROOT}/${REDMINE_DIR}/config"
-		CONFIG_PROTECT_MASK="${EROOT}/${REDMINE_DIR}/config/locales ${EROOT}/${REDMINE_DIR}/config/settings.yml"
-	EOF
-
-	# Fixing versions in Gemfile
-	sed -i -e "s/~>/>=/g" Gemfile || die
-
-	# bug #724464
-	sed -i -e "s/gem 'rails',.*/gem 'rails', '~>5.2.6'/" Gemfile || die
-
-	sed -i -e "/group :development do/,/end$/d" Gemfile || die
-	sed -i -e "/group :test do/,/end$/d" Gemfile || die
-
-	if ! use imagemagick ; then
-		sed -i -e "/group :minimagick do/,/end$/d" Gemfile || die
-	fi
-	if ! use ldap ; then
-		# remove ldap stuff module if disabled to avoid #413779
-		use ldap || rm app/models/auth_source_ldap.rb || die
-		sed -i -e "/group :ldap do/,/end$/d" Gemfile || die
-	fi
-	if ! use markdown ; then
-		sed -i -e "/group :markdown do/,/end$/d" Gemfile || die
-	fi
-	# Additional dependency for Gemfile (#657156)
-	if use fastcgi; then
-		echo "gem 'fcgi'" > Gemfile.local
-	fi
-}
-
-all_ruby_install() {
-	dodoc doc/* README.rdoc
-	rm -r doc test appveyor.yml CONTRIBUTING.md README.rdoc || die
-
-	keepdir /var/log/${PN}
-
-	insinto "${REDMINE_DIR}"
-	doins -r .
-	insinto "${REDMINE_DIR}/config"
-	doins "${FILESDIR}/additional_environment.rb"
-	keepdir "${REDMINE_DIR}"/{app/views/previews,files,public/plugin_assets,vendor}
-	keepdir "${REDMINE_DIR}"/tmp/{cache,imports,sessions,sockets}
-
-	fowners -R redmine:redmine \
-		"${REDMINE_DIR}/config.ru" \
-		"${REDMINE_DIR}/config" \
-		"${REDMINE_DIR}/files" \
-		"${REDMINE_DIR}/public/plugin_assets" \
-		"${REDMINE_DIR}/tmp" \
-		/var/log/${PN}
-
-	fowners redmine:redmine "${REDMINE_DIR}"
-
-	# protect sensitive data, see bug #406605
-	fperms -R go-rwx \
-		"${REDMINE_DIR}/config" \
-		"${REDMINE_DIR}/files" \
-		"${REDMINE_DIR}/tmp" \
-		/var/log/${PN}
-
-	if use passenger; then
-		has_apache
-		insinto "${APACHE_VHOSTS_CONFDIR}"
-		doins "${FILESDIR}/10_redmine_vhost.conf"
-	fi
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/redmine.logrotate redmine
-
-	newconfd "${FILESDIR}/${PN}.confd" ${PN}
-	newinitd "${FILESDIR}/${PN}-3.initd" ${PN}
-	doenvd "${T}/50${PN}"
-}
-
-pkg_postinst() {
-	if [[ -e "${EROOT}/${REDMINE_DIR}/config/initializers/session_store.rb" \
-	|| -e "${EROOT}/${REDMINE_DIR}/config/initializers/secret_token.rb" ]]
-	then
-		elog "Execute the following command to upgrade environment:"
-		elog
-		elog "# emerge --config \"=${CATEGORY}/${PF}\""
-		elog
-		elog "For upgrade instructions take a look at:"
-		elog "http://www.redmine.org/wiki/redmine/RedmineUpgrade"
-	else
-		elog "Execute the following command to initialize environment:"
-		elog
-		elog "# cd ${EROOT}/${REDMINE_DIR}"
-		elog "# cp config/database.yml.example config/database.yml"
-		elog "# \${EDITOR} config/database.yml"
-		elog "# chown redmine:redmine config/database.yml"
-		elog "# emerge --config \"=${CATEGORY}/${PF}\""
-		elog
-		elog "Installation notes are at official site"
-		elog "http://www.redmine.org/wiki/redmine/RedmineInstall"
-	fi
-}
-
-pkg_config() {
-	# Remove old lock file
-	rm -f "${EROOT}/${REDMINE_DIR}/Gemfile.lock"
-
-	if [[ ! -e "${EROOT}/${REDMINE_DIR}/config/database.yml" ]]; then
-		eerror "Copy ${EROOT}/${REDMINE_DIR}/config/database.yml.example to"
-		eerror "${EROOT}/${REDMINE_DIR}/config/database.yml then edit this"
-		eerror "file in order to configure your database settings for"
-		eerror "\"production\" environment."
-		die
-	fi
-
-	local RAILS_ENV=${RAILS_ENV:-production}
-	if [[ ! -L /usr/bin/ruby ]]; then
-		eerror "/usr/bin/ruby is not a valid symlink to any ruby implementation."
-		eerror "Please update it via `eselect ruby`"
-		die
-	fi
-	if [[ $RUBY_TARGETS != *$( eselect ruby show | awk 'NR==2' | tr  -d ' '  )* ]]
-	then
-		eerror "/usr/bin/ruby is currently not included in redmine's ruby targets:"
-		eerror "${RUBY_TARGETS}."
-		eerror "Please update it via `eselect ruby`"
-		die
-	fi
-	local RUBY=${RUBY:-ruby}
-
-	cd "${EROOT}/${REDMINE_DIR}" || die
-	if [[ -e "${EROOT}/${REDMINE_DIR}/config/initializers/session_store.rb" ]]
-	then
-		einfo
-		einfo "Generating secret token."
-		einfo
-		rm config/initializers/session_store.rb || die
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake generate_secret_token || die
-	fi
-	if [[ -e "${EROOT}/${REDMINE_DIR}/config/initializers/secret_token.rb" ]]
-	then
-		einfo
-		einfo "Upgrading database."
-		einfo
-
-		einfo "Generating secret token."
-		# Migration from Redmine 2.x
-		rm config/initializers/secret_token.rb || die
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake generate_secret_token || die
-
-		einfo "Migrating database."
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake db:migrate || die
-		einfo "Upgrading the plugin migrations."
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake redmine:plugins:migrate || die
-		einfo "Clear the cache."
-		${RUBY} -S rake tmp:cache:clear || die
-	else
-		einfo
-		einfo "Initializing database."
-		einfo
-
-		einfo "Generating a session store secret."
-		${RUBY} -S rake generate_secret_token || die
-		einfo "Creating the database structure."
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake db:migrate || die
-		einfo "Populating database with default configuration data."
-		RAILS_ENV="${RAILS_ENV}" ${RUBY} -S rake redmine:load_default_data || die
-		chown redmine:redmine -R "${EROOT}//var/log/redmine/" || die
-		einfo
-		einfo "If you use sqlite3, please do not forget to change the ownership"
-		einfo "of the sqlite files."
-		einfo
-		einfo "# cd \"${EROOT}/${REDMINE_DIR}\""
-		einfo "# chown redmine:redmine db/ db/*.sqlite3"
-		einfo
-	fi
-}
diff --git a/www-apps/redmine/redmine-4.2.3.ebuild b/www-apps/redmine/redmine-4.2.7.ebuild
index bd3fc3e7a87c..373621607812 100644
--- a/www-apps/redmine/redmine-4.2.3.ebuild
+++ b/www-apps/redmine/redmine-4.2.7.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-USE_RUBY="ruby26"
+USE_RUBY="ruby26 ruby27"
 inherit depend.apache ruby-ng
 
 DESCRIPTION="Flexible project management web application using the Ruby on Rails framework"
@@ -15,6 +15,10 @@ LICENSE="GPL-2"
 SLOT="0"
 IUSE="fastcgi imagemagick ldap markdown +minimagick mysql passenger pdf postgres sqlite"
 
+PATCHES=(
+	"${FILESDIR}/${P}-rails-yaml-safe_load.patch"
+)
+
 ruby_add_bdepend "
 	fastcgi? ( dev-ruby/fcgi )
 	ldap? ( dev-ruby/ruby-net-ldap )
@@ -34,10 +38,10 @@ ruby_add_bdepend "
 	>=dev-ruby/mini_mime-1.0.1
 	>=dev-ruby/nokogiri-1.11.1
 	dev-ruby/rack-openid
-	dev-ruby/rails:5.2
+	>=dev-ruby/rails-5.2.8.1:5.2
 	>=dev-ruby/rbpdf-1.20.0
 	>=dev-ruby/request_store-1.5.0:0
-	>=dev-ruby/roadie-rails-2.2.0
+	>=dev-ruby/roadie-rails-2.2.0:2
 	dev-ruby/rotp
 	>=dev-ruby/rouge-3.26.0
 	dev-ruby/rqrcode
author	V3n3RiX <venerix@koprulu.sector>	2022-07-15 19:43:32 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-07-15 19:43:32 +0100
commit	fa1962ff69701bd9c0f15fb225cdbfb487125e0e (patch)
tree	85b35bd5a3c73ea562768237a25da176adef5744 /www-apps/redmine
parent	bd8ca999980e9c0c9ae40a11789c858bb58769e3 (diff)