Unverified Commit b212150f authored by Martin Weinelt's avatar Martin Weinelt
Browse files

discourse: 3.2.2 -> 3.2.3 

https://meta.discourse.org/t/3-2-3-security-and-bug-fix-release/313392

Fixes: CVE-2024-35227, CVE-2024-35234, CVE-2024-36113, CVE-2024-36122,
       CVE-2024-37157
parent 10a68474

pkgs/servers/web-apps/discourse/default.nix

+2 −2
Original line number Diff line number Diff line
@@ -46,13 +46,13 @@ 
}@args:



let

  version = "3.2.2";

  version = "3.2.3";



  src = fetchFromGitHub {

    owner = "discourse";

    repo = "discourse";

    rev = "v${version}";

    sha256 = "sha256-JUCFtB5BvBytO3flq9o6iI3HPmvLU358HEmE6wbBsSk=";

    sha256 = "sha256-ehv81trN8eG7QRAD5ERiSql6ZRCJK9cz6VOT9OzjZhg=";

  };



  ruby = ruby_3_2;

pkgs/servers/web-apps/discourse/rubyEnv/Gemfile

+5 −4
Original line number Diff line number Diff line
@@ -55,8 +55,6 @@ gem "message_bus" 


gem "rails_multisite"



gem "fast_xs", platform: :ruby



gem "fastimage"



gem "aws-sdk-s3", require: false
@@ -199,8 +197,6 @@ gem "puma", require: false 


gem "rbtrace", require: false, platform: :mri



gem "gc_tracer", require: false, platform: :mri



# required for feed importing and embedding

gem "ruby-readability", require: false
@@ -269,3 +265,8 @@ gem "net-http" 
gem "cgi", ">= 0.3.6", require: false



gem "tzinfo-data"

gem "csv", require: false



# TODO: Can be removed once we upgrade to Rails 7.1

gem "mutex_m"

gem "drb"

pkgs/servers/web-apps/discourse/rubyEnv/Gemfile.lock

+13 −10
Original line number Diff line number Diff line
@@ -33,7 +33,7 @@ GEM 
      erubi (~> 1.4)

      rails-dom-testing (~> 2.0)

      rails-html-sanitizer (~> 1.1, >= 1.2.0)

    actionview_precompiler (0.3.0)

    actionview_precompiler (0.4.0)

      actionview (>= 6.0.a)

    active_model_serializers (0.8.4)

      activemodel (>= 3.0)
@@ -117,6 +117,7 @@ GEM 
    crass (1.0.6)

    css_parser (1.16.0)

      addressable

    csv (3.3.0)

    date (3.3.4)

    debug_inspector (1.2.0)

    diff-lcs (1.5.0)
@@ -130,6 +131,7 @@ GEM 
      faker (~> 2.16)

      literate_randomizer

    docile (1.4.0)

    drb (2.2.1)

    email_reply_trimmer (0.1.13)

    erubi (1.12.0)

    excon (0.109.0)
@@ -146,16 +148,14 @@ GEM 
    faraday-retry (2.2.0)

      faraday (~> 2.0)

    fast_blank (1.0.1)

    fast_xs (0.8.0)

    fastimage (2.3.0)

    ffi (1.16.3)

    fspath (3.1.2)

    gc_tracer (1.5.1)

    globalid (1.2.1)

      activesupport (>= 6.1)

    google-protobuf (3.25.2)

    google-protobuf (3.25.2-arm64-darwin)

    google-protobuf (3.25.2-x86_64-darwin)

    google-protobuf (3.25.3)

    google-protobuf (3.25.3-arm64-darwin)

    google-protobuf (3.25.3-x86_64-darwin)

    guess_html_encoding (0.0.11)

    hana (1.3.7)

    hashdiff (1.1.0)
@@ -217,7 +217,7 @@ GEM 
      rack (>= 1.1.3)

    method_source (1.0.0)

    mini_mime (1.1.5)

    mini_portile2 (2.8.6)

    mini_portile2 (2.8.7)

    mini_racer (0.8.0)

      libv8-node (~> 18.16.0.0)

    mini_scheduler (0.16.0)
@@ -233,6 +233,7 @@ GEM 
    multi_json (1.15.0)

    multi_xml (0.6.0)

    mustache (1.1.1)

    mutex_m (0.2.0)

    net-http (0.4.1)

      uri

    net-imap (0.4.9.1)
@@ -517,6 +518,7 @@ GEM 
PLATFORMS

  arm64-darwin-21

  arm64-darwin-22

  arm64-darwin-23

  ruby

  x86_64-darwin-22
@@ -546,11 +548,13 @@ DEPENDENCIES 
  cose

  cppjieba_rb

  css_parser

  csv

  diffy

  digest

  discourse-fonts

  discourse-seed-fu

  discourse_dev_assets

  drb

  email_reply_trimmer

  excon

  execjs
@@ -560,9 +564,7 @@ DEPENDENCIES 
  faraday

  faraday-retry

  fast_blank

  fast_xs

  fastimage

  gc_tracer

  highline

  htmlentities

  http_accept_language
@@ -591,6 +593,7 @@ DEPENDENCIES 
  mocha

  multi_json

  mustache

  mutex_m

  net-http

  net-imap

  net-pop
@@ -661,4 +664,4 @@ DEPENDENCIES 
  yard



BUNDLED WITH

   2.5.9
 
   2.5.11

pkgs/servers/web-apps/discourse/rubyEnv/gemset.nix

+36 −36
Original line number Diff line number Diff line
@@ -38,10 +38,10 @@ 
    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "07jyr2h87ha6k2y965rs4ywq142ddkfkhbmp0r44xg4wnffr8jbl";

      sha256 = "077d83avfm73nd0yji853jn94jpbr496apyz5zh5df61qipbvdik";

      type = "gem";

    };

    version = "0.3.0";

    version = "0.4.0";

  };

  active_model_serializers = {

    dependencies = ["activemodel"];
@@ -449,6 +449,16 @@ 
    };

    version = "1.16.0";

  };

  csv = {

    groups = ["default"];

    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "0zfn40dvgjk1xv1z8l11hr9jfg3jncwsc9yhzsz4l4rivkpivg8b";

      type = "gem";

    };

    version = "3.3.0";

  };

  date = {

    groups = ["default"];

    platforms = [];
@@ -541,6 +551,16 @@ 
    };

    version = "1.4.0";

  };

  drb = {

    groups = ["default"];

    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "0h5kbj9hvg5hb3c7l425zpds0vb42phvln2knab8nmazg2zp5m79";

      type = "gem";

    };

    version = "2.2.1";

  };

  email_reply_trimmer = {

    groups = ["default"];

    platforms = [];
@@ -675,22 +695,6 @@ 
    };

    version = "1.0.1";

  };

  fast_xs = {

    groups = ["default"];

    platforms = [{

      engine = "maglev";

    } {

      engine = "rbx";

    } {

      engine = "ruby";

    }];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "1iydzaqmvqq7ncxkr182aybkk6xap0cb2w9amr73vbdxi2qf3wjz";

      type = "gem";

    };

    version = "0.8.0";

  };

  fastimage = {

    groups = ["default"];

    platforms = [];
@@ -725,20 +729,6 @@ 
    };

    version = "3.1.2";

  };

  gc_tracer = {

    groups = ["default"];

    platforms = [{

      engine = "maglev";

    } {

      engine = "ruby";

    }];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "1yv3mp8lx74lfzs04fd5h4g89209iwhzpc407y35p7cmzgx6a4kv";

      type = "gem";

    };

    version = "1.5.1";

  };

  globalid = {

    dependencies = ["activesupport"];

    groups = ["default"];
@@ -755,10 +745,10 @@ 
    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "02sh4rp14wmpfv9r7xrap6xgcakg0lk6zjvq1gsi5y38swhn2blw";

      sha256 = "1mnxzcq8kmyfb9bkzqnp019d1hx1vprip3yzdkkha6b3qz5rgg9r";

      type = "gem";

    };

    version = "3.25.2";

    version = "3.25.3";

  };

  guess_html_encoding = {

    groups = ["default"];
@@ -1141,10 +1131,10 @@ 
    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "149r94xi6b3jbp6bv72f8383b95ndn0p5sxnq11gs1j9jadv0ajf";

      sha256 = "1q1f2sdw3y3y9mnym9dhjgsjr72sq975cfg5c4yx7gwv8nmzbvhk";

      type = "gem";

    };

    version = "2.8.6";

    version = "2.8.7";

  };

  mini_racer = {

    dependencies = ["libv8-node"];
@@ -1264,6 +1254,16 @@ 
    };

    version = "1.1.1";

  };

  mutex_m = {

    groups = ["default"];

    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "1ma093ayps1m92q845hmpk0dmadicvifkbf05rpq9pifhin0rvxn";

      type = "gem";

    };

    version = "0.2.0";

  };

  net-http = {

    dependencies = ["uri"];

    groups = ["default"];