Hello community,
here is the log from the commit of package rubygem-actionview-5.2 for
openSUSE:Factory checked in at 2019-11-30 10:39:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionview-5.2"
Sat Nov 30 10:39:08 2019 rev:7 rq:751751 version:5.2.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes
2019-04-01 12:35:55.881843617 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869/rubygem-actionview-5.2.changes
2019-11-30 10:40:39.588148562 +0100
@@ -1,0 +2,10 @@
+Thu Nov 28 12:53:13 UTC 2019 - Manuel Schnitzer <[email protected]>
+
+- updated to version 5.2.4
+
+ * Allow programmatic click events to trigger Rails UJS click handlers.
+ Programmatic click events (eg. ones generated by `Rails.fire(link,
"click")`) don't specify a button. These events were being incorrectly stopped
by code meant to ignore scroll wheel and right clicks introduced in #34573.
+
+ *Sudara Williams*
+
+-------------------------------------------------------------------
Old:
----
actionview-5.2.3.gem
New:
----
actionview-5.2.4.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionview-5.2.spec ++++++
--- /var/tmp/diff_new_pack.oYeJu4/_old 2019-11-30 10:40:40.464148457 +0100
+++ /var/tmp/diff_new_pack.oYeJu4/_new 2019-11-30 10:40:40.488148454 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-actionview-5.2
-Version: 5.2.3
+Version: 5.2.4
Release: 0
%define mod_name actionview
%define mod_full_name %{mod_name}-%{version}
++++++ actionview-5.2.3.gem -> actionview-5.2.4.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2019-03-28 04:00:56.000000000 +0100
+++ new/CHANGELOG.md 2019-11-27 16:40:05.000000000 +0100
@@ -1,3 +1,11 @@
+## Rails 5.2.4 (November 27, 2019) ##
+
+* Allow programmatic click events to trigger Rails UJS click handlers.
+ Programmatic click events (eg. ones generated by `Rails.fire(link,
"click")`) don't specify a button. These events were being incorrectly stopped
by code meant to ignore scroll wheel and right clicks introduced in #34573.
+
+ *Sudara Williams*
+
+
## Rails 5.2.3 (March 27, 2019) ##
* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
@@ -15,7 +23,16 @@
## Rails 5.2.2.1 (March 11, 2019) ##
-* No changes.
+* Only accept formats from registered mime types
+
+ A lack of filtering on mime types could allow an attacker to read
+ arbitrary files on the target server or to perform a denial of service
+ attack.
+
+ Fixes CVE-2019-5418
+ Fixes CVE-2019-5419
+
+ *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
## Rails 5.2.2 (December 04, 2018) ##
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/gem_version.rb
new/lib/action_view/gem_version.rb
--- old/lib/action_view/gem_version.rb 2019-03-28 04:00:56.000000000 +0100
+++ new/lib/action_view/gem_version.rb 2019-11-27 16:40:05.000000000 +0100
@@ -9,7 +9,7 @@
module VERSION
MAJOR = 5
MINOR = 2
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/form_helper.rb
new/lib/action_view/helpers/form_helper.rb
--- old/lib/action_view/helpers/form_helper.rb 2019-03-28 04:00:56.000000000
+0100
+++ new/lib/action_view/helpers/form_helper.rb 2019-11-27 16:40:05.000000000
+0100
@@ -736,7 +736,7 @@
# def labelled_form_with(**options, &block)
# form_with(**options.merge(builder: LabellingFormBuilder), &block)
# end
- def form_with(model: nil, scope: nil, url: nil, format: nil, **options)
+ def form_with(model: nil, scope: nil, url: nil, format: nil, **options,
&block)
options[:allow_method_names_outside_object] = true
options[:skip_default_ids] = !form_with_generates_ids
@@ -749,7 +749,7 @@
if block_given?
builder = instantiate_builder(scope, model, options)
- output = capture(builder, &Proc.new)
+ output = capture(builder, &block)
options[:multipart] ||= builder.multipart?
html_options = html_options_for_form_with(url, model, options)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/form_tag_helper.rb
new/lib/action_view/helpers/form_tag_helper.rb
--- old/lib/action_view/helpers/form_tag_helper.rb 2019-03-28
04:00:56.000000000 +0100
+++ new/lib/action_view/helpers/form_tag_helper.rb 2019-11-27
16:40:05.000000000 +0100
@@ -163,6 +163,8 @@
# * <tt>:size</tt> - The number of visible characters that will fit in
the input.
# * <tt>:maxlength</tt> - The maximum number of characters that the
browser will allow the user to enter.
# * <tt>:placeholder</tt> - The text contained in the field by default
which is removed when the field receives focus.
+ # If set to true, use a translation is found in the current I18n locale
+ # (through helpers.placeholders.<modelname>.<attribute>).
# * Any other key creates standard HTML attributes for the tag.
#
# ==== Examples
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/url_helper.rb
new/lib/action_view/helpers/url_helper.rb
--- old/lib/action_view/helpers/url_helper.rb 2019-03-28 04:00:56.000000000
+0100
+++ new/lib/action_view/helpers/url_helper.rb 2019-11-27 16:40:05.000000000
+0100
@@ -253,7 +253,7 @@
# # <input value="New" type="submit" />
# # </form>"
#
- # <%= button_to "New", new_articles_path %>
+ # <%= button_to "New", new_article_path %>
# # => "<form method="post" action="/articles/new" class="button_to">
# # <input value="New" type="submit" />
# # </form>"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js
new/lib/assets/compiled/rails-ujs.js
--- old/lib/assets/compiled/rails-ujs.js 2019-03-28 04:00:56.000000000
+0100
+++ new/lib/assets/compiled/rails-ujs.js 2019-11-27 16:40:05.000000000
+0100
@@ -2,7 +2,7 @@
Unobtrusive JavaScript
https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts
Released under the MIT license
- */
+ */;
(function() {
var context = this;
@@ -622,14 +622,14 @@
};
Rails.preventInsignificantClick = function(e) {
- var data, insignificantMetaClick, link, metaClick, method,
primaryMouseKey;
+ var data, insignificantMetaClick, link, metaClick, method,
nonPrimaryMouseClick;
link = this;
method = (link.getAttribute('data-method') || 'GET').toUpperCase();
data = link.getAttribute('data-params');
metaClick = e.metaKey || e.ctrlKey;
insignificantMetaClick = metaClick && method === 'GET' && !data;
- primaryMouseKey = e.button === 0;
- if (!primaryMouseKey || insignificantMetaClick) {
+ nonPrimaryMouseClick = (e.button != null) && e.button !== 0;
+ if (nonPrimaryMouseClick || insignificantMetaClick) {
return e.stopImmediatePropagation();
}
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2019-03-28 04:00:56.000000000 +0100
+++ new/metadata 2019-11-27 16:40:05.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionview
version: !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2019-03-28 00:00:00.000000000 Z
+date: 2019-11-27 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
- !ruby/object:Gem::Dependency
name: builder
requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.2.3
+ version: 5.2.4
description: Simple, battle-tested conventions and helpers for building web
pages.
email: [email protected]
executables: []
@@ -230,8 +230,8 @@
licenses:
- MIT
metadata:
- source_code_uri: https://github.com/rails/rails/tree/v5.2.3/actionview
- changelog_uri:
https://github.com/rails/rails/blob/v5.2.3/actionview/CHANGELOG.md
+ source_code_uri: https://github.com/rails/rails/tree/v5.2.4/actionview
+ changelog_uri:
https://github.com/rails/rails/blob/v5.2.4/actionview/CHANGELOG.md
post_install_message:
rdoc_options: []
require_paths:
@@ -248,7 +248,7 @@
version: '0'
requirements:
- none
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
signing_key:
specification_version: 4
summary: Rendering framework putting the V in MVC (part of Rails).
