commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2020-10-05 19:29:16 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.4249 (New) Package is "rubygem-actionview-5.2" Mon Oct 5 19:29:16 2020 rev:10 rq:838012 version:5.2.4.4 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2020-05-11 13:38:16.732730832 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.4249/rubygem-actionview-5.2.changes 2020-10-05 19:29:19.196496199 +0200 @@ -1,0 +2,19 @@ +Fri Sep 25 13:20:13 UTC 2020 - Stephan Kulow + +updated to version 5.2.4.4 + see installed CHANGELOG.md + + ## Rails 5.2.4.4 (September 09, 2020) ## + + * [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper + + *Jonathan Hefner* + + + ## Rails 5.2.4.3 (May 18, 2020) ## + + * [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs + + + +--- Old: actionview-5.2.4.2.gem New: actionview-5.2.4.4.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.4p8KaM/_old 2020-10-05 19:29:19.828496809 +0200 +++ /var/tmp/diff_new_pack.4p8KaM/_new 2020-10-05 19:29:19.832496813 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.4.2 +Version:5.2.4.4 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-5.2.4.2.gem -> actionview-5.2.4.4.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-03-19 17:30:20.0 +0100 +++ new/CHANGELOG.md2020-09-09 20:34:59.0 +0200 @@ -1,3 +1,15 @@ +## Rails 5.2.4.4 (September 09, 2020) ## + +* [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper + +*Jonathan Hefner* + + +## Rails 5.2.4.3 (May 18, 2020) ## + +* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs + + ## Rails 5.2.4.1 (December 18, 2019) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-03-19 17:30:20.0 +0100 +++ new/lib/action_view/gem_version.rb 2020-09-09 20:34:59.0 +0200 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 4 -PRE = "2" +PRE = "4" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/translation_helper.rb new/lib/action_view/helpers/translation_helper.rb --- old/lib/action_view/helpers/translation_helper.rb 2020-03-19 17:30:20.0 +0100 +++ new/lib/action_view/helpers/translation_helper.rb 2020-09-09 20:34:59.0 +0200 @@ -79,14 +79,22 @@ if html_safe_translation_key?(key) html_safe_options = options.dup + options.except(*I18n::RESERVED_KEYS).each do |name, value| unless name == :count && value.is_a?(Numeric) html_safe_options[name] = ERB::Util.html_escape(value.to_s) end end + + html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank? + translation = I18n.translate(scope_key_by_partial(key), html_safe_options.merge(raise: i18n_raise)) - translation.respond_to?(:html_safe) ? translation.html_safe : translation + if translation.equal?(MISSING_TRANSLATION) +options[:default].first + else +translation.respond_to?(:html_safe) ? translation.html_safe : translation + end else I18n.translate(scope_key_by_partial(key), options.merge(raise: i18n_raise)) end @@ -121,6 +129,9 @@ alias :l :localize private +MISSING_TRANSLATION = Object.new +private_constant :MISSING_TRANSLATION + def scope_key_by_partial(key) if key.to_s.first == "." if @virtual_path diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js new/lib/assets/compiled/rails-ujs.js --- old/lib/assets/compiled/rails-ujs.js2020-03-19 17:30:20.0 +0100 +++ ne
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2020-05-11 13:38:12 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.2738 (New) Package is "rubygem-actionview-5.2" Mon May 11 13:38:12 2020 rev:9 rq:802313 version:5.2.4.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-12-23 22:47:28.510068336 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.2738/rubygem-actionview-5.2.changes 2020-05-11 13:38:16.732730832 +0200 @@ -1,0 +2,6 @@ +Thu May 7 19:59:22 UTC 2020 - Stephan Kulow + +- updated to version 5.2.4.2 + see installed CHANGELOG.md + +--- Old: actionview-5.2.4.1.gem New: actionview-5.2.4.2.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.4AeebG/_old 2020-05-11 13:38:17.560732567 +0200 +++ /var/tmp/diff_new_pack.4AeebG/_new 2020-05-11 13:38:17.564732576 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-actionview-5.2 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.4.1 +Version:5.2.4.2 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -36,10 +36,10 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -Url:http://rubyonrails.org +BuildRequires: ruby-macros >= 5 +URL:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml Summary:Rendering framework putting the V in MVC (part of Rails) ++ actionview-5.2.4.1.gem -> actionview-5.2.4.2.gem ++ Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-12-18 20:00:14.0 +0100 +++ new/lib/action_view/gem_version.rb 2020-03-19 17:30:20.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 4 -PRE = "1" +PRE = "2" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/javascript_helper.rb new/lib/action_view/helpers/javascript_helper.rb --- old/lib/action_view/helpers/javascript_helper.rb2019-12-18 20:00:14.0 +0100 +++ new/lib/action_view/helpers/javascript_helper.rb2020-03-19 17:30:20.0 +0100 @@ -12,7 +12,9 @@ "\n"=> '\n', "\r"=> '\n', '"' => '\\"', -"'" => "\\'" +"'" => "\\'", +"`" => "\\`", +"$" => "\\$" } JS_ESCAPE_MAP["\342\200\250".dup.force_encoding(Encoding::UTF_8).encode!] = " " @@ -26,7 +28,7 @@ # $('some_element').replaceWith('<%= j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) { |match| JS_ESCAPE_MAP[match] } javascript.html_safe? ? result.html_safe : result else "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-12-18 20:00:14.0 +0100 +++ new/metadata2020-03-19 17:30:20.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 5.2.4.1 + version: 5.2.4.2 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-12-18 00:00:00.0 Z +date: 2020-03-19 00:00:00
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-12-23 22:44:52 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.6675 (New) Package is "rubygem-actionview-5.2" Mon Dec 23 22:44:52 2019 rev:8 rq:758821 version:5.2.4.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-11-30 10:40:39.588148562 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.6675/rubygem-actionview-5.2.changes 2019-12-23 22:47:28.510068336 +0100 @@ -1,0 +2,6 @@ +Fri Dec 20 15:12:54 UTC 2019 - Marcus Rueckert + +- update to version 5.2.4.1 (CVE-2019-16782): + https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/ + +--- Old: actionview-5.2.4.gem New: actionview-5.2.4.1.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.PeNpT0/_old 2019-12-23 22:47:30.030068898 +0100 +++ /var/tmp/diff_new_pack.PeNpT0/_new 2019-12-23 22:47:30.062068910 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.4 +Version:5.2.4.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionview-5.2.4.gem -> actionview-5.2.4.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-11-27 16:40:05.0 +0100 +++ new/CHANGELOG.md2019-12-18 20:00:14.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.4.1 (December 18, 2019) ## + +* No changes. + + ## Rails 5.2.4 (November 27, 2019) ## * Allow programmatic click events to trigger Rails UJS click handlers. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-11-27 16:40:05.0 +0100 +++ new/lib/action_view/gem_version.rb 2019-12-18 20:00:14.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 4 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-11-27 16:40:05.0 +0100 +++ new/metadata2019-12-18 20:00:14.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 5.2.4 + version: 5.2.4.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-11-27 00:00:00.0 Z +date: 2019-12-18 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4 +version: 5.2.4.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4 +version: 5.2.4.1 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4 +version: 5.2.4.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4 +version: 5.2.4.1 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4 +version: 5.2.4.1 type: :development pr
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-11-30 10:39:08 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869 (New) Package is "rubygem-actionview-5.2" Sat Nov 30 10:39:08 2019 rev:7 rq:751751 version:5.2.4 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-04-01 12:35:55.881843617 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869/rubygem-actionview-5.2.changes 2019-11-30 10:40:39.588148562 +0100 @@ -1,0 +2,10 @@ +Thu Nov 28 12:53:13 UTC 2019 - Manuel Schnitzer + +- updated to version 5.2.4 + + * Allow programmatic click events to trigger Rails UJS click handlers. + Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573. + + *Sudara Williams* + +--- Old: actionview-5.2.3.gem New: actionview-5.2.4.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.oYeJu4/_old 2019-11-30 10:40:40.464148457 +0100 +++ /var/tmp/diff_new_pack.oYeJu4/_new 2019-11-30 10:40:40.488148454 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.3 +Version:5.2.4 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-5.2.3.gem -> actionview-5.2.4.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-03-28 04:00:56.0 +0100 +++ new/CHANGELOG.md2019-11-27 16:40:05.0 +0100 @@ -1,3 +1,11 @@ +## Rails 5.2.4 (November 27, 2019) ## + +* Allow programmatic click events to trigger Rails UJS click handlers. +Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573. + +*Sudara Williams* + + ## Rails 5.2.3 (March 27, 2019) ## * Prevent non-primary mouse keys from triggering Rails UJS click handlers. @@ -15,7 +23,16 @@ ## Rails 5.2.2.1 (March 11, 2019) ## -* No changes. +* Only accept formats from registered mime types + +A lack of filtering on mime types could allow an attacker to read +arbitrary files on the target server or to perform a denial of service +attack. + +Fixes CVE-2019-5418 +Fixes CVE-2019-5419 + +*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* ## Rails 5.2.2 (December 04, 2018) ## Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-03-28 04:00:56.0 +0100 +++ new/lib/action_view/gem_version.rb 2019-11-27 16:40:05.0 +0100 @@ -9,7 +9,7 @@ module VERSION MAJOR = 5 MINOR = 2 -TINY = 3 +TINY = 4 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/form_helper.rb new/lib/action_view/helpers/form_helper.rb --- old/lib/action_view/helpers/form_helper.rb 2019-03-28 04:00:56.0 +0100 +++ new/lib/action_view/helpers/form_helper.rb 2019-11-27 16:40:05.0 +0100 @@ -736,7 +736,7 @@ # def labelled_form_with(**options, &block) # form_with(**options.merge(builder: LabellingFormBuilder), &block) # end - def form_with(model: nil, scope: nil, url: nil, format: nil, **options) + def form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block) options[:allow_method_names_outside_object] = true options[:skip_default_ids] = !form_with_generates_ids @@ -749,7 +749,7 @@ if block_given? builder = instantiate_builder(scope, model, options) - output = capture(builder, &Proc.new) + output = capture(builder, &block) options[:multipart] ||= builder.multipart? html_options = html_options_for_form_with(url, model, options) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/form_tag_helper.rb new/lib/action_view/he
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-04-01 12:35:50 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.25356 (New) Package is "rubygem-actionview-5.2" Mon Apr 1 12:35:50 2019 rev:6 rq:689679 version:5.2.3 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-03-14 15:03:46.083633999 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.25356/rubygem-actionview-5.2.changes 2019-04-01 12:35:55.881843617 +0200 @@ -1,0 +2,20 @@ +Fri Mar 29 05:50:48 UTC 2019 - Stephan Kulow + +- updated to version 5.2.3 + see installed CHANGELOG.md + + ## Rails 5.2.3 (March 27, 2019) ## + + * Prevent non-primary mouse keys from triggering Rails UJS click handlers. + Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks. + For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur. + + ``` + <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %> + ``` + + Fixes #34541 + + *Wolfgang Hobmaier* + +--- Old: actionview-5.2.2.1.gem New: actionview-5.2.3.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.WyzLOm/_old 2019-04-01 12:35:57.929844619 +0200 +++ /var/tmp/diff_new_pack.WyzLOm/_new 2019-04-01 12:35:57.961844634 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.2.1 +Version:5.2.3 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} +BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionview-5.2.2.1.gem -> actionview-5.2.3.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-03-13 17:47:08.0 +0100 +++ new/CHANGELOG.md2019-03-28 04:00:56.0 +0100 @@ -1,3 +1,18 @@ +## Rails 5.2.3 (March 27, 2019) ## + +* Prevent non-primary mouse keys from triggering Rails UJS click handlers. +Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks. +For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur. + +``` +<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %> +``` + +Fixes #34541 + +*Wolfgang Hobmaier* + + ## Rails 5.2.2.1 (March 11, 2019) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/digestor.rb new/lib/action_view/digestor.rb --- old/lib/action_view/digestor.rb 2019-03-13 17:47:08.0 +0100 +++ new/lib/action_view/digestor.rb 2019-03-28 04:00:56.0 +0100 @@ -70,13 +70,11 @@ end private -def find_template(finder, *args) +def find_template(finder, name, prefixes, partial, keys) finder.disable_cache do -if format = finder.rendered_format - finder.find_all(*args, formats: [format]).first || finder.find_all(*args).first -else - finder.find_all(*args).first -end +format = finder.rendered_format +result = finder.find_all(name, prefixes, partial, keys, formats: [format]).first if format +result || finder.find_all(name, prefixes, partial, keys).first end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-03-14 15:03:35 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.28833 (New) Package is "rubygem-actionview-5.2" Thu Mar 14 15:03:35 2019 rev:5 rq:684892 version:5.2.2.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-01-21 10:27:23.693616149 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.28833/rubygem-actionview-5.2.changes 2019-03-14 15:03:46.083633999 +0100 @@ -1,0 +2,17 @@ +Thu Mar 14 03:44:25 UTC 2019 - Marcus Rueckert + +- update to version 5.2.2.1: + https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ + CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 + +--- +Sat Jan 19 19:50:57 UTC 2019 - Marcus Rueckert + +- rb_build_ruby_abi needs to be rb_build_ruby_abis + +--- +Fri Jan 18 16:24:34 UTC 2019 - Marcus Rueckert + +- limit to ruby 2.5 and above for 42.3/sle12 + +--- Old: actionview-5.2.2.gem New: actionview-5.2.2.1.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.6X0f51/_old 2019-03-14 15:03:47.423633150 +0100 +++ /var/tmp/diff_new_pack.6X0f51/_new 2019-03-14 15:03:47.431633145 +0100 @@ -1,7 +1,7 @@ # # spec file for package rubygem-actionview-5.2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -24,21 +24,21 @@ # Name: rubygem-actionview-5.2 -Version:5.2.2 +Version:5.2.2.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} %define mod_version_suffix -5.2 # MANUAL %if 0%{?suse_version} && 0%{?suse_version} < 1330 -%define rb_build_versions ruby23 ruby24 ruby25 -%define rb_build_ruby_abi ruby:2.3.0 ruby:2.4.0 ruby:2.5.0 +%define rb_build_versions ruby25 ruby26 +%define rb_build_ruby_abis ruby:2.5.0 ruby:2.6.0 %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionview-5.2.2.gem -> actionview-5.2.2.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-12-04 19:12:05.0 +0100 +++ new/CHANGELOG.md2019-03-13 17:47:08.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.2.1 (March 11, 2019) ## + +* No changes. + + ## Rails 5.2.2 (December 04, 2018) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2018-12-04 19:12:05.0 +0100 +++ new/lib/action_view/gem_version.rb 2019-03-13 17:47:08.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 2 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2018-12-04 19:12:05.0 +0100 +++ new/metadata2019-03-13 17:47:08.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 5.2.2 + version: 5.2.2.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2018-12-04 00:00:00.0 Z +date: 2019-03-13 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -ver
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-01-21 10:27:23 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.28833 (New) Package is "rubygem-actionview-5.2" Mon Jan 21 10:27:23 2019 rev:4 rq:656403 version:5.2.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2018-12-06 12:17:59.509476328 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.28833/rubygem-actionview-5.2.changes 2019-01-21 10:27:23.693616149 +0100 @@ -1,0 +2,10 @@ +Sat Dec 8 16:13:27 UTC 2018 - Stephan Kulow + +- updated to version 5.2.2 + see installed CHANGELOG.md + + ## Rails 5.2.2 (December 04, 2018) ## + + * No changes. + +--- Old: actionview-5.2.1.1.gem New: actionview-5.2.2.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.XxHTww/_old 2019-01-21 10:27:24.185615609 +0100 +++ /var/tmp/diff_new_pack.XxHTww/_new 2019-01-21 10:27:24.189615604 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.1.1 +Version:5.2.2 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} +BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionview-5.2.1.1.gem -> actionview-5.2.2.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-11-27 21:12:18.0 +0100 +++ new/CHANGELOG.md2018-12-04 19:12:05.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.2 (December 04, 2018) ## + +* No changes. + + ## Rails 5.2.1.1 (November 27, 2018) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2018-11-27 21:12:18.0 +0100 +++ new/lib/action_view/gem_version.rb 2018-12-04 19:12:05.0 +0100 @@ -9,8 +9,8 @@ module VERSION MAJOR = 5 MINOR = 2 -TINY = 1 -PRE = "1" +TINY = 2 +PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js new/lib/assets/compiled/rails-ujs.js --- old/lib/assets/compiled/rails-ujs.js2018-11-27 21:12:18.0 +0100 +++ new/lib/assets/compiled/rails-ujs.js2018-12-04 19:12:05.0 +0100 @@ -633,7 +633,10 @@ fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMetaClick = Rails.handleMetaClick, handleMethod = Rails.handleMethod; - if ((typeof jQuery !== "undefined" && jQuery !== null) && (jQuery.ajax != null) && !jQuery.rails) { + if ((typeof jQuery !== "undefined" && jQuery !== null) && (jQuery.ajax != null)) { +if (jQuery.rails) { + throw new Error('If you load both jquery_ujs and rails-ujs, use rails-ujs only.'); +} jQuery.rails = Rails; jQuery.ajaxPrefilter(function(options, originalOptions, xhr) { if (!options.crossDomain) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2018-11-27 21:12:18.0 +0100 +++ new/metadata2018-12-04 19:12:05.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - ve
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2018-12-06 12:17:57 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.19453 (New) Package is "rubygem-actionview-5.2" Thu Dec 6 12:17:57 2018 rev:3 rq:655331 version:5.2.1.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2018-08-12 20:53:21.925222775 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.19453/rubygem-actionview-5.2.changes 2018-12-06 12:17:59.509476328 +0100 @@ -1,0 +2,7 @@ +Mon Dec 3 06:19:24 UTC 2018 - mschnit...@suse.com + +- updated to version 5.2.1.1 (boo#1118076) + + * No changes / Just a version bump to match with Rails 5.2.1.1 + +--- Old: actionview-5.2.1.gem New: actionview-5.2.1.1.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.mIMy2v/_old 2018-12-06 12:17:59.881475929 +0100 +++ /var/tmp/diff_new_pack.mIMy2v/_new 2018-12-06 12:17:59.885475925 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.1 +Version:5.2.1.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-5.2.1.gem -> actionview-5.2.1.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-08-07 23:42:03.0 +0200 +++ new/CHANGELOG.md2018-11-27 21:12:18.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.1.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.2.1 (August 07, 2018) ## * Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2018-08-07 23:42:03.0 +0200 +++ new/lib/action_view/gem_version.rb 2018-11-27 21:12:18.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 1 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2018-08-07 23:42:03.0 +0200 +++ new/metadata2018-11-27 21:12:18.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 5.2.1 + version: 5.2.1.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2018-08-07 00:00:00.0 Z +date: 2018-11-27 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 description: Simple, battle-tested conventions and helpers for building web pages. email: da...@loudthinking.com executables: [] @@ -230,8 +230,8 @@ licenses: - MIT metadata: - source_code_uri: https://github.com/rails/rails/tree/v5.2.1/actionview - changelog_uri: https://github.com/rails/rails/blob/v5.2.1/actionview/CHANGELOG.md + source_code_uri: https://github.com/rails/rails/tree/v5.2.1.1/actionview + changelog_uri: https://github
commit rubygem-actionview-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2018-08-12 20:53:16 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new (New) Package is "rubygem-actionview-5.2" Sun Aug 12 20:53:16 2018 rev:2 rq:628581 version:5.2.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2018-07-18 22:47:14.792292458 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new/rubygem-actionview-5.2.changes 2018-08-12 20:53:21.925222775 +0200 @@ -1,0 +2,34 @@ +Wed Aug 8 14:47:22 UTC 2018 - mschnit...@suse.com + +- updated to version 5.2.1 (boo#1104209) + + * Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options +to HTML attributes. + +(Yurii Cherniavskyi) + + * Fix issue with `button_to`'s `to_form_params` + +`button_to` was throwing exception when invoked with `params` hash that +contains symbol and string keys. The reason for the exception was that +`to_form_params` was comparing the given symbol and string keys. + +The issue is fixed by turning all keys to strings inside +`to_form_params` before comparing them. + +(Georgi Georgiev) + + * Fix JavaScript views rendering does not work with Firefox when using +Content Security Policy. + +Fixes #32577. + +(Yuji Yaginuma) + + * Add the `nonce: true` option for `javascript_include_tag` helper to +support automatic nonce generation for Content Security Policy. +Works the same way as `javascript_tag nonce: true` does. + +(Yaroslav Markin) + +--- Old: actionview-5.2.0.gem New: actionview-5.2.1.gem Other differences: -- ++ rubygem-actionview-5.2.spec ++ --- /var/tmp/diff_new_pack.mw8tKs/_old 2018-08-12 20:53:22.421223781 +0200 +++ /var/tmp/diff_new_pack.mw8tKs/_new 2018-08-12 20:53:22.425223790 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version:5.2.0 +Version:5.2.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-5.2.0.gem -> actionview-5.2.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-04-09 22:04:31.0 +0200 +++ new/CHANGELOG.md2018-08-07 23:42:03.0 +0200 @@ -1,3 +1,35 @@ +## Rails 5.2.1 (August 07, 2018) ## + +* Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options +to HTML attributes. + +*Yurii Cherniavskyi* + +* Fix issue with `button_to`'s `to_form_params` + +`button_to` was throwing exception when invoked with `params` hash that +contains symbol and string keys. The reason for the exception was that +`to_form_params` was comparing the given symbol and string keys. + +The issue is fixed by turning all keys to strings inside +`to_form_params` before comparing them. + +*Georgi Georgiev* + +* Fix JavaScript views rendering does not work with Firefox when using +Content Security Policy. + +Fixes #32577. + +*Yuji Yaginuma* + +* Add the `nonce: true` option for `javascript_include_tag` helper to +support automatic nonce generation for Content Security Policy. +Works the same way as `javascript_tag nonce: true` does. + +*Yaroslav Markin* + + ## Rails 5.2.0 (April 09, 2018) ## * Pass the `:skip_pipeline` option in `image_submit_tag` when calling `path_to_image`. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/digestor.rb new/lib/action_view/digestor.rb --- old/lib/action_view/digestor.rb 2018-04-09 22:04:31.0 +0200 +++ new/lib/action_view/digestor.rb 2018-08-07 23:42:03.0 +0200 @@ -45,9 +45,8 @@ # Create a dependency tree for template named +name+. def tree(name, finder, partial = false, seen = {}) logical_name = name.gsub(%r|/_|, "/") -finder.formats = [finder.rendered_format] if finder.rendered_format -if template = finder.disable_cache { finder.find_all(logical_name, [], partial, []).first } +if template = find_template(finder, logical_name, [], partial, []) finder.rendered_format ||= template.formats.first if node = seen[template.identifier] # handle cycles in the tree @@ -69,6 +68,17 @@ seen[name] ||= Missing.new(name, logical_name, nil) end end + + private +