Hello community, here is the log from the commit of package rubygem-actionview-5.2 for openSUSE:Factory checked in at 2019-11-30 10:39:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-actionview-5.2" Sat Nov 30 10:39:08 2019 rev:7 rq:751751 version:5.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-actionview-5.2/rubygem-actionview-5.2.changes 2019-04-01 12:35:55.881843617 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-5.2.new.26869/rubygem-actionview-5.2.changes 2019-11-30 10:40:39.588148562 +0100 @@ -1,0 +2,10 @@ +Thu Nov 28 12:53:13 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> + +- updated to version 5.2.4 + + * Allow programmatic click events to trigger Rails UJS click handlers. + Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573. + + *Sudara Williams* + +------------------------------------------------------------------- Old: ---- actionview-5.2.3.gem New: ---- actionview-5.2.4.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-actionview-5.2.spec ++++++ --- /var/tmp/diff_new_pack.oYeJu4/_old 2019-11-30 10:40:40.464148457 +0100 +++ /var/tmp/diff_new_pack.oYeJu4/_new 2019-11-30 10:40:40.488148454 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-5.2 -Version: 5.2.3 +Version: 5.2.4 Release: 0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++++++ actionview-5.2.3.gem -> actionview-5.2.4.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2019-03-28 04:00:56.000000000 +0100 +++ new/CHANGELOG.md 2019-11-27 16:40:05.000000000 +0100 @@ -1,3 +1,11 @@ +## Rails 5.2.4 (November 27, 2019) ## + +* Allow programmatic click events to trigger Rails UJS click handlers. + Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573. + + *Sudara Williams* + + ## Rails 5.2.3 (March 27, 2019) ## * Prevent non-primary mouse keys from triggering Rails UJS click handlers. @@ -15,7 +23,16 @@ ## Rails 5.2.2.1 (March 11, 2019) ## -* No changes. +* Only accept formats from registered mime types + + A lack of filtering on mime types could allow an attacker to read + arbitrary files on the target server or to perform a denial of service + attack. + + Fixes CVE-2019-5418 + Fixes CVE-2019-5419 + + *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* ## Rails 5.2.2 (December 04, 2018) ## Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-03-28 04:00:56.000000000 +0100 +++ new/lib/action_view/gem_version.rb 2019-11-27 16:40:05.000000000 +0100 @@ -9,7 +9,7 @@ module VERSION MAJOR = 5 MINOR = 2 - TINY = 3 + TINY = 4 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/form_helper.rb new/lib/action_view/helpers/form_helper.rb --- old/lib/action_view/helpers/form_helper.rb 2019-03-28 04:00:56.000000000 +0100 +++ new/lib/action_view/helpers/form_helper.rb 2019-11-27 16:40:05.000000000 +0100 @@ -736,7 +736,7 @@ # def labelled_form_with(**options, &block) # form_with(**options.merge(builder: LabellingFormBuilder), &block) # end - def form_with(model: nil, scope: nil, url: nil, format: nil, **options) + def form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block) options[:allow_method_names_outside_object] = true options[:skip_default_ids] = !form_with_generates_ids @@ -749,7 +749,7 @@ if block_given? builder = instantiate_builder(scope, model, options) - output = capture(builder, &Proc.new) + output = capture(builder, &block) options[:multipart] ||= builder.multipart? html_options = html_options_for_form_with(url, model, options) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/form_tag_helper.rb new/lib/action_view/helpers/form_tag_helper.rb --- old/lib/action_view/helpers/form_tag_helper.rb 2019-03-28 04:00:56.000000000 +0100 +++ new/lib/action_view/helpers/form_tag_helper.rb 2019-11-27 16:40:05.000000000 +0100 @@ -163,6 +163,8 @@ # * <tt>:size</tt> - The number of visible characters that will fit in the input. # * <tt>:maxlength</tt> - The maximum number of characters that the browser will allow the user to enter. # * <tt>:placeholder</tt> - The text contained in the field by default which is removed when the field receives focus. + # If set to true, use a translation is found in the current I18n locale + # (through helpers.placeholders.<modelname>.<attribute>). # * Any other key creates standard HTML attributes for the tag. # # ==== Examples diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/url_helper.rb new/lib/action_view/helpers/url_helper.rb --- old/lib/action_view/helpers/url_helper.rb 2019-03-28 04:00:56.000000000 +0100 +++ new/lib/action_view/helpers/url_helper.rb 2019-11-27 16:40:05.000000000 +0100 @@ -253,7 +253,7 @@ # # <input value="New" type="submit" /> # # </form>" # - # <%= button_to "New", new_articles_path %> + # <%= button_to "New", new_article_path %> # # => "<form method="post" action="/articles/new" class="button_to"> # # <input value="New" type="submit" /> # # </form>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js new/lib/assets/compiled/rails-ujs.js --- old/lib/assets/compiled/rails-ujs.js 2019-03-28 04:00:56.000000000 +0100 +++ new/lib/assets/compiled/rails-ujs.js 2019-11-27 16:40:05.000000000 +0100 @@ -2,7 +2,7 @@ Unobtrusive JavaScript https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts Released under the MIT license - */ + */; (function() { var context = this; @@ -622,14 +622,14 @@ }; Rails.preventInsignificantClick = function(e) { - var data, insignificantMetaClick, link, metaClick, method, primaryMouseKey; + var data, insignificantMetaClick, link, metaClick, method, nonPrimaryMouseClick; link = this; method = (link.getAttribute('data-method') || 'GET').toUpperCase(); data = link.getAttribute('data-params'); metaClick = e.metaKey || e.ctrlKey; insignificantMetaClick = metaClick && method === 'GET' && !data; - primaryMouseKey = e.button === 0; - if (!primaryMouseKey || insignificantMetaClick) { + nonPrimaryMouseClick = (e.button != null) && e.button !== 0; + if (nonPrimaryMouseClick || insignificantMetaClick) { return e.stopImmediatePropagation(); } }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2019-03-28 04:00:56.000000000 +0100 +++ new/metadata 2019-11-27 16:40:05.000000000 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-03-28 00:00:00.000000000 Z +date: 2019-11-27 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.2.3 + version: 5.2.4 description: Simple, battle-tested conventions and helpers for building web pages. email: david@loudthinking.com executables: [] @@ -230,8 +230,8 @@ licenses: - MIT metadata: - source_code_uri: https://github.com/rails/rails/tree/v5.2.3/actionview - changelog_uri: https://github.com/rails/rails/blob/v5.2.3/actionview/CHANGELOG.md + source_code_uri: https://github.com/rails/rails/tree/v5.2.4/actionview + changelog_uri: https://github.com/rails/rails/blob/v5.2.4/actionview/CHANGELOG.md post_install_message: rdoc_options: [] require_paths: @@ -248,7 +248,7 @@ version: '0' requirements: - none -rubygems_version: 3.0.1 +rubygems_version: 3.0.3 signing_key: specification_version: 4 summary: Rendering framework putting the V in MVC (part of Rails).