Hello community,
here is the log from the commit of package rubygem-activejob-5_1 for
openSUSE:Factory checked in at 2019-01-21 10:26:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-activejob-5_1 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-activejob-5_1.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activejob-5_1"
Mon Jan 21 10:26:51 2019 rev:5 rq:656397 version:5.1.6.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-activejob-5_1/rubygem-activejob-5_1.changes
2018-07-18 22:48:08.908113058 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-activejob-5_1.new.28833/rubygem-activejob-5_1.changes
2019-01-21 10:26:54.941647688 +0100
@@ -1,0 +2,17 @@
+Sat Dec 8 16:14:56 UTC 2018 - Stephan Kulow <[email protected]>
+
+- updated to version 5.1.6.1
+ see installed CHANGELOG.md
+
+ ## Rails 5.1.6.1 (November 27, 2018) ##
+
+ * Do not deserialize GlobalID objects that were not generated by Active
Job.
+
+ Trusting any GlobaID object when deserializing jobs can allow attackers
to access
+ information that should not be accessible to them.
+
+ Fix CVE-2018-16476.
+
+ *Rafael Mendonça França*
+
+-------------------------------------------------------------------
Old:
----
activejob-5.1.6.gem
New:
----
activejob-5.1.6.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-activejob-5_1.spec ++++++
--- /var/tmp/diff_new_pack.OSn72V/_old 2019-01-21 10:26:55.393647192 +0100
+++ /var/tmp/diff_new_pack.OSn72V/_new 2019-01-21 10:26:55.397647188 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-activejob-5_1
-Version: 5.1.6
+Version: 5.1.6.1
Release: 0
%define mod_name activejob
%define mod_full_name %{mod_name}-%{version}
++++++ activejob-5.1.6.gem -> activejob-5.1.6.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2018-03-29 20:27:15.000000000 +0200
+++ new/CHANGELOG.md 2018-11-27 21:10:09.000000000 +0100
@@ -1,3 +1,15 @@
+## Rails 5.1.6.1 (November 27, 2018) ##
+
+* Do not deserialize GlobalID objects that were not generated by Active Job.
+
+ Trusting any GlobaID object when deserializing jobs can allow attackers to
access
+ information that should not be accessible to them.
+
+ Fix CVE-2018-16476.
+
+ *Rafael Mendonça França*
+
+
## Rails 5.1.6 (March 29, 2018) ##
* No changes.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_job/arguments.rb
new/lib/active_job/arguments.rb
--- old/lib/active_job/arguments.rb 2018-03-29 20:27:15.000000000 +0200
+++ new/lib/active_job/arguments.rb 2018-11-27 21:10:09.000000000 +0100
@@ -75,7 +75,7 @@
def deserialize_argument(argument)
case argument
when String
- GlobalID::Locator.locate(argument) || argument
+ argument
when *TYPE_WHITELIST
argument
when Array
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_job/gem_version.rb
new/lib/active_job/gem_version.rb
--- old/lib/active_job/gem_version.rb 2018-03-29 20:27:15.000000000 +0200
+++ new/lib/active_job/gem_version.rb 2018-11-27 21:10:09.000000000 +0100
@@ -8,7 +8,7 @@
MAJOR = 5
MINOR = 1
TINY = 6
- PRE = nil
+ PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2018-03-29 20:27:15.000000000 +0200
+++ new/metadata 2018-11-27 21:10:09.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: activejob
version: !ruby/object:Gem::Version
- version: 5.1.6
+ version: 5.1.6.1
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2018-03-29 00:00:00.000000000 Z
+date: 2018-11-27 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.1.6
+ version: 5.1.6.1
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 5.1.6
+ version: 5.1.6.1
- !ruby/object:Gem::Dependency
name: globalid
requirement: !ruby/object:Gem::Requirement
@@ -86,8 +86,8 @@
licenses:
- MIT
metadata:
- source_code_uri: https://github.com/rails/rails/tree/v5.1.6/activejob
- changelog_uri:
https://github.com/rails/rails/blob/v5.1.6/activejob/CHANGELOG.md
+ source_code_uri: https://github.com/rails/rails/tree/v5.1.6.1/activejob
+ changelog_uri:
https://github.com/rails/rails/blob/v5.1.6.1/activejob/CHANGELOG.md
post_install_message:
rdoc_options: []
require_paths:
@@ -104,7 +104,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.6.14
+rubygems_version: 2.7.6
signing_key:
specification_version: 4
summary: Job framework with pluggable queues.
