Hello community, here is the log from the commit of package rubygem-activejob-5_1 for openSUSE:Factory checked in at 2019-01-21 10:26:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-activejob-5_1 (Old) and /work/SRC/openSUSE:Factory/.rubygem-activejob-5_1.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activejob-5_1" Mon Jan 21 10:26:51 2019 rev:5 rq:656397 version:5.1.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-activejob-5_1/rubygem-activejob-5_1.changes 2018-07-18 22:48:08.908113058 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-activejob-5_1.new.28833/rubygem-activejob-5_1.changes 2019-01-21 10:26:54.941647688 +0100 @@ -1,0 +2,17 @@ +Sat Dec 8 16:14:56 UTC 2018 - Stephan Kulow <co...@suse.com> + +- updated to version 5.1.6.1 + see installed CHANGELOG.md + + ## Rails 5.1.6.1 (November 27, 2018) ## + + * Do not deserialize GlobalID objects that were not generated by Active Job. + + Trusting any GlobaID object when deserializing jobs can allow attackers to access + information that should not be accessible to them. + + Fix CVE-2018-16476. + + *Rafael Mendonça França* + +------------------------------------------------------------------- Old: ---- activejob-5.1.6.gem New: ---- activejob-5.1.6.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-activejob-5_1.spec ++++++ --- /var/tmp/diff_new_pack.OSn72V/_old 2019-01-21 10:26:55.393647192 +0100 +++ /var/tmp/diff_new_pack.OSn72V/_new 2019-01-21 10:26:55.397647188 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-activejob-5_1 -Version: 5.1.6 +Version: 5.1.6.1 Release: 0 %define mod_name activejob %define mod_full_name %{mod_name}-%{version} ++++++ activejob-5.1.6.gem -> activejob-5.1.6.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2018-03-29 20:27:15.000000000 +0200 +++ new/CHANGELOG.md 2018-11-27 21:10:09.000000000 +0100 @@ -1,3 +1,15 @@ +## Rails 5.1.6.1 (November 27, 2018) ## + +* Do not deserialize GlobalID objects that were not generated by Active Job. + + Trusting any GlobaID object when deserializing jobs can allow attackers to access + information that should not be accessible to them. + + Fix CVE-2018-16476. + + *Rafael Mendonça França* + + ## Rails 5.1.6 (March 29, 2018) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/active_job/arguments.rb new/lib/active_job/arguments.rb --- old/lib/active_job/arguments.rb 2018-03-29 20:27:15.000000000 +0200 +++ new/lib/active_job/arguments.rb 2018-11-27 21:10:09.000000000 +0100 @@ -75,7 +75,7 @@ def deserialize_argument(argument) case argument when String - GlobalID::Locator.locate(argument) || argument + argument when *TYPE_WHITELIST argument when Array diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/active_job/gem_version.rb new/lib/active_job/gem_version.rb --- old/lib/active_job/gem_version.rb 2018-03-29 20:27:15.000000000 +0200 +++ new/lib/active_job/gem_version.rb 2018-11-27 21:10:09.000000000 +0100 @@ -8,7 +8,7 @@ MAJOR = 5 MINOR = 1 TINY = 6 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-03-29 20:27:15.000000000 +0200 +++ new/metadata 2018-11-27 21:10:09.000000000 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: activejob version: !ruby/object:Gem::Version - version: 5.1.6 + version: 5.1.6.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2018-03-29 00:00:00.000000000 Z +date: 2018-11-27 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 5.1.6 + version: 5.1.6.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.1.6 + version: 5.1.6.1 - !ruby/object:Gem::Dependency name: globalid requirement: !ruby/object:Gem::Requirement @@ -86,8 +86,8 @@ licenses: - MIT metadata: - source_code_uri: https://github.com/rails/rails/tree/v5.1.6/activejob - changelog_uri: https://github.com/rails/rails/blob/v5.1.6/activejob/CHANGELOG.md + source_code_uri: https://github.com/rails/rails/tree/v5.1.6.1/activejob + changelog_uri: https://github.com/rails/rails/blob/v5.1.6.1/activejob/CHANGELOG.md post_install_message: rdoc_options: [] require_paths: @@ -104,7 +104,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.6.14 +rubygems_version: 2.7.6 signing_key: specification_version: 4 summary: Job framework with pluggable queues.