Hello community, here is the log from the commit of package rubygem-activejob-5_0 for openSUSE:Factory checked in at 2019-01-21 10:26:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-activejob-5_0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-activejob-5_0.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activejob-5_0" Mon Jan 21 10:26:55 2019 rev:9 rq:656398 version:5.0.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-activejob-5_0/rubygem-activejob-5_0.changes 2018-07-18 22:48:06.780120112 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-activejob-5_0.new.28833/rubygem-activejob-5_0.changes 2019-01-21 10:26:55.693646863 +0100 @@ -1,0 +2,17 @@ +Sat Dec 8 16:14:42 UTC 2018 - Stephan Kulow <co...@suse.com> + +- updated to version 5.0.7.1 + see installed CHANGELOG.md + + ## Rails 5.0.7.1 (November 27, 2018) ## + + * Do not deserialize GlobalID objects that were not generated by Active Job. + + Trusting any GlobaID object when deserializing jobs can allow attackers to access + information that should not be accessible to them. + + Fix CVE-2018-16476. + + *Rafael Mendonça França* + +------------------------------------------------------------------- Old: ---- activejob-5.0.7.gem New: ---- activejob-5.0.7.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-activejob-5_0.spec ++++++ --- /var/tmp/diff_new_pack.MPZzph/_old 2019-01-21 10:26:56.149646363 +0100 +++ /var/tmp/diff_new_pack.MPZzph/_new 2019-01-21 10:26:56.149646363 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-activejob-5_0 -Version: 5.0.7 +Version: 5.0.7.1 Release: 0 %define mod_name activejob %define mod_full_name %{mod_name}-%{version} ++++++ activejob-5.0.7.gem -> activejob-5.0.7.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2018-03-29 19:57:32.000000000 +0200 +++ new/CHANGELOG.md 2018-11-27 21:08:09.000000000 +0100 @@ -1,3 +1,15 @@ +## Rails 5.0.7.1 (November 27, 2018) ## + +* Do not deserialize GlobalID objects that were not generated by Active Job. + + Trusting any GlobaID object when deserializing jobs can allow attackers to access + information that should not be accessible to them. + + Fix CVE-2018-16476. + + *Rafael Mendonça França* + + ## Rails 5.0.7 (March 29, 2018) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/active_job/arguments.rb new/lib/active_job/arguments.rb --- old/lib/active_job/arguments.rb 2018-03-29 19:57:32.000000000 +0200 +++ new/lib/active_job/arguments.rb 2018-11-27 21:08:09.000000000 +0100 @@ -87,7 +87,7 @@ def deserialize_argument(argument) case argument when String - GlobalID::Locator.locate(argument) || argument + argument when *TYPE_WHITELIST argument when Array diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/active_job/gem_version.rb new/lib/active_job/gem_version.rb --- old/lib/active_job/gem_version.rb 2018-03-29 19:57:32.000000000 +0200 +++ new/lib/active_job/gem_version.rb 2018-11-27 21:08:09.000000000 +0100 @@ -8,7 +8,7 @@ MAJOR = 5 MINOR = 0 TINY = 7 - PRE = nil + PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-03-29 19:57:32.000000000 +0200 +++ new/metadata 2018-11-27 21:08:09.000000000 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: activejob version: !ruby/object:Gem::Version - version: 5.0.7 + version: 5.0.7.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2018-03-29 00:00:00.000000000 Z +date: 2018-11-27 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version - version: 5.0.7 + version: 5.0.7.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version - version: 5.0.7 + version: 5.0.7.1 - !ruby/object:Gem::Dependency name: globalid requirement: !ruby/object:Gem::Requirement @@ -101,7 +101,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.6.14 +rubygems_version: 2.7.6 signing_key: specification_version: 4 summary: Job framework with pluggable queues.