commit rubygem-activerecord-5.2 for openSUSE:Factory

Fri, 02 Jul 2021 04:29:27 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rubygem-activerecord-5.2 for 
openSUSE:Factory checked in at 2021-07-02 13:27:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-activerecord-5.2 (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-activerecord-5.2.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-activerecord-5.2"

Fri Jul  2 13:27:28 2021 rev:11 rq:903483 version:5.2.6

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/rubygem-activerecord-5.2/rubygem-activerecord-5.2.changes
        2020-10-05 19:29:26.252503014 +0200
+++ 
/work/SRC/openSUSE:Factory/.rubygem-activerecord-5.2.new.2625/rubygem-activerecord-5.2.changes
      2021-07-02 13:28:21.704344091 +0200
@@ -1,0 +2,37 @@
+Thu Jun 24 16:50:41 UTC 2021 - Stephan Kulow <[email protected]>
+
+updated to version 5.2.6
+ see installed CHANGELOG.md
+
+  ## Rails 5.2.6 (May 05, 2021) ##
+  
+  *   No changes.
+  
+  
+  ## Rails 5.2.5 (March 26, 2021) ##
+  
+  *   No changes.
+  
+  
+  ## Rails 5.2.4.6 (May 05, 2021) ##
+  
+  *   No changes.
+  
+  
+  ## Rails 5.2.4.5 (February 10, 2021) ##
+  
+  *   Fix possible DoS vector in PostgreSQL money type
+  
+      Carefully crafted input can cause a DoS via the regular expressions used
+      for validating the money format in the PostgreSQL adapter.  This patch
+      fixes the regexp.
+  
+      Thanks to @dee-see from Hackerone for this patch!
+  
+      [CVE-2021-22880]
+  
+      *Aaron Patterson*
+  
+  
+
+-------------------------------------------------------------------

Old:
----
  activerecord-5.2.4.4.gem

New:
----
  activerecord-5.2.6.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-activerecord-5.2.spec ++++++
--- /var/tmp/diff_new_pack.BbpFfe/_old  2021-07-02 13:28:22.076341205 +0200
+++ /var/tmp/diff_new_pack.BbpFfe/_new  2021-07-02 13:28:22.080341174 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package rubygem-activerecord-5.2
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-activerecord-5.2
-Version:        5.2.4.4
+Version:        5.2.6
 Release:        0
 %define mod_name activerecord
 %define mod_full_name %{mod_name}-%{version}

++++++ activerecord-5.2.4.4.gem -> activerecord-5.2.6.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md    2020-09-09 20:34:59.000000000 +0200
+++ new/CHANGELOG.md    2021-05-05 18:59:04.000000000 +0200
@@ -1,3 +1,33 @@
+## Rails 5.2.6 (May 05, 2021) ##
+
+*   No changes.
+
+
+## Rails 5.2.5 (March 26, 2021) ##
+
+*   No changes.
+
+
+## Rails 5.2.4.6 (May 05, 2021) ##
+
+*   No changes.
+
+
+## Rails 5.2.4.5 (February 10, 2021) ##
+
+*   Fix possible DoS vector in PostgreSQL money type
+
+    Carefully crafted input can cause a DoS via the regular expressions used
+    for validating the money format in the PostgreSQL adapter.  This patch
+    fixes the regexp.
+
+    Thanks to @dee-see from Hackerone for this patch!
+
+    [CVE-2021-22880]
+
+    *Aaron Patterson*
+
+
 ## Rails 5.2.4.4 (September 09, 2020) ##
 
 *   No changes.
@@ -7,6 +37,10 @@
 
 *   No changes.
 
+## Rails 5.2.4.2 (March 19, 2020) ##
+
+*   No changes.
+
 
 ## Rails 5.2.4.1 (December 18, 2019) ##
 
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/lib/active_record/connection_adapters/postgresql/oid/money.rb 
new/lib/active_record/connection_adapters/postgresql/oid/money.rb
--- old/lib/active_record/connection_adapters/postgresql/oid/money.rb   
2020-09-09 20:34:59.000000000 +0200
+++ new/lib/active_record/connection_adapters/postgresql/oid/money.rb   
2021-05-05 18:59:04.000000000 +0200
@@ -26,9 +26,9 @@
 
             value = value.sub(/^\((.+)\)$/, '-\1') # (4)
             case value
-            when /^-?\D+[\d,]+\.\d{2}$/  # (1)
+            when /^-?\D*+[\d,]+\.\d{2}$/  # (1)
               value.gsub!(/[^-\d.]/, "")
-            when /^-?\D+[\d.]+,\d{2}$/  # (2)
+            when /^-?\D*+[\d.]+,\d{2}$/  # (2)
               value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
             end
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/active_record/gem_version.rb 
new/lib/active_record/gem_version.rb
--- old/lib/active_record/gem_version.rb        2020-09-09 20:34:59.000000000 
+0200
+++ new/lib/active_record/gem_version.rb        2021-05-05 18:59:04.000000000 
+0200
@@ -9,8 +9,8 @@
   module VERSION
     MAJOR = 5
     MINOR = 2
-    TINY  = 4
-    PRE   = "4"
+    TINY  = 6
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata        2020-09-09 20:34:59.000000000 +0200
+++ new/metadata        2021-05-05 18:59:04.000000000 +0200
@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord
 version: !ruby/object:Gem::Version
-  version: 5.2.4.4
+  version: 5.2.6
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-09 00:00:00.000000000 Z
+date: 2021-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 5.2.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 5.2.6
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 5.2.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 5.2.6
 - !ruby/object:Gem::Dependency
   name: arel
   requirement: !ruby/object:Gem::Requirement
@@ -307,8 +307,8 @@
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.4.4/activerecord
-  changelog_uri: 
https://github.com/rails/rails/blob/v5.2.4.4/activerecord/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v5.2.6/activerecord
+  changelog_uri: 
https://github.com/rails/rails/blob/v5.2.6/activerecord/CHANGELOG.md
 post_install_message: 
 rdoc_options:
 - "--main"
@@ -326,7 +326,7 @@
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Object-relational mapper framework (part of Rails).

Reply via email to