Change log for ruby2.5 package in Ubuntu

151 of 51 results
Published in bionic-updates
Published in bionic-security
ruby2.5 (2.5.1-1ubuntu1.16) bionic-security; urgency=medium

  * SECURITY UPDATE: ReDoS
    - debian/patches/CVE-2023-28755.patch: adds '+' once or more in specific
      places of the  RFC3986 regex in order to avoid the increase in execution
      time for parsing strings to URI objects in lib/uri/rfc3986_parser.rb.
    - CVE-2023-28755

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 15 May 2023 08:41:43 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.15) bionic-security; urgency=medium

  * SECURITY REGRESSION: URI.parse returning empty when it should return nil
    - reverting/removing patches for CVE-2023-28755-*.patch that changed the
      regex behaviour causing URI.parse to return '' instead previous
      behaviour nil as some applications expected to use the last one as
      return (LP: #2018547)

 -- Leonidas Da Silva Barbosa <email address hidden>  Fri, 05 May 2023 06:09:43 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.14) bionic-security; urgency=medium

  * SECURITY UPDATE: ReDoS
    - debian/patches/CVE-2023-28755-*.patch: URI.parse should set empty
      string in host instead of nil in lib/uri/rfc3986_parser.rb.
    - debian/patches/tz_fix.patch: fix timezone test for Lisbon in
      test/ruby/test_time_tz.rb.
    - debian/patches/certs_up_fix.patch: update certificate file to
      make test pass in test/rubygems/ca_cert.pem, test/rubygems/client.pem,
      test/rubygems/ssl_cert.pem, test/rubygems/ss_key.pem,
      test/rubygems/test_gem_security_policy.rb.
    - CVE-2023-28755
  * SECURITY UPDATE: ReDos
    - debian/patches/CVE-2023-28756-*.patch: fix quadratic backtracking on
      invalid time and make RFC2822 regexp linear in lib/time.rb.
    - CVE-2023-28756

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 10 Apr 2023 14:06:44 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.13) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP response splitting
    - debian/patches/CVE-2021-33621*.patch: adds regex to lib/cgi/core.rb and
      lib/cgi/cookie.rb along with tests to check http response headers and
      cookie fields for invalid characters.
    - debian/patches/fix_tzdata-2022.patch: fix for tzdata-2022g tests
      in test/ruby/test_time_tz.rb.
    - CVE-2021-33621

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 18 Jan 2023 09:55:17 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.12) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2022-28739.patch: fix dtoa buffer
      overrun in missing/dtoa.c, test/ruby/test_float.rb.
    - CVE-2022-28739

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 24 May 2022 11:47:40 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.11) bionic-security; urgency=medium

  * SECURITY UPDATE: ReDoS vulnerability
    - debian/patches/CVE-2021-41817-*.patch: add length limit option
      for methods that parses date strings and mimic prev behaviour
      in  ext/date/date_core.c, test/date/test_date_parse.rb.
    - CVE-2021-41817
  * SECURITY UPDATE: Mishandles sec prefixes in cookie names
    - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
      decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
    - CVE-2021-41819

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 06 Jan 2022 12:31:02 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Command injection vulnerability in RDoc
    - debian/patches/CVE-2021-31799.patch: fix replace open for File.open
      in lib/rdoc/rdoc.rb, test/rdoc/test_rdoc_rdoc.rb.
    - CVE-2021-31799
  * SECURITY UPDATE: Information leak
    - debian/patches/CVE-2021-31810.patch: ignore IP address in PASV
      responses by default and add new option use_pasv_ip in lib/net/ftp.rb,
      test/net/ftp/test_ftp.rb.
    - CVE-2021-31810
  * SECURITY UPDATE: Stripping vulnerability
    - debian/patches/CVE-2021-32066.patch: fix raising an exception
      when a unknow response error happens in
      lib/net/imap.rb, test/net/imap/test_imap.rb.
    - CVE-2021-32066
  * debian/patches/fixing_test_imap.patch: adds start_server to
    IMAPTest in order to test_starttls_stripping runs properly.

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 15 Jul 2021 14:22:59 -0300
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: XML round-trip vulnerability in REXML
    - debian/patches/CVE-2021-28965.patch: update to REXML 3.1.7.4.
    - CVE-2021-28965

 -- Marc Deslauriers <email address hidden>  Thu, 15 Apr 2021 10:09:08 -0400
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Unsafe Object Creation Vulnerability in JSON gem
    - debian/patches/CVE-2020-10663.patch: set json->create_additions to 0
      in ext/json/parser/parser.c, ext/json/parser/parser.rl.
    - CVE-2020-10663
  * SECURITY UPDATE: sensitive info disclosure in BasicSocket#read_nonblock
    - debian/patches/CVE-2020-10933.patch: do not return uninitialized
      buffer in ext/socket/init.c.
    - CVE-2020-10933
  * SECURITY UPDATE: HTTP Request Smuggling attack in WEBrick
    - debian/patches/CVE-2020-25613.patch: make it more strict to interpret
      some headers in lib/webrick/httprequest.rb.
    - CVE-2020-25613

 -- Marc Deslauriers <email address hidden>  Tue, 16 Mar 2021 10:59:21 -0400
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
ruby2.5 (2.5.1-1ubuntu1.7) bionic; urgency=medium

  * d/p/arm64-optimizations.patch: enable arm64 optimizations that exist
    for power/x86. It includes enabling unaligned memory access, gc and
    vm_exec.c optimizations (LP: #1901074).
  * Fix FTBFS, many tests were failing during the build (LP: #1903902).
    - Add missing b-d on tzdata.
  * Fix DEP-8 tests (LP: #1903905).
    - Backport patches to fix Kiritimati TZ tests:
      + 0029-Backport-upstream-patch-to-fix-Kiritimati-TZ-test-1-.patch
      + 0030-Backport-upstream-patch-to-fix-Kiritimati-TZ-test-2-.patch
    - d/t/control: add restriction to allow-stderr. The rubyconfig test calls
      dpkg-architecture which is returning a warning in Bionic.
    - d/t/bundled-gems: skip gems which do not match upstream expectations.
      Some gems listed as bundled by upstream are not satisfied by the Ubuntu
      Bionic archive.

 -- Lucas Kanashiro <email address hidden>  Thu, 05 Nov 2020 10:30:22 -0300
Deleted in focal-release (Reason: LP: #1869365)
Deleted in focal-proposed (Reason: moved to Release)
Superseded in focal-proposed
ruby2.5 (2.5.7-1ubuntu4) focal; urgency=medium

  * Cherrypcik upstream fix for webrick to use SHA256 MD.

 -- Dimitri John Ledkov <email address hidden>  Fri, 06 Mar 2020 14:35:56 +0000

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
ruby2.5 (2.5.7-1ubuntu3) focal; urgency=medium

  * Cherrypick upstream patch to make drb module generate big&strong
    certificates.
  * Set OPENSSL_CONF to lower security level to 1, to allow tests pass
    with weak keys.

 -- Dimitri John Ledkov <email address hidden>  Wed, 15 Jan 2020 21:20:33 +0000
Superseded in focal-proposed
ruby2.5 (2.5.7-1ubuntu2) focal; urgency=medium

  * No-change rebuild for libffi soname change.

 -- Matthias Klose <email address hidden>  Sun, 12 Jan 2020 08:42:11 +0000

Available diffs

Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 26 Nov 2019 09:32:04 -0300
Obsolete in disco-updates
Obsolete in disco-security
ruby2.5 (2.5.5-1ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 25 Nov 2019 15:19:36 -0300
Obsolete in eoan-updates
Obsolete in eoan-security
ruby2.5 (2.5.5-4ubuntu2.1) eoan-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 25 Nov 2019 15:00:47 -0300
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
ruby2.5 (2.5.7-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
      - update the patch with the merged upstream PR: 2507
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch

Available diffs

Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to Release)
ruby2.5 (2.5.5-4ubuntu2) eoan; urgency=medium

  * No-change upload with strops.h and sys/strops.h removed in glibc.

 -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 13:40:19 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
ruby2.5 (2.5.5-4ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
      - update the patch with the merged upstream PR: 2507
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch

Available diffs

Superseded in bionic-security
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
ruby2.5 (2.5.1-1ubuntu1.5) bionic; urgency=medium

  * Add d/p/restore_buffer_newline_check.patch to fix failure sending
    files with mixed newline encoding styles; this regression was
    introduced by 0009-openssl-sync-with-upstream-repository.patch.
    (LP: #1835968)

 -- Bryce Harrington <email address hidden>  Thu, 25 Jul 2019 16:06:31 -0700
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
ruby2.5 (2.5.5-3ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
      - update the patch with the merged upstream PR: 2507
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
ruby2.5 (2.5.5-2ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
      - update the patch with the merged upstream PR: 2507
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch

Available diffs

Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
ruby2.5 (2.5.1-1ubuntu1.4) bionic; urgency=medium

  * Cherrypick ruby-openssl upstream commits to fix compat with OpenSSL
    1.1.1 LP: #1797386

 -- Dimitri John Ledkov <email address hidden>  Tue, 23 Apr 2019 23:50:41 +0100
Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired SSL certs
    - debian/patches/fixing_expired_SSL_certs.patch: fix in
      test/net/fixtures/cacert.pem, test/net/fixtures/server.crt,
      test/net/fixtures/server.key.

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 01 Apr 2019 11:13:08 -0300
Obsolete in cosmic-updates
Obsolete in cosmic-security
ruby2.5 (2.5.1-5ubuntu4.3) cosmic-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Apr 2019 13:31:23 -0300
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.5-1ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
      - update the patch with the merged upstream PR: 2507
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch
  * Dropped changes: d/p/1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch
    - upstream

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.3-4ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch: Cherrypick
      upstream commit to fix session resumption with TLS 1.3.
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch
  * Dropped changes: d/p/update-cert-{1,2}.patch
    - included in patch: 0012-test-update-test-certificate.patch

Available diffs

Superseded in cosmic-updates
Deleted in cosmic-proposed (Reason: moved to -updates)
ruby2.5 (2.5.1-5ubuntu4.2) cosmic; urgency=medium

  * d/p/update-cert-{1,2}.patch: update certificates to fix FTBFS. Patches
    prepared by Andreas Hasenack. (LP: #1812669)

 -- Dimitri John Ledkov <email address hidden>  Wed, 20 Feb 2019 22:27:17 +0100
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.3-3ubuntu3) disco; urgency=medium

  * d/p/update-cert-{1,2}.patch: update certificates to fix FTBFS
    (LP: #1812669)

 -- Andreas Hasenack <email address hidden>  Mon, 21 Jan 2019 10:59:42 -0200
Superseded in disco-proposed
ruby2.5 (2.5.3-3ubuntu2) disco; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Mon, 14 Jan 2019 19:52:13 +0000

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.3-3ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1806694). Remaining changes:
    - d/p/1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch: Cherrypick
      upstream commit to fix session resumption with TLS 1.3.
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch
  * Dropped changes
    - various backports for better openssl support (formerly undocumented in
      changelog, but upstream now)
      + d/p/0002-no-ID-cache-in-Init-functions.patch
      + d/p/0003-search-winsock-libraries-explicitly.patch
      + d/p/0004-openssl-search-winsock.patch
      + d/p/0007-openssl_missing.h-constified.patch
      + d/p/0008-reduce-LibreSSL-warnings.patch
      + d/p/0009-openssl-sync-with-upstream-repository.patch
    - SECURITY UPDATE: Name equality check CVE-2018-16395 (in upstream)
    - SECURITY UPDATE: Tainted flags not propagted CVE-2018-16396 (in upstream)
    - 0012-test-time-tzdata-2018f.patch: Adjust tz tests for new tzdata.

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.1-6ubuntu3) disco; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 20 Nov 2018 10:30:19 -0300

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
ruby2.5 (2.5.1-6ubuntu2) disco; urgency=medium

  * 0012-test-time-tzdata-2018f.patch: Adjust tz tests for new tzdata.

 -- Adam Conrad <email address hidden>  Sun, 04 Nov 2018 15:38:57 -0700
Superseded in disco-proposed
ruby2.5 (2.5.1-6ubuntu1) disco; urgency=medium

  * Merge with Debian; remaining changes:
    - Allow either Fetcher or OpenSSL exceptions when using invalid cert in
      rubygems testcase.
    - Cherrypick upstream commit to fix session resumption with TLS 1.3.
    - Cherrypick upstream commit to bump the test key size for OpenSSL 1.1.1.

Available diffs

Superseded in bionic-updates
Superseded in bionic-security
ruby2.5 (2.5.1-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * Fixing tz tests for asia_tokyo test
    - debian/patches/fixing_tz_asia_tokyo_test.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 31 Oct 2018 09:42:47 -0300
Superseded in cosmic-updates
Superseded in cosmic-security
ruby2.5 (2.5.1-5ubuntu4.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * Fixing tz tests for asia_tokyo test
    - debian/patches/fixing_tz_asia_tokyo_test.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 30 Oct 2018 13:27:39 -0300
Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
ruby2.5 (2.5.1-5ubuntu4) cosmic; urgency=high

  * No change rebuild against openssl 1.1.1 with TLS1.3 support.

 -- Dimitri John Ledkov <email address hidden>  Tue, 25 Sep 2018 11:36:36 +0100
Superseded in cosmic-proposed
ruby2.5 (2.5.1-5ubuntu3) cosmic; urgency=medium

  * Allow either Fetcher or OpenSSL exceptions when using invalid cert in
    rubygems testcase.

 -- Dimitri John Ledkov <email address hidden>  Mon, 24 Sep 2018 12:10:21 +0100

Available diffs

Superseded in cosmic-proposed
ruby2.5 (2.5.1-5ubuntu1) cosmic; urgency=medium

  * Cherrypick upstream commit to fix session resumption with TLS 1.3.
  * Cherrypick upstream commit to bump the test key size for OpenSSL 1.1.1.

 -- Dimitri John Ledkov <email address hidden>  Sun, 23 Sep 2018 19:42:19 +0100
Superseded in cosmic-proposed
ruby2.5 (2.5.1-5) unstable; urgency=medium

  * Fix spelling error in patch description
  * Remove always-on dh --parallel
  * Pass --host to configure when cross-building.
    We cannot just use dh_auto_configure because some of the added options
    then make configure need a baseruby, which we want to avoid when
    building for the native arch. (Closes: #893501)

 -- Chris Hofstaedtler <email address hidden>  Tue, 24 Jul 2018 08:56:14 +0000
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.1-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - Mark some tests as failing on Launchpad.
    - Update symbols file.

Available diffs

Superseded in bionic-release
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.0-6ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Mark some tests as failing on Launchpad.
    - Update symbols file.

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.0-5ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Mark some tests as failing on Launchpad.
    - Update symbols file.

Available diffs

Superseded in bionic-release
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.0-4ubuntu4) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 16:53:19 +0000
Superseded in bionic-proposed
ruby2.5 (2.5.0-4ubuntu3) bionic; urgency=medium

  * Ignore TestTimeTZ Asia/Tokyo test failures.

 -- Matthias Klose <email address hidden>  Fri, 02 Feb 2018 17:18:37 +0100

Available diffs

Superseded in bionic-proposed
ruby2.5 (2.5.0-4ubuntu2) bionic; urgency=medium

  * No-change rebuild for gdbm soname change.

 -- Matthias Klose <email address hidden>  Fri, 02 Feb 2018 12:04:55 +0100

Available diffs

Superseded in bionic-release
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.0-4ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - Mark some tests as failing on Launchpad.
    - Update symbols file.

Superseded in bionic-proposed
ruby2.5 (2.5.0-4) unstable; urgency=medium

  * debian/rules: pass --excludes-dir options to `make check` via $TESTS

 -- Antonio Terceiro <email address hidden>  Sat, 30 Dec 2017 10:50:04 -0300
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
ruby2.5 (2.5.0~preview1-1ubuntu2) bionic; urgency=medium

  * Mark some tests as failing.
  * Update symbols file.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 12:28:33 +0100
Superseded in bionic-proposed
ruby2.5 (2.5.0~preview1-1ubuntu1) bionic; urgency=medium

  * Mark two tests as failing.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 12:28:33 +0100
Superseded in bionic-proposed
ruby2.5 (2.5.0~preview1-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * New upstream version 2.5.0~preview1
  * debian/patches: import all of our remaining changes wrt upstream. All the
    changes to tests were transformed into exclude files under test/excludes/
  * ruby2.5-dev: don't install *.a files anymore; they are not installed by
    the upstream build system anymore.
  * debian/rules: adapt removal of embedded certificate store in Rubygems
  * debian/rules: also remove embedded certificate store from bundler

  [ Christian Hofstaedtler ]
  * Remove packaging for tcltk extension; it has been removed from Ruby core
    upstream.
  * Drop migration from old -dbg package
  * Disable test for homedir expansion which fails in sbuild
  * Upstream tarballs no longer come from git
  * Update jquery in missing-sources
  * d/copyright: Add info for darkfish icon set
  * Build with default OpenSSL once again

 -- Antonio Terceiro <email address hidden>  Tue, 10 Oct 2017 21:12:54 -0300
151 of 51 results