-
Thu Nov 01 2018 Jun Aruga <jaruga@redhat.com> - 2.0.0.648-34
- CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work.
Resolves: CVE-2018-16395
-
Mon Feb 19 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-33
- Fix always passing WEBrick test.
-
Fri Feb 16 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-32
- Add Psych.safe_load
* ruby-2.1.0-there-should-be-only-one-exception.patch
* ruby-2.1.0-Adding-Psych.safe_load.patch
Related: CVE-2017-0903
- Disable Tokyo TZ tests broken by recen tzdata update.
* ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
Related: CVE-2017-0903
-
Mon Jan 15 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-31
- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
* ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
-vulnerability.patch
Resolves: CVE-2017-0903
- Fix an ANSI escape sequence vulnerability (CVE-2017-0899).
Resolves: CVE-2017-0899
- Fix a DOS vulernerability in the query command (CVE-2017-0900).
Resolves: CVE-2017-0900
- Fix a vulnerability in the gem installer that allowed a malicious gem
to overwrite arbitrary files (CVE-2017-0901).
Resolves: CVE-2017-0901
- Fix a DNS request hijacking vulnerability (CVE-2017-0902).
* ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
Resolves: CVE-2017-0902
- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898).
* ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch
Resolves: CVE-2017-0898
- Escape sequence injection vulnerability in the Basic
authentication of WEBrick (CVE-2017-10784).
* ruby-2.2.8-sanitize-any-type-of-logs.patch
Resolves: CVE-2017-10784
- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
* ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch
Resolves: CVE-2017-14064
- Command injection vulnerability in Net::FTP (CVE-2017-17405).
* ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch
Resolves: CVE-2017-17405
- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033).
* ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch
Resolves: CVE-2017-14033
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
execution(CVE-2017-17790).
* ruby-2.5.0-Fixed-command-Injection.patch
Resolves: CVE-2017-17790
-
Wed Mar 01 2017 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-30
- Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum
failures with newest openssl.
Resolves: rhbz#1416123
- Add gemspec_add_dep and gemspec_remove_dep macros.
- Extend 'gem_' macros for pre-release version support.
Resolves: rhbz#1397390
- Make symlinks for json gem.
Resolves: rhbz#1308992
-
Wed Jun 08 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-29
- Fix hostname size limit
Resolves: rhbz#1343945
-
Mon Jun 06 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-28
- Fix missing declaration of 'rb_frame_last_func'
Related: rhbz#1197720
-
Fri Jun 03 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-27
- Apply previously unapplied patch #14
Related: rhbz#1197720
-
Mon May 09 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-26
- Rebase to Ruby 2.0.0-p648
Resolves: rhbz#1197720, rhbz#1298282, rhbz#1258863
* Remove Patch18: ruby-2.0.0-p247-Revert-mkmf.rb-prefix-install_dirs-only-
with-DESTDIR.patch; subsumed
* Remove Patch23: ruby-openssl-wrap-cipher-fix.patch; subsumed
* Remove Patch25: ruby-2.0.0-p607-DNS-Resolv-fall-back-if-canonicalization-
fails.patch; subsumed
- Remove tests depending on europe/moscow to avoid failures due to tzdata change
https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95
- Add checks for systemtap, abrt hook and rubygems version
- Fix significant hash table performance slowdown on ppc64le
Resolves: rhbz#1163032
- Support in no_proxy for domain names with whitespaces and leading dots
Resolves: rhbz#1300433
-
Mon Apr 27 2015 Vít Ondruch <vondruch@redhat.com> - 2.0.0.598-25
- Fix broken DNS Resolv when resolv.conf has option ndots > 1.
Resolves: rhbz#1200419