[ol7_optional_latest] rubygems-devel-2.0.14.1-36.el7.noarch

Name:	rubygems-devel
Version:	2.0.14.1
Release:	36.el7
Architecture:	noarch
Group:	Development/Libraries
Size:	6786
License:	Ruby or MIT
RPM:	rubygems-devel-2.0.14.1-36.el7.noarch.rpm
Source RPM:	ruby-2.0.0.648-36.el7.src.rpm
Build Date:	Mon Jun 10 2019
Build Host:	x86-ol7-builder-03.us.oracle.com
Vendor:	Oracle America
URL:	http://ruby-lang.org/
Summary:	Macros and development tools for packaging RubyGems
Description:	Macros and development tools for packaging RubyGems.

Changelog (Show File list) (Show related packages)

Thu Apr 04 2019 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-36

- Introduce `Gem::UserInteraction#verbose` method as precondition to fix
  CVE-2019-8321.
  * rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
  Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
  Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
  Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
  Resolves: CVE-2019-8325
  * ruby-2.4.6-Applied-security-patches-for-RubyGems.patch

Mon Feb 04 2019 Jun Aruga <jaruga@redhat.com> - 2.0.0.648-35

- Kill bundled certificates.
- Add macros to edit files lists in .gemspec
- Fix buffer under-read in String#unpack
  Resolves: CVE-2018-8778
- Fix HTTP response splitting in WEBrick
  Resolves: CVE-2017-17742
- Fix DoS by large request in WEBrick
  Resolves: CVE-2018-8777
- Fix directory traversal by poisoned NULL byte in Dir.
  Resolves: CVE-2018-8780
- Fix file and directory creation with directory traversal.
  Resolves: CVE-2018-6914
- Fix socket creation by poisoned NULL byte.
  Resolves: CVE-2018-8779
- Fix: return default path with nonexistent home dir
- Fix flags not propagated in Array#pack and String#unpack.
  Resolves: CVE-2018-16396
- Fix strictly interpret octal fields in tar headers.
  Resolves: CVE-2018-1000075
- Fix a security error for duplicate files in a package.
  Resolves: CVE-2018-1000076
- Enforce URL validation on spec homepage attribute.
  Resolves: CVE-2018-1000077
- Mitigate XSS vulnerability in homepage attribute.
  Resolves: CVE-2018-1000078
- Prevent Path Traversal issue during gem installation.
  Resolves: CVE-2018-1000079
- Fix unsafe Object Deserialization Vulnerability in gem owner.
  Resolves: CVE-2018-1000074
- Refresh expired certificates.
- Fix path traversal when writing to a symlinked basedir outside of the root
  Resolves: CVE-2018-1000073

Thu Nov 01 2018 Jun Aruga <jaruga@redhat.com> - 2.0.0.648-34

- CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work.
  Resolves: CVE-2018-16395

Mon Feb 19 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-33
```
- Fix always passing WEBrick test.
```

Fri Feb 16 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-32

- Add Psych.safe_load
  * ruby-2.1.0-there-should-be-only-one-exception.patch
  * ruby-2.1.0-Adding-Psych.safe_load.patch
  Related: CVE-2017-0903
- Disable Tokyo TZ tests broken by recen tzdata update.
  * ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
  Related: CVE-2017-0903

Mon Jan 15 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-31

- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
  * ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
      -vulnerability.patch
  Resolves: CVE-2017-0903
- Fix an ANSI escape sequence vulnerability (CVE-2017-0899).
  Resolves: CVE-2017-0899
- Fix a DOS vulernerability in the query command (CVE-2017-0900).
  Resolves: CVE-2017-0900
- Fix a vulnerability in the gem installer that allowed a malicious gem
    to overwrite arbitrary files (CVE-2017-0901).
  Resolves: CVE-2017-0901
- Fix a DNS request hijacking vulnerability (CVE-2017-0902).
  * ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
  Resolves: CVE-2017-0902
- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898).
  * ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch
  Resolves: CVE-2017-0898
- Escape sequence injection vulnerability in the Basic
    authentication of WEBrick (CVE-2017-10784).
  * ruby-2.2.8-sanitize-any-type-of-logs.patch
  Resolves: CVE-2017-10784
- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
  * ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch
  Resolves: CVE-2017-14064
- Command injection vulnerability in Net::FTP (CVE-2017-17405).
  * ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch
  Resolves: CVE-2017-17405
- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033).
  * ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch
  Resolves: CVE-2017-14033
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
    execution(CVE-2017-17790).
  * ruby-2.5.0-Fixed-command-Injection.patch
  Resolves: CVE-2017-17790

Wed Mar 01 2017 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-30

- Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum
  failures with newest openssl.
  Resolves: rhbz#1416123
- Add gemspec_add_dep and gemspec_remove_dep macros.
- Extend 'gem_' macros for pre-release version support.
  Resolves: rhbz#1397390
- Make symlinks for json gem.
  Resolves: rhbz#1308992

Wed Jun 08 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-29
```
- Fix hostname size limit
  Resolves: rhbz#1343945
```

Mon Jun 06 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-28

- Fix missing declaration of 'rb_frame_last_func'
  Related: rhbz#1197720

Fri Jun 03 2016 Pavel Valena <pvalena@redhat.com> - 2.0.0.648-27
```
- Apply previously unapplied patch #14
  Related: rhbz#1197720
```