-
Mon Apr 15 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-7
- Upgrade to Ruby 2.5.5.
- Delete directory using symlink when decompressing tar
Resolves: CVE-2019-8320
- Fix escape sequence injection vulnerability in verbose.
Resolves: CVE-2019-8321
- Fix escape sequence injection vulnerability in gem owner.
Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
Resolves: CVE-2019-8325
-
Mon Oct 29 2018 Pavel Valena <pvalena@redhat.com> - 2.5.3-6
- Update to Ruby 2.5.3.
Resolves: CVE-2018-16395
Resolves: CVE-2018-16396
Resolves: rhbz#1563076
Removed Patch11: ruby-2.5.0-parse.y-assignable_error.patch; subsumed
Removed Patch12: ruby-2.5.0-Disable-Tokyo-TZ-tests.patch; subsumed
Removed Patch13: ruby-2.5.0-st.c-retry-operations-if-rebuilt.patch; subsumed
- Properly harden package using -fstack-protector-strong.
- Fix: return default path with nonexistent home dir
Resolves: rhbz#1602877
-
Wed Feb 21 2018 Jun Aruga <jaruga@redhat.com> - 2.5.0-5
- They are broken by recen tzdata update.
- Fix thread_safe test suite segfaults.
- Fix invalid licenses.
-
Mon Jan 15 2018 Jun Aruga <jaruga@redhat.com> - 2.5.0-4
- Fix segfaults during generating of documentation.
Resolves: rhbz#1532585
-
Mon Jan 15 2018 Jun Aruga <jaruga@redhat.com> - 2.5.0-3
- Update for did_you_mean required by ruby
Resolves: rhbz#1533920
-
Tue Jan 02 2018 Jun Aruga <jaruga@redhat.com> - 2.5.0-2
- Upgrade to Ruby 2.5.0.
-
Mon Oct 30 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.2-86
- Upgrade to Ruby 2.4.2.
* Remove Patch10: ruby-2.4.0-vm_insnhelper.c-block-argument-at-tailcall.patch;
subsumed
Resolves: rhbz#1506785
- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
* ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
-vulnerability.patch
Resolves: CVE-2017-0903
-
Tue Jan 17 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.0-75
- Apply patch fixing rubygem-mongo build failures.
-
Mon Jan 09 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.0-73
- Reshuffle the %license macro to avoid %postun scriptlet issues.
Resolves: rhbz#1411233
-
Mon Jan 09 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.0-72
- Add rubygem-io-console dependency for rubygem-rdoc.