Ubuntu
ruby2.3 package

~ahasenack/ubuntu/+source/ruby2.3:xenial-ruby-cpu-spin-fix-1834072

  1. Git
  2. lp:~ahasenack/ubuntu/+source/ruby2.3
  3. xenial-ruby-cpu-spin-fix-1834072
Last commit made on 2019-06-25
Get this branch:
git clone -b xenial-ruby-cpu-spin-fix-1834072 https://git.launchpad.net/~ahasenack/ubuntu/+source/ruby2.3
Only Andreas Hasenack can upload to this branch. If you are Andreas Hasenack please log in for upload directions.

Branch merges

Branch information

Name:
xenial-ruby-cpu-spin-fix-1834072
Repository:
lp:~ahasenack/ubuntu/+source/ruby2.3

Recent commits

f441118... by Andreas Hasenack

update-metadata

38fae95... by Andreas Hasenack

changelog

5979a37... by Andreas Hasenack

  * d/p/do-not-wakeup-inside-child-processes.patch: avoid child ruby processes
    being stuck in a busy loop (LP: #1834072)

5b7d814... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 963a1cc91a8d5fff13bbbd6339fe740eacc3d6cd

New changelog entries:
  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: fix in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.
  * Added lisbon_tz test to excluded tests
    - debian/patches/0001-excluding_lisbon_tz_test.patch:
      test/excludes/TestTimeTZ.rb.
  * Fixing symlink expanding issue that makes some tests and gems fails
    - debian/patches/fixing_symlink_expanding_issue.patch: fix in
      lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.

963a1cc... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 6702db6d2c3fb0c0eccdad84dee9d55e4c6120d8

New changelog entries:
  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * fixing tz test issue
    - debian/patches/fixing_tz_tests.patch

6702db6... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ecd06eb3cfbde98cf2de84fd94a1415953f3b692

New changelog entries:
  * SECURITY UPDATE: Malicious format string - buffer overrun
    - debian/patches/CVE-2017-0898.patch: fix in sprintf.c,
      test/ruby/test_sprintf.rb.
    - CVE-2017-0898
  * SECURITY UPDATE: Response splitting attack
    - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2017-17742
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb,
      lib/webrick/httpservlet/filehandler.rb,
      test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb.
    - CVE-2018-8777

ecd06eb... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.9 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 53894e2461af6c2be065f2e0ac8ac0fa2697da00

New changelog entries:
  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb,
      test/test_tempfile.rb.
    - CVE-2018-6914
  * SECURITY UPDATE: Buffer under-read
    - debian/patches/CVE-2018-8778.patch: fix in pack.c,
      test/ruby/test_pack.rb.
    - CVE-2018-8778
  * SECURITY UPDATE: Unintended socket
    - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c,
      test/socket/test_unix.rb.
    - CVE-2018-8779
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-8780.patch: fix in dir.c,
      test/ruby/test_dir.rb.
    - CVE-2018-8780

53894e2... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 64ba22300c790aa028bf0cfde35c6112b4de0e15

New changelog entries:
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000079

64ba223... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ce42a45745ca368e9c90a0f371e41f87225490e6

New changelog entries:
  * SECURITY UPDATE: fails to validade specification names
    - debian/patches/CVE-2017-0901-0902.patch: fix this.
    - CVE-2017-0901
  * SECURITY UPDATE: vulnerable to a DNS hijacking
    - debian/patches/CVE-2017-0901-0902.patch fix this.
    - CVE-2017-0902
  * SECURITY UPDATE: possible remote code execution
    - debian/patches/CVE-2017-0903.patch: whitelist classes
      and symbols that are in Gem spec YAML in lib/rubygems.rb,
      lib/rubygens/config_file.rb, lib/rubygems/package.rb,
      lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
      lib/rubygems/specification.rb.
    - CVE-2017-0903

ce42a45... by Leonidas S. Barbosa

Import patches-unapplied version 2.3.1-2~16.04.5 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 3a40b3303ef6dfa2cac37d988054fc895c73b5b0

New changelog entries:
  * SECURITY UPDATE: possible command injection attacks through
    kernel#open
    - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
      lib/resolv.rb.
    - CVE-2017-17790
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: denial of service via a crafted string
    - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
    - CVE-2017-14033
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.