New changelog entries:
* Merge with Debian unstable (LP: #1806694). Remaining changes:
- d/p/1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch: Cherrypick
upstream commit to fix session resumption with TLS 1.3.
- d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
when using invalid cert in rubygems testcase.
- various backports for better openssl support (formerly undocumented in
changelog)
+ d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
+ d/p/0006-Workaround-for-old-LibreSSL.patch
* Dropped changes
- various backports for better openssl support (formerly undocumented in
changelog, but upstream now)
+ d/p/0002-no-ID-cache-in-Init-functions.patch
+ d/p/0003-search-winsock-libraries-explicitly.patch
+ d/p/0004-openssl-search-winsock.patch
+ d/p/0007-openssl_missing.h-constified.patch
+ d/p/0008-reduce-LibreSSL-warnings.patch
+ d/p/0009-openssl-sync-with-upstream-repository.patch
- SECURITY UPDATE: Name equality check CVE-2018-16395 (in upstream)
- SECURITY UPDATE: Tainted flags not propagted CVE-2018-16396 (in upstream)
- 0012-test-time-tzdata-2018f.patch: Adjust tz tests for new tzdata.
New changelog entries:
* arm64: also skip TestBugReporter#test_bug_reporter_add, which also fails~
4% of the time.
* mipsel: fix location of skiplist for OpenSSL::TestSSL, from TestSSL.rb to
OpenSSL/TestSSL.rb.
* Remove skiplist for OpenSSL::TestSSL on all architectures. It was in the
wrong place to begin with.
* Fix location of skiplist for Rinda-related tests.
New changelog entries:
* arm64: skip TestRubyOptions#test_segv_loaded_features, fails ~3% of the
time
* mipsel: skip OpenSSL::TestSSL tests that frequently timeout on the Debian
buildds
- test_dh_callback
- test_get_ephemeral_key
- test_post_connect_check_with_anon_ciphers
New changelog entries:
* New upstream version 2.5.3
- Includes fix for CVE-2018-16396, "Tainted flags are not propagated in
Array#pack and String#unpack with some directives" (Closes: #911920)
* Refresh patches:
- Dropped 0009-merge-changes-in-ruby-openssl-v2.1.1.patch, already applied
upstream.
* Add tzdata to Build-Depends (Closes: #911717)
* Cherry-pick upstream commmit with update to tests due to changes in tzdata
2018f (Closes: #913181)
* Update gemspec reproducibility patch to also make new default gems fiddle
and ipaddr reproducible. (Closes: #898051)
* debian/rules: don't install created.rid file produced by rdoc to make
build reproducible. This file is used by rdoc to decide when to update
documentation when in use in interactive settings, and containing a
timestamp is one of its functions. Is is not necessary for a binary
package, though, because the included documentation will never need to be
updated in-place.
New changelog entries:
* Fix build with openssl 1.1.1 (Closes: #907790)
- Apply Ruby upstream patch to update openssl extension to v2.1.1. This
includes some, but not all, changes needed to make the tests pass
against openssl 1.1.1
- Apply ruby-openssl upstream patches to fix tests against openssl 1.1.1
- Exclude tests that still fail with openssl 1.1.1
- debian/rules: set OPENSSL_CONF to /dev/null when running tests to use
the default openssl settings. Unfortunately there are too many tests for
several parts of the Ruby standard library that use openssl and that take
very long to complete under the Debian settings, and I don't have the
cycles to go fix each one.
- debian/tests/run-all: also run autopkgtest against the default openssl
settings and not the Debian-specific ones.
* debian/tests/run-all: fix reference to excludes dir
New changelog entries:
* Fix spelling error in patch description
* Remove always-on dh --parallel
* Pass --host to configure when cross-building.
We cannot just use dh_auto_configure because some of the added options
then make configure need a baseruby, which we want to avoid when
building for the native arch. (Closes: #893501)