-
Tue May 21 2024 Vít Ondruch <vondruch@redhat.com> - 3.0.7-143
- Fix Zlib test failures on s390x due to HW acceleration
Related: RHEL-36189
-
Mon May 13 2024 Jun Aruga <jaruga@redhat.com> - 3.0.7-142
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-36189
- Fix HTTP response splitting in CGI.
Resolves: RHEL-36193
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-36196
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-36205
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-36198
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-36200
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-36203
-
Tue Jul 26 2022 Jarek Prokop <jprokop@redhat.com> - 3.0.4-141
- Upgrade to Ruby 3.0.4.
Resolves: rhbz#2096346
Resolves: rhbz#2000056
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
- Fix buffer overrun in String-to-Float conversion.
Resolves: CVE-2022-28739
-
Tue Oct 05 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-140
- Fix rubygem-irb upgrade not working due to directory -> symlink conversion.
Resolves: rhbz#2010949
-
Tue Jul 13 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-139
- Upgrade to Ruby 3.0.2.
Related: rhbz#1938942
- Fix command injection vulnerability in RDoc. (CVE-2021-31799)
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
(CVE-2021-31810)
- Fix StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
- Fix dependencies of gems with explicit source installed from a
different source. (CVE-2020-36327)
- Pass ldflags to gem install via CONFIGURE_ARGS.
The same comment on the changelog 3.0.1-138 was wrong.
-
Mon Jun 07 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.1-138
- Upgrade to Ruby 3.0.1 by merging Fedora rawhide branch (commit: 6b2ff68).
* Add missing `rubygem-` prefix for bundled provide of 'connection_pool'.
* Pass ldflags to gem install via CONFIGURE_ARGS
* Remove IRB dependency from rubygem-rdoc.
* Fix flaky excon test suite.
* Properly support DWARF5 debug information.
Related: rhbz#1920533
* Bundle OpenSSL into StdLib.
* Fix SEGFAULT in rubygem-shoulda-matchers test suite.
* Provide `gem.build_complete` file for binary gems.
* Re-enable test suite.
* ruby-default-gems have to depend on rubygem(io-console) due to reline.
* Fix SEGFAULT preventing rubygem-unicode to build on armv7hl.
* Add support for reworked RubyGems plugins.
* Use proper path for plugin wrappers.
* Extract RSS and REXML into separate subpackages, because they were moved from
default gems to bundled gems.
* Drop Net::Telnet and XMLRPC packages, because they were dropped from Ruby.
Resolves: rhbz#1938942
- Fix FTBFS due to an incompatible load directive.
-
Wed Apr 07 2021 Pavel Valena <pvalena@redhat.com> - 2.7.3-136
- Upgrade to Ruby 2.7.3.
Resolves: rhbz#1947938
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
contains leading zero
Resolves: rhbz#1944227
-
Tue Oct 13 2020 Vít Ondruch <vondruch@redhat.com> - 2.7.2-135
- Upgrade to Ruby 2.7.2.
- Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
-
Fri Jun 26 2020 Vít Ondruch <vondruch@redhat.com> - 2.7.1-133
- Fix `require` behavior allowing to load libraries multiple times.
Resolves: rhbz#1842989
- Add ruby-default-gems dependency on irb.
-
Fri Jun 26 2020 Jun Aruga <jaruga@redhat.com> - 2.7.1-133
- Ship racc binary.
Resolves: rhbz#1851388