projects / ruby2.3.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
ruby2.3.git
5 years agoWEBrick: prevent response splitting and header injection
commit | commitdiff | tree
Yusuke Endoh [Tue, 1 Oct 2019 03:29:18 +0000 (12:29 +0900)]
WEBrick: prevent response splitting and header injection

Origin: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-16254

This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.

Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
[Salvatore Bonaccorso: Backport to 2.3.3:
 - Context changes in test/webrick/test_httpresponse.rb
]

Gbp-Pq: Name WEBrick-prevent-response-splitting-and-header-inject.patch

5 years agoLoop with String#scan without creating substrings
commit | commitdiff | tree
Nobuyoshi Nakada [Tue, 13 Aug 2019 03:14:28 +0000 (12:14 +0900)]
Loop with String#scan without creating substrings

Origin: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-16201

Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.

Gbp-Pq: Name Loop-with-String-scan-without-creating-substrings.patch

5 years agoFix for wrong fnmatch patttern
commit | commitdiff | tree
Nobuyoshi Nakada [Wed, 12 Dec 2018 05:38:09 +0000 (14:38 +0900)]
Fix for wrong fnmatch patttern

Origin: https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15845

* dir.c (file_s_fnmatch): ensure that pattern does not contain a
  NUL character.  https://hackerone.com/reports/449617

Gbp-Pq: Name Fix-for-wrong-fnmatch-patttern.patch

5 years agoCVE-2019-8320-25
commit | commitdiff | tree
Antonio Terceiro [Fri, 5 Jun 2020 08:55:50 +0000 (09:55 +0100)]
CVE-2019-8320-25

Backport of https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b

Backport of https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
addressing, thanks to Leonidas S. Barbosa

CVE-2019-8320
CVE-2019-8321
CVE-2019-8322
CVE-2019-8323
CVE-2019-8324
CVE-2019-8325

Gbp-Pq: Name CVE-2019-8320-25.patch

5 years agodebian-changes
commit | commitdiff | tree
Antonio Terceiro [Fri, 5 Jun 2020 08:55:50 +0000 (09:55 +0100)]
debian-changes

This patch file represents the entire difference between the package as shipped
by Debian and the official upstream sources. The goal is to maintain this file
as small as possible, avoiding non-upstreamed patches at all costs.

The Debian packaging is maintained in the following Git repository:

  http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git

To obtain a view of the individual commits that affect non-Debian-specific
files, you can clone that repository, and from the master branch, run:

  $ ./debian/upstream-changes

Gbp-Pq: Name debian-changes

5 years agoruby2.3 (2.3.3-1+deb9u8) stretch; urgency=high
commit | commitdiff | tree
Utkarsh Gupta [Fri, 5 Jun 2020 08:55:50 +0000 (09:55 +0100)]
ruby2.3 (2.3.3-1+deb9u8) stretch; urgency=high

  * Non-maintainer upload.
  * Add patch to fix unsafe object creation vulnerability.
    (Fixes: CVE-2020-10663)

[dgit import unpatched ruby2.3 2.3.3-1+deb9u8]

5 years agoImport ruby2.3_2.3.3-1+deb9u8.debian.tar.xz
commit | commitdiff | tree
Utkarsh Gupta [Fri, 5 Jun 2020 08:55:50 +0000 (09:55 +0100)]
Import ruby2.3_2.3.3-1+deb9u8.debian.tar.xz

[dgit import tarball ruby2.3 2.3.3-1+deb9u8 ruby2.3_2.3.3-1+deb9u8.debian.tar.xz]

9 years agoImport ruby2.3_2.3.3.orig.tar.xz
commit | commitdiff | tree
Christian Hofstaedtler [Tue, 22 Nov 2016 12:32:41 +0000 (12:32 +0000)]
Import ruby2.3_2.3.3.orig.tar.xz

[dgit import orig ruby2.3_2.3.3.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.