Project

General

Profile

Bug #13842

Backport request: Rubygems-2.6.13

Added by hsbt (Hiroshi SHIBATA) about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
[ruby-core:82485]

Description

Rubygems-2.6.13 has been released now.
Its version was required to backport all stable versions of Ruby.

I created patches about rubygems 2.6.13.

For Ruby 2.2 and 2.3: These patches contain only security fixes of rubygems-2.6.13
For Ruby 2.4: This patches are rubygems-2.6.12 and 2.6.13.


Files

rubygems-2613-ruby22.patch (10.8 KB) rubygems-2613-ruby22.patch hsbt (Hiroshi SHIBATA), 08/28/2017 08:03 AM
rubygems-2613-ruby23.patch (10.9 KB) rubygems-2613-ruby23.patch hsbt (Hiroshi SHIBATA), 08/28/2017 08:03 AM
rubygems-2612-ruby24.patch (13.2 KB) rubygems-2612-ruby24.patch hsbt (Hiroshi SHIBATA), 08/28/2017 08:03 AM
rubygems-2613-ruby24.patch (10.9 KB) rubygems-2613-ruby24.patch hsbt (Hiroshi SHIBATA), 08/28/2017 08:03 AM
rubygems-2613-ruby22-testcase.patch (1.1 KB) rubygems-2613-ruby22-testcase.patch hsbt (Hiroshi SHIBATA), 09/10/2017 01:01 AM

Associated revisions

Revision afc45931
Added by usa (Usaku NAKAMURA) about 2 years ago

  • lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.5.2.1. [Backport #13842]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 59795
Added by usa (Usaku NAKAMURA) about 2 years ago

  • lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.5.2.1. [Backport #13842]

Revision 97c6e393
Added by usa (Usaku NAKAMURA) about 2 years ago

  • lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.4.5.3. [Backport #13842]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 59805
Added by usa (Usaku NAKAMURA) about 2 years ago

  • lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.4.5.3. [Backport #13842]

Revision fd41a384
Added by nagachika (Tomoyuki Chikanaga) about 2 years ago

lib/rubygems: bump up RubyGems version to 2.6.12. [Backport #13842]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59813 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 59813
Added by nagachika (Tomoyuki Chikanaga) about 2 years ago

lib/rubygems: bump up RubyGems version to 2.6.12. [Backport #13842]

Revision 8ae151e7
Added by nagachika (Tomoyuki Chikanaga) about 2 years ago

lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.6.13.
[Backport #13842]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 59814
Added by nagachika (Tomoyuki Chikanaga) about 2 years ago

lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.6.13.
[Backport #13842]

History

#1

Updated by usa (Usaku NAKAMURA) about 2 years ago

  • Backport changed from 2.2: REQUIRED, 2.3: REQUIRED, 2.4: REQUIRED to 2.2: REQUIRED, 2.3: DONE, 2.4: REQUIRED

Updated by hsbt (Hiroshi SHIBATA) about 2 years ago

I found to fail testcase on Ruby 2.2 used attached patch named "rubygems-2613-ruby22.patch".

I created additional patch for broken test.

It replaced util_spec to malicious Gem::Specification instance and invoke Gem::Specification.reset and use Gem::Installer.new instead of Gem::Installer.at

#3

Updated by usa (Usaku NAKAMURA) about 2 years ago

  • Backport changed from 2.2: REQUIRED, 2.3: DONE, 2.4: REQUIRED to 2.2: DONE, 2.3: DONE, 2.4: REQUIRED
#4

Updated by nagachika (Tomoyuki Chikanaga) about 2 years ago

  • Backport changed from 2.2: DONE, 2.3: DONE, 2.4: REQUIRED to 2.2: DONE, 2.3: DONE, 2.4: DONE

Also available in: Atom PDF