-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 24 Nov 2018 12:38:59 -0200 Source: ruby2.5 Binary: ruby2.5 libruby2.5 ruby2.5-dev ruby2.5-doc Architecture: source Version: 2.5.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: libruby2.5 - Libraries necessary to run Ruby 2.5 ruby2.5 - Interpreter of object-oriented scripting language Ruby ruby2.5-dev - Header files for compiling extension modules for the Ruby 2.5 ruby2.5-doc - Documentation for Ruby 2.5 Closes: 898051 911717 911920 913181 Changes: ruby2.5 (2.5.3-1) unstable; urgency=medium . * New upstream version 2.5.3 - Includes fix for CVE-2018-16396, "Tainted flags are not propagated in Array#pack and String#unpack with some directives" (Closes: #911920) * Refresh patches: - Dropped 0009-merge-changes-in-ruby-openssl-v2.1.1.patch, already applied upstream. * Add tzdata to Build-Depends (Closes: #911717) * Cherry-pick upstream commmit with update to tests due to changes in tzdata 2018f (Closes: #913181) * Update gemspec reproducibility patch to also make new default gems fiddle and ipaddr reproducible. (Closes: #898051) * debian/rules: don't install created.rid file produced by rdoc to make build reproducible. This file is used by rdoc to decide when to update documentation when in use in interactive settings, and containing a timestamp is one of its functions. Is is not necessary for a binary package, though, because the included documentation will never need to be updated in-place. Checksums-Sha1: 91c316a3fd26f55cbfbb07ca6983f04f9b60a877 2421 ruby2.5_2.5.3-1.dsc acfe8bd7820ca0a0ebee4d08a6200ce90b47ba95 10184868 ruby2.5_2.5.3.orig.tar.xz 23321f29233feb0b1dd5885be29a024412933612 116476 ruby2.5_2.5.3-1.debian.tar.xz 1bab5f8ed23d8d49bab97f502a8591372c0225f2 7014 ruby2.5_2.5.3-1_source.buildinfo Checksums-Sha256: 8c6635f4cfc0a3173c2ae0dd000aae4dac41b84946b8c1f98512784e1c25f257 2421 ruby2.5_2.5.3-1.dsc 4953ab3299b6feaec99f4fa1507f3b276951f4c1c99aa435b8e0b1b4afe38302 10184868 ruby2.5_2.5.3.orig.tar.xz 964f7c083c484e8a73a16e9be1caa7a6e0403e05abb77f91ea1ab8aca983e9e6 116476 ruby2.5_2.5.3-1.debian.tar.xz 2bf8cf72f5ccb85bd9475f9098fa248e750c63f76c87e241f2708a5f53bfea1f 7014 ruby2.5_2.5.3-1_source.buildinfo Files: 891297786d509cecce3f3e7078472584 2421 ruby optional ruby2.5_2.5.3-1.dsc dc21f9f1a5c327e0bb3520770b72d3f6 10184868 ruby optional ruby2.5_2.5.3.orig.tar.xz 84653f68ab37e468612218f51b7b5829 116476 ruby optional ruby2.5_2.5.3-1.debian.tar.xz 1139383347d2cb885278be4eeca4c5e6 7014 ruby optional ruby2.5_2.5.3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlv5aSoACgkQ/A2xu81G C95fURAAvYioYRVGjCOvoTZM6eZnpGtj5mDaEUgZ14+IAW6LeDLksOiadjPZNpAa sVmf6yEhWUfBwpWwTH/lzeQihXUCdjq0P3yn/24cEOn7og/qHHoWXl8H77/hUApg VPHs6MRXAeZ8OM78gPSQKF3GPbnrHHFvKv32/8jDgfWto+UnMWvLOvw5bFcnZdr0 cBNVMWsSsP+AzEppVElRxUmX6//nKjgDV10lspAWqabIG6+Vb6/ibSyKEnAjsa8+ AwEtt+ACtvnfSLt38aPkL0hpygd8q/s84qZT3+o6hFE6p+Sj22QOeCTlRWb6jjlb 3tKoi3keJVy0ooW1Hi3CQ7Ftbr6j9syVjDwTSgEs7ipm8PH/7k1+HYHAtlj520Ez yYGkyxjEyUP8FLJfo47ow0vTNR3S7BcacJ2RQjAsxAaVScSPr1QaVmVoZwgYXxNz +iZGqAJCLHlKVuzYB/JT5Uqr+qKItPLNPe/UgtdYtw03ukd6Jp2j2BPcLhZQrcrO l/ZzkOs5mpKCAzj6gyYcd/nqF8LwcPcwYfbM8YAbL8YePzQhiT23Hb8P6RZzZpDR HAancOvMITiwwCkUsQ5wngiWAzgRoPZgwInC8BUq5oYyzENCz69jlXcfZY/Co2/v 4iEsPYiabE3ua8jzTcmg6zXDNVZfdD1QcDVVgW2p1uUYCxzYj0g= =yI7J -----END PGP SIGNATURE-----