Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

No, please go ahead and do both: my availability is spotty for the next 18 hours. :) (on mobile) Utkarsh Gupta wrote: > Hi Chris, > > On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote: >> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which >> fixes the broken +deb10u5 upload,

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Chris, On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote: > I see your 2.5.5-3+deb10u6 update on the debian/buster branch which > fixes the broken +deb10u5 upload, but I don't see it in the archive > yet. > > Although you mentioned you were going to wait a bit more, I'm just > 100%-checking you

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Bernhard, Kees, On Wed, Jun 7, 2023 at 6:58 PM Schmidt, Bernhard wrote: > > I've prepared a fix for the regression and uploaded the binaries at: > > https://people.debian.org/~utkarsh/lts/ruby2.5/ > > > > Can you please give these a try and see if that fixes the regression > > you're seeing?

[SECURITY] [DLA 3447-1] ruby2.5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3447-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb June 06, 2023

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Utkarsh, > I had missed your comment in the bug but super, many thanks for > testing this out! I'll wait a bit more before I roll this out. I see your 2.5.5-3+deb10u6 update on the debian/buster branch which fixes the broken +deb10u5 upload, but I don't see it in the archive yet. Although you

Accepted firefox-esr 102.12.0esr-1~deb10u1 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 07 Jun 2023 09:45:33 +0200 Source: firefox-esr Architecture: source Version: 102.12.0esr-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Emilio Pozuelo

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Utkarsh, Many thanks from our end. I know you were asking Bernhard, but I downloaded and installed as well. Our Puppet agent seems to be happy again. Cheers, Kees On 07-06-2023 15:17, Utkarsh Gupta wrote: I've prepared a fix for the regression and uploaded the binaries at:

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Am Mittwoch, dem 07.06.2023 um 18:47 +0530 schrieb Utkarsh Gupta: Hi, > > Yep, I'm taking a look to prep something for 2.5. > > I've prepared a fix for the regression and uploaded the binaries at: > https://people.debian.org/~utkarsh/lts/ruby2.5/ > > Can you please give these a try and see if

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Kees, On Wed, Jun 7, 2023 at 6:53 PM Kees Meijs | Nefos wrote: > I know you were asking Bernhard, but I downloaded and installed as well. > Our Puppet agent seems to be happy again. I had missed your comment in the bug but super, many thanks for testing this out! I'll wait a bit more before

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Bernhard, On Wed, Jun 7, 2023 at 4:16 PM Utkarsh Gupta wrote: > Yep, I'm taking a look to prep something for 2.5. I've prepared a fix for the regression and uploaded the binaries at: https://people.debian.org/~utkarsh/lts/ruby2.5/ Can you please give these a try and see if that fixes the

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

FWIW, in Ubuntu, we had a similar issue trying to fix this CVE in ruby2.7, and in the end we reverted the fix: https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.10 Lucas Kanashiro. Em qua., 7 de jun. de 2023 07:47, Utkarsh Gupta escreveu: > Hiya, > > On Wed, Jun 7, 2023 at 2:39 PM

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hiya, On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff wrote: > Specifically > https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ > states: > > | For Ruby 2.7: Update to uri 0.10.0.1 > | For Ruby 3.0: Update to uri 0.10.2 > | For Ruby 3.1: Update to uri 0.11.1 > | For

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote: > Hi Chris, > > On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso > wrote: > > Can you please have a look, as this seems to be caused by the DLA > > issued as DLA-3447-1. > > This has been caused by the ruby2.5 update. It's

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi Chris, On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso wrote: > Can you please have a look, as this seems to be caused by the DLA > issued as DLA-3447-1. This has been caused by the ruby2.5 update. Can you please TAL? This is perhaps because of the URI version in buster v/s URI version

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hi LTS team, On Wed, Jun 07, 2023 at 08:44:53AM +0200, Bernhard Schmidt wrote: > Package: libruby2.5 > Version: 2.5.5-3+deb10u5 > Severity: grave > > Hi, > > I can't quite figure out why, but the latest security upload of ruby2.5 in > Buster breaks the ability of the puppet agent to pull files

Latest ruby2.5 LTS upload breaks puppet agent

Hi, thanks for taking care of Debian LTS. Much appreciated! yesterdays ruby2.5 update for Buster broke our Puppet agent fleet. Not sure whether it has other effects. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037178 for details. I'm available to test fixed packages. Best Regards,