[DRE-maint] Bug#990577: ruby-bindata: CVE-2021-32823

Kentaro Hayashi kenhys at xdump.org
Sat Mar 5 06:25:06 GMT 2022 

Hi,

Trying to upgrade to ruby-bindata 2.4.10, meta/build reports the following:

  inished in 0.406237s, 1836.3670 runs/s, 20507.7387 assertions/s.

  746 runs, 8331 assertions, 0 failures, 0 errors, 0 skips
  mv ./.gem2deb.lib lib
  autopkgtest [14:40:10]: test gem2deb-test-runner: -----------------------]
  autopkgtest [14:40:10]: test gem2deb-test-runner:  - - - - - - - - - - results - - - - - - - - - -
  gem2deb-test-runner  PASS
  autopkgtest [14:40:10]: @@@@@@@@@@@@@@@@@@@@ summary
  gem2deb-test-runner  PASS

  ========================================================================
  =  Found reverse runtime, build, or test dependencies that can be tested!
  ========================================================================

  autopkgtest
  -----------

  ruby-json-jwt                   ruby-tpm-key-attestation        ruby-webauthn

  rebuild
  -------

  ruby-json-jwt                   ruby-tpm-key-attestation        ruby-webauthn

  Which tests to run: [A(all)/e(dit list)]/s(kip all)] A

  ========================================================================
  =  Testing reverse (build) dependencies
  ========================================================================

  autopkgtest  ruby-json-jwt            ... PASS
  rebuild      ruby-json-jwt            ... PASS
  autopkgtest  ruby-tpm-key-attestation ... PASS
  rebuild      ruby-tpm-key-attestation ... PASS
  autopkgtest  ruby-webauthn            ... FAIL /tmp/ruby-bindata_2.4.10-1_amd64.X2EA4NCdVO/autopkgtest/ruby-webauthn.log
  rebuild      ruby-webauthn            ... FAIL /tmp/ruby-bindata_2.4.10-1_amd64.X2EA4NCdVO/buildlogs/ruby-webauthn.log

  WARNING: some tests failed; please be careful

Thus it seems OK except one reverse dependency issue.
It seems that ruby-webauthn autopkgtest error is already known as #1005444. [1]


[1] ruby-webauthn: FTBFS: ERROR: Test "ruby3.0" failed: /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1401:in
  `rescue in block in activate_dependencies': Could not find 'openssl' (~> 2.0) among 104 total gem(s) (Gem::MissingSpecError)
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005444

Regards,

More information about the Pkg-ruby-extras-maintainers mailing list