please merge 2.5.3-3 from debian

Drops (upstream now):
- Rename "Apply Ruby upstream patch" to fit in between more openssl fixes
- d/p/CVE-2018-16395.patch: CVE-2018-16395
- d/p/CVE-2018-16396.patch: CVE-2018-16396
Drops (in Debian now):
- d/p/0012-test-time-tzdata-2018f.patch: Adjust tz tests for new tzdata.

Not in code:
 0001-openssl-buffering.rb-no-RS-when-output.patch | 42 +

Of the formerly undocumented changes of last merge a few were in the version we now merge, but others are not:

upstream:
 0002-no-ID-cache-in-Init-functions.patch | 131 ++++
 0003-search-winsock-libraries-explicitly.patch | 25
 0004-openssl-search-winsock.patch | 39 +
 0007-openssl_missing.h-constified.patch | 38 +
 0008-reduce-LibreSSL-warnings.patch | 33 +

not seen
 0006-Workaround-for-old-LibreSSL.patch | 27
 0009-openssl-sync-with-upstream-repository.patch | 643 ++++++++++++++++++++++
 1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch | 157 +++++
 rubygems-2388.patch | 15

0009-openssl-sync-with-upstream-repository.patch is special
The old patch we had bumped from 2018-05-12 to 2018-08-08 from 3.0.0.beta1 branch

The new upstream has already the code from 2018-10-17 of the 3.0.0.beta1 branch as well.
Drop our old patch in favor of the newer code.

Build errors - yay

armfh:
  1) Failure:
TestIO_Console#test_oflush [/<<PKGBUILDDIR>>/test/io/console/test_io_console.rb:215]:
Expected ["b", "ab"] to include "a".

That seems to be a known random build fail: https://bugs.ruby-lang.org/issues/14271

i386:
  1) Failure:
TestIO#test_copy_stream_no_busy_wait [/<<PKGBUILDDIR>>/test/ruby/test_io.rb:549]:
r58534 [ruby-core:80969] [Backport #13533].
Expected 0.016000000000019554 to be <= 0.011000000000000001.

All other builds were good, so ?!?

Both were known flaky build-time tests and resolved by retries.

Pre-checks and MP review is complete, uploading to Disco.
Some known autopkgtest struggles ahead, but as they seem we can only retry and badtest them for now.

This bug was fixed in the package ruby2.5 - 2.5.3-3ubuntu1

---------------
ruby2.5 (2.5.3-3ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1806694). Remaining changes:
    - d/p/1dfc377ae3b174b043d3f0ed36de57b0296b34d0.patch: Cherrypick
      upstream commit to fix session resumption with TLS 1.3.
    - d/p/rubygems-2388.patch: Allow either Fetcher or OpenSSL exceptions
      when using invalid cert in rubygems testcase.
    - various backports for better openssl support (formerly undocumented in
      changelog)
      + d/p/0001-openssl-buffering.rb-no-RS-when-output.patch
      + d/p/0006-Workaround-for-old-LibreSSL.patch
  * Dropped changes
    - various backports for better openssl support (formerly undocumented in
      changelog, but upstream now)
      + d/p/0002-no-ID-cache-in-Init-functions.patch
      + d/p/0003-search-winsock-libraries-explicitly.patch
      + d/p/0004-openssl-search-winsock.patch
      + d/p/0007-openssl_missing.h-constified.patch
      + d/p/0008-reduce-LibreSSL-warnings.patch
      + d/p/0009-openssl-sync-with-upstream-repository.patch
    - SECURITY UPDATE: Name equality check CVE-2018-16395 (in upstream)
    - SECURITY UPDATE: Tainted flags not propagted CVE-2018-16396 (in upstream)
    - 0012-test-time-tzdata-2018f.patch: Adjust tz tests for new tzdata.

ruby2.5 (2.5.3-3) unstable; urgency=medium

  * arm64: also skip TestBugReporter#test_bug_reporter_add, which also fails~
    4% of the time.
  * mipsel: fix location of skiplist for OpenSSL::TestSSL, from TestSSL.rb to
    OpenSSL/TestSSL.rb.
  * Remove skiplist for OpenSSL::TestSSL on all architectures. It was in the
    wrong place to begin with.
  * Fix location of skiplist for Rinda-related tests.

ruby2.5 (2.5.3-2) unstable; urgency=medium

  * arm64: skip TestRubyOptions#test_segv_loaded_features, fails ~3% of the
    time
  * mipsel: skip OpenSSL::TestSSL tests that frequently timeout on the Debian
    buildds
    - test_dh_callback
    - test_get_ephemeral_key
    - test_post_connect_check_with_anon_ciphers

ruby2.5 (2.5.3-1) unstable; urgency=medium

  * New upstream version 2.5.3
    - Includes fix for CVE-2018-16396, "Tainted flags are not propagated in
      Array#pack and String#unpack with some directives" (Closes: #911920)
  * Refresh patches:
    - Dropped 0009-merge-changes-in-ruby-openssl-v2.1.1.patch, already applied
      upstream.
  * Add tzdata to Build-Depends (Closes: #911717)
  * Cherry-pick upstream commmit with update to tests due to changes in tzdata
    2018f (Closes: #913181)
  * Update gemspec reproducibility patch to also make new default gems fiddle
    and ipaddr reproducible. (Closes: #898051)
  * debian/rules: don't install created.rid file produced by rdoc to make
    build reproducible. This file is used by rdoc to decide when to update
    documentation when in use in interactive settings, and containing a
    timestamp is one of its functions. Is is not necessary for a binary
    package, though, because the included documentation will never need to be
    updated in-place.

 -- Christian Ehrhardt <email address hidden> Tue, 04 Dec 2018 15:40:55 +0100