ruby1.9.1 (1.9.3.484-2ubuntu1.7) trusty-security; urgency=medium * SECURITY UPDATE: possible command injection attacks through kernel#open - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in lib/resolv.rb. - CVE-2017-17790 -- Leonidas S. Barbosa Mon, 08 Jan 2018 17:41:26 -0300 ruby1.9.1 (1.9.3.484-2ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: command injection through Net::FTP - debian/patches/CVE-2017-17405.patch: fix command injection in lib/net/ftp.rb. - CVE-2017-17405 -- Leonidas S. Barbosa Mon, 18 Dec 2017 14:36:12 -0300 ruby1.9.1 (1.9.3.484-2ubuntu1.5) trusty-security; urgency=medium * SECURITY UPDATE: Buffer underrun vulneratiblity - debian/patches/CVE-2017-0898-10748-14033-14064.patch patch extracted from debian Wheezy. - CVE-2017-0898 * SECURITY UPDATE: ANSI escape sequence vulnerability - debian/patches/CVE-2017-0899-0900-0901.patch patch extracted from debian Wheezy. - CVE-2017-0899 * SECURITY UPDATE: DoS vulnerability in query command - debian/patches/CVE-2017-0899-0900-0901-0902.patch patch extracted from debian Wheezy. - CVE-2017-0900 * SECURITY UPDATE: Malicious gem overwrite arbitrary files - debian/patches/CVE-2017-0899-0900-0901.patch patch extracted from debian Wheezy. - CVE-2017-0901 * SECURITY UPDATE: Escape sequence injection vulnerability - debian/patches/CVE-2017-0898-10748-14033-14064.patch patch extracted from debian Wheezy. - CVE-2017-10748 * SECURITY UPDATE: Buffer underrun - debian/patches/CVE-2017-0898-10748-14033-14064.patch patch extracted from debian Wheezy. - CVE-2017-14033 * SECURITY UPDATE: Heap exposure - debian/patches/CVE-2017-0898-10748-14033-14064.patch patch extracted from debian Wheezy. - CVE-2017-14064 -- Leonidas S. Barbosa Tue, 03 Oct 2017 16:25:24 -0300 ruby1.9.1 (1.9.3.484-2ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: DoS and possible code execution in DL::dlopen - debian/patches/CVE-2009-5147.patch: check tainted string arguments in ext/dl/handle.c. - CVE-2009-5147 * SECURITY UPDATE: incorrect hostname matching - debian/patches/CVE-2015-1855.patch: implement stricter hostname validation per RFC 6125 in ext/openssl/lib/openssl/ssl-internal.rb, added tests to test/openssl/test_ssl.rb. - CVE-2015-1855 * SECURITY UPDATE: SMTP command injection - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb. - CVE-2015-9096 * SECURITY UPDATE: type confusion in tcltkip - debian/patches/CVE-2016-2337.patch: check argument in ext/tk/tcltklib.c. - CVE-2016-2337 * SECURITY UPDATE: heap overflow in Fiddle::Function.new - debian/patches/CVE-2016-2339.patch: check arguments in ext/fiddle/function.c. - CVE-2016-2339 * SECURITY UPDATE: use of same initialization vector (IV) - debian/patches/CVE-2016-7798.patch: don't set dummy key in ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb. - CVE-2016-7798 -- Marc Deslauriers Tue, 20 Jun 2017 08:03:20 -0400 ruby1.9.1 (1.9.3.484-2ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via XML expansion - debian/patches/CVE-2014-8090.patch: add REXML::Document#document to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added tests to test/rexml/test_document.rb. - CVE-2014-8090 -- Marc Deslauriers Wed, 19 Nov 2014 15:23:31 -0500 ruby1.9.1 (1.9.3.484-2ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via buffer overrun in encodes function - debian/patches/CVE-2014-4975.patch: properly calculate buffer size in pack.c. - CVE-2014-4975 * SECURITY UPDATE: denial of service via XML expansion - debian/patches/CVE-2014-8080.patch: limit expansions in lib/rexml/entity.rb, added tests to test/rexml/test_document.rb, test/rexml/test_entity.rb. - CVE-2014-8080 -- Marc Deslauriers Mon, 03 Nov 2014 09:25:06 -0500 ruby1.9.1 (1.9.3.484-2ubuntu1) trusty; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. - debian/patches/20131218-stack-size.patch: Increase thread stack size on 64-bit platforms to prevent testsuite failure on ppc64el. - Build-depend on Tcl/Tk 8.5, ruby is not yet ready for Tcl/Tk 8.6. -- Adam Conrad Fri, 14 Feb 2014 19:48:22 -0700 ruby1.9.1 (1.9.3.484-2) unstable; urgency=medium * new strategy for Ruby version transitions: - ruby1.9.1 depends on ruby - libruby1.9.1 depends on ruby1.9.1 * Drop alternatives entries. -- Antonio Terceiro Sat, 01 Feb 2014 20:40:01 -0300 ruby1.9.1 (1.9.3.484-1ubuntu2) trusty; urgency=medium * Build-depend on tcl8.5-dev and tk8.5-dev, ruby is not yet ready for Tcl/Tk 8.6. -- Matthias Klose Sat, 04 Jan 2014 18:00:42 +0100 ruby1.9.1 (1.9.3.484-1ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. * Drop debian/patches/CVE-2013-4164.patch; applied upstream. * debian/patches/20131218-stack-size.patch: Increase thread stack size on 64-bit platforms to prevent testsuite failure on ppc64el. -- Adam Conrad Wed, 18 Dec 2013 03:16:39 -0700 ruby1.9.1 (1.9.3.484-1) unstable; urgency=low * New upstream release + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164) Closes: #730178 + drop debian/patches/2013-09-08-restore-rb_f_lambda-declaration.patch, already applied upstream. -- Antonio Terceiro Mon, 25 Nov 2013 22:31:23 -0300 ruby1.9.1 (1.9.3.448-1ubuntu2) trusty; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added test to test/ruby/test_float.rb. - CVE-2013-4164 -- Marc Deslauriers Mon, 25 Nov 2013 15:12:24 -0500 ruby1.9.1 (1.9.3.448-1ubuntu1) trusty; urgency=low * Merge from Debian. Remaining changes: - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. -- Marc Deslauriers Mon, 25 Nov 2013 09:59:41 -0500 ruby1.9.1 (1.9.3.448-1) unstable; urgency=low * New upstream release + Includes fix for potential thread deadlock after fork() Closes: #698208 + Includes fix for test error originally introduced by patch for CVE-2012-4522 Closes: #701142 + Includes fix for CVE-2012-4466 and CVE-2012-4464 Closes: #701144 + Includes fix for incorrect setting of FD_CLOEXEC with F_SETFL instead of F_SETFD Closes: #696281 + debian/patches/2013-09-08-restore-rb_f_lambda-declaration.patch: backport upstream patch to reintroduce the declaration of rb_f_lamdba for backwards compatibility. + Dropped patches already applied upstream; refreshed all others. * Review of remaining patches in debian/patches/series: + 909_update_lib_README.diff: obsolete and ultimately wrong. Removed + 903_skip_base_ruby_check.diff: can't see a reason why this would be needed. Removed. * move logic to skip DRB tests inside debian/run-test-suites.bash * Acknowledge security-related NMU's by Salvatore Bonaccorso. + Both CVE-2013-1821.patch and CVE-2013-4073.patch already applied in this upstream version, not included anymore * debian/rules: acknowledge reality, put myself as maintainer. * debian/rules: dropped --with-baseruby=/usr/bin/ruby1.8. This way the build will just use `ruby` for bootstrapping. Also, build-depend on ruby | ruby-interpreter instead of ruby1.8; this way ruby1.9.1 can be bootstrapped with any Ruby interpreter, and we can leave ruby1.8 Rest In Peace. * debian/rules: applied patch from Timothy Pearson to install pkg-config file. Closes: #688002 * debian/libruby1.9.1.symbols: removed debian revision from version numbers for symbols introduced in 1.9.3.194 * debian/control: bump Standards-Version to 3.9.4. No changes needed. * debian/control: remove -1 from build dependency on coreutils -- Antonio Terceiro Sun, 08 Sep 2013 22:57:14 -0300 ruby1.9.1 (1.9.3.194-8.2) unstable; urgency=high * Non-maintainer upload. * Add CVE-2013-4073.patch patch. CVE-2013-4073: Fix hostname check bypassing vulnerability in SSL client. (Closes: #714543) -- Salvatore Bonaccorso Sun, 07 Jul 2013 10:37:03 +0200 ruby1.9.1 (1.9.3.194-8.1ubuntu2) saucy; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4073.patch: fix hostname check and regression in ext/openssl/lib/openssl/ssl-internal.rb, added test to test/openssl/test_ssl.rb. - CVE-2013-4073 -- Marc Deslauriers Mon, 08 Jul 2013 13:00:47 -0400 ruby1.9.1 (1.9.3.194-8.1ubuntu1) raring; urgency=low * Merge from Debian testing. Remaining changes: - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. - debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error. Use the version of the fix from upstream's 1.9.3 tree to fix the NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust the Origin patch tag accordingly. -- Marc Deslauriers Mon, 25 Mar 2013 10:33:34 -0400 ruby1.9.1 (1.9.3.194-8.1) unstable; urgency=high * Non-maintainer upload. * Add CVE-2013-1821.patch patch. CVE-2013-1821: Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. (Closes: #702525) -- Salvatore Bonaccorso Fri, 08 Mar 2013 21:48:20 +0100 ruby1.9.1 (1.9.3.194-7ubuntu1) raring; urgency=low * Merge from Debian testing (LP: #1131493). Remaining changes: - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. * Changes dropped: - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch for this issue. - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is carrying a patch for this issue, but the patch is incorrectly named 20120927-cve_2011_1005.patch. I'll work with Debian to change the patch name, but there's no need in carrying a delta because of this. To be clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and CVE-2012-4466, despite the incorrect patch name. * debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error. Use the version of the fix from upstream's 1.9.3 tree to fix the NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust the Origin patch tag accordingly. -- Tyler Hicks Thu, 21 Feb 2013 17:11:23 -0800 ruby1.9.1 (1.9.3.194-5) unstable; urgency=high * Disable running the test suite during the build on sparc again. Keeping urgency=high because the previous release, which contains a security bug fix, did not reach testing yet because of a segfault when running tests in the sparc buildd. -- Antonio Terceiro Sun, 25 Nov 2012 19:12:28 -0300 ruby1.9.1 (1.9.3.194-4) unstable; urgency=high [ James Healy ] * debian/patches/CVE-2012-5371.patch: avoid DOS vulnerability in hash implementation, this fixes CVE-2012-5371. (Closes: #693024). -- Antonio Terceiro Thu, 22 Nov 2012 10:30:37 -0300 ruby1.9.1 (1.9.3.194-3) unstable; urgency=high * debian/patches/CVE-2012-4522.patch: avoid vulnerability with strings containing NUL bytes passed to file creation methods. This fixes CVE-2012-4522 (Closes: #690670). -- Antonio Terceiro Tue, 16 Oct 2012 10:27:20 -0300 ruby1.9.1 (1.9.3.194-2) unstable; urgency=low * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream; fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x series (Closes: #689075). Thanks to Tyler Hicks for reporting the issue. -- Antonio Terceiro Sat, 06 Oct 2012 16:29:42 -0300 ruby1.9.1 (1.9.3.194-1ubuntu1.2) quantal-security; urgency=low * SECURITY UPDATE: Safe level bypass - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2012-4464 - CVE-2012-4466 * SECURITY UPDATE: Missing input sanitization of file paths - debian/patches/20121016-cve_2012_4522.patch: NUL characters are not valid filename characters, so ensure that Ruby strings used for file paths do not contain NUL characters. Based on upstream patch. - CVE-2012-4522 * debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is technically not affected by CVE-2011-1005. CVE-2012-4464 is the id assigned to the vulnerability in the ruby1.9.x branch. -- Tyler Hicks Tue, 16 Oct 2012 09:38:57 -0700 ruby1.9.1 (1.9.3.194-1ubuntu1) quantal; urgency=low * SECURITY UPDATE: Safe level bypass - debian/patches/20120927-cve_2011_1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * Make the RubyGems fetcher use distro-provided ca-certificates (LP: #1057926) - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. -- Tyler Hicks Thu, 27 Sep 2012 20:37:54 -0700 ruby1.9.1 (1.9.3.194-1) unstable; urgency=low [ Lucas Nussbaum ] * Add hurd-path-max.diff. Fixes FTBFS on Hurd. (Closes: #648055) [ Daigo Moriwaki ] * Removed debian/patches/debian/patches/sparc-continuations.diff, which the upstream has applied. * debian/rules: - Bumped up tcltk_ver to 8.5. - Used chrpath for tcltklib.so to fix a lintian error, binary-or-shlib-defines-rpath. * debian/control: - Suggests ruby-switch. (Closes: #654312) - Build-Depends: chrpath. * debian/libruby1.9.1.symbols: Added a new symbol for rb_str_modify_expand@Base. * debian/run-test-suites.bash: - Corrected options for test-all. - Enabled timeout to allow hang tests to be aborted. [ James Healy ] * New upstream release: 1.9.3p194 (Closes: #669582) + This release includes a fix for CVE-2011-0188 (Closes: #628451) + This release also does not segfault when running the test suite under amd64 (Closes: #674347) * Enable hardened build flags (Closes: #667964) * debian/control: - depend on specific version on coreutils - update policy version (no changes) [ Antonio Terceiro ] * debian/ruby1.9.1.postinst: + bump alternatives priority for `ruby` to 51 so that Ruby 1.9 has a higher priority than Ruby 1.8 (50). + bump alternatives priority for `gem` to 181 so that the Rubygems provided by Ruby 1.9 has priority over the one provided by the rubygems package. * debian/control: added myself to Uploaders: * debian/libruby1.9.1.symbols: update with new symbols added in 1.9.3p194 upstream release. * debian/manpages/*: fix references to command names with s/1.9/1.9.1/ * debian/rules: skip running DRB tests, since they seem to make the build hang. This should close #647296, but let's way and see. Also, with this do not need to timeout the test suite anymore. -- Antonio Terceiro Sat, 02 Jun 2012 07:42:28 -0300 ruby1.9.1 (1.9.3.0-2) unstable; urgency=low * gcc's #635126 requiring -fno-tree-sra has been fixed. Disable workaround in that package. * add sparc-continuations.diff: fixes segfault during test suite on sparc. Closes: #593138, #545345. Many thanks to Jurij Smakov. -- Lucas Nussbaum Mon, 19 Dec 2011 21:33:37 +0100 ruby1.9.1 (1.9.3.0-1) unstable; urgency=low * New upstream release: 1.9.3p0. * Disable test suites on ia64 sparc kfreebsd-i386 kfreebsd-amd64. Those architectures are known to be broken at the moment. Details: http://lists.debian.org/debian-release/2011/10/msg00279.html -- Lucas Nussbaum Mon, 31 Oct 2011 08:44:23 +0100 ruby1.9.1 (1.9.3~rc1-3) experimental; urgency=low * Update symbols file to fix FTBFS on i386, mips, mipsel, powerpc, s390. Closes: #644705. -- Lucas Nussbaum Sun, 09 Oct 2011 11:09:13 +0200 ruby1.9.1 (1.9.3~rc1-2) experimental; urgency=low * Add symbols file. Some symbols were removed between 1.9.2.0 and 1.9.3~rc1, but this does not constitute an ABI change as those symbols were not supposed to be used by third-party extensions (not in header files, etc.) See http://redmine.ruby-lang.org/issues/4666 for details. Closes: #636966. * Upload to experimental to test-build this. -- Lucas Nussbaum Sat, 08 Oct 2011 10:30:33 +0200 ruby1.9.1 (1.9.3~rc1-1) unstable; urgency=low * New upstream release: 1.9.3 RC1. + Includes load.c fixes. Closes: #639959. * Upload to unstable. -- Lucas Nussbaum Sat, 24 Sep 2011 19:16:17 +0200 ruby1.9.1 (1.9.3~preview1+svn33236-1) experimental; urgency=low * New upstream snapshot. * add README.porters: instructions on how to run specific tests. * 110829-freebsd_map_stack.patch: merged usptream, dropped. * 110829-hurd_dirent_usage.patch: refresh. -- Lucas Nussbaum Sat, 10 Sep 2011 10:07:12 +0200 ruby1.9.1 (1.9.3~preview1+svn33077-3) experimental; urgency=low * Add debian/run-test-suites.bash: test suites wrapper that checks the number of failures and exit if there are too many. * debian/rules: optimizations were dropped on ia64. Revert. * 20100829-rubygems_default_dir.diff, 20100829-rubygems_disable_update_system.diff: disable tests that are broken by those changes. -- Lucas Nussbaum Tue, 30 Aug 2011 07:44:33 +0200 ruby1.9.1 (1.9.3~preview1+svn33077-2) experimental; urgency=low * Also add --no-tree-sra on sparc. * Add 110829-freebsd_map_stack.patch. Work around FreeBSD bug. * Add 110829-freebsd_assert_normal_exit.patch: workaround FreeBSD bug in testsuite runner. * Add 110829-hurd_dirent_usage.patch: Fix dirent issue on hurd. Closes: #639664 * Modified 20100829-rubygems_default_dir.diff: avoid warning. -- Lucas Nussbaum Mon, 29 Aug 2011 22:41:14 +0200 ruby1.9.1 (1.9.3~preview1+svn33077-1) experimental; urgency=low * New upstream snapshot (SVN rev 33029, ruby_1_9_3 branch). + Should fix FTBFS on m68k. Closes: #611691. * Cleanup disabled patches in debian/patches: + Drop patch 110801-ftbfs-ia64-missing-semicolon.diff: fixed upstream. + remove patch 110411_disable_osslv2.patch (was already disabled) + Remove 201_gem_prelude.diff and 202_gem_default_dir.diff. Merged into 20100829-rubygems_default_dir.diff + Remove 203_adjust_base_of_search_path.diff. Not needed anymore. + Remove 900_ri_pager.diff. Applied upstream in lib/rdoc/ri/driver.rb + Remove 902_define_YAML_in_yaml_stringio.rb.diff. This code has changed, and the reason for this patch has been lost. + Remove 904_linux_target_os.diff. This patch was only required for the LPIA Ubuntu architecture, which no longer exists. + Remove 931_libruby_suffix.diff. No longer needed. + Remove 940_hppa_disable_test_propag_signal.diff. hppa is dead. + Remove 940_test_file_exhaustive_fails_as_root.diff. Applied upstream. + Remove 940_test_priority_fails.diff. Fixed upstream. + re-enable and refresh 090729_fix_Makefile_deps.diff + re-enable and refresh 090803_exclude_rdoc.diff + Remove 091207_test_dl_free_func.diff. Merged upstream. + Remove 100327_r24850_bootstraptest_test_thread.diff. Applied upstream. + Remove 100503_r27337_rb_string_value_cstr.diff. Applied upstream. + Remove 100503_r27356_queue_race.diff.diff. Applied upstream. + Remove 100518_load_libc_libm.diff, 100518_r23483_suppress_pathname_warning.diff and 100518_r26515_free_rb_classext.diff. Were upstream backports. + Remove 110801-ftbfs-ia64-missing-semicolon.diff. fixed upstream. * Add 110825-run-tests-verbose.patch: run tests in verbose mode * Add openssl to build-depends. Needed for test_constants(OpenSSL::TestConfig). * Improve rubygems_default_dir.diff to avoid warnings. * Add 110825-tests_broken_as_root.patch: skip some tests when root. * Introduce ruby1.9.3 package to improve the confusing situation. * Fix 1.9.2 -> 1.9.3 in descriptions. -- Lucas Nussbaum Fri, 26 Aug 2011 11:37:58 +0200 ruby1.9.1 (1.9.3~preview1-2) experimental; urgency=low * Add -fno-tree-sra on armel. Same workaround as for ruby1.8 (see #634260) -- Lucas Nussbaum Mon, 01 Aug 2011 20:58:07 +0200 ruby1.9.1 (1.9.3~preview1-1) experimental; urgency=low * New upstream version: 1.9.3 preview 1. * debian/patches/20100829-rubygems_default_dir.diff: refreshed patch. * debian/patches/20100829-rubygems_disable_update_system.diff: refreshed patch. * Add 110801-ftbfs-ia64-missing-semicolon.diff. Fixes FTBFS on ia64. -- Lucas Nussbaum Mon, 01 Aug 2011 16:59:35 +0200 ruby1.9.1 (1.9.2.180+svn32566-1) experimental; urgency=low * New SVN snapshot based on revision 32566 from the ruby_1_9_3 branch. * Add patch 110720_tcltk_disable_rpath.diff: disable rpath in tcltk. * Add patch 110720_tcltk_disable_rpath.diff: disable rpath in tcltk. -- Lucas Nussbaum Wed, 20 Jul 2011 11:25:23 +0200 ruby1.9.1 (1.9.2.180+svn32099-1) experimental; urgency=low * New SVN snapshot based on revision 32099 from trunk. * 20100829-rubygems_default_dir.diff: refresh * 20100829-rubygems_disable_update_system.diff: refresh * 909_update_lib_README.diff: refresh * 110411_disable_osslv2.patch: drop, cleaner solution implemented upstream * Update Lucas' email address. * Build-depend on tcl-dev and tk-dev instead of {tcl,tk}8.4-dev. * Relicensed under Ruby || BSDL. + Update debian/copyright. + Build-depend on libreadline6-dev. -- Lucas Nussbaum Wed, 15 Jun 2011 14:01:51 +0200 ruby1.9.1 (1.9.2.180-5) unstable; urgency=low * Build-depend on libreadline-gplv2-dev instead of libreadline5-dev. Ruby is dual-licensed under GPLv2 (only) || Ruby license, so we cannot use libreadline6-dev. -- Lucas Nussbaum Sun, 15 May 2011 10:46:43 +0200 ruby1.9.1 (1.9.2.180-4) unstable; urgency=low [ Daigo Moriwaki ] * debian/control: Corrected wording. (Closes: #624574) [ Lucas Nussbaum ] * Change 01_default_gem_path.diff: + executables are now installed to /usr/local/bin. + but the other files created by rubygems stay in /var/lib/gems/. Several commenters in #448639 and #403407 argued in favor of the switch to /usr/local/bin. Those two bugs can therefore be closed. However, the issue is not completely solved, as rubygems still installs files in /var/lib/gems. Nobody in the bug logs explained why that was an issue. If you care about it, please open a new bug. Fixes the rubygems bugs: #448639, #403407 * Update Standards-Version to 3.9.2. No changes needed. -- Lucas Nussbaum Tue, 03 May 2011 16:26:04 +0200 ruby1.9.1 (1.9.2.180-3) unstable; urgency=low * Remove --with-lookup-order-hack=INET. That breaks IPv6-only systems. See #619209 * Drop ruby1.9.1-elisp. The Ruby emacs mode is now provided in emacs 23. * Add patch 110411_disable_osslv2.patch Disables SSLv2. Closes: #620998 * Move the ri1.9.1 binary and manpage to the ruby1.9.1 package. ri1.9.1 still exists, but only contains the documentation. This is needed to fix #621058. * Make libruby1.9.1 Conflict, Replace irb1.9.1, rdoc1.9.1. fixes #608582 -- Lucas Nussbaum Tue, 12 Apr 2011 12:03:14 +0200 ruby1.9.1 (1.9.2.180-2) unstable; urgency=low * Switch to git. Update Vcs-*. * Upload to unstable. -- Lucas Nussbaum Fri, 25 Mar 2011 10:11:47 +0100 ruby1.9.1 (1.9.2.180-2~experimental.1) experimental; urgency=low * Remove the patchsys-quilt CDBS rule. It is not needed since we are using 3.0 (quilt). * Add Provides for ruby-interpreter and ruby1.9.2-full. * Switch to alternatives to manage Ruby versions. * Decrease gem alternatives priority to 10 to be consistent with the interpreter priority. * Upload to experimental. Changes are very intrusive and need extensive testing. -- Lucas Nussbaum Sat, 05 Mar 2011 20:57:31 +0100 ruby1.9.1 (1.9.2.180-1) unstable; urgency=low * New upstream release. - (CVE-2011-1004; Closes: #615519) - No longer found in 1.9.2 (Closes: #509500) * debian/rules: correctly skip making rdoc for DEB_BUILD_OPTIONS="nordoc". * debian/control: Build-Depends libncursesw5-dev as well. (Closes: #578169) -- Daigo Moriwaki Sun, 27 Feb 2011 16:28:32 +0900 ruby1.9.1 (1.9.2.0-2) unstable; urgency=low * Clarify versioning in package description to reduce 1.9.1 <-> 1.9.2 confusion. Closes: #601526. * Remove README.Debian. It only contained outdated information. * Build with -mieee on SH4. Closes: #591785. * Update debian/NEWS to mention LOAD_PATH change. Closes: #593098. * ruby1.9.1: add Suggests on ruby1.9.1-dev as it is need to build many gems, and that's a FAQ. * ruby1.9.1-dev: mention building gems in package description. -- Lucas Nussbaum Mon, 01 Nov 2010 09:03:33 +0100 ruby1.9.1 (1.9.2.0-1) unstable; urgency=high [ Lucas Nussbaum ] * New upstream release. The 1.9.2 branch was in deep freeze at the time of the last snapshot, and all the changes between that snapshot and the present final tarball are bugfixes, as shown by svn log -r28788:HEAD http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_2 Also, it sounds much easier to support a released version on the long term, rather than an SVN snapshot. Also fixes CVE-2010-0541. Closes: #593298. Could also improve kFreeBSD support as some changes are FreeBSD-related. * Add build-dependency on libyaml-dev to build psych, which is a new, faster YAML library provided in Ruby 1.9.2. [ Daigo Moriwaki ] * debian/watch: support new URL for Ruby 1.9.2. * debian/rules: DEB_BUILD_OPTIONS="nordoc" provides no-doc build for build testing. * Merged rubygems1.9.1: this package used to be provided by the libgems-ruby source package, but the version of rubygems provided by libgems-ruby is incompatible with Ruby 1.9.2. Also, Rubygems is shipped as part of Ruby. Closes: #588125 [ Lucas Nussbaum ] * Provide a way to override Debian's disabling of gem update --system by setting an environment variable. This is the same change as the one done for libgems-ruby. -- Lucas Nussbaum Sat, 11 Sep 2010 08:38:44 +0200 ruby1.9.1 (1.9.2~svn28788-1) unstable; urgency=low * New release based on upstream snapshot from the 1.9.2 branch, after 1.9.2 RC2. That branch is (supposed to be) binary-compatible with the 1.9.1 branch. + Builds fine on i386. Closes: #580852. * Upgrade to Standards-Version: 3.9.1. No changes needed. * Updated generated incs. * Patches that still need work: + Unclear status, need more investigation: 090729_fix_Makefile_deps.dpatch 090803_exclude_rdoc.dpatch 203_adjust_base_of_search_path.dpatch 902_define_YAML_in_yaml_stringio.rb.dpatch 919_common.mk_tweaks.dpatch 931_libruby_suffix.dpatch 940_test_thread_mutex_sync_shorter.dpatch + Maybe not needed anymore, keeping but not applying. 102_skip_test_copy_stream.dpatch (test doesn't block anymore?) 104_skip_btest_io.dpatch (test doesn't block anymore?) 201_gem_prelude.dpatch (we don't use that rubygems anyway?) 202_gem_default_dir.dpatch (we don't use that rubygems anyway?) 940_test_file_exhaustive_fails_as_root.dpatch 940_test_priority_fails.dpatch 100518_load_libc_libm.dpatch * Add disable-tests.diff: disable some tests that cause failures on FreeBSD. Closes: #590002, #543805, #542927. * However, many new failures on FreeBSD. Since that version is still an improvement, add the check that makes test suite failures non-fatal on FreeBSD again. That still needs to be investigated. * Re-add 903_skip_base_ruby_check.dpatch * Add build-dependency on ruby1.8 and drop all pre-generated files. -- Lucas Nussbaum Sat, 31 Jul 2010 17:08:39 -0400 ruby1.9.1 (1.9.1.429-1) unstable; urgency=low * New upstream release * Switch to dpkg-source 3.0 (quilt) format. -- Daigo Moriwaki Mon, 19 Jul 2010 22:02:35 +0900 ruby1.9.1 (1.9.1.378-4) unstable; urgency=low * Added debian/patches/100518_r26515_free_rb_classext.dpatch LP: #514322, LP: #529011 * Added 100518_load_libc_libm.dpatch Fixes loading of libc and libm. Closes: #560293 * Added 100518_r23483_suppress_pathname_warning.dpatch Remove warning in pathname.rb. Closes: #566612 * Added 100518_r27464_threading_non-nptl.dpatch Fixes threading issues on kfreebsd. Closes: #542927 * Make test suite failures on FreeBSD fatal. * Run the test suite on hppa too. -- Lucas Nussbaum Tue, 18 May 2010 22:24:49 +0200 ruby1.9.1 (1.9.1.378-3) unstable; urgency=low * Added patches: - debian/patches/100503_r27337_rb_string_value_cstr.dpatch Back port from the upstream r27337. - debian/patches/100503_r27356_queue_race.diff.dpatch Back port from the upstream r27356. -- Daigo Moriwaki Tue, 04 May 2010 01:46:05 +0900 ruby1.9.1 (1.9.1.378-2) unstable; urgency=low [ Lucas Nussbaum ] * Merge lib{dbm,gdbm,readline,openssl}-ruby1.9.1 into libruby1.9.1. * Merge irb1.9.1 and rdoc1.9.1 into ruby1.9.1. * Update lintian override. * Update emacs dependency. * Fix ri1.9.1 dep: make it binNMUable again. * Update debian/copyright. * Upgrade to Standards-Version: 3.8.4. No changes needed. * Add lintian override for package-name-doesnt-match-sonames. * Remove duplicate section/priority stanzas. * Fix a few minor problems in manpages. [ Daigo Moriwaki ] * Added a patch: - debian/patches/100327_r24850_bootstraptest_test_thread.dpatch Back port from the upstream r24850, fixing a test failure. -- Daigo Moriwaki Sat, 27 Mar 2010 11:00:48 +0900 ruby1.9.1 (1.9.1.378-1) unstable; urgency=medium * New upstream release * The upstream has fixed a vulnerability in WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator. (Closes: #564646) -- Daigo Moriwaki Mon, 11 Jan 2010 09:46:28 +0900 ruby1.9.1 (1.9.1.376-1) unstable; urgency=low * New upstream release -- Daigo Moriwaki Mon, 07 Dec 2009 22:34:25 +0900 ruby1.9.1 (1.9.1.375-1) unstable; urgency=low * Interim upstream 1.9.1-p375 (26021) * removed debian/patches/090908_regexp_unicode_class.dpatch: it is included upstream release. -- akira yamada Mon, 07 Dec 2009 08:24:55 +0900 ruby1.9.1 (1.9.1.339-1) unstable; urgency=low * Interim upstream 1.9.1-p339 (r25816) * Updated debian/generated-incs/*. * Updated patches - 909_update_lib_README * Updated debian/copyright. (s/ruby1\.9/ruby1.9.1/g) * Added debian/libopenssl-ruby1.9.1.lintian-overrides. -- akira yamada Wed, 18 Nov 2009 09:51:36 +0900 ruby1.9.1 (1.9.1.243-2) unstable; urgency=low [ Lucas Nussbaum ] * Removed Fumitoshi UKAI from Uploaders. Thanks a lot for the past help! * Removed obsolete Build-Conflicts: on gcc-3.3 (<< 1:3.3.2-0pre1) * Add ${misc:Depends} to Depends of all binary packages. Avoids debhelper-but-no-misc-depends lintian warning. * Add build-dependency on debhelper >= 5, since that's the compatibility level with request in debian/compat. Avoids package-lacks-versioned-build-depends-on-debhelper lintian warning. * Fix menu file for irb1.9.1. Avoids two menu-related lintian warnings. * Optimized debian/rmshebang.sh a bit. * Removed outdated option from DEB_CONFIGURE_USER_FLAGS: --with-default-kcode=none * Remove 901_extra_search_path: no longer needed. * Use --program-suffix=1.9.1 and hack configure.in so that all the paths except the ri path match what was done before. * Added debian/README.source. Avoids lintian warning. * Added a ruby1.9.1-full meta-package that depends on all the ruby 1.9.1 binary packages. Closes: #503580. * Ignore failures of test suite on FreeBSD. * Bumped Standards-Version to 3.8.3. No changes needed. * Remove executable mode on all example scripts. (fix lintian warning) * Run all tests, not just the ones in ruby/. [ akira yamada ] * Added debian/patches/090908_regexp_unicode_class.dpatch: - \d, \s and \w are now non Unicode class. [ruby-dev:39026] - warn duplicated characters in character class. [ruby-core:24593] (backported from r24387 and r24544.) -- Lucas Nussbaum Wed, 09 Sep 2009 21:55:24 +0200 ruby1.9.1 (1.9.1.243-1) unstable; urgency=low [ Daigo Moriwaki ] * debian/watch: corrected to follow the new versioning by the upstream such as 1.9.1-p0.tar.gz * Added debian/patches/090301_r22440_OCSP_basic_verify.dpatch Not properly checking the return value of OCSP_basic_verify (Closes: #513528) * Added debian/patches/090803_exclude_rdoc.dpatch to avoid errors to for generating RDoc documents. * debian/fixshebang.sh: skip non-text files, which works around hanging of sed on scanning gif images. * The upstream's COPYING* is no longer installed (due to Debian policy). That informatin is included in debian/copyright. * debian/ruby1.9.1-elisp.emacsen-{remove|startup|install}: Corrected the package name. [ Lucas Nussbaum ] * Build-Depends on procps. Closes: #510914. * Added patch 940_test_thread_mutex_sync_shorter: makes test_mutex_synchronize much shorter to deal with slow arches. Closes: #514696. * Added patch 940_hppa_disable_test_propag_signal: disable test_should_propagate signal on hppa. Closes: #514695. * Checked that 1.9.1.0 fixes CVE-2008-3905. Closes: #498977. * debian/patches cleanups. Removed obsolete patches. * Added 940_test_file_exhaustive_fails_as_root and 940_test_priority_fails to deal with test suite failures. * Disable 102_skip_test_copy_stream and 104_skip_btest_io: I couldn't reproduce the failure on x86-64. Is it arch-specific? * common-post-build-arch:: fail if the test suites fail. * Fix location of vendor dir in configure option. /usr/lib[...], not usr/lib[...]. * New upstream release: 1.9.1.243. + 090301_r22440_OCSP_basic_verify.dpatch no longer needed (was a backport) + Updated debian/generated-incs/*. * Added 090729_fix_Makefile_deps.dpatch: add dependency in common.mk between do-install-nodoc and $(PROGRAM). * Handle DEB_BUILD_OPTIONS="nocheck" to allow to skip the test suite. * Move manpages to debian/manpages/ * Started the rename from *1.9 to *1.9.1: source package and binary packages done. * Fix building on lpia (Fixes: #532057). * Disable the test suite on hppa since it blocks because of strange signal semantics. * Bumped Standards-Version to 3.8.2. No changes needed. * Agree with ftpmaster's overrides. -- Lucas Nussbaum Thu, 30 Jul 2009 01:24:03 +0200 ruby1.9 (1.9.1.0-1) experimental; urgency=low * new upstream version. * updated debian/generated-incs/*. * change package name to libruby1.9.1 from librub1.9-1.9. Here "1.9.1" indicates Ruby API version. libruby1.9.1 conflicts/replaces: libruby1.9. (No confilcts/replaces for libruby1.9-1.9 because these packages are note relased to Debian.) It is preparations for ABI changes in the future version of Ruby 1.9. * adjusted 903_skip_base_ruby_check. * updated 931_libruby_suffix. ruby runtime library is libRUBYNAME-1.9.1.so*. * updated debian/NEWS. -- akira yamada Tue, 03 Feb 2009 22:23:42 +0900 ruby1.9 (1.9.1~rc2-1) experimental; urgency=low * new upstream release. * updated debian/generated-incs/*. * updated 202_gem_default_dir. * change package name to libruby1.9-1.9 from librub1.9. (libruby1.9-1.9 conflicts/replaces: libruby1.9.) It is preparations for ABI changes in the future version of Ruby 1.9. * added 931_libruby_suffix. It filechanges name of ruby runtime library to libRUBYNAME-1.9.so* from libRUBYNAME.so. -- akira yamada Thu, 22 Jan 2009 10:08:27 +0900 ruby1.9 (1.9.1~rc1-1) experimental; urgency=low * new upstream release. * updated 202_gem_default_dir. * updated 201_gem_prelude and re-entered to 00list. * removed unneeded dpatches: - 308_r20120_rexml_DoS_fix_regression - 920_rexml_document_transitive.dpatch * added 203_adjust_base_of_search_path: it changes base directory of search path to /usr/lib/ruby from /usr/lib/ruby1.9 for compatibility. ("ruby1.9" come from ruby_install_name.) [experimental] * debian/rules: configure with --vendor-ruby=/usr/lib/ruby/vendor_ruby for compatibility. [experimental] -- akira yamada Thu, 15 Jan 2009 11:17:40 +0900 ruby1.9 (1.9.1~preview1-1) experimental; urgency=low * new upstream release. * old "i386-linux" directory is no longer supported. * updated debian/generated-incs/*. * removed unneeded dpatch from 00list: - 101_parse_rb.dpatch - 103_array_c_r17570_to_r17756.dpatch - 201_gem_prelude.dpatch - 301_dns_spoofing_r18424 - 302_r18220_webrick_DoS - 303_r17726_syslog_safeleve4 - 304_r17577_trace_var_safeleve4 - 305_r18496_dl_tain - 306_r17586_methods_called_safelevel13 - 307_r19033_rexml_DoS - 930_zero_tainted * applied patches: - 202_gem_default_dir: regenerated from 201_gem_prelude. - 308_r20120_rexml_DoS_fix_regression: fixes regression. -- akira yamada Thu, 13 Nov 2008 16:06:57 +0900 ruby1.9 (1.9.0.2-9) unstable; urgency=high * fixes regression: - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML. (ref: #502535) -- akira yamada Thu, 13 Nov 2008 13:26:36 +0900 ruby1.9 (1.9.0.2-8) unstable; urgency=high * Added patch: 930_zero_tainted.dpatch backport of upstream r17612. Closes: #501408 (RC bug). -- Lucas Nussbaum Thu, 16 Oct 2008 22:15:33 +0200 ruby1.9 (1.9.0.2-7) unstable; urgency=low * debian/rules: Fixed a FTBFS on hurd-i386: failure of cat /proc/cpuinfo no more stops the build process. (Closes: #497737) -- Daigo Moriwaki Fri, 05 Sep 2008 12:07:57 +0900 ruby1.9 (1.9.0.2-6) unstable; urgency=low * Added patches under debian/patches which were backported from the upstream and fixed multiple vulnerabilities: - 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability in resolv.rb. (CVE-2008-1447) - 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick. - 303_r17726_syslog_safeleve4.dpatch: syslog operations should be protected from $SAFE level 4. - 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not be allowed at safe level 4. - 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could allow attackers to call dangerous functions. - 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may be called at safe level 1-3. (Closes: #494402) - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML. (CVE-2008-3790) (Closes: #497610) -- Daigo Moriwaki Tue, 02 Sep 2008 22:11:34 -0400 ruby1.9 (1.9.0.2-5) unstable; urgency=low [ Lucas Nussbaum ] * Because of make's dependency handling on phony targets after the addition of the watch in 1.9.0.1-4, parse.o was rebuilt three times during the build process. Build it only once, which should reduce the build time significantly. [ Daigo Moriwaki ] * RubyGems did not work completely due to a gem_relude mechanism . This issue has been fixed. (Closes: #492206) - debian/patches/201_gem_prelude.dpatch - debian/rules -- Daigo Moriwaki Thu, 31 Jul 2008 00:54:00 +0900 ruby1.9 (1.9.0.2-4) unstable; urgency=low * Modified computing of arch_name to cope with armel. This was broken because of the change for lpia. We are now using the same code as ruby1.8's debian/rules. Closes: #490663. * Cleaned up debian/rules to use DEB_HOST_* instead of DEB_BUILD_*. -- Lucas Nussbaum Sun, 13 Jul 2008 16:30:24 +0200 ruby1.9 (1.9.0.2-3) unstable; urgency=low * Updated 102_skip_test_copy_stream.dpatch to also ignore test_copy_stream_socket. -- Lucas Nussbaum Sat, 12 Jul 2008 16:12:53 +0200 ruby1.9 (1.9.0.2-2) unstable; urgency=low * applied debian/patches/103_array_c_r17570_to_r17756.dpatch: - fixed an integer overflow bug. -- Daigo Moriwaki Wed, 09 Jul 2008 00:06:50 +0900 ruby1.9 (1.9.0.2-1) unstable; urgency=high * New upstream release. * debian/generated-incs/*.inc: updated. They were created directly from the source using ruby1.8. * Fixed vulnerability: arbitrary code execution vulnerability and so on (Closes: #487239) * debian/watch: supported the version numbering of the upstream. * removed patches that the upstream has applied: - debian/patches/800_parse_shebang_in_usascii.dpatch - debian/patches/801_too_strict_encoding_check.dpatch - debian/patches/802_hash_compare_by_identity.dpatch - debian/patches/803_syntaxerror_irb_bug.dpatch - debian/patches/804_debug.rb_is_bloken.dpatch - debian/patches/805_webrick_file_access_vulnerability.dpatch * removed patches since this package no longer provides rubygems. - debian/patches/910_gem_prelude.dpatch - debian/patches/911_default_gem_path.dpatch - debian/patches/913_disable_update_system.dpatch - debian/patches/917_avoid_ioseek.dpatch - debian/patches/918_tighter_search_regex.dpatch * Added debian/patches/101_parse_rb.dpatch: RDoc might have failed to parse. * Added debian/patches/102_skip_test_copy_stream.dpatch: skip a test -- Daigo Moriwaki Sat, 21 Jun 2008 16:02:58 +0900 ruby1.9 (1.9.0.1-5) experimental; urgency=low * The gem1.9 package is removed. Use rubygems1.9 instead. -- Daigo Moriwaki Sun, 08 Jun 2008 22:58:14 +0900 ruby1.9 (1.9.0.1-4) experimental; urgency=low * Improved 919_common.mk_tweaks.dpatch: outputs the result of "ps" on a regular basis, so the build doesn't timeout on slow arches like mips(el). * Move gem1.9 to a seperate package. This is necessary because gem1.9 requires rdoc1.9 (see https://bugs.launchpad.net/ubuntu/+source/ruby1.9/+bug/228345 ), so there are two solutions: - keep gem1.9 in ruby1.9, and merge back rdoc1.9. This cause people interested in running ruby apps (not developing ruby scripts) to install lots of unnecessary stuff. - move rubygems to a separate package. -- Lucas Nussbaum Sat, 24 May 2008 11:25:34 +0200 ruby1.9 (1.9.0.1-3) experimental; urgency=low * Add uname and /proc/cpuinfo output to the build log. * Added 919_common.mk_tweaks.dpatch: build more verbosely. Needed to avoid a timeout on mips(el). * Added 904_linux_target_os.dpatch from Ubuntu. Robustifies check for target_os. * debian/rules: Improved substitutions in arch_name (also from Ubuntu). -- Lucas Nussbaum Sat, 17 May 2008 18:04:13 +0200 ruby1.9 (1.9.0.1-2) experimental; urgency=low * Build with -O2 everywhere by default. * Upload to experimental to see how things work out. -- Lucas Nussbaum Wed, 07 May 2008 15:45:40 +0200 ruby1.9 (1.9.0.1-1) unstable; urgency=low [ akira yamada ] * new upstream snapshot 1.9.0-1. * debian/generated-incs/*: updated. * applied some bug fix patches: - 800_parse_shebang_in_usascii: [ruby-dev:33955] --encoding affects script encoding - 801_too_strict_encoding_check: [ruby-dev:33966] remove too strict encoding check - 802_hash_compare_by_identity: [ruby-dev:33989] Hash#compare_by_identity breaks commutativity of Hash#== - 803_syntaxerror_irb_bug: [ruby-dev:33991] SyntaxError should not be considered as IRB bug - 804_debug.rb_is_bloken: [ruby-dev:33992] debug.rb causes NoMethodError - 805_webrick_file_access_vulnerability: fixes vulnerbility of WEBrick which is described at - 900_ri_pager: updated. [ Lucas Nussbaum ] * debian/control: Added myself to Uploaders:. * debian/control: Added Homepage and Vcs-* fields. * added 909_update_lib_README.dpatch, backported from ruby1.8. * Improved description of ruby1.9-dev. * No longer build using gcc-4.1 on m68k. Use the default gcc version. (Closes: #463294) * debian/control: bumped Standards-Version to 3.7.3. No changes needed. * added watch file. [ Daigo Moriwaki ] * debian/control: - imporoved the description for libopenssl-ruby1.8. - ruby1.9-dev now depends on libc6-dev. -- Lucas Nussbaum Fri, 07 Mar 2008 17:35:14 +0100 ruby1.9 (1.9.0.0-2) unstable; urgency=low * Added debian/patches/910_gem_prelude.dpatch: changed the default rubygems home directory in prelude as well. (Closes: #458620) -- Daigo Moriwaki Wed, 02 Jan 2008 18:09:03 +0900 ruby1.9 (1.9.0.0-1) unstable; urgency=low [Akira Yamada] * new upstream version, 1.9.0-0. (closes: #457519, #446220) * added manpages for gem1.9 and rake1.9. * debian/generated-incs/*.inc: updated by files in upstream tarball. * debian/patches/801_update_sample_README.dpatch: removed. * debian/patches/903_skip_base_ruby_check.dpatch: updated. * debian/NEWS, debian/README.Debian: updated. [Daigo Moriwaki] * supported rubygems that has been merged with the upstream. I imported files and changes from libgems-ruby1.8_1.0.1.deb package. - added debian/patches/911_default_gem_path.dpatch - added debian/patches/913_disable_update_system.dpatch - added debian/patches/918_tighter_search_regex.dpatch - added debian/patches/917_avoid_ioseek.dpatch - added debian/libruby1.9.postrm.in - debian/patches/00list: applied above changes. - debian/README.Debian: added a note for rubygems - debian/libruby1.9.postinst.in: script to remove a cache file. - debian/rules: applied above changes. -- akira yamada Wed, 26 Dec 2007 12:46:09 +0900 ruby1.9 (1.9.0+20071225-1) unstable; urgency=low * new upstream snapshot. (r14640) * updated debian/generated-incs/* files. -- akira yamada Tue, 25 Dec 2007 10:49:38 +0900 ruby1.9 (1.9.0+20071016-1) unstable; urgency=high * new upstream snapshot. (r13713) - fixed CVE-2007-5162. - fixed illegal instructions at runtime on sparc. (closes: #366444) Thanks to Lucas Nussbaum. * updated debian/generated-incs/* files. * debian/rules: fixed wrong arch_name for arm-linux-gnueabi. (closes: #445433) Thanks to Riku Voipio. * debian/ruby1.9-elisp.emacsen-startup: uses "\\\\'" for ignore newlines in filenames. (closes: #446180) Thanks to Trent W. Buck. * debian/control: added Daigo Moriwaki to uploaders and removed Akira Tagoh from uploaders. -- akira yamada Thu, 18 Oct 2007 09:36:36 +0900 ruby1.9 (1.9.0+20070910-1) unstable; urgency=low * new upstream snapshot. (r13426) * debian/rules: added -g option to CPPFLAGS and CXXFLAGS. -- akira yamada Tue, 11 Sep 2007 10:46:09 +0900 ruby1.9 (1.9.0+20070830-2) unstable; urgency=low * configure.in: skip host ruby check. * debian/generated-incs/prelude.c: added. (closes: #440480) -- akira yamada Sun, 02 Sep 2007 09:20:54 +0900 ruby1.9 (1.9.0+20070830-1) unstable; urgency=low * new upstream snapshot. (r13318) (closes: #426134, #426267) * updated debian/generated-incs/* files. * added debian/patches/902_define_YAML_in_yaml_stringio.rb.dpatch. -- akira yamada Thu, 30 Aug 2007 13:53:44 +0900 ruby1.9 (1.9.0+20070606-1) unstable; urgency=low * new upstream snapshot. (2006-06-06) * updated debian/generated-incs/* files. -- akira yamada Wed, 06 Jun 2007 11:58:24 +0900 ruby1.9 (1.9.0+20070526-1) unstable; urgency=low * new upstream snapshot. (2006-05-26) -- akira yamada Sat, 26 May 2007 21:02:58 +0900 ruby1.9 (1.9.0+20070523-1) unstable; urgency=low * new upstream snapshot. (2006-07-23) * added debian/generated-incs/* files: They are are generated by "make incs". Updating these files is needed when the source is updated. (Closes: #425607) -- akira yamada Wed, 23 May 2007 13:21:02 +0900 ruby1.9 (1.9.0+20070521-1) unstable; urgency=low * new upstream snapshot. (2006-07-21) (Closes: #414856, #388344) -- akira yamada Mon, 21 May 2007 14:00:19 +0900 ruby1.9 (1.9.0+20060609-1) unstable; urgency=low * new upstream snapshot. (2006-06-09) * configure with -fno-strict-aliasing (Bug#370553) * rdoc1.9 suggests graphviz (Bug#339524) * debian/copyright: added a note for using libopenssl-ruby1.9. (Bug#367024) * debian/README.Debian: updated. (Closes: #344294) * added debian/patches/802_mkconfig.dpatch -- akira yamada Thu, 13 Jul 2006 22:43:47 +0900 ruby1.9 (1.9.0+20060423-4) unstable; urgency=low * reverted to 1.9.0+20060423-3. - 1.9.0+20060423-3.1 is not enough to fix the probleam and - 1.9.0+20060423-3.1 ignores dpatch :-< -- akira yamada Thu, 7 Jul 2006 22:44:23 +0900 ruby1.9 (1.9.0+20060423-3.1) unstable; urgency=low * Non-maintainer upload. * Make mkconfig.rb understand autoconf >2.59a's new way of doing config.status; it inserts #|_!!_|# into the sed lines temporarily, then removes them at the end. Since mkconfig.rb only parses these lines instead of executing the entire sed script, it has to remove #|_!!_|# by itself. This fixes FTBFS with newer autoconf. (Closes: #373953) -- Steinar H. Gunderson Sun, 25 Jun 2006 16:05:24 +0200 ruby1.9 (1.9.0+20060423-3) unstable; urgency=low * akira yamada - debian/control, debian/rules: uses gcc-4.1 for m68k. (Closes: #360745) -- akira yamada Tue, 25 Apr 2006 23:00:39 +0900 ruby1.9 (1.9.0+20060423-2) unstable; urgency=medium * akira yamada - debian/rules: CFLAGS=-O0 for avoiding a bug of gcc-4.0 on m68k. (Closes: #360745) -- akira yamada Tue, 25 Apr 2006 12:46:34 +0900 ruby1.9 (1.9.0+20060423-1) unstable; urgency=low * akira yamada - new upstream snapshot. (2006-04-23) -- akira yamada Sun, 23 Apr 2006 18:14:31 +0900 ruby1.9 (1.9.0+20050921-1) unstable; urgency=high * akira yamada - new upstream snapshot. (2005-09-21) - [security] JVN#62914675 CVE-2005-2337 - preserve safe level in the environment where a method is defined. - prohibit calling tainted method (>2) when $SAFE == 0. - removed debian/patches/802_workaround_for_send.dpatch: - the patch is in upstream. - debian/control: build-depends on libreadline5-dev. (closes: #326333) -- akira yamada Wed, 21 Sep 2005 13:16:19 +0900 ruby1.9 (1.9.0+20050902-1) unstable; urgency=high * akira yamada - new upstream snapshot. (2005-09-02) - [security] preserve safe level in the environment where a method is defined. - added debian/patches/802_workaround_for_send.dpatch: - workaround for changed behavior of __send__. [ruby-dev:26935] -- akira yamada Fri, 2 Sep 2005 15:21:10 +0900 ruby1.9 (1.9.0+20050727-1) unstable; urgency=low * akira yamada - new upstream snapshot. (2005-07-27) - removed debian/patches/803_runruby.rb_loadpath.dpatch: - the patch is in upstream source. -- akira yamada Wed, 3 Aug 2005 19:56:18 +0900 ruby1.9 (1.9.0+20050623-2) unstable; urgency=high * akira yamada - debian/rules: supported to build with dpkg-dev_1.13. (ref: ) - changed arch-name for Ruby to i486-linux from i386-linux because DEB_BUILD_GNU_TYPE is changed to i486-linux-gnu from i386-linux. - (urgency high) used -linux instead of -linux-gnu for paths in debian/*.files. (ref: Bug#315566) - added patches/902_extra_search_path.patch: - temporally added "/usr/local/lib/site_ruby/1.8/i386-linux" and "/usr/lib/ruby/1.8/i386-linux" as extra search paths to Ruby on ix86 arch. - added debian/NEWS. -- akira yamada Wed, 29 Jun 2005 23:53:01 +0900 ruby1.9 (1.9.0+20050623-1) unstable; urgency=high * akira yamada - new upstream snapshot. - (urgency high) fixed arbitrary command execution on XMLRPC server. [ruby-core:5237] (see: CAN-2005-1992, Bug#315064) - added debian/patches/803_runruby.rb_loadpath.dpatch: - runruby.rb should require rbconfig.rb in source directory. (it is for make install-doc.) -- akira yamada Thu, 23 Jun 2005 20:33:03 +0900 ruby1.9 (1.9.0+20050412-4) unstable; urgency=low * akira yamada - debian/rules: CFLAGS=-O0 is for ia64 not for i386. -- akira yamada Sun, 17 Apr 2005 03:30:22 +0900 ruby1.9 (1.9.0+20050412-3) unstable; urgency=high - debian/rules: fixed wrong filename conversion. (closes: #304809) - debian/libruby1.9.*.in: should not be empty. -- akira yamada Sat, 16 Apr 2005 01:44:05 +0900 ruby1.9 (1.9.0+20050412-2) unstable; urgency=high * akira yamada - debian/rules: binary-install/ should contain dh_movefiles only, because "debian/rules binary-arch" cannot create some directories. -- akira yamada Fri, 15 Apr 2005 06:47:44 +0900 ruby1.9 (1.9.0+20050412-1) unstable; urgency=low * akira yamada - uploaded to Debian. (closes: #256004) -- akira yamada Wed, 13 Apr 2005 18:06:34 +0900 ruby1.9 (1.9.0+20050412-0+1) unstable; urgency=low * akira yamada - initial packaging. -- akira yamada Wed, 13 Apr 2005 07:28:16 +0900