2009
ruby1.9 (1.9.0.5-1) unstable; urgency=low
[ Daigo Moriwaki ]
* debian/watch: corrected to follow the new versioning by the upstream such
as 1.9.1-p0.tar.gz
* Added debian/patches/090301_r22440_OCSP_basic_verify.dpatch: It did not
properly check the return value from the OCSP_basic_verify function, which
might allow remote attackers to successfully present an invalid X.509
certificate, possibly involving a revoked certificate. [CVE-2009-0642]
(Closes: #513528)
* debian/rules:
- fixshebang.sh runs on bash.
- The upstream's COPYING* is no longer installed (due to Debian policy).
That information is included in debian/copyright.
* debian/patches/090803_exclude_rdoc.dpatch: ported from the ruby1.9.1
package.
* debian/control: Added misc depends.
* debian/compat: Bumpled up the version to 7.
[ Lucas Nussbaum ]
* New upstream release.
+ *.inc updated.
+ no longer needed (were backports):
- 101_parse_rb
- 103_array_c_r17570_to_r17756
- 301_dns_spoofing_r18424
- 302_r18220_webrick_DoS
- 303_r17726_syslog_safeleve4
- 304_r17577_trace_var_safeleve4
- 305_r18496_dl_tain
- 306_r17586_methods_called_safelevel13
- 307_r19033_rexml_DoS
- 308_regexp_segv
- 930_zero_tainted
+ Refreshed:
- 919_common.mk_tweaks
+ 102_skip_test_copy_stream: file changed upstream, might no
longer be needed.
* Fix building on lpia (Closes: #532057).
* Disable the test suite on hppa since it blocks because of strange
signal semantics. (Closes: #514695).
* Agree with ftpmaster's overrides.
* Bumped Standards-Version to 3.8.2. No changes needed.
* Build-Depends on procps. Closes: #510914.
* debian/fixshebang.sh: skip non-text files, which works around
hanging of sed on scanning gif images.
* Added 940_test_file_exhaustive_fails_as_root and
940_test_priority_fails to deal with test suite failures.
* Added patch 940_test_thread_mutex_sync_shorter: makes
test_mutex_synchronize much shorter to deal with slow arches.
Closes: #514696.
* Removed Fumitoshi UKAI <ukai@debian.or.jp> from Uploaders. Thanks a
lot for the past help! Closes: #541026.
-- Daigo Moriwaki <daigo@debian.org> Sat, 22 Aug 2009 09:55:25 +0900
ruby1.9 (1.9.0.2-9.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)
-- Nico Golde <nion@debian.org> Mon, 06 Apr 2009 18:43:32 +0200
2008
ruby1.9 (1.9.0.2-9) unstable; urgency=high
* fixes regression:
- 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
(ref: #502535)
* added patch: 308_regexp_segv
avoid segmentation fault in Regexp#inspect.
(backported r19384, r19433 and r20243 of upstream trunk.)
* debian/rules: copy debian/generated-incs/*.inc without "-p" option to
avoid re-generate incs.
-- akira yamada <akira@debian.org> Tue, 02 Dec 2008 14:39:22 +0900
ruby1.9 (1.9.0.2-8) unstable; urgency=high
* Added patch: 930_zero_tainted.dpatch
backport of upstream r17612. Closes: #501408 (RC bug).
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Thu, 16 Oct 2008 22:15:33 +0200
ruby1.9 (1.9.0.2-7) unstable; urgency=low
* debian/rules: Fixed a FTBFS on hurd-i386: failure of
cat /proc/cpuinfo no more stops the build process.
(Closes: #497737)
-- Daigo Moriwaki <daigo@debian.org> Fri, 05 Sep 2008 12:07:57 +0900
ruby1.9 (1.9.0.2-6) unstable; urgency=low
* Added patches under debian/patches which were backported from the
upstream and fixed multiple vulnerabilities:
- 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability
in resolv.rb. (CVE-2008-1447)
- 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick.
- 303_r17726_syslog_safeleve4.dpatch: syslog operations should be
protected from $SAFE level 4.
- 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not
be allowed at safe level 4.
- 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could
allow attackers to call dangerous functions.
- 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may
be called at safe level 1-3.
(Closes: #494402)
- 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
(CVE-2008-3790) (Closes: #497610)
-- Daigo Moriwaki <daigo@debian.org> Tue, 02 Sep 2008 22:11:34 -0400
ruby1.9 (1.9.0.2-5) unstable; urgency=low
[ Lucas Nussbaum ]
* Because of make's dependency handling on phony targets after the addition
of the watch in 1.9.0.1-4, parse.o was rebuilt three times during the
build process. Build it only once, which should reduce the build time
significantly.
[ Daigo Moriwaki ]
* RubyGems did not work completely due to a gem_relude mechanism . This
issue has been fixed. (Closes: #492206)
- debian/patches/201_gem_prelude.dpatch
- debian/rules
-- Daigo Moriwaki <daigo@debian.org> Thu, 31 Jul 2008 00:54:00 +0900
ruby1.9 (1.9.0.2-4) unstable; urgency=low
* Modified computing of arch_name to cope with armel. This was broken
because of the change for lpia. We are now using the same code as
ruby1.8's debian/rules. Closes: #490663.
* Cleaned up debian/rules to use DEB_HOST_* instead of DEB_BUILD_*.
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Sun, 13 Jul 2008 16:30:24 +0200
ruby1.9 (1.9.0.2-3) unstable; urgency=low
* Updated 102_skip_test_copy_stream.dpatch to also ignore
test_copy_stream_socket.
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Sat, 12 Jul 2008 16:12:53 +0200
ruby1.9 (1.9.0.2-2) unstable; urgency=low
* applied debian/patches/103_array_c_r17570_to_r17756.dpatch:
- fixed an integer overflow bug.
-- Daigo Moriwaki <daigo@debian.org> Wed, 09 Jul 2008 00:06:50 +0900
ruby1.9 (1.9.0.2-1) unstable; urgency=high
* New upstream release.
* debian/generated-incs/*.inc: updated. They were created directly from the
source using ruby1.8.
* Fixed vulnerability: arbitrary code execution vulnerability and so on
(Closes: #487239)
* debian/watch: supported the version numbering of the upstream.
* removed patches that the upstream has applied:
- debian/patches/800_parse_shebang_in_usascii.dpatch
- debian/patches/801_too_strict_encoding_check.dpatch
- debian/patches/802_hash_compare_by_identity.dpatch
- debian/patches/803_syntaxerror_irb_bug.dpatch
- debian/patches/804_debug.rb_is_bloken.dpatch
- debian/patches/805_webrick_file_access_vulnerability.dpatch
* removed patches since this package no longer provides rubygems.
- debian/patches/910_gem_prelude.dpatch
- debian/patches/911_default_gem_path.dpatch
- debian/patches/913_disable_update_system.dpatch
- debian/patches/917_avoid_ioseek.dpatch
- debian/patches/918_tighter_search_regex.dpatch
* Added debian/patches/101_parse_rb.dpatch: RDoc might have failed to parse.
* Added debian/patches/102_skip_test_copy_stream.dpatch: skip a test
-- Daigo Moriwaki <daigo@debian.org> Sat, 21 Jun 2008 16:02:58 +0900
ruby1.9 (1.9.0.1-5) experimental; urgency=low
* The gem1.9 package is removed. Use rubygems1.9 instead.
-- Daigo Moriwaki <daigo@debian.org> Sun, 08 Jun 2008 22:58:14 +0900
ruby1.9 (1.9.0.1-4) experimental; urgency=low
* Improved 919_common.mk_tweaks.dpatch: outputs the result of "ps" on a
regular basis, so the build doesn't timeout on slow arches like mips(el).
* Move gem1.9 to a seperate package. This is necessary because gem1.9
requires rdoc1.9 (see
https://bugs.launchpad.net/ubuntu/+source/ruby1.9/+bug/228345 ), so there
are two solutions:
- keep gem1.9 in ruby1.9, and merge back rdoc1.9. This cause people
interested in running ruby apps (not developing ruby scripts) to install
lots of unnecessary stuff.
- move rubygems to a separate package.
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Sat, 24 May 2008 11:25:34 +0200
ruby1.9 (1.9.0.1-3) experimental; urgency=low
* Add uname and /proc/cpuinfo output to the build log.
* Added 919_common.mk_tweaks.dpatch: build more
verbosely. Needed to avoid a timeout on mips(el).
* Added 904_linux_target_os.dpatch from Ubuntu. Robustifies check for
target_os.
* debian/rules: Improved substitutions in arch_name (also from Ubuntu).
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Sat, 17 May 2008 18:04:13 +0200
ruby1.9 (1.9.0.1-2) experimental; urgency=low
* Build with -O2 everywhere by default. * Upload to experimental to see how things work out.
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Wed, 07 May 2008 15:45:40 +0200
ruby1.9 (1.9.0.1-1) unstable; urgency=low
[ akira yamada ]
* new upstream snapshot 1.9.0-1.
* debian/generated-incs/*: updated.
* applied some bug fix patches:
- 800_parse_shebang_in_usascii: [ruby-dev:33955] --encoding affects script
encoding
- 801_too_strict_encoding_check: [ruby-dev:33966] remove too strict
encoding check
- 802_hash_compare_by_identity: [ruby-dev:33989] Hash#compare_by_identity
breaks commutativity of Hash#==
- 803_syntaxerror_irb_bug: [ruby-dev:33991] SyntaxError should not be
considered as IRB bug
- 804_debug.rb_is_bloken: [ruby-dev:33992] debug.rb causes NoMethodError
- 805_webrick_file_access_vulnerability: fixes vulnerbility of WEBrick
which is described at
<http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/>;
- 900_ri_pager: updated.
[ Lucas Nussbaum ]
* debian/control: Added myself to Uploaders:.
* debian/control: Added Homepage and Vcs-* fields.
* added 909_update_lib_README.dpatch, backported from ruby1.8.
* Improved description of ruby1.9-dev.
* No longer build using gcc-4.1 on m68k. Use the default gcc version.
(Closes: #463294)
* debian/control: bumped Standards-Version to 3.7.3. No changes needed.
* added watch file.
[ Daigo Moriwaki ]
* debian/control:
- imporoved the description for libopenssl-ruby1.8.
- ruby1.9-dev now depends on libc6-dev.
-- Lucas Nussbaum <lucas@lucas-nussbaum.net> Fri, 07 Mar 2008 17:35:14 +0100
ruby1.9 (1.9.0.0-2) unstable; urgency=low
* Added debian/patches/910_gem_prelude.dpatch: changed the default
rubygems home directory in prelude as well. (Closes: #458620)
-- Daigo Moriwaki <daigo@debian.org> Wed, 02 Jan 2008 18:09:03 +0900
2007
ruby1.9 (1.9.0.0-1) unstable; urgency=low
[Akira Yamada] * new upstream version, 1.9.0-0. (closes: #457519, #446220) * added manpages for gem1.9 and rake1.9. * debian/generated-incs/*.inc: updated by files in upstream tarball. * debian/patches/801_update_sample_README.dpatch: removed. * debian/patches/903_skip_base_ruby_check.dpatch: updated. * debian/NEWS, debian/README.Debian: updated. [Daigo Moriwaki] * supported rubygems that has been merged with the upstream. I imported files and changes from libgems-ruby1.8_1.0.1.deb package. - added debian/patches/911_default_gem_path.dpatch - added debian/patches/913_disable_update_system.dpatch - added debian/patches/918_tighter_search_regex.dpatch - added debian/patches/917_avoid_ioseek.dpatch - added debian/libruby1.9.postrm.in - debian/patches/00list: applied above changes. - debian/README.Debian: added a note for rubygems - debian/libruby1.9.postinst.in: script to remove a cache file. - debian/rules: applied above changes.
-- akira yamada <akira@debian.org> Wed, 26 Dec 2007 12:46:09 +0900
ruby1.9 (1.9.0+20071225-1) unstable; urgency=low
* new upstream snapshot. (r14640) * updated debian/generated-incs/* files.
-- akira yamada <akira@debian.org> Tue, 25 Dec 2007 10:49:38 +0900
ruby1.9 (1.9.0+20071016-1) unstable; urgency=high
* new upstream snapshot. (r13713)
- fixed CVE-2007-5162.
- fixed illegal instructions at runtime on sparc. (closes: #366444)
Thanks to Lucas Nussbaum.
* updated debian/generated-incs/* files.
* debian/rules: fixed wrong arch_name for arm-linux-gnueabi.
(closes: #445433) Thanks to Riku Voipio.
* debian/ruby1.9-elisp.emacsen-startup: uses "\\\\'" for ignore newlines in
filenames. (closes: #446180) Thanks to Trent W. Buck.
* debian/control: added Daigo Moriwaki to uploaders and removed Akira Tagoh
from uploaders.
-- akira yamada <akira@debian.org> Thu, 18 Oct 2007 09:36:36 +0900
ruby1.9 (1.9.0+20070910-1) unstable; urgency=low
* new upstream snapshot. (r13426) * debian/rules: added -g option to CPPFLAGS and CXXFLAGS.
-- akira yamada <akira@debian.org> Tue, 11 Sep 2007 10:46:09 +0900
ruby1.9 (1.9.0+20070830-2) unstable; urgency=low
* configure.in: skip host ruby check. * debian/generated-incs/prelude.c: added. (closes: #440480)
-- akira yamada <akira@debian.org> Sun, 02 Sep 2007 09:20:54 +0900
ruby1.9 (1.9.0+20070830-1) unstable; urgency=low
* new upstream snapshot. (r13318) (closes: #426134, #426267) * updated debian/generated-incs/* files. * added debian/patches/902_define_YAML_in_yaml_stringio.rb.dpatch.
-- akira yamada <akira@debian.org> Thu, 30 Aug 2007 13:53:44 +0900
ruby1.9 (1.9.0+20070606-1) unstable; urgency=low
* new upstream snapshot. (2006-06-06) * updated debian/generated-incs/* files.
-- akira yamada <akira@debian.org> Wed, 06 Jun 2007 11:58:24 +0900
ruby1.9 (1.9.0+20070526-1) unstable; urgency=low
* new upstream snapshot. (2006-05-26)
-- akira yamada <akira@debian.org> Sat, 26 May 2007 21:02:58 +0900
ruby1.9 (1.9.0+20070523-1) unstable; urgency=low
* new upstream snapshot. (2006-07-23)
* added debian/generated-incs/* files: They are are generated by "make
incs". Updating these files is needed when the source is updated.
(Closes: #425607)
-- akira yamada <akira@debian.org> Wed, 23 May 2007 13:21:02 +0900
ruby1.9 (1.9.0+20070521-1) unstable; urgency=low
* new upstream snapshot. (2006-07-21) (Closes: #414856, #388344)
-- akira yamada <akira@debian.org> Mon, 21 May 2007 14:00:19 +0900
2006
ruby1.9 (1.9.0+20060609-1) unstable; urgency=low
* new upstream snapshot. (2006-06-09) * configure with -fno-strict-aliasing (Bug#370553) * rdoc1.9 suggests graphviz (Bug#339524) * debian/copyright: added a note for using libopenssl-ruby1.9. (Bug#367024) * debian/README.Debian: updated. (Closes: #344294) * added debian/patches/802_mkconfig.dpatch
-- akira yamada <akira@debian.org> Thu, 13 Jul 2006 22:43:47 +0900
ruby1.9 (1.9.0+20060423-4) unstable; urgency=low
* reverted to 1.9.0+20060423-3.
- 1.9.0+20060423-3.1 is not enough to fix the probleam and
- 1.9.0+20060423-3.1 ignores dpatch :-<
-- akira yamada <akira@debian.org> Thu, 7 Jul 2006 22:44:23 +0900
ruby1.9 (1.9.0+20060423-3.1) unstable; urgency=low
* Non-maintainer upload.
* Make mkconfig.rb understand autoconf >2.59a's new way of doing
config.status; it inserts #|_!!_|# into the sed lines temporarily, then
removes them at the end. Since mkconfig.rb only parses these lines instead
of executing the entire sed script, it has to remove #|_!!_|# by itself.
This fixes FTBFS with newer autoconf. (Closes: #373953)
-- Steinar H. Gunderson <sesse@debian.org> Sun, 25 Jun 2006 16:05:24 +0200
ruby1.9 (1.9.0+20060423-3) unstable; urgency=low
* akira yamada <akira@debian.org> - debian/control, debian/rules: uses gcc-4.1 for m68k. (Closes: #360745)
-- akira yamada <akira@debian.org> Tue, 25 Apr 2006 23:00:39 +0900
ruby1.9 (1.9.0+20060423-2) unstable; urgency=medium
* akira yamada <akira@debian.org> - debian/rules: CFLAGS=-O0 for avoiding a bug of gcc-4.0 on m68k. (Closes: #360745)
-- akira yamada <akira@debian.org> Tue, 25 Apr 2006 12:46:34 +0900
ruby1.9 (1.9.0+20060423-1) unstable; urgency=low
* akira yamada <akira@debian.org> - new upstream snapshot. (2006-04-23)
-- akira yamada <akira@debian.org> Sun, 23 Apr 2006 18:14:31 +0900
2005
ruby1.9 (1.9.0+20050921-1) unstable; urgency=high
* akira yamada <akira@debian.org> - new upstream snapshot. (2005-09-21) - [security] JVN#62914675 CVE-2005-2337 - preserve safe level in the environment where a method is defined. - prohibit calling tainted method (>2) when $SAFE == 0. - removed debian/patches/802_workaround_for_send.dpatch: - the patch is in upstream. - debian/control: build-depends on libreadline5-dev. (closes: #326333)
-- akira yamada <akira@debian.org> Wed, 21 Sep 2005 13:16:19 +0900
ruby1.9 (1.9.0+20050902-1) unstable; urgency=high
* akira yamada <akira@debian.org> - new upstream snapshot. (2005-09-02) - [security] preserve safe level in the environment where a method is defined. - added debian/patches/802_workaround_for_send.dpatch: - workaround for changed behavior of __send__. [ruby-dev:26935]
-- akira yamada <akira@debian.org> Fri, 2 Sep 2005 15:21:10 +0900
ruby1.9 (1.9.0+20050727-1) unstable; urgency=low
* akira yamada <akira@debian.org> - new upstream snapshot. (2005-07-27) - removed debian/patches/803_runruby.rb_loadpath.dpatch: - the patch is in upstream source.
-- akira yamada <akira@debian.org> Wed, 3 Aug 2005 19:56:18 +0900
ruby1.9 (1.9.0+20050623-2) unstable; urgency=high
* akira yamada <akira@debian.org> - debian/rules: supported to build with dpkg-dev_1.13. (ref: <URL:http://lists.debian.org/debian-devel-announce/2005/06/msg00010.html>;) - changed arch-name for Ruby to i486-linux from i386-linux because DEB_BUILD_GNU_TYPE is changed to i486-linux-gnu from i386-linux. - (urgency high) used <arch>-linux instead of <arch>-linux-gnu for paths in debian/*.files. (ref: Bug#315566) - added patches/902_extra_search_path.patch: - temporally added "/usr/local/lib/site_ruby/1.8/i386-linux" and "/usr/lib/ruby/1.8/i386-linux" as extra search paths to Ruby on ix86 arch. - added debian/NEWS.
-- akira yamada <akira@debian.org> Wed, 29 Jun 2005 23:53:01 +0900
ruby1.9 (1.9.0+20050623-1) unstable; urgency=high
* akira yamada <akira@debian.org> - new upstream snapshot. - (urgency high) fixed arbitrary command execution on XMLRPC server. [ruby-core:5237] (see: CAN-2005-1992, Bug#315064) - added debian/patches/803_runruby.rb_loadpath.dpatch: - runruby.rb should require rbconfig.rb in source directory. (it is for make install-doc.)
-- akira yamada <akira@debian.org> Thu, 23 Jun 2005 20:33:03 +0900
ruby1.9 (1.9.0+20050412-4) unstable; urgency=low
* akira yamada <akira@debian.org> - debian/rules: CFLAGS=-O0 is for ia64 not for i386.
-- akira yamada <akira@debian.org> Sun, 17 Apr 2005 03:30:22 +0900
ruby1.9 (1.9.0+20050412-3) unstable; urgency=high
* akira yamada <akira@debian.org> - debian/rules: fixed wrong filename conversion. (closes: #304809) - debian/libruby1.9.*.in: should not be empty.
-- akira yamada <akira@debian.org> Sat, 16 Apr 2005 01:44:05 +0900
ruby1.9 (1.9.0+20050412-2) unstable; urgency=high
* akira yamada <akira@debian.org> - debian/rules: binary-install/<indep-package> should contain dh_movefiles only, because "debian/rules binary-arch" cannot create some directories.
-- akira yamada <akira@debian.org> Fri, 15 Apr 2005 06:47:44 +0900
ruby1.9 (1.9.0+20050412-1) unstable; urgency=low
* akira yamada <akira@debian.org> - uploaded to Debian. (closes: #256004)
-- akira yamada <akira@debian.org> Wed, 13 Apr 2005 18:06:34 +0900
ruby1.9 (1.9.0+20050412-0+1) unstable; urgency=low
* akira yamada <akira@debian.org> - initial packaging.
-- akira yamada <akira@debian.org> Wed, 13 Apr 2005 07:28:16 +0900