File: changelog

package info (click to toggle)
ruby-rack 3.1.18-1
links: PTS, VCS
area: main
in suites: forky, sid
size: 2,068 kB
sloc: ruby: 15,131; sh: 12; makefile: 7; javascript: 1
file content (559 lines) | stat: -rw-r--r-- 17,607 bytes
ruby-rack (3.1.18-1) unstable; urgency=medium

  * New upstream version 3.1.18.
    - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
      enabling DoS (memory exhaustion).
    - CVE-2025-61771: Multipart parser buffers large non‑file fields
      entirely in memory, enabling DoS (memory exhaustion).
    - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
      (memory exhaustion).
    - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
      allow proxy bypass.
    - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
      to memory exhaustion.
    - Closes: #1117855, #1117856, #1117627, #1117628

 -- Utkarsh Gupta <utkarsh@debian.org>  Wed, 22 Oct 2025 08:52:58 +0100

ruby-rack (3.1.16-0.1) unstable; urgency=medium

  * Non-maintainer upload
  * New upstream version 3.1.16 (Closes: #1104927, #1107363),
    fixes CVE-2025-46727, CVE-2025-49007
  * Remove ruby-bacon from autopkgtests (Closes: #1109027)

 -- Bastian Germann <bage@debian.org>  Tue, 15 Jul 2025 18:00:20 +0200

ruby-rack (3.1.12-1) unstable; urgency=medium

  * Team upload
  * New upstream version 3.1.12
  * Drop obsolete B-Ds

 -- Blair Noctis <ncts@debian.org>  Wed, 19 Mar 2025 15:53:01 +0000

ruby-rack (3.1.9-2) unstable; urgency=medium

  * Re-upload to unstable.

 -- Utkarsh Gupta <utkarsh@debian.org>  Fri, 07 Mar 2025 14:13:53 +0530

ruby-rack (3.1.9-1~exp1) experimental; urgency=medium

  * New upstream version 3.1.9
  * Declare compliance with Debian Policy 4.7.0.

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 11 Feb 2025 10:20:49 -0300

ruby-rack (3.0.8-4) unstable; urgency=medium

  * Add Breaks on pre-rack3 ruby-adsf

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 05 Feb 2025 12:30:11 -0300

ruby-rack (3.0.8-3) unstable; urgency=medium

  * Add Breaks: against package versions that don't work with rack 3

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 04 Feb 2025 20:35:02 -0300

ruby-rack (3.0.8-2) unstable; urgency=medium

  * Re-upload to unstable.

 -- Utkarsh Gupta <utkarsh@debian.org>  Tue, 28 Jan 2025 12:07:16 +0100

ruby-rack (3.0.8-1) experimental; urgency=medium

  * New upstream release.
  * Declare compliance with Debian Policy 4.6.2
  * d/p/skip-random-failure.patch: removed, it does not seem to be failing
    anymore.

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 26 Jun 2023 17:35:11 -0300

ruby-rack (3.0.0-1) experimental; urgency=medium

  * New upstream release.
  * d/p/0002-Make-tests-pass-on-hosts-that-have-no-ipv4-connectiv.patch:
    delete patch applied by upstream.
  * Refresh patches.
  * d/ruby-rack.docs: install README.md instead of README.rdoc.
  * d/control: add myself to the Uploaders list.
  * Do not install rackup manpage anymore. Remove:
    - d/rackup.1
    - d/ruby-rack.manpages
  * d/control: recommend ruby-rack-session and ruby-rackup.
  * d/t/control: add ruby-rackup as a test dependency of smoke-test.
  * d/t/smoke-test: content-type key needs to be in lowercase.
  * Do not depend on thin to run tests during build and autopkgtest time.

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 09 Nov 2022 17:26:10 -0300

ruby-rack (2.2.4-2) unstable; urgency=medium

  * Team Upload
  * eliminate lintian warning: ruby-interpreter-is-deprecated
  * eliminate lintian warning: update-debian-copyright

 -- HIGUCHI Daisuke (VDR dai) <dai@debian.org>  Tue, 09 Aug 2022 11:57:23 +0900

ruby-rack (2.2.4-1) unstable; urgency=medium

  * Team Upload
  * New upstream version 2.2.4 (Fixes: CVE-2022-30122, CVE-2022-30123)
  * Bump Standards-Version to 4.6.1 (no changes needed)

 -- Pirate Praveen <praveen@debian.org>  Fri, 01 Jul 2022 11:59:23 +0530

ruby-rack (2.2.3-4) unstable; urgency=medium

  * Add ruby-webrick as an explicit dependency.
    - it's not embedded as of ruby3.0. (:

 -- Utkarsh Gupta <utkarsh@debian.org>  Mon, 24 Jan 2022 18:45:39 +0530

ruby-rack (2.2.3-3) unstable; urgency=medium

  * Reupload to unstable

 -- Pirate Praveen <praveen@debian.org>  Mon, 24 Jan 2022 16:37:33 +0530

ruby-rack (2.2.3-2) experimental; urgency=medium

  * Team Upload
  * Merge changes from master branch
  * Refresh patches
  * Update watch file standard to 4

 -- Pirate Praveen <praveen@debian.org>  Mon, 24 Jan 2022 14:00:19 +0530

ruby-rack (2.1.4-5) unstable; urgency=medium

  * Team upload
  * Switch to gem-install layout for bundle --local compatibility

 -- Pirate Praveen <praveen@debian.org>  Mon, 24 Jan 2022 00:48:23 +0530

ruby-rack (2.1.4-4) unstable; urgency=medium

  * Team upload

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster

  [ Cédric Boutillier ]
  * Build-depend on ruby-webrick (Closes: #996353)
  * Bump debhelper compatibility level to 13
  * Bump Standards-Version to 4.6.0 (no changes needed)

 -- Cédric Boutillier <boutil@debian.org>  Wed, 17 Nov 2021 11:49:13 +0100

ruby-rack (2.1.4-3) unstable; urgency=medium

  * Team upload.
  * Fix tests when run on ipv6-only hosts (Closes: #979432)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 27 Feb 2021 09:30:57 -0300

ruby-rack (2.2.3-1) experimental; urgency=medium

  * Team upload
  * New upstream version 2.2.3
  * Refresh patches

 -- Pirate Praveen <praveen@debian.org>  Sat, 30 Jan 2021 15:29:45 +0530

ruby-rack (2.1.4-2) unstable; urgency=medium

  * Revert "Drop all patches"
    - Rack::Builder::parse_file#test_0006_strips
      leading unicode byte order mark when present still
      fails in i386 and stuff. Meh, I'll take a look later.

 -- Utkarsh Gupta <utkarsh@debian.org>  Sun, 03 Jan 2021 17:49:29 +0530

ruby-rack (2.1.4-1) unstable; urgency=medium

  [ Pirate Praveen ]
  * New upstream version 2.1.4
  * Bump Standards-Version to 4.5.1 (no changes needed)
  * Drop patches applied upstream

  [ Utkarsh Gupta ]
  * Drop all patches

 -- Utkarsh Gupta <utkarsh@debian.org>  Sun, 03 Jan 2021 17:25:43 +0530

ruby-rack (2.1.1-6) unstable; urgency=medium

  [ Cédric Boutillier ]
  * [ci skip] Update team name
  * [ci skip] Add .gitattributes to keep unwanted files out
    of the source package

  [ Debian Janitor ]
  * Apply multi-arch hints. + ruby-rack: Add :all qualifier
    for ruby dependency.

  [ Utkarsh Gupta ]
  * When parsing cookies, only decode the values.
    Patch utils to fix cookie parsing. (Fixes: CVE-2020-8184)
    (Closes: #963477)

 -- Utkarsh Gupta <utkarsh@debian.org>  Sat, 02 Jan 2021 17:42:02 +0530

ruby-rack (2.1.1-5) unstable; urgency=medium

  * Add patch to use Dir.entries instead of Dir[glob] to prevent
    user-specified glob metacharacters (Fixes: CVE-2020-8161)

 -- Utkarsh Gupta <utkarsh@debian.org>  Thu, 21 May 2020 17:06:27 +0530

ruby-rack (2.1.1-4) unstable; urgency=medium

  * Remove ruby-minitest-global-expectations from Depends
  * Add ruby-minitest-global-expectations for tests

 -- Utkarsh Gupta <utkarsh@debian.org>  Fri, 10 Apr 2020 18:37:00 +0530

ruby-rack (2.1.1-3) unstable; urgency=medium

  * Add patch to skip random failure
    (probably fixed in later upstream version)

 -- Utkarsh Gupta <utkarsh@debian.org>  Fri, 10 Apr 2020 04:21:09 +0530

ruby-rack (2.1.1-2) unstable; urgency=medium

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.

  [ Utkarsh Gupta ]
  * Shoot to unstable
  * Enable tests :D
  * Add BD on ruby-minitest-global-expectations
  * Add runtime dependency on ruby-minitest-global-expectations
  * Fix package wrt cme
  * Use AUTOPKGTEST_TMP in tests as ADTTMP is deprecated
  * Add myself as an uploader
  * Add Rules-Requires-Root: no
  * Add Breaks for ruby-rack-oauth2

 -- Utkarsh Gupta <utkarsh@debian.org>  Fri, 10 Apr 2020 03:43:38 +0530

ruby-rack (2.1.1-1) experimental; urgency=medium

  * Team upload
  * New upstream version 2.1.1
  * Bump Standards-Version to 4.4.1 (no changes needed)
  * Switch test to minitest (but disable tests because build deps not packaged)
  * Switch to github tarballs for tests
  * Upload to experimental because autopkgtest for berkshelf-api coquelicot
    nanoc rails redmine ruby-acts-as-api ruby-faye ruby-grape ruby-moneta
    ruby-omniauth ruby-rack-attack ruby-rack-oauth2 ruby-rack-openid
    ruby-voight-kampff failed and rebuilds of berkshelf-api coquelicot nanoc
    redmine ruby-grape ruby-omniauth ruby-rack-oauth2 ruby-warden failed

 -- Pirate Praveen <praveen@debian.org>  Sun, 12 Jan 2020 20:00:24 +0530

ruby-rack (2.0.7-2) unstable; urgency=medium

  * Team upload
  * Re-upload to unstable
  * Add salsa-ci.yml
  * Bump Standards-Version to 4.4.0
  * Bump debhelper-compat to 12

 -- Utkarsh Gupta <guptautkarsh2102@gmail.com>  Tue, 03 Sep 2019 00:22:18 +0530

ruby-rack (2.0.7-1) experimental; urgency=medium

  * Team upload
  * New upstream version 2.0.7

 -- Utkarsh Gupta <guptautkarsh2102@gmail.com>  Wed, 15 May 2019 21:13:44 +0530

ruby-rack (2.0.6-3) unstable; urgency=medium

  * Team upload.
  * add Breaks: ruby-sinatra (<< 2), as ruby-sinatra 1.x does not work with
    ruby-rack 2.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 11 Jan 2019 10:11:26 -0300

ruby-rack (2.0.6-2) unstable; urgency=medium

  * Team upload
  * Re-upload to unstable

 -- Sruthi Chandran <srud@disroot.org>  Thu, 03 Jan 2019 21:42:53 +0530

ruby-rack (2.0.6-1) experimental; urgency=medium

  * Team upload
  * New upstream release
  * Remove CVE-2018-16471.patch already applied upstream

 -- Sruthi Chandran <srud@disroot.org>  Mon, 24 Dec 2018 22:11:29 +0530

ruby-rack (2.0.5-2) experimental; urgency=medium

  * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious
    request could impact the HTTP/HTTPS scheme returned to the underlying
    application. (Closes: #913005)
  * debian/control:
    - Add myself to Uploaders.
    - Bump Standards-Version to 4.2.1.
    - wrap-and-sort -sa.
  * Drop trailing whitespace in debian/changelog.
  * Use HTTPS URI in debian/copyright.

 -- Chris Lamb <lamby@debian.org>  Wed, 21 Nov 2018 14:58:29 +0100

ruby-rack (2.0.5-1) experimental; urgency=medium

  * Team upload

  [ Pirate Praveen ]
  * Drop 0001-Fix-Params_Depth.patch (applied upstream)

  [ Sruthi Chandran ]
  * New upstream release

 -- Sruthi Chandran <srud@disroot.org>  Tue, 01 May 2018 17:10:47 +0530

ruby-rack (1.6.4-4) unstable; urgency=medium

  * Team upload.

  [ Cédric Boutillier ]
  * Use https:// in Vcs-* fields
  * Run wrap-and-sort on packaging files

  [ Christian Hofstaedtler ]
  * Remove uninstallable ruby-memcache-client from test dependencies
  * Bump Standards-Version to 3.9.8

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 13 Jul 2016 01:59:31 +0200

ruby-rack (1.6.4-3) unstable; urgency=medium

  * Team upload
  * Bump compat. version to 9
  * Update Debian packaging using dh-make-ruby
  * d/control:
      Update Vcs-* fields (switch to cgit and https everywhere)
      Bump Standards-Version to 3.9.7 (no changes)
      Move to ruby-dalli (memcache-client is deprecated)
        ROM for ruby-memcache-client
        https://github.com/rack/rack/issues/1025
      Remove librack-ruby* relations (those packages are long gone)

 -- Sebastien Badia <seb@sebian.fr>  Thu, 03 Mar 2016 16:24:53 -0300

ruby-rack (1.6.4-2) unstable; urgency=medium

  * Upload to unstable

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 12 Dec 2015 16:08:31 -0200

ruby-rack (1.6.4-1) experimental; urgency=medium

  * Team upload
  * New upstream release
  * Refresh patch (part merged upstream)

 -- Pirate Praveen <praveen@debian.org>  Fri, 07 Aug 2015 01:16:26 +0530

ruby-rack (1.5.2-4) unstable; urgency=medium

  * Add patch: Fix upstream Issue 631
    - uninitialized constant Rack::Response::BodyProxy
  * Create cherry-picked patch for Security Fix (Closes: #789311)
    - CVE-2015-3225: 1-4-deep_params.patch

 -- Youhei SASAKI <uwabami@gfd-dennou.org>  Wed, 29 Jul 2015 17:32:29 +0900

ruby-rack (1.5.2-3) unstable; urgency=medium

  * add myself to Uploaders:
  * debian/ruby-tests.rake: run all tests instead of a subset of them
  * debian/tests/control: add a gem2deb-test-runner test

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 17 Oct 2014 09:41:28 -0300

ruby-rack (1.5.2-2) unstable; urgency=medium

  * Team upload.
  * Rebuild with recent gem2deb to make package visible to Rubygems on all
    Ruby interpreters
  * Drop transitional packages
  * Add autopkgtest smoke test

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 24 Jul 2014 19:24:55 -0300

ruby-rack (1.5.2-1) unstable; urgency=low

  * Team upload.

  [ Cédric Boutillier ]
  * debian/control: remove obsolete DM-Upload-Allowed flag
  * use canonical URI in Vcs-* fields

  [ Christian Hofstaedtler ]
  * New upstream release.
  * Removed all patches, already applied upstream.

 -- Christian Hofstaedtler <christian@hofstaedtler.name>  Mon, 03 Jun 2013 15:56:09 +0200

ruby-rack (1.4.1-2.1) unstable; urgency=high

  [ KURASHIKI Satoru ]
  * Non-maintainer upload.
  * Create cherry-picked patches for Security Fix (Closes: #700173 #700226).
    - CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch
    - CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch

  [ Youhei SASAKI ]
  * Create cherry-picked patches for Security Fix (Closes: #698440).
    - CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch
    - CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch
    - CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch

 -- KURASHIKI Satoru <lurdan@gmail.com>  Wed, 20 Feb 2013 20:56:31 +0900

ruby-rack (1.4.1-2) unstable; urgency=low

  * Bump build dependency on gem2deb to >= 0.3.0~

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 25 Jun 2012 15:07:51 -0300

ruby-rack (1.4.1-1) unstable; urgency=low

  * New Upstream version 1.4.1
  * Bump standard version: 3.9.3
  * Add Build-Depends: rake, bacon, ruby-memcache-client, thin
  * Add d/s/local-options: Update patch handling
  * Update ruby-tests.rb to ruby-tests.rake: running full test

 -- Youhei SASAKI <uwabami@gfd-dennou.org>  Wed, 07 Mar 2012 01:00:16 +0900

ruby-rack (1.4.0-1) unstable; urgency=low

  * New upstream release (closes: #653963).

 -- Paul van Tilburg <paulvt@debian.org>  Tue, 03 Jan 2012 22:39:13 +0100

ruby-rack (1.3.5-1) unstable; urgency=low

  * New upstream release.
  * Fix my email address.
  * Fix priority of transitional packages.
  * TESTS ARE DISABLED: many dependencies required for tests are not
    packaged yet.

 -- Lucas Nussbaum <lucas@debian.org>  Wed, 21 Dec 2011 10:52:37 +0100

ruby-rack (1.3.1-1) unstable; urgency=low

  * New upstream release: 1.3.1
  * Bump Standard version: 3.9.2
  * Add me to Uploaders
  * Add ruby-bacon to Build-Depends
  * Add manpage for rackup Closes: #606910
    - Thanks to Glido Fiorito <fiorito.g@gmail.com>

 -- Youhei SASAKI <uwabami@gfd-dennou.org>  Tue, 26 Jul 2011 00:57:23 +0900

ruby-rack (1.2.2-2) unstable; urgency=low

  * Add transitional packages from librack-ruby.

 -- Lucas Nussbaum <lucas@lucas-nussbaum.net>  Tue, 26 Apr 2011 16:34:08 +0200

ruby-rack (1.2.2-1) unstable; urgency=low

  * Switch to gem2deb-based packaging. Rename source and binary package.
  * libopenssl-ruby was merged in the main ruby package. Closes: #574960
    Closes: #592416.
  * new upstream release.
  * TESTS ARE DISABLED: many dependencies required for tests are not
    packaged yet.

 -- Lucas Nussbaum <lucas@lucas-nussbaum.net>  Tue, 26 Apr 2011 15:44:15 +0200

librack-ruby (1.1.0-4) unstable; urgency=low

  * Team upload.
  * This package is now maintained within the Debian/Ruby Extras team.
  * debian/control:
    - Added the team (and myself) to the uploaders.
    - Updated the Vcs-* fields.
  * Version the dependency between librack-ruby and librack-ruby1.8.
    Closes: #583553
  * Rename the 1.9.1 binary to rackup1.9.1

 -- Lucas Nussbaum <lucas@lucas-nussbaum.net>  Sat, 18 Sep 2010 08:31:46 +0200

librack-ruby (1.1.0-3) unstable; urgency=low

  * adopt package
  * add Conflicts/Replaces from librack-ruby1.9.1 to librack-ruby1.9
    because of /usr/bin/rackup1.9 (Closes: #570435)

 -- Ryan Niebur <ryan@debian.org>  Sat, 13 Mar 2010 12:14:56 -0800

librack-ruby (1.1.0-2) unstable; urgency=low

  * Move to ruby1.9.1 (Closes: #569884).
  * Removed unused lintian override.
  * Bumped up Standards-Version.

 -- Sebastien Delafond <seb@debian.org>  Mon, 15 Feb 2010 19:42:49 +0100

librack-ruby (1.1.0-1) unstable; urgency=low

  * New upstream release.

 -- Sebastien Delafond <seb@debian.org>  Fri, 08 Jan 2010 18:50:25 +0100

librack-ruby (1.0.1-1) unstable; urgency=low

  * New upstream release.
  * Bumped up Standards revision.
  * Moved to CDBS.
  * Lintian cleanups.

 -- Sebastien Delafond <seb@debian.org>  Wed, 21 Oct 2009 11:36:29 +0200

librack-ruby (1.0.0-1) unstable; urgency=low

  * New upstream release.
  * Added debian/watch file.
  * Bumped up Standards version to 3.8.1.
  * BUmped up debhelper compat level to 6.
  * Moved to section "ruby".
  * Added proper versioned dependency on debhelper (for dh_lintian).
  * Updated short description for librack-ruby1.8.

 -- Sebastien Delafond <seb@debian.org>  Tue, 28 Apr 2009 02:14:00 -0700

librack-ruby (0.9.1-1) unstable; urgency=low

  * New upstream release (Closes: #516855).

 -- Sebastien Delafond <seb@debian.org>  Mon, 23 Feb 2009 19:29:20 -0800

librack-ruby (0.3.0-2) unstable; urgency=low

  * Corrected short description for librack-ruby1.8

 -- Sebastien Delafond <seb@debian.org>  Wed, 07 May 2008 14:13:26 -0700

librack-ruby (0.3.0-1) unstable; urgency=low

  * Initial Release (Closes: #480035).

 -- Sebastien Delafond <seb@debian.org>  Wed, 07 May 2008 11:28:30 -0700