File: changelog

package info (click to toggle)
ruby3.3 3.3.8-2
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 153,620 kB
sloc: ruby: 1,244,308; ansic: 836,474; yacc: 28,074; pascal: 6,748; sh: 3,913; python: 1,719; cpp: 1,158; makefile: 742; asm: 712; javascript: 394; lisp: 97; perl: 62; awk: 36; sed: 23; xml: 4
file content (1431 lines) | stat: -rw-r--r-- 54,785 bytes
ruby3.3 (3.3.8-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * libruby3.3: drop dependencies on ruby-test-unit and ruby-minitest
  * libruby3.3: bump versioned dependencies on ruby-did-you-mean and
    ruby-webrick

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 29 Apr 2025 07:58:14 -0300

ruby3.3 (3.3.8-1) unstable; urgency=medium

  * New upstream release.
    - Fix CVE-2025-25186 in net-imap.
    - Fix CVE-2025-27221 in URI.
      + d/p/CVE-2025-27221_*.patch: kept to fix the same issue in URI
        vendorized version in lib/{rubygems,bundler}.
    - Fix CVE-2025-27219 and CVE-2025-27220 in CGI.
      + d/p/CVE-2025-272{19,20}.patch: removed.
  * d/control: make libruby3.3 depend on versioned ruby-{csv,ruby2-keywords}.
    Those 2 gems used to have the same version in libruby3.1 and in their
    own source packages, and when a user tried to upgrade from bookworm to
    trixie the libruby3.1 was kept because it would satisfy the depedencies
    without installing a new package.
    Adding them with a version constraint to avoid keeping libruby3.1 around
    after the upgrade to ruby3.3. (Closes: #1099067)

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 10 Apr 2025 15:59:06 -0300

ruby3.3 (3.3.7-2) unstable; urgency=medium

  * Fix CVE-2025-27221.
    The URI handling methods (URI.join, URI#merge, URI#+) have an
    inadvertent leakage of authentication credentials because userinfo is
    retained even after changing the host.
      - d/p/CVE-2025-27221_*.patch
  * Fix CVE-2025-27220.
    In the CGI gem, a Regular Expression Denial of Service (ReDoS)
    vulnerability exists in the Util#escapeElement method.
      - d/p/CVE-2025-27220.patch
  * Fix CVE-2025-27219.
    In the CGI gem, the CGI::Cookie.parse method in the CGI library contains
    a potential Denial of Service (DoS) vulnerability.  The method does not
    impose any limit on the length of the raw cookie value it processes.
    This oversight can lead to excessive resource consumption when parsing
    extremely large cookies.
      - d/p/CVE-2025-27219.patch
  * d/libruby3.3.symbols: update symbols for multiple architectures
   (Closes: #1093972). Thanks to John Paul Adrian Glaubitz!

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 09 Apr 2025 15:42:58 -0300

ruby3.3 (3.3.7-1) unstable; urgency=medium

  * New upstream version 3.3.7
  * d/control: move ruby-sdbm to Recommends to avoid circular dependency
  * Update patches
  * d/libruby3.3.symbols: fix symbold for hurd-any (Closes: #1094333)
  * d/p/Fix-test-dlopen-for-.so-filename-with-more-than-one-digit.patch: fix
    FTBFS in alpha (Closes: #1085238)

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 29 Jan 2025 12:07:55 -0300

ruby3.3 (3.3.6-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix test failures with OpenSSL 3.4 (Closes: #1087954).
  * Skip test_bundled_ca, it access internet (Closes: #1091505).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 10 Jan 2025 21:56:50 +0100

ruby3.3 (3.3.6-1) unstable; urgency=medium

  [ Sylvain Beucler ]
  * Drop unused debian/source/local-options:single-debian-patch

  [ Antonio Terceiro ]
  * debian/rules: drop special case for riscv64
  * debian/rules: stop explicitly setting HOME
  * lintian: override error caused by limitation of dh_strip
  * debian/source/lintian-overrides: use wildcards
  * tests: exclude test that might fail on some timezones
  * debian/source/lintian-overrides: re-add license-problem-non-free-RFC-BCP78

  [ Lucas Kanashiro ]
  * New upstream version 3.3.6

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 27 Dec 2024 17:16:27 -0300

ruby3.3 (3.3.5-2) unstable; urgency=medium

  * debian/rules: Simplify special case for riscv64
  * debian/rules: explicitly disable YJIT.
    YJIT require a Rust toolchain. I'm not sure we want to avoid it just
    because Rust, but at the moment I suspect that this will make
    bootstrapping Ruby a lot harder.
  * debian/libruby3.3.symbols: revert addition of YJIT symbols

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 08 Sep 2024 17:13:21 -0300

ruby3.3 (3.3.5-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * New upstream version 3.3.5
    - Includes an updated rexml, fixing [CVE-2024-39908]
      (Closes: #1076766)
  * debian/genprovides: move list of rejected provides to an external file
  * Drop packages that are available standalone from Provides:
    - base64
    - csv
    - did_you_mean
    - ipaddr
    - json
    - minitest
    - power_assert
    - psych
    - test-unit
    Their files are still shipped, but as far as dependency resolution is
    concerned, the versions bundled with the Ruby interpreter won't be used
    anymore.
  * Refresh patches
  * Update symbols file with new symbols
  * debian/source/lintian-overrides: update override to match false-positive
  * debian/rules: prevent installation of lock files into /usr/bin

  [ Samuel Thibault ]
  * Don't override DEB_BUILD_OPTIONS; append instead (Closes: #1079459)

  [ Colin Watson ]
  * Deduplicate results from getaddrinfo (Closes: #1077462)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 07 Sep 2024 21:36:05 -0300

ruby3.3 (3.3.4-2) unstable; urgency=medium

  * d/libruby3.3.symbols: fix FTBFS in armel and loong64 (Closes: #1074300).

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 09 Jul 2024 21:52:32 -0300

ruby3.3 (3.3.4-1) unstable; urgency=medium

  * New upstream release.
  * d/copyright: update Files-Excluded.
  * d/libruby3.3.symbols: update for new version.

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 08 Jul 2024 23:15:51 -0300

ruby3.3 (3.3.1-6) unstable; urgency=medium

  * d/t/excludes/autopkgtest/TestISeq.rb: skip test_parent_iseq_mark, it is
    timing out in riscv64.
  * d/libruby3.3.symbols: fix FTBFS in mips64el and armhf.

 -- Lucas Kanashiro <kanashiro@debian.org>  Sat, 06 Jul 2024 00:16:21 -0300

ruby3.3 (3.3.1-5) unstable; urgency=medium

  * d/t/skiplist: add test files using require '-test-/*'.
  * d/p/Fix-require-calls-falling-in-autopkgtest.patch: fix the run-all DEP-8
    test.

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 02 Jul 2024 21:55:52 -0300

ruby3.3 (3.3.1-4) unstable; urgency=medium

  * d/tests/excludes/autopkgtest/*: skip some tests for now.

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 27 Jun 2024 01:13:36 -0300

ruby3.3 (3.3.1-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * d/p/Do-not-pass-m32-to-arm-32-bits.patch: update patch to drop -m32 on
    arm*.

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 12 Jun 2024 17:16:55 -0300

ruby3.3 (3.3.1-2) unstable; urgency=medium

  * d/libruby3.3.symbols: fix symbols for i386 and mips64el.
  * d/p/Do-not-pass-m32-to-arm-32-bits.patch: fix FTBFS in armhf and armel.

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 10 Jun 2024 20:24:07 -0300

ruby3.3 (3.3.1-1) unstable; urgency=medium

  * Ruby 3.3
  * New upstream version 3.3.1.
  * d/patches: refresh patches and remove the ones applied by upstream.
  * Declare compliance with Debian Policy 4.7.0.
  * d/t/excludes/any/TestGemCommandsUpdateCommand.rb: skip new test trying
    to execute system comamnds.
  * d/libruby3.3.symbols: update to version 3.3.1.
  * d/s/lintian-overrides: update it to new version of net-imap.

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 06 May 2024 17:59:58 -0300

ruby3.2 (3.2.3-1) unstable; urgency=medium

  * New upstream version 3.2.3
  * d/rules: add DEB_BUILD_OPTIONS=abi=time64
  * d/s/lintian-overrides: update version of net-imap

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 30 Jan 2024 19:28:07 -0300

ruby3.2 (3.2.2-1~exp1) experimental; urgency=medium

  * Ruby 3.2
  * New upstream version 3.2.2
  * Remove patches applied by upstream
  * Refresh patches
  * Skip some new tests
  * Update symbols file
  * Skip some tests failing during autopkgtest time
  * d/libruby3.2.symbols: mark strlcat strlcpy as optional, since they are now
    part of glibc.
  * d/s/lintian-overrides: add license-problem-non-free-RFC error in inet-imap
    gem. This seems to be a false positive.

 -- Lucas Kanashiro <kanashiro@ubuntu.com>  Thu, 12 Dec 2023 18:04:26 -0300

ruby3.1 (3.1.2-8) unstable; urgency=medium

  * d/p/Fix-splitting-relative-URI.patch: import upstream patch to fix URI
    splitting.
  * d/libruby3.1.symbols: Mark strlcat strlcpy as optional, they are now part
    of glibc.

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 08 Dec 2023 16:42:15 -0300

ruby3.1 (3.1.2-7) unstable; urgency=medium

  * Upload to unstable

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 25 Mar 2023 14:20:34 -0300

ruby3.1 (3.1.2-7~exp) experimental; urgency=medium

  * Update openssl extension to to 3.0.1 (Closes: #1032070)

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 05 Mar 2023 17:13:36 -0300

ruby3.1 (3.1.2-6) unstable; urgency=medium

  * Add missing dependencies for pkg-config test

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 26 Jan 2023 09:34:07 -0300

ruby3.1 (3.1.2-5) unstable; urgency=medium

  * Add autopkgtest to test pkg_config
  * Add build dependency on pkg-config from pkgconf.
    The absence of this build dependency made the check for whether
    pkg-config works fail (because it was not there) at the ./configure
    stage, making RbConfig::CONFIG["PKG_CONFIG"] empty, and therefore broke
    the usage of pkg_config() in extconf.rb scripts.
    This was noticed by Lucas Kanashiro (thanks!) in Ubuntu while rebuilding
    all Ruby packages to add ruby3.1 support, where ruby-augeas and
    ruby-libvirt failed to build.

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 25 Jan 2023 14:46:18 -0300

ruby3.1 (3.1.2-4) unstable; urgency=medium

  * Replace cross pkg-config patch with patches applied upstream
  * Apply upstream patch to fix TZ tests (Closes: #1028890)
  * Drop exclude for TestTimeTZ, not needed anymore
  * debian/libruby3.1.symbols: fix version of rb_gc_ractor_newobj_cache_clear
  * debian/tests/builtin-extensions: also require libraries
  * Add upstream patch to upgrade CGI extension to 0.3.5.
    This fixes an HTTP response splitting vulnerability in CGI [CVE-2021-33621]
    (Closes: #1024799)

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 15 Jan 2023 08:27:59 -0300

ruby3.1 (3.1.2-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Use current Ruby version as baseruby for crossbuilding.
    This fixes crossbuilding Ruby when it's not the default Ruby version.
  * rbconfig, mkmf: call foreign pkg-config when cross compiling
    (Closes: #1019520)
  * libruby3.1: depend on packages that used to be provided by ruby2.7.
    This allows *ruby2.7 to be removed after upgrades from bullseye where
    the user has installed packages that depend on either ruby-webrick or
    ruby-sdbm.
  * debian/rules: remove extension build directories.
    This should make libruby3.1 cross-installable, because those directories
    contains files that are architecture-dependent. Also, installing source
    files and build scripts for extensions makes no sense (and we already
    remove them for individual Ruby packages).

  [ Vagrant Cascadian ]
  * debian/rules: Strip the build path from rbconfig.rb

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 11 Sep 2022 07:42:05 -0300

ruby3.1 (3.1.2-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: delete build artifacts from default gems
  * Drop ppc64el-specific test exclusions
  * debian/genprovides: don't generate ruby-rake
  * Stop providing ruby-ruby2-keywords for now
    ruby-ruby2-keywords is its own packages, and is now included in Ruby
    itself. If libruby3.1 Provides: ruby-ruby2-keywords, the actual binary
    will not be installed, and builds and tests will fail on ruby3.0 after
    ruby3.1 is added as a supported version: build dependency resolution
    will assume ruby-ruby2-keywords is provided by libruby3.1, and ruby3.0
    will not actually have access to it.
    This can be reverted after ruby3.1 becomes the default Ruby and support
    for ruby3.0 is removed.
  * debian/tests/builtin-extensions: fix openssl version
  * debian/tests/builtin-extensions: output errors
  * debian/tests/builtin-extensions: drop *dbm extensions
  * autopkgtest: exclude TestJITDebug and TestRubyVMJIT.
    TestRubyVMJIT used to be called TestRubyVMMJIT (a typo), and that typo
    has been fixed in the latest upstream release.
  * autopkgtest: exclude TestTRICK{2013,2015,2018}
    Those tests don't work under autopkgtest because they look for files in
    the source directory.
  * autopkgtest: don't even load mkmf tests
    mkmf is broken when running under autopkgtest. The 100+ Ruby extensions
    in C in the archive are propably enough testing for mkmf.
  * debian/rules: fix erroneous pkg-config entry for LIBPATH
  * debian/libruby3.1.symbols: drop Debian revision from symbols versions

  [ John Paul Adrian Glaubitz ]
  * update x32 patch to current upstream coroutine detection (Closes: #1012247)

  [ Vagrant Cascadian ]
  * debian/rules: ensure rbconfig.rb is reproducible regardless of usr-merge
    (Closes: #1016110)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 27 Jul 2022 15:08:57 -0300

ruby3.1 (3.1.2-1) unstable; urgency=medium

  * Ruby 3.1
  * New upstream version 3.1.2
  * newruby: finalize debian/changelog correctly
  * Refresh patches
    - Update-openssl-to-version-3.0.0.patch: dropped, not necessary anymore
    - Update-rubygems-to-version-3.3.3.patch: dropped, not necessary anymore
  * Exclude new tests for "gem update --system"
  * Update debian/libruby3.1.symbols for new upstream release
  * Exclude test TestRelineAsReadline#test_without_tty, as it assumes `ruby`
    is available on PATH.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 22 Apr 2022 09:43:42 -0300

ruby3.0 (3.0.4-1) unstable; urgency=medium

  [ John Paul Adrian Glaubitz ]
  * Disable some tests on powerpc (Closes: #999349)
  * Disable some tests on alpha (Closes: #999444)
  * Fix filenames for glibc SO files on alpha and ia64
    (Closes: #1007925)

  [ Antonio Terceiro ]
  * New upstream version 3.0.4
  * Includes fixes for the following security issues:
    - CVE-2022-28739: Buffer overrun in String-to-Float conversion
      (Closes: #1009956)
    - CVE-2022-28738: Double free in Regexp compilation
      (Closes: #1009958)
  * Refresh patches.
    The fix in rand_init-fix-off-by-one-error.patch has been done upstream
    differently; drop the patch.
  * TestZlibGzipFile: skip test unsupported on overlay filesystems

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 21 Apr 2022 13:52:50 -0300

ruby3.0 (3.0.3-1) unstable; urgency=medium

  * New upstream version 3.0.3.  Includes fixes for the following security
    issues (Closes: #1002995):
    - CVE-2021-41816: Buffer Overrun in CGI.escape_html
    - CVE-2021-41817: regular expression Denial of Service in Date.parse
    - CVE-2021-41819: mishandling of security prefixes in CGI::Cookie.parse
  * Refresh patches
  * autopkgtest: builtin-extensions: check openssl version
  * debian/libruby3.0.symbols: update
  * Fix generation of Provides:
  * Exclude some tests from TestGemServer

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 13 Mar 2022 21:02:08 -0300

ruby3.0 (3.0.2-7) unstable; urgency=medium

  * d/t/run-all: create needed empty files, fix autopkgtest regression.

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 21 Jan 2022 09:29:42 -0300

ruby3.0 (3.0.2-6) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: normalize LC_ALL
  * debian/salsa-ci.yml: don't skip tests on reprotest

  [ Lucas Kanashiro ]
  * Add patch to update ruby/openssl to version 3.0.0 (LP: #1946190)
  * d/rules: disable LTO, it causes a segfault
  * Add patch to update rubygems to version 3.3.3
  * d/rules: create needed empty file to run openssl tests
  * d/rules: build with -O1 on alpha (Closes: #999351)
  * Skip tests failing on x32 architecture (Closes: #999350)

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 20 Jan 2022 17:35:26 -0300

ruby3.0 (3.0.2-5) unstable; urgency=medium

  * Refresh patches with gbp pq
  * Update patch for armhf to apply to all architectures
  * ppc64el: skip some failing tests (Closes: #996724)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 18 Oct 2021 09:52:16 -0300

ruby3.0 (3.0.2-4) unstable; urgency=medium

  * salsa ci: don't run tests for reprotest check
  * debian/source/lintian-overrides: ignore source-contains-prebuilt-ms-help-file
  * debian/libruby3.0.symbols: drop MISSING entries
  * debian/libruby3.0.symbols: mark optional and arch-specific symbols
  * debian/tests/excludes/any: skip tests that fail on porter boxes
  * salsa-ci: blhc: ignore false positives

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 17 Oct 2021 13:06:07 -0300

ruby3.0 (3.0.2-3) unstable; urgency=medium

  [ Lucas Kanashiro ]
  * Exclude test which requires Internet access (Closes: #995716)

  [ Antonio Terceiro ]
  * Add patch to fix Bus error on mipsel

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 13 Oct 2021 20:19:14 -0300

ruby3.0 (3.0.2-2) unstable; urgency=medium

  * debian/libruby3.0.symbols: update symbols,
    Should fix the build on i386, mips64el, s390x, and others.
  * debian/rules: remove config.log when cleaning
  * debian/gbp.conf: set debian to master
  * tool/m4/ruby_default_arch.m4: add suppor for 32-bit arm.
    Fixes the build on armel and armhf

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 04 Oct 2021 11:19:46 -0300

ruby3.0 (3.0.2-1) unstable; urgency=medium

  * New upstream release.
  * Add patch to make resolv allow dash in zone_id in IPv6 local addresses.
  * Skip tests which require to update gems in the system.
  * Symbols update for 3.0.2 release.
  * d/t/bundled-gems: adjust test due to upstream changes.
  * d/t/skiplist: add new files in test/mkmf.
  * Exclude some tests which are failing due to a rubygems version mismatch.
    The ruby-rubygems version is different than the one embedded in ruby.
  * Exclude from autopkgtest another test relying in the source tree structure.
  * d/missing-sources/jquery.js: removed, it is not needed anymore.
  * d/rules: use variables instead of hardcoded ruby version in dh_gencontrol.

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 30 Sep 2021 15:34:22 -0300

ruby3.0 (3.0.0-2) unstable; urgency=medium

  [ Utkarsh Gupta ]
  * Upload to unstable.
  * Fix symbols file for i386 build.
  * Cherry-pick 250ebbab from master.

  [ Chris Hofstaedtler ]
  * Remove myself from Uploaders

 -- Utkarsh Gupta <utkarsh@debian.org>  Mon, 30 Aug 2021 17:54:14 +0530

ruby3.0 (3.0.0-1) experimental; urgency=medium

  * New upstream version 3.0.0
  * Refresh d/patches
  * Update symbols file

 -- Utkarsh Gupta <utkarsh@debian.org>  Fri, 25 Dec 2020 19:50:25 +0530

ruby3.0 (3.0.0~rc1-1) experimental; urgency=medium

  * New upstream version 3.0.0~rc1
  * Refresh d/patches
  * Don't run test_class_no_openssl_override test
  * Update symbols file

 -- Utkarsh Gupta <utkarsh@debian.org>  Wed, 23 Dec 2020 21:28:34 +0530

ruby3.0 (3.0.0~preview2-1) experimental; urgency=medium

  * New upstream version 3.0.0~preview2
  * Re-format d/gbp.conf
  * Drop patches that has been merged upstream
  * Refresh d/patches
  * Update symbols file

 -- Utkarsh Gupta <utkarsh@debian.org>  Sat, 12 Dec 2020 02:50:00 +0530

ruby3.0 (3.0.0~preview1-1) experimental; urgency=medium

  [ Cédric Boutillier ]
  * [ci skip] Add .gitattributes to keep unwanted files out of
    the source package
  * update 0001-rdoc-build-reproducible-documentation.patch
  * use C.UTF-8 locale
  * New patch to prevent trying to download gems from internet
  * NEWS file has now a .md extension
  * Update symbols file
  * Use debhelper-compat 13
  * Add Build-Depends-Package metadata in symbols file
  * Move paragraph in copyright file to have match
    lib/rubygems/package_task.rb
  * fix gbp command name in quick-build.sh
  * Remove sdbm from builtin-extensions test
  * hyphen-used-as-minus-sign tag removed from lintian
  * Remove debian version from declared missing symbols

  [ Utkarsh Gupta ]
  * Update d/watch for ruby3.0.
  * New upstream version 3.0.0~preview1.
  * Ruby 3.0.
  * Refresh d/patches.
  * Update package for ruby3.0.
  * Add patch to fix TestIRB::TestHistory tests.
  * Skip test_build_extensions_extconf_bad test as it fails
    in sbuild.
  * Skip test/rubygems/test_bundled_ca.rb tests.
  * Fix symbols file to fix the build for i386 arch.
  * Skip test which require building gem native extensions.
  * Skip test_realworld_upgraded_default_gem for autopkgtest.
  * Add patch to fix "real" autopkgtests related to rubygems.

 -- Utkarsh Gupta <utkarsh@debian.org>  Tue, 13 Oct 2020 19:29:40 +0530

ruby2.7 (2.7.1-3) unstable; urgency=medium

  * Do not run TestJIT.rb test file on salsa and autopkgtest
  * Exclude all racc command related tests when running autopkgtest

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 11 May 2020 10:58:00 -0300

ruby2.7 (2.7.1-2) unstable; urgency=medium

  * Skip flaky DRbTest in i386

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 08 May 2020 18:02:58 -0300

ruby2.7 (2.7.1-1) unstable; urgency=medium

  * New upstream version 2.7.1
  * d/control: rules does not require root
  * d/copyright: update Debian packaging copyright
  * Mark ruby2.7-doc binary package as Multi-Arch: foreign (Closes: #956798)
  * B-d on libncurses-dev instead of libncurses{,w}5-dev (Closes: #956799)

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 07 May 2020 18:12:14 -0300

ruby2.7 (2.7.0-7) unstable; urgency=medium

  [ Lucas Kanashiro ]
  * d/rules: remove extra space from riscv configure line

  [ Antonio Terceiro ]
  * libruby: calculate provides dynamically
  * libruby: do not provide ruby-bundler (Closes: #959393)

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 04 May 2020 15:38:31 -0300

ruby2.7 (2.7.0-6) unstable; urgency=medium

  * Add patch to fix FTBFS on x32: misdetected as i386 or amd64
    (Closes: #954293)
  * d/rules: add -fno-crossjumping to CFLAGS (Closes: #951714)
  * Make 64-bit-only symbols optional to fix FTBFS on i386/armhf

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 20 Apr 2020 10:39:35 -0300

ruby2.7 (2.7.0-5) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Add test excludes for salsa

  [ Lucas Kanashiro ]
  * d/rules: build with -latomic on riscv64
  * Disable some tests that fail or time out on riscv64
  * d/control: list all libruby2.7 bundle gems in Provides field
  * d/libruby2.7.lintian-overrides:
    - ignore library-not-linked-against-libc errors, the *.so extension files
      are linked against libruby2.7 only
    - ignore wrong-path-to-the-ruby-interpreter errors, the scripts reported
      are not supposed to be used by users
  * d/libruby2.7.symbols: add missing symbols
  * d/control: use secure url in Homepage field
  * Declare compliance with Debian Policy 4.5.0
  * d/copyright: use secure urls in Format and Source fields
  * Bump debhelper compatibility level to 12

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 13 Apr 2020 11:54:17 -0300

ruby2.7 (2.7.0-4) unstable; urgency=medium

  * mipsel: exclude test that fails on buildd

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 19 Feb 2020 08:05:27 -0300

ruby2.7 (2.7.0-3) unstable; urgency=medium

  * Fix priority order of paths in -I option

 -- Cédric Boutillier <boutil@debian.org>  Tue, 04 Feb 2020 18:58:15 +0100

ruby2.7 (2.7.0-2) unstable; urgency=medium

  * Fix symbols file using dpkg-gensymbols (Closes: #948371)
  * debian/rules: fix dh_auto_clean override (Closes: #948187)
  * debian/tests/run-all: copy tool/ to $AUTOPKGTEST_TMP
  * Exclude some failing tests when executed via autopkgtest
  * Set OPENSSL_CONF to lower security level to 1
  * Skip some tests that need root permission to pass

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 22 Jan 2020 11:47:11 -0300

ruby2.7 (2.7.0-1) unstable; urgency=medium

  * No changes rebuild

 -- Lucas Kanashiro <kanashiro@debian.org>  Tue, 07 Jan 2020 16:20:19 -0300

ruby2.7 (2.7.0-1~exp1) experimental; urgency=medium

  * New upstream version 2.7.0
  * Update d/libruby2.7.symbols
  * d/copyright: remove some files dropped in this new release
  * d/t/run-all: use AUTOPKGTEST_TMP instead of ADTTMP

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 02 Jan 2020 16:41:27 -0300

ruby2.7 (2.7.0~preview2-1~exp1) experimental; urgency=medium

  [ Antonio Terceiro ]
  * New upstream version 2.5.7
  * autopkgtest: simplify test runner even more

  [ Lucas Kanashiro ]
  * d/watch: track release 2.7.x
  * New upstream version 2.7.0~preview2
  * Ruby 2.7
  * Update patches
  * Exclude tests which fail due to ~ in version string
  * debian/rules: define $HOME since some tests rely on it

  [ Antonio Terceiro ]
  * skip test-spec during build
  * Update symbols file with new symbols in ruby 2.7

  [ Lucas Kanashiro ]
  * Add myself to Uploaders list

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 13 Nov 2019 20:40:21 -0300

ruby2.5 (2.5.7-1) unstable; urgency=medium

  [ Utkarsh Gupta ]
  * Add salsa-ci.yml

  [ Antonio Terceiro ]
  * New upstream version 2.5.7
  * Refresh patches
  * autopkgtest: rework "expected failures" mechanism. We now just skip the
    tests cases that are known to fail, and not load at all the test files
    that fail to load. This will make the output in case of failures a lot
    more clear.

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 23 Oct 2019 12:48:04 -0300

ruby2.5 (2.5.5-4) unstable; urgency=medium

  [ HIGUCHI Daisuke (VDR dai) ]
  * debian/rules: do not compress debug sections for arch-dep Ruby packages with dh_compat 12

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 30 Jul 2019 09:41:10 -0300

ruby2.5 (2.5.5-3) unstable; urgency=medium

  * ia64: Don't clear register_stack_start (Closes: #928068)

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 02 Jun 2019 10:16:57 -0300

ruby2.5 (2.5.5-2) unstable; urgency=medium

  * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
    network availability, by moving the existing excludes files to the correct
    location. (Closes: #927122)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 13 May 2019 10:55:06 -0300

ruby2.5 (2.5.5-1) unstable; urgency=medium

  * New upstream version 2.5.5. Includes a series of bug fixes, most notably
    for 6 security bugs discovered in Rubygems:
    - CVE-2019-8320: Delete directory using symlink when decompressing tar
    - CVE-2019-8321: Escape sequence injection vulnerability in verbose
    - CVE-2019-8322: Escape sequence injection vulnerability in gem owner
    - CVE-2019-8323: Escape sequence injection vulnerability in API response
      handling
    - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
      execution
    - CVE-2019-8325: Escape sequence injection vulnerability in errors
  * Rebase patches. The following patches were applied upstream and dropped
    from the Debian package:
    - 0011-Update-for-tzdata-2018f.patch
    - 0012-test-update-test-certificate.patch

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 26 Mar 2019 17:12:34 -0300

ruby2.5 (2.5.3-4) unstable; urgency=medium

  * 0012-test-update-test-certificate.patch: update test certificate so
    SSL-related tests pass (Closes: 919516)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 23 Feb 2019 17:51:21 -0300

ruby2.5 (2.5.3-3) unstable; urgency=medium

  * arm64: also skip TestBugReporter#test_bug_reporter_add, which also fails~
    4% of the time.
  * mipsel: fix location of skiplist for OpenSSL::TestSSL, from TestSSL.rb to
    OpenSSL/TestSSL.rb.
  * Remove skiplist for OpenSSL::TestSSL on all architectures. It was in the
    wrong place to begin with.
  * Fix location of skiplist for Rinda-related tests.

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 27 Nov 2018 09:58:02 -0200

ruby2.5 (2.5.3-2) unstable; urgency=medium

  * arm64: skip TestRubyOptions#test_segv_loaded_features, fails ~3% of the
    time
  * mipsel: skip OpenSSL::TestSSL tests that frequently timeout on the Debian
    buildds
    - test_dh_callback
    - test_get_ephemeral_key
    - test_post_connect_check_with_anon_ciphers

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 25 Nov 2018 13:05:27 -0200

ruby2.5 (2.5.3-1) unstable; urgency=medium

  * New upstream version 2.5.3
    - Includes fix for CVE-2018-16396, "Tainted flags are not propagated in
      Array#pack and String#unpack with some directives" (Closes: #911920)
  * Refresh patches:
    - Dropped 0009-merge-changes-in-ruby-openssl-v2.1.1.patch, already applied
      upstream.
  * Add tzdata to Build-Depends (Closes: #911717)
  * Cherry-pick upstream commmit with update to tests due to changes in tzdata
    2018f (Closes: #913181)
  * Update gemspec reproducibility patch to also make new default gems fiddle
    and ipaddr reproducible. (Closes: #898051)
  * debian/rules: don't install created.rid file produced by rdoc to make
    build reproducible. This file is used by rdoc to decide when to update
    documentation when in use in interactive settings, and containing a
    timestamp is one of its functions. Is is not necessary for a binary
    package, though, because the included documentation will never need to be
    updated in-place.

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 24 Nov 2018 12:38:59 -0200

ruby2.5 (2.5.1-6) unstable; urgency=medium

  * Fix build with openssl 1.1.1 (Closes: #907790)
    - Apply Ruby upstream patch to update openssl extension to v2.1.1. This
      includes some, but not all, changes needed to make the tests pass
      against openssl 1.1.1
    - Apply ruby-openssl upstream patches to fix tests against openssl 1.1.1
    - Exclude tests that still fail with openssl 1.1.1
    - debian/rules: set OPENSSL_CONF to /dev/null when running tests to use
      the default openssl settings. Unfortunately there are too many tests for
      several parts of the Ruby standard library that use openssl and that take
      very long to complete under the Debian settings, and I don't have the
      cycles to go fix each one.
    - debian/tests/run-all: also run autopkgtest against the default openssl
      settings and not the Debian-specific ones.
  * debian/tests/run-all: fix reference to excludes dir

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 06 Oct 2018 14:15:02 -0300

ruby2.5 (2.5.1-5) unstable; urgency=medium

  * Fix spelling error in patch description
  * Remove always-on dh --parallel
  * Pass --host to configure when cross-building.
    We cannot just use dh_auto_configure because some of the added options
    then make configure need a baseruby, which we want to avoid when
    building for the native arch. (Closes: #893501)

 -- Chris Hofstaedtler <zeha@debian.org>  Tue, 24 Jul 2018 08:56:14 +0000

ruby2.5 (2.5.1-4) unstable; urgency=medium

  * Disable tests failing on Ubuntu builders (Closes: #886515)
  * Bump Standards-Version to 4.1.5

 -- Chris Hofstaedtler <zeha@debian.org>  Sun, 22 Jul 2018 14:18:07 +0000

ruby2.5 (2.5.1-3) unstable; urgency=medium

  * Exclude test that often fails on the Debian mips buildds
  * Add missing patch needed for kfreebsd-amd64 port (Closes: #899267)

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 10 Jun 2018 22:08:34 -0300

ruby2.5 (2.5.1-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/tests/control: ignore output on stderr
  * debian/tests/bundled-gems: only fail on missing gems. Only warn if version
    found is not new enough
  * libruby2.5: add dependency on ruby-xmlrpc

  [ Samuel Thibault ]
  * Fix FTBFS on hurd (Closes: #896509)

  [ Svante Signell ]
  * Exclude tests that fail on kfreebsd (Closes: #899267)

  [ Antonio Terceiro ]
  * Update symbols file for 64-bit architectures

  [ Santiago R.R ]
  * Exclude Rinda TestRingFinger and TestRingServer test units requiring network access
    (Closes: #898917)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 09 Jun 2018 11:50:20 -0300

ruby2.5 (2.5.1-1) unstable; urgency=medium

  * New upstream version 2.5.1.

    According to the release announcement, includes fixes for the following
    security issues:

    - CVE-2017-17742: HTTP response splitting in WEBrick
    - CVE-2018-6914: Unintentional file and directory creation with directory
      traversal in tempfile and tmpdir
    - CVE-2018-8777: DoS by large request in WEBrick
    - CVE-2018-8778: Buffer under-read in String#unpack
    - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
      UNIXServer and UNIXSocket
    - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
      Dir
    - Multiple vulnerabilities in RubyGems
  * Refresh patches.

    Patches dropped for being already applied upstream:

    - 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
    - 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
  * Add patch to fix FTBFS on ia64 (Closes: #889848)
  * Add simple autopkgtest to check for builtin extensions that are build
    against external dependencies (ssl, yaml, *dbm etc)
  * Add build-dependency on libgdbm-compat-dev (Closes: #892099)
  * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
    assumptions that don't hold on newer tzdata update. Upstream bug:
    https://bugs.ruby-lang.org/issues/14655
  * debian/libruby2.5.symbols: update with new symbol added in this release

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 31 Mar 2018 13:22:48 -0300

ruby2.5 (2.5.0-6) unstable; urgency=medium

  * debian/rules: explicitly pass --runstatedir, --localstatedir, and
    --sysconfdir to ./configure

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 04 Mar 2018 13:30:49 -0300

ruby2.5 (2.5.0-5) unstable; urgency=medium

  * Change Maintainer: to Debian Ruby Team
  * debian/patches/0005-Fix-tests-to-cope-with-updates-in-tzdata.patch: fix
    test failures after updates in the Japan timezone data (Closes: #889046)
  * debian/patches/0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch:
    upgrade to Rubygems 2.7.6 to fix multiple vulnerabilities

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 24 Feb 2018 12:20:04 -0300

ruby2.5 (2.5.0-4) unstable; urgency=medium

  * debian/rules: pass --excludes-dir options to `make check` via $TESTS

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 30 Dec 2017 10:50:04 -0300

ruby2.5 (2.5.0-3) unstable; urgency=medium

  * arm64: skip TestRubyOptimization#test_clear_unreachable_keyword_args. It
    works just fine on a porter box, but consistently hangs on the arm64
    buildd.
  * mipsel: skip some tests from TestNum2int; they fail on the buildd, but not
    on the porterbox.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 29 Dec 2017 21:14:34 -0300

ruby2.5 (2.5.0-2) unstable; urgency=medium

  * Move test exclusions from a patch to debian/tests/excludes/
    - debian/rules, debian/tests/run-all: pass the appropriate exclusion flags
      to the test runner
  * Exclude TestResolvMDNS. It will fail on some architectures, and be very
    slow on others.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 29 Dec 2017 12:57:39 -0300

ruby2.5 (2.5.0-1) unstable; urgency=medium

  * New upstream version 2.5.0
  * Refresh patches
  * debian/libruby2.5.symbols: update
  * debian/tests/known-failures.txt: add another 3 test files that assume the
    tests are being run against a built source tree

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 26 Dec 2017 11:48:55 -0200

ruby2.5 (2.5.0~rc1-1) unstable; urgency=medium

  * New upstream release candidate. Includes the following fixes:
    - Fix stack size on powerpc64 (Closes: #881772)
    - CVE-2017-17405: Command injection vulnerability in Net::FTP
      (Closes: #884437)
  * Refresh patches
  * debian/control:
    - Remove explicit Testsuite: header
    - ruby2.5-dev: Recommends: ruby2.5-doc
    - Declare compatibility with Debian Policy 4.1.2; no changes needed
    - Bump debhelper compatibility level to 10
      - change debian/rules to call ./configure directly, to use upstream's
        built-in multiarch support as before debhelper compatibility level 9
  * debian/watch: download release tarballs.
    Using release tarballs makes it possible to build ruby without having an
    existing ruby. This should help bootstrapping ruby on new
    architectures. (Closes: #832022)
  * debian/copyright: exclude embedded copies of bundled gems and libffi
  * debian/rules:
    - run tests in verbose mode during build
    - drop explicit usage of autotools-dev
    - drop usage of autoreconf debhelper sequence, it's not needed anymore
      since we are now using a complete upstream release tarball
    - drop passing --baseruby to configure, since do not require an existing
      ruby anymore
    - skip setting DEB_HOST_MULTIARCH if already set
    - replace manual call to dpkg-parsechangelog with including
      /usr/share/dpkg/pkg-info.mk and using variables from there.
  * autopkgtest: make use of the text exclusion rules under test/excludes/
  * debian/libruby2.5.symbols: update with symbols added/removed since the
    preview1 release
  * debian/tests/bundled-gems: handle extra field in gems/bundled_gems
  * debian/libruby2.5.lintian-overrides: remove unused override
    (possible-gpl-code-linked-with-openssl)

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 24 Dec 2017 12:29:25 -0200

ruby2.5 (2.5.0~preview1-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * New upstream version 2.5.0~preview1
  * debian/patches: import all of our remaining changes wrt upstream. All the
    changes to tests were transformed into exclude files under test/excludes/
  * ruby2.5-dev: don't install *.a files anymore; they are not installed by
    the upstream build system anymore.
  * debian/rules: adapt removal of embedded certificate store in Rubygems
  * debian/rules: also remove embedded certificate store from bundler

  [ Christian Hofstaedtler ]
  * Remove packaging for tcltk extension; it has been removed from Ruby core
    upstream.
  * Drop migration from old -dbg package
  * Disable test for homedir expansion which fails in sbuild
  * Upstream tarballs no longer come from git
  * Update jquery in missing-sources
  * d/copyright: Add info for darkfish icon set
  * Build with default OpenSSL once again

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 10 Oct 2017 21:12:54 -0300

ruby2.3 (2.3.3-1) unstable; urgency=medium

  * New upstream version.

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 22 Nov 2016 12:32:41 +0000

ruby2.3 (2.3.2-1) unstable; urgency=medium

  * New upstream version.

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 16 Nov 2016 01:31:08 +0000

ruby2.3 (2.3.1-6) unstable; urgency=medium

  * debian/rules: honor 'nocheck' flag in DEB_BUILD_OPTIONS (Closes: #842768).
    Thanks to John Paul Adrian Glaubitz for the patch.
  * Build-Depends on libssl1.0-dev. Ruby 2.3 is not likely to get OpenSSL 1.1
    compatibility (see #828535)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 09 Nov 2016 14:38:59 -0200

ruby2.3 (2.3.1-5) unstable; urgency=medium

  * Increase timeout for test_array.rb test_permutation_stack_error,
    as Array#permutation is very slow on armel, mips, mipsel.
    Forwarded to upstream as issue #12502.
  * Disable test_process.rb test_aspawn_too_long_path, as it uses ~2GB
    of RAM and a lot of CPU time before finally failing on mips, mipsel.
    Forwarded to upstream as issue #12500.
  * Increase timeout for test_gc.rb test_gc_parameter, for mips, mipsel.

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 17 Jun 2016 23:30:49 +0000

ruby2.3 (2.3.1-4) unstable; urgency=medium

  * Backport some test changes from Ruby trunk, to fix (some) build
    failures on archs other than amd64, i386, ppc64el, s390x.

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 15 Jun 2016 07:32:02 +0000

ruby2.3 (2.3.1-3) unstable; urgency=medium

  * Replace libruby2.3-dbg with automatic dbgsym packages.
  * Avoid unreproducible rbconfig.rb (always use bash to build).
  * rdoc: sort input filenames in a consistent way (for reproducible).
  * Run full testsuite during build (make check instead of make test).

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 14 Jun 2016 20:47:45 +0000

ruby2.3 (2.3.1-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/tests/known-failures.txt: remove test that now passes
    (test/rinda/test_rinda.rb)
  * debian/rules: enable bindnow hardening option (Closes: #822288)
  * debian/copyright: update and simplify copyright annotations for Unicode
    files under enc/trans/JIS/
  * Bump Standards-Version to 3.9.8 (no changes needed)

  [ Christian Hofstaedtler ]
  * Stop providing ruby-interpreter. Only packages providing
    /usr/bin/ruby can be a credible provider of ruby-interpreter.
    (Closes: #822072)
  * Raise priority to "optional", now that ruby2.2 is gone, although
    the value of this change is unclear. (Closes: #822911)
  * Apply patch from Reiner Herrmann <reiner@reiner-h.de> to help with
    reproducibility of mkmf.rb using packages. (Closes: #825569)

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 30 May 2016 12:14:46 +0000

ruby2.3 (2.3.1-1) unstable; urgency=medium

  * Call make install-doc, install-nodoc with V=1, for diagnosing
    build failures.
  * New upstream TEENY version.

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 27 Apr 2016 07:40:42 +0000

ruby2.3 (2.3.0-5) unstable; urgency=medium

  * Set gzip embedded mtime field to fixed value for rdoc-generated
    compressed javascript data. Helps with reproducibility of rdoc-using
    packages.
  * Build tcltk extension for Tcl/Tk 8.6.
  * Apply patch from upstream to fix crash in Proc binding.
    (ruby-core: 74100, trunk r54128, bug #12137). (Closes: #816161)

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 16 Mar 2016 23:36:12 +0000

ruby2.3 (2.3.0-4) unstable; urgency=medium

  * Apply patch from upstream to fix deserializing OpenStruct via Psych,
    (ruby-core: 72501, trunk r53366). (Closes: #816358)

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 01 Mar 2016 22:41:19 +0100

ruby2.3 (2.3.0-3) unstable; urgency=medium

  * Explicitly set bundled gem dates. Otherwise these multi-arch same files
    differ on different architectures depending on build date.
    (Closes: #810321)
  * Apply patch from upstream (ruby-core:72736, trunk r53455) to fix extension
    builds that use g++.
  * Bump Standards-Version to 3.9.7 with no addtl. changes
  * d/copyright: Remove rake, no longer bundled.
  * Switch Vcs-* URLs to https.

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 29 Feb 2016 21:45:51 +0100

ruby2.3 (2.3.0-2) unstable; urgency=medium

  * debian/libruby2.3.symbols: update with new symbols introduced right before
    the final 2.3.0 release.
  * libruby2.3: add dependencies on rake, ruby-did-you-mean and
    ruby-net-telnet

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 30 Jan 2016 09:20:31 -0200

ruby2.3 (2.3.0-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Ruby 2.3
  * debian/tests/bundled-gems: check if all libraries that are supposed to be
    bundled are present, with a version greater than or equal to the one
    specified in gems/bundled_gems
  * debian/tests/run-all: filter failures against list of known failures. Pass
    if only the tests listed in debian/tests/known-failures.txt fail, fail
    otherwise. This will help catch regressions.
  * debian/copyright: update wrt new files in the distribution

  [ Christian Hofstaedtler ]
  * autopkgtest: depend on all packages so we actually have header files
    installed.

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 28 Dec 2015 09:17:47 -0300

ruby2.2 (2.2.3-2) unstable; urgency=medium

  * Add dependency on ruby-minitest to provide the same experience out of the
    box as the upstream package (Closes: #803665)
  * Apply upstream patch to not use SSLv3 methods if OpenSSL does not export
    them (Closes: #804089)
  * updated debian/libruby2.2.symbols with 1 new symbol.

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 05 Nov 2015 18:43:02 -0200

ruby2.2 (2.2.3-1) unstable; urgency=medium

  * New upstream release

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 18 Aug 2015 22:22:21 +0000

ruby2.2 (2.2.2-3) unstable; urgency=medium

  [ Christian Hofstaedtler ]
  * Have libruby2.2 depend on ruby-test-unit, as upstream bundles this
    externally maintained package in their tarballs. (Closes: #791925)

  [ Antonio Terceiro ]
  * Apply upstream patches to fix Request hijacking vulnerability in Rubygems
    [CVE-2015-3900] (Closes: #790111)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Jul 2015 09:50:08 -0300

ruby2.2 (2.2.2-2) unstable; urgency=medium

  * Make Date in gemspec reproducible. Initial patch from Chris Lamb
    <lamby@debian.org>. (Closes: #779631, #784225)
  * Replace embedded copies of Lato with symlinks to fonts-lato.
    (Closes: #762348)
  * debian/copyright: improve DEP-5 compliance.
  * Provide debug symbols, in a new libruby2.2-dbg package. Patch from
    Matt Palmer <mpalmer@debian.org>. (Closes: #785685)
  * Build libruby.so with dpkg-buildflags supplied LDFLAGS.
    (Closes: #762350)

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 01 Jul 2015 15:36:24 +0200

ruby2.2 (2.2.2-1) unstable; urgency=medium

  * New upstream release
    - includes fix for vulnerability with overly permissive matching of
      hostnames in OpenSSL extension [CVE-2015-1855]
  * debian/rules: add import-orig-source to automate importing orig tarballs
    generated from the upstream git mirror.
  * debian/tests: add a functional test that will run all tests under test/

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 03 May 2015 18:56:32 -0300

ruby2.2 (2.2.1-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: review
    - enc/* relicensed to the same license as Ruby
    - add license for ccan/* (CC0)
    - add license for enc/trans/JIS/*
      - some under the "Unicode" license
      - most under permissive "You can use, modify, distribute this table
        freely." terms
    - ext/nkf/ relicensed to zlib/libpng license
  * debian/upstream-changes: simpler and more accurate implementation
  * debian/libruby2.2.symbols: updated

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 03 Apr 2015 21:30:14 -0300

ruby2.2 (2.2.0~1-1) UNRELEASED; urgency=medium

  * Ruby 2.2 RC1
  * Dropped all Debian-specific changes to the upstream sources; everything we
    need is fixed upstream

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 19 Dec 2014 14:46:35 -0200

ruby2.1 (2.1.5-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2014-8090 Another Denial of Service XML Expansion
      (Closes: #770932)
    - Fixes build on SPARC (Closes: #769731)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 29 Nov 2014 12:30:39 -0200

ruby2.1 (2.1.4-1) unstable; urgency=high

  * New upstream version
    - CVE-2014-8080: Denial of Service in XML Expansion
    - Changes default settings in OpenSSL bindings to not use deprecated and
      insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the
      "POODLE" bug in OpenSSL)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Oct 2014 12:07:22 -0200

ruby2.1 (2.1.3-2) unstable; urgency=medium

  [ Sebastian Boehm ]
  * Install SystemTap tap file (Closes: #765862)

 -- Christian Hofstaedtler <zeha@debian.org>  Sun, 19 Oct 2014 20:07:50 +0200

ruby2.1 (2.1.3-1) unstable; urgency=medium

  * New upstream version

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 20 Sep 2014 16:55:47 +0200

ruby2.1 (2.1.2-4) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Move libjs-jquery dependency from libruby2.1 to ruby2.1, and turn it into
    Recommends:. This way programs that link against libruby2.1 won't pull in
    libjs-jquery; OTOH those using rdoc (and thus needing libjs-jquery) would
    be already using ruby2.1 anyway.

  [ Christian Hofstaedtler ]
  * Update Vcs-Git URL, as we've moved from master2.1 to master.
  * Prepare libruby21.symbols for x32 (Closes: #759615)
  * Remove embedded copies of SSL certificates. Rubygems is advised by
    rubygems-integration to use the ca-certificates provided certificates.
    (Closes: #689074)

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 05 Sep 2014 03:06:30 +0200

ruby2.1 (2.1.2-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: call debian/split-tk-out.rb with $(baseruby) instead of
    `ruby` to actually support bootstrapping with ruby1.8 (and no `ruby`)
  * Break dependency loop (Closes: #747858)
    - ruby2.1: drop dependency on ruby
    - libruby2.1: drop dependency on ruby2.1

  [ Christian Hofstaedtler ]
  * Add missing man pages for gem, rdoc, testrb (Closes: #756053, #756815)
  * Correct ruby2.1's Multi-Arch flag to 'allowed' (Closes: #745360)

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 14 Aug 2014 10:45:29 -0300

ruby2.1 (2.1.2-2) unstable; urgency=medium

  * Support bootstrapping with Ruby 1.8 (which builds with gcc only) if another
    Ruby is not available.

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 15 May 2014 23:20:49 -0300

ruby2.1 (2.1.2-1) unstable; urgency=medium

  [ Christian Hofstaedtler ]
  * New upstream version
  * Update watch file

  [ Sebastian Boehm ]
  * Build with basic systemtap support. (Closes: #747232)

  [ Antonio Terceiro ]
  * 2.1 is now the main development branch

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 10 May 2014 15:51:13 +0200

ruby2.1 (2.1.1-4) unstable; urgency=medium

  * Use Debian copy of config.{guess,sub}
    Instead of downloading it from the Internet, which could be down or
    insecure. Thanks to Scott Kitterman for the report AND patch.
    (Closes: 745699)
  * Move jquery source file to d/missing-sources

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 25 Apr 2014 00:57:13 +0200

ruby2.1 (2.1.1-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Disable rubygems-integration during the build. This fixes the install
    location of the gemspecs for the bundled libraries. (Closes: #745465)

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 22 Apr 2014 18:38:01 +0200

ruby2.1 (2.1.1-2) unstable; urgency=medium

  * Tie Tcl/Tk dependency to version 8.5, applying patch from Ubuntu.
    Thanks to Matthias Klose <doko@debian.org>

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 10 Mar 2014 13:38:41 +0100

ruby2.1 (2.1.1-1) unstable; urgency=medium

  * Imported Upstream version 2.1.1
  * Update lintian overrides

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 05 Mar 2014 18:22:58 +0100

ruby2.1 (2.1.0-2) unstable; urgency=medium

  * ruby2.1-dev: Depend on libgmp-dev.
    Thanks to John Leach <john@johnleach.co.uk>
  * Fix FTBFS with libreadline 6.x, by applying upstream r45225.

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 03 Mar 2014 21:10:32 +0100

ruby2.1 (2.1.0-1) unstable; urgency=medium

  * Upload to unstable.

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 22 Feb 2014 23:44:44 +0100

ruby2.1 (2.1.0-1~exp2) experimental; urgency=medium

  [ Antonio Terceiro ]
  * ruby2.1-dev: add missing dependency on libruby2.1

  [ Christian Hofstaedtler ]
  * Again depend on ruby without alternatives management
  * Tag 64bit-only symbols as such

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 13 Feb 2014 13:02:25 +0100

ruby2.1 (2.1.0-1~exp1) experimental; urgency=medium

  * New release train, branch off and rename everything to ruby2.1
    (Closes: #736664)
  * Build with GMP library for faster Bignum operations.
  * Target experimental as long as ruby 1:1.9.3.1 has not entered
    unstable, dropping the versioned dependency for now.

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 23 Jan 2014 19:25:19 +0100

ruby2.0 (2.0.0.484-1) UNRELEASED; urgency=medium

  [ Antonio Terceiro ]
  * New upstream snapshot.
  * Add patch by Yamashita Yuu to fix build against newer OpenSSL
    (Closes: #733372)

  [ Christian Hofstaedtler ]
  * Use any valid Ruby interpreter to bootstrap
  * Bump Standards-Version to 3.9.5 (no changes)
  * Add myself to Uploaders:
  * Add Dependencies to facilitate upgrades from 1.8
    * libruby2.0 now depends on ruby2.0
    * ruby2.0 now depends on ruby
  * Stop installing alternatives/symlinks for binaries:
    * /usr/bin/{ruby,erb,testrb,irb,rdoc,ri}

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 17 Jan 2014 16:35:57 +0100

ruby2.0 (2.0.0.353-1) unstable; urgency=low

  * New upstream release
    + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
      Closes: #730190

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 25 Nov 2013 22:34:25 -0300

ruby2.0 (2.0.0.343-1) unstable; urgency=low

  * New upstream version (snapshot from 2.0 maintainance branch).
  * fix typo in ruby2.0-tcltk description
  * Backported upstream patches from Tanaka Akira to fix FTBFS on:
    - GNU/kFreeBSD (Closes: #726095)
    - x32 (Closes: #727010)
  * Make date for io-console gemspec predictable (Closes: #724974)
  * libruby2.0 now depends on libjs-jquery because of rdoc (Closes: #725056)
  * Backport upstream patch by Nobuyoshi Nakada to fix include directory in
    `pkg-config --cflags` (Closes: #725166)
  * Document missing licenses in debian/copyright (Closes: #723161)
  * debian/libruby2.0.symbols: add new symbol rb_exec_recursive_paired_outer
    (not in the public API though)

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 05 Nov 2013 20:33:23 -0300

ruby2.0 (2.0.0.299-2) unstable; urgency=low

  * Split Ruby/Tk out of libruby2.0 into its own package, ruby2.0-tcltk. This
    will reduce the footprint of a basic Ruby installation.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 15 Sep 2013 22:09:57 -0300

ruby2.0 (2.0.0.299-1) unstable; urgency=low

  * New upstream release
    + Includes a fix for override of existing LDFLAGS when building compiled
      extensions that use pkg-config (Closes: #721799).
  * debian/rules: forward-port to tcl/tk packages with multi-arch support.
    Thanks to Tristan Hill for reporting on build for Ubuntu saucy
  * debian/control: ruby2.0 now provides ruby-interpreter
  * Now using tarballs generated from the git mirror.
    + The released tarballs will modify shipped files on clean. Without this
      we can stop messing around with files that need to be recovered after a
      `debian/rules clean` to make them match the orig tarball and avoid
      spurious diffs.
    + This also lets us drop the diffs against generated files such as
      tool/config.* and configure.
    + documented in debian/README.source
  * debian/libruby2.0.symbols: refreshed with 2 new symbols added since last
    version.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 08 Sep 2013 12:38:34 -0300

ruby2.0 (2.0.0.247-1) unstable; urgency=low

  * Initial release (Closes: #697703)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 07 Jan 2013 14:48:51 -0300