Change log for ruby1.9 package in Debian

ruby1.9 (1.9.0.2-9lenny1) stable-security; urgency=high


  * added patch: 932_CVE-2009-1904 (ref: #532689)
    It fixes BigDecimal DoS vulnerability (CVE-2009-1904).  (backported from
    1.8.7-p172 and 1.8.7-p174)
  * Add upstream patch to properly check return values of the
    OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)

 -- akira yamada <email address hidden>  Fri, 10 Jul 2009 16:21:55 +0900

ruby1.9 (1.9.0.5-1) unstable; urgency=low


  [ Daigo Moriwaki ]
  * debian/watch: corrected to follow the new versioning by the upstream such
    as 1.9.1-p0.tar.gz
  * Added debian/patches/090301_r22440_OCSP_basic_verify.dpatch: It did not
    properly check the return value from the OCSP_basic_verify function, which
    might allow remote attackers to successfully present an invalid X.509
    certificate, possibly involving a revoked certificate. [CVE-2009-0642]
    (Closes: #513528)
  * debian/rules: 
    - fixshebang.sh runs on bash.
    - The upstream's COPYING* is no longer installed (due to Debian policy).
      That information is included in debian/copyright.
  * debian/patches/090803_exclude_rdoc.dpatch: ported from the ruby1.9.1
    package.
  * debian/control: Added misc depends.
  * debian/compat: Bumpled up the version to 7.

  [ Lucas Nussbaum ]
  * New upstream release.
    + *.inc updated.
    + no longer needed (were backports):
      - 101_parse_rb
      - 103_array_c_r17570_to_r17756
      - 301_dns_spoofing_r18424
      - 302_r18220_webrick_DoS
      - 303_r17726_syslog_safeleve4
      - 304_r17577_trace_var_safeleve4
      - 305_r18496_dl_tain
      - 306_r17586_methods_called_safelevel13
      - 307_r19033_rexml_DoS
      - 308_regexp_segv
      - 930_zero_tainted
    + Refreshed:
      - 919_common.mk_tweaks
    + 102_skip_test_copy_stream: file changed upstream, might no
      longer be needed.
  * Fix building on lpia (Closes: #532057).
  * Disable the test suite on hppa since it blocks because of strange
    signal semantics. (Closes: #514695).
  * Agree with ftpmaster's overrides.
  * Bumped Standards-Version to 3.8.2. No changes needed.
  * Build-Depends on procps. Closes: #510914.
  * debian/fixshebang.sh: skip non-text files, which works around
    hanging of sed on scanning gif images.
  * Added 940_test_file_exhaustive_fails_as_root and
    940_test_priority_fails to deal with test suite failures.
  * Added patch 940_test_thread_mutex_sync_shorter: makes
    test_mutex_synchronize much shorter to deal with slow arches.
    Closes: #514696.
  * Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
    lot for the past help! Closes: #541026.

 -- Daigo Moriwaki <email address hidden>  Sat, 22 Aug 2009 09:55:25 +0900

ruby1.9 (1.9.0.2-9.1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Add upstream patch to properly check return values of the
    OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)

 -- Nico Golde <email address hidden>  Mon, 06 Apr 2009 18:43:32 +0200

ruby1.9 (1.9.1.0-1) experimental; urgency=low


  * new upstream version.
  * updated debian/generated-incs/*.
  * change package name to libruby1.9.1 from librub1.9-1.9. Here "1.9.1"
    indicates Ruby API version.  libruby1.9.1 conflicts/replaces:
    libruby1.9.  (No confilcts/replaces for libruby1.9-1.9 because these
    packages are note relased to Debian.)  It is preparations for ABI changes
    in the future version of Ruby 1.9.
  * adjusted 903_skip_base_ruby_check.
  * updated 931_libruby_suffix. ruby runtime library is libRUBYNAME-1.9.1.so*.
  * updated debian/NEWS.
  * 

 -- akira yamada <email address hidden>  Tue, 03 Feb 2009 22:23:42 +0900

ruby1.9 (1.9.0.2-9) unstable; urgency=high


  * fixes regression:
    - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
      (ref: #502535)
  * added patch: 308_regexp_segv
    avoid segmentation fault in Regexp#inspect.
    (backported r19384, r19433 and r20243 of upstream trunk.)

 -- akira yamada <email address hidden>  Tue, 02 Dec 2008 11:36:36 +0900

ruby1.9 (1.9.0.2-8) unstable; urgency=high


  * Added patch: 930_zero_tainted.dpatch
    backport of upstream r17612. Closes: #501408 (RC bug).

 -- Lucas Nussbaum <email address hidden>  Thu, 16 Oct 2008 22:15:33 +0200