ruby1.9.1 1.9.3.194-7ubuntu1 source package in Ubuntu

Changelog

ruby1.9.1 (1.9.3.194-7ubuntu1) raring; urgency=low

  * Merge from Debian testing (LP: #1131493). Remaining changes:
    - debian/control: Add ca-certificates to libruby1.9.1 depends so that
      rubygems can perform certificate verification
    - debian/rules: Don't install SSL certificates from upstream sources
    - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
      /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
  * Changes dropped:
    - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch
      for this issue.
    - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is
      carrying a patch for this issue, but the patch is incorrectly named
      20120927-cve_2011_1005.patch. I'll work with Debian to change the patch
      name, but there's no need in carrying a delta because of this. To be
      clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and
      CVE-2012-4466, despite the incorrect patch name.
  * debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error.
    Use the version of the fix from upstream's 1.9.3 tree to fix the
    NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust
    the Origin patch tag accordingly.

ruby1.9.1 (1.9.3.194-7) unstable; urgency=high

  * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
    unsafe object creation vulnerability in JSON (Closes: #700471)

ruby1.9.1 (1.9.3.194-6) unstable; urgency=high

  [Nobuhiro Iwamatsu]
  * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting
    vulnerability in documentation generated by RDOC (Closes: #699929)

ruby1.9.1 (1.9.3.194-5) unstable; urgency=high

  * Disable running the test suite during the build on sparc again. Keeping
    urgency=high because the previous release, which contains a security bug
    fix, did not reach testing yet because of a segfault when running tests in
    the sparc buildd.

ruby1.9.1 (1.9.3.194-4) unstable; urgency=high

  [ James Healy ]
  * debian/patches/CVE-2012-5371.patch: avoid DOS vulnerability in hash
    implementation, this fixes CVE-2012-5371. (Closes: #693024).

ruby1.9.1 (1.9.3.194-3) unstable; urgency=high

  * debian/patches/CVE-2012-4522.patch: avoid vulnerability with strings
    containing NUL bytes passed to file creation methods. This fixes
    CVE-2012-4522 (Closes: #690670).

ruby1.9.1 (1.9.3.194-2) unstable; urgency=low

  * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream;
    fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x
    series (Closes: #689075). Thanks to Tyler Hicks <email address hidden>
    for reporting the issue.
 -- Tyler Hicks <email address hidden>   Thu, 21 Feb 2013 17:11:23 -0800