ruby2.3 (2.3.1-2~ubuntu16.04.16) xenial-security; urgency=medium

  * SECURITY UPDATE: XML round-trip vulnerability in REXML
    - debian/patches/CVE-2021-28965.patch: update to REXML 3.1.7.4.
    - CVE-2021-28965

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 15 Apr 2021 10:39:41 -0400

ruby2.3 (2.3.1-2~ubuntu16.04.15) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe Object Creation Vulnerability in JSON gem
    - debian/patches/CVE-2020-10663.patch: set json->create_additions to 0
      in ext/json/parser/parser.c, ext/json/parser/parser.rl.
    - CVE-2020-10663
  * SECURITY UPDATE: HTTP Request Smuggling attack in WEBrick
    - debian/patches/CVE-2020-25613.patch: make it more strict to interpret
      some headers in lib/webrick/httprequest.rb.
    - CVE-2020-25613

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 16 Mar 2021 11:03:56 -0400

ruby2.3 (2.3.1-2~ubuntu16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 25 Nov 2019 12:24:34 -0300

ruby2.3 (2.3.1-2~ubuntu16.04.13) xenial; urgency=medium

  * d/p/do-not-wakeup-inside-child-processes.patch: avoid child ruby processes
    being stuck in a busy loop (LP: #1834072)

 -- Andreas Hasenack <andreas@canonical.com>  Tue, 25 Jun 2019 11:52:54 -0300

ruby2.3 (2.3.1-2~16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: fix in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.
  * Added lisbon_tz test to excluded tests
    - debian/patches/0001-excluding_lisbon_tz_test.patch:
      test/excludes/TestTimeTZ.rb.
  * Fixing symlink expanding issue that makes some tests and gems fails
    - debian/patches/fixing_symlink_expanding_issue.patch: fix in
      lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 03 Apr 2019 12:30:36 -0300

ruby2.3 (2.3.1-2~16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * fixing tz test issue
    - debian/patches/fixing_tz_tests.patch

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 30 Oct 2018 10:59:03 -0300

ruby2.3 (2.3.1-2~16.04.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Malicious format string - buffer overrun
    - debian/patches/CVE-2017-0898.patch: fix in sprintf.c,
      test/ruby/test_sprintf.rb.
    - CVE-2017-0898
  * SECURITY UPDATE: Response splitting attack
    - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2017-17742
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb,
      lib/webrick/httpservlet/filehandler.rb,
      test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb.
    - CVE-2018-8777

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 08 Jun 2018 11:24:57 -0300

ruby2.3 (2.3.1-2~16.04.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb,
      test/test_tempfile.rb.
    - CVE-2018-6914
  * SECURITY UPDATE: Buffer under-read
    - debian/patches/CVE-2018-8778.patch: fix in pack.c,
      test/ruby/test_pack.rb.
    - CVE-2018-8778
  * SECURITY UPDATE: Unintended socket
    - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c,
      test/socket/test_unix.rb.
    - CVE-2018-8779
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-8780.patch: fix in dir.c,
      test/ruby/test_dir.rb.
    - CVE-2018-8780

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 13 Apr 2018 11:38:20 -0300

ruby2.3 (2.3.1-2~16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000079

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 04 Apr 2018 12:16:06 -0300

ruby2.3 (2.3.1-2~16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: fails to validade specification names
    - debian/patches/CVE-2017-0901-0902.patch:  fix this.
    - CVE-2017-0901
  * SECURITY UPDATE: vulnerable to a DNS hijacking
    - debian/patches/CVE-2017-0901-0902.patch fix this.
    - CVE-2017-0902
  * SECURITY UPDATE: possible remote code execution
    - debian/patches/CVE-2017-0903.patch: whitelist classes
      and symbols that are in Gem spec YAML in lib/rubygems.rb,
      lib/rubygens/config_file.rb, lib/rubygems/package.rb,
      lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
      lib/rubygems/specification.rb.
    - CVE-2017-0903

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 30 Jan 2018 14:54:19 -0300

ruby2.3 (2.3.1-2~16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: possible command injection attacks through
    kernel#open
    - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
      lib/resolv.rb.
    - CVE-2017-17790
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: denial of service via a crafted string
    - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
    - CVE-2017-14033
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 09 Jan 2018 11:43:22 -0300

ruby2.3 (2.3.1-2~16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: command injection through Net::FTP
    - debian/patches/CVE-2017-17405.patch: fix command injection
      in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
    - CVE-2017-17405
  *  Exclude some tests that fails in launchpad:
    - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 18 Dec 2017 16:25:28 -0300

ruby2.3 (2.3.1-2~16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: SMTP command injection
    - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
      lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
    - CVE-2015-9096
  * SECURITY UPDATE: use of same initialization vector (IV)
    - debian/patches/CVE-2016-7798.patch: don't set dummy key in
      ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
    - CVE-2016-7798
  * debian/rules: enable full test suite
  * debian/control: added netbase to Build-Depends
  * debian/patches/fix_tests.patch: fix tests that do not work correctly.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 20 Jun 2017 11:05:02 -0400

ruby2.3 (2.3.1-2~16.04) xenial-proposed; urgency=medium

  * SRU: LP: #1589271, backport 2.3.1 to 16.04 LTS.
  * Fixes tests on s390x. LP: #1556783.

 -- Matthias Klose <doko@ubuntu.com>  Sun, 05 Jun 2016 17:50:45 +0200

ruby2.3 (2.3.1-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/tests/known-failures.txt: remove test that now passes
    (test/rinda/test_rinda.rb)
  * debian/rules: enable bindnow hardening option (Closes: #822288)
  * debian/copyright: update and simplify copyright annotations for Unicode
    files under enc/trans/JIS/
  * Bump Standards-Version to 3.9.8 (no changes needed)

  [ Christian Hofstaedtler ]
  * Stop providing ruby-interpreter. Only packages providing
    /usr/bin/ruby can be a credible provider of ruby-interpreter.
    (Closes: #822072)
  * Raise priority to "optional", now that ruby2.2 is gone, although
    the value of this change is unclear. (Closes: #822911)
  * Apply patch from Reiner Herrmann <reiner@reiner-h.de> to help with
    reproducibility of mkmf.rb using packages. (Closes: #825569)

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 30 May 2016 12:14:46 +0000

ruby2.3 (2.3.1-1) unstable; urgency=medium

  * Call make install-doc, install-nodoc with V=1, for diagnosing
    build failures.
  * New upstream TEENY version.

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 27 Apr 2016 07:40:42 +0000

ruby2.3 (2.3.0-5) unstable; urgency=medium

  * Set gzip embedded mtime field to fixed value for rdoc-generated
    compressed javascript data. Helps with reproducibility of rdoc-using
    packages.
  * Build tcltk extension for Tcl/Tk 8.6.
  * Apply patch from upstream to fix crash in Proc binding.
    (ruby-core: 74100, trunk r54128, bug #12137). (Closes: #816161)

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 16 Mar 2016 23:36:12 +0000

ruby2.3 (2.3.0-4) unstable; urgency=medium

  * Apply patch from upstream to fix deserializing OpenStruct via Psych,
    (ruby-core: 72501, trunk r53366). (Closes: #816358)

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 01 Mar 2016 22:41:19 +0100

ruby2.3 (2.3.0-3) unstable; urgency=medium

  * Explicitly set bundled gem dates. Otherwise these multi-arch same files
    differ on different architectures depending on build date.
    (Closes: #810321)
  * Apply patch from upstream (ruby-core:72736, trunk r53455) to fix extension
    builds that use g++.
  * Bump Standards-Version to 3.9.7 with no addtl. changes
  * d/copyright: Remove rake, no longer bundled.
  * Switch Vcs-* URLs to https.

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 29 Feb 2016 21:45:51 +0100

ruby2.3 (2.3.0-2) unstable; urgency=medium

  * debian/libruby2.3.symbols: update with new symbols introduced right before
    the final 2.3.0 release.
  * libruby2.3: add dependencies on rake, ruby-did-you-mean and
    ruby-net-telnet

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 30 Jan 2016 09:20:31 -0200

ruby2.3 (2.3.0-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Ruby 2.3
  * debian/tests/bundled-gems: check if all libraries that are supposed to be
    bundled are present, with a version greater than or equal to the one
    specified in gems/bundled_gems
  * debian/tests/run-all: filter failures against list of known failures. Pass
    if only the tests listed in debian/tests/known-failures.txt fail, fail
    otherwise. This will help catch regressions.
  * debian/copyright: update wrt new files in the distribution

  [ Christian Hofstaedtler ]
  * autopkgtest: depend on all packages so we actually have header files
    installed.

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 28 Dec 2015 09:17:47 -0300

ruby2.2 (2.2.3-2) unstable; urgency=medium

  * Add dependency on ruby-minitest to provide the same experience out of the
    box as the upstream package (Closes: #803665)
  * Apply upstream patch to not use SSLv3 methods if OpenSSL does not export
    them (Closes: #804089)
  * updated debian/libruby2.2.symbols with 1 new symbol.

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 05 Nov 2015 18:43:02 -0200

ruby2.2 (2.2.3-1) unstable; urgency=medium

  * New upstream release

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 18 Aug 2015 22:22:21 +0000

ruby2.2 (2.2.2-3) unstable; urgency=medium

  [ Christian Hofstaedtler ]
  * Have libruby2.2 depend on ruby-test-unit, as upstream bundles this
    externally maintained package in their tarballs. (Closes: #791925)

  [ Antonio Terceiro ]
  * Apply upstream patches to fix Request hijacking vulnerability in Rubygems
    [CVE-2015-3900] (Closes: #790111)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Jul 2015 09:50:08 -0300

ruby2.2 (2.2.2-2) unstable; urgency=medium

  * Make Date in gemspec reproducible. Initial patch from Chris Lamb
    <lamby@debian.org>. (Closes: #779631, #784225)
  * Replace embedded copies of Lato with symlinks to fonts-lato.
    (Closes: #762348)
  * debian/copyright: improve DEP-5 compliance.
  * Provide debug symbols, in a new libruby2.2-dbg package. Patch from
    Matt Palmer <mpalmer@debian.org>. (Closes: #785685)
  * Build libruby.so with dpkg-buildflags supplied LDFLAGS.
    (Closes: #762350)

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 01 Jul 2015 15:36:24 +0200

ruby2.2 (2.2.2-1) unstable; urgency=medium

  * New upstream release
    - includes fix for vulnerability with overly permissive matching of
      hostnames in OpenSSL extension [CVE-2015-1855]
  * debian/rules: add import-orig-source to automate importing orig tarballs
    generated from the upstream git mirror.
  * debian/tests: add a functional test that will run all tests under test/

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 03 May 2015 18:56:32 -0300

ruby2.2 (2.2.1-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: review
    - enc/* relicensed to the same license as Ruby
    - add license for ccan/* (CC0)
    - add license for enc/trans/JIS/*
      - some under the "Unicode" license
      - most under permissive "You can use, modify, distribute this table
        freely." terms
    - ext/nkf/ relicensed to zlib/libpng license
  * debian/upstream-changes: simpler and more accurate implementation
  * debian/libruby2.2.symbols: updated

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 03 Apr 2015 21:30:14 -0300

ruby2.2 (2.2.0~1-1) UNRELEASED; urgency=medium

  * Ruby 2.2 RC1
  * Dropped all Debian-specific changes to the upstream sources; everything we
    need is fixed upstream

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 19 Dec 2014 14:46:35 -0200

ruby2.1 (2.1.5-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2014-8090 Another Denial of Service XML Expansion
      (Closes: #770932)
    - Fixes build on SPARC (Closes: #769731)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 29 Nov 2014 12:30:39 -0200

ruby2.1 (2.1.4-1) unstable; urgency=high

  * New upstream version
    - CVE-2014-8080: Denial of Service in XML Expansion
    - Changes default settings in OpenSSL bindings to not use deprecated and
      insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the
      "POODLE" bug in OpenSSL)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Oct 2014 12:07:22 -0200

ruby2.1 (2.1.3-2) unstable; urgency=medium

  [ Sebastian Boehm ]
  * Install SystemTap tap file (Closes: #765862)

 -- Christian Hofstaedtler <zeha@debian.org>  Sun, 19 Oct 2014 20:07:50 +0200

ruby2.1 (2.1.3-1) unstable; urgency=medium

  * New upstream version

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 20 Sep 2014 16:55:47 +0200

ruby2.1 (2.1.2-4) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Move libjs-jquery dependency from libruby2.1 to ruby2.1, and turn it into
    Recommends:. This way programs that link against libruby2.1 won't pull in
    libjs-jquery; OTOH those using rdoc (and thus needing libjs-jquery) would
    be already using ruby2.1 anyway.

  [ Christian Hofstaedtler ]
  * Update Vcs-Git URL, as we've moved from master2.1 to master.
  * Prepare libruby21.symbols for x32 (Closes: #759615)
  * Remove embedded copies of SSL certificates. Rubygems is advised by
    rubygems-integration to use the ca-certificates provided certificates.
    (Closes: #689074)

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 05 Sep 2014 03:06:30 +0200

ruby2.1 (2.1.2-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: call debian/split-tk-out.rb with $(baseruby) instead of
    `ruby` to actually support bootstrapping with ruby1.8 (and no `ruby`)
  * Break dependency loop (Closes: #747858)
    - ruby2.1: drop dependency on ruby
    - libruby2.1: drop dependency on ruby2.1

  [ Christian Hofstaedtler ]
  * Add missing man pages for gem, rdoc, testrb (Closes: #756053, #756815)
  * Correct ruby2.1's Multi-Arch flag to 'allowed' (Closes: #745360)

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 14 Aug 2014 10:45:29 -0300

ruby2.1 (2.1.2-2) unstable; urgency=medium

  * Support bootstrapping with Ruby 1.8 (which builds with gcc only) if another
    Ruby is not available.

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 15 May 2014 23:20:49 -0300

ruby2.1 (2.1.2-1) unstable; urgency=medium

  [ Christian Hofstaedtler ]
  * New upstream version
  * Update watch file

  [ Sebastian Boehm ]
  * Build with basic systemtap support. (Closes: #747232)

  [ Antonio Terceiro ]
  * 2.1 is now the main development branch

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 10 May 2014 15:51:13 +0200

ruby2.1 (2.1.1-4) unstable; urgency=medium

  * Use Debian copy of config.{guess,sub}
    Instead of downloading it from the Internet, which could be down or
    insecure. Thanks to Scott Kitterman for the report AND patch.
    (Closes: 745699)
  * Move jquery source file to d/missing-sources

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 25 Apr 2014 00:57:13 +0200

ruby2.1 (2.1.1-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Disable rubygems-integration during the build. This fixes the install
    location of the gemspecs for the bundled libraries. (Closes: #745465)

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 22 Apr 2014 18:38:01 +0200

ruby2.1 (2.1.1-2) unstable; urgency=medium

  * Tie Tcl/Tk dependency to version 8.5, applying patch from Ubuntu.
    Thanks to Matthias Klose <doko@debian.org>

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 10 Mar 2014 13:38:41 +0100

ruby2.1 (2.1.1-1) unstable; urgency=medium

  * Imported Upstream version 2.1.1
  * Update lintian overrides

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 05 Mar 2014 18:22:58 +0100

ruby2.1 (2.1.0-2) unstable; urgency=medium

  * ruby2.1-dev: Depend on libgmp-dev.
    Thanks to John Leach <john@johnleach.co.uk>
  * Fix FTBFS with libreadline 6.x, by applying upstream r45225.

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 03 Mar 2014 21:10:32 +0100

ruby2.1 (2.1.0-1) unstable; urgency=medium

  * Upload to unstable.

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 22 Feb 2014 23:44:44 +0100

ruby2.1 (2.1.0-1~exp2) experimental; urgency=medium

  [ Antonio Terceiro ]
  * ruby2.1-dev: add missing dependency on libruby2.1

  [ Christian Hofstaedtler ]
  * Again depend on ruby without alternatives management
  * Tag 64bit-only symbols as such

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 13 Feb 2014 13:02:25 +0100

ruby2.1 (2.1.0-1~exp1) experimental; urgency=medium

  * New release train, branch off and rename everything to ruby2.1
    (Closes: #736664)
  * Build with GMP library for faster Bignum operations.
  * Target experimental as long as ruby 1:1.9.3.1 has not entered
    unstable, dropping the versioned dependency for now.

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 23 Jan 2014 19:25:19 +0100

ruby2.0 (2.0.0.484-1) UNRELEASED; urgency=medium

  [ Antonio Terceiro ]
  * New upstream snapshot.
  * Add patch by Yamashita Yuu to fix build against newer OpenSSL
    (Closes: #733372)

  [ Christian Hofstaedtler ]
  * Use any valid Ruby interpreter to bootstrap
  * Bump Standards-Version to 3.9.5 (no changes)
  * Add myself to Uploaders:
  * Add Dependencies to facilitate upgrades from 1.8
    * libruby2.0 now depends on ruby2.0
    * ruby2.0 now depends on ruby
  * Stop installing alternatives/symlinks for binaries:
    * /usr/bin/{ruby,erb,testrb,irb,rdoc,ri}

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 17 Jan 2014 16:35:57 +0100

ruby2.0 (2.0.0.353-1) unstable; urgency=low

  * New upstream release
    + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
      Closes: #730190

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 25 Nov 2013 22:34:25 -0300

ruby2.0 (2.0.0.343-1) unstable; urgency=low

  * New upstream version (snapshot from 2.0 maintainance branch).
  * fix typo in ruby2.0-tcltk description
  * Backported upstream patches from Tanaka Akira to fix FTBFS on:
    - GNU/kFreeBSD (Closes: #726095)
    - x32 (Closes: #727010)
  * Make date for io-console gemspec predictable (Closes: #724974)
  * libruby2.0 now depends on libjs-jquery because of rdoc (Closes: #725056)
  * Backport upstream patch by Nobuyoshi Nakada to fix include directory in
    `pkg-config --cflags` (Closes: #725166)
  * Document missing licenses in debian/copyright (Closes: #723161)
  * debian/libruby2.0.symbols: add new symbol rb_exec_recursive_paired_outer
    (not in the public API though)

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 05 Nov 2013 20:33:23 -0300

ruby2.0 (2.0.0.299-2) unstable; urgency=low

  * Split Ruby/Tk out of libruby2.0 into its own package, ruby2.0-tcltk. This
    will reduce the footprint of a basic Ruby installation.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 15 Sep 2013 22:09:57 -0300

ruby2.0 (2.0.0.299-1) unstable; urgency=low

  * New upstream release
    + Includes a fix for override of existing LDFLAGS when building compiled
      extensions that use pkg-config (Closes: #721799).
  * debian/rules: forward-port to tcl/tk packages with multi-arch support.
    Thanks to Tristan Hill for reporting on build for Ubuntu saucy
  * debian/control: ruby2.0 now provides ruby-interpreter
  * Now using tarballs generated from the git mirror.
    + The released tarballs will modify shipped files on clean. Without this
      we can stop messing around with files that need to be recovered after a
      `debian/rules clean` to make them match the orig tarball and avoid
      spurious diffs.
    + This also lets us drop the diffs against generated files such as
      tool/config.* and configure.
    + documented in debian/README.source
  * debian/libruby2.0.symbols: refreshed with 2 new symbols added since last
    version.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 08 Sep 2013 12:38:34 -0300

ruby2.0 (2.0.0.247-1) unstable; urgency=low

  * Initial release (Closes: #697703)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 07 Jan 2013 14:48:51 -0300
