lp://staging/ubuntu/maverick-security/ruby1.8

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

39. By Tyler Hicks on 2012-02-21

* SECURITY UPDATE: Cross-site scripting via HTTP error responses
  - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
    set for HTTP error responses. Based on upstream patch.
  - CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

38. By Lucas Nussbaum on 2010-07-30

* Convert from dpatch to quilt using dpatch2quilt.sh
* Add patch 100730_disable_getsetcontext_on_nptl: disable getsetcontext on
  NPTL. LP: #307462, Closes: #579229
* Added 100730_verbose-tests.patch: run tests in verbose mode.
* Run make test-all, but do not consider failures fatal for now.
* Upgrade to Standards-Version: 3.9.1. No changes needed.
* Deal with Ubuntu changing the GCC target to i686-linux-gnu: search
  for libs in i486-linux too. LP: #611322.

37. By daigo on 2010-06-27

* New upstream release
* Removed patches that the upstrem has applied:
  - debian/patches/100312_timeout-fix.dpatch
  - debian/patches/100620_fix_pathname_warning.dpatch
  - debian/patches/100620_fix_super_called_outside_of_method.dpatch

36. By daigo on 2010-06-20

[ Lucas Nussbaum ]
* Make ruby1.8 depend on exactly the same version of libruby1.8 after
  private discussion with Alex Legler. This avoids confusing situations
  for users.
* Update debian/patches/100312_timeout-fix.dpatch after discussion with
  Petr Salinger. Treat FreeBSD the same as Linux. Closes: #580464

[ Daigo Moriwaki ]
* Removed debian/patches/091125_gc_check.dpatch, which the upstream has
  applied. (Closes: #586374)
* Added debian/patches/100620_fix_pathname_warning.dpatch, which was
  backported from the upstream r23485.
  (Closes: #566611)
* Added debian/patches/100620_fix_super_called_outside_of_method.dpatch,
  which was backported from the upstream r26534:26536. (Closes: #568597)

35. By Lucas Nussbaum on 2010-03-23

* Fix sections. Agree with ftpmasters.
* Update debian/copyright. Clarify that Ruby is GPLv2, not just "GPL".
* Merge lib{dbm,gdbm,readline,openssl}-ruby1.8 into libruby1.8.
* Merge irb1.8 and rdoc1.8 into ruby1.8.
* Update lintian override.
* Update debian/copyright.
* Upgrade to Standards-Version: 3.8.4. No changes needed.
* Add README.source.
* Fix not-binnmuable-all-depends-any lintian warning.
* Add lintian override for package-name-doesnt-match-sonames.
* Remove duplicate section/priority stanzas.
* Fix a few minor problems in manpages.

34. By Lucas Nussbaum on 2010-03-12

Add 100312_timeout-fix.dpatch: Backport upstream change to fix
problem with threads and timeouts. Closes: #539987

33. By Martin Pitt on 2010-03-08

Move libreadline5-dev build dependency to libreadline-dev, to build
against libreadline6. (Debian #553843)

32. By daigo on 2010-01-10

* New upstream release.
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
  standard library. WEBrick lets attackers to inject malicious escape
  sequences to its logs, making it possible for dangerous control characters
  to be executed on a victim's terminal emulator.

31. By daigo on 2009-11-28

Added debian/patches/091125_gc_check.dpatch: applied Bryan's patch to fix
garbage collector seg faults under race conditions. (upstream issue #2326)
Thans to Bryan McLellan. (Closes: #557924)

30. By daigo on 2009-08-19

[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
  when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
  run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
  a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
  from OpenSSL::X509::ExtensionFactory. (Closes: #489443)

[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
  lot for the past help! Closes: #541037

[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
  sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.