lp://staging/ubuntu/raring-updates/ruby1.9.1

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/raring-updates/ruby1.9.1
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

29. By Marc Deslauriers

* SECURITY UPDATE: safe level restriction bypass via DL and Fiddle
  - debian/patches/CVE-2013-2065.patch: perform taint checking in
    ext/dl/lib/dl/func.rb, ext/fiddle/function.c.
  - CVE-2013-2065
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in floating point parsing.
  - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
    test to test/ruby/test_float.rb.
  - CVE-2013-4164

28. By Marc Deslauriers

* SECURITY UPDATE: incorrect ssl hostname verification
  - debian/patches/CVE-2013-4073.patch: fix hostname check and regression
    in ext/openssl/lib/openssl/ssl-internal.rb, added test to
    test/openssl/test_ssl.rb.
  - CVE-2013-4073

27. By Marc Deslauriers

* Merge from Debian testing. Remaining changes:
  - debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification
  - debian/rules: Don't install SSL certificates from upstream sources
  - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
    /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
  - debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test
    error. Use the version of the fix from upstream's 1.9.3 tree to fix
    the NoMethodError for assert_file_not, which doesn't exist in 1.9.3.
    Adjust the Origin patch tag accordingly.

26. By Tyler Hicks

* Merge from Debian testing (LP: #1131493). Remaining changes:
  - debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification
  - debian/rules: Don't install SSL certificates from upstream sources
  - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
    /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
* Changes dropped:
  - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch
    for this issue.
  - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is
    carrying a patch for this issue, but the patch is incorrectly named
    20120927-cve_2011_1005.patch. I'll work with Debian to change the patch
    name, but there's no need in carrying a delta because of this. To be
    clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and
    CVE-2012-4466, despite the incorrect patch name.
* debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error.
  Use the version of the fix from upstream's 1.9.3 tree to fix the
  NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust
  the Origin patch tag accordingly.

25. By Tyler Hicks

* SECURITY UPDATE: Safe level bypass
  - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove
    incorrect string taint in exception handling methods. Based on upstream
    patch.
  - CVE-2012-4464
  - CVE-2012-4466
* SECURITY UPDATE: Missing input sanitization of file paths
  - debian/patches/20121016-cve_2012_4522.patch: NUL characters are not
    valid filename characters, so ensure that Ruby strings used for file
    paths do not contain NUL characters. Based on upstream patch.
  - CVE-2012-4522
* debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is
  technically not affected by CVE-2011-1005. CVE-2012-4464 is the id
  assigned to the vulnerability in the ruby1.9.x branch.

24. By Tyler Hicks

* SECURITY UPDATE: Safe level bypass
  - debian/patches/20120927-cve_2011_1005.patch: Remove incorrect string
    taint in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* Make the RubyGems fetcher use distro-provided ca-certificates
  (LP: #1057926)
  - debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification
  - debian/rules: Don't install SSL certificates from upstream sources
  - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
    /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.

23. By Antonio Terceiro

[ Lucas Nussbaum ]
* Add hurd-path-max.diff. Fixes FTBFS on Hurd. (Closes: #648055)

[ Daigo Moriwaki ]
* Removed debian/patches/debian/patches/sparc-continuations.diff,
  which the upstream has applied.
* debian/rules:
  - Bumped up tcltk_ver to 8.5.
  - Used chrpath for tcltklib.so to fix a lintian error,
    binary-or-shlib-defines-rpath.
* debian/control:
  - Suggests ruby-switch. (Closes: #654312)
  - Build-Depends: chrpath.
* debian/libruby1.9.1.symbols: Added a new symbol for
  rb_str_modify_expand@Base.
* debian/run-test-suites.bash:
  - Corrected options for test-all.
  - Enabled timeout to allow hang tests to be aborted.

[ James Healy ]
* New upstream release: 1.9.3p194 (Closes: #669582)
  + This release includes a fix for CVE-2011-0188 (Closes: #628451)
  + This release also does not segfault when running the test suite under
    amd64 (Closes: #674347)
* Enable hardened build flags (Closes: #667964)
* debian/control:
  - depend on specific version on coreutils
  - update policy version (no changes)

[ Antonio Terceiro ]
* debian/ruby1.9.1.postinst:
  + bump alternatives priority for `ruby` to 51 so that Ruby 1.9 has a
    higher priority than Ruby 1.8 (50).
  + bump alternatives priority for `gem` to 181 so that the Rubygems
    provided by Ruby 1.9 has priority over the one provided by the rubygems
    package.
* debian/control: added myself to Uploaders:
* debian/libruby1.9.1.symbols: update with new symbols added in 1.9.3p194
  upstream release.
* debian/manpages/*: fix references to command names with s/1.9/1.9.1/
* debian/rules: skip running DRB tests, since they seem to make the build
  hang. This should close #647296, but let's way and see. Also, with this do
  not need to timeout the test suite anymore.

22. By Matthias Klose

Don't run the tests on armhf for a first build.

21. By Lucas Nussbaum <email address hidden>

* New upstream release: 1.9.3p0.
* Disable test suites on ia64 sparc kfreebsd-i386 kfreebsd-amd64.
  Those architectures are known to be broken at the moment.
  Details: http://lists.debian.org/debian-release/2011/10/msg00279.html

20. By Lucas Nussbaum <email address hidden>

* New upstream release: 1.9.3 RC1.
  + Includes load.c fixes. Closes: #639959.
* Upload to unstable.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/saucy/ruby1.9.1
This branch contains Public information 
Everyone can see this information.

Subscribers