Skip to content

Changelog ruby3.0 (3.0.2-7ubuntu2.3)


ruby3.0 (3.0.2-7ubuntu2.3) jammy-security; urgency=medium

   * SECURITY UPDATE: HTTP response splitting
     - debian/patches/CVE-2021-33621*.patch: adds regex to lib/cgi/core.rb and
       lib/cgi/cookie.rb along with tests to check http response headers and
       cookie fields for invalid characters.
     - debian/patches/fix_tzdata-2022.patch: fix for tzdata-2022g tests
       in test/ruby/test_time_tz.rb.
     - CVE-2021-33621


ruby3.0 (3.0.2-7ubuntu2.2) jammy; urgency=medium

   * d/p/fix-length-calc-for-Array#slice.patch: Add patch to
     fix length calculation for Array#slice!. (LP: #1982703)

ruby3.0 (3.0.2-7ubuntu2.1) jammy-security; urgency=medium

   * SECURITY UPDATE: Double free
     - debian/patches/CVE-2022-28738.patch: just free compiled
       pattern if no space is used in regcomp.c, test/ruby/test_regexp.rb.
     - CVE-2022-28738
   * SECURITY UPDATE: Buffer over-read
     - debian/patches/CVE-2022-28739.patch: fix dtoa buffer
       overrun in missing/dtoa.c, test/ruby/test_float.rb.
     - CVE-2022-28739

ruby3.0 (3.0.2-7ubuntu2) jammy; urgency=medium

   * SECURITY UPDATE: Buffer overrun
     - debian/patches/CVE-2021-41816.patch: fix integer overflow making
       sure use of the check in rb_alloc_tmp_buffer2 in
     - CVE-2021-41816
   * SECURITY UPDATE: ReDoS vulnerability
     - debian/patches/CVE-2021-41817-*.patch: add length limit option
       for methods that parses date strings and mimic prev behaviour
       in  ext/date/date_core.c, test/date/test_date_parse.rb.
     - CVE-2021-41817
   * SECURITY UPDATE: Mishandles sec prefixes in cookie names
     - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
       decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
     - CVE-2021-41819

ruby3.0 (3.0.2-7ubuntu1) jammy; urgency=medium

   * d/{genprovides,rules}: fix generation of Provides (LP: #1964813).
     With ruby3.0 gems are provided both under
     /usr/lib/ruby/gems/3.0.0/specifications/default/ and at the superior
     directory, /usr/lib/ruby/gems/3.0.0/specifications/. Change to catch all
     gemspecs under /usr/lib/ruby/gems/3.0.0/specifications/ instead.

ruby3.0 (3.0.2-7) unstable; urgency=medium

   * d/t/run-all: create needed empty files, fix autopkgtest regression.

ruby3.0 (3.0.2-6) unstable; urgency=medium

   [ Antonio Terceiro ]
   * debian/rules: normalize LC_ALL
   * debian/salsa-ci.yml: don't skip tests on reprotest
   [ Lucas Kanashiro ]
   * Add patch to update ruby/openssl to version 3.0.0 (LP: #1946190)
   * d/rules: disable LTO, it causes a segfault
   * Add patch to update rubygems to version 3.3.3
   * d/rules: create needed empty file to run openssl tests
   * d/rules: build with -O1 on alpha (Closes: #999351)
   * Skip tests failing on x32 architecture (Closes: #999350)


ruby3.0 (3.0.2-5) unstable; urgency=medium

   * Refresh patches with gbp pq
   * Update patch for armhf to apply to all architectures
   * ppc64el: skip some failing tests (Closes: #996724)

ruby3.0 (3.0.2-4) unstable; urgency=medium

   * salsa ci: don't run tests for reprotest check
   * debian/source/lintian-overrides: ignore source-contains-prebuilt-ms-help-file
   * debian/libruby3.0.symbols: drop MISSING entries
   * debian/libruby3.0.symbols: mark optional and arch-specific symbols
   * debian/tests/excludes/any: skip tests that fail on porter boxes
   * salsa-ci: blhc: ignore false positives

ruby3.0 (3.0.2-3) unstable; urgency=medium

   [ Lucas Kanashiro ]
   * Exclude test which requires Internet access (Closes: #995716)
   [ Antonio Terceiro ]
   * Add patch to fix Bus error on mipsel

ruby3.0 (3.0.2-2) unstable; urgency=medium

   * debian/libruby3.0.symbols: update symbols,
     Should fix the build on i386, mips64el, s390x, and others.
   * debian/rules: remove config.log when cleaning
   * debian/gbp.conf: set debian to master
   * tool/m4/ruby_default_arch.m4: add suppor for 32-bit arm.
     Fixes the build on armel and armhf

ruby3.0 (3.0.2-1) unstable; urgency=medium

   * New upstream release.
   * Add patch to make resolv allow dash in zone_id in IPv6 local addresses.
   * Skip tests which require to update gems in the system.
   * Symbols update for 3.0.2 release.
   * d/t/bundled-gems: adjust test due to upstream changes.
   * d/t/skiplist: add new files in test/mkmf.
   * Exclude some tests which are failing due to a rubygems version mismatch.
     The ruby-rubygems version is different than the one embedded in ruby.
   * Exclude from autopkgtest another test relying in the source tree structure.
   * d/missing-sources/jquery.js: removed, it is not needed anymore.
   * d/rules: use variables instead of hardcoded ruby version in dh_gencontrol.

ruby3.0 (3.0.0-2) unstable; urgency=medium

   [ Utkarsh Gupta ]
   * Upload to unstable.
   * Fix symbols file for i386 build.
   * Cherry-pick 250ebbab from master.
   [ Chris Hofstaedtler ]
   * Remove myself from Uploaders


ruby3.0 (3.0.0-1) experimental; urgency=medium

   * New upstream version 3.0.0
   * Refresh d/patches
   * Update symbols file

ruby3.0 (3.0.0~rc1-1) experimental; urgency=medium

   * New upstream version 3.0.0~rc1
   * Refresh d/patches
   * Don't run test_class_no_openssl_override test
   * Update symbols file

ruby3.0 (3.0.0~preview2-1) experimental; urgency=medium

   * New upstream version 3.0.0~preview2
   * Re-format d/gbp.conf
   * Drop patches that has been merged upstream
   * Refresh d/patches
   * Update symbols file

ruby3.0 (3.0.0~preview1-1) experimental; urgency=medium

   [ Cédric Boutillier ]
   * [ci skip] Add .gitattributes to keep unwanted files out of
     the source package
   * update 0001-rdoc-build-reproducible-documentation.patch
   * use C.UTF-8 locale
   * New patch to prevent trying to download gems from internet
   * NEWS file has now a .md extension
   * Update symbols file
   * Use debhelper-compat 13
   * Add Build-Depends-Package metadata in symbols file
   * Move paragraph in copyright file to have match
   * fix gbp command name in
   * Remove sdbm from builtin-extensions test
   * hyphen-used-as-minus-sign tag removed from lintian
   * Remove debian version from declared missing symbols
   [ Utkarsh Gupta ]
   * Update d/watch for ruby3.0.
   * New upstream version 3.0.0~preview1.
   * Ruby 3.0.
   * Refresh d/patches.
   * Update package for ruby3.0.
   * Add patch to fix TestIRB::TestHistory tests.
   * Skip test_build_extensions_extconf_bad test as it fails
     in sbuild.
   * Skip test/rubygems/test_bundled_ca.rb tests.
   * Fix symbols file to fix the build for i386 arch.
   * Skip test which require building gem native extensions.
   * Skip test_realworld_upgraded_default_gem for autopkgtest.
   * Add patch to fix "real" autopkgtests related to rubygems.

ruby2.7 (2.7.1-3) unstable; urgency=medium

   * Do not run TestJIT.rb test file on salsa and autopkgtest
   * Exclude all racc command related tests when running autopkgtest

ruby2.7 (2.7.1-2) unstable; urgency=medium

   * Skip flaky DRbTest in i386

ruby2.7 (2.7.1-1) unstable; urgency=medium

   * New upstream version 2.7.1
   * d/control: rules does not require root
   * d/copyright: update Debian packaging copyright
   * Mark ruby2.7-doc binary package as Multi-Arch: foreign (Closes: #956798)
   * B-d on libncurses-dev instead of libncurses{,w}5-dev (Closes: #956799)

ruby2.7 (2.7.0-7) unstable; urgency=medium

   [ Lucas Kanashiro ]
   * d/rules: remove extra space from riscv configure line
   [ Antonio Terceiro ]
   * libruby: calculate provides dynamically
   * libruby: do not provide ruby-bundler (Closes: #959393)

ruby2.7 (2.7.0-6) unstable; urgency=medium

   * Add patch to fix FTBFS on x32: misdetected as i386 or amd64
     (Closes: #954293)
   * d/rules: add -fno-crossjumping to CFLAGS (Closes: #951714)
   * Make 64-bit-only symbols optional to fix FTBFS on i386/armhf

ruby2.7 (2.7.0-5) unstable; urgency=medium

   [ Antonio Terceiro ]
   * Add test excludes for salsa
   [ Lucas Kanashiro ]
   * d/rules: build with -latomic on riscv64
   * Disable some tests that fail or time out on riscv64
   * d/control: list all libruby2.7 bundle gems in Provides field
   * d/libruby2.7.lintian-overrides:
     - ignore library-not-linked-against-libc errors, the *.so extension files
       are linked against libruby2.7 only
     - ignore wrong-path-to-the-ruby-interpreter errors, the scripts reported
       are not supposed to be used by users
   * d/libruby2.7.symbols: add missing symbols
   * d/control: use secure url in Homepage field
   * Declare compliance with Debian Policy 4.5.0
   * d/copyright: use secure urls in Format and Source fields
   * Bump debhelper compatibility level to 12

ruby2.7 (2.7.0-4) unstable; urgency=medium

   * mipsel: exclude test that fails on buildd

ruby2.7 (2.7.0-3) unstable; urgency=medium

   * Fix priority order of paths in -I option

ruby2.7 (2.7.0-2) unstable; urgency=medium

   * Fix symbols file using dpkg-gensymbols (Closes: #948371)
   * debian/rules: fix dh_auto_clean override (Closes: #948187)
   * debian/tests/run-all: copy tool/ to $AUTOPKGTEST_TMP
   * Exclude some failing tests when executed via autopkgtest
   * Set OPENSSL_CONF to lower security level to 1
   * Skip some tests that need root permission to pass

ruby2.7 (2.7.0-1) unstable; urgency=medium

   * No changes rebuild

ruby2.7 (2.7.0-1~exp1) experimental; urgency=medium

   * New upstream version 2.7.0
   * Update d/libruby2.7.symbols
   * d/copyright: remove some files dropped in this new release
   * d/t/run-all: use AUTOPKGTEST_TMP instead of ADTTMP


ruby2.7 (2.7.0~preview2-1~exp1) experimental; urgency=medium

   [ Antonio Terceiro ]
   * New upstream version 2.5.7
   * autopkgtest: simplify test runner even more
   [ Lucas Kanashiro ]
   * d/watch: track release 2.7.x
   * New upstream version 2.7.0~preview2
   * Ruby 2.7
   * Update patches
   * Exclude tests which fail due to ~ in version string
   * debian/rules: define $HOME since some tests rely on it
   [ Antonio Terceiro ]
   * skip test-spec during build
   * Update symbols file with new symbols in ruby 2.7
   [ Lucas Kanashiro ]
   * Add myself to Uploaders list

ruby2.5 (2.5.7-1) unstable; urgency=medium

   [ Utkarsh Gupta ]
   * Add salsa-ci.yml
   [ Antonio Terceiro ]
   * New upstream version 2.5.7
   * Refresh patches
   * autopkgtest: rework "expected failures" mechanism. We now just skip the
     tests cases that are known to fail, and not load at all the test files
     that fail to load. This will make the output in case of failures a lot
     more clear.

ruby2.5 (2.5.5-4) unstable; urgency=medium

   [ HIGUCHI Daisuke (VDR dai) ]
   * debian/rules: do not compress debug sections for arch-dep Ruby packages with dh_compat 12

ruby2.5 (2.5.5-3) unstable; urgency=medium

   * ia64: Don't clear register_stack_start (Closes: #928068)

ruby2.5 (2.5.5-2) unstable; urgency=medium

   * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
     network availability, by moving the existing excludes files to the correct
     location. (Closes: #927122)

ruby2.5 (2.5.5-1) unstable; urgency=medium

   * New upstream version 2.5.5. Includes a series of bug fixes, most notably
     for 6 security bugs discovered in Rubygems:
     - CVE-2019-8320: Delete directory using symlink when decompressing tar
     - CVE-2019-8321: Escape sequence injection vulnerability in verbose
     - CVE-2019-8322: Escape sequence injection vulnerability in gem owner
     - CVE-2019-8323: Escape sequence injection vulnerability in API response
     - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
     - CVE-2019-8325: Escape sequence injection vulnerability in errors
   * Rebase patches. The following patches were applied upstream and dropped
     from the Debian package:
     - 0011-Update-for-tzdata-2018f.patch
     - 0012-test-update-test-certificate.patch

ruby2.5 (2.5.3-4) unstable; urgency=medium

   * 0012-test-update-test-certificate.patch: update test certificate so
     SSL-related tests pass (Closes: 919516)


ruby2.5 (2.5.3-3) unstable; urgency=medium

   * arm64: also skip TestBugReporter#test_bug_reporter_add, which also fails~
     4% of the time.
   * mipsel: fix location of skiplist for OpenSSL::TestSSL, from TestSSL.rb to
   * Remove skiplist for OpenSSL::TestSSL on all architectures. It was in the
     wrong place to begin with.
   * Fix location of skiplist for Rinda-related tests.

ruby2.5 (2.5.3-2) unstable; urgency=medium

   * arm64: skip TestRubyOptions#test_segv_loaded_features, fails ~3% of the
   * mipsel: skip OpenSSL::TestSSL tests that frequently timeout on the Debian
     - test_dh_callback
     - test_get_ephemeral_key
     - test_post_connect_check_with_anon_ciphers

ruby2.5 (2.5.3-1) unstable; urgency=medium

   * New upstream version 2.5.3
     - Includes fix for CVE-2018-16396, "Tainted flags are not propagated in
       Array#pack and String#unpack with some directives" (Closes: #911920)
   * Refresh patches:
     - Dropped 0009-merge-changes-in-ruby-openssl-v2.1.1.patch, already applied
   * Add tzdata to Build-Depends (Closes: #911717)
   * Cherry-pick upstream commmit with update to tests due to changes in tzdata
     2018f (Closes: #913181)
   * Update gemspec reproducibility patch to also make new default gems fiddle
     and ipaddr reproducible. (Closes: #898051)
   * debian/rules: don't install created.rid file produced by rdoc to make
     build reproducible. This file is used by rdoc to decide when to update
     documentation when in use in interactive settings, and containing a
     timestamp is one of its functions. Is is not necessary for a binary
     package, though, because the included documentation will never need to be
     updated in-place.

ruby2.5 (2.5.1-6) unstable; urgency=medium

   * Fix build with openssl 1.1.1 (Closes: #907790)
     - Apply Ruby upstream patch to update openssl extension to v2.1.1. This
       includes some, but not all, changes needed to make the tests pass
       against openssl 1.1.1
     - Apply ruby-openssl upstream patches to fix tests against openssl 1.1.1
     - Exclude tests that still fail with openssl 1.1.1
     - debian/rules: set OPENSSL_CONF to /dev/null when running tests to use
       the default openssl settings. Unfortunately there are too many tests for
       several parts of the Ruby standard library that use openssl and that take
       very long to complete under the Debian settings, and I don't have the
       cycles to go fix each one.
     - debian/tests/run-all: also run autopkgtest against the default openssl
       settings and not the Debian-specific ones.
   * debian/tests/run-all: fix reference to excludes dir

ruby2.5 (2.5.1-5) unstable; urgency=medium

   * Fix spelling error in patch description
   * Remove always-on dh --parallel
   * Pass --host to configure when cross-building.
     We cannot just use dh_auto_configure because some of the added options
     then make configure need a baseruby, which we want to avoid when
     building for the native arch. (Closes: #893501)

ruby2.5 (2.5.1-4) unstable; urgency=medium

   * Disable tests failing on Ubuntu builders (Closes: #886515)
   * Bump Standards-Version to 4.1.5

ruby2.5 (2.5.1-3) unstable; urgency=medium

   * Exclude test that often fails on the Debian mips buildds
   * Add missing patch needed for kfreebsd-amd64 port (Closes: #899267)

ruby2.5 (2.5.1-2) unstable; urgency=medium

   [ Antonio Terceiro ]
   * debian/tests/control: ignore output on stderr
   * debian/tests/bundled-gems: only fail on missing gems. Only warn if version
     found is not new enough
   * libruby2.5: add dependency on ruby-xmlrpc
   [ Samuel Thibault ]
   * Fix FTBFS on hurd (Closes: #896509)
   [ Svante Signell ]
   * Exclude tests that fail on kfreebsd (Closes: #899267)
   [ Antonio Terceiro ]
   * Update symbols file for 64-bit architectures
   [ Santiago R.R ]
   * Exclude Rinda TestRingFinger and TestRingServer test units requiring network access
     (Closes: #898917)

ruby2.5 (2.5.1-1) unstable; urgency=medium

   * New upstream version 2.5.1.
     According to the release announcement, includes fixes for the following
     security issues:
     - CVE-2017-17742: HTTP response splitting in WEBrick
     - CVE-2018-6914: Unintentional file and directory creation with directory
       traversal in tempfile and tmpdir
     - CVE-2018-8777: DoS by large request in WEBrick
     - CVE-2018-8778: Buffer under-read in String#unpack
     - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
       UNIXServer and UNIXSocket
     - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
     - Multiple vulnerabilities in RubyGems
   * Refresh patches.
     Patches dropped for being already applied upstream:
     - 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
     - 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
   * Add patch to fix FTBFS on ia64 (Closes: #889848)
   * Add simple autopkgtest to check for builtin extensions that are build
     against external dependencies (ssl, yaml, *dbm etc)
   * Add build-dependency on libgdbm-compat-dev (Closes: #892099)
   * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
     assumptions that don't hold on newer tzdata update. Upstream bug:
   * debian/libruby2.5.symbols: update with new symbol added in this release

ruby2.5 (2.5.0-6) unstable; urgency=medium

   * debian/rules: explicitly pass --runstatedir, --localstatedir, and
     --sysconfdir to ./configure

ruby2.5 (2.5.0-5) unstable; urgency=medium

   * Change Maintainer: to Debian Ruby Team
   * debian/patches/0005-Fix-tests-to-cope-with-updates-in-tzdata.patch: fix
     test failures after updates in the Japan timezone data (Closes: #889046)
   * debian/patches/0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch:
     upgrade to Rubygems 2.7.6 to fix multiple vulnerabilities


ruby2.5 (2.5.0-4) unstable; urgency=medium

   * debian/rules: pass --excludes-dir options to `make check` via $TESTS

ruby2.5 (2.5.0-3) unstable; urgency=medium

   * arm64: skip TestRubyOptimization#test_clear_unreachable_keyword_args. It
     works just fine on a porter box, but consistently hangs on the arm64
   * mipsel: skip some tests from TestNum2int; they fail on the buildd, but not
     on the porterbox.

ruby2.5 (2.5.0-2) unstable; urgency=medium

   * Move test exclusions from a patch to debian/tests/excludes/
     - debian/rules, debian/tests/run-all: pass the appropriate exclusion flags
       to the test runner
   * Exclude TestResolvMDNS. It will fail on some architectures, and be very
     slow on others.

ruby2.5 (2.5.0-1) unstable; urgency=medium

   * New upstream version 2.5.0
   * Refresh patches
   * debian/libruby2.5.symbols: update
   * debian/tests/known-failures.txt: add another 3 test files that assume the
     tests are being run against a built source tree

ruby2.5 (2.5.0~rc1-1) unstable; urgency=medium

   * New upstream release candidate. Includes the following fixes:
     - Fix stack size on powerpc64 (Closes: #881772)
     - CVE-2017-17405: Command injection vulnerability in Net::FTP
       (Closes: #884437)
   * Refresh patches
   * debian/control:
     - Remove explicit Testsuite: header
     - ruby2.5-dev: Recommends: ruby2.5-doc
     - Declare compatibility with Debian Policy 4.1.2; no changes needed
     - Bump debhelper compatibility level to 10
       - change debian/rules to call ./configure directly, to use upstream's
         built-in multiarch support as before debhelper compatibility level 9
   * debian/watch: download release tarballs.
     Using release tarballs makes it possible to build ruby without having an
     existing ruby. This should help bootstrapping ruby on new
     architectures. (Closes: #832022)
   * debian/copyright: exclude embedded copies of bundled gems and libffi
   * debian/rules:
     - run tests in verbose mode during build
     - drop explicit usage of autotools-dev
     - drop usage of autoreconf debhelper sequence, it's not needed anymore
       since we are now using a complete upstream release tarball
     - drop passing --baseruby to configure, since do not require an existing
       ruby anymore
     - skip setting DEB_HOST_MULTIARCH if already set
     - replace manual call to dpkg-parsechangelog with including
       /usr/share/dpkg/ and using variables from there.
   * autopkgtest: make use of the text exclusion rules under test/excludes/
   * debian/libruby2.5.symbols: update with symbols added/removed since the
     preview1 release
   * debian/tests/bundled-gems: handle extra field in gems/bundled_gems
   * debian/libruby2.5.lintian-overrides: remove unused override

ruby2.5 (2.5.0~preview1-1) unstable; urgency=medium

   [ Antonio Terceiro ]
   * New upstream version 2.5.0~preview1
   * debian/patches: import all of our remaining changes wrt upstream. All the
     changes to tests were transformed into exclude files under test/excludes/
   * ruby2.5-dev: don't install *.a files anymore; they are not installed by
     the upstream build system anymore.
   * debian/rules: adapt removal of embedded certificate store in Rubygems
   * debian/rules: also remove embedded certificate store from bundler
   [ Christian Hofstaedtler ]
   * Remove packaging for tcltk extension; it has been removed from Ruby core
   * Drop migration from old -dbg package
   * Disable test for homedir expansion which fails in sbuild
   * Upstream tarballs no longer come from git
   * Update jquery in missing-sources
   * d/copyright: Add info for darkfish icon set
   * Build with default OpenSSL once again


ruby2.3 (2.3.3-1) unstable; urgency=medium

   * New upstream version.

ruby2.3 (2.3.2-1) unstable; urgency=medium

   * New upstream version.

ruby2.3 (2.3.1-6) unstable; urgency=medium

   * debian/rules: honor 'nocheck' flag in DEB_BUILD_OPTIONS (Closes: #842768).
     Thanks to John Paul Adrian Glaubitz for the patch.
   * Build-Depends on libssl1.0-dev. Ruby 2.3 is not likely to get OpenSSL 1.1
     compatibility (see #828535)

ruby2.3 (2.3.1-5) unstable; urgency=medium

   * Increase timeout for test_array.rb test_permutation_stack_error,
     as Array#permutation is very slow on armel, mips, mipsel.
     Forwarded to upstream as issue #12502.
   * Disable test_process.rb test_aspawn_too_long_path, as it uses ~2GB
     of RAM and a lot of CPU time before finally failing on mips, mipsel.
     Forwarded to upstream as issue #12500.
   * Increase timeout for test_gc.rb test_gc_parameter, for mips, mipsel.

ruby2.3 (2.3.1-4) unstable; urgency=medium

   * Backport some test changes from Ruby trunk, to fix (some) build
     failures on archs other than amd64, i386, ppc64el, s390x.

ruby2.3 (2.3.1-3) unstable; urgency=medium

   * Replace libruby2.3-dbg with automatic dbgsym packages.
   * Avoid unreproducible rbconfig.rb (always use bash to build).
   * rdoc: sort input filenames in a consistent way (for reproducible).
   * Run full testsuite during build (make check instead of make test).

ruby2.3 (2.3.1-2) unstable; urgency=medium

   [ Antonio Terceiro ]
   * debian/tests/known-failures.txt: remove test that now passes
   * debian/rules: enable bindnow hardening option (Closes: #822288)
   * debian/copyright: update and simplify copyright annotations for Unicode
     files under enc/trans/JIS/
   * Bump Standards-Version to 3.9.8 (no changes needed)
   [ Christian Hofstaedtler ]
   * Stop providing ruby-interpreter. Only packages providing
     /usr/bin/ruby can be a credible provider of ruby-interpreter.
     (Closes: #822072)
   * Raise priority to "optional", now that ruby2.2 is gone, although
     the value of this change is unclear. (Closes: #822911)
   * Apply patch from Reiner Herrmann <> to help with
     reproducibility of mkmf.rb using packages. (Closes: #825569)

ruby2.3 (2.3.1-1) unstable; urgency=medium

   * Call make install-doc, install-nodoc with V=1, for diagnosing
     build failures.
   * New upstream TEENY version.

ruby2.3 (2.3.0-5) unstable; urgency=medium

   * Set gzip embedded mtime field to fixed value for rdoc-generated
     compressed javascript data. Helps with reproducibility of rdoc-using
   * Build tcltk extension for Tcl/Tk 8.6.
   * Apply patch from upstream to fix crash in Proc binding.
     (ruby-core: 74100, trunk r54128, bug #12137). (Closes: #816161)

ruby2.3 (2.3.0-4) unstable; urgency=medium

   * Apply patch from upstream to fix deserializing OpenStruct via Psych,
     (ruby-core: 72501, trunk r53366). (Closes: #816358)

ruby2.3 (2.3.0-3) unstable; urgency=medium

   * Explicitly set bundled gem dates. Otherwise these multi-arch same files
     differ on different architectures depending on build date.
     (Closes: #810321)
   * Apply patch from upstream (ruby-core:72736, trunk r53455) to fix extension
     builds that use g++.
   * Bump Standards-Version to 3.9.7 with no addtl. changes
   * d/copyright: Remove rake, no longer bundled.
   * Switch Vcs-* URLs to https.

ruby2.3 (2.3.0-2) unstable; urgency=medium

   * debian/libruby2.3.symbols: update with new symbols introduced right before
     the final 2.3.0 release.
   * libruby2.3: add dependencies on rake, ruby-did-you-mean and


ruby2.3 (2.3.0-1) unstable; urgency=medium

   [ Antonio Terceiro ]
   * Ruby 2.3
   * debian/tests/bundled-gems: check if all libraries that are supposed to be
     bundled are present, with a version greater than or equal to the one
     specified in gems/bundled_gems
   * debian/tests/run-all: filter failures against list of known failures. Pass
     if only the tests listed in debian/tests/known-failures.txt fail, fail
     otherwise. This will help catch regressions.
   * debian/copyright: update wrt new files in the distribution
   [ Christian Hofstaedtler ]
   * autopkgtest: depend on all packages so we actually have header files

ruby2.2 (2.2.3-2) unstable; urgency=medium

   * Add dependency on ruby-minitest to provide the same experience out of the
     box as the upstream package (Closes: #803665)
   * Apply upstream patch to not use SSLv3 methods if OpenSSL does not export
     them (Closes: #804089)
   * updated debian/libruby2.2.symbols with 1 new symbol.

ruby2.2 (2.2.3-1) unstable; urgency=medium

   * New upstream release

ruby2.2 (2.2.2-3) unstable; urgency=medium

   [ Christian Hofstaedtler ]
   * Have libruby2.2 depend on ruby-test-unit, as upstream bundles this
     externally maintained package in their tarballs. (Closes: #791925)
   [ Antonio Terceiro ]
   * Apply upstream patches to fix Request hijacking vulnerability in Rubygems
     [CVE-2015-3900] (Closes: #790111)

ruby2.2 (2.2.2-2) unstable; urgency=medium

   * Make Date in gemspec reproducible. Initial patch from Chris Lamb
     <>. (Closes: #779631, #784225)
   * Replace embedded copies of Lato with symlinks to fonts-lato.
     (Closes: #762348)
   * debian/copyright: improve DEP-5 compliance.
   * Provide debug symbols, in a new libruby2.2-dbg package. Patch from
     Matt Palmer <>. (Closes: #785685)
   * Build with dpkg-buildflags supplied LDFLAGS.
     (Closes: #762350)

ruby2.2 (2.2.2-1) unstable; urgency=medium

   * New upstream release
     - includes fix for vulnerability with overly permissive matching of
       hostnames in OpenSSL extension [CVE-2015-1855]
   * debian/rules: add import-orig-source to automate importing orig tarballs
     generated from the upstream git mirror.
   * debian/tests: add a functional test that will run all tests under test/

ruby2.2 (2.2.1-1) unstable; urgency=medium

   * New upstream release
   * debian/copyright: review
     - enc/* relicensed to the same license as Ruby
     - add license for ccan/* (CC0)
     - add license for enc/trans/JIS/*
       - some under the "Unicode" license
       - most under permissive "You can use, modify, distribute this table
         freely." terms
     - ext/nkf/ relicensed to zlib/libpng license
   * debian/upstream-changes: simpler and more accurate implementation
   * debian/libruby2.2.symbols: updated


ruby2.2 (2.2.0~1-1) UNRELEASED; urgency=medium

   * Ruby 2.2 RC1
   * Dropped all Debian-specific changes to the upstream sources; everything we
     need is fixed upstream

ruby2.1 (2.1.5-1) unstable; urgency=medium

   * New upstream release
     - Fixes CVE-2014-8090 Another Denial of Service XML Expansion
       (Closes: #770932)
     - Fixes build on SPARC (Closes: #769731)

ruby2.1 (2.1.4-1) unstable; urgency=high

   * New upstream version
     - CVE-2014-8080: Denial of Service in XML Expansion
     - Changes default settings in OpenSSL bindings to not use deprecated and
       insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the
       "POODLE" bug in OpenSSL)

ruby2.1 (2.1.3-2) unstable; urgency=medium

   [ Sebastian Boehm ]
   * Install SystemTap tap file (Closes: #765862)

ruby2.1 (2.1.3-1) unstable; urgency=medium

   * New upstream version

ruby2.1 (2.1.2-4) unstable; urgency=medium

   [ Antonio Terceiro ]
   * Move libjs-jquery dependency from libruby2.1 to ruby2.1, and turn it into
     Recommends:. This way programs that link against libruby2.1 won't pull in
     libjs-jquery; OTOH those using rdoc (and thus needing libjs-jquery) would
     be already using ruby2.1 anyway.
   [ Christian Hofstaedtler ]
   * Update Vcs-Git URL, as we've moved from master2.1 to master.
   * Prepare libruby21.symbols for x32 (Closes: #759615)
   * Remove embedded copies of SSL certificates. Rubygems is advised by
     rubygems-integration to use the ca-certificates provided certificates.
     (Closes: #689074)

ruby2.1 (2.1.2-3) unstable; urgency=medium

   [ Antonio Terceiro ]
   * debian/rules: call debian/split-tk-out.rb with $(baseruby) instead of
     `ruby` to actually support bootstrapping with ruby1.8 (and no `ruby`)
   * Break dependency loop (Closes: #747858)
     - ruby2.1: drop dependency on ruby
     - libruby2.1: drop dependency on ruby2.1
   [ Christian Hofstaedtler ]
   * Add missing man pages for gem, rdoc, testrb (Closes: #756053, #756815)
   * Correct ruby2.1's Multi-Arch flag to 'allowed' (Closes: #745360)

ruby2.1 (2.1.2-2) unstable; urgency=medium

   * Support bootstrapping with Ruby 1.8 (which builds with gcc only) if another
     Ruby is not available.

ruby2.1 (2.1.2-1) unstable; urgency=medium

   [ Christian Hofstaedtler ]
   * New upstream version
   * Update watch file
   [ Sebastian Boehm ]
   * Build with basic systemtap support. (Closes: #747232)
   [ Antonio Terceiro ]
   * 2.1 is now the main development branch

ruby2.1 (2.1.1-4) unstable; urgency=medium

   * Use Debian copy of config.{guess,sub}
     Instead of downloading it from the Internet, which could be down or
     insecure. Thanks to Scott Kitterman for the report AND patch.
     (Closes: 745699)
   * Move jquery source file to d/missing-sources

ruby2.1 (2.1.1-3) unstable; urgency=medium

   [ Antonio Terceiro ]
   * Disable rubygems-integration during the build. This fixes the install
     location of the gemspecs for the bundled libraries. (Closes: #745465)

ruby2.1 (2.1.1-2) unstable; urgency=medium

   * Tie Tcl/Tk dependency to version 8.5, applying patch from Ubuntu.
     Thanks to Matthias Klose <>

ruby2.1 (2.1.1-1) unstable; urgency=medium

   * Imported Upstream version 2.1.1
   * Update lintian overrides

ruby2.1 (2.1.0-2) unstable; urgency=medium

   * ruby2.1-dev: Depend on libgmp-dev.
     Thanks to John Leach <>
   * Fix FTBFS with libreadline 6.x, by applying upstream r45225.

ruby2.1 (2.1.0-1) unstable; urgency=medium

   * Upload to unstable.

ruby2.1 (2.1.0-1~exp2) experimental; urgency=medium

   [ Antonio Terceiro ]
   * ruby2.1-dev: add missing dependency on libruby2.1
   [ Christian Hofstaedtler ]
   * Again depend on ruby without alternatives management
   * Tag 64bit-only symbols as such

ruby2.1 (2.1.0-1~exp1) experimental; urgency=medium

   * New release train, branch off and rename everything to ruby2.1
     (Closes: #736664)
   * Build with GMP library for faster Bignum operations.
   * Target experimental as long as ruby 1: has not entered
     unstable, dropping the versioned dependency for now.

ruby2.0 ( UNRELEASED; urgency=medium

   [ Antonio Terceiro ]
   * New upstream snapshot.
   * Add patch by Yamashita Yuu to fix build against newer OpenSSL
     (Closes: #733372)
   [ Christian Hofstaedtler ]
   * Use any valid Ruby interpreter to bootstrap
   * Bump Standards-Version to 3.9.5 (no changes)
   * Add myself to Uploaders:
   * Add Dependencies to facilitate upgrades from 1.8
     * libruby2.0 now depends on ruby2.0
     * ruby2.0 now depends on ruby
   * Stop installing alternatives/symlinks for binaries:
     * /usr/bin/{ruby,erb,testrb,irb,rdoc,ri}


ruby2.0 ( unstable; urgency=low

   * New upstream release
     + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
       Closes: #730190

ruby2.0 ( unstable; urgency=low

   * New upstream version (snapshot from 2.0 maintainance branch).
   * fix typo in ruby2.0-tcltk description
   * Backported upstream patches from Tanaka Akira to fix FTBFS on:
     - GNU/kFreeBSD (Closes: #726095)
     - x32 (Closes: #727010)
   * Make date for io-console gemspec predictable (Closes: #724974)
   * libruby2.0 now depends on libjs-jquery because of rdoc (Closes: #725056)
   * Backport upstream patch by Nobuyoshi Nakada to fix include directory in
     `pkg-config --cflags` (Closes: #725166)
   * Document missing licenses in debian/copyright (Closes: #723161)
   * debian/libruby2.0.symbols: add new symbol rb_exec_recursive_paired_outer
     (not in the public API though)

ruby2.0 ( unstable; urgency=low

   * Split Ruby/Tk out of libruby2.0 into its own package, ruby2.0-tcltk. This
     will reduce the footprint of a basic Ruby installation.

ruby2.0 ( unstable; urgency=low

   * New upstream release
     + Includes a fix for override of existing LDFLAGS when building compiled
       extensions that use pkg-config (Closes: #721799).
   * debian/rules: forward-port to tcl/tk packages with multi-arch support.
     Thanks to Tristan Hill for reporting on build for Ubuntu saucy
   * debian/control: ruby2.0 now provides ruby-interpreter
   * Now using tarballs generated from the git mirror.
     + The released tarballs will modify shipped files on clean. Without this
       we can stop messing around with files that need to be recovered after a
       `debian/rules clean` to make them match the orig tarball and avoid
       spurious diffs.
     + This also lets us drop the diffs against generated files such as
       tool/config.* and configure.
     + documented in debian/README.source
   * debian/libruby2.0.symbols: refreshed with 2 new symbols added since last

ruby2.0 ( unstable; urgency=low

   * Initial release (Closes: #697703)