lp:ubuntu/maverick-security/ruby1.8

Created by Ubuntu Package Importer on 2012-04-11 and last modified on 2012-04-11
Get this branch:
bzr branch lp:ubuntu/maverick-security/ruby1.8
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

39. By Tyler Hicks on 2012-02-21

* SECURITY UPDATE: Cross-site scripting via HTTP error responses
  - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
    set for HTTP error responses. Based on upstream patch.
  - CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

38. By Lucas Nussbaum on 2010-07-30

* Convert from dpatch to quilt using dpatch2quilt.sh
* Add patch 100730_disable_getsetcontext_on_nptl: disable getsetcontext on
  NPTL. LP: #307462, Closes: #579229
* Added 100730_verbose-tests.patch: run tests in verbose mode.
* Run make test-all, but do not consider failures fatal for now.
* Upgrade to Standards-Version: 3.9.1. No changes needed.
* Deal with Ubuntu changing the GCC target to i686-linux-gnu: search
  for libs in i486-linux too. LP: #611322.

37. By daigo on 2010-06-27

* New upstream release
* Removed patches that the upstrem has applied:
  - debian/patches/100312_timeout-fix.dpatch
  - debian/patches/100620_fix_pathname_warning.dpatch
  - debian/patches/100620_fix_super_called_outside_of_method.dpatch

36. By daigo on 2010-06-20

[ Lucas Nussbaum ]
* Make ruby1.8 depend on exactly the same version of libruby1.8 after
  private discussion with Alex Legler. This avoids confusing situations
  for users.
* Update debian/patches/100312_timeout-fix.dpatch after discussion with
  Petr Salinger. Treat FreeBSD the same as Linux. Closes: #580464

[ Daigo Moriwaki ]
* Removed debian/patches/091125_gc_check.dpatch, which the upstream has
  applied. (Closes: #586374)
* Added debian/patches/100620_fix_pathname_warning.dpatch, which was
  backported from the upstream r23485.
  (Closes: #566611)
* Added debian/patches/100620_fix_super_called_outside_of_method.dpatch,
  which was backported from the upstream r26534:26536. (Closes: #568597)

35. By Lucas Nussbaum on 2010-03-23

* Fix sections. Agree with ftpmasters.
* Update debian/copyright. Clarify that Ruby is GPLv2, not just "GPL".
* Merge lib{dbm,gdbm,readline,openssl}-ruby1.8 into libruby1.8.
* Merge irb1.8 and rdoc1.8 into ruby1.8.
* Update lintian override.
* Update debian/copyright.
* Upgrade to Standards-Version: 3.8.4. No changes needed.
* Add README.source.
* Fix not-binnmuable-all-depends-any lintian warning.
* Add lintian override for package-name-doesnt-match-sonames.
* Remove duplicate section/priority stanzas.
* Fix a few minor problems in manpages.

34. By Lucas Nussbaum on 2010-03-12

Add 100312_timeout-fix.dpatch: Backport upstream change to fix
problem with threads and timeouts. Closes: #539987

33. By Martin Pitt on 2010-03-08

Move libreadline5-dev build dependency to libreadline-dev, to build
against libreadline6. (Debian #553843)

32. By daigo on 2010-01-10

* New upstream release.
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
  standard library. WEBrick lets attackers to inject malicious escape
  sequences to its logs, making it possible for dangerous control characters
  to be executed on a victim's terminal emulator.

31. By daigo on 2009-11-28

Added debian/patches/091125_gc_check.dpatch: applied Bryan's patch to fix
garbage collector seg faults under race conditions. (upstream issue #2326)
Thans to Bryan McLellan. (Closes: #557924)

30. By daigo on 2009-08-19

[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
  when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
  run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
  a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
  from OpenSSL::X509::ExtensionFactory. (Closes: #489443)

[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
  lot for the past help! Closes: #541037

[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
  sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/ruby1.8
This branch contains Public information 
Everyone can see this information.

Subscribers