ruby2.1 (2.1.5-2+deb8u3) jessie; urgency=low

  * Non-maintainer upload to fix security problem.
  * Fix CVE-2009-5147: DL::dlopen should not open a library with
    tainted library name in safe mode (Closes: #796344).  Based on
    patch used in DLA-299-1, which was pulled from upstream.
  * Fix CVE-2015-7551: Fiddle handles should not call functions with
    tainted function names (Closes: #796344).  Patch pulled from
    upstream.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 07 Jun 2016 11:00:04 +0200

ruby2.1 (2.1.5-2+deb8u2) jessie; urgency=high

  * Apply upstream patches to fix Request hijacking vulnerability in Rubygems
    [CVE-2015-3900] (Closes: #790119)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Jul 2015 09:27:24 -0300

ruby2.1 (2.1.5-2+deb8u1) jessie-security; urgency=high

  * Fix vulnerabiity with overly permissive matching of hostnames in OpenSSL
    extension [CVE-2015-1855]
    - applied revision 50296 of upstream svn repository.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 17 Apr 2015 09:26:57 -0300

ruby2.1 (2.1.5-2) unstable; urgency=medium

  * Fix Segmentation fault after pack & ioctl & unpack (Closes: #781504)
    - apply r44804 from upstream svn
  * debian/upstream-changes: simpler and more accurate implementation

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 31 Mar 2015 21:50:39 -0300

ruby2.1 (2.1.5-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2014-8090 Another Denial of Service XML Expansion
      (Closes: #770932)
    - Fixes build on SPARC (Closes: #769731)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 29 Nov 2014 12:30:39 -0200

ruby2.1 (2.1.4-1) unstable; urgency=high

  * New upstream version
    - CVE-2014-8080: Denial of Service in XML Expansion
    - Changes default settings in OpenSSL bindings to not use deprecated and
      insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the
      "POODLE" bug in OpenSSL)

 -- Antonio Terceiro <terceiro@debian.org>  Wed, 29 Oct 2014 12:07:22 -0200

ruby2.1 (2.1.3-2) unstable; urgency=medium

  [ Sebastian Boehm ]
  * Install SystemTap tap file (Closes: #765862)

 -- Christian Hofstaedtler <zeha@debian.org>  Sun, 19 Oct 2014 20:07:50 +0200

ruby2.1 (2.1.3-1) unstable; urgency=medium

  * New upstream version

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 20 Sep 2014 16:55:47 +0200

ruby2.1 (2.1.2-4) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Move libjs-jquery dependency from libruby2.1 to ruby2.1, and turn it into
    Recommends:. This way programs that link against libruby2.1 won't pull in
    libjs-jquery; OTOH those using rdoc (and thus needing libjs-jquery) would
    be already using ruby2.1 anyway.

  [ Christian Hofstaedtler ]
  * Update Vcs-Git URL, as we've moved from master2.1 to master.
  * Prepare libruby21.symbols for x32 (Closes: #759615)
  * Remove embedded copies of SSL certificates. Rubygems is advised by
    rubygems-integration to use the ca-certificates provided certificates.
    (Closes: #689074)

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 05 Sep 2014 03:06:30 +0200

ruby2.1 (2.1.2-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: call debian/split-tk-out.rb with $(baseruby) instead of
    `ruby` to actually support bootstrapping with ruby1.8 (and no `ruby`)
  * Break dependency loop (Closes: #747858)
    - ruby2.1: drop dependency on ruby
    - libruby2.1: drop dependency on ruby2.1

  [ Christian Hofstaedtler ]
  * Add missing man pages for gem, rdoc, testrb (Closes: #756053, #756815)
  * Correct ruby2.1's Multi-Arch flag to 'allowed' (Closes: #745360)

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 14 Aug 2014 10:45:29 -0300

ruby2.1 (2.1.2-2) unstable; urgency=medium

  * Support bootstrapping with Ruby 1.8 (which builds with gcc only) if another
    Ruby is not available.

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 15 May 2014 23:20:49 -0300

ruby2.1 (2.1.2-1) unstable; urgency=medium

  [ Christian Hofstaedtler ]
  * New upstream version
  * Update watch file

  [ Sebastian Boehm ]
  * Build with basic systemtap support. (Closes: #747232)

  [ Antonio Terceiro ]
  * 2.1 is now the main development branch

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 10 May 2014 15:51:13 +0200

ruby2.1 (2.1.1-4) unstable; urgency=medium

  * Use Debian copy of config.{guess,sub}
    Instead of downloading it from the Internet, which could be down or
    insecure. Thanks to Scott Kitterman for the report AND patch.
    (Closes: 745699)
  * Move jquery source file to d/missing-sources

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 25 Apr 2014 00:57:13 +0200

ruby2.1 (2.1.1-3) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Disable rubygems-integration during the build. This fixes the install
    location of the gemspecs for the bundled libraries. (Closes: #745465)

 -- Christian Hofstaedtler <zeha@debian.org>  Tue, 22 Apr 2014 18:38:01 +0200

ruby2.1 (2.1.1-2) unstable; urgency=medium

  * Tie Tcl/Tk dependency to version 8.5, applying patch from Ubuntu.
    Thanks to Matthias Klose <doko@debian.org>

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 10 Mar 2014 13:38:41 +0100

ruby2.1 (2.1.1-1) unstable; urgency=medium

  * Imported Upstream version 2.1.1
  * Update lintian overrides

 -- Christian Hofstaedtler <zeha@debian.org>  Wed, 05 Mar 2014 18:22:58 +0100

ruby2.1 (2.1.0-2) unstable; urgency=medium

  * ruby2.1-dev: Depend on libgmp-dev.
    Thanks to John Leach <john@johnleach.co.uk>
  * Fix FTBFS with libreadline 6.x, by applying upstream r45225.

 -- Christian Hofstaedtler <zeha@debian.org>  Mon, 03 Mar 2014 21:10:32 +0100

ruby2.1 (2.1.0-1) unstable; urgency=medium

  * Upload to unstable.

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 22 Feb 2014 23:44:44 +0100

ruby2.1 (2.1.0-1~exp2) experimental; urgency=medium

  [ Antonio Terceiro ]
  * ruby2.1-dev: add missing dependency on libruby2.1

  [ Christian Hofstaedtler ]
  * Again depend on ruby without alternatives management
  * Tag 64bit-only symbols as such

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 13 Feb 2014 13:02:25 +0100

ruby2.1 (2.1.0-1~exp1) experimental; urgency=medium

  * New release train, branch off and rename everything to ruby2.1
    (Closes: #736664)
  * Build with GMP library for faster Bignum operations.
  * Target experimental as long as ruby 1:1.9.3.1 has not entered
    unstable, dropping the versioned dependency for now.

 -- Christian Hofstaedtler <zeha@debian.org>  Thu, 23 Jan 2014 19:25:19 +0100

ruby2.0 (2.0.0.484-1) UNRELEASED; urgency=medium

  [ Antonio Terceiro ]
  * New upstream snapshot.
  * Add patch by Yamashita Yuu to fix build against newer OpenSSL
    (Closes: #733372)

  [ Christian Hofstaedtler ]
  * Use any valid Ruby interpreter to bootstrap
  * Bump Standards-Version to 3.9.5 (no changes)
  * Add myself to Uploaders:
  * Add Dependencies to facilitate upgrades from 1.8
    * libruby2.0 now depends on ruby2.0
    * ruby2.0 now depends on ruby
  * Stop installing alternatives/symlinks for binaries:
    * /usr/bin/{ruby,erb,testrb,irb,rdoc,ri}

 -- Christian Hofstaedtler <zeha@debian.org>  Fri, 17 Jan 2014 16:35:57 +0100

ruby2.0 (2.0.0.353-1) unstable; urgency=low

  * New upstream release
    + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
      Closes: #730190

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 25 Nov 2013 22:34:25 -0300

ruby2.0 (2.0.0.343-1) unstable; urgency=low

  * New upstream version (snapshot from 2.0 maintainance branch).
  * fix typo in ruby2.0-tcltk description
  * Backported upstream patches from Tanaka Akira to fix FTBFS on:
    - GNU/kFreeBSD (Closes: #726095)
    - x32 (Closes: #727010)
  * Make date for io-console gemspec predictable (Closes: #724974)
  * libruby2.0 now depends on libjs-jquery because of rdoc (Closes: #725056)
  * Backport upstream patch by Nobuyoshi Nakada to fix include directory in
    `pkg-config --cflags` (Closes: #725166)
  * Document missing licenses in debian/copyright (Closes: #723161)
  * debian/libruby2.0.symbols: add new symbol rb_exec_recursive_paired_outer
    (not in the public API though)

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 05 Nov 2013 20:33:23 -0300

ruby2.0 (2.0.0.299-2) unstable; urgency=low

  * Split Ruby/Tk out of libruby2.0 into its own package, ruby2.0-tcltk. This
    will reduce the footprint of a basic Ruby installation.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 15 Sep 2013 22:09:57 -0300

ruby2.0 (2.0.0.299-1) unstable; urgency=low

  * New upstream release
    + Includes a fix for override of existing LDFLAGS when building compiled
      extensions that use pkg-config (Closes: #721799).
  * debian/rules: forward-port to tcl/tk packages with multi-arch support.
    Thanks to Tristan Hill for reporting on build for Ubuntu saucy
  * debian/control: ruby2.0 now provides ruby-interpreter
  * Now using tarballs generated from the git mirror.
    + The released tarballs will modify shipped files on clean. Without this
      we can stop messing around with files that need to be recovered after a
      `debian/rules clean` to make them match the orig tarball and avoid
      spurious diffs.
    + This also lets us drop the diffs against generated files such as
      tool/config.* and configure.
    + documented in debian/README.source
  * debian/libruby2.0.symbols: refreshed with 2 new symbols added since last
    version.

 -- Antonio Terceiro <terceiro@debian.org>  Sun, 08 Sep 2013 12:38:34 -0300

ruby2.0 (2.0.0.247-1) unstable; urgency=low

  * Initial release (Closes: #697703)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 07 Jan 2013 14:48:51 -0300