passenger (6.0.26+ds-1) unstable; urgency=medium
* Team upload
* New upstream release. Fix CVE-2025-26803 (Closes: #1098909)
* Drop build-depends ruby-mizuho (Closes: #1098469)
* Bump standards-version to 4.7.2 (No changes)
* Remove XS*, XB* fields
-- Abhijith PA <abhijith@debian.org> Sun, 23 Mar 2025 13:17:11 +0530
passenger (6.0.24+ds-3) unstable; urgency=medium
* Skip failing test not only on s390x, but everywhere
-- Antonio Terceiro <terceiro@debian.org> Tue, 28 Jan 2025 15:36:27 +0100
passenger (6.0.24+ds-2) unstable; urgency=medium
* debian/clean: remove test/config.json
* Refresh patches
* apache2, nginx: don't rebuild generated files on Debian build
* Skip test that fails on s390x
* Depends: ruby (drop `| ruby-interpreter`)
* debian/clean: remove build directory (Closes: #1048936)
* Correctly override lintian check for `embedded-library libjsoncpp`
-- Antonio Terceiro <terceiro@debian.org> Sun, 19 Jan 2025 22:29:02 -0300
passenger (6.0.24+ds-1) unstable; urgency=medium
* autopkgtest: retry HTTP connection to wait for the server (Closes: #1093314)
* New upstream version 6.0.24+ds
* Run Ruby unit tests during build and under autopkgtest
-- Antonio Terceiro <terceiro@debian.org> Fri, 17 Jan 2025 22:48:38 -0300
passenger (6.0.20+ds-1) unstable; urgency=medium
* New upstream version 6.0.20+ds
-- Antonio Terceiro <terceiro@debian.org> Tue, 12 Mar 2024 10:28:07 -0300
passenger (6.0.17+ds-1) unstable; urgency=medium
[ Micah Anderson ]
* Remove myself from debian/control Uploaders field.
[ Antonio Terceiro ]
* debian/watch: update to catch new releases
* New upstream version 6.0.17+ds (Closes: Closes: #1029715)
* Refresh patches.
0005-Restore-ability-to-build-against-upstream-libev.patch removed,
already applied upstream.
* Add myself to Uploaders:
-- Antonio Terceiro <terceiro@debian.org> Thu, 26 Jan 2023 21:42:11 -0300
passenger (6.0.13+ds-1) unstable; urgency=medium
* Do not use vendored copy of libev (see #992786)
* debian/copyright: convert to machine-readable format
* debian/copyright: exclude libuv and libev
* debian/watch: repack source as +ds
* New upstream version 6.0.13+ds
* Refresh patches
* debian/autoreconf: remove, not needed anymore
* patch: Restore ability to build against upstream libev
-- Antonio Terceiro <terceiro@debian.org> Wed, 01 Jun 2022 17:47:59 -0300
passenger (6.0.10-3) unstable; urgency=medium
* Add patch from upstream boost to fix build on armel
-- Antonio Terceiro <terceiro@debian.org> Sun, 22 Aug 2021 18:13:21 -0300
passenger (6.0.10-2) unstable; urgency=medium
* Add patch to fix build on armhf/armel
-- Antonio Terceiro <terceiro@debian.org> Tue, 17 Aug 2021 16:36:46 -0300
passenger (6.0.10-1) unstable; urgency=medium
[ Felix Geyer ]
* Remove myself from Uploaders.
[ Utkarsh Gupta ]
* Add salsa-ci.yml
[ Antonio Terceiro ]
* debian/watch: point at github repository.
Upstream changed source distribution to github. GPG signatures are no
longer provided, so drop debian/upstream/signing-key.asc.
* New upstream version 6.0.10 (Closes: #927411)
* Refresh patches.
Drop patches already applied upstream:
- CVE-2017-16355.patch
- Fix-privilege-escalation-in-the-Nginx-module.patch
- fix-arm-cmsg.patch
* Bump debhelper compatibility level to 13
* Drop obsolete transitional packages ruby-passenger and ruby-passenger-doc
(Closes: #940735, #940749)
* Drop binary passenger-doc.
That documentation is no longer provided in the upstream source release.
* Install all necessary files
* Don't install passenger-install-* programs.
Also, be explicit about which programs we install to /usr/bin and
/usr/sbin, so we notice if new upstream versions add new programs that
we should not install.
* Build-Depends: add libssl-dev
* Update package descriptions to match the present
* debian/control: Update Vcs-* fields to point to salsa
* Bump Standards-Version to 4.5.1.
The upgrading checklist from debian-policy did not indicate anything
specific that needs to be done.
-- Antonio Terceiro <terceiro@debian.org> Mon, 16 Aug 2021 19:24:26 -0300
passenger (5.0.30-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix alignment issues in the main CMSG codepath and switch arm Linux systems
from the workaround codepath to the main codepath (Peter Green).
Closes: 955440.
* Drop usage of python2, use python3 by default. Closes: #967033.
-- Matthias Klose <doko@debian.org> Thu, 10 Sep 2020 12:16:03 +0200
passenger (5.0.30-1.1) unstable; urgency=medium
* Non-maintainer upload.
* arbitrary file read via REVISION symlink (CVE-2017-16355)
(Closes: #884463)
* Fix privilege escalation in the Nginx module (CVE-2018-12029)
(Closes: #921767)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 16 Mar 2019 08:54:26 +0100
passenger (5.0.30-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Update watch file.
-- Felix Geyer <fgeyer@debian.org> Sun, 21 Aug 2016 19:24:14 +0200
passenger (5.0.27-2) unstable; urgency=medium
* Fix FTBFS on arch-all only builds.
-- Felix Geyer <fgeyer@debian.org> Thu, 07 Apr 2016 09:18:06 +0200
passenger (5.0.27-1) unstable; urgency=medium
[ Felix Geyer ]
* New upstream release.
* Drop fix_ftbfs_boost.patch, fixed upstream.
* Build against the libuv package instead of the bundled copy.
(Closes: #815496)
* Update copyright file.
[ Cédric Boutillier ]
* Bump debhelper compatibility level to 9
* Use https:// in Vcs-* fields
* Bump Standards-Version to 3.9.7 (no changes needed)
* Run wrap-and-sort on packaging files
-- Felix Geyer <fgeyer@debian.org> Wed, 06 Apr 2016 22:15:56 +0200
passenger (5.0.22-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2015-7519: Header overwriting issue (Closes: #807354)
- Fixes incompatibility with Apache 2.4.17 (Closes: #804195)
* Refresh patches.
* Use bundled libjsoncpp as it's a modified version.
-- Felix Geyer <fgeyer@debian.org> Mon, 07 Dec 2015 22:35:39 +0100
passenger (5.0.7-3) unstable; urgency=medium
* Fix FTBFS on kfreebsd in bundled boost library.
- Add d/fix_ftbfs_boost.patch, cherry-picked from upstream.
-- Felix Geyer <fgeyer@debian.org> Wed, 05 Aug 2015 17:58:24 +0200
passenger (5.0.7-2) unstable; urgency=medium
* Install /usr/bin/passenger-config. (Closes: #793013)
* Run dh_autoreconf for ext/libev.
- Fixes FTBFS on arm64 and ppc64el.
-- Felix Geyer <fgeyer@debian.org> Tue, 04 Aug 2015 00:14:14 +0200
passenger (5.0.7-1) unstable; urgency=medium
* Rename package from ruby-passenger to passenger.
- Requested by upstream.
- passenger supports more than just ruby.
* New upstream release.
* Refresh patches.
* Use the bundled libev as it now has local modifications.
* Bump Standards-Version to 3.9.6, no changes needed.
* Exclude more docs that contains embedded minified js and css.
* Update copyright file.
-- Felix Geyer <fgeyer@debian.org> Thu, 07 May 2015 21:43:00 +0200
ruby-passenger (4.0.53-1) unstable; urgency=medium
* New upstream release.
* Remove inactive uploaders from the list. (Closes: #762563)
* Add zlib1g-dev to build-depends. (Closes: #765138)
-- Felix Geyer <fgeyer@debian.org> Mon, 13 Oct 2014 21:44:07 +0200
ruby-passenger (4.0.52-1) unstable; urgency=medium
* New upstream release.
* Improve autopkgtests:
- Be more verbose in case of errors.
- Test wsgi application with python 2 and 3.
- Add dependencies on python and python3.
* Exclude Packaging.html from docs.
-- Felix Geyer <fgeyer@debian.org> Sun, 28 Sep 2014 23:52:54 +0200
ruby-passenger (4.0.50-1) unstable; urgency=medium
* New upstream release.
* Change default node.js binary name to "nodejs" instead of "node".
* Add nodejs to Suggests.
* Add autopkgtests for running simple rack, wsgi and nodejs applications.
-- Felix Geyer <fgeyer@debian.org> Sun, 31 Aug 2014 16:31:37 +0200
ruby-passenger (4.0.49-1) unstable; urgency=medium
* New upstream release.
* Drop CVE-2014-1832.patch, fixed upstream.
* Make ruby-passenger use the system jsoncpp library.
- Rename no_jsoncpp.patch to system_jsoncpp.patch.
- Add libjsoncpp-dev to build-depends.
* Install the ruby native extension sources to allow building it for custom
ruby interpreters. (Closes: #758885)
-- Felix Geyer <fgeyer@debian.org> Sun, 24 Aug 2014 22:45:24 +0200
ruby-passenger (4.0.37-3) unstable; urgency=medium
* Query the supported ruby versions from dh_ruby instead of hardcoding them.
(Closes: #744808)
-- Felix Geyer <fgeyer@debian.org> Wed, 23 Apr 2014 23:44:19 +0200
ruby-passenger (4.0.37-2) unstable; urgency=medium
* Cherry-pick upstream commit to fix CVE-2014-1832.
The fix for CVE-2014-1831 was incomplete.
- Add CVE-2014-1832.patch
-- Felix Geyer <fgeyer@debian.org> Sat, 08 Mar 2014 19:27:27 +0100
ruby-passenger (4.0.37-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2014-1831: insecure use of /tmp. (Closes: #736958)
[ Cédric Boutillier ]
* Move upstream GPG key into debian/upstream.
[ Felix Geyer ]
* Make sure the build flags are used for all source files.
- Export CFLAGS and CPPFLAGS as EXTRA_CFLAGS.
* Don't mention nginx in the package description as it isn't actually
supported in this package.
-- Felix Geyer <fgeyer@debian.org> Sat, 08 Mar 2014 18:15:49 +0100
ruby-passenger (4.0.35-1) unstable; urgency=low
* Team upload
[ Felix Geyer ]
* Import the upstream release signing key for uscan to verify the tarball.
[ Cédric Boutillier ]
* Imported Upstream version 4.0.35
* Drop rubygems from Depends since it is shipped by Ruby1.9+
* Bump Standards-Version to 3.9.5 (no changes needed)
* debian/patches:
- drop fix_ftbfs_fortify_source.patch, applied upstream
- refresh fix_install_path.patch and no_jsoncpp.patch
- add bin_load_path.patch to prevent load_path manipulation in bin/*
* Fix installation path for (multiarch) Ruby2.0
* Replace debian/upstream-signing-key.pgp by its armored ASCII version
* Install NEWS as the upstream changelog
-- Cédric Boutillier <boutil@debian.org> Thu, 16 Jan 2014 12:53:56 +0100
ruby-passenger (4.0.25-2) unstable; urgency=low
* Fix building the documentation. (Closes: #680357)
- Build-depend on ruby-mizuho.
-- Felix Geyer <fgeyer@debian.org> Sat, 30 Nov 2013 19:12:13 +0100
ruby-passenger (4.0.25-1) unstable; urgency=low
* New upstream release.
* Refresh fix_install_path.patch.
* Build for Ruby 2.0 instead of 1.8. (Closes: #725591)
* Add fix_ftbfs_fortify_source.patch.
* Install passenger template files.
-- Felix Geyer <fgeyer@debian.org> Sat, 23 Nov 2013 23:50:02 +0100
ruby-passenger (4.0.10-1) unstable; urgency=low
* New upstream release. (Closes: #711906)
* Stop repacking the upstream tarball as it doesn't contain any minified
javascript files anymore.
- Add valgrind.h license to the copyright file.
- Drop libjs-scriptaculous from build-depends.
* Refresh fix_install_path.patch.
* Drop fix_ftbfs_glibc217.patch, CVE-2013-2119.patch and CVE-2013-4136.patch,
applied upstream.
* Point PassengerRoot to the locations.ini in passenger.conf.
* Pass CXXFLAGS, CPPFLAGS and LDFLAGS to the build system.
* Add ruby1.9.1 as an alternative dependency to rubygems. (Closes: #683511)
* Add myself as Uploader.
* Fix the watch file.
* Use dh-autoreconf.
* Bump Standards-Version to 3.9.4, no changes needed.
* Don't build the embedded jsoncpp source as it's not actually used.
- Add no_jsoncpp.patch.
-- Felix Geyer <fgeyer@debian.org> Tue, 06 Aug 2013 23:08:29 +0200
ruby-passenger (3.0.13debian-1.2) unstable; urgency=high
* Non-maintainer upload.
[ Laurent Bigonville ]
* debian/control: Use canonical VCS URL
* debian/control: Move libapache2-mod-passenger to httpd section
[ Felix Geyer ]
* Cherry-pick another commit to properly fix CVE-2013-2119.
* Fix CVE-2013-4136: insecure tmp files usage. (Closes: #717176)
- Add CVE-2013-4136.patch, backported from upstream.
-- Felix Geyer <fgeyer@debian.org> Sun, 21 Jul 2013 10:41:42 +0200
ruby-passenger (3.0.13debian-1.1) unstable; urgency=low
* Non-maintainer upload.
* Transition towards Apache 2.4. (Closes: #707063)
- Build-depend on apache2-dev and apache2.
- Use apache2 dh helper.
- Drop libapache2-mod-passenger maintainer scripts, now handled by
dh_apache2.
* Fix buiding against glibc 2.17.
- Add fix_ftbfs_glibc217.patch, cherry-picked from upstream.
* Fix CVE-2013-2119: insecure temporary file usage. (Closes: #710351)
- Add CVE-2013-2119.patch, cherry-picked from upstream.
-- Felix Geyer <fgeyer@debian.org> Thu, 30 May 2013 09:27:46 +0200
ruby-passenger (3.0.13debian-1) unstable; urgency=low
* Team upload.
* New upstream release
* debian/control: Add apache2-mpm-event to the dependency alternative, it is
now supported by passenger (Closes: #600679)
* Drop debian/patches/fix_ftbfs_gcc47.patch: Applied upstream
* Add debian/gbp.conf file
* debian/rules: Remove leftover MacOS resource fork file
-- Laurent Bigonville <bigon@debian.org> Thu, 28 Jun 2012 17:00:42 +0200
ruby-passenger (3.0.12debian-1) unstable; urgency=low
* Team upload.
* New upstream release
* Add debian/patches/fix_ftbfs_gcc47.patch: Fix FTBFS with GCC 4.7
(Closes: #672096)
-- Laurent Bigonville <bigon@debian.org> Wed, 23 May 2012 18:40:57 +0200
ruby-passenger (3.0.11debian-1) unstable; urgency=low
* Team upload.
[ Dmitry Borodaenko ]
* New upstream release (Closes: #588256)
[ Laurent Bigonville ]
* Rename packages to follow new ruby policy
* Split all ruby files into the ruby-passenger package (Closes: #664152)
* debian/control: Fix typo, the right package is www-browser (Closes:
#628479)
* Also build for ruby 1.9.1 (LP: #695159)
-- Laurent Bigonville <bigon@debian.org> Fri, 23 Mar 2012 13:14:01 +0100
passenger (2.2.11debian-2) unstable; urgency=low
[Laurent Arnoud]
* Team upload.
* Bump Standards version to 3.9.1 (no changes).
[Evgeni Golov]
* Correctly install docs in passenger-doc (Closes: #599024)
-- Evgeni Golov <evgeni@debian.org> Wed, 06 Oct 2010 11:49:07 +0200
passenger (2.2.11debian-1) unstable; urgency=low
[ Paul van Tilburg ]
* debian/watch: fixed typo in the dversionmangle regexp.
[ Micah Anderson ]
* New upstream release
* Update Standards version, no changes
* Remove unused patchsystem in debian/rules
-- Micah Anderson <micah@debian.org> Wed, 17 Mar 2010 00:27:59 -0400
passenger (2.2.9debian-1) unstable; urgency=low
* New upstream release (Closes: #555552)
-- Micah Anderson <micah@debian.org> Sun, 31 Jan 2010 14:19:55 -0500
passenger (2.2.7debian-1) unstable; urgency=low
* Added possibile dependency on apache2-mpm-itk (Closes: #556230)
* New upstream release
-- Micah Anderson <micah@debian.org> Fri, 20 Nov 2009 13:56:00 -0500
passenger (2.2.5debian1-1) unstable; urgency=low
* Really sort out the Build-deps this time (Closes: #555155)
* Remove embedded prototype.js, Build-dep on libjs-prototype
and symlink to that version, requires repack of orig
tarball (Closes: #555273)
-- Micah Anderson <micah@debian.org> Mon, 09 Nov 2009 12:07:15 -0500
passenger (2.2.5debian-5) unstable; urgency=low
* Build-dep on apache2 to fix FTBS (Closes: #555155)
-- Micah Anderson <micah@debian.org> Sun, 08 Nov 2009 21:22:47 -0500
passenger (2.2.5debian-3) unstable; urgency=low
* Really fix apache2-mpm-preform dependencies (Closes: #545872)
-- Micah Anderson <micah@debian.org> Fri, 06 Nov 2009 17:41:46 -0500
passenger (2.2.5debian-2) unstable; urgency=low
* Update control to allow for possible installation of
apache2-mpm-prefork (Closes: #545872)
-- Micah Anderson <micah@debian.org> Wed, 23 Sep 2009 14:55:53 -0400
passenger (2.2.5debian-1) unstable; urgency=low
* New upstream release
* Bump standards version one minor number (no changes)
-- Micah Anderson <micah@debian.org> Thu, 17 Sep 2009 22:55:23 -0400
passenger (2.2.4debian-1) unstable; urgency=low
* Updated debian/copyright information with information for:
. test/support/tut.h and tut_reporter.h
. test/stub/rails_apps/mycookbook/public/javascripts/prototype.js
. test/stub/rails_apps/mycookbook/public/javascripts/effects.js
. test/stub/rails_apps/mycookbook/public/javascripts/dragdrop.js
. test/stub/rails_apps/mycookbook/public/javascripts/controls.js
. ext/nginx/StaticContentHandler.c
. ext/nginx/Configuration.[c,h], ContentHandler.[c,h],
. ext/nginx/ngx_http_passenger_module.[c,h] and StaticContentHandler.h
. ext/apache2/Hooks.cpp
. ext/common/Base65.[cpp,h]
* Update Standards-Version to 3.8.2 (no changes)
* Also remove passenger-install-nginx-module, same as the apache piece
* Add myself and damog to Uploaders
* Set Maintainer field to Debian Ruby Extras Maintainers
* Make sure the modsavailabledir is properly created
* Fix the DEB_INSTALL_DOCS package name
* Update the passengermodule and admintools names for the new upstream
* Removed etc from libapache2-mod-passenger.install
* Updated to new upstream version
* Added librack-ruby Depends
* Removed tests/support/valgrind.h, incompatible 4-clause BSD license
* Added Build-dep on source-highlight
-- Micah Anderson <micah@debian.org> Sat, 25 Jul 2009 11:46:51 -0400
passenger (2.1.2-1) unstable; urgency=low
* New upstream version.
* Added license and copyright information for Boost library at
debian/copyright.
* Updated source paths.
* Updated Standards-Version to 3.8.1 .
-- Filipe Lautert <filipe@debian.org> Thu, 26 Mar 2009 19:56:22 -0300
passenger (2.0.3-1) unstable; urgency=low
[Filipe Lautert]
* Some corrections to changelog file.
* Added myself and ruby-extras group to uploaders field.
[Leandro Nunes dos Santos]
* Initial release (Closes: #488753).
-- Filipe Lautert <filipe@debian.org> Wed, 15 Oct 2008 23:04:26 -0200