ruby-rack (2.1.4-3+deb11u2) bullseye-security; urgency=medium * Non-maintainer upload. * CVE-2024-25126: ReDoS in Content Type header parsing * CVE-2024-26141: Reject Range headers which are too large * CVE-2024-26146: ReDoS in Accept header parsing * Closes: #1064516 -- Adrian Bunk Thu, 02 May 2024 23:46:12 +0300 ruby-rack (2.1.4-3+deb11u1) bullseye-security; urgency=high * Add patch to restrict broken mime parsing. (Fixes: CVE-2022-30122) * Add patch to escape untrusted text when logging. (Fixes: CVE-2022-30123) * Add patch to fix ReDoS in Rack::Utils.get_byte_ranges. (Fixes: CVE-2022-44570) (Closes: #1029832) * Add patch to fix ReDoS vulnerability in multipart parser. (Fixes: CVE-2022-44571) (Closes: #1029832) * Add patch to forbid control characters in attributes. (Fixes: CVE-2022-44572) (Closes: #1029832) * Add patch to limit all multipart parts, not just files. (Fixes: CVE-2023-27530) (Closes: #1032803) * Add patch to avoid ReDoS problem. (Fixes: CVE-2023-27539) (Closes: #1033264) -- Utkarsh Gupta Thu, 08 Jun 2023 03:22:23 +0530 ruby-rack (2.1.4-3) unstable; urgency=medium * Team upload. * Fix tests when run on ipv6-only hosts (Closes: #979432) -- Antonio Terceiro Sat, 27 Feb 2021 09:30:57 -0300 ruby-rack (2.1.4-2) unstable; urgency=medium * Revert "Drop all patches" - Rack::Builder::parse_file#test_0006_strips leading unicode byte order mark when present still fails in i386 and stuff. Meh, I'll take a look later. -- Utkarsh Gupta Sun, 03 Jan 2021 17:49:29 +0530 ruby-rack (2.1.4-1) unstable; urgency=medium [ Pirate Praveen ] * New upstream version 2.1.4 * Bump Standards-Version to 4.5.1 (no changes needed) * Drop patches applied upstream [ Utkarsh Gupta ] * Drop all patches -- Utkarsh Gupta Sun, 03 Jan 2021 17:25:43 +0530 ruby-rack (2.1.1-6) unstable; urgency=medium [ Cédric Boutillier ] * [ci skip] Update team name * [ci skip] Add .gitattributes to keep unwanted files out of the source package [ Debian Janitor ] * Apply multi-arch hints. + ruby-rack: Add :all qualifier for ruby dependency. [ Utkarsh Gupta ] * When parsing cookies, only decode the values. Patch utils to fix cookie parsing. (Fixes: CVE-2020-8184) (Closes: #963477) -- Utkarsh Gupta Sat, 02 Jan 2021 17:42:02 +0530 ruby-rack (2.1.1-5) unstable; urgency=medium * Add patch to use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters (Fixes: CVE-2020-8161) -- Utkarsh Gupta Thu, 21 May 2020 17:06:27 +0530 ruby-rack (2.1.1-4) unstable; urgency=medium * Remove ruby-minitest-global-expectations from Depends * Add ruby-minitest-global-expectations for tests -- Utkarsh Gupta Fri, 10 Apr 2020 18:37:00 +0530 ruby-rack (2.1.1-3) unstable; urgency=medium * Add patch to skip random failure (probably fixed in later upstream version) -- Utkarsh Gupta Fri, 10 Apr 2020 04:21:09 +0530 ruby-rack (2.1.1-2) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. [ Utkarsh Gupta ] * Shoot to unstable * Enable tests :D * Add BD on ruby-minitest-global-expectations * Add runtime dependency on ruby-minitest-global-expectations * Fix package wrt cme * Use AUTOPKGTEST_TMP in tests as ADTTMP is deprecated * Add myself as an uploader * Add Rules-Requires-Root: no * Add Breaks for ruby-rack-oauth2 -- Utkarsh Gupta Fri, 10 Apr 2020 03:43:38 +0530 ruby-rack (2.1.1-1) experimental; urgency=medium * Team upload * New upstream version 2.1.1 * Bump Standards-Version to 4.4.1 (no changes needed) * Switch test to minitest (but disable tests because build deps not packaged) * Switch to github tarballs for tests * Upload to experimental because autopkgtest for berkshelf-api coquelicot nanoc rails redmine ruby-acts-as-api ruby-faye ruby-grape ruby-moneta ruby-omniauth ruby-rack-attack ruby-rack-oauth2 ruby-rack-openid ruby-voight-kampff failed and rebuilds of berkshelf-api coquelicot nanoc redmine ruby-grape ruby-omniauth ruby-rack-oauth2 ruby-warden failed -- Pirate Praveen Sun, 12 Jan 2020 20:00:24 +0530 ruby-rack (2.0.7-2) unstable; urgency=medium * Team upload * Re-upload to unstable * Add salsa-ci.yml * Bump Standards-Version to 4.4.0 * Bump debhelper-compat to 12 -- Utkarsh Gupta Tue, 03 Sep 2019 00:22:18 +0530 ruby-rack (2.0.7-1) experimental; urgency=medium * Team upload * New upstream version 2.0.7 -- Utkarsh Gupta Wed, 15 May 2019 21:13:44 +0530 ruby-rack (2.0.6-3) unstable; urgency=medium * Team upload. * add Breaks: ruby-sinatra (<< 2), as ruby-sinatra 1.x does not work with ruby-rack 2. -- Antonio Terceiro Fri, 11 Jan 2019 10:11:26 -0300 ruby-rack (2.0.6-2) unstable; urgency=medium * Team upload * Re-upload to unstable -- Sruthi Chandran Thu, 03 Jan 2019 21:42:53 +0530 ruby-rack (2.0.6-1) experimental; urgency=medium * Team upload * New upstream release * Remove CVE-2018-16471.patch already applied upstream -- Sruthi Chandran Mon, 24 Dec 2018 22:11:29 +0530 ruby-rack (2.0.5-2) experimental; urgency=medium * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005) * debian/control: - Add myself to Uploaders. - Bump Standards-Version to 4.2.1. - wrap-and-sort -sa. * Drop trailing whitespace in debian/changelog. * Use HTTPS URI in debian/copyright. -- Chris Lamb Wed, 21 Nov 2018 14:58:29 +0100 ruby-rack (2.0.5-1) experimental; urgency=medium * Team upload [ Pirate Praveen ] * Drop 0001-Fix-Params_Depth.patch (applied upstream) [ Sruthi Chandran ] * New upstream release -- Sruthi Chandran Tue, 01 May 2018 17:10:47 +0530 ruby-rack (1.6.4-4) unstable; urgency=medium * Team upload. [ Cédric Boutillier ] * Use https:// in Vcs-* fields * Run wrap-and-sort on packaging files [ Christian Hofstaedtler ] * Remove uninstallable ruby-memcache-client from test dependencies * Bump Standards-Version to 3.9.8 -- Christian Hofstaedtler Wed, 13 Jul 2016 01:59:31 +0200 ruby-rack (1.6.4-3) unstable; urgency=medium * Team upload * Bump compat. version to 9 * Update Debian packaging using dh-make-ruby * d/control: Update Vcs-* fields (switch to cgit and https everywhere) Bump Standards-Version to 3.9.7 (no changes) Move to ruby-dalli (memcache-client is deprecated) ROM for ruby-memcache-client https://github.com/rack/rack/issues/1025 Remove librack-ruby* relations (those packages are long gone) -- Sebastien Badia Thu, 03 Mar 2016 16:24:53 -0300 ruby-rack (1.6.4-2) unstable; urgency=medium * Upload to unstable -- Antonio Terceiro Sat, 12 Dec 2015 16:08:31 -0200 ruby-rack (1.6.4-1) experimental; urgency=medium * Team upload * New upstream release * Refresh patch (part merged upstream) -- Pirate Praveen Fri, 07 Aug 2015 01:16:26 +0530 ruby-rack (1.5.2-4) unstable; urgency=medium * Add patch: Fix upstream Issue 631 - uninitialized constant Rack::Response::BodyProxy * Create cherry-picked patch for Security Fix (Closes: #789311) - CVE-2015-3225: 1-4-deep_params.patch -- Youhei SASAKI Wed, 29 Jul 2015 17:32:29 +0900 ruby-rack (1.5.2-3) unstable; urgency=medium * add myself to Uploaders: * debian/ruby-tests.rake: run all tests instead of a subset of them * debian/tests/control: add a gem2deb-test-runner test -- Antonio Terceiro Fri, 17 Oct 2014 09:41:28 -0300 ruby-rack (1.5.2-2) unstable; urgency=medium * Team upload. * Rebuild with recent gem2deb to make package visible to Rubygems on all Ruby interpreters * Drop transitional packages * Add autopkgtest smoke test -- Antonio Terceiro Thu, 24 Jul 2014 19:24:55 -0300 ruby-rack (1.5.2-1) unstable; urgency=low * Team upload. [ Cédric Boutillier ] * debian/control: remove obsolete DM-Upload-Allowed flag * use canonical URI in Vcs-* fields [ Christian Hofstaedtler ] * New upstream release. * Removed all patches, already applied upstream. -- Christian Hofstaedtler Mon, 03 Jun 2013 15:56:09 +0200 ruby-rack (1.4.1-2.1) unstable; urgency=high [ KURASHIKI Satoru ] * Non-maintainer upload. * Create cherry-picked patches for Security Fix (Closes: #700173 #700226). - CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch - CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch [ Youhei SASAKI ] * Create cherry-picked patches for Security Fix (Closes: #698440). - CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch - CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch - CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch -- KURASHIKI Satoru Wed, 20 Feb 2013 20:56:31 +0900 ruby-rack (1.4.1-2) unstable; urgency=low * Bump build dependency on gem2deb to >= 0.3.0~ -- Antonio Terceiro Mon, 25 Jun 2012 15:07:51 -0300 ruby-rack (1.4.1-1) unstable; urgency=low * New Upstream version 1.4.1 * Bump standard version: 3.9.3 * Add Build-Depends: rake, bacon, ruby-memcache-client, thin * Add d/s/local-options: Update patch handling * Update ruby-tests.rb to ruby-tests.rake: running full test -- Youhei SASAKI Wed, 07 Mar 2012 01:00:16 +0900 ruby-rack (1.4.0-1) unstable; urgency=low * New upstream release (closes: #653963). -- Paul van Tilburg Tue, 03 Jan 2012 22:39:13 +0100 ruby-rack (1.3.5-1) unstable; urgency=low * New upstream release. * Fix my email address. * Fix priority of transitional packages. * TESTS ARE DISABLED: many dependencies required for tests are not packaged yet. -- Lucas Nussbaum Wed, 21 Dec 2011 10:52:37 +0100 ruby-rack (1.3.1-1) unstable; urgency=low * New upstream release: 1.3.1 * Bump Standard version: 3.9.2 * Add me to Uploaders * Add ruby-bacon to Build-Depends * Add manpage for rackup Closes: #606910 - Thanks to Glido Fiorito -- Youhei SASAKI Tue, 26 Jul 2011 00:57:23 +0900 ruby-rack (1.2.2-2) unstable; urgency=low * Add transitional packages from librack-ruby. -- Lucas Nussbaum Tue, 26 Apr 2011 16:34:08 +0200 ruby-rack (1.2.2-1) unstable; urgency=low * Switch to gem2deb-based packaging. Rename source and binary package. * libopenssl-ruby was merged in the main ruby package. Closes: #574960 Closes: #592416. * new upstream release. * TESTS ARE DISABLED: many dependencies required for tests are not packaged yet. -- Lucas Nussbaum Tue, 26 Apr 2011 15:44:15 +0200 librack-ruby (1.1.0-4) unstable; urgency=low * Team upload. * This package is now maintained within the Debian/Ruby Extras team. * debian/control: - Added the team (and myself) to the uploaders. - Updated the Vcs-* fields. * Version the dependency between librack-ruby and librack-ruby1.8. Closes: #583553 * Rename the 1.9.1 binary to rackup1.9.1 -- Lucas Nussbaum Sat, 18 Sep 2010 08:31:46 +0200 librack-ruby (1.1.0-3) unstable; urgency=low * adopt package * add Conflicts/Replaces from librack-ruby1.9.1 to librack-ruby1.9 because of /usr/bin/rackup1.9 (Closes: #570435) -- Ryan Niebur Sat, 13 Mar 2010 12:14:56 -0800 librack-ruby (1.1.0-2) unstable; urgency=low * Move to ruby1.9.1 (Closes: #569884). * Removed unused lintian override. * Bumped up Standards-Version. -- Sebastien Delafond Mon, 15 Feb 2010 19:42:49 +0100 librack-ruby (1.1.0-1) unstable; urgency=low * New upstream release. -- Sebastien Delafond Fri, 08 Jan 2010 18:50:25 +0100 librack-ruby (1.0.1-1) unstable; urgency=low * New upstream release. * Bumped up Standards revision. * Moved to CDBS. * Lintian cleanups. -- Sebastien Delafond Wed, 21 Oct 2009 11:36:29 +0200 librack-ruby (1.0.0-1) unstable; urgency=low * New upstream release. * Added debian/watch file. * Bumped up Standards version to 3.8.1. * BUmped up debhelper compat level to 6. * Moved to section "ruby". * Added proper versioned dependency on debhelper (for dh_lintian). * Updated short description for librack-ruby1.8. -- Sebastien Delafond Tue, 28 Apr 2009 02:14:00 -0700 librack-ruby (0.9.1-1) unstable; urgency=low * New upstream release (Closes: #516855). -- Sebastien Delafond Mon, 23 Feb 2009 19:29:20 -0800 librack-ruby (0.3.0-2) unstable; urgency=low * Corrected short description for librack-ruby1.8 -- Sebastien Delafond Wed, 07 May 2008 14:13:26 -0700 librack-ruby (0.3.0-1) unstable; urgency=low * Initial Release (Closes: #480035). -- Sebastien Delafond Wed, 07 May 2008 11:28:30 -0700