-
ruby-passenger (4.0.37-2) unstable; urgency=medium
* Cherry-pick upstream commit to fix CVE-2014-1832.
The fix for CVE-2014-1831 was incomplete.
- Add CVE-2014-1832.patch
-- Felix Geyer <email address hidden> Sat, 08 Mar 2014 19:27:27 +0100
-
ruby-passenger (4.0.35-1) unstable; urgency=low
* Team upload
[ Felix Geyer ]
* Import the upstream release signing key for uscan to verify the tarball.
[ Cédric Boutillier ]
* Imported Upstream version 4.0.35
* Drop rubygems from Depends since it is shipped by Ruby1.9+
* Bump Standards-Version to 3.9.5 (no changes needed)
* debian/patches:
- drop fix_ftbfs_fortify_source.patch, applied upstream
- refresh fix_install_path.patch and no_jsoncpp.patch
- add bin_load_path.patch to prevent load_path manipulation in bin/*
* Fix installation path for (multiarch) Ruby2.0
* Replace debian/upstream-signing-key.pgp by its armored ASCII version
* Install NEWS as the upstream changelog
-- Cédric Boutillier <email address hidden> Thu, 16 Jan 2014 12:53:56 +0100
-
ruby-passenger (4.0.25-2) unstable; urgency=low
* Fix building the documentation. (Closes: #680357)
- Build-depend on ruby-mizuho.
-- Felix Geyer <email address hidden> Sat, 30 Nov 2013 19:12:13 +0100
-
ruby-passenger (4.0.25-1) unstable; urgency=low
* New upstream release.
* Refresh fix_install_path.patch.
* Build for Ruby 2.0 instead of 1.8. (Closes: #725591)
* Add fix_ftbfs_fortify_source.patch.
* Install passenger template files.
-- Felix Geyer <email address hidden> Sat, 23 Nov 2013 23:50:02 +0100
-
ruby-passenger (4.0.10-1) unstable; urgency=low
* New upstream release. (Closes: #711906)
* Stop repacking the upstream tarball as it doesn't contain any minified
javascript files anymore.
- Add valgrind.h license to the copyright file.
- Drop libjs-scriptaculous from build-depends.
* Refresh fix_install_path.patch.
* Drop fix_ftbfs_glibc217.patch, CVE-2013-2119.patch and CVE-2013-4136.patch,
applied upstream.
* Point PassengerRoot to the locations.ini in passenger.conf.
* Pass CXXFLAGS, CPPFLAGS and LDFLAGS to the build system.
* Add ruby1.9.1 as an alternative dependency to rubygems. (Closes: #683511)
* Add myself as Uploader.
* Fix the watch file.
* Use dh-autoreconf.
* Bump Standards-Version to 3.9.4, no changes needed.
* Don't build the embedded jsoncpp source as it's not actually used.
- Add no_jsoncpp.patch.
-- Felix Geyer <email address hidden> Tue, 06 Aug 2013 23:08:29 +0200
-
ruby-passenger (3.0.13debian-1.2) unstable; urgency=high
* Non-maintainer upload.
[ Laurent Bigonville ]
* debian/control: Use canonical VCS URL
* debian/control: Move libapache2-mod-passenger to httpd section
[ Felix Geyer ]
* Cherry-pick another commit to properly fix CVE-2013-2119.
* Fix CVE-2013-4136: insecure tmp files usage. (Closes: #717176)
- Add CVE-2013-4136.patch, backported from upstream.
-- Felix Geyer <email address hidden> Sun, 21 Jul 2013 10:41:42 +0200