Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)

With this debdiff, the build test results are the same as before and the test-ruby1.9.1.py test from lp:qa-regression-testing has the same test results.

I've submitted all remaining deltas to Debian:

Rubygems should use ca-certificates: http://bugs.debian.org/689074
CVE-2012-4522.patch causes a build test error: http://bugs.debian.org/701142
CVE ID patch name confusion: http://bugs.debian.org/701144

The last two are minor and we can eventually drop them if Debian doesn't pick up the changes.

Thanks! Debdiff looks good, ACK. Uploading to raring now.

This bug was fixed in the package ruby1.9.1 - 1.9.3.194-7ubuntu1

---------------
ruby1.9.1 (1.9.3.194-7ubuntu1) raring; urgency=low

  * Merge from Debian testing (LP: #1131493). Remaining changes:
    - debian/control: Add ca-certificates to libruby1.9.1 depends so that
      rubygems can perform certificate verification
    - debian/rules: Don't install SSL certificates from upstream sources
    - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
      /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
  * Changes dropped:
    - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch
      for this issue.
    - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is
      carrying a patch for this issue, but the patch is incorrectly named
      20120927-cve_2011_1005.patch. I'll work with Debian to change the patch
      name, but there's no need in carrying a delta because of this. To be
      clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and
      CVE-2012-4466, despite the incorrect patch name.
  * debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error.
    Use the version of the fix from upstream's 1.9.3 tree to fix the
    NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust
    the Origin patch tag accordingly.

ruby1.9.1 (1.9.3.194-7) unstable; urgency=high

  * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
    unsafe object creation vulnerability in JSON (Closes: #700471)

ruby1.9.1 (1.9.3.194-6) unstable; urgency=high

  [Nobuhiro Iwamatsu]
  * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting
    vulnerability in documentation generated by RDOC (Closes: #699929)

ruby1.9.1 (1.9.3.194-5) unstable; urgency=high

  * Disable running the test suite during the build on sparc again. Keeping
    urgency=high because the previous release, which contains a security bug
    fix, did not reach testing yet because of a segfault when running tests in
    the sparc buildd.

ruby1.9.1 (1.9.3.194-4) unstable; urgency=high

  [ James Healy ]
  * debian/patches/CVE-2012-5371.patch: avoid DOS vulnerability in hash
    implementation, this fixes CVE-2012-5371. (Closes: #693024).

ruby1.9.1 (1.9.3.194-3) unstable; urgency=high

  * debian/patches/CVE-2012-4522.patch: avoid vulnerability with strings
    containing NUL bytes passed to file creation methods. This fixes
    CVE-2012-4522 (Closes: #690670).

ruby1.9.1 (1.9.3.194-2) unstable; urgency=low

  * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream;
    fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x
    series (Closes: #689075). Thanks to Tyler Hicks <email address hidden>
    for reporting the issue.
 -- Tyler Hicks <email address hidden> Thu, 21 Feb 2013 17:11:23 -0800