Changelog
ruby-rails-2.3 (2.3.11-1) unstable; urgency=low
[ Ondřej Surý ]
* Convert package to gem2deb format
* Split the package to individual gems instead of one big bundle
* Rename rails-ruby1.8 to ruby-rails-2.3
* Move the package under the pkg-ruby-extras umbrella
* Merge src:rails patches:
+ Change default listening socket to 127.0.0.1 from 0.0.0.0
+ Fix documentation about default listening address
+ Modified a string that recommends the user to do Very Bad Things
* Use RAILS_VERSION from metadata.yml to generate dependencies
* Add Depends/Replaces/Conflicts on rails-ruby1.8
* B-D on gem2deb (>= 0.2.4)
* Add require-rubygems.overrides
* Install rails binaries to /usr/lib/ruby/vendor_ruby/railties/bin
* Install rest of railties not handled by gem2deb
* Use prototype.js provided by Debian package
* Merge lintian-overrides from src:rails
* Add rails and rails_generator symlinks to railties subdirectory
* Use javascripts from libjs-scriptaculous
* Update lintian-overrides
* Double lintian-overrides to shut-up both lintian.debian.org and
local lintian
* Install upstream README
* Update upstream copyright (sorry goes to ftp-masters)
* Update copyright file to include all authors and all embedded
javascript libraries (later to be removed), Debian packaging copyright
relicensed to GPL-3+
rails (2.3.11-0.1) unstable; urgency=low
* Non-maintainer upload.
* Imported Upstream version 2.3.11
+ Fix for CVE-2011-0446 and CVE-2011-0447
rails (2.3.5-1.2) unstable; urgency=high
* Non-maintainer upload.
[ Laurent Bigonville ]
* Fix documentation about default listening address (Closes: #583149)
[ Gunnar Wolf ]
* Modified a string that recommends the user to do Very Bad Things
(Closes: #603048)
rails (2.3.5-1.1) unstable; urgency=low
* Non-maintainer upload.
* Added missing build-dependencies for rails-ruby1.8 on libactionpack-
ruby1.8, libactionmailer-ruby1.8 and libactiveresource-ruby1.8
(Closes: #587048)
* Fixed broken symlink to railties on new project generator (Closes:
#583219)
rails (2.3.5-1) unstable; urgency=low
* New upstream release (closes: #547658)
* Package is now split up and non-core rails components, like AR, are on
the ruby load path. (closes: #469524, #517328)
* debian/control
+ Depend on rubygems.
+ Suggest thin or thin1.8 as a possible server to run your production
environment on. This is particularly useful if it is already being
proxied.
+ xml-simple is no longer used by rails
+ Updated Standard to 3.8.4
rails (2.2.3-1) unstable; urgency=high
* New upstream release (closes: #545063)
+ Fixes XSS security hole [CVE-2009-3009]
+ Fixes timing issue with cookie store [CVE-2009-3086]
* Remove dependency on ruby-dbi, as it is not required by any of the
sources.
* Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
(closes: #538982)
* debian/control
+ Change section from web to ruby
+ Updated to debhelper 7.0+
+ Standards updated to 3.8.3 - no changes
rails (2.2.2-1.1) unstable; urgency=low
* Non-maintainer upload.
* Build-depends on rubygems. (Closes: #522009)
rails (2.2.2-1) unstable; urgency=low
* New upstream release (closes: #510580, 510580)
+ fixes the problem with migration with symbolic field types
(closes: #511860)
* debian/control:
+ Depend on Rake 0.8.3 or later
+ Build-Depends-Indep on libmocha-ruby for unit tests
+ Move most of the build dependencies to Build-Depends-Indep
+ Remove the predepends as Lenny is released
* Load XMLSimple without specifying a path (closes: #514582)
* Add an explanation how to configure non-packaged rails adds to work
with Debian version of rails. Also include a tiny script to help in
this effort. Tomas Pospisek provided the patch. (closes: #499187)
rails (2.1.0-5) unstable; urgency=high
* Sanitize the URLs passed to redirect_to to prevent a potential
response splitting attack. Patch from upstream.
rails (2.1.0-4) unstable; urgency=low
* Added a fix for binary data corruption with PostgreSQL backend. This
occurred whenever the binary data included ASCII value of \ followed
by three numbers.
* The fix in ActiveRecord to address SQL injection in :limit and :offset
was not complete. MySQL backend was still affected as it redefined the
problematic functions. Pulled in upstream patch. CVE-2008-4094
(closes: #500791)
rails (2.1.0-3) unstable; urgency=high
* Security fix pulled from upstream for a REXML expansion
DoS. (CVE-2008-3790)
rails (2.1.0-2) unstable; urgency=low
* Remove dependency on rubygems for the build process. (closes:
#490419)
* Use also use Debian supplied gems 'builder' and 'xml-simple'
instead of using the upstream's supplied version, which is
redundant.
* Remove extraneous depends on rubygems. It is already depended on
through libruby1.8-extras (closes: #491125)
rails (2.1.0-1) unstable; urgency=low
* New upstream release
+ No longer breaks with ruby 1.8.7 (closes: #484351)
* Use libjs-prototype prototype library instead of upstream
bundled (closes: #475288)
* Added Vcs-* and Homepage data to debian/control
* doc-base section changed to 'Programming'
rails (2.0.2-2) unstable; urgency=low
* Added upstream patch from ticket #11127 to support the newer
ruby-pg. (closes: #476449)
* Added dependency on rubygems (closes: #468206)
* Sqlite3 is now the default DB used, if another is not specified when
the project is initially created. (closes: #468803)
rails (2.0.2-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix FTBFS by replacing File.cp with a simple "cp" call. Patch by Michael
Schulte, thanks. (Closes: #464285)
rails (2.0.2-1) unstable; urgency=low
* New upstream release
+ SQLite3 is now the default database, instead of MySQL
+ [config/environments/production.rb] production mode will now
longer cache templates meaning they will load A LOT faster but for
any changes to appear, one will have to reload the entire
application.
rails (2.0.1-2) unstable; urgency=low
* Added Pre-Depends on dpkg (>= 1.10.24) as a workaround to Debian
install scripts do not seem to be updated since beginning
of century. Can't upload bzip2 deb compressed deb without adding
this superfluous depend.
* Move libmocha-ruby1.8 from Depends to Recommends as it is only
needed for unit testing.
* Give in and depend on libruby1.8-extras. We need this to satisfy
dependencies on OpenSSL and the ever so popular rubygems, though
rails will continue to work if rubygems 'gem' fails.
rails (2.0.1-1) unstable; urgency=low
* New upstream release (closes: #454909)
+ ActionWebservice is no more - rolled into ActionResource
+ SOAP support removed
* Use bzip2 to compress the deb, instead of the default (gzip)
* Update Standards version to 3.7.3 - no changes needed
* Added a lot more exceptions to lintian checks - rails does not
need all script executable.
rails (1.2.6-1) unstable; urgency=high
* New upstream release
+ Fixes a previous session-fixation attack vector that was not
completely fixed (see 1.2.5-1 changelog) [CVE-2007-6077] (closes:
#452748)
* Use bash systax in bash script instead of ruby syntax. Fixes the
-I/--internal parameter so one can pass switches directly to the
upstream rails ruby script (closes: #381295, #390886)
rails (1.2.5-1) unstable; urgency=low
* This is a new upstream release that addresses problems not
corrected in 1.2.4 or regressions.
+ to_json XSS [CVE-2007-3227] is really closed now
+ Potential Information Disclosure or DoS with Hash#from_xml
[CVE-2007-5379]
+ Session Fixation attacks. [CVE-2007-5380] URL based sessions are
now disabled by default. Session ids are only accepted from
cookies by default now.
rails (1.2.4-1) unstable; urgency=low
* New upstream release. Fixes at least 2 XSS bugs.
+ Secure #sanitize, #strip_tags, and #strip_links helpers against
xss attacks. Upstream changeset 7589
+ to_json did not escape values which allows for XSS. Applied
upstream changesets 6893, 6894. This bug as also been assigned
designation CVE-2007-3227 (closes: #429177)
* Add dependency on Sqlite3 as ActiveRecord supports this DB as
well
* Add dependency on libmocha which is needed by some unit tests
rails (1.2.3-2) unstable; urgency=low
* Add mojo for doc-base document registration thanks to the patch by
Remi Vanicat. (closes: 386689)
* Upload to Sid now that Etch is out
rails (1.2.3-1) experimental; urgency=low
* New upstream release
rails (1.2.2-2) experimental; urgency=low
* We cannot remove the link vendor/rails, but we can point it so it
is not recursive. Recursive links seem to break eclipse and lack
of vendor/rails breaks rails.
The link target will create a non-recursive link, but a rails
deployment that copies the rails directories will still contain
recursive symlink. The problem is really in Eclipse though. It
should handle recursive symlinks.
rails (1.2.2-1) experimental; urgency=low
* New upstream release (closes: #408688)
* Remove link that crashes eclipse (closes: #405344)
rails (1.1.6-3) unstable; urgency=low
* Remove the 12_options patch which actually breaks select.
(closes: #406658)
rails (1.1.6-2) unstable; urgency=low
* [12_options] Fixes inconsistent behavior of select helper
functions.
* Added libfcgi-ruby1.8 to Suggests
* Conflict with libdevel-logger-ruby1.8 until after Etch is released
(closes: #405555)
rails (1.1.6-1) unstable; urgency=emergency
* New upstream 'security hole fix' release
+ This one fixes the fix in 1.1.5 as that one was still
vulnerable. (closes: #382255)
rails (1.1.5-1) unstable; urgency=emergency
* New upstream release
+ Fixes a remote security hole [Bugtraq 19454]
rails (1.1.4-2) unstable; urgency=low
* Change default listening socket to 127.0.0.1 from 0.0.0.0
rails (1.1.4-1) unstable; urgency=low
* New upstream release
* Moved build-depends-indep to build-depends to prevent build
failures.
rails (1.1.2-1) unstable; urgency=low
* New upstream release
* Added support to specify database name (using -D) and to specify
options that will be passed to rails script directly (-I). Added
these to manpage as well. (closes: #361990)
* Depend and build-depend on rake >7.0 (closes: #362890)
* Updated standards to version 3.7.2. No changes.
rails (1.1.0release-1) unstable; urgency=low
* New upstream release
* Added a link to railties/config directory as an example of
configuration files
rails (1.1.0rc1-2) unstable; urgency=low
* Fixed a problem that prevents rails from creating new projects
thanks to Nobuhiro IMAI (closes: #359227)
rails (1.1.0rc1-1) unstable; urgency=low
* New upstream version.
+ Fixes FTBFS with new rdoc (closes: #357011)
* Changed vendor/rails link to be relative, not absolute when first
created.
rails (1.0.0-2) unstable; urgency=low
* Applied a patch to correctly set rdoc options. (closes: #357001)
rails (1.0.0-1) unstable; urgency=low
* New upstream release
+ Now handles multiple databases (closes: #341496)
* Modified Suggests: to include mod_fcgid (closes: #339953)
rails (0.14.3-1) unstable; urgency=low
* New upstream release
* Modified Suggests: to include mod-ruby for Apache2 users. (closes:
#331233)
* Build-Depend on rake > 0.6.0 (closes: #333700)
* /usr/bin/rails now creates a rails->. symlink in vendor directory. This is
needed to sidestep the gems requirements
rails (0.13.1-2) unstable; urgency=low
* Fixed logger problems such that it works with both 1.8.2 and 1.8.3
(closes: #330400). Upstream changes are:
+ Fixed clean logger to work with Ruby 1.8.3 Logger class (#2245)
+ Clean logger is compatible with both 1.8.2 and 1.8.3 Logger. (#2263)
[Michael Schuerig <email address hidden>]
rails (0.13.1-1) unstable; urgency=low
* New upstream release
rails (0.13.0-1) unstable; urgency=low
* New upstream release
+ Fixes problem with action web service (closes: #317044)
* Remove an unnecessary depend on libtest-unit-ruby (closes: #315254)
* Updated standards to 3.6.2
rails (0.12.1-2) unstable; urgency=low
* Enabled patch supporting PostgreSQL schemas
* Added routing patch (upstream patch 1375). This patch changes routing such
that the longest possible path is matched against the controller, not the
first possible path.
rails (0.12.1-1) unstable; urgency=low
* New upstream release. Packaged SVN changeset 1234 as rails 0.12.1 due to
lack of upstream tag (closes: #306389)
* Added some upstream patches
+ Fixed acts_as_list where deleting an item that was removed from the
list would ruin the positioning of other list items #1197 [Jamis Buck]
+ This patch adds new options `encoding' and `min_messages' to
database.yml for PostgreSQL
+ Patch removing extraneous comma in count() (#1156)
rails (0.12.0-1) unstable; urgency=low
* New upstream release
rails (0.11.1-3) unstable; urgency=low
* Turned off ActiveRecord::Base.@@colorize_logging. Colorized logs are
difficult to view on any other than background than black and difficult to
parse.
rails (0.11.1-2) unstable; urgency=low
* Fixed the Inflector patch
rails (0.11.1-1) unstable; urgency=low
* New upstream release
* Added some patches (submitted upstream to #950, #962) that should add
support for PostgreSQL schemas to Fixtures as well as to enable static
mapping between table names and classes using set_table_name (only set in
Inflector if the name is not the one guessed).
rails (0.11.0-2) unstable; urgency=low
* Fix broken config/environment.rb to use "old" vendor directories.
rails (0.11.0-1) unstable; urgency=low
* New upstream release
- Ajax, Pagination, Non-vhost, Incoming mail support
* Included tmail in the vendor distribution. Rails extended tmail with some
new code and Debian's distribution of tmail is not sufficient.
rails (0.10.1-7) unstable; urgency=low
* Hmmmm. Fixed the missing Depends problem.. (closes: #300637)
rails (0.10.1-6) unstable; urgency=low
* Simplify depends. libruby >= 1.8.2-3 reduces the number of packages in the
archive. Thank you ruby mainteiners!
rails (0.10.1-5) unstable; urgency=low
* Added rdoc to build depends thanks to Roland Stigge (closes: #299381)
rails (0.10.1-4) unstable; urgency=low
* Added libredcloth-ruby1.8 to Depends. Now if someone would package
bluecloth as well (hint, hint!)
rails (0.10.1-3) unstable; urgency=low
* Rewrote /usr/bin/rails to accomodate updates
+ /vendor and upstream documentation are now symlinks by default. -l
command line option was removed. This allows for automated updates to
latest rails.
+ Added -C command line option one wants a copy of /vendor or rails
documentation instead of symlinks
+ Added -F commend line option to force overwrite of user files during an
update
* Rails documentation is now pregenerated and located in
/usr/share/doc/rails/html.
* Added rake as a build dependecy
rails (0.10.1-2) unstable; urgency=low
* Updated dependencies. All dependencies now checked. Some non-critical
ones like memcache are missing in Debian, but rails should be unaffected.
rails (0.10.1-1) unstable; urgency=low
* New upstream release
* Fix more missing dependencies
* Removed bash>3 dependency in /usr/bin/rails script (closes: #298180)
* Added a watch file to monitor later upstream version. Not good for updates
though since upstream doesn't seem to have a true source tar.gz file.
Source distribution only available from tagged svn.
* Set default socket for MySQL to /var/run/mysqld/mysqld.sock thanks for a
patch from Alberto Brealey-Guzman (closes: #298258)
rails (0.10.0-1) unstable; urgency=low
* New upstream release
+ Adds web service support (actionwebservice)
+ Adds URI routing to end the Apache mod_rewrite hell
+ Added Oracle support. Rails now supports PostgreSQL, MySQL, SQLite,
MSSQL and Oracle database backends.
+ and many bug fixes
* Fixed depend
rails (0.9.5-1) unstable; urgency=low
* Initial Release (closes: #293055)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 15 Jun 2011 15:15:48 +0000