rails (2:4.1.8-1) unstable; urgency=medium * New upstream release - Includes only bug fixes and no behavior changes. In special, includes fix for [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence disclosure in Action Pack) (Closes: #770934) * Add new transitional binary package ruby-activesupport-2.3 plus appropriate Breaks:/Replaces: fieds in all binary packages to ensure upgrades from wheezy work (Closes: #768850) - Many thanks to Andreas Beckmann for helping debug the upgrade issue. -- Antonio Terceiro Tue, 25 Nov 2014 16:51:50 -0200 rails (2:4.1.6-2) unstable; urgency=medium * fix upgrades from wheezy: - Remove Breaks: against old packages provided by previous versions of Rails The Replaces: fields, left untouched, outght to be enough. - ruby-actionview: Replaces ruby-actionpack-{2.3,3.2} since ruby-actionview contains files that used to be in ruby-actionpack-* - ruby-railties: Breaks/Replaces rails (<< 2:4) since ruby-railties contains /usr/bin/rails which used to be in rails. * debian/copyright: minor updates -- Antonio Terceiro Tue, 30 Sep 2014 18:33:36 -0300 rails (2:4.1.6-1) unstable; urgency=medium * New upstream release * debian/patches/relax-dependencies.patch: dropped, not necessary anymore -- Antonio Terceiro Fri, 26 Sep 2014 15:59:24 -0300 rails (2:4.1.5-1) unstable; urgency=high * New upstream release - Fixes CVE-2014-3514: data validation bypass vulnerability * debian/watch: update to fetch new releases from github. -- Antonio Terceiro Mon, 18 Aug 2014 15:19:04 -0300 rails (2:4.1.4-5) unstable; urgency=medium * ruby-actionmailer: relax dependency on ruby-mail to work with the 2.6.x series -- Antonio Terceiro Mon, 04 Aug 2014 14:38:18 -0300 rails (2:4.1.4-4) unstable; urgency=medium * ruby-rails: - add Recommends: - ruby-jquery-rails - ruby-coffee-rails - ruby-sqlite3 - ruby-sass-rails - ruby-uglifier - ruby-spring - ruby-turbolinks - ruby-jbuilder - ruby-sdoc - add Breaks/Replaces: rails3 - bump Depends: ruby-sprockets-rails to (>= 2.1.3-1~) - add Depends: ruby-treetop - move ruby-activesuppport-3.2 from Breaks: to Conflicts: - remove Breaks: rails (<< 2:4.1) since we now also provide a `rails`` binary * ruby-railties: - remove Breaks: rails (<< 3:3.2.0) * ruby-actionmailer: - drop Depends: ruby-mail (<< 2.6) cfe https://github.com/rails/rails/commit/bb0890d * debian/tests/control: fix test dependencies to rails and *not* rails-3.2; add needs-recommends instead of explicitly listing the recommended packages * debian/patches/mona_lisa.jpg_is_PD-Art_and_has_been_removed.patch: removed as it does not make sense anymore (mona_lisa.jpg is just there). -- Antonio Terceiro Sun, 03 Aug 2014 00:24:26 -0300 rails (2:4.1.4-3) unstable; urgency=medium * Re-add `rails` binary package * Improve description for ruby-railties -- Antonio Terceiro Sat, 26 Jul 2014 10:12:46 -0300 rails (2:4.1.4-2) unstable; urgency=medium [ Antonio Terceiro ] * Don't install nonsensical binary from activesupport [ Ondřej Surý ] * Merge autopkgtests from rails-3.2 * Add missing sources for shCore.js and jquery.min.js * Upload to unstable since no objections were raised to the RoR Debian transition plan * Remove repack script since there's nothing non-free in the upstream tarball (Closes: #742407) * Keep the guides/ (CC-BY-SA-3.0) and mona_lisa.jpg (PD), but document that in d/copyright -- Ondřej Surý Wed, 16 Jul 2014 17:19:07 +0200 rails (2:4.1.4-1) experimental; urgency=medium [ Antonio Terceiro ] * debian/rules: adapt dh_clean call [ Christian Hofstaedtler ] * Relax dependencies * Run bundle install --local, as in Debian Rails 3.2 [ Ondřej Surý ] * New upstream version 4.1.4 * Drop versioning from rails package, we won't to provide just the last stable upstream major version * Update dependencies in d/control based on information from gemspec files * Add ruby-actionview documentation * Add conflict with old rails package * Bump epoch to 2: to replace old virtual packages * Update patches for 4.1.4 release * Upload to experimental, so we can let the dust settle... -- Ondřej Surý Wed, 16 Jul 2014 15:22:28 +0200 rails-4.0 (4.0.2+dfsg-2) unstable; urgency=low * Fix dependency -- ruby-rack doesn't have epoch (Closes: #731347) * Move ruby-activerecord-deprecated-finders from Depends to Recommends -- Ondřej Surý Thu, 12 Dec 2013 13:15:00 +0100 rails-4.0 (4.0.2+dfsg-1) unstable; urgency=low [ Antonio Terceiro ] * ruby-actionpack-4.0: tighten versioned dependency on ruby-rack to take epoch into account. [ Ondřej Surý ] * New upstream version 4.0.2+dfsg, fixes: + [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) + [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails + [CVE-2013-6415] XSS Vulnerability in number_to_currency + [CVE-2013-6414] Denial of Service Vulnerability in Action View + [CVE-2013-6416] XSS Vulnerability in simple_format helper -- Ondřej Surý Wed, 04 Dec 2013 10:34:24 +0100 rails-4.0 (4.0.0+dfsg-1) unstable; urgency=low [ Antonio Terceiro ] * Migrate to use dh_ruby multi-binary support [ Ondřej Surý ] * Initial release of Rails 4.0 * Merge ruby-{active,action}*-X.Y packages into rails-4.0 * Add Copyright headers for syntaxhighlighter * New upstream version 4.0.0+dfsg * Update the package based on ftp-master review: + Weaken some Conflicts to Breaks (Keeping Conflicts for virtual packages) + Generate actionpack/lib/action_dispatch/journey/parser.rb in the build using racc + Fix copyright to include correct year: (c) 2004-2013 David Heinemeier Hansson + Add MIT or CC-BY license for HTML selector by Assaf Arkin + PD-Art license is inconclusive, so we just remove the wikimedia Mona Lisa picture and patch out the tests that were using it. (http://commons.wikimedia.org/wiki/Commons:Reuse_of_PD-Art_photographs) + Just remove whole guides.rubyonrails.org content from source tarball (We'll repackage it to ruby-rails-guides-4.0 as soon as we clear the licensing with upstream.) + MIT-LICENSE in templates is needed for templating new projects, add a lintian-override * Add dversionmangle to debian/watch -- Ondřej Surý Fri, 19 Jul 2013 15:35:13 +0200