ruby-nokogiri (1.10.0+dfsg1-2+deb10u1) buster-security; urgency=high * Non-maintainer upload by the LTS Security Team. * CVE-2019-5477: command injection vulnerability allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. (Closes: #934802) * CVE-2020-26247: XXE vulnerability: XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. (Closes: #978967) * CVE-2022-24836: Nokogiri contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. (Closes: #1009787) -- Sylvain Beucler Tue, 11 Oct 2022 19:39:06 +0200 ruby-nokogiri (1.10.0+dfsg1-2) unstable; urgency=medium * Team upload * Add Breaks for ruby-sanitize -- Utkarsh Gupta Fri, 08 Feb 2019 14:24:03 +0530 ruby-nokogiri (1.10.0+dfsg1-1) unstable; urgency=medium [ Cédric Boutillier ] * New upstream version 1.10.0+dfsg1 * Use Github as source * Update Files-Excluded paragraph in copyright file to exclude jar files from source * Remove ourdated Readme.source file * Refresh 003-Remove-dependency-on-mini_portile2.patch * Create rule to retrieve gemspec from corresponding .gem [ Utkarsh Gupta ] * Bump Standards-Version to 4.3.0 (no changes needed) * Update watch and rules file -- Cédric Boutillier Wed, 09 Jan 2019 10:15:39 +0100 ruby-nokogiri (1.10.0-1) unstable; urgency=medium * Team upload * New upstream version 1.10.0 * Update patch file names with the serial number * Refresh patches -- Utkarsh Gupta Tue, 08 Jan 2019 07:41:47 +0530 ruby-nokogiri (1.9.1-1) unstable; urgency=medium * Team upload * New upstream version 1.9.1 * Bump Standards-Version to 4.3.0 (no changes needed) * Move debian/watch to gemwatch.debian.net * Refresh patches * Update debian/rules -- Utkarsh Gupta Fri, 04 Jan 2019 00:28:17 +0530 ruby-nokogiri (1.8.4-1) unstable; urgency=medium * New upstream version 1.8.4 * Move debian/watch to gemwatch.debian.net * Bump Standards-Version to 4.1.5 (no changes needed) * Trivially refresh patches -- Cédric Boutillier Tue, 31 Jul 2018 00:56:29 +0200 ruby-nokogiri (1.8.2-1) unstable; urgency=medium * New upstream release. * debian/changelog: Remove trailing whitespaces. * debian/compat: Bump debhelper version to 11. * debian/control: - Add myself to Uploaders. - Bump required debhelper version to >= 11~. - Bump Standards-Version to 4.1.3, no changes needed. - Use salsa.debian.org in Vcs-{Git,Browser}: fields. * debian/copyright: Use HTTPS in link to copyright format spec. * debian/watch: - Bump version to 4. - Use HTTPS in link to gemwatch service. -- Georg Faerber Tue, 20 Feb 2018 01:13:30 +0100 ruby-nokogiri (1.8.1-1) unstable; urgency=medium [ Antonio Terceiro ] * Remove myself from Uploaders: [ Cédric Boutillier ] * New upstream version 1.8.1 * Refresh 0003-Remove-dependency-on-mini_portile2.patch * Bump Standards-Version to 4.1.0 (no changes needed) -- Cédric Boutillier Fri, 29 Sep 2017 11:59:08 +0200 ruby-nokogiri (1.8.0-1) unstable; urgency=medium * New upstream version 1.8.0 * Refresh patches. * Drop 0005-skip-test-incompatible-with-libxml2-from-Debian.patch (upstream also added a skip stanza) * Bump Standards-Version. No changes needed. * CHANGELOG.rdoc has been renamed to CHANGELOG.md -- Lucas Nussbaum Wed, 19 Jul 2017 11:23:24 +0200 ruby-nokogiri (1.6.8.1-1) unstable; urgency=medium * New upstream release * Add myself to Uploaders: * Rework patche stack to use gbp-pq * Skip one test that is incompatible with libxml2 currently in Debian (Closes: #842910) -- Antonio Terceiro Mon, 14 Nov 2016 12:25:21 -0200 ruby-nokogiri (1.6.8-2) unstable; urgency=medium * Add missing dependency on ruby-pkg-config (Closes: #829171, #829175) -- Antonio Terceiro Fri, 01 Jul 2016 07:57:18 -0300 ruby-nokogiri (1.6.8-1) unstable; urgency=medium * Team upload * Imported Upstream version 1.6.8 * Refresh patches - skip-some-tests.patch: dropped, issues fixed upstream * New build-dependency: ruby-pkg-config * Bump Standards-Version: to 3.9.8, no changes needed -- Antonio Terceiro Thu, 30 Jun 2016 09:21:12 -0300 ruby-nokogiri (1.6.7.2-3) unstable; urgency=medium * Team upload. * Sourceful upload to build with current ruby-defaults. -- Christian Hofstaedtler Fri, 04 Mar 2016 13:58:14 +0100 ruby-nokogiri (1.6.7.2-2) unstable; urgency=medium * Reupload to unstable * Add myself to uploaders -- Pirate Praveen Fri, 04 Mar 2016 12:47:33 +0530 ruby-nokogiri (1.6.7.2-1) experimental; urgency=medium * Team upload * New upstream hotfix release * Refresh patches * Bump standards version to 3.9.7 * Switch to https for vcs-git url -- Pirate Praveen Tue, 23 Feb 2016 18:30:17 +0530 ruby-nokogiri (1.6.7.1-1) unstable; urgency=medium * Team upload * New upstream hotfix release -- Pirate Praveen Wed, 23 Dec 2015 17:54:32 +0530 ruby-nokogiri (1.6.7-1) unstable; urgency=medium * Team upload * New upstream release - Refresh patches * debian/ruby-nokogiri.docs: updated to reflect renaming/removal of upstream README files -- Antonio Terceiro Mon, 14 Dec 2015 10:59:27 -0200 ruby-nokogiri (1.6.6.3-1) unstable; urgency=medium * Team upload * New upstream release * Refresh patches * Refresh packaging: - dump debian/compat to 9 - reformat debian/control - update debian/ruby-tests.rake - cleanup debian/rules * switch running tests to debian/ruby-tests.rake * skip-some-tests.patch: skip tests that won't work against libxml2 2.9.2 in Debian, but pass when using the embedded copy + patches in the Nokogiri tree (Closes: #800028) * debian/copyright: explicitly list files that are excluded from the tarball, so that stuff is removed from the tarball by uscan -- Antonio Terceiro Tue, 17 Nov 2015 14:39:46 -0200 ruby-nokogiri (1.6.6.2+ds-2) unstable; urgency=medium * Team upload. * Re-upload to unstable. -- Pirate Praveen Wed, 29 Apr 2015 17:29:01 +0530 ruby-nokogiri (1.6.6.2+ds-1) experimental; urgency=low * Team upload. * New upstream release. * Bump standards version to 3.9.6 (no changes). * Refresh patches. -- Pirate Praveen Tue, 31 Mar 2015 11:57:03 +0530 ruby-nokogiri (1.6.3.1+ds-1) unstable; urgency=medium * Imported Upstream version 1.6.3.1+ds * Refresh always_use_system_libraries.patch -- Cédric Boutillier Sat, 26 Jul 2014 06:12:09 +0200 ruby-nokogiri (1.6.2.1+ds-1) unstable; urgency=medium * Imported Upstream version 1.6.2.1+ds * Refresh patches * Build-depend on pkg-config * Drop support for ruby2.0 -- Cédric Boutillier Fri, 30 May 2014 16:30:31 +0200 ruby-nokogiri (1.6.1+ds-4) unstable; urgency=medium * Team upload * Remove mini_portile from metadata.yml -- Pirate Praveen Tue, 06 May 2014 14:11:07 +0530 ruby-nokogiri (1.6.1+ds-3) unstable; urgency=medium * Team upload. * Bump gem2deb build dep to >= 0.7.5~ - Fix for #743664 -- Pirate Praveen Sat, 12 Apr 2014 19:01:32 +0530 ruby-nokogiri (1.6.1+ds-2) unstable; urgency=low * Team upload. * Bump gem2deb build dep to 0.7.4~ - drop ruby1.9.1 -- Pirate Praveen Fri, 04 Apr 2014 17:52:29 +0530 ruby-nokogiri (1.6.1+ds-1) unstable; urgency=medium * Imported Upstream version 1.6.1+ds - version 1.6.1 fixes security issues CVE-2013-6460 CVE-2013-6461 (Closes: #734836) * Mention in copyright file and README.source that the tarball is repacked to remove convenience copies * Add a dversionmangle option in debian/watch * Bump Standards-Version to 3.9.5 (no changes needed) -- Cédric Boutillier Sat, 11 Jan 2014 06:48:45 +0100 ruby-nokogiri (1.6.0-1) unstable; urgency=low * Team upload. * New upstream release: - Strip embedded code copy from upstream source. - Update patches: remove-annoying-warning.patch: refreshed; fix_tests_assert_match.patch: deleted, merged upstream; minitest5_support.patch: deleted, merged upstream. - Add a patch to always use the system libraries. * Stop fiddling test/files/bogus.xml now that its properly shipped in upstream tarball. -- Jérémy Bobbio Sun, 03 Nov 2013 11:54:08 +0100 ruby-nokogiri (1.5.9-3) unstable; urgency=low * add deactivate_test_reader_blocking.patch, deactivating a test hanging on kFreeBSD ports * build against gem2deb >= 0.5.0~ to add ruby2.0 and drop ruby1.8 support -- Cédric Boutillier Tue, 03 Sep 2013 01:14:52 +0200 ruby-nokogiri (1.5.9-2) unstable; urgency=low * Do not exclude test/xml/test_xinclude.rb from tests anymore * debian/patches: add 2 patches to fix FTBFS (Closes: #714930) + minitest5_support.patch: add support for MiniTest 5 + skip_test_reader_entity_reference_without_dtdload.patch: disable tests failing with libxml2 2.9 -- Cédric Boutillier Fri, 16 Aug 2013 23:19:16 +0200 ruby-nokogiri (1.5.9-1) unstable; urgency=low * New upstream version * debian/rules: + create empty file missing from the archive for the purpose of tests + install upstream changelog * debian/copyright: + update my email address and year * debian/control: + update my email address + bump Standars-Version to 3.9.4 (no changes needed) + remove obsolete DM-Upload-Allowed flag + use canonical anonscm.debian.org URLs for Vcs-* fields + remove obsolete transitional packages * debian/source: + remove lintian-overrides, about transtional packages * debian/patches/: + remove include_missing_test_document_url_directory.patch, missing file added upstream + add fix_tests_assert_match.patch to make tests pass with minitest gem * update manpage nokogiri(1) to take into account new options -- Cédric Boutillier Fri, 10 May 2013 01:05:44 +0200 ruby-nokogiri (1.5.5-1) unstable; urgency=low * New upstream version * Build-depend on gem2deb >= 0.3.0~ * add include_missing_test_document_url_directory.patch + include test/files/test_document_url/ missing from the gem released by upstream * cosmetic refreshment of remove-annoying-warning.patch -- Cédric Boutillier Tue, 26 Jun 2012 14:07:29 +0200 ruby-nokogiri (1.5.4-1) unstable; urgency=low * New upstream version * Drop fix-format-security-issue.patch: included upstream -- Cédric Boutillier Fri, 15 Jun 2012 23:53:43 +0200 ruby-nokogiri (1.5.3-1) unstable; urgency=low * New upstream version * debian/patches: + drop fix-sporadically-failing-tests.patch (applied upstream) + add fix-format-security-issue.patch (cherrypicked from upstream) Fixes FTBFS with -Werror=format-security flag (Closes: #676207) -- Cédric Boutillier Sat, 09 Jun 2012 16:08:57 +0200 ruby-nokogiri (1.5.2-1) unstable; urgency=low * New upstream version * Add myself to Uploaders: * Bump Standards-Version to 3.9.3 (no changes needed) * Exclude temporarily test_xinclude.rb from the tests, as xinclude.xml is missing in this version * Add fix-sporadically-failing-tests.patch (Closes: #661690) * Set Priority: to extra for transitional packages * Override lintian warnings about duplicate decription for transitional packages * Convert copyright file to DEP-5 * Provide a simple manpage for nokogiri binary -- Cédric Boutillier Sun, 13 May 2012 15:40:26 +0200 ruby-nokogiri (1.5.0-1) unstable; urgency=low * Switch to gem2deb. Rename source and binary packages. * New upstream version. Closes: #604623. -- Lucas Nussbaum Fri, 29 Jul 2011 18:50:38 +0200 libnokogiri-ruby (1.4.0-4) unstable; urgency=low * fix failing tests (and resulting FTBFS) with libxml 2.7.8, thanks to Mike Dalessio (Closes: #606296) -- Ryan Niebur Mon, 13 Dec 2010 20:28:41 -0800 libnokogiri-ruby (1.4.0-3.1) unstable; urgency=low * Non-maintainer upload. * debian/patches - add fix-test_element_description.rb.patch from upstream git to fix FTBFS (Closes: #577355) -- Hideki Yamane Fri, 23 Jul 2010 01:32:30 +0900 libnokogiri-ruby (1.4.0-3) unstable; urgency=low * Fix test to also work in UTC. Closes: #566055. -- Lucas Nussbaum Thu, 21 Jan 2010 10:58:36 +1300 libnokogiri-ruby (1.4.0-2) unstable; urgency=low * Drop 1.9 package, add 1.9.1 package. Closes: #565825. * Enable the test suite. + Make ruby1.9.1 test suite failures non-fatal. -- Lucas Nussbaum Wed, 20 Jan 2010 21:22:44 +1300 libnokogiri-ruby (1.4.0-1) unstable; urgency=low * New upstream release * update email address * close a launchpad bug too -- Ryan Niebur Thu, 05 Nov 2009 07:32:08 -0800 libnokogiri-ruby (1.3.3-2) unstable; urgency=low * add quilt patching * get rid of the annoying libxml warning messages (Closes: 546843) (LP: 475250) -- Ryan Niebur Tue, 15 Sep 2009 21:49:02 -0700 libnokogiri-ruby (1.3.3-1) unstable; urgency=low * New upstream release * Debian Policy 3.8.3 -- Ryan Niebur Wed, 02 Sep 2009 17:36:50 -0700 libnokogiri-ruby (1.3.2-1) unstable; urgency=low * new upstream version * Debian Policy 3.8.2 * install the upstream changelog -- Ryan Niebur Sat, 27 Jun 2009 23:28:37 -0700 libnokogiri-ruby (1.3.1-1) unstable; urgency=low * New upstream release * improve debian/rules a bit * add DMUA field -- Ryan Niebur Mon, 01 Jun 2009 17:26:41 -0700 libnokogiri-ruby (1.2.3-1) unstable; urgency=low * Initial release (Closes: 520583) -- Ryan Niebur Sun, 22 Mar 2009 12:13:48 -0700