ruby-webrick (1.8.1-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: read_header HTTP Request Smuggling Vulnerability
    - debian/patches/CVE-2025-6442-pre1.patch: fix ReDoS parse_header in
      lib/webrick/httputils.rb.
    - debian/patches/CVE-2025-6442-pre2.patch: fix ReDoS split_header_value
      in lib/webrick/httputils.rb.
    - debian/patches/CVE-2025-6442-pre3.patch: merge multiple cookie
      headers, preserving semantic correctness in
      lib/webrick/httprequest.rb, lib/webrick/httputils.rb,
      test/webrick/test_httprequest.rb.
    - debian/patches/CVE-2025-6442.patch: require CRLF line endings in
      request line and headers in lib/webrick/httprequest.rb,
      lib/webrick/httputils.rb, test/webrick/test_filehandler.rb,
      test/webrick/test_httprequest.rb.
    - CVE-2025-6442

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 14 Aug 2025 14:33:47 -0400

ruby-webrick (1.8.1-1ubuntu1) oracular; urgency=medium

  * SECURITY UPDATE: HTTP request smuggling via both a Content-Length
    header and a Transfer-Encoding header
    - debian/patches/CVE-2024-47220.patch: check for both headers in
      lib/webrick/httprequest.rb, test/webrick/test_httprequest.rb.
    - CVE-2024-47220

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 04 Oct 2024 07:54:03 -0400

ruby-webrick (1.8.1-1) unstable; urgency=medium

  * New upstream version 1.8.1
  * Drop patch, applied upstream
  * Drop X?-Ruby-Versions fields from d/control; Build-depend on rake
  * Bump Standards-Version to 4.6.2 (no changes needed)
  * Load helper file in ruby-tests.rake
  * Update years in copyright
  * Declare breaking yard <= 0.9.28-1

 -- Cédric Boutillier <boutil@debian.org>  Wed, 08 Feb 2023 16:56:39 +0100

ruby-webrick (1.7.0-4) unstable; urgency=medium

  * Team upload
  * Bump Standards-Version to 4.6.1; no changes needed
  * Mark as Multi-Arch: foreign, since we want librubyX.Y to depend on this
    package

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 10 Sep 2022 22:31:11 -0300

ruby-webrick (1.7.0-3) unstable; urgency=medium

  * Add upstream commit to revert "Allow empty POST and PUT requests without
    content length". This was causing failures in ruby-httpclient testsuite.
  * Remove trailing space in a previous changelog entry

 -- Cédric Boutillier <boutil@debian.org>  Sun, 28 Nov 2021 14:56:56 +0100

ruby-webrick (1.7.0-2) unstable; urgency=medium

  * Source-only upload to comply with migration rules to testing

 -- Cédric Boutillier <boutil@debian.org>  Wed, 17 Nov 2021 09:12:45 +0100

ruby-webrick (1.7.0-1) unstable; urgency=medium

  * Initial release of packaged standalone gem.
  * Was part of Ruby standard library before Ruby 3.x

 -- Cédric Boutillier <boutil@debian.org>  Wed, 17 Nov 2021 09:12:34 +0100
