ruby-nokogiri (1.6.3.1+ds-1+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the ELTS team.
  * CVE-2022-24836: Prevent a denial of service attack caused by the use of
    an inefficient regular expression that is susceptible to excessive
    backtracking. (Closes: #1009787)

 -- Chris Lamb <lamby@debian.org>  Fri, 13 May 2022 10:36:29 -0700

ruby-nokogiri (1.6.3.1+ds-1+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the ELTS team.
  * Fix CVE-2020-26247:
    Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with
    XPath and CSS selector support. An XXE vulnerability was found in
    Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema were trusted by
    default, allowing external resources to be accessed over the network,
    potentially enabling XXE or SSRF attacks. The new default behavior is to
    treat all input as untrusted. See also
    https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
    for more information how to mitigate the problem or to restore the old
    behavior again.

 -- Markus Koschany <apo@debian.org>  Sun, 09 May 2021 22:39:44 +0200

ruby-nokogiri (1.6.3.1+ds-1+deb8u1) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * Fix CVE-2019-5477: Command injection vulnerability in Nokogiri
    allows commands to be executed in a subprocess by Ruby's
    `Kernel.open` method.

 -- Brian May <bam@debian.org>  Tue, 24 Sep 2019 17:22:04 +1000

ruby-nokogiri (1.6.3.1+ds-1) unstable; urgency=medium

  * Imported Upstream version 1.6.3.1+ds
  * Refresh always_use_system_libraries.patch

 -- Cédric Boutillier <boutil@debian.org>  Sat, 26 Jul 2014 06:12:09 +0200

ruby-nokogiri (1.6.2.1+ds-1) unstable; urgency=medium

  * Imported Upstream version 1.6.2.1+ds
  * Refresh patches
  * Build-depend on pkg-config
  * Drop support for ruby2.0

 -- Cédric Boutillier <boutil@debian.org>  Fri, 30 May 2014 16:30:31 +0200

ruby-nokogiri (1.6.1+ds-4) unstable; urgency=medium

  * Team upload
  * Remove mini_portile from metadata.yml 

 -- Pirate Praveen <praveen@debian.org>  Tue, 06 May 2014 14:11:07 +0530

ruby-nokogiri (1.6.1+ds-3) unstable; urgency=medium

  * Team upload.
  * Bump gem2deb build dep to >= 0.7.5~
    - Fix for #743664 

 -- Pirate Praveen <praveen@debian.org>  Sat, 12 Apr 2014 19:01:32 +0530

ruby-nokogiri (1.6.1+ds-2) unstable; urgency=low

  * Team upload.
  * Bump gem2deb build dep to 0.7.4~
    - drop ruby1.9.1

 -- Pirate Praveen <praveen@debian.org>  Fri, 04 Apr 2014 17:52:29 +0530

ruby-nokogiri (1.6.1+ds-1) unstable; urgency=medium

  * Imported Upstream version 1.6.1+ds
    - version 1.6.1 fixes security issues CVE-2013-6460 CVE-2013-6461
      (Closes: #734836)
  * Mention in copyright file and README.source that the tarball is
    repacked to remove convenience copies
  * Add a dversionmangle option in debian/watch
  * Bump Standards-Version to 3.9.5 (no changes needed)

 -- Cédric Boutillier <boutil@debian.org>  Sat, 11 Jan 2014 06:48:45 +0100

ruby-nokogiri (1.6.0-1) unstable; urgency=low

  * Team upload.
  * New upstream release:
    - Strip embedded code copy from upstream source.
    - Update patches:
      remove-annoying-warning.patch: refreshed;
      fix_tests_assert_match.patch: deleted, merged upstream;
      minitest5_support.patch: deleted, merged upstream.
    - Add a patch to always use the system libraries.
  * Stop fiddling test/files/bogus.xml now that its properly shipped
    in upstream tarball.

 -- Jérémy Bobbio <lunar@debian.org>  Sun, 03 Nov 2013 11:54:08 +0100

ruby-nokogiri (1.5.9-3) unstable; urgency=low

  * add deactivate_test_reader_blocking.patch, deactivating a test hanging on
    kFreeBSD ports
  * build against gem2deb >= 0.5.0~ to add ruby2.0 and drop ruby1.8 support

 -- Cédric Boutillier <boutil@debian.org>  Tue, 03 Sep 2013 01:14:52 +0200

ruby-nokogiri (1.5.9-2) unstable; urgency=low

  * Do not exclude test/xml/test_xinclude.rb from tests anymore
  * debian/patches: add 2 patches to fix FTBFS (Closes: #714930)
    + minitest5_support.patch: add support for MiniTest 5
    + skip_test_reader_entity_reference_without_dtdload.patch: disable tests
      failing with libxml2 2.9

 -- Cédric Boutillier <boutil@debian.org>  Fri, 16 Aug 2013 23:19:16 +0200

ruby-nokogiri (1.5.9-1) unstable; urgency=low

  * New upstream version
  * debian/rules:
    + create empty file missing from the archive for the purpose of tests
    + install upstream changelog
  * debian/copyright:
    + update my email address and year
  * debian/control:
    + update my email address
    + bump Standars-Version to 3.9.4 (no changes needed)
    + remove obsolete DM-Upload-Allowed flag
    + use canonical anonscm.debian.org URLs for Vcs-* fields
    + remove obsolete transitional packages
  * debian/source:
    + remove lintian-overrides, about transtional packages
  * debian/patches/:
    + remove include_missing_test_document_url_directory.patch, missing file
      added upstream
    + add fix_tests_assert_match.patch to make tests pass with minitest gem
  * update manpage nokogiri(1) to take into account new options

 -- Cédric Boutillier <boutil@debian.org>  Fri, 10 May 2013 01:05:44 +0200

ruby-nokogiri (1.5.5-1) unstable; urgency=low

  * New upstream version
  * Build-depend on gem2deb >= 0.3.0~
  * add include_missing_test_document_url_directory.patch
    + include test/files/test_document_url/ missing from the gem released by
      upstream
  * cosmetic refreshment of remove-annoying-warning.patch

 -- Cédric Boutillier <cedric.boutillier@gmail.com>  Tue, 26 Jun 2012 14:07:29 +0200

ruby-nokogiri (1.5.4-1) unstable; urgency=low

  * New upstream version
  * Drop fix-format-security-issue.patch: included upstream

 -- Cédric Boutillier <cedric.boutillier@gmail.com>  Fri, 15 Jun 2012 23:53:43 +0200

ruby-nokogiri (1.5.3-1) unstable; urgency=low

  * New upstream version
  * debian/patches:
    + drop fix-sporadically-failing-tests.patch (applied upstream)
    + add fix-format-security-issue.patch (cherrypicked from upstream)
       Fixes FTBFS with -Werror=format-security flag (Closes: #676207)

 -- Cédric Boutillier <cedric.boutillier@gmail.com>  Sat, 09 Jun 2012 16:08:57 +0200

ruby-nokogiri (1.5.2-1) unstable; urgency=low

  * New upstream version
  * Add myself to Uploaders:
  * Bump Standards-Version to 3.9.3 (no changes needed)
  * Exclude temporarily test_xinclude.rb from the tests, as xinclude.xml is
    missing in this version
  * Add fix-sporadically-failing-tests.patch (Closes: #661690)
  * Set Priority: to extra for transitional packages
  * Override lintian warnings about duplicate decription for transitional
    packages
  * Convert copyright file to DEP-5
  * Provide a simple manpage for nokogiri binary

 -- Cédric Boutillier <cedric.boutillier@gmail.com>  Sun, 13 May 2012 15:40:26 +0200

ruby-nokogiri (1.5.0-1) unstable; urgency=low

  * Switch to gem2deb. Rename source and binary packages.
  * New upstream version. Closes: #604623.

 -- Lucas Nussbaum <lucas@debian.org>  Fri, 29 Jul 2011 18:50:38 +0200

libnokogiri-ruby (1.4.0-4) unstable; urgency=low

  * fix failing tests (and resulting FTBFS) with libxml 2.7.8, thanks to
    Mike Dalessio (Closes: #606296)

 -- Ryan Niebur <ryan@debian.org>  Mon, 13 Dec 2010 20:28:41 -0800

libnokogiri-ruby (1.4.0-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches
    - add fix-test_element_description.rb.patch from upstream git to fix
     FTBFS (Closes: #577355)

 -- Hideki Yamane <henrich@debian.org>  Fri, 23 Jul 2010 01:32:30 +0900

libnokogiri-ruby (1.4.0-3) unstable; urgency=low

  * Fix test to also work in UTC. Closes: #566055.

 -- Lucas Nussbaum <lucas@lucas-nussbaum.net>  Thu, 21 Jan 2010 10:58:36 +1300

libnokogiri-ruby (1.4.0-2) unstable; urgency=low

  * Drop 1.9 package, add 1.9.1 package. Closes: #565825.
  * Enable the test suite.
    + Make ruby1.9.1 test suite failures non-fatal.

 -- Lucas Nussbaum <lucas@lucas-nussbaum.net>  Wed, 20 Jan 2010 21:22:44 +1300

libnokogiri-ruby (1.4.0-1) unstable; urgency=low

  * New upstream release
  * update email address
  * close a launchpad bug too

 -- Ryan Niebur <ryan@debian.org>  Thu, 05 Nov 2009 07:32:08 -0800

libnokogiri-ruby (1.3.3-2) unstable; urgency=low

  * add quilt patching
  * get rid of the annoying libxml warning messages (Closes: 546843)
    (LP: 475250)

 -- Ryan Niebur <ryanryan52@gmail.com>  Tue, 15 Sep 2009 21:49:02 -0700

libnokogiri-ruby (1.3.3-1) unstable; urgency=low

  * New upstream release
  * Debian Policy 3.8.3

 -- Ryan Niebur <ryanryan52@gmail.com>  Wed, 02 Sep 2009 17:36:50 -0700

libnokogiri-ruby (1.3.2-1) unstable; urgency=low

  * new upstream version
  * Debian Policy 3.8.2
  * install the upstream changelog

 -- Ryan Niebur <ryanryan52@gmail.com>  Sat, 27 Jun 2009 23:28:37 -0700

libnokogiri-ruby (1.3.1-1) unstable; urgency=low

  * New upstream release
  * improve debian/rules a bit
  * add DMUA field

 -- Ryan Niebur <ryanryan52@gmail.com>  Mon, 01 Jun 2009 17:26:41 -0700

libnokogiri-ruby (1.2.3-1) unstable; urgency=low

  * Initial release (Closes: 520583)

 -- Ryan Niebur <ryanryan52@gmail.com>  Sun, 22 Mar 2009 12:13:48 -0700
