puma (5.6.5-3+deb12u1) bookworm; urgency=medium
* Team upload
* d/patches/
+ CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
parsing chunked transfer encoding bodies and zero-length
Content-Length headers in a way that allowed HTTP request
smuggling. (Closes: #1050079)
+ CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
chunk extensions. (Closes: #1060345)
+ CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
values set by intermediate proxies (such as X-Forwarded-For) by
providing a underscore version of the same header.
(Closes: #1082379)
-- Abhijith PA <abhijith@debian.org> Wed, 29 Jan 2025 07:26:33 +0530
puma (5.6.5-3) unstable; urgency=medium
* Team upload.
* d/control (Vcs-Git): Fix URL.
-- Daniel Leidert <dleidert@debian.org> Thu, 09 Feb 2023 16:24:05 +0100
puma (5.6.5-2) unstable; urgency=medium
* debian/ruby-tests.rake: skip test that fails often (Closes: #1006022)
* debian/ruby-tests.rake: exclude tests that fail often but not always
-- Antonio Terceiro <terceiro@debian.org> Wed, 02 Nov 2022 09:26:37 -0300
puma (5.6.5-1) unstable; urgency=medium
* Update watch file for github.com pattern change
* New upstream version 5.6.5
* Refresh patches
* Bump Standards-Version to 4.6.1 (no changes needed)
-- Pirate Praveen <praveen@debian.org> Sun, 16 Oct 2022 22:44:46 +0530
puma (5.6.4-1) unstable; urgency=medium
* New upstream version 5.6.4
* Refresh patches
* Disable some tests that fail with
NameError: uninitialized constant Puma::LogWriter
* Remove tmp/restart.txt in clean
-- Pirate Praveen <praveen@debian.org> Mon, 04 Apr 2022 13:24:10 +0530
puma (5.5.2-2) unstable; urgency=medium
* Team upload
* debian/rules: force an UTF-8 locale
* debian/ruby-tests.rake: wrap lines
* debian/ruby-tests.rake: run all ssl tests on autopkgtest only
* debian/test/control: give ssl test a name
-- Antonio Terceiro <terceiro@debian.org> Tue, 02 Nov 2021 16:35:12 -0300
puma (5.5.2-1) unstable; urgency=medium
* Team upload
* New upstream version 5.5.2
- Builds and tests fine again (Closes: #998295)
* Add build-dependency on ruby-localhost
* debian/rules: exclude several unnecessary files from installation
-- Antonio Terceiro <terceiro@debian.org> Tue, 02 Nov 2021 14:39:10 -0300
puma (5.3.2-3) unstable; urgency=medium
* Use --gem-install layout option of dh-ruby
-- Pirate Praveen <praveen@debian.org> Tue, 12 Oct 2021 02:24:33 +0530
puma (5.3.2-2) unstable; urgency=medium
* Reupload to unstable
* Bump Standards-Version to 4.6.0 (no changes needed)
* Bump debhelper compatibility level to 13
-- Pirate Praveen <praveen@debian.org> Mon, 11 Oct 2021 03:17:23 +0530
puma (5.3.2-1) experimental; urgency=medium
* New upstream version 5.3.2 (Closes: #989054) (Fixes: CVE-2021-29509)
* Refresh patches
-- Pirate Praveen <praveen@debian.org> Fri, 28 May 2021 22:34:53 +0530
puma (4.3.8-1) unstable; urgency=medium
* New upstream version 4.3.8 (Closes: #989054) (Fixes: CVE-2021-29509)
-- Pirate Praveen <praveen@debian.org> Wed, 26 May 2021 10:24:19 +0530
puma (5.2.2-2) experimental; urgency=medium
* Disable test that failied on amd64 buildd
-- Pirate Praveen <praveen@debian.org> Mon, 08 Mar 2021 23:03:52 +0530
puma (5.2.2-1) experimental; urgency=medium
* New upstream version 5.2.2
* Bump Standards-Version to 4.5.1 (no changes needed)
* Refresh patches for new upstream release
* Add ruby-minitest-stub-const as build dependency
* Disable failing tests
-- Pirate Praveen <praveen@debian.org> Sun, 07 Mar 2021 21:03:52 +0530
puma (4.3.6-1) unstable; urgency=medium
* Team upload.
* New upstream version.
- Fixes CVE-2020-11076 and CVE-2020-11077 (closes: #972102).
* d/copyright: Minor update.
* d/puma.lintian-overrides: Add package override.
* d/ruby-tests.rake: Add logic to run SSL test.
* d/patches/*.patch: Add missing headers and refresh.
* d/source/lintian-overrides: Add source override.
* d/tests/control: Set environment variable to run the SSL tests separately
(similar to the solution used in the jekyll package).
* d/tests/test-puma-server-ssl*: Removed.
-- Daniel Leidert <dleidert@debian.org> Thu, 15 Oct 2020 20:57:29 +0200
puma (4.3.3-3) unstable; urgency=medium
* Include patch from gitlab to improve performance
-- Pirate Praveen <praveen@debian.org> Tue, 18 Aug 2020 00:15:20 +0530
puma (4.3.3-2) unstable; urgency=medium
[ Daniel Leidert ]
* debian/tests/test_puma_server_ssl,
debian/tests/test_puma_server_ssl.rake: Run test/test_puma_server_ssl.rb
in an openssl enviroment not using the Debian defaults.
* debian/tests/control: Add new test.
[ Debian Janitor ]
* Set field Upstream-Contact in debian/copyright.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
[ Pirate Praveen ]
* Remove debian-branch option from debian/gbp.conf
* Reupload to unstable
-- Pirate Praveen <praveen@debian.org> Mon, 03 Aug 2020 15:37:16 +0530
puma (4.3.3-1) experimental; urgency=medium
* Team upload.
* New upstream release.
- Fixes CVE-2020-5247 (closes: #952766).
- Fixes CVE-2020-5249 (closes: #953122).
* d/control (Section): Change to web.
(Vcs-Git): Indicate branch name via -b debian/experimental.
(Homepage): Use secure URL.
(Depends): Use ${ruby:Depends}.
* d/copyright (Source): Use secure URL.
* d/rules: Add override to install upstream changelog.
* d/watch: Use package name for tarball.
-- Daniel Leidert <dleidert@debian.org> Thu, 05 Mar 2020 01:34:17 +0100
puma (4.3.1-1) experimental; urgency=medium
* Team upload.
* New upstream release
- Fixes CVE-2019-16770 Keepalive thread overload/DoS (closes: #946312).
* d/control (Rules-Requires-Root): Set to binary-targets.
(Build-Depends, Depends): Add ruby-nio4r.
(Build-Depends): Add curl for test/test_integration_single.rb.
* d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb.
* d/README.source: Add to explain tests which have been disabled.
* d/patches/0004-puma.gemspec-drop-git-usage.patch: Refresh patch.
* d/patches/0011-disable-minitest-extensions.patch: Add patch.
- Disable unavailable minitest extensions (retry and proveit).
* d/patches/0012-disable-cli-ssl-tests.patch: Add patch.
- Disable CLI SSL tests.
* d/patches/0013-fix-test-term-not-accepts-new-connections.patch: Add.
- Fix test_term_not_accepts_new_connections to be locale independent.
* d/patches/0002-test_integration-disable-test-that-fails-randomly.patch,
d/patches/0003-test_cli-disable-test-that-rails-randomly.patch,
d/patches/0005-test_puma_server-disable-test-that-fails-randomly.patch,
d/patches/0006-test-helper.rb-drop-bundler-usage.patch,
d/patches/0007-test-test_cli.rb-disable-test-that-fails-randomly.patch,
d/patches/0008-fix-ssl-tests.patch,
d/patches/0009-disable-tests-failing-in-single-cpu.patch,
d/patches/0010-fix-cluster-exit-for-ruby27.patch: Remove obsolete patches.
* d/patches/series: Adjust.
-- Daniel Leidert <dleidert@debian.org> Thu, 06 Feb 2020 11:45:11 +0100
puma (3.12.4-1) unstable; urgency=medium
* Team upload.
* New upstream release.
- Fixes CVE-2020-5247 (closes: #952766).
- Fixes CVE-2020-5249 (closes: #953122).
* d/control (Section): Changed to web.
(Homepage): Use secure URL.
(Depends): Add ${ruby:Depends}.
* d/copyright (Source): Use secure URL.
* d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb for the moment.
These tests fail due to openssl being configured to use SECLEVEL2
(https://github.com/puma/puma/issues/2147).
* d/rules: Add override to install upstream changelog.
* d/watch: Rename downloaded tarball to include package name.
* d/patches/0008-fix-ssl-tests.patch: Remove patch. Applied upstream.
* d/patches/CVE-2019-16770.patch: Ditto.
* d/patches/*.patch: Refresh patches.
* d/patches/series: Adjust.
-- Daniel Leidert <dleidert@debian.org> Wed, 04 Mar 2020 23:09:16 +0100
puma (3.12.0-4) unstable; urgency=medium
* Team upload.
* d/control (Rules-Requires-Root): Set to binary-targets.
* d/patches/0011-disable-minitest-extensions.patch: Add patch.
- Disable unavailable minitest retry extension.
* d/patches/CVE-2019-16770.patch: Add patch.
- Backport fix for CVE-2019-16770 from upstream (closes: #946312).
* d/patches/series: Add patch.
-- Daniel Leidert <dleidert@debian.org> Thu, 06 Feb 2020 12:54:59 +0100
puma (3.12.0-3) unstable; urgency=medium
* Team upload.
* d/compat: Remove obsolete file.
* d/control: Add Rules-Requires-Root field.
(Build-Depends): Use debhelper-compat.
(Standards-Version): Bump to 4.5.0.
(Depends): Drop ruby-interpreter.
* d/copyright (Format): Fix insecure-copyright-format-uri and add myself.
* d/puma.1, d/pumactl.1: Add manual pages.
* d/puma.manpages: Install manual pages.
* d/ruby-tests.rake: Set verbose mode.
* d/patches/0010-fix-cluster-exit-for-ruby27.patch: Add patch.
- Fix hang with Ruby >= 2.6 when shutting down workers.
* d/patches/series: Enable new patch.
* d/upstream/metadata: Add metadata.
* d/upstream/metadata: Add metadata.
-- Daniel Leidert <dleidert@debian.org> Wed, 05 Feb 2020 18:20:58 +0100
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog puma`.
Generated by dwww version 1.15 on Fri Aug 29 21:21:06 CEST 2025.