1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
|
jruby (1.7.26-1+deb9u1) stretch-security; urgency=high
* Team upload.
* Fix CVE-2018-1000073: Directory Traversal vulnerability in install_location
function of package.rb that can result in path traversal when writing to a
symlinked basedir outside of the root.
* Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
in gem owner.
* Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
avoid infinite loop
* Fix CVE-2018-1000076: Raise a security error when there are duplicate
files in a package
* Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
* Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
when displayed via gem server.
* Fix CVE-2018-1000079: Directory Traversal vulnerability in gem installation
that can result in writing to arbitrary filesystem locations during
installation of malicious gems.
(Closes: #895778)
-- Markus Koschany <apo@debian.org> Sun, 29 Apr 2018 22:24:33 +0200
jruby (1.7.26-1) unstable; urgency=medium
* Team upload.
[ Miguel Landaeta ]
* New upstream release.
* Fix FTBFS due to changes introduced in yecht 1.1 and snakeyaml 1.7.
(Closes: #821181).
* Drop Provides: ruby-interpreter in jruby binary package.
(Closes: #839567).
* Build with default-jdk now it has finally switched to Java 8.
* Bump Standards-Version to 3.9.8. No changes were required.
* Use https URLs with Vcs-* fields.
* Refresh patches:
- Add new patch:
+ d/patches/0007-Enable-test-suites.patch.
+ d/patches/0012-Disable-outdated-specs.patch.
* Run more unit tests during build time.
The suit test spec:ruby:fast is ran from now on.
[ Emmanuel Bourg ]
* Depend on libasm-java (>= 5.0) instead of libasm4-java.
-- Miguel Landaeta <nomadium@debian.org> Sat, 12 Nov 2016 20:33:13 +0000
jruby (1.7.22-2) unstable; urgency=medium
* Build with maven-debian-helper 2.
- Simplify packaging.
- Avoid occasional FTBFS errors caused by changes in Maven.
* Fix an FTBFS caused by some unit tests not working correctly in pbuilder.
-- Miguel Landaeta <nomadium@debian.org> Mon, 28 Dec 2015 17:20:15 -0300
jruby (1.7.22-1) unstable; urgency=medium
* New upstream release.
* Install jruby-stdlib Maven artifact. (Closes: #792906).
- Added a lintian override for codeless-jar warning.
* Install jruby-noasm Maven artifact.
* Install correct jruby-core Maven artifact.
* Install jruby-core-noasm Maven artifact.
* Install jruby-complete Maven artifact.
* Add B-D on libmaven-install-plugin-java.
* Add versioned B-D on maven (>= 3.3~).
-- Miguel Landaeta <nomadium@debian.org> Wed, 16 Sep 2015 21:19:33 -0300
jruby (1.7.21-2) unstable; urgency=high
* Fix FTBFS due to Maven 3.3.x changes. (Closes: #792788).
* Provide full cryptographic support:
- Add Recommends on jruby-openssl. (Closes: #743746).
- Add Build-Depends on jruby-openssl for unit tests during build-time.
-- Miguel Landaeta <nomadium@debian.org> Tue, 14 Jul 2015 20:20:23 -0300
jruby (1.7.21-1) unstable; urgency=medium
* New upstream release.
* Add missing dependencies for jruby binary package. (Closes: #771694).
* Add Provides: ruby-interpreter for jruby binary package.
-- Miguel Landaeta <nomadium@debian.org> Wed, 08 Jul 2015 20:59:46 -0300
jruby (1.7.20.1-2) unstable; urgency=medium
* Upload to unstable.
* Add missing dependencies for jruby binary package.
-- Miguel Landaeta <nomadium@debian.org> Sat, 20 Jun 2015 19:42:50 -0300
jruby (1.7.20.1-1) experimental; urgency=medium
* New upstream release.
This release updates Rubygems included copy to 2.4.8 in order to address
CVE-2015-1855, to resolve some problems with wildcard matching of
hostnames.
* Add new patch:
- 0009-Disable-bigdecimal-divmod-spec-failing-test.patch.
-- Miguel Landaeta <nomadium@debian.org> Thu, 18 Jun 2015 21:34:53 -0300
jruby (1.7.19-1) experimental; urgency=medium
* New upstream release. (Closes: #636554, #773131, #750749).
* Add /usr/lib/ruby/vendor_ruby to the default $LOAD_PATH. (Closes: #663342).
* Switch build system to Maven, upstream doesn't maintain Ant one anymore:
- Add B-D on: maven, maven-{debian,repo}-helper and several maven plugins.
- Replace cdbs with debhelper.
* Enable full testing during build time.
* Remove outdated packaging files:
- d/dirs, d/links, d/NEWS.Debian and a couple of lintian overrides.
* Refresh patches:
- Update d/patches/0001-Fix-shebang-lines.patch.
- Drop unnecessary patches, some of them were merged at upstream:
+ d/patches/0004-replace-bundled-libraries.patch
+ d/patches/0005-ignore-test-failures.patch
+ d/patches/0006-do-not-build-InvokeDynamicSupport.java.patch
+ d/patches/0007-use-unversioned-jarjar.jar.patch
+ d/patches/0008-CVE-2011-4838.patch
+ d/patches/0009-CVE-2012-5370.patch
+ d/patches/0010-jruby-Set-FD_CLOEXEC-correctly-using-F_SETFD-not-F_S.patch
+ d/patches/0011-java7-compat.patch
+ d/patches/0012-nailgun.patch
* Update Uploaders list:
- Remove Sebastien Delafond. Thanks for your work on this package!
- Remove Torsten Werner. Thanks for your work on this package!
- Add Tim Potter. Welcome aboard!
* Update d/watch file.
* Update d/README.Debian file.
* Add get-orig-source target to d/rules.
* Update Build-Depends:
- Replace dependency on openjdk-7-jdk with openjdk-8-jdk.
Otherwise jruby will not even compile.
- Replace libjaffl-java with libjnr-ffi-java.
- Replace libjline-java with libjline2-java.
- Update to libyecht-java to (>= 1.0~).
- Update to nailgun (>= 0.9.1~).
- Update to bytelist (>= 1.0.12~).
- Update to jffi (>= 1.2.7~).
- Update to jnr-posix (>= 3.0.9~).
- Add libyaml-snake-java.
- Add libinvokebinder-java.
- Replace libasm3-java with libasm4-java.
- Add libjnr-x86asm-java.
- Update libjnr-netdb-java to (>= 1.1.4~).
- Add liblivetribe-jsr223-java.
- Add ruby-rspec and ruby-minitest.
- Add locales-all.
* Update copyright file.
* Remove unnecessary preinst and postinst scripts.
* Update package description.
* Ship a copy of jquery library since the source package contains a
minified copy. This is to avoid lintian warnings, during build time
a link symbolic to libjs-jquery is deployed.
-- Miguel Landaeta <nomadium@debian.org> Sun, 31 May 2015 19:37:41 -0300
jruby (1.5.6-10) unstable; urgency=medium
* Add myself to Uploaders list.
* Replace dependency on libconstantine-java with libjnr-constants-java.
* Refresh patches:
- d/p/0003-do-not-install-gems.patch.
- d/p/0004-replace-bundled-libraries.patch.
- d/p/0012-nailgun.patch.
-- Miguel Landaeta <nomadium@debian.org> Sat, 02 May 2015 17:37:51 -0300
jruby (1.5.6-9) unstable; urgency=medium
* Team upload.
* Build-depend on openjdk-7-jdk >= 7u71-2.5.3 (closes: #759947).
This version restores the "apt" tool.
- Thank you to Michael Gilbert for the patch.
-- tony mancill <tmancill@debian.org> Sat, 01 Nov 2014 19:55:32 -0700
jruby (1.5.6-8) unstable; urgency=medium
[ tony mancill ]
* Team upload.
* Recommend "ri" instead of "ri1.8" (ruby interpreter)
* Use DH9 instead of version 6.
* Rebuild against a non-broken joda-time. (Closes: #729171)
* Bump Standards-Version to 3.9.6 (no changes).
[ Emmanuel Bourg ]
* Removed the build dependency on libemma-java
-- tony mancill <tmancill@debian.org> Mon, 27 Oct 2014 23:27:54 -0700
jruby (1.5.6-7) unstable; urgency=low
* Team upload.
* Provide maven artifacts. (Closes: #737424).
-- Miguel Landaeta <nomadium@debian.org> Sun, 02 Feb 2014 21:37:46 -0300
jruby (1.5.6-6) unstable; urgency=low
* Team upload.
[ tony mancill ]
* Apply patch to set FD_CLOEXEC correctly using F_SETFD not F_SETFL.
- Thank you to Guillem Jover. (Closes: #696283)
[ gregor herrmann ]
* Apply all changes from the Ubuntu package:
- Depend on default-jre.
- Add patch 0011-java7-compat.patch. Fix build issue with OpenJDK 7.
Thanks, Julian Taylor.
- Add patch 0012-nailgun.patch. Use unversioned nailgun.jar.
Thanks, Julian Taylor.
Change re the Ubuntu version: nailgun.jar instead of nailgun-0.9.0.jar.
(Closes: #713159)
* debian/control: use canonical URLs for Vcs-*.
* Declare compliance with Debian Policy 3.9.5.
-- gregor herrmann <gregoa@debian.org> Fri, 01 Nov 2013 17:55:29 +0100
jruby (1.5.6-5) unstable; urgency=medium
* Team upload.
* Add patch for CVE-2012-5370: Use PerlHash instead of MurmurHash
(that is vulnerable to DoS attacks). (Closes: #694694)
[Patch adapted from 5e4aab28 upstream]
-- Martin Quinson <mquinson@debian.org> Tue, 11 Dec 2012 21:22:36 +0100
jruby (1.5.6-4) unstable; urgency=medium
* Team upload.
* Add patch for CVE-2011-4838 (Closes: #686867)
- Thanks to Moritz Muehlenhoff
-- tony mancill <tmancill@debian.org> Thu, 20 Sep 2012 13:36:31 -0700
jruby (1.5.6-3) unstable; urgency=low
[Miguel Landaeta]
* Team upload.
* Switch to default-jdk. (Closes: #655823).
[tony mancill]
* Bump Standards-Version to 3.9.2 (no changes).
* Address lintian warning in d/copyright (update path to GPL-2).
-- Miguel Landaeta <miguel@miguel.cc> Sat, 14 Jan 2012 14:13:54 -0430
jruby (1.5.6-2) unstable; urgency=high
* Add workaround for strange dpkg-source error. (Closes: #643516)
-- Torsten Werner <twerner@debian.org> Tue, 04 Oct 2011 22:24:31 +0200
jruby (1.5.6-1) unstable; urgency=low
* New upstream version (Closes: #636554)
* Document licenses and copyright holders of code in
jruby-launcher-1.0.3-java.gem.
* Change debian/watch to read tags from github. Remove get-orig-source
target from debian/rules because we mirror the github repo in our repo.
* Use cdbs to build the package.
-- Torsten Werner <twerner@debian.org> Tue, 20 Sep 2011 21:17:04 +0200
jruby (1.5.1+dfsg4-2) unstable; urgency=low
* Use yecht-ruby.jar for building.
-- Torsten Werner <twerner@debian.org> Sun, 18 Sep 2011 19:24:44 +0200
jruby (1.5.1+dfsg4-1) unstable; urgency=low
* Remove bundled yecht.jar from orig tarball.
* Move package to main.
-- Torsten Werner <twerner@debian.org> Sun, 18 Sep 2011 00:01:11 +0200
jruby (1.5.1+dfsg3-1) unstable; urgency=low
* Remove bundled jnr-netdb.jar from orig tarball.
* Add Depends: libjffi-jni.
-- Torsten Werner <twerner@debian.org> Sat, 17 Sep 2011 17:34:12 +0200
jruby (1.5.1+dfsg2-1) experimental; urgency=low
* Remove bundled jnr-posix.jar from orig tarball.
-- Torsten Werner <twerner@debian.org> Wed, 14 Sep 2011 20:32:31 +0200
jruby (1.5.1+dfsg1-1) experimental; urgency=low
* Replace more prebuilt jars by Build-Depends.
* Modify 0002-jruby_home-is-at-a-specific-location-on-Debian.patch to avoid
test failures.
* Add get-orig-source target.
* Clean more files in clean target.
* Clean up debian/copyright.
* Do not build InvokeDynamicSupport.java because it requires some backport
(jsr292-mock.jar) from Java7.
* Replace rdocs by a symlink and add Recommends: ri1.8.
* Add a patch for the unversioned jarjar.jar.
-- Torsten Werner <twerner@debian.org> Tue, 13 Sep 2011 22:43:35 +0200
jruby (1.5.1-1) unstable; urgency=low
[ Hideki Yamane ]
* use already packaged jar files to build jruby.
add "Build-Depends: libasm3-java, libcommons-logging-java, libjarjar-java,
libjoda-time-java, junit4, libemma-java, libbsf-java, libjline-java, bnd,
libconstantine-java" (Closes: #581390)
[ Torsten Werner ]
* New upstream release
* Changed Maintainer to pkg-java-maintainers with the agreement of Sebastien.
* Add Sebastien and myself to the Uploaders list.
* Add Vcs headers to debian/control.
* Remove bin/jruby in clean target.
* Convert patches to dep3 format.
* Remove unneeded jar files from orig tarball.
* Define JAVA_HOME and set it to default-java.
* Run tests during build.
- Upgrade Build-Depends: ant to ant-optional.
- Add Build-Depends: netbase.
- Add a patch to ignore test failures.
- Set CLASSPATH=/usr/share/java/junit4.jar in debian/rules.
-- Torsten Werner <twerner@debian.org> Fri, 30 Jul 2010 03:07:08 +0200
jruby (1.5.0~rc3-1) unstable; urgency=low
* New upstream release (Closes: #581360).
-- Sebastien Delafond <seb@debian.org> Wed, 12 May 2010 15:56:25 +0200
jruby (1.5.0~rc1-1) unstable; urgency=low
* New upstream release candidate.
* Moved to 4.0 (quilt) source format.
* Updated watch file.
* Bumped-up Standards-Version.
-- Sebastien Delafond <seb@debian.org> Tue, 20 Apr 2010 18:01:51 +0200
jruby (1.4.0-2) unstable; urgency=low
* Make sure we're comptaible with a 1.5 JRE (Closes: #563028); thanks to
Shyamal Prasad <shyamal@member.fsf.org> for the patch.
-- Sebastien Delafond <seb@debian.org> Mon, 11 Jan 2010 14:44:34 +0100
jruby (1.4.0-1) unstable; urgency=low
* New upstream release.
* Updated watch file.
* Updated copyright file to reflect addition of new third-party jars.
-- Sebastien Delafond <seb@debian.org> Thu, 10 Dec 2009 12:34:42 +0100
jruby (1.3.1-2) unstable; urgency=low
* Moving to non-free, with detailed debian/copyright (Closes: #551618).
* Got rid of jruby alternatives as provided by older jruby1.x.
-- Sebastien Delafond <seb@debian.org> Wed, 09 Dec 2009 17:30:55 +0100
jruby (1.3.1-1) unstable; urgency=low
* First release (Closes: #548734).
* Move to non-free (See #527977).
-- Sebastien Delafond <seb@debian.org> Mon, 19 Oct 2009 15:41:51 +0200
|
