Debian Package Tracker
Register | Log in
Subscribe

jruby

100% pure-Java implementation of Ruby

Choose email to subscribe with

general
  • source: jruby (main)
  • version: 9.1.17.0-3
  • maintainer: Debian Java Maintainers (archive) (DMD)
  • uploaders: Miguel Landaeta [DMD]
  • arch: all
  • std-ver: 4.3.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.7.26-1+deb9u1
  • o-o-sec: 1.7.26-1+deb9u3
  • o-o-bpo: 9.1.13.0-1~bpo9+1
  • oldstable: 9.1.17.0-3
  • unstable: 9.1.17.0-3
versioned links
  • 1.7.26-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.7.26-1+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 9.1.13.0-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 9.1.17.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • jruby (8 bugs: 1, 7, 0, 0)
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
  https://github.com/jruby/jruby/releases  /jruby/jruby/archive/([0-9].+)\.tar\.gz
Created: 2021-03-21 Last update: 2022-05-19 22:32
7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:
  • CVE-2017-17742: Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
  • CVE-2019-16201: WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
  • CVE-2019-16254: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
  • CVE-2019-16255: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
  • CVE-2020-25613: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
  • CVE-2021-31810: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
  • CVE-2021-32066: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Created: 2021-02-19 Last update: 2021-12-05 06:30
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2021-02-17 Last update: 2022-05-19 23:37
1 bug tagged help in the BTS normal
The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.
Created: 2019-03-21 Last update: 2022-05-19 23:01
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 9.2.14.0-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit dfe8f675cabd576e2a9bacc9c35cab8fe66ec266
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 16:06:46 2022 +0200

    Add myself as uploader.

commit 11fb2f597c50dbad481731942b3bbbb2e91cb3c5
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 16:04:52 2022 +0200

    Fixes FTBFS (Closes: #959600).

commit 2dba7b64df6ccedc03e00668099be44b8cf43eb6
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 13:42:51 2022 +0000

    Fixed d/rules.

commit 2d1b4d6f5f410a75c6026b9fe81a562c89a3b60a
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 09:14:58 2022 +0200

    Add ruby-psych as build-depends.

commit 15a109b17881ff54739991de7d81baf0f2d1f1f2
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 09:08:10 2022 +0200

    Add DRUBY_VERSION variable in d/rules.

commit aee7d3c479d303cdd7ce55d2be0963ed1cff447f
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Jan 7 19:00:05 2021 -0500

    d/rules: package missing libs in the final .deb, as jruby needs them

commit 37cac93a57086ac192d3cce3b6bf85222543a71f
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Jan 7 12:14:03 2021 -0500

    ruby-scanf is needed for the tests

commit 288906b95205e23bcb585303ff336527dd60e76e
Author: Utkarsh Gupta <utkarsh@debian.org>
Date:   Thu Jan 7 18:09:56 2021 +0530

    Don't BD on Debian revisions

commit dcf1365ee7a0158df189e185c0d900582ba42a57
Author: Utkarsh Gupta <utkarsh@debian.org>
Date:   Thu Jan 7 18:08:56 2021 +0530

    Prefer spaces over tabs in d/copyright

commit 734ca482377eb6789483a7ce62601848496f3799
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:59:24 2021 -0500

    d/test-tasks.txt: mri:fullint has been renamed to mri:core:fullint

commit 5607a6d94d7e24af02e712b1543b594f594cc2bc
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:23:54 2021 -0500

    d/patches: remove LOAD_PATH hacks from 0008.
    
    This is not needed anymore, since we're symlinking lib/ruby/gems/shared
    (in the upstream LOAD_PATH for tests) to lib/ruby/stdlib, where we're
    copying gems.

commit a539f5d20dda66a3d18b54d5b89277969df8fb1c
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:00:57 2021 -0500

    fix more testsuite errors

commit 9b2458875dbf12cd282d80b7aa360d9a8ca5cc1e
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 19:10:35 2021 -0500

    d/rules: don't fail on testsuite failure, for now.

commit 9508319010b76a14b0b9d2938dc9f4182934a547
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 18:35:42 2021 -0500

    add ruby-rake-ant as a dependency

commit 6aa2c20dfc95a8dc6456953398dc31aebc28291d
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 15:21:39 2021 -0500

    d/patches: update 0008 to use new ruby2.7 paths.

commit 08397e8b3e2d5f0300ed42f16c74444144f33538
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 15:08:51 2021 -0500

    d/control: update to dh13.

commit ffd10bfeb38278ee616ecbf22d935671c9679d19
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 15:07:00 2021 -0500

    d/patches: delete 0007 and don't add /usr/lib/ruby/vendor_ruby to the jruby LOAD_PATH anymore. (Closes: #977979, #977981)

commit a39ac050c8a79725cd82afcad55459a3a8c91e2d
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 14:55:47 2021 -0500

    Fix subpar changelog entries

commit 3282a5af45e933955f30d65f9830e12ea2f85c09
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 14:53:29 2021 -0500

    add fileutils to the copied libs, as it's also needed

commit 8da4573ed1283acad4ef137b8e90be3e9252e9cb
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 18:00:27 2020 -0500

    fix version and mark package as UNRELEASED

commit ed104ee3bf9daaec4258b2483bf9c7fd5f58ed42
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 17:43:28 2020 -0500

    d/rules: remote get-orig-source.

commit 05d3d3d3525c5f24f03f7bd4cd70e0dbe3006fd8
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 17:42:37 2020 -0500

    d/rules: fix where ruby2.7 libs are copied from for the testsuite. (Closes: #976477)

commit 6c89451b50a2acaec37e09199c5cf4dcc5426ea6
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 16:16:04 2020 -0500

    d/control: remove build conflict with open-infrastructure-locales-c.utf-8, as it has been removed from unstable.

commit 7ac162c8e8ca088df65a631aa624c5890bd6acc3
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 15:15:14 2020 -0500

    Merge 0002 in 0020 and refresh 0006

commit 66f2037575ef3204c732d882912aed940956a1d4
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 14:33:12 2020 -0500

    Fix missing entries in patch 0019

commit f7ea90cafd193baa46c7791c6d8b298c102e707a
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 13:07:37 2020 -0500

    Refactored 0001 into 0020 to truly disable polyglot maven.

commit cc6949912247cc64692418dd4a72861d8846dd33
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 12:44:52 2020 -0500

    Added 0019 to disable maven checksum plugin.

commit 83a8b88a0eab5b5079a2b84e3d3aa603208c9c89
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 12:40:10 2020 -0500

    Added 0018 to disable maven truezip plugin.

commit ef9718548c2b67dc44ef300603bca14928f189b8
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Dec 30 19:30:10 2020 -0500

    Updated 0004-Add-missing-maven-artifacts-pom-files.patch with the next pom.xml files.

commit fd9a3208083c114438fcc2786719169f12ab77cb
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Dec 30 18:43:24 2020 -0500

    Update dependencies and replace javax.annotation-api by jakarta.annotation.api.

commit 8d410e6041b808ba38d092210eb5b2b2130827e3
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:10:55 2020 +0100

    Ran wrap-and-sort -bastk.

commit 2841e6737af6b08f94081cbd468a904c6a247c25
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:05:53 2020 +0100

    Fixed new version in 0004-Add-missing-maven-artifacts-pom-files.patch.

commit 593844141529945838c2e243958b5e9361a2af2f
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:02:34 2020 +0100

    Removed applied upstream: 0018-fix-rubygem-vulnerabilities.patch.

commit 53ba45d6f929cdd5cf2fff13888470b32021adc9
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:58:11 2020 +0100

    Refreshed: 0016-Disable-SkinnyMethodAdapter-test.patch.

commit 9858edec84f2c49d4c0c4bb3b1783b523043e720
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:57:35 2020 +0100

    Rebased: 0015-javax-annotation-Generated.patch.

commit d163e0513f7805b26ed0d2fc0f6ad4cc9294fdc7
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:55:35 2020 +0100

    Refreshed: 0014-FELIX-5430.patch.

commit 572cd3bd759a53cb9b64de18d08a90093d4f427f
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:54:57 2020 +0100

    Rebased: 0013-Disable-regression-flaky-tests.patch.

commit cd593e81e6a054d9bae5628989646beb53f4c6c6
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:52:28 2020 +0100

    Rebased: 0012-Disable-jruby-flaky-tests.patch.

commit ac69a65b7476e9f976820ceb92bd712d9c049bdb
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:49:31 2020 +0100

    Rebased: 0011-Disable-failed-tests-in-sbuild.patch.

commit 5234f27d012ba078f132c1482a983467fdaa6a7c
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:46:22 2020 +0100

    Disabled: 0010-Exclude-mri-tests-failing-in-debian.patch.

commit 66e4f4c7b66d8c71f02f743b95457d79f4c94313
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:43:48 2020 +0100

    Rebased: 0007-Add-usr-lib-ruby-vendor-ruby-to-load-path.patch.

commit 1911548bddd727fe0d4e11b78a5ec2b92494bd6b
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:32:51 2020 +0100

      * Refreshed:
        - 0002-Disable-unpackaged-plugins-in-lib-module.patch.
        - 0005-Disable-jnr-ffi-native-usage.patch.

commit 2fbbe0d9cc4be72755f5cc7275615be25228e93b
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:32:21 2020 +0100

    Rebased 0001-Disable-polyglot-maven-extension.patch.

commit 892080ff9b07b0056e9a968783713066ec25c572
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:18:09 2020 +0100

    New upstream release 9.2.14.0

commit 5f46afcdbc2ab884aeb3dd0877bceb5012ae5579
Merge: f6e653039 42ac9b95d
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:17:30 2020 +0100

    Update upstream source from tag 'upstream/9.2.14.0'
    
    Update to upstream version '9.2.14.0'
    with Debian dir 9258cd56f0a84f1e186aa86e7c4b3c68e3eaec01

commit 42ac9b95d2190efcb002227de9de494e0ad6f815
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:17:30 2020 +0100

    New upstream version 9.2.14.0

commit b33f30b172c14a82d33d650a29b49721c789cec1
Author: Andrej Shadura <andrew.shadura@collabora.co.uk>
Date:   Mon Feb 25 19:48:53 2019 +0100

    New upstream version 9.1.17.0

commit e2f3c288e751f13870e7a85b2583089d6403628c
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Thu Nov 9 22:10:57 2017 +0000

    New upstream version 9.1.14.0

commit 29950412704c35060c130a6545b8d7f8437bcc9d
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Wed Oct 4 19:45:09 2017 +0100

    Imported Upstream version 9.1.13.0

commit c1c2b13c33ec0068a2c604fc7da2659645c25fef
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Sat Mar 11 12:09:08 2017 +0000

    Imported Upstream version 9.1.8.0

commit fc879d5906033873f5af21f353584a2ded5d85a3
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Sat Jan 21 19:09:54 2017 +0000

    Imported Upstream version 9.1.6.0

commit 2ed5cac0f2533e0d6476eeebe919c3efbf602615
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Sat Nov 12 20:12:30 2016 +0000

    Upstream import 1.7.26

commit bffc974a07e443f946d907019427d57fab85b7ce
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Sat Apr 16 12:36:05 2016 +0100

    Upstream import 1.7.25

commit e827cf2b8078aa3913b230a1691b2a8fe3db49d1
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Wed Sep 16 20:57:47 2015 -0300

    Upstream import 1.7.22

commit 6c575f84d5ab10f5d639a98663be9900527cde33
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Wed Jul 8 20:14:35 2015 -0300

    Upstream import 1.7.21

commit 34fb4944e5fdd85448bf5421b64ceba2eeacebfc
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Thu Jun 18 20:00:45 2015 -0300

    Upstream import 1.7.20.1

commit 80080d111a8f257d8884b896364d857362204e3c
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Sun May 31 19:58:53 2015 -0300

    Upstream import 1.7.20

commit 6745d70109dfe305c780ff3bd547badb15c0db7b
Author: Miguel Landaeta <nomadium@debian.org>
Date:   Mon May 25 16:20:58 2015 -0300

    Upstream import 1.7.19

commit 2021496301e832c55fc0e70349e112dabee299c7
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 20 20:02:18 2011 +0200

    remove file .keep

commit 2fa5e93580ada1f95c4f2507a4b9f0606684cfa8
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 20 19:22:41 2011 +0200

    remove some files that do not exist in tag 1.5.6

commit 7013d7b3b97697341cc5889dea9d97aac3f280bb
Merge: 998e71576 b3c72b964
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 20 19:16:23 2011 +0200

    Merge branch 'upstream' into upstream tag 1.5.6
    
    Conflicts:
            bin/jruby.dll
            bin/jruby.exe
            bin/jrubyw.exe
            build_lib/jaffl.jar

commit 998e71576bf87002fd74978c8581cd1918ef7ce3
Merge: fd781771c 9cf97c3b9
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 20 19:14:43 2011 +0200

    Merge commit '1.5.6' into HEAD

commit fd781771c69d8c6a6249f48d8a9e3d16a8e626ef
Merge: 40ded8bac f3a348082
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 20 19:13:18 2011 +0200

    merge upstream tag 1.5.1 into imported source tar
    
    Conflicts:
            bench/language/bench_method_dispatch_only.rb
            bench/rails/public/dispatch.cgi
            bench/rails/public/dispatch.fcgi
            bench/rails/public/dispatch.rb
            bench/rails/script/about
            bench/rails/script/console
            bench/rails/script/dbconsole
            bench/rails/script/destroy
            bench/rails/script/generate
            bench/rails/script/performance/benchmarker
            bench/rails/script/performance/profiler
            bench/rails/script/performance/request
            bench/rails/script/plugin
            bench/rails/script/process/inspector
            bench/rails/script/process/reaper
            bench/rails/script/process/spawner
            bench/rails/script/runner
            bench/rails/script/server
            bench/shootout/fannkuch.jruby
            bench/shootout/hello.jruby
            bench/shootout/nsievebits.jruby-2.jruby
            bench/shootout/revcomp.jruby
            bench/shootout/sumcol.jruby
            bin/gem.bat
            bin/generate_yaml_index.rb
            bin/jirb.bat
            bin/jirb_swing.bat
            bin/jruby.bat
            bin/jruby.dll
            bin/jruby.exe
            bin/jrubyd.bat
            bin/jrubyw.exe
            bin/rake.bat
            bin/rdoc
            bin/rdoc.bat
            bin/ri.bat
            build_lib/yydebug.jar
            lib/ruby/1.9/rake.rb
            spec/java_integration/spec.opts
            test/externals/ruby1.8/thread/lbtest.rb
            test/externals/ruby1.8/webrick/webrick_long_filename.cgi
            test/externals/ruby1.9/json/test_json.rb
            test/externals/ruby1.9/json/test_json_addition.rb
            test/externals/ruby1.9/json/test_json_fixtures.rb
            test/externals/ruby1.9/json/test_json_unicode.rb
            test/externals/ruby1.9/rake/shellcommand.rb
            test/externals/ruby1.9/rubygems/test_gem_digest.rb
            test/testapp/testapp.exe
            tool/nailgun/ng.exe

commit b3c72b964b45d4e0c4e29e1c075b5a45040c6e92
Author: Torsten Werner <twerner@debian.org>
Date:   Sat Sep 17 23:56:22 2011 +0200

    remove bundled yecht.jar from upstream branch

commit 044d939f60e21105cbd61cd60fd47b79e8a44cad
Author: Torsten Werner <twerner@debian.org>
Date:   Sat Sep 17 10:15:57 2011 +0200

    Imported Upstream version 1.5.1+dfsg3

commit ea1c36956dd2c3e3bad693aa2f6aed7c3452cc6c
Author: Torsten Werner <twerner@debian.org>
Date:   Sat Sep 17 09:58:34 2011 +0200

    remove jnr-netdb.jar from upstream branch

commit 190fb608d1ffec054eb4f12cfd8c48ff08331322
Author: Torsten Werner <twerner@debian.org>
Date:   Wed Sep 14 20:57:08 2011 +0200

    Imported Upstream version 1.5.1+dfsg2

commit 55379baef2be413175350864391c142230e7be6e
Author: Torsten Werner <twerner@debian.org>
Date:   Wed Sep 14 20:34:30 2011 +0200

    Remove jnr-posix.jar from upstream branch.

commit f3f9d3cfb47763b293a74c3977dcbde13d82d5af
Author: Torsten Werner <twerner@debian.org>
Date:   Tue Sep 13 22:02:29 2011 +0200

    Imported Upstream version 1.5.1+dfsg1

commit 9cf97c3b93594958562ffb588b1f61af8f298bf7
Merge: 2831f2d31 8d69a1e79
Author: Nick Sieger <nick@nicksieger.com>
Date:   Thu Dec 2 15:11:53 2010 -0600

    Merge branch 'jruby-1_5' of jruby.org:jruby into jruby-1_5

commit 2831f2d310082d403c000a8faadcbf4881954631
Author: Nick Sieger <nick@nicksieger.com>
Date:   Thu Dec 2 15:08:58 2010 -0600

    JRUBY-4774, WARBLER-15: Fix classpath and load path issues related to file paths containing spaces

commit 8d69a1e790217efea5a6b2cad7ab0a98d7edae54
Author: Hiro Asari <asari.ruby@gmail.com>
Date:   Fri Jul 23 22:09:53 2010 -0400

    Re-fixing JRUBY-4352: Rbconfig's Config::CONFIG provides wrong name for Windows 2008 Server, based on input from Rakesh Arora. (See 07fb757.)

commit e34fde6de01ad396594af276e21c05b561d5cccb
Author: Thomas E. Enebo <tom.enebo@gmail.com>
Date:   Wed Dec 1 14:26:01 2010 -0600

    Bump version to 1.5.6

commit 023d5c99f60ae69db1adf3adc62e1e9fbcf4012e
Author: Hiroshi Nakamura <nahi@ruby-lang.org>
Date:   Wed Oct 6 22:43:41 2010 +0900

    Changed the logic for checking given argument according to MRI 1.8.7 implementation.
    
    MRI uses rb_check_string_type instead of checking respond_to? :to_str
    directly from 1.8.6, and checks respond_to :getc AND :read for IO check.

commit 621f74d3be8116ca77797bb40c89ef2d605e9a0e
Author: Ryan Brown <ribrdb@google.com>
Date:   Wed Sep 29 14:12:02 2010 -0700

    Explicitly use the JRubyClassLoader when unmarshaling Java objects
    
    Signed-off-by: Charles Oliver Nutter <headius@headius.com>

commit d527ad987c1d8803cb2f462966a8340053d12546
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Tue Nov 30 16:25:04 2010 -0600

    A few 1.5-compatible fixes and backports to get static method reification working properly.

commit e3440261c0390b1c8e7618a27abeffaf4eaa71be
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Wed Oct 20 16:16:22 2010 -0500

    Add spec for JRUBY-5127, fixed in previous commits:
    
    a46016c A little less meta.
    ceb8260 Reify class methods to java statics.

commit edb4a96319406d0200690580d9bf58bd63b40bc0
Author: Bob McWhirter <bob@mcwhirter.org>
Date:   Fri Oct 15 23:03:16 2010 -0400

    A little less meta.
    
    Signed-off-by: Charles Oliver Nutter <headius@headius.com>

commit 23e4c15f2c297a7f30c43031e606d8500a11c106
Author: Bob McWhirter <bob@mcwhirter.org>
Date:   Fri Oct 15 16:59:38 2010 -0400

    Reify class methods to java statics.
    
    Signed-off-by: Charles Oliver Nutter <headius@headius.com>

commit b6507aada861d0460e0eb889ad0750837e5b858a
Author: Nick Sieger <nick@nicksieger.com>
Date:   Tue Nov 30 15:31:30 2010 -0600

    JRuby launcher 1.0.3 gem
    
    Conflicts:
    
            default.build.properties

commit c9e6654e0d274915dc291d4d8859bf62555ffd1d
Author: Nick Sieger <nick@nicksieger.com>
Date:   Tue Nov 30 12:37:11 2010 -0600

    JRuby launcher 1.0.3 Windows binaries

commit b1906f881bb191492a0218f3ac0a4fd37e7fa087
Author: Nick Sieger <nick@nicksieger.com>
Date:   Wed Nov 17 14:37:23 2010 -0600

    ant.rb: Use ant.bat on Windows

commit 39a300e93e143c33492d165e7bf818b9ec386761
Author: David Calavera <david.calavera@gmail.com>
Date:   Mon Jun 7 23:09:46 2010 +0200

    Explicitly add javac path to classpath before loading the ant extension. It copies the behaviour of the ant script.

commit 41d7f92cb8171484e19ec9a2885e7d80774e9478
Author: David Calavera <david.calavera@gmail.com>
Date:   Tue Jul 13 20:24:52 2010 +0200

    fix JRUBY-4898: java.util.ConcurrentModificationException
    
    Signed-off-by: Charles Oliver Nutter <headius@headius.com>

commit 4bd42008fd48e40c94b92456c7dff2d8916e80e1
Author: Thomas E. Enebo <tom.enebo@gmail.com>
Date:   Tue Nov 9 16:53:35 2010 -0600

    Bump from 1.5.4 to 1.5.5 because jruby-jars booch

commit 827258b4a33151393241456a97009a6b36606378
Author: Vladimir Sizikov <vsizikov@gmail.com>
Date:   Fri Jun 11 10:16:17 2010 +0200

    JRUBY-4865: Ant.load_from_ant is broken on Windows

commit b44b31f22ee42877018cac53271b6fea2b688cd7
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Mon Nov 8 23:27:20 2010 +0100

    Revert "Fix for JRUBY-4908: IO.popen4 returns the wrong pid in Linux"
    
    This reverts commit edadd2bd1d339e60e6dcfab1bc556102c1aa7400.

commit fda69d3ecf8aa1c549c3e4f389607c6c98ab3c7c
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Mon Nov 8 23:27:12 2010 +0100

    Revert "Fix test_io's test_sh_used_appropriately to use a more consistent ps output (cures failure on Linux)."
    
    This reverts commit 8b9bba74d8e9cf6d831766d65573ea83009faaf4.

commit b573e4df2e65d66f20b2119e88fa2f249b1dfa61
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Mon Nov 8 23:25:28 2010 +0100

    Revert "One more fix to get test_io sh test working with a headless machine (ps -a only shows processes with a controlling terminal)"
    
    This reverts commit 80ab0e920834e269a6e504a298d2320cfbdb71b0.

commit f04574c7ab2e04ea022468a2a70b885879f6a771
Author: Thomas E. Enebo <tom.enebo@gmail.com>
Date:   Mon Oct 18 16:42:48 2010 -0500

    Add support for jruby-win32ole if installed as a gem

commit 1e545171bca398d0f696a326041b702f569196ff
Author: Thomas E. Enebo <tom.enebo@gmail.com>
Date:   Mon Nov 8 10:25:56 2010 -0600

    Bump for 1.5.4

commit 2500ce3a314592aeba2aa708e70ef130cdb74611
Author: Hiroshi Nakamura <nahi@ruby-lang.org>
Date:   Sat Nov 6 13:16:47 2010 +0900

    Fix for JRUBY-5122: Webrick socket.readline causes 100% cpu usage
    
    Do not set NONBLOCK bit to sockets accepted by WEBrick server to avoid
    busy loop.  Busy loop bug in RubyIO caused by NONBLOCK bit is fixed in
    master but it's rather big change for stable branch.  So we decided to
    just remove NONBLOCK bit at jruby-1_5 as a one-off change for this
    branch.
    
    As far as I understand, NONBLOCK bit is added to avoid interpreter block
    by write system call.([ruby-dev:26477])  Ruby level IO#write is
    originally a blocking call but IO#write of CRuby 1.8 might block
    *interpreter* by calling write system call. With NONBLOCK bit, io_fwrite
    in io.c does retry until the whole given buffer is written.
    
    In JRuby, which runs native threads, it won't block by write so we don't
    need to set NONBLOCK bit here.
    
    This change might affect to applications which expect sockets accepted
    by WEBrick to be non-blocking.  Almost all IO methods for reading are
    blocking method so it won't happen I believe.

commit 6daa3cbe248fbe20ca2a2db740c0b699b986f0d0
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Fri Nov 5 16:37:39 2010 -0500

    Merge --profile support to JRuby 1.5.
    
    Squashed commit of the following hashes (master) with 1.5-appropriate cleanups:
    
    (in reverse order of application, i.e. first commit is at the bottom)
    65cf879ae258a7eac762af6d46ff79ac384bf130
    4ddda109266185b58b9de1aad90d24e67be8a91a
    ae16db07c8ece5bc6d070d7b626ca7ae5daca2d3
    75528e2bbaf33b98d0d70a636e2ca20d001f2d2f
    96dacb92c8c93c30ae5ea5c1bb60cbcd91180f9e
    e0459e879bb99a32dc88b504246e1e33d262a8c6
    6b9842baf84866dc09b656b1d2daa18b0278aca3
    26be5ea49b76a7dfa4afbebf0afa4e3e7b1d1a14
    8e299ced5ca6227d3904f563ef44ea79ac92a19d

commit 80ab0e920834e269a6e504a298d2320cfbdb71b0
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Fri Nov 5 13:48:26 2010 -0500

    One more fix to get test_io sh test working with a headless machine (ps -a only shows processes with a controlling terminal)

commit 8b9bba74d8e9cf6d831766d65573ea83009faaf4
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Fri Nov 5 07:52:26 2010 -0500

    Fix test_io's test_sh_used_appropriately to use a more consistent ps output (cures failure on Linux).

commit edadd2bd1d339e60e6dcfab1bc556102c1aa7400
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Mon Nov 1 08:48:40 2010 -0400

    Fix for JRUBY-4908: IO.popen4 returns the wrong pid in Linux

commit 97a7924346f25bd3688e86bd8bae30e46f319961
Author: Hiro Asari <asari.ruby@gmail.com>
Date:   Sat Oct 30 00:46:54 2010 -0400

    Test case for JRUBY-5110.

commit 453bd9d10e858aee47ac50c1d34f80a26c6c5d36
Author: Hiro Asari <asari.ruby@gmail.com>
Date:   Fri Oct 29 17:11:16 2010 -0400

    Use the appropriate lookup method for finding ENV["PATH"] on all platforms. This should fix JRUBY-5110 completely. (Let the third time be a charm!)

commit 47af54e2ce2fb071c9ea7ebb81869f75cebc64e2
Author: Hiro Asari <asari.ruby@gmail.com>
Date:   Wed Oct 13 10:36:15 2010 -0400

    Fix JRUBY-4766: java.lang.VerifyError: org/jruby/ext/posix/LinuxLibC$jaffl$0
    
    Updated jaffl.jar to 0.5.4.

commit c4ffa9e9f206be96fe060cb4d400acffc96bb1e9
Author: Naoto "Kevin" IMAI TOYODA <imai.naoto@future.co.jp>
Date:   Wed Oct 20 23:37:57 2010 +0900

    Cucumber Japanese example raises exception on JRuby
    
    It is caused by ByteArrayLexerSource's bug:
    ByteArrayLexerSource#read() must return non-negative value (like 0xe3)
    except when detecting EOF, but it can returns negative value (like
    0xffffffe3) which causes EncodingException.
    
    Resolution: mask ByteArrayLexerSource#read() with 0xff except EOF.
    
    Signed-off-by: Yoko Harada <yokolet@gmail.com>
Created: 2020-12-31 Last update: 2022-05-18 14:35
lintian reports 22 warnings normal
Lintian reports 22 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-09-21 Last update: 2021-10-13 21:32
7 low-priority security issues in buster low

There are 7 open security issues in buster.

7 issues left for the package maintainer to handle:
  • CVE-2017-17742: (needs triaging) Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
  • CVE-2019-16201: (needs triaging) WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
  • CVE-2019-16254: (needs triaging) Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
  • CVE-2019-16255: (needs triaging) Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
  • CVE-2020-25613: (needs triaging) An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
  • CVE-2021-31810: (needs triaging) An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
  • CVE-2021-32066: (needs triaging) An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.3.0).
Created: 2019-07-08 Last update: 2022-05-11 23:24
testing migrations
  • excuses:
    • Migrates after: jruby-openssl, ruby-psych
    • Migration status for jruby (- to 9.1.17.0-3): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating jruby would introduce bugs in testing: #959600, #972230, #976477, #977979
    • ∙ ∙ Build-Depends(-Arch): jruby jruby-openssl
    • ∙ ∙ Build-Depends(-Arch): jruby ruby-psych
    • ∙ ∙ Depends: jruby ruby-psych
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/j/jruby.html
    • ∙ ∙ 1087 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2021-02-18] jruby REMOVED from testing (Debian testing watch)
  • [2020-10-01] Accepted jruby 1.7.26-1+deb9u3 (source all) into oldstable (Utkarsh Gupta)
  • [2020-08-16] Accepted jruby 1.7.26-1+deb9u2 (source) into oldstable (Adrian Bunk)
  • [2019-12-10] Accepted jruby 1.5.6-9+deb8u2 (source all) into oldoldstable (Markus Koschany)
  • [2019-06-03] jruby 9.1.17.0-3 MIGRATED to testing (Debian testing watch)
  • [2019-05-29] Accepted jruby 9.1.17.0-3 (source) into unstable (Hideki Yamane)
  • [2019-05-20] Accepted jruby 1.5.6-9+deb8u1 (source all) into oldstable (Abhijith PA)
  • [2019-05-08] jruby 9.1.17.0-2.1 MIGRATED to testing (Debian testing watch)
  • [2019-05-03] Accepted jruby 9.1.17.0-2.1 (source) into unstable (Salvatore Bonaccorso)
  • [2019-03-08] jruby 9.1.17.0-2 MIGRATED to testing (Debian testing watch)
  • [2019-02-26] Accepted jruby 9.1.17.0-2 (source) into unstable (Andrej Shadura)
  • [2019-02-25] Accepted jruby 9.1.17.0-1 (source) into unstable (Andrej Shadura)
  • [2018-06-12] Accepted jruby 1.7.26-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
  • [2018-06-08] Accepted jruby 1.7.26-1+deb9u1 (source all) into stable->embargoed, stable (Markus Koschany)
  • [2018-04-17] Accepted jruby 1.5.6-5+deb7u2 (source all) into oldoldstable (Markus Koschany)
  • [2018-04-01] Accepted jruby 1.5.6-5+deb7u1 (source all) into oldoldstable (Santiago R.R.) (signed by: Santiago Ruano Rincón)
  • [2017-10-15] Accepted jruby 9.1.13.0-1~bpo9+1 (source all) into stretch-backports (Miguel Landaeta)
  • [2017-10-11] jruby 9.1.13.0-1 MIGRATED to testing (Debian testing watch)
  • [2017-10-05] Accepted jruby 9.1.13.0-1 (source) into unstable (Miguel Landaeta)
  • [2017-09-29] Accepted jruby 9.1.8.0-3~bpo9+1 (source all) into stretch-backports, stretch-backports (Miguel Landaeta)
  • [2017-09-24] jruby 9.1.8.0-3 MIGRATED to testing (Debian testing watch)
  • [2017-09-18] Accepted jruby 9.1.8.0-3 (source) into unstable (Miguel Landaeta)
  • [2017-08-25] jruby 9.1.8.0-2 MIGRATED to testing (Debian testing watch)
  • [2017-07-28] Accepted jruby 9.1.8.0-2 (source) into unstable (Miguel Landaeta)
  • [2017-07-23] Accepted jruby 9.1.8.0-1 (source all) into unstable (Miguel Landaeta)
  • [2017-04-21] Accepted jruby 9.1.8.0-1~exp3 (source) into experimental (Miguel Landaeta)
  • [2017-04-17] Accepted jruby 9.1.8.0-1~exp2 (source) into experimental (Miguel Landaeta)
  • [2017-03-11] Accepted jruby 9.1.8.0-1~exp1 (source) into experimental (Miguel Landaeta)
  • [2017-03-07] Accepted jruby 9.1.6.0-1~exp3 (source) into experimental (Miguel Landaeta)
  • [2017-03-04] Accepted jruby 9.1.6.0-1~exp2 (source) into experimental (Miguel Landaeta)
  • 1
  • 2
bugs [bug history graph]
  • all: 14
  • RC: 1
  • I&N: 8
  • M&W: 1
  • F&P: 4
  • patch: 0
  • help: 1
links
  • homepage
  • lintian (0, 22)
  • buildd: logs, clang
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing