jruby - Debian Package Tracker

general

source: jruby (main)
version: 9.1.17.0-3
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Miguel Landaeta [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.7.26-1+deb9u1
o-o-sec: 1.7.26-1+deb9u3
o-o-bpo: 9.1.13.0-1~bpo9+1
oldstable: 9.1.17.0-3
unstable: 9.1.17.0-3

versioned links

1.7.26-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.26-1+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.1.13.0-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.1.17.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jruby (8 bugs: 1, 7, 0, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/jruby/jruby/releases  /jruby/jruby/archive/([0-9].+)\.tar\.gz

Created: 2021-03-21 Last update: 2022-08-17 00:35

7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:

CVE-2017-17742: Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
CVE-2019-16201: WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
CVE-2019-16254: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
CVE-2019-16255: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
CVE-2020-25613: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVE-2021-31810: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-32066: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Created: 2022-07-04 Last update: 2022-08-01 13:40

lintian reports 1 error and 31 warnings high

Lintian reports 1 error and 31 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2022-07-30 12:14

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2021-02-17 Last update: 2022-08-17 01:35

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-03-21 Last update: 2022-08-17 01:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 9.2.17.0-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit ece010ba77e63dcca2917551934ba4d912f7d136
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 15:54:38 2022 +0200

      * d/jruby.install: do not list files individually, simply install all files
        from target/package/bin.

commit 3ee871da9869de76717bd928c12794648132b9ad
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 15:48:45 2022 +0200

    mkdir -p $(CURDIR)/debian/jruby/jruby/maven/jruby-dist/target

commit 3e515e5b7603a5c864d5b1cb215c25d23eb9fb82
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 14:09:23 2022 +0200

    Fix patch to use 2.9.17

commit 1924d2d4850e107328769757e730afab79a46f7e
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 13:52:49 2022 +0200

    Removed version of (build-)depends when satisfied in stable.

commit 5b925dd9dda67fa0af99bf999fe7b63ec8535acc
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 12:09:31 2022 +0200

    Now packaging 9.2.17.0

commit 1a52c1253296833f450f6b445a229b71ca474341
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 12:07:43 2022 +0200

      * Fix 0008-Configure-unit-tests-to-run-at-build-time.patch not to patch
        bin/rake (we're using the system one anyways).

commit 5a62d945d0d25f953ed5e3fdc3cdf25b167d4424
Merge: ce6f91fb5 4c70d134f
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 12:03:54 2022 +0200

    Update upstream source from tag 'upstream/9.2.17.0'
    
    Update to upstream version '9.2.17.0'
    with Debian dir d65dd940b8472b7f1d4fa4b4b92fe03c3a2efbfb

commit ce6f91fb552c89721f26c784cb7fd7cba9e04aa8
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon May 23 12:02:39 2022 +0200

    Fix watch file.

commit 88f71863cd3341b3c9edaba01fda713ce906f419
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 16:24:53 2022 +0200

    fix copying unit tests.

commit dfe8f675cabd576e2a9bacc9c35cab8fe66ec266
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 16:06:46 2022 +0200

    Add myself as uploader.

commit 11fb2f597c50dbad481731942b3bbbb2e91cb3c5
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 16:04:52 2022 +0200

    Fixes FTBFS (Closes: #959600).

commit 2dba7b64df6ccedc03e00668099be44b8cf43eb6
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 13:42:51 2022 +0000

    Fixed d/rules.

commit 2d1b4d6f5f410a75c6026b9fe81a562c89a3b60a
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 09:14:58 2022 +0200

    Add ruby-psych as build-depends.

commit 15a109b17881ff54739991de7d81baf0f2d1f1f2
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed May 18 09:08:10 2022 +0200

    Add DRUBY_VERSION variable in d/rules.

commit aee7d3c479d303cdd7ce55d2be0963ed1cff447f
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Jan 7 19:00:05 2021 -0500

    d/rules: package missing libs in the final .deb, as jruby needs them

commit 37cac93a57086ac192d3cce3b6bf85222543a71f
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Jan 7 12:14:03 2021 -0500

    ruby-scanf is needed for the tests

commit 288906b95205e23bcb585303ff336527dd60e76e
Author: Utkarsh Gupta <utkarsh@debian.org>
Date:   Thu Jan 7 18:09:56 2021 +0530

    Don't BD on Debian revisions

commit dcf1365ee7a0158df189e185c0d900582ba42a57
Author: Utkarsh Gupta <utkarsh@debian.org>
Date:   Thu Jan 7 18:08:56 2021 +0530

    Prefer spaces over tabs in d/copyright

commit 734ca482377eb6789483a7ce62601848496f3799
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:59:24 2021 -0500

    d/test-tasks.txt: mri:fullint has been renamed to mri:core:fullint

commit 5607a6d94d7e24af02e712b1543b594f594cc2bc
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:23:54 2021 -0500

    d/patches: remove LOAD_PATH hacks from 0008.
    
    This is not needed anymore, since we're symlinking lib/ruby/gems/shared
    (in the upstream LOAD_PATH for tests) to lib/ruby/stdlib, where we're
    copying gems.

commit a539f5d20dda66a3d18b54d5b89277969df8fb1c
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Jan 6 17:00:57 2021 -0500

    fix more testsuite errors

commit 9b2458875dbf12cd282d80b7aa360d9a8ca5cc1e
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 19:10:35 2021 -0500

    d/rules: don't fail on testsuite failure, for now.

commit 9508319010b76a14b0b9d2938dc9f4182934a547
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 18:35:42 2021 -0500

    add ruby-rake-ant as a dependency

commit 6aa2c20dfc95a8dc6456953398dc31aebc28291d
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Tue Jan 5 15:21:39 2021 -0500

    d/patches: update 0008 to use new ruby2.7 paths.

commit 08397e8b3e2d5f0300ed42f16c74444144f33538
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 15:08:51 2021 -0500

    d/control: update to dh13.

commit ffd10bfeb38278ee616ecbf22d935671c9679d19
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 15:07:00 2021 -0500

    d/patches: delete 0007 and don't add /usr/lib/ruby/vendor_ruby to the jruby LOAD_PATH anymore. (Closes: #977979, #977981)

commit a39ac050c8a79725cd82afcad55459a3a8c91e2d
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 14:55:47 2021 -0500

    Fix subpar changelog entries

commit 3282a5af45e933955f30d65f9830e12ea2f85c09
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Fri Jan 1 14:53:29 2021 -0500

    add fileutils to the copied libs, as it's also needed

commit 8da4573ed1283acad4ef137b8e90be3e9252e9cb
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 18:00:27 2020 -0500

    fix version and mark package as UNRELEASED

commit ed104ee3bf9daaec4258b2483bf9c7fd5f58ed42
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 17:43:28 2020 -0500

    d/rules: remote get-orig-source.

commit 05d3d3d3525c5f24f03f7bd4cd70e0dbe3006fd8
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 17:42:37 2020 -0500

    d/rules: fix where ruby2.7 libs are copied from for the testsuite. (Closes: #976477)

commit 6c89451b50a2acaec37e09199c5cf4dcc5426ea6
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 16:16:04 2020 -0500

    d/control: remove build conflict with open-infrastructure-locales-c.utf-8, as it has been removed from unstable.

commit 7ac162c8e8ca088df65a631aa624c5890bd6acc3
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 15:15:14 2020 -0500

    Merge 0002 in 0020 and refresh 0006

commit 66f2037575ef3204c732d882912aed940956a1d4
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 14:33:12 2020 -0500

    Fix missing entries in patch 0019

commit f7ea90cafd193baa46c7791c6d8b298c102e707a
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 13:07:37 2020 -0500

    Refactored 0001 into 0020 to truly disable polyglot maven.

commit cc6949912247cc64692418dd4a72861d8846dd33
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 12:44:52 2020 -0500

    Added 0019 to disable maven checksum plugin.

commit 83a8b88a0eab5b5079a2b84e3d3aa603208c9c89
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Thu Dec 31 12:40:10 2020 -0500

    Added 0018 to disable maven truezip plugin.

commit ef9718548c2b67dc44ef300603bca14928f189b8
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Dec 30 19:30:10 2020 -0500

    Updated 0004-Add-missing-maven-artifacts-pom-files.patch with the next pom.xml files.

commit fd9a3208083c114438fcc2786719169f12ab77cb
Author: Louis-Philippe Véronneau <pollo@debian.org>
Date:   Wed Dec 30 18:43:24 2020 -0500

    Update dependencies and replace javax.annotation-api by jakarta.annotation.api.

commit 8d410e6041b808ba38d092210eb5b2b2130827e3
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:10:55 2020 +0100

    Ran wrap-and-sort -bastk.

commit 2841e6737af6b08f94081cbd468a904c6a247c25
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:05:53 2020 +0100

    Fixed new version in 0004-Add-missing-maven-artifacts-pom-files.patch.

commit 593844141529945838c2e243958b5e9361a2af2f
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 23:02:34 2020 +0100

    Removed applied upstream: 0018-fix-rubygem-vulnerabilities.patch.

commit 53ba45d6f929cdd5cf2fff13888470b32021adc9
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:58:11 2020 +0100

    Refreshed: 0016-Disable-SkinnyMethodAdapter-test.patch.

commit 9858edec84f2c49d4c0c4bb3b1783b523043e720
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:57:35 2020 +0100

    Rebased: 0015-javax-annotation-Generated.patch.

commit d163e0513f7805b26ed0d2fc0f6ad4cc9294fdc7
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:55:35 2020 +0100

    Refreshed: 0014-FELIX-5430.patch.

commit 572cd3bd759a53cb9b64de18d08a90093d4f427f
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:54:57 2020 +0100

    Rebased: 0013-Disable-regression-flaky-tests.patch.

commit cd593e81e6a054d9bae5628989646beb53f4c6c6
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:52:28 2020 +0100

    Rebased: 0012-Disable-jruby-flaky-tests.patch.

commit ac69a65b7476e9f976820ceb92bd712d9c049bdb
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:49:31 2020 +0100

    Rebased: 0011-Disable-failed-tests-in-sbuild.patch.

commit 5234f27d012ba078f132c1482a983467fdaa6a7c
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:46:22 2020 +0100

    Disabled: 0010-Exclude-mri-tests-failing-in-debian.patch.

commit 66e4f4c7b66d8c71f02f743b95457d79f4c94313
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Dec 28 22:43:48 2020 +0100

    Rebased: 0007-Add-usr-lib-ruby-vendor-ruby-to-load-path.patch.

Created: 2020-12-31 Last update: 2022-08-13 10:36

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.3.0).

Created: 2019-07-08 Last update: 2022-05-11 23:24

testing migrations

excuses:
- Migrates after: jruby-openssl, ruby-psych
- Migration status for jruby (- to 9.1.17.0-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating jruby would introduce bugs in testing: #959600, #972230, #976477, #977979
- ∙ ∙ Build-Depends(-Arch): jruby jruby-openssl
- ∙ ∙ Build-Depends(-Arch): jruby ruby-psych
- ∙ ∙ Depends: jruby ruby-psych
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/j/jruby.html
- ∙ ∙ 1176 days old (needed 5 days)
- Not considered

news

[rss feed]

[2021-02-18] jruby REMOVED from testing (Debian testing watch)
[2020-10-01] Accepted jruby 1.7.26-1+deb9u3 (source all) into oldstable (Utkarsh Gupta)
[2020-08-16] Accepted jruby 1.7.26-1+deb9u2 (source) into oldstable (Adrian Bunk)
[2019-12-10] Accepted jruby 1.5.6-9+deb8u2 (source all) into oldoldstable (Markus Koschany)
[2019-06-03] jruby 9.1.17.0-3 MIGRATED to testing (Debian testing watch)
[2019-05-29] Accepted jruby 9.1.17.0-3 (source) into unstable (Hideki Yamane)
[2019-05-20] Accepted jruby 1.5.6-9+deb8u1 (source all) into oldstable (Abhijith PA)
[2019-05-08] jruby 9.1.17.0-2.1 MIGRATED to testing (Debian testing watch)
[2019-05-03] Accepted jruby 9.1.17.0-2.1 (source) into unstable (Salvatore Bonaccorso)
[2019-03-08] jruby 9.1.17.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-26] Accepted jruby 9.1.17.0-2 (source) into unstable (Andrej Shadura)
[2019-02-25] Accepted jruby 9.1.17.0-1 (source) into unstable (Andrej Shadura)
[2018-06-12] Accepted jruby 1.7.26-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
[2018-06-08] Accepted jruby 1.7.26-1+deb9u1 (source all) into stable->embargoed, stable (Markus Koschany)
[2018-04-17] Accepted jruby 1.5.6-5+deb7u2 (source all) into oldoldstable (Markus Koschany)
[2018-04-01] Accepted jruby 1.5.6-5+deb7u1 (source all) into oldoldstable (Santiago R.R.) (signed by: Santiago Ruano Rincón)
[2017-10-15] Accepted jruby 9.1.13.0-1~bpo9+1 (source all) into stretch-backports (Miguel Landaeta)
[2017-10-11] jruby 9.1.13.0-1 MIGRATED to testing (Debian testing watch)
[2017-10-05] Accepted jruby 9.1.13.0-1 (source) into unstable (Miguel Landaeta)
[2017-09-29] Accepted jruby 9.1.8.0-3~bpo9+1 (source all) into stretch-backports, stretch-backports (Miguel Landaeta)
[2017-09-24] jruby 9.1.8.0-3 MIGRATED to testing (Debian testing watch)
[2017-09-18] Accepted jruby 9.1.8.0-3 (source) into unstable (Miguel Landaeta)
[2017-08-25] jruby 9.1.8.0-2 MIGRATED to testing (Debian testing watch)
[2017-07-28] Accepted jruby 9.1.8.0-2 (source) into unstable (Miguel Landaeta)
[2017-07-23] Accepted jruby 9.1.8.0-1 (source all) into unstable (Miguel Landaeta)
[2017-04-21] Accepted jruby 9.1.8.0-1~exp3 (source) into experimental (Miguel Landaeta)
[2017-04-17] Accepted jruby 9.1.8.0-1~exp2 (source) into experimental (Miguel Landaeta)
[2017-03-11] Accepted jruby 9.1.8.0-1~exp1 (source) into experimental (Miguel Landaeta)
[2017-03-07] Accepted jruby 9.1.6.0-1~exp3 (source) into experimental (Miguel Landaeta)
[2017-03-04] Accepted jruby 9.1.6.0-1~exp2 (source) into experimental (Miguel Landaeta)

bugs [bug history graph]

all: 15
RC: 1
I&N: 9
M&W: 1
F&P: 4
patch: 0
help: 1

links

homepage
lintian (1, 31)
buildd: logs, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots