jruby (1.5.6-5+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
    in gem owner.
  * Build with OpenJDK 6 to avoid a FTBFS with Java 7.

 -- Markus Koschany <apo@debian.org>  Tue, 17 Apr 2018 22:32:31 +0200

jruby (1.5.6-5+deb7u1) wheezy-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
    avoid infinite loop
  * Fix CVE-2018-1000076: Raise a security error when there are duplicate
    files in a package
  * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
  * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
    when displayed via gem server.

 -- Santiago R.R. <santiago@riseup.net>  Sat, 31 Mar 2018 13:38:03 +0200

jruby (1.5.6-5) unstable; urgency=medium

  * Team upload.
  * Add patch for CVE-2012-5370: Use PerlHash instead of MurmurHash
    (that is vulnerable to DoS attacks). (Closes: #694694)
    [Patch adapted from 5e4aab28 upstream]

 -- Martin Quinson <mquinson@debian.org>  Tue, 11 Dec 2012 21:22:36 +0100

jruby (1.5.6-4) unstable; urgency=medium

  * Team upload.
  * Add patch for CVE-2011-4838 (Closes: #686867)
    - Thanks to Moritz Muehlenhoff

 -- tony mancill <tmancill@debian.org>  Thu, 20 Sep 2012 13:36:31 -0700

jruby (1.5.6-3) unstable; urgency=low

  [Miguel Landaeta]
  * Team upload.
  * Switch to default-jdk. (Closes: #655823).

  [tony mancill]
  * Bump Standards-Version to 3.9.2 (no changes).
  * Address lintian warning in d/copyright (update path to GPL-2).

 -- Miguel Landaeta <miguel@miguel.cc>  Sat, 14 Jan 2012 14:13:54 -0430

jruby (1.5.6-2) unstable; urgency=high

  * Add workaround for strange dpkg-source error. (Closes: #643516)

 -- Torsten Werner <twerner@debian.org>  Tue, 04 Oct 2011 22:24:31 +0200

jruby (1.5.6-1) unstable; urgency=low

  * New upstream version (Closes: #636554)
  * Document licenses and copyright holders of code in
    jruby-launcher-1.0.3-java.gem.
  * Change debian/watch to read tags from github. Remove get-orig-source
    target from debian/rules because we mirror the github repo in our repo.
  * Use cdbs to build the package.

 -- Torsten Werner <twerner@debian.org>  Tue, 20 Sep 2011 21:17:04 +0200

jruby (1.5.1+dfsg4-2) unstable; urgency=low

  * Use yecht-ruby.jar for building.

 -- Torsten Werner <twerner@debian.org>  Sun, 18 Sep 2011 19:24:44 +0200

jruby (1.5.1+dfsg4-1) unstable; urgency=low

  * Remove bundled yecht.jar from orig tarball.
  * Move package to main.

 -- Torsten Werner <twerner@debian.org>  Sun, 18 Sep 2011 00:01:11 +0200

jruby (1.5.1+dfsg3-1) unstable; urgency=low

  * Remove bundled jnr-netdb.jar from orig tarball.
  * Add Depends: libjffi-jni.

 -- Torsten Werner <twerner@debian.org>  Sat, 17 Sep 2011 17:34:12 +0200

jruby (1.5.1+dfsg2-1) experimental; urgency=low

  * Remove bundled jnr-posix.jar from orig tarball.

 -- Torsten Werner <twerner@debian.org>  Wed, 14 Sep 2011 20:32:31 +0200

jruby (1.5.1+dfsg1-1) experimental; urgency=low

  * Replace more prebuilt jars by Build-Depends.
  * Modify 0002-jruby_home-is-at-a-specific-location-on-Debian.patch to avoid
    test failures.
  * Add get-orig-source target.
  * Clean more files in clean target.
  * Clean up debian/copyright.
  * Do not build InvokeDynamicSupport.java because it requires some backport
    (jsr292-mock.jar) from Java7.
  * Replace rdocs by a symlink and add Recommends: ri1.8.
  * Add a patch for the unversioned jarjar.jar.

 -- Torsten Werner <twerner@debian.org>  Tue, 13 Sep 2011 22:43:35 +0200

jruby (1.5.1-1) unstable; urgency=low

  [ Hideki Yamane ]
  * use already packaged jar files to build jruby.
    add "Build-Depends: libasm3-java, libcommons-logging-java, libjarjar-java,
    libjoda-time-java, junit4, libemma-java, libbsf-java, libjline-java, bnd,
    libconstantine-java" (Closes: #581390)

  [ Torsten Werner ]
  * New upstream release
  * Changed Maintainer to pkg-java-maintainers with the agreement of Sebastien.
  * Add Sebastien and myself to the Uploaders list.
  * Add Vcs headers to debian/control.
  * Remove bin/jruby in clean target.
  * Convert patches to dep3 format.
  * Remove unneeded jar files from orig tarball.
  * Define JAVA_HOME and set it to default-java.
  * Run tests during build.
    - Upgrade Build-Depends: ant to ant-optional.
    - Add Build-Depends: netbase. 
    - Add a patch to ignore test failures.
    - Set CLASSPATH=/usr/share/java/junit4.jar in debian/rules.

 -- Torsten Werner <twerner@debian.org>  Fri, 30 Jul 2010 03:07:08 +0200

jruby (1.5.0~rc3-1) unstable; urgency=low

  * New upstream release (Closes: #581360).

 -- Sebastien Delafond <seb@debian.org>  Wed, 12 May 2010 15:56:25 +0200

jruby (1.5.0~rc1-1) unstable; urgency=low

  * New upstream release candidate.
  * Moved to 4.0 (quilt) source format.
  * Updated watch file.
  * Bumped-up Standards-Version.

 -- Sebastien Delafond <seb@debian.org>  Tue, 20 Apr 2010 18:01:51 +0200

jruby (1.4.0-2) unstable; urgency=low

  * Make sure we're comptaible with a 1.5 JRE (Closes: #563028); thanks to
    Shyamal Prasad <shyamal@member.fsf.org> for the patch.

 -- Sebastien Delafond <seb@debian.org>  Mon, 11 Jan 2010 14:44:34 +0100

jruby (1.4.0-1) unstable; urgency=low

  * New upstream release.
  * Updated watch file.
  * Updated copyright file to reflect addition of new third-party jars.

 -- Sebastien Delafond <seb@debian.org>  Thu, 10 Dec 2009 12:34:42 +0100

jruby (1.3.1-2) unstable; urgency=low

  * Moving to non-free, with detailed debian/copyright (Closes: #551618).
  * Got rid of jruby alternatives as provided by older jruby1.x.

 -- Sebastien Delafond <seb@debian.org>  Wed, 09 Dec 2009 17:30:55 +0100

jruby (1.3.1-1) unstable; urgency=low

  * First release (Closes: #548734).
  * Move to non-free (See #527977).

 -- Sebastien Delafond <seb@debian.org>  Mon, 19 Oct 2009 15:41:51 +0200
