Bug#686867: jruby: CVE-2011-4838

Thu Sep 20 14:05:38 UTC 2012

On Wed, 19 Sep 2012 21:16:51 -0700
tony mancill <tmancill at debian.org> wrote:
> Thank you for attaching the patch.  I have it applying cleanly and am in
> the process of preparing an upload.  However, currently the jruby
> package is FTBFS due to an issue with one of its build-deps, nailgun,
> which is installing a bad symlink.
> 
> > $ ls -al /usr/share/java/nailgun*
> > -rw-r--r-- 1 root root 25607 Jul 18 22:54 /usr/share/java/nailgun-0.9.0.jar
> > -rw-r--r-- 1 root root  7048 Jul 18 22:54 /usr/share/java/nailgun-examples-0.9.0.jar
> > lrwxrwxrwx 1 root root    17 Jul 18 22:54 /usr/share/java/nailgun.jar -> nailgun-0.7.1.jar

 It's my mistake that using static version for symlink... sorry for the mess.
 And a bit confusion for versioning, so prepared fix as below.
 If it seems to be okay, I'll upload to unstable.


diff -Nru nailgun-0.7.1+trunk95/debian/changelog nailgun-0.9.0+trunk95/debian/changelog

--- nailgun-0.7.1+trunk95/debian/changelog	2012-07-19 07:54:01.000000000 +0900
+++ nailgun-0.9.0+trunk95/debian/changelog	2012-09-20 23:01:12.000000000 +0900
@@ -1,3 +1,12 @@
+nailgun (0.9.0+trunk95-1) unstable; urgency=low
+
+  * Bump up version number since it produces jar files with version as 
+    0.9.0. Nothing changed in upstream source.
+  * debian/nailgun.links
+    - fix symlink, don't use static version number.
+
+ -- Hideki Yamane <henrich at debian.org>  Thu, 20 Sep 2012 22:58:48 +0900
+
 nailgun (0.7.1+trunk95-1) unstable; urgency=medium
 
   * Taken from Subversion repository
@@ -8,7 +17,7 @@
   * debian/patches
     - refresh all two patches
     - add "name_define_as_ng-nailgun_ng.c.patch" to avoid
-      ClassNotFoundException (Closes: LP#793859)
+      ClassNotFoundException (LP: #793859)
     - add "Makefile_enable_hardening.patch" to enable hardening
   * debian/rules
     - enable hardening
diff -Nru nailgun-0.7.1+trunk95/debian/nailgun.links nailgun-0.9.0+trunk95/debian/nailgun.links
--- nailgun-0.7.1+trunk95/debian/nailgun.links	2010-08-23 04:33:49.000000000 +0900
+++ nailgun-0.9.0+trunk95/debian/nailgun.links	2012-09-20 22:57:45.000000000 +0900
@@ -1 +1 @@
-usr/share/java/nailgun-0.7.1.jar	usr/share/java/nailgun.jar
+usr/share/java/nailgun-*.jar	usr/share/java/nailgun.jar

