jenkins (1.565.3-3+dyson1) unstable; urgency=medium * Package for Dyson -- Igor Pashev Tue, 13 Jan 2015 17:37:29 +0300 jenkins (1.565.3-3) unstable; urgency=medium * Team upload. [ Yann Rouillard ] * Added dependency on libcglib3-java to fix NoClassDefFoundError at runtime. * Removed Context Resource symlinks directives as they don't work anymore in Tomcat 8 and are not required for Jenkins (Closes: #769594) * Removed useless properties Debug and AllowLinking in Context definition to suppress warnings in Tomcat logs. * Backported upstream patch to ensure HttpOnly cookie flag is properly set and avoid warning messages about Security cookie flag (Closes: #769682) [ Emmanuel Bourg ] * Documented the security issue with master/slave setups (CVE-2014-3665) * Documented in /etc/default/jenkins how to run Jenkins on non local addresses (Closes: #726489) -- Emmanuel Bourg Fri, 05 Dec 2014 12:27:57 +0100 jenkins (1.565.3-2) unstable; urgency=medium * Team upload. * Install core plugins: - matrix-auth 1.2 and matrix-project 1.3 (Closes: #764711) - mailer 1.11 (Closes: #764960) - ant 1.2 - antisamy-markup-formatter 1.2 * Removed the build dependency on libowasp-java-html-sanitizer-java * Depend on libguice-java >= 4.0~beta5 to fix a NoSuchMethodError at runtime with the Maven plugin * Standards-Version updated to 3.9.6 (no changes) * Added a Built-Using field for jenkins-common -- Emmanuel Bourg Fri, 24 Oct 2014 22:37:41 +0200 jenkins (1.565.3-1) unstable; urgency=high * Team upload. * New upstream release - Fixes multiple security vulnerabilities (Closes: #763899) - Refreshed the patches - Removed 0018-fileupload-compat.patch (applied upstream) * Fixed debian/orig-tar.sh -- Emmanuel Bourg Fri, 03 Oct 2014 17:19:29 +0200 jenkins (1.565.2-3) unstable; urgency=medium * Removed unused build dependencies: libjetty-java and glassfish-activation * Depend on libmail-java instead of glassfish-mail * Added a dependency on bytecode-compatibility-transformer (Closes: #762798) * Added a note about the manual installation of matrix-project-plugin in debian/jenkins.README.Debian -- Emmanuel Bourg Mon, 29 Sep 2014 15:49:56 +0200 jenkins (1.565.2-2) unstable; urgency=medium * Team upload. * debian/plugin-debian.pom.in: Updated the version of maven-stapler-plugin -- Emmanuel Bourg Wed, 17 Sep 2014 17:12:36 +0200 jenkins (1.565.2-1) unstable; urgency=medium * Team upload. * New upstream release - Fixes multiple security vulnerabilities (Closes: #732708, #739067) - Refreshed the patches - Ignore the dependency on bytecode-compatibility-transformer - Ignore the dependency on org.kohsuke.jinterop:j-interop - Ignore the dependency on org.jenkins-ci.modules:systemd-slave-installer - Added a dependency on libguice-java and libjsr305-java - Depend on libjenkins-remoting-java >= 2.43 - Depend on libannotation-indexer-java >= 1.7 - Depend on libstapler-java >= 1.224 - Depend on libstapler-adjunct-codemirror-java >= 1.3 - Depend on jenkins-test-annotations >= 1.1 - Depend on libbridge-method-injector-java >= 1.9 - Depend on libasm4-java instead of libasm3-java * jenkins-tomcat now targets Tomcat 8 instead of Tomcat 6 (Closes: #759623) * Fixed a build failure caused by the relocation of the Maven artifacts in groovy 1.8.6-4 (Closes: #759946) * Removed the sourceless and unused connection.swf file (Closes: #736792) * debian/watch: Fixed to match only the LTS releases (Closes: #731204) * Switch to debhelper level 9 * debian/control: - Standards-Version updated to 3.9.5 (no changes) - Depend on the Servlet API 3.1 instead of 2.5 * debian/copyright: Updated the Format URI to 1.0 * Use XZ compression for the upstream tarball * Added a lintian override for the source-contains-prebuilt-javascript-object and source-is-missing tags since every *-min.js has a corresponding *-debug.js file in the same directory with the original source. (Closes: #736793) -- Emmanuel Bourg Tue, 16 Sep 2014 14:38:16 +0200 jenkins (1.509.2+dfsg-2) unstable; urgency=low * d/plugin-parent.pom.in,control: Bump access-modifier-check version to 1.4 inline with the version in Debian unstable. (Closes: #720822, #720803) -- James Page Tue, 24 Sep 2013 14:12:23 +0100 jenkins (1.509.2+dfsg-1) unstable; urgency=low * New upstream release (Closes: #706725): - d/control: Update versioned BD's: * jenkins-executable-war >= 1.28. * jenkins-instance-identity >= 1.3. * libjenkins-remoting-java >= 2.23. * libjenkins-winstone-java >= 0.9.10-jenkins-44. * libstapler-java >= 1.207. * libjenkins-json-java >= 2.4-jenkins-1. * libstapler-adjunct-timeline-java >= 1.4. * libstapler-adjunct-codemirror-java >= 1.2. * libmaven-hpi-plugin-java >= 1.93. * libjenkins-xstream-java >= 1.4.4-jenkins-3. - d/maven.rules: Map to older version of animal-sniffer-maven-plugin. - Add patch for compatibility with guava >= 0.14. - Add patch to exclude asm4 dependency via jnr-posix. - Fixes the following security vulnerabilities: CVE-2013-2034, CVE-2013-2033, CVE-2013-2034, CVE-2013-1808 * d/patches/*: Switch to using git patch-queue for managing patches. * De-duplicate jars between libjenkins-java and jenkins-external-job-monitor (Closes: #701163): - d/control: Add dependency between jenkins-external-job-monitor -> libjenkins-java. - d/rules: Drop installation of jenkins-core in jenkins-external-job-monitor. - d/jenkins-external-job-monitor.{links,install}: Link to jenkins-core in /usr/share/java instead of included version. * Wait longer for jenkins to stop during restarts (Closes: #704848): - d/jenkins.init: Re-sync init script from upstream codebase. -- James Page Tue, 13 Aug 2013 12:35:19 +0100 jenkins (1.480.3+dfsg-1) unstable; urgency=low * Upload to unstable (Closes: #713394, #713423) * d/control: Fixup versioned inter-dependencies between jenkins packages (Closes: #704845). * d/jenkins.default: Provide variables for configuring listen address for http and ajp connections (Closes: #684586), listen on 127.0.0.1 by default to allow installs to be secured before wider access (Closes: #675233). * Fixup compatibility with new versions of dependencies: - d/p/build/fileupload-compat.patch: Compatibility patch for commons-fileupload >= 1.3. - d/p/build/io-compat.pach: Compatibility patch for commons-io >= 2.4. - d/control: Add versioned dependencies for the above patches. * d/*.init: Drop use of /lib/init/vars.sh. * d/rules: Use mh_installpoms to install all pom files as this ensures that ignore rules are actually used. -- James Page Thu, 25 Jul 2013 11:44:01 +0100 jenkins (1.480.3+dfsg-1~exp2) experimental; urgency=low * Revert to using package specific plugin POM file over upstream provided version: - d/p/ignore-plugin-pom.patch: Exclude upstream provided plugin POM file from build process, fixing FTBFS. - d/rules,plugin-parent.pom.in: Use packaging specific plugin POM file to ensure compatibility with Jenkins modules. -- James Page Sat, 06 Apr 2013 21:37:29 +0100 jenkins (1.480.3+dfsg-1~exp1) experimental; urgency=low * New upstream release (Closes: #700761, #679616): - d/control: Versioned BD jenkins-remoting >= 2.22. - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-42. - d/control: Versioned BD stapler >= 1.198. - d/maven.ignoreRules: Ignore new slave-launcher modules until packaged. - Refreshed patches. - Fixes the following security vulnerabilities: CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331 * d/control: Versioned BD trilead-putty-extension (>= 1.2) (Closes: #698834). * d/control: Add net-tools and procps dependencies to jenkins (Closes: #698835). * d/rules,control, *.upstart.in: Rejig upstart/init configurations now that debhelper does the right thing across Debian/Ubuntu. * d/rules,plugin_parent.pom.in: Drop as good plugin parent pom now provided upstream. -- James Page Sun, 17 Feb 2013 17:11:13 +0000 jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low * New upstream release (Closes: #696816, #697617): - d/control: Added new BD on libjbcrypt-java. - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-40. - d/control: Versioned BD jenkins-trilead-ssh2 >= 214-jenkins-1. - Fixes the following security vulnerabilities: CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158. * Tidied lintian warnings. * Bumped Standards-Version: 3.9.4, no changes. -- James Page Thu, 10 Jan 2013 09:50:50 +0000 jenkins (1.466.2+dfsg-1) experimental; urgency=low * New upstream release. * d/rules: Updated handling of java files in groovy source folder. * d/*.lintian-overrides: Added overrides for java libraries which only install into /usr/share/maven-repo for Jenkins plugin builds. -- James Page Wed, 21 Nov 2012 09:04:43 +0000 jenkins (1.447.2+dfsg-1) unstable; urgency=low * New upstream release. * Ensure jenkins keeps logging after log rotation (LP: #993065). - d/*.logrotate: Switch to copytruncate so jenkins does not lose the original file handle. -- James Page Thu, 21 Jun 2012 09:47:58 +0100 jenkins (1.447.1+dfsg-1) unstable; urgency=low * New upstream release: - d/patches/dependency-upgrade/groovy-upgrade.patch: Dropped - now aligned to upstream version. - d/patches/build/jenkins-version-number.patch: Patch in small version handling library from Jenkins project rather than package separately. - d/patches/build/use-stock-jmdns.patch, d/maven.rules: Revert upstream use of minor fork of JmDNS. - d/patches/build/build.patch: Allow building with Maven 2, this works OK for this package as Maven 3 features are not used by the package build process at the moment. - d/patches/build/remove-findbugs.patch: Drop findbugs annotations from the codebase as this tool is not packaged for Debian. - Refreshed all other patches. - d/maven.ignoreRules, d/maven.properties: Disable unit testing and ignore powermock dependencies until powermock is packaged. - d/maven.ignoreRules, d/NEWS: Ignore jenkins sshd module until it gets packaged and let users know this feature is missing. - d/control: Added new dependencies on libsisu-guice-java, libmockito-java. -- James Page Wed, 02 May 2012 15:12:45 +0100 jenkins (1.424.6+dfsg-1) unstable; urgency=low * New upstream release, fixing XSS security vulnerability (Closes: #664057): - d/control: Add new dependency on libowasp-java-html-sanitizer-java. - d/maven.rules: Add new rule to use artifacts from libowasp-java-html-sanitizer-java. * Switch upstart configurations to use start-stop-daemon to allow desktop systems to shutdown. * d/jenkins-slave.upstart.in: Ensure /var/run/jenkins exists before trying to download the jenkins slave.jar file to it. Thanks to Al Stone for providing this fix. -- James Page Tue, 27 Mar 2012 09:17:51 +0100 jenkins (1.424.3+dfsg-1) unstable; urgency=low * New upstream bugfix release. * Refreshed patches: - Dropped disable-avalon-frawework.patch - no longer required. * Bumped Standards-Version: 3.9.3; no changes required. * Enable use of jenkins-instance-identity and jenkins-ssh-cli-auth to support use of public/private keypairs when using the jenkins remote cli tool. * Dropped jcaptcha-slf4j.patch; no longer required as library not used. * Updated plugin parent pom file to specifiy default source/target for maven-compiler-plugin as Java 1.5. * Ensure that jenkins group exists and that its the primary group for the jenkins user to help deal with transition from upstream packaging (Closes: #661203). -- James Page Tue, 28 Feb 2012 16:51:50 +0000 jenkins (1.424.2+dfsg-2) unstable; urgency=low * Enable Jenkins plugin components to support building plugins and modules (Closes: #658071): - d/control: Enabled libjenkins-plugin-parent-java, updated dependencies. - d/plugin-debian.pom.in,rules: Install pom file to act as parent POM for plugin development based on upstream plugin pom file. - d/libjenkins-plugin-parent-java.poms: Dropped - no longer required. - d/patches/build/plugin.patch: Dropped - no longer required. * Switch to using libservlet2.5-java (Closes: #658805) -- James Page Fri, 10 Feb 2012 14:20:19 +0000 jenkins (1.424.2+dfsg-1) unstable; urgency=low [ Miguel Landaeta ] * Replace dependencies on Spring Framework 2.5 libraries with 3.0 ones. (Closes: #655906). [ James Page ] * New upstream release. - d/control: Add new dependencies on libjenkins-remoting-java, libstapler-adjunct-codemirror-java and libmaven-hpi-plugin-java. - d/control: Dropped libjcaptcha-java; no longer needed. * d/control: Switch to using packaged animal-sniffer. * Refreshed patches: - d/patches/build/{debianize-antrun-war,animal-sniffer-annotation}.patch: dropped as no longer required. -- James Page Tue, 31 Jan 2012 10:33:56 +0000 jenkins (1.409.3+dfsg-2) unstable; urgency=low [ James Page ] * http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb - Rebuild to pickup new versions of jenkins-winstone (>= 0.9.10-jenkins-31) and jenkins-executable-war (>= 1.25) to fix Hash DoS vulnerability in jenkins when running standalone. [ Damien Raude-Morvan ] * Add DM-Upload-Allowed flag for James Page. -- James Page Sat, 14 Jan 2012 18:41:37 +0100 jenkins (1.409.3+dfsg-1) unstable; urgency=low * Initial Debian release (Closes: #561963): - Repack for DFSG compliance. * Disabled build of libjenkins-plugin-parent-java as not currently installable due to broken upstream maven-hpi-plugin. * Added Debian init scripts and default configuration for jenkins and jenkins-slave packages and updated rules to switch in upstart configuration for Ubuntu builds. * d/bin/dowload-slave.sh: Updated to use parameter rather than environment variable when locating Jenkins master server. -- James Page Fri, 09 Dec 2011 12:04:59 +0000 jenkins (1.409.3-0ubuntu1) precise; urgency=low * New upstream release: - Refreshed patches. - d/maven.rules: Updated jenkins version to 1.409.3. * Pickup new version of jenkins-winstone resolving XSS security vulnerability (LP: #889181). * d/patches/build/apt-stapler-processing.patch: Temporary patch to fix build when using later versions of stapler which use standard Java annotation processing. -- James Page Tue, 22 Nov 2011 08:31:53 +0000 jenkins (1.409.2-0ubuntu1) precise; urgency=low * New upstream release: - d/control: Added new BDI's - libjtidy-java, libjenkins-htmlunit-java - Refreshed patches. - d/maven.rules: Updated jenkins version to 1.409.2. * Updated upstart configuration to start on runlevel [2345]. * Revised patches to filter on compile/test surplus native integrations rather than patchout complete files. * Re-organised patches by type. * Fixed issue with projects with spaces in names with jenkins-monitor-job (LP: #880786). -- James Page Sat, 22 Oct 2011 11:57:35 +0100 jenkins (1.409.1-0ubuntu4) oneiric; urgency=low * Resolve conflict between winstone and libservlet2.5-java (LP: #862272): - debian/jenkins.upstart: Use java.net.URLClassLoader instead of standard WebAppClassloader to ensure the winstone classes are used. -- James Page Tue, 11 Oct 2011 08:53:33 +0100 jenkins (1.409.1-0ubuntu3) oneiric; urgency=low * Fix FTBFS with asm3 >= 3.3 (LP: #851659): - d/maven.rules: Use asm-all instead of asm to align to restructure of jar files. -- James Page Fri, 16 Sep 2011 09:32:28 +0100 jenkins (1.409.1-0ubuntu2) oneiric; urgency=low * Resolved issue with specific group being set in upstart configuration (LP: #820938). * Rebuild to pickup new versions of jenkins-xstream to enable ARM compatibility (LP: #827463). * Rebuild to pickup new versions of jcaptcha and jenkins-winstone to resolve compatibiltiy issues with libservlet2.5-java (LP: #827651). * Fix FTBFS due to missing fonts causing test failure in Jenkins core: - debian/control: added ttf-dejavu-core to Build-Depends-Indep. * Fix FTBFS due to change in location of jtidy maven artifact: - debian/maven.rules: switch jtidy -> net.sf.jtidy to pickup new location. -- James Page Tue, 06 Sep 2011 16:53:57 +0100 jenkins (1.409.1-0ubuntu1) oneiric; urgency=low * Initial release. -- James Page Wed, 20 Jul 2011 11:11:18 +0100