jenkins (1.424.6+dfsg-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: Remote code execution and XSS vulnerabilities
    in Jenkins core (LP: #1055416):
    - d/p/security/CVE-2012-4438_CVE-2012-4439.patch: Cherry picked
      fixes from 1.466.2 release to resolve remote code execution
      and XSS security vulnerabilities.
    - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
    - CVE-2012-4438
    - CVE-2012-4439

 -- James Page <james.page@ubuntu.com>  Tue, 25 Sep 2012 13:32:05 +0100

jenkins (1.424.6+dfsg-1) unstable; urgency=low

  * New upstream release, fixing XSS security vulnerability (Closes: #664057):
    - d/control: Add new dependency on libowasp-java-html-sanitizer-java.
    - d/maven.rules: Add new rule to use artifacts 
      from libowasp-java-html-sanitizer-java.
  * Switch upstart configurations to use start-stop-daemon to allow
    desktop systems to shutdown.
  * d/jenkins-slave.upstart.in: Ensure /var/run/jenkins exists before
    trying to download the jenkins slave.jar file to it.
    Thanks to Al Stone for providing this fix.

 -- James Page <james.page@ubuntu.com>  Tue, 27 Mar 2012 09:17:51 +0100

jenkins (1.424.3+dfsg-1) unstable; urgency=low

  * New upstream bugfix release.
  * Refreshed patches:
    - Dropped disable-avalon-frawework.patch - no longer required.
  * Bumped Standards-Version: 3.9.3; no changes required.
  * Enable use of jenkins-instance-identity and jenkins-ssh-cli-auth to 
    support use of public/private keypairs when using the jenkins remote
    cli tool. 
  * Dropped jcaptcha-slf4j.patch; no longer required as library not used.
  * Updated plugin parent pom file to specifiy default source/target for
    maven-compiler-plugin as Java 1.5.
  * Ensure that jenkins group exists and that its the primary group for
    the jenkins user to help deal with transition from upstream packaging 
    (Closes: #661203).

 -- James Page <james.page@ubuntu.com>  Tue, 28 Feb 2012 16:51:50 +0000

jenkins (1.424.2+dfsg-2) unstable; urgency=low

  * Enable Jenkins plugin components to support building plugins and 
    modules (Closes: #658071):
    - d/control: Enabled libjenkins-plugin-parent-java, updated dependencies.
    - d/plugin-debian.pom.in,rules: Install pom file to act as parent POM for 
      plugin development based on upstream plugin pom file.
    - d/libjenkins-plugin-parent-java.poms: Dropped - no longer required.
    - d/patches/build/plugin.patch: Dropped - no longer required.
  * Switch to using libservlet2.5-java (Closes: #658805)

 -- James Page <james.page@ubuntu.com>  Fri, 10 Feb 2012 14:20:19 +0000

jenkins (1.424.2+dfsg-1) unstable; urgency=low

  [ Miguel Landaeta ]
  * Replace dependencies on Spring Framework 2.5 libraries with 3.0 ones.
    (Closes: #655906).

  [ James Page ]
  * New upstream release.
    - d/control: Add new dependencies on libjenkins-remoting-java, 
      libstapler-adjunct-codemirror-java and libmaven-hpi-plugin-java.
    - d/control: Dropped libjcaptcha-java; no longer needed.
  * d/control: Switch to using packaged animal-sniffer.
  * Refreshed patches:
    - d/patches/build/{debianize-antrun-war,animal-sniffer-annotation}.patch:
      dropped as no longer required.

 -- James Page <james.page@ubuntu.com>  Tue, 31 Jan 2012 10:33:56 +0000

jenkins (1.409.3+dfsg-2) unstable; urgency=low

  [ James Page ]
  * http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
    - Rebuild to pickup new versions of jenkins-winstone (>= 0.9.10-jenkins-31)
      and jenkins-executable-war (>= 1.25) to fix Hash DoS vulnerability in
      jenkins when running standalone.

  [ Damien Raude-Morvan ]
  * Add DM-Upload-Allowed flag for James Page.

 -- James Page <james.page@ubuntu.com>  Sat, 14 Jan 2012 18:41:37 +0100

jenkins (1.409.3+dfsg-1) unstable; urgency=low

  * Initial Debian release (Closes: #561963):
    - Repack for DFSG compliance.
  * Disabled build of libjenkins-plugin-parent-java as not currently
    installable due to broken upstream maven-hpi-plugin.
  * Added Debian init scripts and default configuration for jenkins 
    and jenkins-slave packages and updated rules to switch in upstart 
    configuration for Ubuntu builds.
  * d/bin/dowload-slave.sh: Updated to use parameter rather than 
    environment variable when locating Jenkins master server.

 -- James Page <james.page@ubuntu.com>  Fri, 09 Dec 2011 12:04:59 +0000

jenkins (1.409.3-0ubuntu1) precise; urgency=low

  * New upstream release:
    - Refreshed patches.
    - d/maven.rules: Updated jenkins version to 1.409.3.
  * Pickup new version of jenkins-winstone resolving XSS security 
    vulnerability (LP: #889181).
  * d/patches/build/apt-stapler-processing.patch: Temporary patch to fix
    build when using later versions of stapler which use standard  
    Java annotation processing.

 -- James Page <james.page@ubuntu.com>  Tue, 22 Nov 2011 08:31:53 +0000

jenkins (1.409.2-0ubuntu1) precise; urgency=low

  * New upstream release:
    - d/control: Added new BDI's - libjtidy-java, libjenkins-htmlunit-java
    - Refreshed patches.
    - d/maven.rules: Updated jenkins version to 1.409.2.
  * Updated upstart configuration to start on runlevel [2345].
  * Revised patches to filter on compile/test surplus native integrations 
    rather than patchout complete files.
  * Re-organised patches by type.
  * Fixed issue with projects with spaces in names with jenkins-monitor-job
    (LP: #880786).

 -- James Page <james.page@ubuntu.com>  Sat, 22 Oct 2011 11:57:35 +0100

jenkins (1.409.1-0ubuntu4) oneiric; urgency=low

  * Resolve conflict between winstone and libservlet2.5-java (LP: #862272):
    - debian/jenkins.upstart: Use java.net.URLClassLoader instead of
      standard WebAppClassloader to ensure the winstone classes are used.

 -- James Page <james.page@ubuntu.com>  Tue, 11 Oct 2011 08:53:33 +0100

jenkins (1.409.1-0ubuntu3) oneiric; urgency=low

  * Fix FTBFS with asm3 >= 3.3 (LP: #851659):
    - d/maven.rules: Use asm-all instead of asm to align to restructure
      of jar files.

 -- James Page <james.page@ubuntu.com>  Fri, 16 Sep 2011 09:32:28 +0100

jenkins (1.409.1-0ubuntu2) oneiric; urgency=low

  * Resolved issue with specific group being set in upstart
    configuration (LP: #820938).
  * Rebuild to pickup new versions of jenkins-xstream to enable ARM
    compatibility (LP: #827463).
  * Rebuild to pickup new versions of jcaptcha and jenkins-winstone to
    resolve compatibiltiy issues with libservlet2.5-java (LP: #827651).
  * Fix FTBFS due to missing fonts causing test failure in Jenkins core:
     - debian/control: added ttf-dejavu-core to Build-Depends-Indep.
  * Fix FTBFS due to change in location of jtidy maven artifact:
     - debian/maven.rules: switch jtidy -> net.sf.jtidy to pickup new
       location.

 -- James Page <james.page@ubuntu.com>  Tue, 06 Sep 2011 16:53:57 +0100

jenkins (1.409.1-0ubuntu1) oneiric; urgency=low

  * Initial release.

 -- James Page <james.page@ubuntu.com>  Wed, 20 Jul 2011 11:11:18 +0100
