-
jenkins (1.424.6+dfsg-1ubuntu0.2) precise; urgency=low
* Ensure jenkins keeps logging after log rotation (LP: #993065).
- d/*.logrotate: Switch to copytruncate so jenkins does not lose the
original file handle.
-- Jean-Baptiste Lallement <email address hidden> Wed, 12 Jun 2013 19:24:47 +0200
-
jenkins (1.424.6+dfsg-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Remote code execution and XSS vulnerabilities
in Jenkins core (LP: #1055416):
- d/p/security/CVE-2012-4438_CVE-2012-4439.patch: Cherry picked
fixes from 1.466.2 release to resolve remote code execution
and XSS security vulnerabilities.
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
- CVE-2012-4438
- CVE-2012-4439
-- James Page <email address hidden> Tue, 25 Sep 2012 13:32:05 +0100
-
jenkins (1.424.6+dfsg-1) unstable; urgency=low
* New upstream release, fixing XSS security vulnerability (Closes: #664057):
- d/control: Add new dependency on libowasp-java-html-sanitizer-java.
- d/maven.rules: Add new rule to use artifacts
from libowasp-java-html-sanitizer-java.
* Switch upstart configurations to use start-stop-daemon to allow
desktop systems to shutdown.
* d/jenkins-slave.upstart.in: Ensure /var/run/jenkins exists before
trying to download the jenkins slave.jar file to it.
Thanks to Al Stone for providing this fix.
-- James Page <email address hidden> Tue, 27 Mar 2012 09:17:51 +0100
-
jenkins (1.424.6+dfsg-0ubuntu2) precise; urgency=low
* d/jenkins-slave.upstart.in: Ensure /var/run/jenkins exists before
trying to download the jenkins slave.jar file to it (LP: #961691).
Thanks to Al Stone for providing this fix.
-- James Page <email address hidden> Thu, 22 Mar 2012 11:44:47 +0000
-
jenkins (1.424.6+dfsg-0ubuntu1) precise; urgency=low
* New upstream release, fixing XSS security vulnerability (LP: #954960):
- d/control: Add new dependency on libowasp-java-html-sanitizer-java.
- d/maven.rules: Add new rule to use artifacts
from libowasp-java-html-sanitizer-java.
-- James Page <email address hidden> Tue, 20 Mar 2012 12:00:31 +0000
-
jenkins (1.424.3+dfsg-1ubuntu1) precise; urgency=low
* Switch upstart configuration to use start-stop-daemon to allow
desktop systems to shutdown (LP: #952902).
-- James Page <email address hidden> Mon, 12 Mar 2012 11:29:37 +0000
-
jenkins (1.424.3+dfsg-1) unstable; urgency=low
* New upstream bugfix release.
* Refreshed patches:
- Dropped disable-avalon-frawework.patch - no longer required.
* Bumped Standards-Version: 3.9.3; no changes required.
* Enable use of jenkins-instance-identity and jenkins-ssh-cli-auth to
support use of public/private keypairs when using the jenkins remote
cli tool.
* Dropped jcaptcha-slf4j.patch; no longer required as library not used.
* Updated plugin parent pom file to specifiy default source/target for
maven-compiler-plugin as Java 1.5.
* Ensure that jenkins group exists and that its the primary group for
the jenkins user to help deal with transition from upstream packaging
(Closes: #661203).
-- James Page <email address hidden> Tue, 28 Feb 2012 16:51:50 +0000
-
jenkins (1.424.2+dfsg-2) unstable; urgency=low
* Enable Jenkins plugin components to support building plugins and
modules (Closes: #658071):
- d/control: Enabled libjenkins-plugin-parent-java, updated dependencies.
- d/plugin-debian.pom.in,rules: Install pom file to act as parent POM for
plugin development based on upstream plugin pom file.
- d/libjenkins-plugin-parent-java.poms: Dropped - no longer required.
- d/patches/build/plugin.patch: Dropped - no longer required.
* Switch to using libservlet2.5-java (Closes: #658805)
-- James Page <email address hidden> Fri, 10 Feb 2012 14:20:19 +0000
-
jenkins (1.424.2+dfsg-1) unstable; urgency=low
[ Miguel Landaeta ]
* Replace dependencies on Spring Framework 2.5 libraries with 3.0 ones.
(Closes: #655906).
[ James Page ]
* New upstream release.
- d/control: Add new dependencies on libjenkins-remoting-java,
libstapler-adjunct-codemirror-java and libmaven-hpi-plugin-java.
- d/control: Dropped libjcaptcha-java; no longer needed.
* d/control: Switch to using packaged animal-sniffer.
* Refreshed patches:
- d/patches/build/{debianize-antrun-war,animal-sniffer-annotation}.patch:
dropped as no longer required.
-- James Page <email address hidden> Tue, 31 Jan 2012 10:33:56 +0000
-
jenkins (1.409.3+dfsg-2) unstable; urgency=low
[ James Page ]
* http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
- Rebuild to pickup new versions of jenkins-winstone (>= 0.9.10-jenkins-31)
and jenkins-executable-war (>= 1.25) to fix Hash DoS vulnerability in
jenkins when running standalone.
[ Damien Raude-Morvan ]
* Add DM-Upload-Allowed flag for James Page.
-- James Page <email address hidden> Sat, 14 Jan 2012 18:41:37 +0100
-
jenkins (1.409.3-0ubuntu1) precise; urgency=low
* New upstream release:
- Refreshed patches.
- d/maven.rules: Updated jenkins version to 1.409.3.
* Pickup new version of jenkins-winstone resolving XSS security
vulnerability (LP: #889181).
* d/patches/build/apt-stapler-processing.patch: Temporary patch to fix
build when using later versions of stapler which use standard
Java annotation processing.
-- James Page <email address hidden> Tue, 22 Nov 2011 08:31:53 +0000
-
jenkins (1.409.2-0ubuntu1) precise; urgency=low
* New upstream release:
- d/control: Added new BDI's - libjtidy-java, libjenkins-htmlunit-java
- Refreshed patches.
- d/maven.rules: Updated jenkins version to 1.409.2.
* Updated upstart configuration to start on runlevel [2345].
* Revised patches to filter on compile/test surplus native integrations
rather than patchout complete files.
* Re-organised patches by type.
* Fixed issue with projects with spaces in names with jenkins-monitor-job
(LP: #880786).
-- James Page <email address hidden> Sat, 22 Oct 2011 11:57:35 +0100
-
jenkins (1.409.1-0ubuntu4) oneiric; urgency=low
* Resolve conflict between winstone and libservlet2.5-java (LP: #862272):
- debian/jenkins.upstart: Use java.net.URLClassLoader instead of
standard WebAppClassloader to ensure the winstone classes are used.
-- James Page <email address hidden> Tue, 11 Oct 2011 08:53:33 +0100
