jenkins (1.509.2+dfsg-2) unstable; urgency=low

  * d/plugin-parent.pom.in,control: Bump access-modifier-check version
    to 1.4 inline with the version in Debian unstable.
    (Closes: #720822, #720803)

 -- James Page <james.page@ubuntu.com>  Tue, 24 Sep 2013 14:12:23 +0100

jenkins (1.509.2+dfsg-1) unstable; urgency=low

  * New upstream release (Closes: #706725):
    - d/control: Update versioned BD's:
      * jenkins-executable-war >= 1.28.
      * jenkins-instance-identity >= 1.3.
      * libjenkins-remoting-java >= 2.23.
      * libjenkins-winstone-java >= 0.9.10-jenkins-44.
      * libstapler-java >= 1.207.
      * libjenkins-json-java >= 2.4-jenkins-1.
      * libstapler-adjunct-timeline-java >= 1.4.
      * libstapler-adjunct-codemirror-java >= 1.2.
      * libmaven-hpi-plugin-java >= 1.93.
      * libjenkins-xstream-java >= 1.4.4-jenkins-3.
    - d/maven.rules: Map to older version of animal-sniffer-maven-plugin.
    - Add patch for compatibility with guava >= 0.14.
    - Add patch to exclude asm4 dependency via jnr-posix.
    - Fixes the following security vulnerabilities:
      CVE-2013-2034, CVE-2013-2033, CVE-2013-2034, CVE-2013-1808
  * d/patches/*: Switch to using git patch-queue for managing patches.
  * De-duplicate jars between libjenkins-java and jenkins-external-job-monitor
    (Closes: #701163):
    - d/control: Add dependency between jenkins-external-job-monitor ->
      libjenkins-java.
    - d/rules: 
      Drop installation of jenkins-core in jenkins-external-job-monitor.
    - d/jenkins-external-job-monitor.{links,install}: Link to jenkins-core
      in /usr/share/java instead of included version.
  * Wait longer for jenkins to stop during restarts (Closes: #704848):
    - d/jenkins.init: Re-sync init script from upstream codebase.

 -- James Page <james.page@ubuntu.com>  Tue, 13 Aug 2013 12:35:19 +0100

jenkins (1.480.3+dfsg-1) unstable; urgency=low

  * Upload to unstable (Closes: #713394, #713423)
  * d/control: Fixup versioned inter-dependencies between jenkins
    packages (Closes: #704845).
  * d/jenkins.default: Provide variables for configuring listen address
    for http and ajp connections (Closes: #684586), listen on 127.0.0.1
    by default to allow installs to be secured before wider access
    (Closes: #675233).
  * Fixup compatibility with new versions of dependencies:
    - d/p/build/fileupload-compat.patch: Compatibility patch for
      commons-fileupload >= 1.3.
    - d/p/build/io-compat.pach: Compatibility patch for commons-io >= 2.4.
    - d/control: Add versioned dependencies for the above patches.
  * d/*.init: Drop use of /lib/init/vars.sh.
  * d/rules: Use mh_installpoms to install all pom files as this ensures
    that ignore rules are actually used.

 -- James Page <james.page@ubuntu.com>  Thu, 25 Jul 2013 11:44:01 +0100

jenkins (1.480.3+dfsg-1~exp2) experimental; urgency=low

  * Revert to using package specific plugin POM file over upstream
    provided version:
    - d/p/ignore-plugin-pom.patch: Exclude upstream provided plugin
      POM file from build process, fixing FTBFS.
    - d/rules,plugin-parent.pom.in: Use packaging specific plugin POM
      file to ensure compatibility with Jenkins modules.

 -- James Page <james.page@ubuntu.com>  Sat, 06 Apr 2013 21:37:29 +0100

jenkins (1.480.3+dfsg-1~exp1) experimental; urgency=low

  * New upstream release (Closes: #700761, #679616):
    - d/control: Versioned BD jenkins-remoting >= 2.22.
    - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-42.
    - d/control: Versioned BD stapler >= 1.198.
    - d/maven.ignoreRules: Ignore new slave-launcher modules until
      packaged.
    - Refreshed patches.
    - Fixes the following security vulnerabilities:
      CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330,
      CVE-2013-0331
  * d/control: Versioned BD trilead-putty-extension (>= 1.2)
    (Closes: #698834).
  * d/control: Add net-tools and procps dependencies to jenkins
    (Closes: #698835).
  * d/rules,control, *.upstart.in: Rejig upstart/init configurations now
    that debhelper does the right thing across Debian/Ubuntu.
  * d/rules,plugin_parent.pom.in: Drop as good plugin parent pom now
    provided upstream.

 -- James Page <james.page@ubuntu.com>  Sun, 17 Feb 2013 17:11:13 +0000

jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low

  * New upstream release (Closes: #696816, #697617):
    - d/control: Added new BD on libjbcrypt-java.
    - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-40.
    - d/control: Versioned BD jenkins-trilead-ssh2 >= 214-jenkins-1.
    - Fixes the following security vulnerabilities:
      CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158.
  * Tidied lintian warnings.
  * Bumped Standards-Version: 3.9.4, no changes.

 -- James Page <james.page@ubuntu.com>  Thu, 10 Jan 2013 09:50:50 +0000

jenkins (1.466.2+dfsg-1) experimental; urgency=low

  * New upstream release.
  * d/rules: Updated handling of java files in groovy source folder.
  * d/*.lintian-overrides: Added overrides for java libraries which
    only install into /usr/share/maven-repo for Jenkins plugin builds.

 -- James Page <james.page@ubuntu.com>  Wed, 21 Nov 2012 09:04:43 +0000

jenkins (1.447.2+dfsg-1) unstable; urgency=low

  * New upstream release. 
  * Ensure jenkins keeps logging after log rotation (LP: #993065).
    - d/*.logrotate: Switch to copytruncate so jenkins does not lose
      the original file handle.

 -- James Page <james.page@ubuntu.com>  Thu, 21 Jun 2012 09:47:58 +0100

jenkins (1.447.1+dfsg-1) unstable; urgency=low

  * New upstream release:
    - d/patches/dependency-upgrade/groovy-upgrade.patch: Dropped - now
      aligned to upstream version.
    - d/patches/build/jenkins-version-number.patch: Patch in small version
      handling library from Jenkins project rather than package separately.
    - d/patches/build/use-stock-jmdns.patch, d/maven.rules: Revert upstream 
      use of minor fork of JmDNS.
    - d/patches/build/build.patch: Allow building with Maven 2, this works 
      OK for this package as Maven 3 features are not used by the package
      build process at the moment.
    - d/patches/build/remove-findbugs.patch: Drop findbugs annotations from
      the codebase as this tool is not packaged for Debian.
    - Refreshed all other patches.
    - d/maven.ignoreRules, d/maven.properties: Disable unit testing and ignore
      powermock dependencies until powermock is packaged.
    - d/maven.ignoreRules, d/NEWS: Ignore jenkins sshd module until it gets
      packaged and let users know this feature is missing.
    - d/control: Added new dependencies on libsisu-guice-java, libmockito-java.

 -- James Page <james.page@ubuntu.com>  Wed, 02 May 2012 15:12:45 +0100

jenkins (1.424.6+dfsg-1) unstable; urgency=low

  * New upstream release, fixing XSS security vulnerability (Closes: #664057):
    - d/control: Add new dependency on libowasp-java-html-sanitizer-java.
    - d/maven.rules: Add new rule to use artifacts 
      from libowasp-java-html-sanitizer-java.
  * Switch upstart configurations to use start-stop-daemon to allow
    desktop systems to shutdown.
  * d/jenkins-slave.upstart.in: Ensure /var/run/jenkins exists before
    trying to download the jenkins slave.jar file to it.
    Thanks to Al Stone for providing this fix.

 -- James Page <james.page@ubuntu.com>  Tue, 27 Mar 2012 09:17:51 +0100

jenkins (1.424.3+dfsg-1) unstable; urgency=low

  * New upstream bugfix release.
  * Refreshed patches:
    - Dropped disable-avalon-frawework.patch - no longer required.
  * Bumped Standards-Version: 3.9.3; no changes required.
  * Enable use of jenkins-instance-identity and jenkins-ssh-cli-auth to 
    support use of public/private keypairs when using the jenkins remote
    cli tool. 
  * Dropped jcaptcha-slf4j.patch; no longer required as library not used.
  * Updated plugin parent pom file to specifiy default source/target for
    maven-compiler-plugin as Java 1.5.
  * Ensure that jenkins group exists and that its the primary group for
    the jenkins user to help deal with transition from upstream packaging 
    (Closes: #661203).

 -- James Page <james.page@ubuntu.com>  Tue, 28 Feb 2012 16:51:50 +0000

jenkins (1.424.2+dfsg-2) unstable; urgency=low

  * Enable Jenkins plugin components to support building plugins and 
    modules (Closes: #658071):
    - d/control: Enabled libjenkins-plugin-parent-java, updated dependencies.
    - d/plugin-debian.pom.in,rules: Install pom file to act as parent POM for 
      plugin development based on upstream plugin pom file.
    - d/libjenkins-plugin-parent-java.poms: Dropped - no longer required.
    - d/patches/build/plugin.patch: Dropped - no longer required.
  * Switch to using libservlet2.5-java (Closes: #658805)

 -- James Page <james.page@ubuntu.com>  Fri, 10 Feb 2012 14:20:19 +0000

jenkins (1.424.2+dfsg-1) unstable; urgency=low

  [ Miguel Landaeta ]
  * Replace dependencies on Spring Framework 2.5 libraries with 3.0 ones.
    (Closes: #655906).

  [ James Page ]
  * New upstream release.
    - d/control: Add new dependencies on libjenkins-remoting-java, 
      libstapler-adjunct-codemirror-java and libmaven-hpi-plugin-java.
    - d/control: Dropped libjcaptcha-java; no longer needed.
  * d/control: Switch to using packaged animal-sniffer.
  * Refreshed patches:
    - d/patches/build/{debianize-antrun-war,animal-sniffer-annotation}.patch:
      dropped as no longer required.

 -- James Page <james.page@ubuntu.com>  Tue, 31 Jan 2012 10:33:56 +0000

jenkins (1.409.3+dfsg-2) unstable; urgency=low

  [ James Page ]
  * http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
    - Rebuild to pickup new versions of jenkins-winstone (>= 0.9.10-jenkins-31)
      and jenkins-executable-war (>= 1.25) to fix Hash DoS vulnerability in
      jenkins when running standalone.

  [ Damien Raude-Morvan ]
  * Add DM-Upload-Allowed flag for James Page.

 -- James Page <james.page@ubuntu.com>  Sat, 14 Jan 2012 18:41:37 +0100

jenkins (1.409.3+dfsg-1) unstable; urgency=low

  * Initial Debian release (Closes: #561963):
    - Repack for DFSG compliance.
  * Disabled build of libjenkins-plugin-parent-java as not currently
    installable due to broken upstream maven-hpi-plugin.
  * Added Debian init scripts and default configuration for jenkins 
    and jenkins-slave packages and updated rules to switch in upstart 
    configuration for Ubuntu builds.
  * d/bin/dowload-slave.sh: Updated to use parameter rather than 
    environment variable when locating Jenkins master server.

 -- James Page <james.page@ubuntu.com>  Fri, 09 Dec 2011 12:04:59 +0000

jenkins (1.409.3-0ubuntu1) precise; urgency=low

  * New upstream release:
    - Refreshed patches.
    - d/maven.rules: Updated jenkins version to 1.409.3.
  * Pickup new version of jenkins-winstone resolving XSS security 
    vulnerability (LP: #889181).
  * d/patches/build/apt-stapler-processing.patch: Temporary patch to fix
    build when using later versions of stapler which use standard  
    Java annotation processing.

 -- James Page <james.page@ubuntu.com>  Tue, 22 Nov 2011 08:31:53 +0000

jenkins (1.409.2-0ubuntu1) precise; urgency=low

  * New upstream release:
    - d/control: Added new BDI's - libjtidy-java, libjenkins-htmlunit-java
    - Refreshed patches.
    - d/maven.rules: Updated jenkins version to 1.409.2.
  * Updated upstart configuration to start on runlevel [2345].
  * Revised patches to filter on compile/test surplus native integrations 
    rather than patchout complete files.
  * Re-organised patches by type.
  * Fixed issue with projects with spaces in names with jenkins-monitor-job
    (LP: #880786).

 -- James Page <james.page@ubuntu.com>  Sat, 22 Oct 2011 11:57:35 +0100

jenkins (1.409.1-0ubuntu4) oneiric; urgency=low

  * Resolve conflict between winstone and libservlet2.5-java (LP: #862272):
    - debian/jenkins.upstart: Use java.net.URLClassLoader instead of
      standard WebAppClassloader to ensure the winstone classes are used.

 -- James Page <james.page@ubuntu.com>  Tue, 11 Oct 2011 08:53:33 +0100

jenkins (1.409.1-0ubuntu3) oneiric; urgency=low

  * Fix FTBFS with asm3 >= 3.3 (LP: #851659):
    - d/maven.rules: Use asm-all instead of asm to align to restructure
      of jar files.

 -- James Page <james.page@ubuntu.com>  Fri, 16 Sep 2011 09:32:28 +0100

jenkins (1.409.1-0ubuntu2) oneiric; urgency=low

  * Resolved issue with specific group being set in upstart
    configuration (LP: #820938).
  * Rebuild to pickup new versions of jenkins-xstream to enable ARM
    compatibility (LP: #827463).
  * Rebuild to pickup new versions of jcaptcha and jenkins-winstone to
    resolve compatibiltiy issues with libservlet2.5-java (LP: #827651).
  * Fix FTBFS due to missing fonts causing test failure in Jenkins core:
     - debian/control: added ttf-dejavu-core to Build-Depends-Indep.
  * Fix FTBFS due to change in location of jtidy maven artifact:
     - debian/maven.rules: switch jtidy -> net.sf.jtidy to pickup new
       location.

 -- James Page <james.page@ubuntu.com>  Tue, 06 Sep 2011 16:53:57 +0100

jenkins (1.409.1-0ubuntu1) oneiric; urgency=low

  * Initial release.

 -- James Page <james.page@ubuntu.com>  Wed, 20 Jul 2011 11:11:18 +0100
