[SCM] jenkins packaging branch, master, updated. debian/1.466.2+dfsg-1-13-gf2fe1f8
James Page
james.page at ubuntu.com
Thu Jan 10 10:11:55 UTC 2013
The following commit has been merged in the master branch:
commit f2fe1f8c034c522c8701462c4b7af5334210b9aa
Author: James Page <james.page at ubuntu.com>
Date: Thu Jan 10 10:10:21 2013 +0000
New upstream release, fixing a critical security vulnerability:
* New upstream release, fixing a critical security vulnerability:
- d/control: Versioned BD jenkins-trilead-ssh2 >= 214-jenkins-1.
* Tidied lintian warnings.
* Bumped Standards-Version: 3.9.4, no changes.
diff --git a/debian/NEWS b/debian/NEWS
index ffadf95..fa014fb 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,37 @@
+jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low
+
+ This new version of Jenkins will generate a new set of different
+ cryptographic keys to protect sensitive data, authenticate slaves,
+ and so on.
+
+ Because of this, administrators of Jenkins need to be aware of
+ the following implications of the upgrade:
+
+ API tokens of many users will likely change as a result, and
+ therefore if you have scripts and external programs that rely
+ on these tokens, some of them will fail. Please retrieve the
+ updated API tokens from the UI.
+
+ Slaves that are started via Java Web Start will fail to reconnect
+ if the *.jnlp file is locally stored. This is because the
+ authentication tokens change. An administrator would have to
+ login to the UI, retrieve the *.jnlp file and overwrite what's
+ already on the slave. A slave that was launched via Java Web Start
+ and then turned into a service through its menu falls into this
+ category.
+
+ Once the new version is started, the administrator needs to run
+ the Re-keying process to update the on-disk configuration files
+ to use the newer encryption key. Go to "Manage Jenkins" page and
+ follow the instruction at the top of the page. Please also read
+ https://wiki.jenkins-ci.org/display/SECURITY/Re-keying before
+ running this process.
+
+ See https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
+ for more details of the security vulnerability.
+
+ -- James Page <james.page at ubuntu.com> Wed, 09 Jan 2013 17:56:51 +0000
+
jenkins (1.447.1+dfsg-1) unstable; urgency=low
This new upstream release of Jenkins does not currently include
diff --git a/debian/changelog b/debian/changelog
index 95e425d..2051812 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,13 @@
-jenkins (1.480.2+dfsg-1~exp1) UNRELEASED; urgency=low
+jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low
- * New upstream release:
+ * New upstream release, fixing a critical security vulnerability:
- d/control: Added new BD on libjbcrypt-java.
- d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-40.
+ - d/control: Versioned BD jenkins-trilead-ssh2 >= 214-jenkins-1.
+ * Tidied lintian warnings.
+ * Bumped Standards-Version: 3.9.4, no changes.
- -- James Page <james.page at ubuntu.com> Wed, 05 Dec 2012 21:56:17 +0000
+ -- James Page <james.page at ubuntu.com> Thu, 10 Jan 2013 09:50:50 +0000
jenkins (1.466.2+dfsg-1) experimental; urgency=low
diff --git a/debian/control b/debian/control
index a373809..950e546 100644
--- a/debian/control
+++ b/debian/control
@@ -54,7 +54,7 @@ Build-Depends-Indep:
libjenkins-htmlunit-java,
libjenkins-json-java (>= 2.1-rev7),
libjenkins-remoting-java (>= 2.16),
- libjenkins-trilead-ssh2-java,
+ libjenkins-trilead-ssh2-java (>= 214-jenkins-1),
libjenkins-winstone-java (>= 0.9.10-jenkins-40),
libjenkins-xstream-java,
libjetty-java,
@@ -97,11 +97,10 @@ Build-Depends-Indep:
libtxw2-java,
libxpp3-java,
ttf-dejavu-core
-Standards-Version: 3.9.3
+Standards-Version: 3.9.4
Homepage: http://jenkins-ci.org/
-Vcs-Git: git://git.debian.org/git/pkg-java/jenkins.git
-Vcs-Browser: http://git.debian.org/?p=pkg-java/jenkins.git
-DM-Upload-Allowed: yes
+Vcs-Git: git://anonscm.debian.org/pkg-java/jenkins.git
+Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-java/jenkins.git
Package: libjenkins-java
Architecture: all
diff --git a/debian/patches/build/use-debian-jbcrypt.patch b/debian/patches/build/use-debian-jbcrypt.patch
index 21bf2f0..9b34a9b 100644
--- a/debian/patches/build/use-debian-jbcrypt.patch
+++ b/debian/patches/build/use-debian-jbcrypt.patch
@@ -1,3 +1,10 @@
+Description: Alter package name for Debian
+ The debian JBCrypt package has a difference package name to
+ the one present in the central maven repository; this updates
+ jenkins to use the one in Debian.
+Author: James Page <james.page at ubuntu.com>
+Forwarded: not-needed
+
--- a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
+++ b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -59,7 +59,7 @@ import org.kohsuke.stapler.HttpResponses
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..5b60099
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,2 @@
+# trilead-ssh2 upstream version is actually 214-jenkins-1 so this is a false positive
+jenkins source: build-depends-on-1-revision build-depends-indep: libjenkins-trilead-ssh2-java (>= 214-jenkins-1)
--
jenkins packaging
More information about the pkg-java-commits
mailing list