Bug 252564 - devel/nexus2-oss: update to 2.14.20-02
Summary: devel/nexus2-oss: update to 2.14.20-02
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kyle Evans
URL: https://help.sonatype.com/repomanager...
Keywords: needs-patch, needs-qa, security
Depends on: 252561
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-10 19:49 UTC by Michael Osipov
Modified: 2021-09-29 14:08 UTC (History)
5 users (show)

See Also:
michael.osipov: maintainer-feedback+
koobs: maintainer-feedback? (kevans)
kevans: merge-quarterly+


Attachments
Patch against /usr/ports/devel/nexus2-oss (9.73 KB, patch)
2021-01-10 19:49 UTC, Michael Osipov
michael.osipov: maintainer-approval+
michael.osipov: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2021-01-10 19:49:24 UTC
Created attachment 221444 [details]
Patch against /usr/ports/devel/nexus2-oss

Port maintainer here. Tested on 11.4-RELEASE/12.2-RELEASE with Java 8, 11, 14, 15 with poudriere.
Comment 1 Automation User 2021-01-10 20:12:21 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/239675951
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2021-01-11 08:29:23 UTC
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval.
--
Attachment -> Details -> maintainer-approval [+]

^Triage: Maintainer-feedback flag (+) not required unless requested (?) first.

Thanks!
Comment 3 Michael Osipov 2021-05-15 09:18:21 UTC
Kyle, can you apply this patch? Thanks!
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-08 02:38:41 UTC
^Triage: .19 and .20 are security updates, VuXML entry and merge (MFH)vuxml
Comment 5 Michael Osipov 2021-09-28 07:39:33 UTC
Can this be merged before the next quartely branch is created?
Comment 6 Kyle Evans freebsd_committer freebsd_triage 2021-09-28 07:51:12 UTC
(In reply to Michael Osipov from comment #3)

Sorry, I'll pick this up tomorrow (well, later today -- it's 02:50 here). There are CVEs issued, so we'll need to write up a VuXML entry to go with this.
Comment 7 Michael Osipov 2021-09-28 07:51:58 UTC
(In reply to Kyle Evans from comment #6)

Thank you Kyle!
Comment 8 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:53:06 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1e427d25951275287b076cabfd8b0c941beec269

commit 1e427d25951275287b076cabfd8b0c941beec269
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:50:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:52:49 +0000

    devel/nexus2-oss: update to 2.14.20-02

    This is primarily a secure release; 2.14.20 also includes:
    - [NEXUS-25956] Signatures with ECC algorithm not being recognized

    PR:             252564
    Security:       b2f1f86f-20e6-11ec-a574-080027eedc6a
    Security:       730e922f-20e7-11ec-a574-080027eedc6a
    MFH:            2021Q3

 devel/nexus2-oss/Makefile  |  6 +++---
 devel/nexus2-oss/distinfo  |  6 +++---
 devel/nexus2-oss/pkg-plist | 52 +++++++++++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 32 deletions(-)
Comment 9 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:53:07 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6960fe90127df6082d59649f93437580c1f0afa7

commit 6960fe90127df6082d59649f93437580c1f0afa7
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:42:09 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:52:41 +0000

    security/vuxml: document recent nexus2-oss vulnerabilities

    PR:     252564

 security/vuxml/vuln-2021.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
Comment 10 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:58:09 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=07b3d79b46db75d4e1353beeb0023456de429e26

commit 07b3d79b46db75d4e1353beeb0023456de429e26
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:50:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:57:34 +0000

    devel/nexus2-oss: update to 2.14.20-02

    This is primarily a secure release; 2.14.20 also includes:
    - [NEXUS-25956] Signatures with ECC algorithm not being recognized

    PR:             252564
    Security:       b2f1f86f-20e6-11ec-a574-080027eedc6a
    Security:       730e922f-20e7-11ec-a574-080027eedc6a

    (cherry picked from commit 1e427d25951275287b076cabfd8b0c941beec269)

 devel/nexus2-oss/Makefile  |  6 +++---
 devel/nexus2-oss/distinfo  |  6 +++---
 devel/nexus2-oss/pkg-plist | 52 +++++++++++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 32 deletions(-)
Comment 11 Kyle Evans freebsd_committer freebsd_triage 2021-09-29 05:58:48 UTC
Sorry, I forgot to reset --author on the patch to the port itself, but it is done-

Thanks for the submission!
Comment 12 Michael Osipov 2021-09-29 09:48:24 UTC
Fantastic, thank you!
Comment 13 Michael Osipov 2021-09-29 13:17:26 UTC
@kevans

The commits contain a bug. The Patch version has been incorrectly applied. While my patch contains .20, the changeset says .02.
Can you fix this please?
Comment 14 commit-hook freebsd_committer freebsd_triage 2021-09-29 14:05:37 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=46599b3120eac3346eae74c4056cd294fbdd9922

commit 46599b3120eac3346eae74c4056cd294fbdd9922
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 14:04:05 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 14:05:18 +0000

    devel/nexus2-oss: fix inappropriately transcribed patch

    PR:             252564
    Pointyhat:      kevans

 devel/nexus2-oss/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 15 commit-hook freebsd_committer freebsd_triage 2021-09-29 14:07:39 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9fb203bbb03290926b3d5539d1982425838801b5

commit 9fb203bbb03290926b3d5539d1982425838801b5
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 14:04:05 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 14:07:09 +0000

    devel/nexus2-oss: fix inappropriately transcribed patch

    PR:             252564
    Pointyhat:      kevans
    (cherry picked from commit 46599b3120eac3346eae74c4056cd294fbdd9922)

 devel/nexus2-oss/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 16 Kyle Evans freebsd_committer freebsd_triage 2021-09-29 14:08:20 UTC
(In reply to Michael Osipov from comment #13)

Sorry about that- there was a patch conflict and I had ended up reapplying it on two different machines, but resolved it incorrectly the second time. :-( Fixed and re-tested.