Bug 255161 - devel/maven: update to 3.8.1
Summary: devel/maven: update to 3.8.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kevin Bowling
URL: http://maven.apache.org/docs/3.8.1/re...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-18 00:13 UTC by Jonathan Chen
Modified: 2021-04-19 21:02 UTC (History)
1 user (show)

See Also:

Attachments
3.8.1 update (2.53 KB, patch)
2021-04-18 00:13 UTC, Jonathan Chen 		jonc: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Chen 2021-04-18 00:13:19 UTC 
Created attachment 224202 [details]
3.8.1 update

Update from 3.6.3 to 3.8.1
Comment 1 Kevin Bowling freebsd_committer freebsd_triage 2021-04-19 03:52:40 UTC 
I'm working on a VuXML for this
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-04-19 04:11:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830

commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 04:05:30 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 04:11:34 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

 devel/maven/Makefile    |  2 +-
 devel/maven/distinfo    |  6 ++---
 devel/maven/pkg-plist   | 18 ++++++-------
 security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 80 insertions(+), 13 deletions(-)
Comment 3 Kevin Bowling freebsd_committer freebsd_triage 2021-04-19 04:35:32 UTC 
Thanks for your contribution!
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-04-19 21:02:13 UTC 
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5675152f8fb588ed22092352a5a0294a67ba8442

commit 5675152f8fb588ed22092352a5a0294a67ba8442
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 18:00:15 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 18:00:15 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

    (cherry picked from commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830)

 devel/maven/Makefile  |  2 +-
 devel/maven/distinfo  |  6 +++---
 devel/maven/pkg-plist | 18 +++++++++---------
 3 files changed, 13 insertions(+), 13 deletions(-)