Bug 252564 - devel/nexus2-oss: update to 2.14.20-02
Summary: devel/nexus2-oss: update to 2.14.20-02
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kyle Evans
URL: https://help.sonatype.com/repomanager...
Keywords: needs-patch, needs-qa, security
Depends on: 252561
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-10 19:49 UTC by Michael Osipov
Modified: 2021-09-29 14:08 UTC (History)
5 users (show)

See Also:
michael.osipov: maintainer-feedback+
koobs: maintainer-feedback? (kevans)
kevans: merge-quarterly+

Attachments
Patch against /usr/ports/devel/nexus2-oss (9.73 KB, patch)
2021-01-10 19:49 UTC, Michael Osipov 		michael.osipov: maintainer-approval+
michael.osipov: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2021-01-10 19:49:24 UTC 
Created attachment 221444 [details]
Patch against /usr/ports/devel/nexus2-oss

Port maintainer here. Tested on 11.4-RELEASE/12.2-RELEASE with Java 8, 11, 14, 15 with poudriere.
Comment 1 Automation User 2021-01-10 20:12:21 UTC 
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/239675951
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2021-01-11 08:29:23 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval.
--
Attachment -> Details -> maintainer-approval [+]

^Triage: Maintainer-feedback flag (+) not required unless requested (?) first.

Thanks!
Comment 3 Michael Osipov 2021-05-15 09:18:21 UTC 
Kyle, can you apply this patch? Thanks!
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-08 02:38:41 UTC 
^Triage: .19 and .20 are security updates, VuXML entry and merge (MFH)vuxml
Comment 5 Michael Osipov 2021-09-28 07:39:33 UTC 
Can this be merged before the next quartely branch is created?
Comment 6 Kyle Evans freebsd_committer freebsd_triage 2021-09-28 07:51:12 UTC 
(In reply to Michael Osipov from comment #3)

Sorry, I'll pick this up tomorrow (well, later today -- it's 02:50 here). There are CVEs issued, so we'll need to write up a VuXML entry to go with this.
Comment 7 Michael Osipov 2021-09-28 07:51:58 UTC 
(In reply to Kyle Evans from comment #6)

Thank you Kyle!
Comment 8 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:53:06 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1e427d25951275287b076cabfd8b0c941beec269

commit 1e427d25951275287b076cabfd8b0c941beec269
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:50:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:52:49 +0000

    devel/nexus2-oss: update to 2.14.20-02

    This is primarily a secure release; 2.14.20 also includes:
    - [NEXUS-25956] Signatures with ECC algorithm not being recognized

    PR:             252564
    Security:       b2f1f86f-20e6-11ec-a574-080027eedc6a
    Security:       730e922f-20e7-11ec-a574-080027eedc6a
    MFH:            2021Q3

 devel/nexus2-oss/Makefile  |  6 +++---
 devel/nexus2-oss/distinfo  |  6 +++---
 devel/nexus2-oss/pkg-plist | 52 +++++++++++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 32 deletions(-)
Comment 9 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:53:07 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6960fe90127df6082d59649f93437580c1f0afa7

commit 6960fe90127df6082d59649f93437580c1f0afa7
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:42:09 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:52:41 +0000

    security/vuxml: document recent nexus2-oss vulnerabilities

    PR:     252564

 security/vuxml/vuln-2021.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
Comment 10 commit-hook freebsd_committer freebsd_triage 2021-09-29 05:58:09 UTC 
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=07b3d79b46db75d4e1353beeb0023456de429e26

commit 07b3d79b46db75d4e1353beeb0023456de429e26
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 05:50:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 05:57:34 +0000

    devel/nexus2-oss: update to 2.14.20-02

    This is primarily a secure release; 2.14.20 also includes:
    - [NEXUS-25956] Signatures with ECC algorithm not being recognized

    PR:             252564
    Security:       b2f1f86f-20e6-11ec-a574-080027eedc6a
    Security:       730e922f-20e7-11ec-a574-080027eedc6a

    (cherry picked from commit 1e427d25951275287b076cabfd8b0c941beec269)

 devel/nexus2-oss/Makefile  |  6 +++---
 devel/nexus2-oss/distinfo  |  6 +++---
 devel/nexus2-oss/pkg-plist | 52 +++++++++++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 32 deletions(-)
Comment 11 Kyle Evans freebsd_committer freebsd_triage 2021-09-29 05:58:48 UTC 
Sorry, I forgot to reset --author on the patch to the port itself, but it is done-

Thanks for the submission!
Comment 12 Michael Osipov 2021-09-29 09:48:24 UTC 
Fantastic, thank you!
Comment 13 Michael Osipov 2021-09-29 13:17:26 UTC 
@kevans

The commits contain a bug. The Patch version has been incorrectly applied. While my patch contains .20, the changeset says .02.
Can you fix this please?
Comment 14 commit-hook freebsd_committer freebsd_triage 2021-09-29 14:05:37 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=46599b3120eac3346eae74c4056cd294fbdd9922

commit 46599b3120eac3346eae74c4056cd294fbdd9922
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 14:04:05 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 14:05:18 +0000

    devel/nexus2-oss: fix inappropriately transcribed patch

    PR:             252564
    Pointyhat:      kevans

 devel/nexus2-oss/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 15 commit-hook freebsd_committer freebsd_triage 2021-09-29 14:07:39 UTC 
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9fb203bbb03290926b3d5539d1982425838801b5

commit 9fb203bbb03290926b3d5539d1982425838801b5
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-09-29 14:04:05 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-09-29 14:07:09 +0000

    devel/nexus2-oss: fix inappropriately transcribed patch

    PR:             252564
    Pointyhat:      kevans
    (cherry picked from commit 46599b3120eac3346eae74c4056cd294fbdd9922)

 devel/nexus2-oss/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 16 Kyle Evans freebsd_committer freebsd_triage 2021-09-29 14:08:20 UTC 
(In reply to Michael Osipov from comment #13)

Sorry about that- there was a patch conflict and I had ended up reapplying it on two different machines, but resolved it incorrectly the second time. :-( Fixed and re-tested.