Bug 255161

Summary: devel/maven: update to 3.8.1
Product: Ports & Packages Reporter: Jonathan Chen <jonc>
Component: Individual Port(s)Assignee: Kevin Bowling <kbowling>
Status: Closed FIXED    
Severity: Affects Only Me CC: kbowling
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
URL: http://maven.apache.org/docs/3.8.1/release-notes.html
Attachments:
Description Flags
3.8.1 update jonc: maintainer-approval+

Description Jonathan Chen 2021-04-18 00:13:19 UTC 
Created attachment 224202 [details]
3.8.1 update

Update from 3.6.3 to 3.8.1
Comment 1 Kevin Bowling freebsd_committer freebsd_triage 2021-04-19 03:52:40 UTC 
I'm working on a VuXML for this
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-04-19 04:11:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830

commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 04:05:30 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 04:11:34 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

 devel/maven/Makefile    |  2 +-
 devel/maven/distinfo    |  6 ++---
 devel/maven/pkg-plist   | 18 ++++++-------
 security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 80 insertions(+), 13 deletions(-)
Comment 3 Kevin Bowling freebsd_committer freebsd_triage 2021-04-19 04:35:32 UTC 
Thanks for your contribution!
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-04-19 21:02:13 UTC 
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5675152f8fb588ed22092352a5a0294a67ba8442

commit 5675152f8fb588ed22092352a5a0294a67ba8442
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 18:00:15 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 18:00:15 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

    (cherry picked from commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830)

 devel/maven/Makefile  |  2 +-
 devel/maven/distinfo  |  6 +++---
 devel/maven/pkg-plist | 18 +++++++++---------
 3 files changed, 13 insertions(+), 13 deletions(-)