Bug 255161 - devel/maven: update to 3.8.1
Summary: devel/maven: update to 3.8.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kevin Bowling
URL: http://maven.apache.org/docs/3.8.1/re...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-18 00:13 UTC by Jonathan Chen
Modified: 2021-04-19 21:02 UTC (History)
1 user (show)

See Also:


Attachments
3.8.1 update (2.53 KB, patch)
2021-04-18 00:13 UTC, Jonathan Chen
jonc: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Chen 2021-04-18 00:13:19 UTC
Created attachment 224202 [details]
3.8.1 update

Update from 3.6.3 to 3.8.1
Comment 1 Kevin Bowling freebsd_committer 2021-04-19 03:52:40 UTC
I'm working on a VuXML for this
Comment 2 commit-hook freebsd_committer 2021-04-19 04:11:51 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830

commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 04:05:30 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 04:11:34 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

 devel/maven/Makefile    |  2 +-
 devel/maven/distinfo    |  6 ++---
 devel/maven/pkg-plist   | 18 ++++++-------
 security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 80 insertions(+), 13 deletions(-)
Comment 3 Kevin Bowling freebsd_committer 2021-04-19 04:35:32 UTC
Thanks for your contribution!
Comment 4 commit-hook freebsd_committer 2021-04-19 21:02:13 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5675152f8fb588ed22092352a5a0294a67ba8442

commit 5675152f8fb588ed22092352a5a0294a67ba8442
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-04-19 18:00:15 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-04-19 18:00:15 +0000

    devel/maven: update to 3.8.1

    This is not just a bugfix as it contains three features that cause a change of
    default behavior (external HTTP insecure URLs are now blocked by default): your
    builds may fail when using this new Maven release, if you use now blocked
    repositories. Please check and eventually fix before upgrading.

    Changes http://maven.apache.org/docs/3.8.1/release-notes.html

    PR:             255161
    Approved by:    Jonathan Chen <jonc@chen.org.nz> (maintainer)
    Security:       CVE-2021-26291
                    CVE-2020-13956

    (cherry picked from commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830)

 devel/maven/Makefile  |  2 +-
 devel/maven/distinfo  |  6 +++---
 devel/maven/pkg-plist | 18 +++++++++---------
 3 files changed, 13 insertions(+), 13 deletions(-)