[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779345: unblock: maven2-core/2.2.1-17

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package maven2-core, the version 2.2.1-17 fixes a security issue (#779338).
A similar update is planned for the maven2 and maven packages.

Thank you,

Emmanuel Bourg

unblock maven2-core/2.2.1-17


diff -Nru maven2-core-2.2.1/debian/changelog maven2-core-2.2.1/debian/changelog
--- maven2-core-2.2.1/debian/changelog  2014-09-24 00:49:28.000000000 +0200
+++ maven2-core-2.2.1/debian/changelog  2015-02-27 14:19:14.000000000 +0100
@@ -1,3 +1,12 @@
+maven2-core (2.2.1-17) unstable; urgency=high
+
+  * Team upload.
+  * Use a secure connection by default to download artifacts
+    from the Maven Central repository (Closes: #779338)
+  * Moved the package to Git
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Fri, 27 Feb 2015 11:46:36 +0100
+
 maven2-core (2.2.1-16) unstable; urgency=medium

   * Team upload
diff -Nru maven2-core-2.2.1/debian/control maven2-core-2.2.1/debian/control
--- maven2-core-2.2.1/debian/control    2014-09-24 00:49:28.000000000 +0200
+++ maven2-core-2.2.1/debian/control    2015-02-27 11:46:36.000000000 +0100
@@ -25,8 +25,8 @@
                      maven-ant-helper (>> 4),
                      maven-repo-helper
 Standards-Version: 3.9.6
-Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/maven2-core
-Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/maven2-core
+Vcs-Git: git://anonscm.debian.org/pkg-java/maven2-core.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-java/maven2-core.git
 Homepage: http://maven.apache.org

 Package: libmaven2-core-java
diff -Nru maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch
--- maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch     1970-01-01 01:00:00.000000000 +0100
+++ maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch     2015-02-27 12:02:00.000000000 +0100
@@ -0,0 +1,22 @@
+Description: Download artifacts from Maven central using https by default
+Origin: backport, https://github.com/apache/maven/commit/9216191
+--- a/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml
++++ b/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml
+@@ -27,7 +27,7 @@
+       <id>central</id>
+       <name>Maven Repository Switchboard</name>
+       <layout>default</layout>
+-      <url>http://repo1.maven.org/maven2</url>
++      <url>https://repo1.maven.org/maven2</url>
+       <snapshots>
+         <enabled>false</enabled>
+       </snapshots>
+@@ -38,7 +38,7 @@
+     <pluginRepository>
+       <id>central</id>
+       <name>Maven Plugin Repository</name>
+-      <url>http://repo1.maven.org/maven2</url>
++      <url>https://repo1.maven.org/maven2</url>
+       <layout>default</layout>
+       <snapshots>
+         <enabled>false</enabled>
diff -Nru maven2-core-2.2.1/debian/patches/series maven2-core-2.2.1/debian/patches/series
--- maven2-core-2.2.1/debian/patches/series     2014-09-24 00:49:28.000000000 +0200
+++ maven2-core-2.2.1/debian/patches/series     2015-02-27 11:54:20.000000000 +0100
@@ -2,3 +2,4 @@
 0002-update-plugin-versions.patch
 0003-update-plexus-utils.patch
 0004-remove-backport-util-concurrent.patch
Reply to: