Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1
From: Emmanuel Bourg <ebourg@apache.org>
Date: Tue, 03 Mar 2015 22:02:53 +0100
Message-id: <[🔎] 20150303210253.30704.66941.reportbug@icare.ariane-software.com>
Reply-to: Emmanuel Bourg <ebourg@apache.org>, 779670@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

Please accept maven2-core/2.2.1-8+deb7u1 in stable-updates to backport
the security fix recently applied to Maven 2 in testing/unstable.

Thank you,

Emmanuel Bourg


diff -Nru maven2-core-2.2.1/debian/changelog maven2-core-2.2.1/debian/changelog
--- maven2-core-2.2.1/debian/changelog  2011-10-13 04:58:44.000000000 +0200
+++ maven2-core-2.2.1/debian/changelog  2015-03-03 21:27:40.000000000 +0100
@@ -1,3 +1,11 @@
+maven2-core (2.2.1-8+deb7u1) stable; urgency=low
+
+  * Team upload.
+  * Use a secure connection by default to download artifacts
+    from the Maven Central repository (Closes: #779338)
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Fri, 27 Feb 2015 11:46:36 +0100
+
 maven2-core (2.2.1-8) unstable; urgency=low

   * Team upload.
diff -Nru maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch
--- maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch     1970-01-01 01:00:00.000000000 +0100
+++ maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch     2015-03-03 21:23:21.000000000 +0100
@@ -0,0 +1,22 @@
+Description: Download artifacts from Maven central using https by default
+Origin: backport, https://github.com/apache/maven/commit/9216191
+--- a/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml
++++ b/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml
+@@ -27,7 +27,7 @@
+       <id>central</id>
+       <name>Maven Repository Switchboard</name>
+       <layout>default</layout>
+-      <url>http://repo1.maven.org/maven2</url>
++      <url>https://repo1.maven.org/maven2</url>
+       <snapshots>
+         <enabled>false</enabled>
+       </snapshots>
+@@ -38,7 +38,7 @@
+     <pluginRepository>
+       <id>central</id>
+       <name>Maven Plugin Repository</name>
+-      <url>http://repo1.maven.org/maven2</url>
++      <url>https://repo1.maven.org/maven2</url>
+       <layout>default</layout>
+       <snapshots>
+         <enabled>false</enabled>
diff -Nru maven2-core-2.2.1/debian/patches/series maven2-core-2.2.1/debian/patches/series
--- maven2-core-2.2.1/debian/patches/series     2011-08-15 00:03:53.000000000 +0200
+++ maven2-core-2.2.1/debian/patches/series     2015-03-03 21:26:53.000000000 +0100
@@ -1,3 +1,4 @@
 0001-remove-webdav-support.patch
 0002-update-plugin-versions.patch
 0003-update-plexus-utils.patch
+0005-secure-maven-central-access.patch

Reply to:

Follow-Ups:
- Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed (with 1 errors): Re: Bug#779656: unblock: freetype/2.5.2-3
Next by Date: Bug#779209: unblock: grml2usb/0.14.10.1
Previous by thread: Bug#779668: marked as done (unblock: samba/2:4.1.17+dfsg-2)
Next by thread: Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1
Index(es):
- Date
- Thread