Bug#779622: marked as done (wheezy-pu: package maven/3.0.4-3~deb7u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#779622: marked as done (wheezy-pu: package maven/3.0.4-3~deb7u1)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 05 Sep 2015 13:37:52 +0000
Message-id: <[🔎] handler.779622.D779622.14414600866767.ackdone@bugs.debian.org>
References: <1441460034.2151.33.camel@adam-barratt.org.uk> <20150303082456.28066.62305.reportbug@icare.ariane-software.com>

Your message dated Sat, 05 Sep 2015 14:33:54 +0100
with message-id <1441460034.2151.33.camel@adam-barratt.org.uk>
and subject line Closing bugs for 7.9
has caused the Debian Bug report #779622,
regarding wheezy-pu: package maven/3.0.4-3~deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779622
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wheezy-pu: package maven/3.0.4-3~deb7u1
From: Emmanuel Bourg <ebourg@apache.org>
Date: Tue, 03 Mar 2015 09:24:56 +0100
Message-id: <20150303082456.28066.62305.reportbug@icare.ariane-software.com>

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to backport the latest Maven security fix to Wheezy, the security team
advised to upload it as a proposed update. Please find the debdiff below.

Thank you,

Emmanuel Bourg


diff -Nru maven-3.0.4/debian/changelog maven-3.0.4/debian/changelog
--- maven-3.0.4/debian/changelog        2012-02-06 22:42:07.000000000 +0100
+++ maven-3.0.4/debian/changelog        2015-03-03 08:53:27.000000000 +0100
@@ -1,3 +1,11 @@
+maven (3.0.4-3~deb7u1) stable; urgency=high
+
+  * Team upload.
+  * Use a secure connection by default to download artifacts
+    from the Maven Central repository (Closes: #779331)
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Fri, 27 Feb 2015 17:56:07 +0100
+
 maven (3.0.4-3) unstable; urgency=low

   * Use wagon 2.x to provide http/webdav access.
diff -Nru maven-3.0.4/debian/patches/secure-maven-central-access.diff maven-3.0.4/debian/patches/secure-maven-central-access.diff
--- maven-3.0.4/debian/patches/secure-maven-central-access.diff 1970-01-01 01:00:00.000000000 +0100
+++ maven-3.0.4/debian/patches/secure-maven-central-access.diff 2015-03-03 08:30:52.000000000 +0100
@@ -0,0 +1,33 @@
+Description: Download artifacts from Maven central using https by default
+Origin: backport, https://github.com/apache/maven/commit/9216191
+--- a/maven-core/src/main/java/org/apache/maven/repository/RepositorySystem.java
++++ b/maven-core/src/main/java/org/apache/maven/repository/RepositorySystem.java
+@@ -51,7 +51,7 @@
+
+     final String DEFAULT_REMOTE_REPO_ID = "central";
+
+-    final String DEFAULT_REMOTE_REPO_URL = "http://repo.maven.apache.org/maven2";;
++    final String DEFAULT_REMOTE_REPO_URL = "https://repo.maven.apache.org/maven2";;
+
+     Artifact createArtifact( String groupId, String artifactId, String version, String packaging );
+
+--- a/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml
++++ b/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml
+@@ -27,7 +27,7 @@
+     <repository>
+       <id>central</id>
+       <name>Central Repository</name>
+-      <url>http://repo.maven.apache.org/maven2</url>
++      <url>https://repo.maven.apache.org/maven2</url>
+       <layout>default</layout>
+       <snapshots>
+         <enabled>false</enabled>
+@@ -39,7 +39,7 @@
+     <pluginRepository>
+       <id>central</id>
+       <name>Central Repository</name>
+-      <url>http://repo.maven.apache.org/maven2</url>
++      <url>https://repo.maven.apache.org/maven2</url>
+       <layout>default</layout>
+       <snapshots>
+         <enabled>false</enabled>
diff -Nru maven-3.0.4/debian/patches/series maven-3.0.4/debian/patches/series
--- maven-3.0.4/debian/patches/series   2012-02-06 22:42:07.000000000 +0100
+++ maven-3.0.4/debian/patches/series   2015-03-03 08:30:52.000000000 +0100
@@ -4,3 +4,4 @@
 add_dependencies.diff
 force_java15_compiler.diff
 no_maven_assembly.diff
+secure-maven-central-access.diff

--- End Message ---

--- Begin Message ---

To: 725661-done@bugs.debian.org, 770955-done@bugs.debian.org, 773796-done@bugs.debian.org, 774773-done@bugs.debian.org, 774820-done@bugs.debian.org, 774850-done@bugs.debian.org, 774921-done@bugs.debian.org, 775380-done@bugs.debian.org, 775603-done@bugs.debian.org, 775664-done@bugs.debian.org, 775825-done@bugs.debian.org, 776095-done@bugs.debian.org, 776734-done@bugs.debian.org, 776781-done@bugs.debian.org, 776884-done@bugs.debian.org, 777046-done@bugs.debian.org, 777047-done@bugs.debian.org, 777372-done@bugs.debian.org, 777553-done@bugs.debian.org, 778622-done@bugs.debian.org, 779083-done@bugs.debian.org, 779622-done@bugs.debian.org, 779926-done@bugs.debian.org, 780191-done@bugs.debian.org, 780471-done@bugs.debian.org, 780798-done@bugs.debian.org, 780924-done@bugs.debian.org, 781281-done@bugs.debian.org, 781406-done@bugs.debian.org, 781542-done@bugs.debian.org, 781885-done@bugs.debian.org, 781965-done@bugs.debian.org, 782042-done@bugs.debian.org, 782165-done@bugs.debian.org, 782409-done@bugs.debian.org, 782600-done@bugs.debian.org, 782663-done@bugs.debian.org, 782848-done@bugs.debian.org, 783659-done@bugs.debian.org, 783749-done@bugs.debian.org, 784102-done@bugs.debian.org, 785155-done@bugs.debian.org, 785348-done@bugs.debian.org, 785735-done@bugs.debian.org, 786691-done@bugs.debian.org, 786830-done@bugs.debian.org, 786919-done@bugs.debian.org, 787076-done@bugs.debian.org, 787403-done@bugs.debian.org, 787933-done@bugs.debian.org, 787947-done@bugs.debian.org, 788064-done@bugs.debian.org, 788242-done@bugs.debian.org, 788558-done@bugs.debian.org, 788664-done@bugs.debian.org, 790692-done@bugs.debian.org, 790940-done@bugs.debian.org, 793028-done@bugs.debian.org, 794962-done@bugs.debian.org, 795166-done@bugs.debian.org, 795892-done@bugs.debian.org, 797079-done@bugs.debian.org, 797213-done@bugs.debian.org

Subject: Closing bugs for 7.9

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 05 Sep 2015 14:33:54 +0100

Message-id: <1441460034.2151.33.camel@adam-barratt.org.uk>
Version: 7.9

Hi,

These bugs relate to updates which were included in the 7.9 point
release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#779926: marked as done (pu: package intel-microcode/1.20150121.1)
Next by Date: Bug#780191: marked as done (wheezy-pu: package tcllib/1.14-dfsg-3+deb7u1)
Previous by thread: Bug#779926: marked as done (pu: package intel-microcode/1.20150121.1)
Next by thread: Bug#780191: marked as done (wheezy-pu: package tcllib/1.14-dfsg-3+deb7u1)
Index(es):
- Date
- Thread