Date: Sat, 08 Aug 2015 11:57:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201704] lang/groovy: remote execution of untrusted code vulnerability in 2.3.9 Message-ID: <bug-201704-13-kzSlAvbDUQ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-201704-13@https.bugs.freebsd.org/bugzilla/> References: <bug-201704-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201704 --- Comment #2 from Jason Unovitch <jason.unovitch@gmail.com> --- (In reply to Jason Unovitch from comment #1) Details/Comments for the records: - Add NO_ARCH This is Java and other non-arch specific. pkg-static: DEVELOPER_MODE: Notice: arch "FreeBSD:11:amd64" -- no architecture specific files found: - Remove various LICENSE files that were removed upstream https://github.com/apache/incubator-groovy/commit/0f645889a49ce867671c79ea480952394807fdcb That commit removed ANTLR-LICENSE.txt, ASM-LICENSE.txt, and JSR223-LICENSE.txt. However there were several other commits after that point that affected licenses embedded with the Groovy distfile. I would advise anyone with concern over this to review the upstream Git closely. - Remove PDF documentation that was removed upstream https://github.com/apache/incubator-groovy/commit/de6161fcc55fdd124478baa8a9e2309abd084e5f Upstream mentions replacing with Asciidoctor documentation however the gradle/assemble.gradle still attempts to use the pre-built PDF that used to be included under Git revision control. I would speculate that PDF support may come back in a future release when the Asciidoctor efforts are finished. - Switch @dirrm to @dir The plist is built dynamically, so fix the Makefile where it's generate to handle this Poudriere QA warning: pkg-static: Warning: @dirrm[try] is deprecated, please use @dir -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201704-13-kzSlAvbDUQ>