Date: Mon, 19 Apr 2021 10:05:42 +0200 From: Mathieu Arnold <mat@freebsd.org> To: Baptiste Daroussin <bapt@freebsd.org> Cc: Kevin Bowling <kevin.bowling@kev009.com>, Kevin Bowling <kbowling@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 887cfadcdf5e - main - devel/maven: update to 3.8.1 Message-ID: <20210419080542.5dl2j76hwiu2lb35@aching.in.mat.cc> In-Reply-To: <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu> References: <202104190411.13J4BfrC096512@gitrepo.freebsd.org> <20210419072338.ixoex7jzy42zkfqm@aniel.nours.eu> <CAK7dMtD85eK45H41_2YYHTqT2kpYRfYj6Lp8f3HRkEBaLQeyEA@mail.gmail.com> <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--ka4czvgzwmopbnee Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 19, 2021 at 09:31:53AM +0200, Baptiste Daroussin wrote: > On Mon, Apr 19, 2021 at 12:29:58AM -0700, Kevin Bowling wrote: > > On Mon, Apr 19, 2021 at 12:23 AM Baptiste Daroussin <bapt@freebsd.org> = wrote: > > > > > > On Mon, Apr 19, 2021 at 04:11:41AM +0000, Kevin Bowling wrote: > > > > The branch main has been updated by kbowling: > > > > > > > > URL: https://cgit.FreeBSD.org/ports/commit/?id=3D887cfadcdf5e7ce9a3= 3ef83ee6ee7b63ff855830 > > > > > > > > commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830 > > > > Author: Kevin Bowling <kbowling@FreeBSD.org> > > > > AuthorDate: 2021-04-19 04:05:30 +0000 > > > > Commit: Kevin Bowling <kbowling@FreeBSD.org> > > > > CommitDate: 2021-04-19 04:11:34 +0000 > > > > > > > > devel/maven: update to 3.8.1 > > > > > > > > This is not just a bugfix as it contains three features that ca= use a change of > > > > default behavior (external HTTP insecure URLs are now blocked b= y default): your > > > > builds may fail when using this new Maven release, if you use n= ow blocked > > > > repositories. Please check and eventually fix before upgrading. > > > > > > > > Changes http://maven.apache.org/docs/3.8.1/release-notes.html > > > > > > > > PR: 255161 > > > > Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer) > > > > Security: CVE-2021-26291 > > > > CVE-2020-13956 > > > > --- > > > > devel/maven/Makefile | 2 +- > > > > devel/maven/distinfo | 6 ++--- > > > > devel/maven/pkg-plist | 18 ++++++------- > > > > security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++= ++++++++++++ > > > > 4 files changed, 80 insertions(+), 13 deletions(-) > > > > > > You are not supposed to commit the vuxml entry with that actual port = (as > > > explained in the porter handbook), The reason for that is fairly simp= le, vuxml > > > entries are not merged back to quarterly branches, so now merging thi= s to the > > > quarterly branch (which is what we are supposed to do for CVE in part= icular) > > > will result in a conflict on vuxml instead of a simple straight forwa= rd > > > cherry-pick > >=20 > > Ok. Would you like me to handle the MFH to drop that part of the chang= e? >=20 > Would be nice yes >=20 > Thank you very much! >=20 > Note there used to be a hook to prevent that seems like it has been lost = in the > git transition. The hook is ready, just waiting for deployement. --=20 Mathieu Arnold --ka4czvgzwmopbnee Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEVhwchfRfuV0unqO5KesJApEdfgIFAmB9OdFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDU2 MUMxQzg1RjQ1RkI5NUQyRTlFQTNCOTI5RUIwOTAyOTExRDdFMDIACgkQKesJApEd fgKMShAAgahy6y+XDVMjZ6Ahe9dG9nJXAKdaKnp2OlcBUm1VYrP7QOtsenPwOkq+ 5drK3JKyQ69IImKHButCF883fZcua9bqCNyirX5ipxWCtX9uZTFqRNvfJuXwfhMq CYM+jiWffSst8Hqg60wDD/GRyqH06GfQKnFZCSHCOvUVCUTXwYKZoBTd9ghO0Kes fqs2v3JvSl4Uws9UOl54QRoGzYCntPfId5kPM7d3N57wOabJrZDHQuU7gtmBkHNB ebg/aHyP/+ySKAXGZLPeM6mx3nU0ZkcHGuBRYdN5X2qT0xWJ1FyS9BnXgZT6BVo8 N3LrF5HDWLBSE+LGMB/TxQTuaxyeTdQBqMkKVrXFUaO9y3rYnmMHmO9j5dlEvezE U23eW2oJxUSnTwjpODrsB6ZrOK+A61Wr73L6Zjf4IhhkvGWPKPboPUbKmsPFeAjw 1VFSrgpLyw7tdP3ub91t1zV8ig+F+TVKl2/D7+qtZVYu4/yk0X3Iv0xBzZGZ5qV5 c4pBvfMopDHB4g5uYfukv51ymgqth0oszXzZ/jYZA7yDI4JTS7cYsSNGVglGwAhf IjVGCsq62qxl53yf4r1bEpSU58YuQpR7NVUEpieMUcho8uVtMMJEJ95DIfzZG/Nd nKwY/mR8aoRvr51CR7S2rYX4iaHQ9V1L9BbCUdUKFJ3/qtJkYPc= =u00x -----END PGP SIGNATURE----- --ka4czvgzwmopbnee--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210419080542.5dl2j76hwiu2lb35>