Date: Mon, 19 Apr 2021 10:05:42 +0200 From: Mathieu Arnold <mat@freebsd.org> To: Baptiste Daroussin <bapt@freebsd.org> Cc: Kevin Bowling <kevin.bowling@kev009.com>, Kevin Bowling <kbowling@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 887cfadcdf5e - main - devel/maven: update to 3.8.1 Message-ID: <20210419080542.5dl2j76hwiu2lb35@aching.in.mat.cc> In-Reply-To: <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu> References: <202104190411.13J4BfrC096512@gitrepo.freebsd.org> <20210419072338.ixoex7jzy42zkfqm@aniel.nours.eu> <CAK7dMtD85eK45H41_2YYHTqT2kpYRfYj6Lp8f3HRkEBaLQeyEA@mail.gmail.com> <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Apr 19, 2021 at 09:31:53AM +0200, Baptiste Daroussin wrote: > On Mon, Apr 19, 2021 at 12:29:58AM -0700, Kevin Bowling wrote: > > On Mon, Apr 19, 2021 at 12:23 AM Baptiste Daroussin <bapt@freebsd.org> wrote: > > > > > > On Mon, Apr 19, 2021 at 04:11:41AM +0000, Kevin Bowling wrote: > > > > The branch main has been updated by kbowling: > > > > > > > > URL: https://cgit.FreeBSD.org/ports/commit/?id=887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830 > > > > > > > > commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830 > > > > Author: Kevin Bowling <kbowling@FreeBSD.org> > > > > AuthorDate: 2021-04-19 04:05:30 +0000 > > > > Commit: Kevin Bowling <kbowling@FreeBSD.org> > > > > CommitDate: 2021-04-19 04:11:34 +0000 > > > > > > > > devel/maven: update to 3.8.1 > > > > > > > > This is not just a bugfix as it contains three features that cause a change of > > > > default behavior (external HTTP insecure URLs are now blocked by default): your > > > > builds may fail when using this new Maven release, if you use now blocked > > > > repositories. Please check and eventually fix before upgrading. > > > > > > > > Changes http://maven.apache.org/docs/3.8.1/release-notes.html > > > > > > > > PR: 255161 > > > > Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer) > > > > Security: CVE-2021-26291 > > > > CVE-2020-13956 > > > > --- > > > > devel/maven/Makefile | 2 +- > > > > devel/maven/distinfo | 6 ++--- > > > > devel/maven/pkg-plist | 18 ++++++------- > > > > security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ > > > > 4 files changed, 80 insertions(+), 13 deletions(-) > > > > > > You are not supposed to commit the vuxml entry with that actual port (as > > > explained in the porter handbook), The reason for that is fairly simple, vuxml > > > entries are not merged back to quarterly branches, so now merging this to the > > > quarterly branch (which is what we are supposed to do for CVE in particular) > > > will result in a conflict on vuxml instead of a simple straight forward > > > cherry-pick > > > > Ok. Would you like me to handle the MFH to drop that part of the change? > > Would be nice yes > > Thank you very much! > > Note there used to be a hook to prevent that seems like it has been lost in the > git transition. The hook is ready, just waiting for deployement. -- Mathieu Arnold [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEVhwchfRfuV0unqO5KesJApEdfgIFAmB9OdFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDU2 MUMxQzg1RjQ1RkI5NUQyRTlFQTNCOTI5RUIwOTAyOTExRDdFMDIACgkQKesJApEd fgKMShAAgahy6y+XDVMjZ6Ahe9dG9nJXAKdaKnp2OlcBUm1VYrP7QOtsenPwOkq+ 5drK3JKyQ69IImKHButCF883fZcua9bqCNyirX5ipxWCtX9uZTFqRNvfJuXwfhMq CYM+jiWffSst8Hqg60wDD/GRyqH06GfQKnFZCSHCOvUVCUTXwYKZoBTd9ghO0Kes fqs2v3JvSl4Uws9UOl54QRoGzYCntPfId5kPM7d3N57wOabJrZDHQuU7gtmBkHNB ebg/aHyP/+ySKAXGZLPeM6mx3nU0ZkcHGuBRYdN5X2qT0xWJ1FyS9BnXgZT6BVo8 N3LrF5HDWLBSE+LGMB/TxQTuaxyeTdQBqMkKVrXFUaO9y3rYnmMHmO9j5dlEvezE U23eW2oJxUSnTwjpODrsB6ZrOK+A61Wr73L6Zjf4IhhkvGWPKPboPUbKmsPFeAjw 1VFSrgpLyw7tdP3ub91t1zV8ig+F+TVKl2/D7+qtZVYu4/yk0X3Iv0xBzZGZ5qV5 c4pBvfMopDHB4g5uYfukv51ymgqth0oszXzZ/jYZA7yDI4JTS7cYsSNGVglGwAhf IjVGCsq62qxl53yf4r1bEpSU58YuQpR7NVUEpieMUcho8uVtMMJEJ95DIfzZG/Nd nKwY/mR8aoRvr51CR7S2rYX4iaHQ9V1L9BbCUdUKFJ3/qtJkYPc= =u00x -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210419080542.5dl2j76hwiu2lb35>