From owner-dev-commits-ports-all@freebsd.org Mon Apr 19 08:05:46 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5EB405E6F13; Mon, 19 Apr 2021 08:05:46 +0000 (UTC) (envelope-from mat@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FNzs626Jgz3Lck; Mon, 19 Apr 2021 08:05:46 +0000 (UTC) (envelope-from mat@freebsd.org) Received: from mail.j.mat.cc (owncloud.cube.mat.cc [IPv6:2a01:678:4:1::228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.mat.cc", Issuer "R3" (verified OK)) (Authenticated sender: mat/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 20A342E3BB; Mon, 19 Apr 2021 08:05:46 +0000 (UTC) (envelope-from mat@freebsd.org) Received: from aching.in.mat.cc (unknown [IPv6:2a01:678:ab:0:6ed8:2bdd:54e3:cb0c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mat@mat.cc) by mail.j.mat.cc (Postfix) with ESMTPSA id 5CFAC942D80; Mon, 19 Apr 2021 08:05:43 +0000 (UTC) Date: Mon, 19 Apr 2021 10:05:42 +0200 From: Mathieu Arnold To: Baptiste Daroussin Cc: Kevin Bowling , Kevin Bowling , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 887cfadcdf5e - main - devel/maven: update to 3.8.1 Message-ID: <20210419080542.5dl2j76hwiu2lb35@aching.in.mat.cc> References: <202104190411.13J4BfrC096512@gitrepo.freebsd.org> <20210419072338.ixoex7jzy42zkfqm@aniel.nours.eu> <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ka4czvgzwmopbnee" Content-Disposition: inline In-Reply-To: <20210419073153.zdqcpyw5kqs2qcbo@aniel.nours.eu> X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2021 08:05:46 -0000 --ka4czvgzwmopbnee Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 19, 2021 at 09:31:53AM +0200, Baptiste Daroussin wrote: > On Mon, Apr 19, 2021 at 12:29:58AM -0700, Kevin Bowling wrote: > > On Mon, Apr 19, 2021 at 12:23 AM Baptiste Daroussin = wrote: > > > > > > On Mon, Apr 19, 2021 at 04:11:41AM +0000, Kevin Bowling wrote: > > > > The branch main has been updated by kbowling: > > > > > > > > URL: https://cgit.FreeBSD.org/ports/commit/?id=3D887cfadcdf5e7ce9a3= 3ef83ee6ee7b63ff855830 > > > > > > > > commit 887cfadcdf5e7ce9a33ef83ee6ee7b63ff855830 > > > > Author: Kevin Bowling > > > > AuthorDate: 2021-04-19 04:05:30 +0000 > > > > Commit: Kevin Bowling > > > > CommitDate: 2021-04-19 04:11:34 +0000 > > > > > > > > devel/maven: update to 3.8.1 > > > > > > > > This is not just a bugfix as it contains three features that ca= use a change of > > > > default behavior (external HTTP insecure URLs are now blocked b= y default): your > > > > builds may fail when using this new Maven release, if you use n= ow blocked > > > > repositories. Please check and eventually fix before upgrading. > > > > > > > > Changes http://maven.apache.org/docs/3.8.1/release-notes.html > > > > > > > > PR: 255161 > > > > Approved by: Jonathan Chen (maintainer) > > > > Security: CVE-2021-26291 > > > > CVE-2020-13956 > > > > --- > > > > devel/maven/Makefile | 2 +- > > > > devel/maven/distinfo | 6 ++--- > > > > devel/maven/pkg-plist | 18 ++++++------- > > > > security/vuxml/vuln.xml | 67 +++++++++++++++++++++++++++++++++++++= ++++++++++++ > > > > 4 files changed, 80 insertions(+), 13 deletions(-) > > > > > > You are not supposed to commit the vuxml entry with that actual port = (as > > > explained in the porter handbook), The reason for that is fairly simp= le, vuxml > > > entries are not merged back to quarterly branches, so now merging thi= s to the > > > quarterly branch (which is what we are supposed to do for CVE in part= icular) > > > will result in a conflict on vuxml instead of a simple straight forwa= rd > > > cherry-pick > >=20 > > Ok. Would you like me to handle the MFH to drop that part of the chang= e? >=20 > Would be nice yes >=20 > Thank you very much! >=20 > Note there used to be a hook to prevent that seems like it has been lost = in the > git transition. The hook is ready, just waiting for deployement. --=20 Mathieu Arnold --ka4czvgzwmopbnee Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEVhwchfRfuV0unqO5KesJApEdfgIFAmB9OdFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDU2 MUMxQzg1RjQ1RkI5NUQyRTlFQTNCOTI5RUIwOTAyOTExRDdFMDIACgkQKesJApEd fgKMShAAgahy6y+XDVMjZ6Ahe9dG9nJXAKdaKnp2OlcBUm1VYrP7QOtsenPwOkq+ 5drK3JKyQ69IImKHButCF883fZcua9bqCNyirX5ipxWCtX9uZTFqRNvfJuXwfhMq CYM+jiWffSst8Hqg60wDD/GRyqH06GfQKnFZCSHCOvUVCUTXwYKZoBTd9ghO0Kes fqs2v3JvSl4Uws9UOl54QRoGzYCntPfId5kPM7d3N57wOabJrZDHQuU7gtmBkHNB ebg/aHyP/+ySKAXGZLPeM6mx3nU0ZkcHGuBRYdN5X2qT0xWJ1FyS9BnXgZT6BVo8 N3LrF5HDWLBSE+LGMB/TxQTuaxyeTdQBqMkKVrXFUaO9y3rYnmMHmO9j5dlEvezE U23eW2oJxUSnTwjpODrsB6ZrOK+A61Wr73L6Zjf4IhhkvGWPKPboPUbKmsPFeAjw 1VFSrgpLyw7tdP3ub91t1zV8ig+F+TVKl2/D7+qtZVYu4/yk0X3Iv0xBzZGZ5qV5 c4pBvfMopDHB4g5uYfukv51ymgqth0oszXzZ/jYZA7yDI4JTS7cYsSNGVglGwAhf IjVGCsq62qxl53yf4r1bEpSU58YuQpR7NVUEpieMUcho8uVtMMJEJ95DIfzZG/Nd nKwY/mR8aoRvr51CR7S2rYX4iaHQ9V1L9BbCUdUKFJ3/qtJkYPc= =u00x -----END PGP SIGNATURE----- --ka4czvgzwmopbnee--