diff options
author | yyamano <yyamano@pkgsrc.org> | 2013-03-03 16:53:42 +0000 |
---|---|---|
committer | yyamano <yyamano@pkgsrc.org> | 2013-03-03 16:53:42 +0000 |
commit | fdce49df6cbc24b199407e9fe54d25ac47de52ff (patch) | |
tree | 9203ad7b6a785d66b160bd257f90209ad9655479 /devel/apache-maven | |
parent | bce679aea2b6f15407905a3733dc08bb110e65ce (diff) | |
download | pkgsrc-fdce49df6cbc24b199407e9fe54d25ac47de52ff.tar.gz |
Update apache maven to 3.0.5.
http://maven.apache.org/docs/3.0.5/release-notes.html
Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4
http://maven.apache.org/security.html
CVE-2013-0253 Apache Maven 3.0.4
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.
All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.
Diffstat (limited to 'devel/apache-maven')
-rw-r--r-- | devel/apache-maven/Makefile | 5 | ||||
-rw-r--r-- | devel/apache-maven/PLIST | 8 | ||||
-rw-r--r-- | devel/apache-maven/distinfo | 12 | ||||
-rw-r--r-- | devel/apache-maven/patches/patch-bin_m2.conf (renamed from devel/apache-maven/patches/patch-aa) | 9 | ||||
-rw-r--r-- | devel/apache-maven/patches/patch-bin_mvn (renamed from devel/apache-maven/patches/patch-ab) | 10 |
5 files changed, 26 insertions, 18 deletions
diff --git a/devel/apache-maven/Makefile b/devel/apache-maven/Makefile index 6015a2042dc..666742707f1 100644 --- a/devel/apache-maven/Makefile +++ b/devel/apache-maven/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.6 2013/02/17 17:37:41 fhajny Exp $ +# $NetBSD: Makefile,v 1.7 2013/03/03 16:53:42 yyamano Exp $ # -DISTNAME= apache-maven-3.0.4 +DISTNAME= apache-maven-3.0.5 CATEGORIES= devel java MASTER_SITES= ${MASTER_SITE_APACHE:=maven/maven-3/${PKGVERSION_NOREV}/binaries/} DISTFILES= ${DISTNAME}-bin${EXTRACT_SUFX} @@ -25,6 +25,7 @@ SUBST_SED.maven+= -e 's,@PREFIX@,${PREFIX},g' INSTALLATION_DIRS= bin etc/maven lib/java/maven lib/java/maven/boot INSTALLATION_DIRS+= share/doc/java/maven share/examples/maven +PKG_SYSCONFSUBDIR= maven CONF_FILES+= share/examples/maven/m2.conf ${PKG_SYSCONFDIR}/m2.conf CONF_FILES+= share/examples/maven/settings.xml ${PKG_SYSCONFDIR}/settings.xml diff --git a/devel/apache-maven/PLIST b/devel/apache-maven/PLIST index 5087024f08c..633e9916120 100644 --- a/devel/apache-maven/PLIST +++ b/devel/apache-maven/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2013/02/17 17:37:41 fhajny Exp $ +@comment $NetBSD: PLIST,v 1.5 2013/03/03 16:53:42 yyamano Exp $ bin/mvn lib/java/maven/aether-api-1.13.1.jar lib/java/maven/aether-connector-wagon-1.13.1.jar @@ -27,9 +27,9 @@ lib/java/maven/sisu-guava-0.9.9.jar lib/java/maven/sisu-guice-3.1.0-no_aop.jar lib/java/maven/sisu-inject-bean-2.3.0.jar lib/java/maven/sisu-inject-plexus-2.3.0.jar -lib/java/maven/wagon-file-2.2.jar -lib/java/maven/wagon-http-2.2-shaded.jar -lib/java/maven/wagon-provider-api-2.2.jar +lib/java/maven/wagon-file-2.4.jar +lib/java/maven/wagon-http-2.4-shaded.jar +lib/java/maven/wagon-provider-api-2.4.jar share/doc/java/maven/LICENSE.txt share/doc/java/maven/NOTICE.txt share/doc/java/maven/README.txt diff --git a/devel/apache-maven/distinfo b/devel/apache-maven/distinfo index e21f467178f..90f6871a198 100644 --- a/devel/apache-maven/distinfo +++ b/devel/apache-maven/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.5 2013/02/17 17:37:41 fhajny Exp $ +$NetBSD: distinfo,v 1.6 2013/03/03 16:53:42 yyamano Exp $ -SHA1 (apache-maven-3.0.4-bin.tar.gz) = 0de5dc162bafde3fcb0a6b009cfeea81a042523b -RMD160 (apache-maven-3.0.4-bin.tar.gz) = c55335fb5c10380db64e6b56ee26cd6f42307a72 -Size (apache-maven-3.0.4-bin.tar.gz) = 4873043 bytes -SHA1 (patch-aa) = 2f7e8890e95eaf10d585f756e0089789d366e5b9 -SHA1 (patch-ab) = d2e86da0eea13c1f918bd43615b530dda0aa4141 +SHA1 (apache-maven-3.0.5-bin.tar.gz) = aecc0d3d67732939c0056d4a0d8510483ee1167e +RMD160 (apache-maven-3.0.5-bin.tar.gz) = 05b877ea0f1880ad62b48a436658ba70cce94b73 +Size (apache-maven-3.0.5-bin.tar.gz) = 5144659 bytes +SHA1 (patch-bin_m2.conf) = e0d2d7442fd86e539d73c1cdb6449d9c8b412122 +SHA1 (patch-bin_mvn) = 1b14289cfc53b0fd6f9a2a85b0d26bcdbb8f56b2 diff --git a/devel/apache-maven/patches/patch-aa b/devel/apache-maven/patches/patch-bin_m2.conf index 2c81d6db941..6bdd0671eb2 100644 --- a/devel/apache-maven/patches/patch-aa +++ b/devel/apache-maven/patches/patch-bin_m2.conf @@ -1,6 +1,8 @@ -$NetBSD: patch-aa,v 1.2 2013/02/17 17:37:41 fhajny Exp $ +$NetBSD: patch-bin_m2.conf,v 1.1 2013/03/03 16:53:42 yyamano Exp $ ---- bin/m2.conf.orig 2012-01-17 08:47:39.000000000 +0000 +Follow pkgsrc path convention. + +--- bin/m2.conf.orig 2013-02-19 13:54:21.000000000 +0000 +++ bin/m2.conf @@ -3,5 +3,5 @@ main is org.apache.maven.cli.MavenCli fr set maven.home default ${user.home}/m2
@@ -8,4 +10,5 @@ $NetBSD: patch-aa,v 1.2 2013/02/17 17:37:41 fhajny Exp $ [plexus.core]
-optionally ${maven.home}/lib/ext/*.jar
+optionally ${maven.home}/lib/java/maven/*.jar
- load ${maven.home}/lib/*.jar
+ load ${maven.home}/lib/*.jar +\ No newline at end of file diff --git a/devel/apache-maven/patches/patch-ab b/devel/apache-maven/patches/patch-bin_mvn index 6250f32ecba..5f26b136d5e 100644 --- a/devel/apache-maven/patches/patch-ab +++ b/devel/apache-maven/patches/patch-bin_mvn @@ -1,6 +1,8 @@ -$NetBSD: patch-ab,v 1.2 2013/02/17 17:37:41 fhajny Exp $ +$NetBSD: patch-bin_mvn,v 1.1 2013/03/03 16:53:42 yyamano Exp $ ---- bin/mvn.orig 2012-01-17 08:47:39.000000000 +0000 +Follow pkgsrc path convention. + +--- bin/mvn.orig 2013-02-19 13:54:21.000000000 +0000 +++ bin/mvn @@ -69,6 +69,15 @@ if [ -z "$JAVA_HOME" ] ; then fi @@ -27,6 +29,8 @@ $NetBSD: patch-ab,v 1.2 2013/02/17 17:37:41 fhajny Exp $ + -classpath "${M2_HOME}"/lib/java/maven/boot/plexus-classworlds-*.jar \ + "-Dclassworlds.conf=${M2_HOME}/etc/maven/m2.conf" \ "-Dmaven.home=${M2_HOME}" \ +- ${CLASSWORLDS_LAUNCHER} "$@" +\ No newline at end of file + "-Dorg.apache.maven.global-settings=${M2_HOME}/etc/maven/settings.xml" \ + "-Dorg.apache.maven.global-plugin-registry=${M2_HOME}/etc/maven/plugin-registry.xml" \ - ${CLASSWORLDS_LAUNCHER} "$@" ++ ${CLASSWORLDS_LAUNCHER} "$@" |