Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package maven for openSUSE:Factory checked in at 2021-04-29 01:37:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/maven (Old) and /work/SRC/openSUSE:Factory/.maven.new.12324 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "maven" Thu Apr 29 01:37:44 2021 rev:5 rq:888788 version:3.8.1 Changes: -------- --- /work/SRC/openSUSE:Factory/maven/maven.changes 2020-03-17 13:10:02.829794443 +0100 +++ /work/SRC/openSUSE:Factory/.maven.new.12324/maven.changes 2021-04-29 01:38:38.538599011 +0200 @@ -1,0 +2,18 @@ +Tue Apr 27 07:25:29 UTC 2021 - Fridrich Strba <[email protected]> + +- Upgrade to upstream version 3.8.1 + * Security fixes: + + CVE-2021-26291 and CVE-2020-13956 + * Bug: + + [MNG-7128] - improve error message when blocked repository + defined in build POM + * New Feature + + [MNG-7116] - Add support for mirror selector on + external:http:* + + [MNG-7117] - Add support for blocking mirrors + + [MNG-7118] - Block external HTTP repositories by default + * Dependency upgrade + * [MNG-7119] - Upgrade Maven Wagon to 3.4.3 + * [MNG-7123] - Upgrade Maven Resolver to 1.6.2 + +------------------------------------------------------------------- Old: ---- apache-maven-3.6.3-build.tar.xz apache-maven-3.6.3-src.tar.gz New: ---- apache-maven-3.8.1-build.tar.xz apache-maven-3.8.1-src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ maven.spec ++++++ --- /var/tmp/diff_new_pack.Kg2QxC/_old 2021-04-29 01:38:39.166599901 +0200 +++ /var/tmp/diff_new_pack.Kg2QxC/_new 2021-04-29 01:38:39.166599901 +0200 @@ -1,7 +1,7 @@ # # spec file for package maven # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %global confdir %{_sysconfdir}/%{name}%{?maven_version_suffix} %bcond_with logback Name: maven -Version: 3.6.3 +Version: 3.8.1 Release: 0 Summary: Java project management and project comprehension tool # maven itself is ASL 2.0 @@ -93,7 +93,7 @@ BuildRequires: mvn(org.apache.maven:maven-parent:pom:) Requires: %{name}-lib = %{version}-%{release} Requires(post): aaa_base -Requires(postun): aaa_base +Requires(postun):aaa_base # maven-lib cannot be noarch because of the position of jansi-native.jar #BuildArch: noarch %if %{with logback} ++++++ apache-maven-3.6.3-build.tar.xz -> apache-maven-3.8.1-build.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/common.xml new/common.xml --- old/common.xml 2020-02-07 16:14:26.269282038 +0100 +++ new/common.xml 2021-04-23 08:21:31.684807945 +0200 @@ -3,12 +3,12 @@ <project name="common" basedir="."> <property file="build.properties"/> - <property name="project.version" value="3.6.3"/> + <property name="project.version" value="3.8.1"/> <property name="project.groupId" value="org.apache.maven"/> <property name="project.organization.name" value="The Apache Software Foundation"/> - <property name="spec.version" value="3.6"/> + <property name="spec.version" value="3.8"/> <property name="compiler.source" value="1.7"/> <property name="compiler.target" value="${compiler.source}"/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/maven-settings/build.xml new/maven-settings/build.xml --- old/maven-settings/build.xml 2019-03-21 20:14:36.886110124 +0100 +++ new/maven-settings/build.xml 2021-04-23 08:27:46.531087654 +0200 @@ -72,7 +72,7 @@ </macrodef> <macrodef name="modello"> <attribute name="file"/> - <attribute name="version" default="1.1.0"/> + <attribute name="version" default="1.2.0"/> <sequential> <echo taskname="modello" message="Generating sources for @{file}"/> <modello-single-mode file="@{file}" version="@{version}" mode="java"/> ++++++ apache-maven-3.6.3-src.tar.gz -> apache-maven-3.8.1-src.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/DEPENDENCIES new/apache-maven-3.8.1/DEPENDENCIES --- old/apache-maven-3.6.3/DEPENDENCIES 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/DEPENDENCIES 2019-11-07 13:32:18.000000000 +0100 @@ -59,51 +59,51 @@ License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - Apache Commons Lang (http://commons.apache.org/proper/commons-lang/) org.apache.commons:commons-lang3:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact (https://maven.apache.org/ref/3.6.3/maven-artifact/) org.apache.maven:maven-artifact:jar:3.6.3 + - Maven Artifact (https://maven.apache.org/ref/3.8.1/maven-artifact/) org.apache.maven:maven-artifact:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Builder Support (https://maven.apache.org/ref/3.6.3/maven-builder-support/) org.apache.maven:maven-builder-support:jar:3.6.3 + - Maven Builder Support (https://maven.apache.org/ref/3.8.1/maven-builder-support/) org.apache.maven:maven-builder-support:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Compat (https://maven.apache.org/ref/3.6.3/maven-compat/) org.apache.maven:maven-compat:jar:3.6.3 + - Maven Compat (https://maven.apache.org/ref/3.8.1/maven-compat/) org.apache.maven:maven-compat:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Core (https://maven.apache.org/ref/3.6.3/maven-core/) org.apache.maven:maven-core:jar:3.6.3 + - Maven Core (https://maven.apache.org/ref/3.8.1/maven-core/) org.apache.maven:maven-core:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Embedder (https://maven.apache.org/ref/3.6.3/maven-embedder/) org.apache.maven:maven-embedder:jar:3.6.3 + - Maven Embedder (https://maven.apache.org/ref/3.8.1/maven-embedder/) org.apache.maven:maven-embedder:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Model (https://maven.apache.org/ref/3.6.3/maven-model/) org.apache.maven:maven-model:jar:3.6.3 + - Maven Model (https://maven.apache.org/ref/3.8.1/maven-model/) org.apache.maven:maven-model:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Model Builder (https://maven.apache.org/ref/3.6.3/maven-model-builder/) org.apache.maven:maven-model-builder:jar:3.6.3 + - Maven Model Builder (https://maven.apache.org/ref/3.8.1/maven-model-builder/) org.apache.maven:maven-model-builder:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Plugin API (https://maven.apache.org/ref/3.6.3/maven-plugin-api/) org.apache.maven:maven-plugin-api:jar:3.6.3 + - Maven Plugin API (https://maven.apache.org/ref/3.8.1/maven-plugin-api/) org.apache.maven:maven-plugin-api:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Repository Metadata Model (https://maven.apache.org/ref/3.6.3/maven-repository-metadata/) org.apache.maven:maven-repository-metadata:jar:3.6.3 + - Maven Repository Metadata Model (https://maven.apache.org/ref/3.8.1/maven-repository-metadata/) org.apache.maven:maven-repository-metadata:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver Provider (https://maven.apache.org/ref/3.6.3/maven-resolver-provider/) org.apache.maven:maven-resolver-provider:jar:3.6.3 + - Maven Artifact Resolver Provider (https://maven.apache.org/ref/3.8.1/maven-resolver-provider/) org.apache.maven:maven-resolver-provider:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Settings (https://maven.apache.org/ref/3.6.3/maven-settings/) org.apache.maven:maven-settings:jar:3.6.3 + - Maven Settings (https://maven.apache.org/ref/3.8.1/maven-settings/) org.apache.maven:maven-settings:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Settings Builder (https://maven.apache.org/ref/3.6.3/maven-settings-builder/) org.apache.maven:maven-settings-builder:jar:3.6.3 + - Maven Settings Builder (https://maven.apache.org/ref/3.8.1/maven-settings-builder/) org.apache.maven:maven-settings-builder:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven SLF4J Simple Provider (https://maven.apache.org/ref/3.6.3/maven-slf4j-provider/) org.apache.maven:maven-slf4j-provider:jar:3.6.3 + - Maven SLF4J Simple Provider (https://maven.apache.org/ref/3.8.1/maven-slf4j-provider/) org.apache.maven:maven-slf4j-provider:jar:3.8.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver API (https://maven.apache.org/resolver/maven-resolver-api/) org.apache.maven.resolver:maven-resolver-api:jar:1.4.1 + - Maven Artifact Resolver API (https://maven.apache.org/resolver/maven-resolver-api/) org.apache.maven.resolver:maven-resolver-api:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver Connector Basic (https://maven.apache.org/resolver/maven-resolver-connector-basic/) org.apache.maven.resolver:maven-resolver-connector-basic:jar:1.4.1 + - Maven Artifact Resolver Connector Basic (https://maven.apache.org/resolver/maven-resolver-connector-basic/) org.apache.maven.resolver:maven-resolver-connector-basic:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver Implementation (https://maven.apache.org/resolver/maven-resolver-impl/) org.apache.maven.resolver:maven-resolver-impl:jar:1.4.1 + - Maven Artifact Resolver Implementation (https://maven.apache.org/resolver/maven-resolver-impl/) org.apache.maven.resolver:maven-resolver-impl:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver SPI (https://maven.apache.org/resolver/maven-resolver-spi/) org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1 + - Maven Artifact Resolver SPI (https://maven.apache.org/resolver/maven-resolver-spi/) org.apache.maven.resolver:maven-resolver-spi:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver Transport Wagon (https://maven.apache.org/resolver/maven-resolver-transport-wagon/) org.apache.maven.resolver:maven-resolver-transport-wagon:jar:1.4.1 + - Maven Artifact Resolver Transport Wagon (https://maven.apache.org/resolver/maven-resolver-transport-wagon/) org.apache.maven.resolver:maven-resolver-transport-wagon:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Maven Artifact Resolver Utilities (https://maven.apache.org/resolver/maven-resolver-util/) org.apache.maven.resolver:maven-resolver-util:jar:1.4.1 + - Maven Artifact Resolver Utilities (https://maven.apache.org/resolver/maven-resolver-util/) org.apache.maven.resolver:maven-resolver-util:jar:1.6.2 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - Apache Maven Shared Utils (https://maven.apache.org/shared/maven-shared-utils/) org.apache.maven.shared:maven-shared-utils:jar:3.2.1 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Apache Maven Wagon :: Providers :: File Provider (https://maven.apache.org/wagon/wagon-providers/wagon-file) org.apache.maven.wagon:wagon-file:jar:3.3.4 + - Apache Maven Wagon :: Providers :: File Provider (https://maven.apache.org/wagon/wagon-providers/wagon-file) org.apache.maven.wagon:wagon-file:jar:3.4.3 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Apache Maven Wagon :: Providers :: HTTP Provider (https://maven.apache.org/wagon/wagon-providers/wagon-http) org.apache.maven.wagon:wagon-http:jar:3.3.4 + - Apache Maven Wagon :: Providers :: HTTP Provider (https://maven.apache.org/wagon/wagon-providers/wagon-http) org.apache.maven.wagon:wagon-http:jar:3.4.3 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) - - Apache Maven Wagon :: API (https://maven.apache.org/wagon/wagon-provider-api) org.apache.maven.wagon:wagon-provider-api:jar:3.3.4 + - Apache Maven Wagon :: API (https://maven.apache.org/wagon/wagon-provider-api) org.apache.maven.wagon:wagon-provider-api:jar:3.4.3 License: Apache License, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) From: 'The Eclipse Foundation' (http://www.eclipse.org/) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/apache-maven/pom.xml new/apache-maven-3.8.1/apache-maven/pom.xml --- old/apache-maven-3.6.3/apache-maven/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/apache-maven/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>apache-maven</artifactId> @@ -319,6 +319,12 @@ </plugin> </plugins> </build> + </profile> + <profile> + <id>versionlessMavenDist</id> + <build> + <finalName>${project.artifactId}</finalName> + </build> </profile> </profiles> </project> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/apache-maven/src/conf/settings.xml new/apache-maven-3.8.1/apache-maven/src/conf/settings.xml --- old/apache-maven-3.6.3/apache-maven/src/conf/settings.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/apache-maven/src/conf/settings.xml 2019-11-07 13:32:18.000000000 +0100 @@ -43,9 +43,9 @@ | values (values used when the setting is not specified) are provided. | |--> -<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"; +<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd";> + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd";> <!-- localRepository | The path to the local repository maven will use to store artifacts. | @@ -156,6 +156,13 @@ <url>http://my.repository.com/repo/path</url> </mirror> --> + <mirror> + <id>maven-default-http-blocker</id> + <mirrorOf>external:http:*</mirrorOf> + <name>Pseudo repository to mirror external repositories initially using HTTP.</name> + <url>http://0.0.0.0/</url> + <blocked>true</blocked> + </mirror> </mirrors> <!-- profiles diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-artifact/pom.xml new/apache-maven-3.8.1/maven-artifact/pom.xml --- old/apache-maven-3.6.3/maven-artifact/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-artifact/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-artifact</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepository.java new/apache-maven-3.8.1/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepository.java --- old/apache-maven-3.6.3/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 @@ -73,6 +73,12 @@ @Deprecated void setBlacklisted( boolean blackListed ); + /** @since 3.8.1 **/ + boolean isBlocked(); + + /** @since 3.8.1 **/ + void setBlocked( boolean blocked ); + // // New interface methods for the repository system. // diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-builder-support/pom.xml new/apache-maven-3.8.1/maven-builder-support/pom.xml --- old/apache-maven-3.6.3/maven-builder-support/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-builder-support/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-builder-support</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-compat/pom.xml new/apache-maven-3.8.1/maven-compat/pom.xml --- old/apache-maven-3.6.3/maven-compat/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-compat/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-compat</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/artifact/repository/DefaultArtifactRepository.java new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/artifact/repository/DefaultArtifactRepository.java --- old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/artifact/repository/DefaultArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/artifact/repository/DefaultArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 @@ -54,6 +54,8 @@ private List<ArtifactRepository> mirroredRepositories = Collections.emptyList(); + private boolean blocked; + /** * Create a local repository or a test repository. * @@ -264,4 +266,14 @@ } } + public boolean isBlocked() + { + return blocked; + } + + public void setBlocked( boolean blocked ) + { + this.blocked = blocked; + } + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/repository/DefaultMirrorSelector.java new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/repository/DefaultMirrorSelector.java --- old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/repository/DefaultMirrorSelector.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/repository/DefaultMirrorSelector.java 2019-11-07 13:32:18.000000000 +0100 @@ -41,6 +41,8 @@ private static final String EXTERNAL_WILDCARD = "external:*"; + private static final String EXTERNAL_HTTP_WILDCARD = "external:http:*"; + public Mirror getMirror( ArtifactRepository repository, List<Mirror> mirrors ) { String repoId = repository.getId(); @@ -68,9 +70,14 @@ } /** - * This method checks if the pattern matches the originalRepository. Valid patterns: * = - * everything external:* = everything not on the localhost and not file based. repo,repo1 = repo - * or repo1 *,!repo1 = everything except repo1 + * This method checks if the pattern matches the originalRepository. Valid patterns: + * <ul> + * <li>{@code *} = everything,</li> + * <li>{@code external:*} = everything not on the localhost and not file based,</li> + * <li>{@code external:http:*} = any repository not on the localhost using HTTP,</li> + * <li>{@code repo,repo1} = {@code repo} or {@code repo1},</li> + * <li>{@code *,!repo1} = everything except {@code repo1}.</li> + * </ul> * * @param originalRepository to compare for a match. * @param pattern used for match. Currently only '*' is supported. @@ -115,6 +122,12 @@ result = true; // don't stop processing in case a future segment explicitly excludes this repo } + // check for external:http:* + else if ( EXTERNAL_HTTP_WILDCARD.equals( repo ) && isExternalHttpRepo( originalRepository ) ) + { + result = true; + // don't stop processing in case a future segment explicitly excludes this repo + } else if ( WILDCARD.equals( repo ) ) { result = true; @@ -136,8 +149,34 @@ try { URL url = new URL( originalRepository.getUrl() ); - return !( url.getHost().equals( "localhost" ) || url.getHost().equals( "127.0.0.1" ) - || url.getProtocol().equals( "file" ) ); + return !( isLocal( url.getHost() ) || url.getProtocol().equals( "file" ) ); + } + catch ( MalformedURLException e ) + { + // bad url just skip it here. It should have been validated already, but the wagon lookup will deal with it + return false; + } + } + + private static boolean isLocal( String host ) + { + return "localhost".equals( host ) || "127.0.0.1".equals( host ); + } + + /** + * Checks the URL to see if this repository refers to a non-localhost repository using HTTP. + * + * @param originalRepository + * @return true if external. + */ + static boolean isExternalHttpRepo( ArtifactRepository originalRepository ) + { + try + { + URL url = new URL( originalRepository.getUrl() ); + return ( "http".equalsIgnoreCase( url.getProtocol() ) || "dav".equalsIgnoreCase( url.getProtocol() ) + || "dav:http".equalsIgnoreCase( url.getProtocol() ) + || "dav+http".equalsIgnoreCase( url.getProtocol() ) ) && !isLocal( url.getHost() ); } catch ( MalformedURLException e ) { @@ -146,7 +185,7 @@ } } - static boolean matchesLayout( ArtifactRepository repository, Mirror mirror ) + static boolean matchesLayout( ArtifactRepository repository, Mirror mirror ) { return matchesLayout( RepositoryUtils.getLayout( repository ), mirror.getMirrorOfLayouts() ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java --- old/apache-maven-3.6.3/maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java 2019-11-07 13:32:18.000000000 +0100 @@ -446,6 +446,8 @@ effectiveRepository.setMirroredRepositories( mirroredRepos ); + effectiveRepository.setBlocked( aliasedRepo.isBlocked() ); + effectiveRepositories.add( effectiveRepository ); } @@ -502,6 +504,7 @@ mirror.setId( repo.getId() ); mirror.setUrl( repo.getUrl() ); mirror.setLayout( repo.getContentType() ); + mirror.setBlocked( repo.isBlocked() ); return mirror; } } @@ -538,6 +541,8 @@ { repository.setLayout( getLayout( mirror.getLayout() ) ); } + + repository.setBlocked( mirror.isBlocked() ); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/pom.xml new/apache-maven-3.8.1/maven-core/pom.xml --- old/apache-maven-3.6.3/maven-core/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-core</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/RepositoryUtils.java new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/RepositoryUtils.java --- old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/RepositoryUtils.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/RepositoryUtils.java 2019-11-07 13:32:18.000000000 +0100 @@ -210,6 +210,7 @@ builder.setAuthentication( toAuthentication( repo.getAuthentication() ) ); builder.setProxy( toProxy( repo.getProxy() ) ); builder.setMirroredRepositories( toRepos( repo.getMirroredRepositories() ) ); + builder.setBlocked( repo.isBlocked() ); result = builder.build(); } return result; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/artifact/repository/LegacyLocalRepositoryManager.java new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/artifact/repository/LegacyLocalRepositoryManager.java --- old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/artifact/repository/LegacyLocalRepositoryManager.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/artifact/repository/LegacyLocalRepositoryManager.java 2019-11-07 13:32:18.000000000 +0100 @@ -427,6 +427,15 @@ { } + public boolean isBlocked() + { + return false; + } + + public void setBlocked( boolean blocked ) + { + } + } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/artifact/repository/MavenArtifactRepository.java new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/artifact/repository/MavenArtifactRepository.java --- old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/artifact/repository/MavenArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/artifact/repository/MavenArtifactRepository.java 2019-11-07 13:32:18.000000000 +0100 @@ -57,6 +57,8 @@ private List<ArtifactRepository> mirroredRepositories = Collections.emptyList(); + private boolean blocked; + public MavenArtifactRepository() { } @@ -160,6 +162,8 @@ sb.append( ", update => " ).append( releases.getUpdatePolicy() ).append( "]\n" ); } + sb.append( " blocked: " ).append( isBlocked() ).append( '\n' ); + return sb.toString(); } @@ -414,4 +418,14 @@ } } + public boolean isBlocked() + { + return blocked; + } + + public void setBlocked( boolean blocked ) + { + this.blocked = blocked; + } + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java --- old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java 2019-11-07 13:32:18.000000000 +0100 @@ -190,6 +190,7 @@ mirror.setId( repo.getId() ); mirror.setUrl( repo.getUrl() ); mirror.setLayout( repo.getContentType() ); + mirror.setBlocked( repo.isBlocked() ); return mirror; } } @@ -226,6 +227,8 @@ { repository.setLayout( getLayout( mirror.getLayout() ) ); } + + repository.setBlocked( mirror.isBlocked() ); } } @@ -671,6 +674,8 @@ effectiveRepository.setMirroredRepositories( mirroredRepos ); + effectiveRepository.setBlocked( aliasedRepo.isBlocked() ); + effectiveRepositories.add( effectiveRepository ); } @@ -710,6 +715,8 @@ private static final String EXTERNAL_WILDCARD = "external:*"; + private static final String EXTERNAL_HTTP_WILDCARD = "external:http:*"; + public static Mirror getMirror( ArtifactRepository repository, List<Mirror> mirrors ) { String repoId = repository.getId(); @@ -737,8 +744,14 @@ } /** - * This method checks if the pattern matches the originalRepository. Valid patterns: * = everything external:* = - * everything not on the localhost and not file based. repo,repo1 = repo or repo1 *,!repo1 = everything except repo1 + * This method checks if the pattern matches the originalRepository. Valid patterns: + * <ul> + * <li>{@code *} = everything,</li> + * <li>{@code external:*} = everything not on the localhost and not file based,</li> + * <li>{@code external:http:*} = any repository not on the localhost using HTTP,</li> + * <li>{@code repo,repo1} = {@code repo} or {@code repo1},</li> + * <li>{@code *,!repo1} = everything except {@code repo1}.</li> + * </ul> * * @param originalRepository to compare for a match. * @param pattern used for match. Currently only '*' is supported. @@ -782,6 +795,12 @@ result = true; // don't stop processing in case a future segment explicitly excludes this repo } + // check for external:http:* + else if ( EXTERNAL_HTTP_WILDCARD.equals( repo ) && isExternalHttpRepo( originalRepository ) ) + { + result = true; + // don't stop processing in case a future segment explicitly excludes this repo + } else if ( WILDCARD.equals( repo ) ) { result = true; @@ -803,8 +822,34 @@ try { URL url = new URL( originalRepository.getUrl() ); - return !( url.getHost().equals( "localhost" ) || url.getHost().equals( "127.0.0.1" ) - || url.getProtocol().equals( "file" ) ); + return !( isLocal( url.getHost() ) || url.getProtocol().equals( "file" ) ); + } + catch ( MalformedURLException e ) + { + // bad url just skip it here. It should have been validated already, but the wagon lookup will deal with it + return false; + } + } + + private static boolean isLocal( String host ) + { + return "localhost".equals( host ) || "127.0.0.1".equals( host ); + } + + /** + * Checks the URL to see if this repository refers to a non-localhost repository using HTTP. + * + * @param originalRepository + * @return true if external. + */ + static boolean isExternalHttpRepo( ArtifactRepository originalRepository ) + { + try + { + URL url = new URL( originalRepository.getUrl() ); + return ( "http".equalsIgnoreCase( url.getProtocol() ) || "dav".equalsIgnoreCase( url.getProtocol() ) + || "dav:http".equalsIgnoreCase( url.getProtocol() ) + || "dav+http".equalsIgnoreCase( url.getProtocol() ) ) && !isLocal( url.getHost() ); } catch ( MalformedURLException e ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java --- old/apache-maven-3.6.3/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java 2019-11-07 13:32:18.000000000 +0100 @@ -177,8 +177,8 @@ DefaultMirrorSelector mirrorSelector = new DefaultMirrorSelector(); for ( Mirror mirror : request.getMirrors() ) { - mirrorSelector.add( mirror.getId(), mirror.getUrl(), mirror.getLayout(), false, mirror.getMirrorOf(), - mirror.getMirrorOfLayouts() ); + mirrorSelector.add( mirror.getId(), mirror.getUrl(), mirror.getLayout(), false, mirror.isBlocked(), + mirror.getMirrorOf(), mirror.getMirrorOfLayouts() ); } session.setMirrorSelector( mirrorSelector ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-embedder/pom.xml new/apache-maven-3.8.1/maven-embedder/pom.xml --- old/apache-maven-3.6.3/maven-embedder/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-embedder/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-embedder</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-model/pom.xml new/apache-maven-3.8.1/maven-model/pom.xml --- old/apache-maven-3.6.3/maven-model/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-model/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-model</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-model-builder/pom.xml new/apache-maven-3.8.1/maven-model-builder/pom.xml --- old/apache-maven-3.6.3/maven-model-builder/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-model-builder/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-model-builder</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-model-builder/src/site/apt/index.apt new/apache-maven-3.8.1/maven-model-builder/src/site/apt/index.apt --- old/apache-maven-3.6.3/maven-model-builder/src/site/apt/index.apt 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-model-builder/src/site/apt/index.apt 2019-11-07 13:32:18.000000000 +0100 @@ -81,7 +81,7 @@ with its <<<DefaultLifecycleBindingsInjector>>> implementation in maven-core ({{{./maven-core/xref/org/apache/maven/model/plugin/DefaultLifecycleBindingsInjector.html}source}}) - ** dependency management import (for dependencies of type <<<pom>>> in the <<<\<dependencyManagement\>>>> section) + ** dependency management import (for dependencies of type <<<pom>>> and scope <<<import>>> in the <<<\<dependencyManagement\>>>> section) ** dependency management injection: <<<DependencyManagementInjector>>> ({{{./apidocs/org/apache/maven/model/management/DependencyManagementInjector.html}javadoc}}), with its <<<DefaultDependencyManagementInjector>>> implementation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-plugin-api/pom.xml new/apache-maven-3.8.1/maven-plugin-api/pom.xml --- old/apache-maven-3.6.3/maven-plugin-api/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-plugin-api/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-plugin-api</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-repository-metadata/pom.xml new/apache-maven-3.8.1/maven-repository-metadata/pom.xml --- old/apache-maven-3.6.3/maven-repository-metadata/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-repository-metadata/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-repository-metadata</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-resolver-provider/pom.xml new/apache-maven-3.8.1/maven-resolver-provider/pom.xml --- old/apache-maven-3.6.3/maven-resolver-provider/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-resolver-provider/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-resolver-provider</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-settings/pom.xml new/apache-maven-3.8.1/maven-settings/pom.xml --- old/apache-maven-3.6.3/maven-settings/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-settings/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-settings</artifactId> @@ -46,7 +46,7 @@ <groupId>org.codehaus.modello</groupId> <artifactId>modello-maven-plugin</artifactId> <configuration> - <version>1.1.0</version> + <version>1.2.0</version> <models> <model>src/main/mdo/settings.mdo</model> </models> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-settings/src/main/mdo/settings.mdo new/apache-maven-3.8.1/maven-settings/src/main/mdo/settings.mdo --- old/apache-maven-3.6.3/maven-settings/src/main/mdo/settings.mdo 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-settings/src/main/mdo/settings.mdo 2019-11-07 13:32:18.000000000 +0100 @@ -633,6 +633,15 @@ of the mirror to repositories with a matching layout (apart from a matching id). Since Maven 3. </description> </field> + <field> + <name>blocked</name> + <version>1.2.0+</version> + <type>boolean</type> + <defaultValue>false</defaultValue> + <description> + Whether this mirror should be blocked from any download request but fail the download process, explaining why. + </description> + </field> </fields> <codeSegments> <codeSegment> @@ -648,6 +657,10 @@ sb.append( ",mirrorOf=" ).append( mirrorOf ); sb.append( ",url=" ).append( this.url ); sb.append( ",name=" ).append( this.name ); + if ( isBlocked() ) + { + sb.append( ",blocked" ); + } sb.append( "]" ); return sb.toString(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-settings-builder/pom.xml new/apache-maven-3.8.1/maven-settings-builder/pom.xml --- old/apache-maven-3.6.3/maven-settings-builder/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-settings-builder/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-settings-builder</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/maven-slf4j-provider/pom.xml new/apache-maven-3.8.1/maven-slf4j-provider/pom.xml --- old/apache-maven-3.6.3/maven-slf4j-provider/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/maven-slf4j-provider/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -25,7 +25,7 @@ <parent> <groupId>org.apache.maven</groupId> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> </parent> <artifactId>maven-slf4j-provider</artifactId> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-maven-3.6.3/pom.xml new/apache-maven-3.8.1/pom.xml --- old/apache-maven-3.6.3/pom.xml 2019-11-07 13:32:18.000000000 +0100 +++ new/apache-maven-3.8.1/pom.xml 2019-11-07 13:32:18.000000000 +0100 @@ -30,7 +30,7 @@ </parent> <artifactId>maven</artifactId> - <version>3.6.3</version> + <version>3.8.1</version> <packaging>pom</packaging> <name>Apache Maven</name> @@ -59,13 +59,13 @@ <plexusUtilsVersion>3.2.1</plexusUtilsVersion> <guiceVersion>4.2.1</guiceVersion> <sisuInjectVersion>0.3.4</sisuInjectVersion> - <wagonVersion>3.3.4</wagonVersion> + <wagonVersion>3.4.3</wagonVersion> <jsoupVersion>1.12.1</jsoupVersion> <securityDispatcherVersion>1.4</securityDispatcherVersion> <cipherVersion>1.7</cipherVersion> <modelloVersion>1.11</modelloVersion> <jxpathVersion>1.3</jxpathVersion> - <resolverVersion>1.4.1</resolverVersion> + <resolverVersion>1.6.2</resolverVersion> <slf4jVersion>1.7.29</slf4jVersion> <xmlunitVersion>2.2.1</xmlunitVersion> <powermockVersion>1.7.4</powermockVersion> @@ -101,7 +101,7 @@ <connection>scm:git:https://gitbox.apache.org/repos/asf/maven.git</connection> <developerConnection>scm:git:https://gitbox.apache.org/repos/asf/maven.git</developerConnection> <url>https://github.com/apache/maven/tree/${project.scm.tag}</url> - <tag>maven-3.6.3</tag> + <tag>maven-3.8.1</tag> </scm> <issueManagement> <system>jira</system>
