Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package maven2-core, the version 2.2.1-17 fixes a security issue (#779338). A similar update is planned for the maven2 and maven packages. Thank you, Emmanuel Bourg unblock maven2-core/2.2.1-17 diff -Nru maven2-core-2.2.1/debian/changelog maven2-core-2.2.1/debian/changelog --- maven2-core-2.2.1/debian/changelog 2014-09-24 00:49:28.000000000 +0200 +++ maven2-core-2.2.1/debian/changelog 2015-02-27 14:19:14.000000000 +0100 @@ -1,3 +1,12 @@ +maven2-core (2.2.1-17) unstable; urgency=high + + * Team upload. + * Use a secure connection by default to download artifacts + from the Maven Central repository (Closes: #779338) + * Moved the package to Git + + -- Emmanuel Bourg <[email protected]> Fri, 27 Feb 2015 11:46:36 +0100 + maven2-core (2.2.1-16) unstable; urgency=medium * Team upload diff -Nru maven2-core-2.2.1/debian/control maven2-core-2.2.1/debian/control --- maven2-core-2.2.1/debian/control 2014-09-24 00:49:28.000000000 +0200 +++ maven2-core-2.2.1/debian/control 2015-02-27 11:46:36.000000000 +0100 @@ -25,8 +25,8 @@ maven-ant-helper (>> 4), maven-repo-helper Standards-Version: 3.9.6 -Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/maven2-core -Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/maven2-core +Vcs-Git: git://anonscm.debian.org/pkg-java/maven2-core.git +Vcs-Browser: http://anonscm.debian.org/cgit/pkg-java/maven2-core.git Homepage: http://maven.apache.org Package: libmaven2-core-java diff -Nru maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch --- maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch 1970-01-01 01:00:00.000000000 +0100 +++ maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch 2015-02-27 12:02:00.000000000 +0100 @@ -0,0 +1,22 @@ +Description: Download artifacts from Maven central using https by default +Origin: backport, https://github.com/apache/maven/commit/9216191 +--- a/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml ++++ b/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml +@@ -27,7 +27,7 @@ + <id>central</id> + <name>Maven Repository Switchboard</name> + <layout>default</layout> +- <url>http://repo1.maven.org/maven2</url> ++ <url>https://repo1.maven.org/maven2</url> + <snapshots> + <enabled>false</enabled> + </snapshots> +@@ -38,7 +38,7 @@ + <pluginRepository> + <id>central</id> + <name>Maven Plugin Repository</name> +- <url>http://repo1.maven.org/maven2</url> ++ <url>https://repo1.maven.org/maven2</url> + <layout>default</layout> + <snapshots> + <enabled>false</enabled> diff -Nru maven2-core-2.2.1/debian/patches/series maven2-core-2.2.1/debian/patches/series --- maven2-core-2.2.1/debian/patches/series 2014-09-24 00:49:28.000000000 +0200 +++ maven2-core-2.2.1/debian/patches/series 2015-02-27 11:54:20.000000000 +0100 @@ -2,3 +2,4 @@ 0002-update-plugin-versions.patch 0003-update-plexus-utils.patch 0004-remove-backport-util-concurrent.patch -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

