Package: release.debian.org Severity: normal Tags: wheezy User: [email protected] Usertags: pu
Hi, I'd like to backport the latest Maven security fix to Wheezy, the security team advised to upload it as a proposed update. Please find the debdiff below. Thank you, Emmanuel Bourg diff -Nru maven-3.0.4/debian/changelog maven-3.0.4/debian/changelog --- maven-3.0.4/debian/changelog 2012-02-06 22:42:07.000000000 +0100 +++ maven-3.0.4/debian/changelog 2015-03-03 08:53:27.000000000 +0100 @@ -1,3 +1,11 @@ +maven (3.0.4-3~deb7u1) stable; urgency=high + + * Team upload. + * Use a secure connection by default to download artifacts + from the Maven Central repository (Closes: #779331) + + -- Emmanuel Bourg <[email protected]> Fri, 27 Feb 2015 17:56:07 +0100 + maven (3.0.4-3) unstable; urgency=low * Use wagon 2.x to provide http/webdav access. diff -Nru maven-3.0.4/debian/patches/secure-maven-central-access.diff maven-3.0.4/debian/patches/secure-maven-central-access.diff --- maven-3.0.4/debian/patches/secure-maven-central-access.diff 1970-01-01 01:00:00.000000000 +0100 +++ maven-3.0.4/debian/patches/secure-maven-central-access.diff 2015-03-03 08:30:52.000000000 +0100 @@ -0,0 +1,33 @@ +Description: Download artifacts from Maven central using https by default +Origin: backport, https://github.com/apache/maven/commit/9216191 +--- a/maven-core/src/main/java/org/apache/maven/repository/RepositorySystem.java ++++ b/maven-core/src/main/java/org/apache/maven/repository/RepositorySystem.java +@@ -51,7 +51,7 @@ + + final String DEFAULT_REMOTE_REPO_ID = "central"; + +- final String DEFAULT_REMOTE_REPO_URL = "http://repo.maven.apache.org/maven2";; ++ final String DEFAULT_REMOTE_REPO_URL = "https://repo.maven.apache.org/maven2";; + + Artifact createArtifact( String groupId, String artifactId, String version, String packaging ); + +--- a/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml ++++ b/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml +@@ -27,7 +27,7 @@ + <repository> + <id>central</id> + <name>Central Repository</name> +- <url>http://repo.maven.apache.org/maven2</url> ++ <url>https://repo.maven.apache.org/maven2</url> + <layout>default</layout> + <snapshots> + <enabled>false</enabled> +@@ -39,7 +39,7 @@ + <pluginRepository> + <id>central</id> + <name>Central Repository</name> +- <url>http://repo.maven.apache.org/maven2</url> ++ <url>https://repo.maven.apache.org/maven2</url> + <layout>default</layout> + <snapshots> + <enabled>false</enabled> diff -Nru maven-3.0.4/debian/patches/series maven-3.0.4/debian/patches/series --- maven-3.0.4/debian/patches/series 2012-02-06 22:42:07.000000000 +0100 +++ maven-3.0.4/debian/patches/series 2015-03-03 08:30:52.000000000 +0100 @@ -4,3 +4,4 @@ add_dependencies.diff force_java15_compiler.diff no_maven_assembly.diff +secure-maven-central-access.diff -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
