Package: release.debian.org Severity: normal Tags: wheezy User: [email protected] Usertags: pu
Hi, Please accept maven2-core/2.2.1-8+deb7u1 in stable-updates to backport the security fix recently applied to Maven 2 in testing/unstable. Thank you, Emmanuel Bourg diff -Nru maven2-core-2.2.1/debian/changelog maven2-core-2.2.1/debian/changelog --- maven2-core-2.2.1/debian/changelog 2011-10-13 04:58:44.000000000 +0200 +++ maven2-core-2.2.1/debian/changelog 2015-03-03 21:27:40.000000000 +0100 @@ -1,3 +1,11 @@ +maven2-core (2.2.1-8+deb7u1) stable; urgency=low + + * Team upload. + * Use a secure connection by default to download artifacts + from the Maven Central repository (Closes: #779338) + + -- Emmanuel Bourg <[email protected]> Fri, 27 Feb 2015 11:46:36 +0100 + maven2-core (2.2.1-8) unstable; urgency=low * Team upload. diff -Nru maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch --- maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch 1970-01-01 01:00:00.000000000 +0100 +++ maven2-core-2.2.1/debian/patches/0005-secure-maven-central-access.patch 2015-03-03 21:23:21.000000000 +0100 @@ -0,0 +1,22 @@ +Description: Download artifacts from Maven central using https by default +Origin: backport, https://github.com/apache/maven/commit/9216191 +--- a/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml ++++ b/maven-project/src/main/resources/org/apache/maven/project/pom-4.0.0.xml +@@ -27,7 +27,7 @@ + <id>central</id> + <name>Maven Repository Switchboard</name> + <layout>default</layout> +- <url>http://repo1.maven.org/maven2</url> ++ <url>https://repo1.maven.org/maven2</url> + <snapshots> + <enabled>false</enabled> + </snapshots> +@@ -38,7 +38,7 @@ + <pluginRepository> + <id>central</id> + <name>Maven Plugin Repository</name> +- <url>http://repo1.maven.org/maven2</url> ++ <url>https://repo1.maven.org/maven2</url> + <layout>default</layout> + <snapshots> + <enabled>false</enabled> diff -Nru maven2-core-2.2.1/debian/patches/series maven2-core-2.2.1/debian/patches/series --- maven2-core-2.2.1/debian/patches/series 2011-08-15 00:03:53.000000000 +0200 +++ maven2-core-2.2.1/debian/patches/series 2015-03-03 21:26:53.000000000 +0100 @@ -1,3 +1,4 @@ 0001-remove-webdav-support.patch 0002-update-plugin-versions.patch 0003-update-plexus-utils.patch +0005-secure-maven-central-access.patch -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
