pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel/apache-maven
Module Name: pkgsrc
Committed By: yyamano
Date: Sun Mar 3 16:53:42 UTC 2013
Modified Files:
pkgsrc/devel/apache-maven: Makefile PLIST distinfo
Added Files:
pkgsrc/devel/apache-maven/patches: patch-bin_m2.conf patch-bin_mvn
Removed Files:
pkgsrc/devel/apache-maven/patches: patch-aa patch-ab
Log Message:
Update apache maven to 3.0.5.
http://maven.apache.org/docs/3.0.5/release-notes.html
Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4
http://maven.apache.org/security.html
CVE-2013-0253 Apache Maven 3.0.4
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.
All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apache-maven/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/apache-maven/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apache-maven/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apache-maven/patches/patch-aa \
pkgsrc/devel/apache-maven/patches/patch-ab
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/apache-maven/patches/patch-bin_m2.conf \
pkgsrc/devel/apache-maven/patches/patch-bin_mvn
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index