pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/devel/apache-maven

Module Name:    pkgsrc
Committed By:   yyamano
Date:           Sun Mar  3 16:53:42 UTC 2013

Modified Files:
        pkgsrc/devel/apache-maven: Makefile PLIST distinfo
Added Files:
        pkgsrc/devel/apache-maven/patches: patch-bin_m2.conf patch-bin_mvn
Removed Files:
        pkgsrc/devel/apache-maven/patches: patch-aa patch-ab

Log Message:
Update apache maven to 3.0.5.

Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4

CVE-2013-0253 Apache Maven 3.0.4

Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.

To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apache-maven/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/apache-maven/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apache-maven/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apache-maven/patches/patch-aa \
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/apache-maven/patches/patch-bin_m2.conf \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index