CVS commit: pkgsrc/devel/apache-maven

["Yuji Yamano" <yyamano%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   yyamano
Date:           Sun Mar  3 16:53:42 UTC 2013

Modified Files:
        pkgsrc/devel/apache-maven: Makefile PLIST distinfo
Added Files:
        pkgsrc/devel/apache-maven/patches: patch-bin_m2.conf patch-bin_mvn
Removed Files:
        pkgsrc/devel/apache-maven/patches: patch-aa patch-ab

Log Message:
Update apache maven to 3.0.5.

http://maven.apache.org/docs/3.0.5/release-notes.html

Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4

http://maven.apache.org/security.html

CVE-2013-0253 Apache Maven 3.0.4

Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apache-maven/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/apache-maven/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apache-maven/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apache-maven/patches/patch-aa \
    pkgsrc/devel/apache-maven/patches/patch-ab
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/apache-maven/patches/patch-bin_m2.conf \
    pkgsrc/devel/apache-maven/patches/patch-bin_mvn

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.