Subject: CVS commit: pkgsrc/devel/apache-maven
From: Yuji Yamano
Date: 2013-03-03 17:53:42
Message id: 20130303165342.EADAB175DD@cvs.netbsd.org
Log Message:
Update apache maven to 3.0.5.

http://maven.apache.org/docs/3.0.5/release-notes.html

Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4

http://maven.apache.org/security.html

CVE-2013-0253 Apache Maven 3.0.4

Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.
Files:
RevisionActionfile
1.7modifypkgsrc/devel/apache-maven/Makefile
1.5modifypkgsrc/devel/apache-maven/PLIST
1.6modifypkgsrc/devel/apache-maven/distinfo
1.1addpkgsrc/devel/apache-maven/patches/patch-bin_m2.conf
1.1addpkgsrc/devel/apache-maven/patches/patch-bin_mvn
1.2removepkgsrc/devel/apache-maven/patches/patch-aa
1.2removepkgsrc/devel/apache-maven/patches/patch-ab