[Bug 201704] lang/groovy: remote execution of untrusted code vulnerability in 2.3.9
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 8 11:57:57 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201704
--- Comment #2 from Jason Unovitch <jason.unovitch at gmail.com> ---
(In reply to Jason Unovitch from comment #1)
Details/Comments for the records:
- Add NO_ARCH
This is Java and other non-arch specific.
pkg-static: DEVELOPER_MODE: Notice: arch "FreeBSD:11:amd64" -- no architecture
specific files found:
- Remove various LICENSE files that were removed upstream
https://github.com/apache/incubator-groovy/commit/0f645889a49ce867671c79ea480952394807fdcb
That commit removed ANTLR-LICENSE.txt, ASM-LICENSE.txt, and JSR223-LICENSE.txt.
However there were several other commits after that point that affected
licenses embedded with the Groovy distfile. I would advise anyone with concern
over this to review the upstream Git closely.
- Remove PDF documentation that was removed upstream
https://github.com/apache/incubator-groovy/commit/de6161fcc55fdd124478baa8a9e2309abd084e5f
Upstream mentions replacing with Asciidoctor documentation however the
gradle/assemble.gradle still attempts to use the pre-built PDF that used to be
included under Git revision control. I would speculate that PDF support may
come back in a future release when the Asciidoctor efforts are finished.
- Switch @dirrm to @dir
The plist is built dynamically, so fix the Makefile where it's generate to
handle this Poudriere QA warning:
pkg-static: Warning: @dirrm[try] is deprecated, please use @dir
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list