[Git][java-team/gradle][master] 2 commits: use HTTPS URLs in packaging

Hans-Christoph Steiner gitlab at salsa.debian.org
Mon Dec 9 18:47:26 GMT 2019 


Hans-Christoph Steiner pushed to branch master at Debian Java Maintainers / gradle


Commits:
cb4b6754 by Hans-Christoph Steiner at 2019-12-09T12:37:44Z
use HTTPS URLs in packaging

- - - - -
03506091 by Hans-Christoph Steiner at 2019-12-09T12:42:41Z
fix CVE-2019-11065 with upstream patch (Closes: 926923)

- - - - -


9 changed files:

- debian/README.source
- debian/bootstrap.sh
- debian/copyright
- debian/patches/33_scala_zinc.diff
- debian/patches/34-disable-code-quality.patch
- debian/patches/cast-estimated-runtime-to-long.patch
- + debian/patches/fix-CVE-2019-11065.patch
- debian/patches/ivy-artifact-backport.patch
- debian/patches/series


Changes:

=====================================
debian/README.source
=====================================
@@ -21,7 +21,7 @@ Gradle in Debian
   immediate previous version.
 
 
-  1. http://ftp-master.debian.org/REJECT-FAQ.html
+  1. https://ftp-master.debian.org/REJECT-FAQ.html
 
 api-mapping.txt default-imports.txt
 -----------------------------------


=====================================
debian/bootstrap.sh
=====================================
@@ -2,7 +2,7 @@
 
 set -e
 
-URL="http://services.gradle.org/distributions/gradle-1.5-bin.zip"
+URL="https://services.gradle.org/distributions/gradle-1.5-bin.zip"
 ZIP="$(basename $URL)"
 DIR="$(echo $ZIP | sed 's/-bin\.zip$//')"
 VERSION="1.5+bootstrap"
@@ -25,7 +25,7 @@ Depends: default-jre-headless
 Provides: libgradle-plugins-java
 Section: java
 Priority: optional
-Homepage: http://gradle.org/
+Homepage: https://gradle.org/
 Description: Groovy based build system
  Gradle is a build system written in Groovy. It uses Groovy
  also as the language for its build scripts. It has a powerful


=====================================
debian/copyright
=====================================
@@ -1,7 +1,7 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0
 Upstream-Name: Gradle
 Upstream-Contact: Hans Dockter <mail at dockter.biz>
-Source: http://services.gradle.org/distributions
+Source: https://services.gradle.org/distributions
 Files-Excluded: *.a
                 *.zip
                 *.war
@@ -59,7 +59,7 @@ License: Apache-2.0
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  .
-     http://www.apache.org/licenses/LICENSE-2.0
+     https://www.apache.org/licenses/LICENSE-2.0
      /usr/share/common-licenses/Apache-2.0 (on Debian systems)
  .
  Unless required by applicable law or agreed to in writing, software


=====================================
debian/patches/33_scala_zinc.diff
=====================================
@@ -4,7 +4,7 @@ Subject: _scala_zinc
 
 No Zinc Compiler (https://github.com/typesafehub/zinc) in Debian. Zinc depends
 on SBT compiler and SBT is not yet in Debian See SBT ITP :
-http://bugs.debian.org/639910
+https://bugs.debian.org/639910
 
 Forwarded: not-needed
 ---


=====================================
debian/patches/34-disable-code-quality.patch
=====================================
@@ -6,8 +6,8 @@ Disable checkstyle and codenarc tasks during build Gradle failed to build on
 amd64 due to an apparent upstream bug. As extra comment, the issue is not
 present when gradle is built with Oracle JDK.
 
-Bug-Debian: http://bugs.debian.org/719415
-Bug-Upstream: http://issues.gradle.org/browse/GRADLE-2858
+Bug-Debian: https://bugs.debian.org/719415
+Bug-Upstream: https://issues.gradle.org/browse/GRADLE-2858
 Forwarded: not-needed
 ---
  build.gradle                                                        | 2 --


=====================================
debian/patches/cast-estimated-runtime-to-long.patch
=====================================
@@ -8,7 +8,7 @@ Bug-Debian: https://bugs.debian.org/893487
 Forwarded: no
 Last-Update: 2018-03-19
 ---
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+This patch header follows DEP-3: https://dep.debian.net/deps/dep3/
 --- a/buildSrc/src/main/groovy/org/gradle/testing/DistributedPerformanceTest.groovy
 +++ b/buildSrc/src/main/groovy/org/gradle/testing/DistributedPerformanceTest.groovy
 @@ -130,7 +130,7 @@


=====================================
debian/patches/fix-CVE-2019-11065.patch
=====================================
@@ -0,0 +1,14 @@
+Forwarded: not-needed
+Origin: backport, https://github.com/gradle/gradle/pull/8927
+
+--- a/subprojects/javascript/src/main/java/org/gradle/plugins/javascript/base/JavaScriptRepositoriesExtension.java
++++ b/subprojects/javascript/src/main/java/org/gradle/plugins/javascript/base/JavaScriptRepositoriesExtension.java
+@@ -29,7 +29,7 @@
+     public static final String NAME = "javaScript";
+ 
+     public static final String GRADLE_PUBLIC_JAVASCRIPT_REPO_URL = "https://repo.gradle.org/gradle/javascript-public";
+-    public static final String GOOGLE_APIS_REPO_URL = "http://ajax.googleapis.com/ajax/libs";
++    public static final String GOOGLE_APIS_REPO_URL = "https://ajax.googleapis.com/ajax/libs";
+ 
+     private final RepositoryHandler repositories;
+ 


=====================================
debian/patches/ivy-artifact-backport.patch
=====================================
@@ -10,7 +10,7 @@ Origin: backport, https://github.com/gradle/gradle/commit/e076a783
 + * you may not use this file except in compliance with the License.
 + * You may obtain a copy of the License at
 + *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
++ *      https://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
@@ -143,7 +143,7 @@ Origin: backport, https://github.com/gradle/gradle/commit/e076a783
 + * you may not use this file except in compliance with the License.
 + * You may obtain a copy of the License at
 + *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
++ *      https://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,


=====================================
debian/patches/series
=====================================
@@ -27,3 +27,4 @@ disable-internal-android-performance-testing.patch
 java11-compatibility.patch
 asm7.patch
 ivy-artifact-backport.patch
+fix-CVE-2019-11065.patch



View it on GitLab: https://salsa.debian.org/java-team/gradle/compare/a69f6c55cd03244e434b652393dc9a9a05967188...03506091dc1a723bb05dd1a72b0c5ce8dd46f9fe

-- 
View it on GitLab: https://salsa.debian.org/java-team/gradle/compare/a69f6c55cd03244e434b652393dc9a9a05967188...03506091dc1a723bb05dd1a72b0c5ce8dd46f9fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20191209/503fe38e/attachment.html>

More information about the pkg-java-commits mailing list