213536 – www/axis2: Update to 1.7.3, Security Vulnerability, Take MAINTAINER'ship

Bug 213536 - www/axis2: Update to 1.7.3, Security Vulnerability, Take MAINTAINER'ship

Summary: www/axis2: Update to 1.7.3, Security Vulnerability, Take MAINTAINER'ship

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Mark Felder

URL:
Keywords:	patch, security

Depends on:	213546
Blocks:
	Show dependency tree / graph

Reported:	2016-10-16 15:20 UTC by Danilo G. Baio
Modified:	2016-10-20 18:59 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	feld: merge-quarterly+

Attachments
axis2-1.7.3-v02.patch (47.24 KB, patch) 2016-10-16 15:20 UTC, Danilo G. Baio	vlad-fbsd: maintainer-approval+	Details \| Diff
vuxml-axis2.patch (1.60 KB, patch) 2016-10-16 15:21 UTC, Danilo G. Baio	no flags	Details \| Diff
axis2-1.7.3-v03.patch (46.75 KB, patch) 2016-10-20 00:05 UTC, Danilo G. Baio	dbaio: maintainer-approval+	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Danilo G. Baio freebsd_committer

2016-10-16 15:20:23 UTC

Created attachment 175824 [details]
axis2-1.7.3-v02.patch

- Update to 1.7.3 
- Resolve CVE-2010-3981 [1]
- Switch to options helper
- Add LICENSE_FILE
- Install missing files through axis2.war. Reported upstream [2]
- Set architecture neutral
- Take maintainer'ship

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Changelog:
http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html

[QA]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (not tested, still building all dependencies)
	poudriere: amd64, 9.3   (not tested, still building all dependencies)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (not tested, still building all dependencies)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)

Comment 1 Danilo G. Baio freebsd_committer

2016-10-16 15:21:11 UTC

Created attachment 175825 [details]
vuxml-axis2.patch


- Document www/axis2 vulnerability

Comment 2 VK freebsd_triage

2016-10-16 17:02:19 UTC

Comment on attachment 175824 [details]
axis2-1.7.3-v02.patch

Implicit approval, the port has no maintainer.

Comment 3 Danilo G. Baio freebsd_committer

2016-10-16 20:04:19 UTC

Comment on attachment 175825 [details]
vuxml-axis2.patch

Patch on bug 213546

Comment 4 Danilo G. Baio freebsd_committer

2016-10-20 00:05:03 UTC

Created attachment 175956 [details]
axis2-1.7.3-v03.patch


Q/A under 9.3 showed permission problems, updating patch.

- Update to 1.7.3 
- Resolve CVE-2010-3981 [1]
- Switch to options helper
- Add LICENSE_FILE
- Install missing files through axis2.war. Reported upstream [2]
- Set architecture neutral
- Take maintainer'ship
- Fix permissions

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Changelog:
http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (OK)
	poudriere: amd64, 9.3   (OK)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (OK)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)

Comment 5 Kubilay Kocak freebsd_committer

2016-10-20 03:14:48 UTC

Assign to ports-secteam for resolution

Comment 6 commit-hook freebsd_committer

2016-10-20 18:59:28 UTC

A commit references this bug:

Author: feld
Date: Thu Oct 20 18:58:46 UTC 2016
New revision: 424346
URL: https://svnweb.freebsd.org/changeset/ports/424346

Log:
  www/axis2: Update to 1.7.3

  - Resolve CVE-2010-3981 [1]
  - Switch to options helper
  - Add LICENSE_FILE
  - Install missing files through axis2.war. Reported upstream [2]
  - Set architecture neutral
  - Take maintainer'ship
  - Fix permissions

  [1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

  [2]  https://issues.apache.org/jira/browse/AXIS2-5816

  PR:		213536
  MFH:		2016Q4
  Security:	CVE-2010-3981

Changes:
  head/www/axis2/Makefile
  head/www/axis2/distinfo
  head/www/axis2/pkg-plist

Comment 7 commit-hook freebsd_committer

2016-10-20 18:59:30 UTC

A commit references this bug:

Author: feld
Date: Thu Oct 20 18:59:24 UTC 2016
New revision: 424347
URL: https://svnweb.freebsd.org/changeset/ports/424347

Log:
  MFH: r424346

  www/axis2: Update to 1.7.3

  - Resolve CVE-2010-3981 [1]
  - Switch to options helper
  - Add LICENSE_FILE
  - Install missing files through axis2.war. Reported upstream [2]
  - Set architecture neutral
  - Take maintainer'ship
  - Fix permissions

  [1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

  [2]  https://issues.apache.org/jira/browse/AXIS2-5816

  PR:		213536
  Security:	CVE-2010-3981

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/axis2/Makefile
  branches/2016Q4/www/axis2/distinfo
  branches/2016Q4/www/axis2/pkg-plist

Comment 8 Mark Felder freebsd_committer

2016-10-20 18:59:39 UTC

Committed, thanks!