Created attachment 175824 [details] axis2-1.7.3-v02.patch - Update to 1.7.3 - Resolve CVE-2010-3981 [1] - Switch to options helper - Add LICENSE_FILE - Install missing files through axis2.war. Reported upstream [2] - Set architecture neutral - Take maintainer'ship [1] http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981 [2] https://issues.apache.org/jira/browse/AXIS2-5816 Changelog: http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html [QA] portlint: OK (looks fine.) testport: poudriere: i386, 9.3 (not tested, still building all dependencies) poudriere: amd64, 9.3 (not tested, still building all dependencies) poudriere: i386, 10.3 (OK) poudriere: amd64, 10.3 (OK) poudriere: i386, 11 (not tested, still building all dependencies) poudriere: amd64, 11 (OK) poudriere: i386, 12 (OK) poudriere: amd64, 12 (OK)
Created attachment 175825 [details] vuxml-axis2.patch - Document www/axis2 vulnerability
Comment on attachment 175824 [details] axis2-1.7.3-v02.patch Implicit approval, the port has no maintainer.
Comment on attachment 175825 [details] vuxml-axis2.patch Patch on bug 213546
Created attachment 175956 [details] axis2-1.7.3-v03.patch Q/A under 9.3 showed permission problems, updating patch. - Update to 1.7.3 - Resolve CVE-2010-3981 [1] - Switch to options helper - Add LICENSE_FILE - Install missing files through axis2.war. Reported upstream [2] - Set architecture neutral - Take maintainer'ship - Fix permissions [1] http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981 [2] https://issues.apache.org/jira/browse/AXIS2-5816 Changelog: http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html [Q/A] portlint: OK (looks fine.) testport: poudriere: i386, 9.3 (OK) poudriere: amd64, 9.3 (OK) poudriere: i386, 10.3 (OK) poudriere: amd64, 10.3 (OK) poudriere: i386, 11 (OK) poudriere: amd64, 11 (OK) poudriere: i386, 12 (OK) poudriere: amd64, 12 (OK)
Assign to ports-secteam for resolution
A commit references this bug: Author: feld Date: Thu Oct 20 18:58:46 UTC 2016 New revision: 424346 URL: https://svnweb.freebsd.org/changeset/ports/424346 Log: www/axis2: Update to 1.7.3 - Resolve CVE-2010-3981 [1] - Switch to options helper - Add LICENSE_FILE - Install missing files through axis2.war. Reported upstream [2] - Set architecture neutral - Take maintainer'ship - Fix permissions [1] http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981 [2] https://issues.apache.org/jira/browse/AXIS2-5816 PR: 213536 MFH: 2016Q4 Security: CVE-2010-3981 Changes: head/www/axis2/Makefile head/www/axis2/distinfo head/www/axis2/pkg-plist
A commit references this bug: Author: feld Date: Thu Oct 20 18:59:24 UTC 2016 New revision: 424347 URL: https://svnweb.freebsd.org/changeset/ports/424347 Log: MFH: r424346 www/axis2: Update to 1.7.3 - Resolve CVE-2010-3981 [1] - Switch to options helper - Add LICENSE_FILE - Install missing files through axis2.war. Reported upstream [2] - Set architecture neutral - Take maintainer'ship - Fix permissions [1] http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981 [2] https://issues.apache.org/jira/browse/AXIS2-5816 PR: 213536 Security: CVE-2010-3981 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/www/axis2/Makefile branches/2016Q4/www/axis2/distinfo branches/2016Q4/www/axis2/pkg-plist
Committed, thanks!