Bug 213536

Summary: www/axis2: Update to 1.7.3, Security Vulnerability, Take MAINTAINER'ship
Product: Ports & Packages Reporter: Danilo G. Baio <dbaio>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Some People CC: feld, ports-secteam
Priority: --- Keywords: patch, security
Version: LatestFlags: feld: merge-quarterly+
Hardware: Any   
OS: Any   
Bug Depends on: 213546    
Bug Blocks:    
Attachments:
Description Flags
axis2-1.7.3-v02.patch
vlad-fbsd: maintainer-approval+
vuxml-axis2.patch
none
axis2-1.7.3-v03.patch dbaio: maintainer-approval+

Description Danilo G. Baio freebsd_committer freebsd_triage 2016-10-16 15:20:23 UTC 
Created attachment 175824 [details]
axis2-1.7.3-v02.patch

- Update to 1.7.3 
- Resolve CVE-2010-3981 [1]
- Switch to options helper
- Add LICENSE_FILE
- Install missing files through axis2.war. Reported upstream [2]
- Set architecture neutral
- Take maintainer'ship

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Changelog:
http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html

[QA]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (not tested, still building all dependencies)
	poudriere: amd64, 9.3   (not tested, still building all dependencies)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (not tested, still building all dependencies)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)
Comment 1 Danilo G. Baio freebsd_committer freebsd_triage 2016-10-16 15:21:11 UTC 
Created attachment 175825 [details]
vuxml-axis2.patch


- Document www/axis2 vulnerability
Comment 2 VK 2016-10-16 17:02:19 UTC 
Comment on attachment 175824 [details]
axis2-1.7.3-v02.patch

Implicit approval, the port has no maintainer.
Comment 3 Danilo G. Baio freebsd_committer freebsd_triage 2016-10-16 20:04:19 UTC 
Comment on attachment 175825 [details]
vuxml-axis2.patch

Patch on bug 213546
Comment 4 Danilo G. Baio freebsd_committer freebsd_triage 2016-10-20 00:05:03 UTC 
Created attachment 175956 [details]
axis2-1.7.3-v03.patch


Q/A under 9.3 showed permission problems, updating patch.

- Update to 1.7.3 
- Resolve CVE-2010-3981 [1]
- Switch to options helper
- Add LICENSE_FILE
- Install missing files through axis2.war. Reported upstream [2]
- Set architecture neutral
- Take maintainer'ship
- Fix permissions

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Changelog:
http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (OK)
	poudriere: amd64, 9.3   (OK)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (OK)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-20 03:14:48 UTC 
Assign to ports-secteam for resolution
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-10-20 18:59:28 UTC 
A commit references this bug:

Author: feld
Date: Thu Oct 20 18:58:46 UTC 2016
New revision: 424346
URL: https://svnweb.freebsd.org/changeset/ports/424346

Log:
  www/axis2: Update to 1.7.3

  - Resolve CVE-2010-3981 [1]
  - Switch to options helper
  - Add LICENSE_FILE
  - Install missing files through axis2.war. Reported upstream [2]
  - Set architecture neutral
  - Take maintainer'ship
  - Fix permissions

  [1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

  [2]  https://issues.apache.org/jira/browse/AXIS2-5816

  PR:		213536
  MFH:		2016Q4
  Security:	CVE-2010-3981

Changes:
  head/www/axis2/Makefile
  head/www/axis2/distinfo
  head/www/axis2/pkg-plist
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-10-20 18:59:30 UTC 
A commit references this bug:

Author: feld
Date: Thu Oct 20 18:59:24 UTC 2016
New revision: 424347
URL: https://svnweb.freebsd.org/changeset/ports/424347

Log:
  MFH: r424346

  www/axis2: Update to 1.7.3

  - Resolve CVE-2010-3981 [1]
  - Switch to options helper
  - Add LICENSE_FILE
  - Install missing files through axis2.war. Reported upstream [2]
  - Set architecture neutral
  - Take maintainer'ship
  - Fix permissions

  [1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981

  [2]  https://issues.apache.org/jira/browse/AXIS2-5816

  PR:		213536
  Security:	CVE-2010-3981

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/axis2/Makefile
  branches/2016Q4/www/axis2/distinfo
  branches/2016Q4/www/axis2/pkg-plist
Comment 8 Mark Felder freebsd_committer freebsd_triage 2016-10-20 18:59:39 UTC 
Committed, thanks!