Bug 213792

Summary: www/axis2: Update to 1.7.4, Security Vulnerability
Product: Ports & Packages Reporter: Danilo G. Baio <dbaio>
Component: Individual Port(s)Assignee: Jason E. Hale <jhale>
Status: Closed FIXED    
Severity: Affects Some People CC: jhale, ports-secteam
Priority: --- Keywords: patch, security
Version: LatestFlags: dbaio: merge-quarterly?
Hardware: Any   
OS: Any   
Bug Depends on: 213791    
Bug Blocks:    
Attachments:
Description Flags
axis2-1.7.4.patch dbaio: maintainer-approval+

Description Danilo G. Baio freebsd_committer freebsd_triage 2016-10-26 00:55:54 UTC 
Created attachment 176171 [details]
axis2-1.7.4.patch

- Update to 1.7.4
- Resolve CVE-2012-6153 and CVE-2014-3577 [1]
- Not necessary axis2.war anymore. Updated upstream [2]

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Please, hold this issue for a while, my tests on poudriere are still running (devel/llvm37 is taking too long). 

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (waiting)
	poudriere: amd64, 9.3   (waiting)
	poudriere: i386,  10.3  (waiting)
	poudriere: amd64, 10.3  (not tested, still building all dependencies)
	poudriere: i386,  11    (waiting)
	poudriere: amd64, 11    (waiting)
	poudriere: i386,  12    (waiting)
	poudriere: amd64, 12    (OK)
Comment 1 Danilo G. Baio freebsd_committer freebsd_triage 2016-10-26 15:59:51 UTC 
Comment on attachment 176171 [details]
axis2-1.7.4.patch


Tests were done, please go ahead.

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (OK)
	poudriere: amd64, 9.3   (OK)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (OK)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-10-31 07:11:17 UTC 
A commit references this bug:

Author: jhale
Date: Mon Oct 31 07:10:44 UTC 2016
New revision: 424977
URL: https://svnweb.freebsd.org/changeset/ports/424977

Log:
  Update to 1.7.4

  PR:		213792
  Submitted by:	Danilo G. Baio <dbaio@bsd.com.br> (maintainer)
  MFH:		2016Q4
  Security:	ac18046c-9b08-11e6-8011-005056925db4

Changes:
  head/www/axis2/Makefile
  head/www/axis2/distinfo
  head/www/axis2/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-31 21:52:02 UTC 
A commit references this bug:

Author: jhale
Date: Mon Oct 31 21:51:27 UTC 2016
New revision: 425031
URL: https://svnweb.freebsd.org/changeset/ports/425031

Log:
  MFH: r424977

  Update to 1.7.4

  PR:		213792
  Submitted by:	Danilo G. Baio <dbaio@bsd.com.br> (maintainer)
  Security:	ac18046c-9b08-11e6-8011-005056925db4

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/axis2/Makefile
  branches/2016Q4/www/axis2/distinfo
  branches/2016Q4/www/axis2/pkg-plist
Comment 4 Jason E. Hale freebsd_committer freebsd_triage 2016-10-31 21:58:24 UTC 
Updated in head and 2016Q4 to fix security vulnerability, thanks!