Bug 213792 - www/axis2: Update to 1.7.4, Security Vulnerability
Summary: www/axis2: Update to 1.7.4, Security Vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason E. Hale
URL:
Keywords: patch, security
Depends on: 213791
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-26 00:55 UTC by Danilo G. Baio
Modified: 2016-10-31 21:58 UTC (History)
2 users (show)

See Also:
dbaio: merge-quarterly?

Attachments
axis2-1.7.4.patch (5.93 KB, patch)
2016-10-26 00:55 UTC, Danilo G. Baio 		dbaio: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Danilo G. Baio freebsd_committer freebsd_triage 2016-10-26 00:55:54 UTC 
Created attachment 176171 [details]
axis2-1.7.4.patch

- Update to 1.7.4
- Resolve CVE-2012-6153 and CVE-2014-3577 [1]
- Not necessary axis2.war anymore. Updated upstream [2]

[1]  http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577

[2]  https://issues.apache.org/jira/browse/AXIS2-5816


Please, hold this issue for a while, my tests on poudriere are still running (devel/llvm37 is taking too long). 

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (waiting)
	poudriere: amd64, 9.3   (waiting)
	poudriere: i386,  10.3  (waiting)
	poudriere: amd64, 10.3  (not tested, still building all dependencies)
	poudriere: i386,  11    (waiting)
	poudriere: amd64, 11    (waiting)
	poudriere: i386,  12    (waiting)
	poudriere: amd64, 12    (OK)
Comment 1 Danilo G. Baio freebsd_committer freebsd_triage 2016-10-26 15:59:51 UTC 
Comment on attachment 176171 [details]
axis2-1.7.4.patch


Tests were done, please go ahead.

[Q/A]

portlint: OK (looks fine.)
testport: 
	poudriere: i386,  9.3   (OK)
	poudriere: amd64, 9.3   (OK)
	poudriere: i386,  10.3  (OK)
	poudriere: amd64, 10.3  (OK)
	poudriere: i386,  11    (OK)
	poudriere: amd64, 11    (OK)
	poudriere: i386,  12    (OK)
	poudriere: amd64, 12    (OK)
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-10-31 07:11:17 UTC 
A commit references this bug:

Author: jhale
Date: Mon Oct 31 07:10:44 UTC 2016
New revision: 424977
URL: https://svnweb.freebsd.org/changeset/ports/424977

Log:
  Update to 1.7.4

  PR:		213792
  Submitted by:	Danilo G. Baio <dbaio@bsd.com.br> (maintainer)
  MFH:		2016Q4
  Security:	ac18046c-9b08-11e6-8011-005056925db4

Changes:
  head/www/axis2/Makefile
  head/www/axis2/distinfo
  head/www/axis2/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-31 21:52:02 UTC 
A commit references this bug:

Author: jhale
Date: Mon Oct 31 21:51:27 UTC 2016
New revision: 425031
URL: https://svnweb.freebsd.org/changeset/ports/425031

Log:
  MFH: r424977

  Update to 1.7.4

  PR:		213792
  Submitted by:	Danilo G. Baio <dbaio@bsd.com.br> (maintainer)
  Security:	ac18046c-9b08-11e6-8011-005056925db4

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/axis2/Makefile
  branches/2016Q4/www/axis2/distinfo
  branches/2016Q4/www/axis2/pkg-plist
Comment 4 Jason E. Hale freebsd_committer freebsd_triage 2016-10-31 21:58:24 UTC 
Updated in head and 2016Q4 to fix security vulnerability, thanks!