Created attachment 176171 [details] axis2-1.7.4.patch - Update to 1.7.4 - Resolve CVE-2012-6153 and CVE-2014-3577 [1] - Not necessary axis2.war anymore. Updated upstream [2] [1] http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577 [2] https://issues.apache.org/jira/browse/AXIS2-5816 Please, hold this issue for a while, my tests on poudriere are still running (devel/llvm37 is taking too long). [Q/A] portlint: OK (looks fine.) testport: poudriere: i386, 9.3 (waiting) poudriere: amd64, 9.3 (waiting) poudriere: i386, 10.3 (waiting) poudriere: amd64, 10.3 (not tested, still building all dependencies) poudriere: i386, 11 (waiting) poudriere: amd64, 11 (waiting) poudriere: i386, 12 (waiting) poudriere: amd64, 12 (OK)
Comment on attachment 176171 [details] axis2-1.7.4.patch Tests were done, please go ahead. [Q/A] portlint: OK (looks fine.) testport: poudriere: i386, 9.3 (OK) poudriere: amd64, 9.3 (OK) poudriere: i386, 10.3 (OK) poudriere: amd64, 10.3 (OK) poudriere: i386, 11 (OK) poudriere: amd64, 11 (OK) poudriere: i386, 12 (OK) poudriere: amd64, 12 (OK)
A commit references this bug: Author: jhale Date: Mon Oct 31 07:10:44 UTC 2016 New revision: 424977 URL: https://svnweb.freebsd.org/changeset/ports/424977 Log: Update to 1.7.4 PR: 213792 Submitted by: Danilo G. Baio <dbaio@bsd.com.br> (maintainer) MFH: 2016Q4 Security: ac18046c-9b08-11e6-8011-005056925db4 Changes: head/www/axis2/Makefile head/www/axis2/distinfo head/www/axis2/pkg-plist
A commit references this bug: Author: jhale Date: Mon Oct 31 21:51:27 UTC 2016 New revision: 425031 URL: https://svnweb.freebsd.org/changeset/ports/425031 Log: MFH: r424977 Update to 1.7.4 PR: 213792 Submitted by: Danilo G. Baio <dbaio@bsd.com.br> (maintainer) Security: ac18046c-9b08-11e6-8011-005056925db4 Approved by: ports-secteam (feld) Changes: _U branches/2016Q4/ branches/2016Q4/www/axis2/Makefile branches/2016Q4/www/axis2/distinfo branches/2016Q4/www/axis2/pkg-plist
Updated in head and 2016Q4 to fix security vulnerability, thanks!