[activemq] 01/02: Fix CVE-2017-7559
Markus Koschany
apo at moszumanska.debian.org
Fri Apr 21 15:23:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch master
in repository activemq.
commit f25d1922b1221f9ad8bf44825827cb12e4c19084
Author: Markus Koschany <apo at debian.org>
Date: Fri Apr 21 16:24:09 2017 +0200
Fix CVE-2017-7559
Closes: #860866
Thanks: Salvatore Bonaccorso for the report.
---
debian/patches/CVE-2017-7559.patch | 49 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 50 insertions(+)
diff --git a/debian/patches/CVE-2017-7559.patch b/debian/patches/CVE-2017-7559.patch
new file mode 100644
index 0000000..3bfeda8
--- /dev/null
+++ b/debian/patches/CVE-2017-7559.patch
@@ -0,0 +1,49 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 21 Apr 2017 16:22:32 +0200
+Subject: CVE-2017-7559
+
+Bug-Debian: https://bugs.debian.org/860866
+Bug-Upstream: https://issues.apache.org/jira/browse/AMQ-6470
+Origin: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
+---
+ .../java/org/apache/activemq/ActiveMQConnection.java | 20 --------------------
+ 1 file changed, 20 deletions(-)
+
+diff --git a/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java b/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
+index 1f360cb..8e6c157 100755
+--- a/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
++++ b/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
+@@ -1873,7 +1873,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+
+ @Override
+ public Response processControlCommand(ControlCommand command) throws Exception {
+- onControlCommand(command);
+ return null;
+ }
+
+@@ -2221,25 +2220,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+ }
+ }
+
+- protected void onControlCommand(ControlCommand command) {
+- String text = command.getCommand();
+- if (text != null) {
+- if ("shutdown".equals(text)) {
+- LOG.info("JVM told to shutdown");
+- System.exit(0);
+- }
+-
+- // TODO Should we handle the "close" case?
+- // if (false && "close".equals(text)){
+- // LOG.error("Broker " + getBrokerInfo() + "shutdown connection");
+- // try {
+- // close();
+- // } catch (JMSException e) {
+- // }
+- // }
+- }
+- }
+-
+ protected void onConnectionControl(ConnectionControl command) {
+ if (command.isFaultTolerant()) {
+ this.optimizeAcknowledge = false;
diff --git a/debian/patches/series b/debian/patches/series
index 6a549fd..9e92623 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ init-debian-default-values.patch
activemq-spring.patch
activemq-client-jar.patch
disable-broker-test-dependency.patch
+CVE-2017-7559.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git
More information about the pkg-java-commits
mailing list