[activemq] 01/02: Fix CVE-2017-7559

[Markus Koschany]

This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch master
in repository activemq.

commit f25d1922b1221f9ad8bf44825827cb12e4c19084
Author: Markus Koschany <apo at debian.org>
Date:   Fri Apr 21 16:24:09 2017 +0200

    Fix CVE-2017-7559
    
    Closes: #860866
    Thanks: Salvatore Bonaccorso for the report.
---
 debian/patches/CVE-2017-7559.patch | 49 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 50 insertions(+)

diff --git a/debian/patches/CVE-2017-7559.patch b/debian/patches/CVE-2017-7559.patch
new file mode 100644
index 0000000..3bfeda8
--- /dev/null
+++ b/debian/patches/CVE-2017-7559.patch
@@ -0,0 +1,49 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 21 Apr 2017 16:22:32 +0200
+Subject: CVE-2017-7559
+
+Bug-Debian: https://bugs.debian.org/860866
+Bug-Upstream: https://issues.apache.org/jira/browse/AMQ-6470
+Origin: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
+---
+ .../java/org/apache/activemq/ActiveMQConnection.java | 20 --------------------
+ 1 file changed, 20 deletions(-)
+
+diff --git a/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java b/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
+index 1f360cb..8e6c157 100755
+--- a/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
++++ b/activemq-client/src/main/java/org/apache/activemq/ActiveMQConnection.java
+@@ -1873,7 +1873,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+ 
+                     @Override
+                     public Response processControlCommand(ControlCommand command) throws Exception {
+-                        onControlCommand(command);
+                         return null;
+                     }
+ 
+@@ -2221,25 +2220,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+         }
+     }
+ 
+-    protected void onControlCommand(ControlCommand command) {
+-        String text = command.getCommand();
+-        if (text != null) {
+-            if ("shutdown".equals(text)) {
+-                LOG.info("JVM told to shutdown");
+-                System.exit(0);
+-            }
+-
+-            // TODO Should we handle the "close" case?
+-            // if (false && "close".equals(text)){
+-            //     LOG.error("Broker " + getBrokerInfo() + "shutdown connection");
+-            //     try {
+-            //         close();
+-            //     } catch (JMSException e) {
+-            //     }
+-            // }
+-        }
+-    }
+-
+     protected void onConnectionControl(ConnectionControl command) {
+         if (command.isFaultTolerant()) {
+             this.optimizeAcknowledge = false;
diff --git a/debian/patches/series b/debian/patches/series
index 6a549fd..9e92623 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ init-debian-default-values.patch
 activemq-spring.patch
 activemq-client-jar.patch
 disable-broker-test-dependency.patch
+CVE-2017-7559.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git