[activemq] 01/02: Fix CVE-2015-7559
Markus Koschany
apo at moszumanska.debian.org
Tue Apr 25 19:28:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository activemq.
commit 98bb58341ec1b415bd622becfd7a49472705198e
Author: Markus Koschany <apo at debian.org>
Date: Tue Apr 25 21:00:59 2017 +0200
Fix CVE-2015-7559
---
debian/patches/CVE-2015-7559.patch | 47 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 48 insertions(+)
diff --git a/debian/patches/CVE-2015-7559.patch b/debian/patches/CVE-2015-7559.patch
new file mode 100644
index 0000000..191603c
--- /dev/null
+++ b/debian/patches/CVE-2015-7559.patch
@@ -0,0 +1,47 @@
+From: Markus Koschany <apo at debian.org>
+Date: Tue, 25 Apr 2017 20:59:50 +0200
+Subject: CVE-2015-7559
+
+Bug-Debian: https://bugs.debian.org/860866
+Bug-Upstream: https://issues.apache.org/jira/browse/AMQ-6470
+Origin: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
+---
+ .../java/org/apache/activemq/ActiveMQConnection.java | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
+index 57ca8f1..d5797d6 100755
+--- a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
++++ b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
+@@ -1860,7 +1860,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+
+ @Override
+ public Response processControlCommand(ControlCommand command) throws Exception {
+- onControlCommand(command);
+ return null;
+ }
+
+@@ -2296,23 +2295,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+ inputStreams.remove(stream);
+ }
+
+- protected void onControlCommand(ControlCommand command) {
+- String text = command.getCommand();
+- if (text != null) {
+- if ("shutdown".equals(text)) {
+- LOG.info("JVM told to shutdown");
+- System.exit(0);
+- }
+- if (false && "close".equals(text)){
+- LOG.error("Broker " + getBrokerInfo() + "shutdown connection");
+- try {
+- close();
+- } catch (JMSException e) {
+- }
+- }
+- }
+- }
+-
+ protected void onConnectionControl(ConnectionControl command) {
+ if (command.isFaultTolerant()) {
+ this.optimizeAcknowledge = false;
diff --git a/debian/patches/series b/debian/patches/series
index 87c90b0..2ad8bdf 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ CVE-2014-3600.patch
CVE-2014-3612.patch
CVE-2014-3576.patch
CVE-2015-5254.patch
+CVE-2015-7559.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git
More information about the pkg-java-commits
mailing list