[activemq] 01/02: Fix CVE-2015-7559

[Markus Koschany]

This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch jessie
in repository activemq.

commit 98bb58341ec1b415bd622becfd7a49472705198e
Author: Markus Koschany <apo at debian.org>
Date:   Tue Apr 25 21:00:59 2017 +0200

    Fix CVE-2015-7559
---
 debian/patches/CVE-2015-7559.patch | 47 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 48 insertions(+)

diff --git a/debian/patches/CVE-2015-7559.patch b/debian/patches/CVE-2015-7559.patch
new file mode 100644
index 0000000..191603c
--- /dev/null
+++ b/debian/patches/CVE-2015-7559.patch
@@ -0,0 +1,47 @@
+From: Markus Koschany <apo at debian.org>
+Date: Tue, 25 Apr 2017 20:59:50 +0200
+Subject: CVE-2015-7559
+
+Bug-Debian: https://bugs.debian.org/860866
+Bug-Upstream: https://issues.apache.org/jira/browse/AMQ-6470
+Origin: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
+---
+ .../java/org/apache/activemq/ActiveMQConnection.java   | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
+index 57ca8f1..d5797d6 100755
+--- a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
++++ b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
+@@ -1860,7 +1860,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+ 
+                     @Override
+                     public Response processControlCommand(ControlCommand command) throws Exception {
+-                        onControlCommand(command);
+                         return null;
+                     }
+ 
+@@ -2296,23 +2295,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon
+         inputStreams.remove(stream);
+     }
+ 
+-    protected void onControlCommand(ControlCommand command) {
+-        String text = command.getCommand();
+-        if (text != null) {
+-            if ("shutdown".equals(text)) {
+-                LOG.info("JVM told to shutdown");
+-                System.exit(0);
+-            }
+-            if (false && "close".equals(text)){
+-                LOG.error("Broker " + getBrokerInfo() + "shutdown connection");
+-                try {
+-                    close();
+-                } catch (JMSException e) {
+-                }
+-            }
+-        }
+-    }
+-
+     protected void onConnectionControl(ConnectionControl command) {
+         if (command.isFaultTolerant()) {
+             this.optimizeAcknowledge = false;
diff --git a/debian/patches/series b/debian/patches/series
index 87c90b0..2ad8bdf 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ CVE-2014-3600.patch
 CVE-2014-3612.patch
 CVE-2014-3576.patch
 CVE-2015-5254.patch
+CVE-2015-7559.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git