[Git][java-team/axis][master] 6 commits: Fixed the build failure with Java 11 (Closes: #911187)
Emmanuel Bourg
gitlab at salsa.debian.org
Mon Dec 3 07:31:19 GMT 2018
Emmanuel Bourg pushed to branch master at Debian Java Maintainers / axis
Commits:
ff342518 by Emmanuel Bourg at 2018-12-02T23:18:23Z
Fixed the build failure with Java 11 (Closes: #911187)
- - - - -
6ce58504 by Emmanuel Bourg at 2018-12-02T23:18:55Z
Standards-Version updated to 4.2.1
- - - - -
8f88b95e by Emmanuel Bourg at 2018-12-02T23:38:47Z
Fixed CVE-2018-8032: Cross-site scripting (XSS) attack in the default servlet/services (Closes: #905328)
- - - - -
e9a8ab64 by Emmanuel Bourg at 2018-12-02T23:39:29Z
Use a secure URL in debian/watch
- - - - -
3469247a by Emmanuel Bourg at 2018-12-03T07:25:42Z
Fixed the generation of the javadoc
- - - - -
4e1efc36 by Emmanuel Bourg at 2018-12-03T07:25:59Z
Upload to unstable
- - - - -
7 changed files:
- debian/changelog
- debian/control
- + debian/patches/CVE-2018-8032.patch
- + debian/patches/java11-compatibility.patch
- debian/patches/java9-compatibility.patch
- debian/patches/series
- debian/watch
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+axis (1.4-28) unstable; urgency=medium
+
+ * Fixed the build failure with Java 11 (Closes: #911187)
+ * Fixed CVE-2018-8032: Cross-site scripting (XSS) attack in the default
+ servlet/services (Closes: #905328)
+ * Fixed the generation of the javadoc
+ * Standards-Version updated to 4.2.1
+
+ -- Emmanuel Bourg <ebourg at apache.org> Mon, 03 Dec 2018 08:25:51 +0100
+
axis (1.4-27) unstable; urgency=medium
* Team upload.
=====================================
debian/control
=====================================
@@ -18,7 +18,7 @@ Build-Depends:
libservlet3.1-java,
libwsdl4j-java,
maven-repo-helper
-Standards-Version: 4.1.4
+Standards-Version: 4.2.1
Vcs-Git: https://salsa.debian.org/java-team/axis.git
Vcs-Browser: https://salsa.debian.org/java-team/axis
Homepage: http://ws.apache.org/axis/
=====================================
debian/patches/CVE-2018-8032.patch
=====================================
@@ -0,0 +1,23 @@
+Description: Correctly escape namespace URIs in namespace declarations (CVE-2018-8032)
+Origin: backport, https://svn.apache.org/r1831943
+--- a/src/org/apache/axis/encoding/SerializationContext.java
++++ b/src/org/apache/axis/encoding/SerializationContext.java
+@@ -1176,12 +1176,13 @@
+ sb.append(':');
+ sb.append(map.getPrefix());
+ }
+- if ((vecQNames==null) || (vecQNames.indexOf(sb.toString())==-1)) {
++ String qname = sb.toString();
++ if ((vecQNames==null) || (vecQNames.indexOf(qname)==-1)) {
+ writer.write(' ');
+- sb.append("=\"");
+- sb.append(map.getNamespaceURI());
+- sb.append('"');
+- writer.write(sb.toString());
++ writer.write(qname);
++ writer.write("=\"");
++ getEncoder().writeEncoded(writer, map.getNamespaceURI());
++ writer.write('"');
+ }
+ }
+ }
=====================================
debian/patches/java11-compatibility.patch
=====================================
@@ -0,0 +1,38 @@
+Description: Fixes the build failure with Java 11
+Author: Emmanuel Bourg <ebourg at apache.org>
+Forwarded: no
+--- a/build.xml
++++ b/build.xml
+@@ -94,6 +94,32 @@
+ </depend>
+ <javac srcdir="${src.dir}" destdir="${build.dest}" nowarn="${nowarn}" debug="${debug}"
+ encoding="iso-8859-1"
++ deprecation="${deprecation}"
++ source="${source}"
++ target="${target}"
++ classpathref="classpath">
++ <include name="**/org/apache/axis/Constants.java"/>
++ <include name="**/org/apache/axis/Handler.java"/>
++ <include name="**/org/apache/axis/MessageContext.java"/>
++ <include name="**/org/apache/axis/components.logger.LogFactory.java"/>
++ <include name="**/org/apache/axis/utils.ClassUtils.java"/>
++ <include name="org.apache.axis.AxisFault"/>
++ <include name="org.apache.axis.handlers.soap.SOAPService"/>
++ <include name="org.apache.axis.utils.Messages"/>
++ <bootclasspath refid="boot.classpath"/>
++ </javac>
++ <!-- Compile the CORBA and EJB providers with Java 7 compatibility -->
++ <javac srcdir="${src.dir}" destdir="${build.dest}" nowarn="${nowarn}" debug="${debug}"
++ encoding="iso-8859-1"
++ deprecation="${deprecation}"
++ release="7"
++ classpathref="classpath">
++ <include name="**/*CORBAProvider.java" />
++ <include name="**/EJBProvider.java" />
++ <bootclasspath refid="boot.classpath"/>
++ </javac>
++ <javac srcdir="${src.dir}" destdir="${build.dest}" nowarn="${nowarn}" debug="${debug}"
++ encoding="iso-8859-1"
+ deprecation="${deprecation}"
+ source="${source}"
+ target="${target}"
=====================================
debian/patches/java9-compatibility.patch
=====================================
@@ -11,6 +11,14 @@ Forwarded: no
<exclude name="**/old/**/*" />
<exclude name="**/bak/**"/>
<exclude name="**/org/apache/axis/components/net/JDK14*.java" unless="jdk14.jsse.present"/>
+@@ -373,6 +374,7 @@
+ source="${source}"
+ bottom="Copyright © ${year} Apache Web Services Project. All Rights Reserved."
+ encoding="iso-8859-1"
++ excludepackagenames="org.apache.axis.enum"
+ />
+ </target>
+
--- a/src/org/apache/axis/types/UnsignedInt.java
+++ b/src/org/apache/axis/types/UnsignedInt.java
@@ -25,7 +25,7 @@
=====================================
debian/patches/series
=====================================
@@ -6,3 +6,5 @@ CVE-2014-3596.patch
ant-compatibility.patch
javadoc-encoding.patch
java9-compatibility.patch
+java11-compatibility.patch
+CVE-2018-8032.patch
=====================================
debian/watch
=====================================
@@ -1,3 +1,3 @@
version=3
opts=uversionmangle=s/_/./ \
-http://archive.apache.org/dist/ws/axis/1_4/ axis-src-(.*).tar.gz
+https://archive.apache.org/dist/ws/axis/1_4/ axis-src-(.*).tar.gz
View it on GitLab: https://salsa.debian.org/java-team/axis/compare/055d8918320d111f396fb9765d4cc72bc4d437fa...4e1efc36bb8fb27934fd6a1afb54604ffdc56504
--
View it on GitLab: https://salsa.debian.org/java-team/axis/compare/055d8918320d111f396fb9765d4cc72bc4d437fa...4e1efc36bb8fb27934fd6a1afb54604ffdc56504
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181203/e0d76bd3/attachment.html>
More information about the pkg-java-commits
mailing list