[Git][java-team/axis][master] 6 commits: Fixed the build failure with Java 11 (Closes: #911187)

Emmanuel Bourg gitlab at salsa.debian.org
Mon Dec 3 07:31:19 GMT 2018 

Emmanuel Bourg pushed to branch master at Debian Java Maintainers / axis


Commits:
ff342518 by Emmanuel Bourg at 2018-12-02T23:18:23Z
Fixed the build failure with Java 11 (Closes: #911187)

- - - - -
6ce58504 by Emmanuel Bourg at 2018-12-02T23:18:55Z
Standards-Version updated to 4.2.1

- - - - -
8f88b95e by Emmanuel Bourg at 2018-12-02T23:38:47Z
Fixed CVE-2018-8032: Cross-site scripting (XSS) attack in the default servlet/services (Closes: #905328)

- - - - -
e9a8ab64 by Emmanuel Bourg at 2018-12-02T23:39:29Z
Use a secure URL in debian/watch

- - - - -
3469247a by Emmanuel Bourg at 2018-12-03T07:25:42Z
Fixed the generation of the javadoc

- - - - -
4e1efc36 by Emmanuel Bourg at 2018-12-03T07:25:59Z
Upload to unstable

- - - - -


7 changed files:

- debian/changelog
- debian/control
- + debian/patches/CVE-2018-8032.patch
- + debian/patches/java11-compatibility.patch
- debian/patches/java9-compatibility.patch
- debian/patches/series
- debian/watch


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+axis (1.4-28) unstable; urgency=medium
+
+  * Fixed the build failure with Java 11 (Closes: #911187)
+  * Fixed CVE-2018-8032: Cross-site scripting (XSS) attack in the default
+    servlet/services (Closes: #905328)
+  * Fixed the generation of the javadoc
+  * Standards-Version updated to 4.2.1
+
+ -- Emmanuel Bourg <ebourg at apache.org>  Mon, 03 Dec 2018 08:25:51 +0100
+
 axis (1.4-27) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/control
=====================================
@@ -18,7 +18,7 @@ Build-Depends:
  libservlet3.1-java,
  libwsdl4j-java,
  maven-repo-helper
-Standards-Version: 4.1.4
+Standards-Version: 4.2.1
 Vcs-Git: https://salsa.debian.org/java-team/axis.git
 Vcs-Browser: https://salsa.debian.org/java-team/axis
 Homepage: http://ws.apache.org/axis/


=====================================
debian/patches/CVE-2018-8032.patch
=====================================
@@ -0,0 +1,23 @@
+Description: Correctly escape namespace URIs in namespace declarations (CVE-2018-8032)
+Origin: backport, https://svn.apache.org/r1831943
+--- a/src/org/apache/axis/encoding/SerializationContext.java
++++ b/src/org/apache/axis/encoding/SerializationContext.java
+@@ -1176,12 +1176,13 @@
+                         sb.append(':');
+                         sb.append(map.getPrefix());
+                     }
+-                    if ((vecQNames==null) || (vecQNames.indexOf(sb.toString())==-1)) {
++                    String qname = sb.toString();
++                    if ((vecQNames==null) || (vecQNames.indexOf(qname)==-1)) {
+                         writer.write(' ');
+-                        sb.append("=\"");
+-                        sb.append(map.getNamespaceURI());
+-                        sb.append('"');
+-                        writer.write(sb.toString());
++                        writer.write(qname);
++                        writer.write("=\"");
++                        getEncoder().writeEncoded(writer, map.getNamespaceURI());
++                        writer.write('"');
+                     }
+                 }
+             }


=====================================
debian/patches/java11-compatibility.patch
=====================================
@@ -0,0 +1,38 @@
+Description: Fixes the build failure with Java 11
+Author: Emmanuel Bourg <ebourg at apache.org>
+Forwarded: no
+--- a/build.xml
++++ b/build.xml
+@@ -94,6 +94,32 @@
+     </depend>  
+     <javac srcdir="${src.dir}" destdir="${build.dest}"  nowarn="${nowarn}" debug="${debug}"
+       encoding="iso-8859-1"
++      deprecation="${deprecation}"
++      source="${source}"
++      target="${target}"
++      classpathref="classpath">
++      <include name="**/org/apache/axis/Constants.java"/>
++      <include name="**/org/apache/axis/Handler.java"/>
++      <include name="**/org/apache/axis/MessageContext.java"/>
++      <include name="**/org/apache/axis/components.logger.LogFactory.java"/>
++      <include name="**/org/apache/axis/utils.ClassUtils.java"/>
++      <include name="org.apache.axis.AxisFault"/>
++      <include name="org.apache.axis.handlers.soap.SOAPService"/>
++      <include name="org.apache.axis.utils.Messages"/>
++      <bootclasspath refid="boot.classpath"/>
++    </javac>
++    <!-- Compile the CORBA and EJB providers with Java 7 compatibility -->
++    <javac srcdir="${src.dir}" destdir="${build.dest}"  nowarn="${nowarn}" debug="${debug}"
++      encoding="iso-8859-1"
++      deprecation="${deprecation}"
++      release="7"
++      classpathref="classpath">
++      <include name="**/*CORBAProvider.java" />
++      <include name="**/EJBProvider.java" />
++      <bootclasspath refid="boot.classpath"/>
++    </javac>
++    <javac srcdir="${src.dir}" destdir="${build.dest}"  nowarn="${nowarn}" debug="${debug}"
++      encoding="iso-8859-1"
+       deprecation="${deprecation}" 
+       source="${source}"
+       target="${target}"


=====================================
debian/patches/java9-compatibility.patch
=====================================
@@ -11,6 +11,14 @@ Forwarded: no
        <exclude name="**/old/**/*" />
        <exclude name="**/bak/**"/>
        <exclude name="**/org/apache/axis/components/net/JDK14*.java" unless="jdk14.jsse.present"/>
+@@ -373,6 +374,7 @@
+              source="${source}"
+              bottom="Copyright © ${year} Apache Web Services Project. All Rights Reserved."
+              encoding="iso-8859-1"
++             excludepackagenames="org.apache.axis.enum"
+     />
+   </target>
+ 
 --- a/src/org/apache/axis/types/UnsignedInt.java
 +++ b/src/org/apache/axis/types/UnsignedInt.java
 @@ -25,7 +25,7 @@


=====================================
debian/patches/series
=====================================
@@ -6,3 +6,5 @@ CVE-2014-3596.patch
 ant-compatibility.patch
 javadoc-encoding.patch
 java9-compatibility.patch
+java11-compatibility.patch
+CVE-2018-8032.patch


=====================================
debian/watch
=====================================
@@ -1,3 +1,3 @@
 version=3
 opts=uversionmangle=s/_/./ \
-http://archive.apache.org/dist/ws/axis/1_4/ axis-src-(.*).tar.gz 
+https://archive.apache.org/dist/ws/axis/1_4/ axis-src-(.*).tar.gz



View it on GitLab: https://salsa.debian.org/java-team/axis/compare/055d8918320d111f396fb9765d4cc72bc4d437fa...4e1efc36bb8fb27934fd6a1afb54604ffdc56504

-- 
View it on GitLab: https://salsa.debian.org/java-team/axis/compare/055d8918320d111f396fb9765d4cc72bc4d437fa...4e1efc36bb8fb27934fd6a1afb54604ffdc56504
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181203/e0d76bd3/attachment.html>

More information about the pkg-java-commits mailing list