[SCM] Debian packaging for activemq branch, master, updated. debian/5.5.0+dfsg-4-1-ga4c5af4

Damien Raude-Morvan drazzib at debian.org
Sun Jan 15 19:08:38 UTC 2012 

The following commit has been merged in the master branch:
commit a4c5af40a80bb93cb977f13a1a1d766949851968
Author: Damien Raude-Morvan <drazzib at debian.org>
Date:   Sun Jan 15 19:41:34 2012 +0100

    Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream patch on failover feature. (Closes: #655495).
    
    * Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream
      patch on failover feature. (Closes: #655495).
    * Set urgency=high for security fix.

diff --git a/debian/changelog b/debian/changelog
index f97e88a..39e67ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+activemq (5.5.0+dfsg-5) unstable; urgency=high
+
+  * Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream
+    patch on failover feature. (Closes: #655495).
+  * Set urgency=high for security fix.
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sun, 15 Jan 2012 19:38:21 +0100
+
 activemq (5.5.0+dfsg-4) unstable; urgency=low
 
   * d/activemq.init: Merge change proposed by Jonas Genannt to allow
diff --git a/debian/patches/CVE-2011-4605.diff b/debian/patches/CVE-2011-4605.diff
new file mode 100644
index 0000000..4e36785
--- /dev/null
+++ b/debian/patches/CVE-2011-4605.diff
@@ -0,0 +1,98 @@
+Description: Fix for CVE-2011-4905
+Bug-vendor: https://issues.apache.org/jira/browse/AMQ-3294
+Applied-Upstream: http://svn.apache.org/viewvc?view=revision&revision=1209700,
+ http://svn.apache.org/viewvc?view=revision&revision=1209841,
+ http://svn.apache.org/viewvc?view=revision&revision=1211844,
+ http://svn.apache.org/viewvc?view=revision&revision=1213642
+--- a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
++++ b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java
+@@ -1292,10 +1292,17 @@
+                         }
+                         JMSException jmsEx = null;
+                         try {
+-                         jmsEx = JMSExceptionSupport.create(er.getException());
++                            jmsEx = JMSExceptionSupport.create(er.getException());
+                         }catch(Throwable e) {
+                             LOG.error("Caught an exception trying to create a JMSException for " +er.getException(),e);
+                         }
++                        //dispose of transport for security exceptions
++                        if (er.getException() instanceof SecurityException){
++                            Transport t = this.transport;
++                            if (null != t){
++                                ServiceSupport.dispose(t);
++                            }
++                        }
+                         if(jmsEx !=null) {
+                             throw jmsEx;
+                         }
+@@ -1504,6 +1511,12 @@
+         started.set(false);
+     }
+ 
++    public void finalize() throws Throwable{
++        if (scheduler != null){
++            scheduler.stop();
++        }
++    }
++
+     /**
+      * Changes the associated username/password that is associated with this
+      * connection. If the connection has been used, you must called cleanup()
+@@ -2206,10 +2219,17 @@
+     protected void onControlCommand(ControlCommand command) {
+         String text = command.getCommand();
+         if (text != null) {
+-            if (text.equals("shutdown")) {
++            if ("shutdown".equals(text)) {
+                 LOG.info("JVM told to shutdown");
+                 System.exit(0);
+             }
++            if (false && "close".equals(text)){
++                LOG.error("Broker " + getBrokerInfo() + "shutdown connection");
++                try {
++                    close();
++                } catch (JMSException e) {
++                }
++            }
+         }
+     }
+ 
+--- a/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnection.java
++++ b/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnection.java
+@@ -311,6 +311,10 @@
+             }
+             if (responseRequired) {
+                 response = new ExceptionResponse(e);
++                if(e instanceof java.lang.SecurityException){
++                    //still need to close this down - incase the peer of this transport doesn't play nice
++                    delayedStop(2000, "Failed with SecurityException: " + e.getLocalizedMessage());
++                }
+             } else {
+                 serviceException(e);
+             }
+@@ -932,6 +936,25 @@
+         }
+     }
+ 
++    public void delayedStop(final int waitTime, final String reason) {
++        if (waitTime > 0) {
++            try {
++                DefaultThreadPools.getDefaultTaskRunnerFactory().execute(new Runnable() {
++                    public void run() {
++                        try {
++                            Thread.sleep(waitTime);
++                            stopAsync();
++                            LOG.info("Stopping " + transport.getRemoteAddress() + " because " + reason);
++                        } catch (InterruptedException e) {
++                        }
++                    }
++                }, "delayedStop:" + transport.getRemoteAddress());
++            } catch (Throwable t) {
++                LOG.warn("cannot create stopAsync :", t);
++            }
++        }
++    }
++
+     public void stopAsync() {
+         // If we're in the middle of starting
+         // then go no further... for now.
diff --git a/debian/patches/series b/debian/patches/series
index 215555a..7b60e01 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ exclude_geronimo_jca.diff
 exclude_spring_osgi.diff
 javadoc_links.diff
 init_debian_default_values.diff
+CVE-2011-4605.diff

-- 
Debian packaging for activemq

More information about the pkg-java-commits mailing list