[Git][java-team/activemq][buster] 4 commits: d/: add gitlab-ci.yaml file

Markus Koschany (@apo) gitlab at salsa.debian.org
Sat Feb 8 18:27:46 GMT 2025 


Markus Koschany pushed to branch buster at Debian Java Maintainers / activemq


Commits:
5d9cde5a by Arturo Borrero Gonzalez at 2024-11-24T18:23:09+01:00
d/: add gitlab-ci.yaml file

To enable CI on gitlab.

Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>

- - - - -
5ecbd7de by Arturo Borrero Gonzalez at 2024-11-24T18:24:17+01:00
CI: rename config file to d/salsa-ci.yml

Which is the default in salsa.d.o.

Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>

- - - - -
9f5a10b6 by Arturo Borrero Gonzalez at 2024-11-24T18:39:31+01:00
activemq: add patch for CVE-2022-41678

New patch to fix CVE-2022-41678.

Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>

- - - - -
64cf2778 by Arturo Borrero Gonzalez at 2024-11-25T23:05:25+01:00
d/changelog: generate entry for 5.15.16-0+deb10u2 buster-security

New changelog entry.

Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>

- - - - -


4 changed files:

- debian/changelog
- + debian/patches/CVE-2022-41678.patch
- debian/patches/series
- + debian/salsa-ci.yml


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+activemq (5.15.16-0+deb10u2) buster-security; urgency=medium
+
+  * Non-maintainer upload by the ELTS Security Team.
+  * activemq: enable salsa-ci
+  * activemq: add patch to fix CVE-2022-41678
+
+ -- Arturo Borrero Gonzalez <arturo at debian.org>  Mon, 25 Nov 2024 23:03:59 +0100
+
 activemq (5.15.16-0+deb10u1) buster-security; urgency=high
 
   * Team upload.


=====================================
debian/patches/CVE-2022-41678.patch
=====================================
@@ -0,0 +1,65 @@
+Origin: https://github.com/apache/activemq/commit/5c8d457d9fcef194ea89f969b822850837143c5f
+
+From 5c8d457d9fcef194ea89f969b822850837143c5f Mon Sep 17 00:00:00 2001
+From: "Christopher L. Shannon (cshannon)" <christopher.l.shannon at gmail.com>
+Date: Wed, 1 Feb 2023 07:04:56 -0500
+Subject: [PATCH] AMQ-9201 - Update Jolokia default access configuration
+
+(cherry picked from commit 6120169e563b55323352431dfe9ac67a8b4de6c2)
+---
+ .../api/WEB-INF/classes/jolokia-access.xml    | 34 ++++++++++++++++++-
+ 1 file changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
+index 8cad1cd40e4..97b099a5b7f 100644
+--- a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
++++ b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
+@@ -22,8 +22,35 @@
+     <strict-checking/>
+   </cors>
+ 
+-  <!-- deny calling operations or getting attributes from these mbeans -->
++  <!-- By default don't allow write or exec operations -->
++  <commands>
++    <command>read</command>
++    <command>list</command>
++    <command>version</command>
++    <command>search</command>
++  </commands>
++
++  <allow>
++    <!-- Allow all operations for the broker itself -->
++    <mbean>
++      <name>org.apache.activemq:*</name>
++      <attribute>*</attribute>
++      <operation>*</operation>
++    </mbean>
++    <!-- Allow all operations for Jolokia Config -->
++    <mbean>
++      <name>jolokia:type=Config</name>
++      <operation>*</operation>
++    </mbean>
++  </allow>
++
++  <!-- deny all operations or getting attributes from these mbeans -->
+   <deny>
++    <mbean>
++      <name>org.apache.logging.log4j2:*</name>
++      <attribute>*</attribute>
++      <operation>*</operation>
++    </mbean>
+     <mbean>
+       <name>com.sun.management:type=DiagnosticCommand</name>
+       <attribute>*</attribute>
+@@ -34,6 +61,11 @@
+       <attribute>*</attribute>
+       <operation>*</operation>
+     </mbean>
++    <mbean>
++      <name>jdk.management.jfr:type=FlightRecorder</name>
++      <attribute>*</attribute>
++      <operation>*</operation>
++    </mbean>
+   </deny>
+ 
+ </restrict>


=====================================
debian/patches/series
=====================================
@@ -5,3 +5,4 @@ disable-broker-test-dependency.patch
 enable-activemq-jdbc-store-module.patch
 maven-xbean-plugin.patch
 java11.patch
+CVE-2022-41678.patch


=====================================
debian/salsa-ci.yml
=====================================
@@ -0,0 +1,3 @@
+---
+include:
+  - https://salsa.debian.org/lts-team/pipeline/raw/master/recipes/buster.yml



View it on GitLab: https://salsa.debian.org/java-team/activemq/-/compare/6ab409cda9022ce5ac7d80da820fb2df2216b5c2...64cf277854c98e9224890c2f51c6426fa00d4771

-- 
View it on GitLab: https://salsa.debian.org/java-team/activemq/-/compare/6ab409cda9022ce5ac7d80da820fb2df2216b5c2...64cf277854c98e9224890c2f51c6426fa00d4771
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20250208/4092ffbc/attachment.htm>

More information about the pkg-java-commits mailing list