[Git][java-team/activemq][jessie] 15 commits: activemq: enable CI on salsa.d.o
Markus Koschany (@apo)
gitlab at salsa.debian.org
Sat Feb 8 18:27:51 GMT 2025
Markus Koschany pushed to branch jessie at Debian Java Maintainers / activemq
Commits:
12af020e by Arturo Borrero Gonzalez at 2024-11-24T19:01:02+01:00
activemq: enable CI on salsa.d.o
Enable salsa CI.
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
6dd9efc8 by Arturo Borrero Gonzalez at 2024-12-05T11:24:26+01:00
activemq: fix CVE-2020-13920
Add patch to fix CVE-2020-13920.
This is an adaptation of the patch that was introduced for Debian Stretch in:
https://salsa.debian.org/lts-team/packages/activemq/-/blob/stretch/debian/patches/CVE-2020-13920.patch
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
ff3e060a by Arturo Borrero Gonzalez at 2024-12-05T11:45:22+01:00
activemq: fix CVE-2021-26117
Add patch to fix CVE-2021-26117.
It is partially based on the Debian Stretch version, plus some
manual adjustements.
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
aa25a6d6 by Arturo Borrero Gonzalez at 2024-12-05T11:49:14+01:00
d/changelog: generate entry for 5.6.0+dfsg1-4+deb8u4 jessie
New changelog entry.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
6f06fb5e by Arturo Borrero Gonzalez at 2024-12-05T13:17:53+01:00
activemq: fix FTBFS due to wrong packaging type
Adjust packaging type to fix FTBFS.
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
07ce4fc7 by Arturo Borrero Gonzalez at 2024-12-13T11:22:34+01:00
d/p/CVE-2021-26117.patch: refresh metadata
Refresh metadata to match the file in the Stretch branch.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
4b6543be by Arturo Borrero Gonzalez at 2024-12-13T11:23:51+01:00
d/p/: refresh Last-Update entry
Refresh the Last-Update entry for these patches.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
8b884a63 by Arturo Borrero Gonzalez at 2024-12-29T12:35:28+01:00
d/changelog: fix typo in ELTS statement
Correct the wording.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
6a11c6f5 by Arturo Borrero Gonzalez at 2024-12-29T13:02:21+01:00
d/patches: refresh metadata
Use DEP-3 style 'backport' notation, update the author to point to me (author of the
backport), and remove redundant fields.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
dec12999 by Arturo Borrero Gonzalez at 2024-12-29T13:10:35+01:00
d/changelog: mention patch to fix FTBFS
Add changelog line.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
4226428c by Arturo Borrero Gonzalez at 2025-01-10T10:36:18+01:00
CVE-2023-46604: add fix
Add patch to fix CVE-2023-46604.
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
fe0cc336 by Arturo Borrero Gonzalez at 2025-01-10T10:41:45+01:00
d/p/CVE-2023-46604.patch: refresh metadata
Refresh patch metadata.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
766f4439 by Arturo Borrero Gonzalez at 2025-01-14T11:28:29+01:00
activemq: fix CVE-2018-11775
Add patch to fix CVE-2018-11775.
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
a2388f0d by Arturo Borrero Gonzalez at 2025-01-14T12:13:56+01:00
d/changelog: refresh entry
Refresh changelog entry.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
4c47c591 by Arturo Borrero Gonzalez at 2025-01-21T12:43:51+01:00
d/changelog: refresh wording
Refresh changelog wording.
Git-Dch: Ignore
Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>
- - - - -
8 changed files:
- debian/changelog
- + debian/patches/CVE-2018-11775.patch
- + debian/patches/CVE-2020-13920.patch
- + debian/patches/CVE-2021-26117.patch
- + debian/patches/CVE-2023-46604.patch
- + debian/patches/activemq-fileserver-jar.patch
- debian/patches/series
- + debian/salsa-ci.yml
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,15 @@
+activemq (5.6.0+dfsg1-4+deb8u4) jessie; urgency=medium
+
+ * Non-maintainer upload by the ELTS Team.
+ * activemq: enable CI on salsa.d.o
+ * fix CVE-2020-13920: JMX RMI man in the middle
+ * fix CVE-2021-26117: LDAP password login check
+ * Add d/patches/activemq-fileserver-jar.patch to fix FTBFS.
+ * fix CVE-2023-46604: OpenWire remote code execution
+ * fix CVE-2018-11775: TLS hostname verification
+
+ -- Arturo Borrero Gonzalez <arturo at debian.org> Tue, 14 Jan 2025 12:13:00 +0100
+
activemq (5.6.0+dfsg1-4+deb8u3) jessie; urgency=medium
* Team upload.
=====================================
debian/patches/CVE-2018-11775.patch
=====================================
@@ -0,0 +1,207 @@
+From: Arturo Borrero Gonzalez <arturo at debian.org>
+Subject: CVE-2018-11775
+Origin: backport, https://salsa.debian.org/lts-team/packages/activemq/-/blob/stretch/debian/patches/CVE-2018-11775.patch
+Last-Update: 2025-01-13
+
+--- a/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
++++ b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
+@@ -40,6 +40,7 @@
+ protected boolean needClientAuth;
+ protected boolean wantClientAuth;
+ protected String[] enabledCipherSuites;
++ protected boolean verifyHostName = false;
+
+ protected SSLContext sslContext;
+ protected SSLEngine sslEngine;
+@@ -74,6 +75,13 @@
+
+ // initialize engine
+ sslEngine = sslContext.createSSLEngine();
++
++ if (verifyHostName) {
++ SSLParameters sslParams = new SSLParameters();
++ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
++ sslEngine.setSSLParameters(sslParams);
++ }
++
+ sslEngine.setUseClientMode(false);
+ if (enabledCipherSuites != null) {
+ sslEngine.setEnabledCipherSuites(enabledCipherSuites);
+@@ -297,4 +305,12 @@
+ public void setEnabledCipherSuites(String[] enabledCipherSuites) {
+ this.enabledCipherSuites = enabledCipherSuites;
+ }
++
++ public boolean isVerifyHostName() {
++ return verifyHostName;
++ }
++
++ public void setVerifyHostName(boolean verifyHostName) {
++ this.verifyHostName = verifyHostName;
++ }
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
++++ b/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+@@ -18,10 +18,13 @@
+ package org.apache.activemq.transport.tcp;
+
+ import java.io.IOException;
++import java.net.Socket;
++import java.net.SocketException;
+ import java.net.URI;
+ import java.net.UnknownHostException;
+ import java.security.cert.X509Certificate;
+
++import javax.net.ssl.SSLParameters;
+ import javax.net.ssl.SSLPeerUnverifiedException;
+ import javax.net.ssl.SSLSession;
+ import javax.net.ssl.SSLSocket;
+@@ -62,6 +65,8 @@
+ }
+ }
+
++ private Boolean verifyHostName = null;
++
+ /**
+ * Initialize from a ServerSocket. No access to needClientAuth is given
+ * since it is already set within the provided socket.
+@@ -90,7 +95,11 @@
+ }
+ super.doConsume(command);
+ }
+-
++
++ public void setVerifyHostName(Boolean verifyHostName) {
++ this.verifyHostName = verifyHostName;
++ }
++
+ /**
+ * @return peer certificate chain associated with the ssl socket
+ */
+@@ -110,6 +119,38 @@
+ return clientCertChain;
+ }
+
++ @Override
++ protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
++ //This needs to default to null because this transport class is used for both a server transport
++ //and a client connection and if we default it to a value it might override the transport server setting
++ //that was configured inside TcpTransportServer
++
++ //The idea here is that if this is a server transport then verifyHostName will be set by the setter
++ //below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName
++ //then it will be null and we can check socketOptions
++
++ //Unfortunately we have to do this to stay consistent because every other SSL option on the client
++ //side is configured using socket. but this particular option isn't actually part of the socket
++ //so it makes it tricky
++ if (verifyHostName == null) {
++ if (socketOptions != null && socketOptions.containsKey("verifyHostName")) {
++ verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
++ socketOptions.remove("verifyHostName");
++ } else {
++ //If null and not set then this is a client so default to true
++ verifyHostName = true;
++ }
++ }
++
++ if (verifyHostName) {
++ SSLParameters sslParams = new SSLParameters();
++ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
++ ((SSLSocket)this.socket).setSSLParameters(sslParams);
++ }
++
++ super.initialiseSocket(sock);
++ }
++
+ /**
+ * @return pretty print of 'this'
+ */
+--- a/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
++++ b/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
+@@ -104,6 +104,7 @@
+ *
+ * @throws IOException passed up from TcpTransportServer.
+ */
++ @Override
+ public void bind() throws IOException {
+ super.bind();
+ if (needClientAuth) {
+@@ -123,6 +124,7 @@
+ * @return The newly return (SSL) Transport.
+ * @throws IOException
+ */
++ @Override
+ protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
+ return new SslTransport(format, (SSLSocket)socket);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
++++ b/activemq-core/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
+@@ -129,7 +129,7 @@
+ protected SocketFactory socketFactory;
+ protected final AtomicReference<CountDownLatch> stoppedLatch = new AtomicReference<CountDownLatch>();
+
+- private Map<String, Object> socketOptions;
++ protected Map<String, Object> socketOptions;
+ private int soLinger = Integer.MIN_VALUE;
+ private Boolean keepAlive;
+ private Boolean tcpNoDelay;
+--- a/activemq-core/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
++++ b/activemq-core/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
+@@ -59,7 +59,7 @@
+ broker = new BrokerService();
+ broker.setPersistent(false);
+ broker.setUseJmx(false);
+- TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
++ TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
+ broker.start();
+ broker.waitUntilStarted();
+
+@@ -97,6 +97,7 @@
+ }
+
+ Wait.waitFor(new Wait.Condition() {
++ @Override
+ public boolean isSatisified() throws Exception {
+ return getReceived() == PRODUCER_COUNT * MESSAGE_COUNT;
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
++++ b/activemq-core/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
+@@ -32,6 +32,8 @@
+ import java.util.concurrent.TimeUnit;
+
+ import javax.net.ServerSocketFactory;
++import javax.net.ssl.SSLParameters;
++import javax.net.ssl.SSLServerSocket;
+
+ import org.apache.activemq.Service;
+ import org.apache.activemq.ThreadPriorities;
+@@ -70,6 +72,7 @@
+ protected long maxInactivityDurationInitalDelay = 10000;
+ protected int minmumWireFormatVersion;
+ protected boolean useQueueForAccept=true;
++ protected boolean verifyHostName = false;
+
+ /**
+ * trace=true -> the Transport stack where this TcpTransport
+@@ -156,6 +159,20 @@
+ private void configureServerSocket(ServerSocket socket) throws SocketException {
+ socket.setSoTimeout(2000);
+ if (transportOptions != null) {
++ if (socket instanceof SSLServerSocket) {
++ if (transportOptions.containsKey("verifyHostName")) {
++ verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString());
++ } else {
++ transportOptions.put("verifyHostName", verifyHostName);
++ }
++
++ if (verifyHostName) {
++ SSLParameters sslParams = new SSLParameters();
++ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
++ ((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
++ }
++ }
++
+ IntrospectionSupport.setProperties(socket, transportOptions);
+ }
+ }
=====================================
debian/patches/CVE-2020-13920.patch
=====================================
@@ -0,0 +1,140 @@
+From: Arturo Borrero Gonzalez <arturo at debian.org>
+Subject: CVE-2020-13920
+Origin: backport, https://salsa.debian.org/lts-team/packages/activemq/-/blob/stretch/debian/patches/CVE-2020-13920.patch
+Last-Update: 2024-12-29
+---
+ .../activemq-core/src/main/java/org/apache/activemq/broker/jmx/ManagementContext.java | 66 +++++++++++++++++++---
+ 1 file changed, 57 insertions(+), 9 deletions(-)
+
+--- a/activemq-core/src/main/java/org/apache/activemq/broker/jmx/ManagementContext.java
++++ b/activemq-core/src/main/java/org/apache/activemq/broker/jmx/ManagementContext.java
+@@ -22,18 +22,25 @@
+
+ import javax.management.*;
+ import javax.management.remote.JMXConnectorServer;
+-import javax.management.remote.JMXConnectorServerFactory;
+ import javax.management.remote.JMXServiceURL;
+ import java.io.IOException;
++import java.lang.management.ManagementFactory;
+ import java.lang.reflect.Method;
++import java.rmi.AccessException;
++import java.rmi.AlreadyBoundException;
+ import java.net.MalformedURLException;
+ import java.net.ServerSocket;
+-import java.rmi.registry.LocateRegistry;
++import java.rmi.NotBoundException;
++import java.rmi.Remote;
++import java.rmi.RemoteException;
+ import java.rmi.registry.Registry;
+ import java.rmi.server.RMIServerSocketFactory;
+ import java.util.*;
+ import java.util.concurrent.CopyOnWriteArrayList;
+ import java.util.concurrent.atomic.AtomicBoolean;
++import javax.management.remote.rmi.RMIConnectorServer;
++import javax.management.remote.rmi.RMIJRMPServerImpl;
++
+
+ /**
+ * An abstraction over JMX mbean registration
+@@ -67,6 +74,8 @@
+ private ServerSocket registrySocket;
+ private final List<ObjectName> registeredMBeanNames = new CopyOnWriteArrayList<ObjectName>();
+ private boolean allowRemoteAddressInMBeanNames = true;
++ private Remote serverStub;
++ private RMIJRMPServerImpl server;
+
+ public ManagementContext() {
+ this(null);
+@@ -89,16 +98,16 @@
+ @Override
+ public void run() {
+ try {
+- JMXConnectorServer server = connectorServer;
+ if (started.get() && server != null) {
+ LOG.debug("Starting JMXConnectorServer...");
+ connectorStarting.set(true);
+ try {
+- server.start();
++ connectorServer.start();
++ serverStub = server.toStub();
+ } finally {
+ connectorStarting.set(false);
+ }
+- LOG.info("JMX consoles can connect to " + server.getAddress());
++ LOG.info("JMX consoles can connect to " + connectorServer.getAddress());
+ }
+ } catch (IOException e) {
+ LOG.warn("Failed to start jmx connector: " + e.getMessage());
+@@ -424,13 +433,7 @@
+ // Create the NamingService, needed by JSR 160
+ try {
+ if (registry == null) {
+- registry = LocateRegistry.createRegistry(connectorPort, null, new RMIServerSocketFactory() {
+- public ServerSocket createServerSocket(int port)
+- throws IOException {
+- registrySocket = new ServerSocket(port);
+- registrySocket.setReuseAddress(true);
+- return registrySocket;
+- }});
++ registry = new JmxRegistry(connectorPort);
+ }
+ namingServiceObjectName = ObjectName.getInstance("naming:type=rmiregistry");
+
+@@ -456,10 +459,13 @@
+ // force JMX to use fixed ports.
+ rmiServer = ""+getConnectorHost()+":" + rmiServerPort;
+ }
+- String serviceURL = "service:jmx:rmi://" + rmiServer + "/jndi/rmi://" +getConnectorHost()+":" + connectorPort + connectorPath;
+- JMXServiceURL url = new JMXServiceURL(serviceURL);
+- connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, environment, mbeanServer);
+-
++
++ server = new RMIJRMPServerImpl(connectorPort, null, null, environment);
++
++ final String serviceURL = "service:jmx:rmi://" + rmiServer + "/jndi/rmi://" +getConnectorHost()+":" + connectorPort + connectorPath;
++ final JMXServiceURL url = new JMXServiceURL(serviceURL);
++
++ connectorServer = new RMIConnectorServer(url, environment, server, ManagementFactory.getPlatformMBeanServer());
+ }
+
+ public String getConnectorPath() {
+@@ -534,4 +540,39 @@
+ public void setAllowRemoteAddressInMBeanNames(boolean allowRemoteAddressInMBeanNames) {
+ this.allowRemoteAddressInMBeanNames = allowRemoteAddressInMBeanNames;
+ }
++
++ /*
++ * Better to use the internal API than re-invent the wheel.
++ */
++ @SuppressWarnings("restriction")
++ private class JmxRegistry extends sun.rmi.registry.RegistryImpl {
++ public static final String LOOKUP_NAME = "jmxrmi";
++
++ public JmxRegistry(int port) throws RemoteException {
++ super(port);
++ }
++
++ @Override
++
++ public Remote lookup(String s) throws RemoteException, NotBoundException {
++ return LOOKUP_NAME.equals(s) ? serverStub : null;
++ }
++
++ @Override
++ public void bind(String s, Remote remote) throws RemoteException, AlreadyBoundException, AccessException {
++ }
++
++ @Override
++ public void unbind(String s) throws RemoteException, NotBoundException, AccessException {
++ }
++
++ @Override
++ public void rebind(String s, Remote remote) throws RemoteException, AccessException {
++ }
++
++ @Override
++ public String[] list() throws RemoteException {
++ return new String[] {LOOKUP_NAME};
++ }
++ }
+ }
=====================================
debian/patches/CVE-2021-26117.patch
=====================================
@@ -0,0 +1,160 @@
+From: Arturo Borrero Gonzalez <arturo at debian.org>
+Subject: CVE-2021-26117
+Origin: backport, https://salsa.debian.org/lts-team/packages/activemq/-/blob/stretch/debian/patches/CVE-2021-26117.patch
+Last-Update: 2024-12-29
+---
+ .../org/apache/activemq/jaas/LDAPLoginModule.java | 3 +-
+ .../apache/activemq/jaas/LDAPLoginModuleTest.java | 48 ++++++++++++++++++++--
+ activemq-jaas/src/test/resources/login.config | 36 ++++++++++++++++
+ 3 files changed, 83 insertions(+), 4 deletions(-)
+
+--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
++++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
+@@ -353,6 +353,7 @@
+ if (log.isDebugEnabled()) {
+ log.debug("Binding the user.");
+ }
++ context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
+ context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
+ context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
+ try {
+@@ -378,7 +379,7 @@
+ } else {
+ context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
+ }
+-
++ context.addToEnvironment(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
+ return isValid;
+ }
+
+--- a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
++++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
+@@ -18,7 +18,6 @@
+
+ import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+ import org.apache.directory.server.core.integ.FrameworkRunner;
+-import org.apache.directory.server.integ.ServerIntegrationUtils;
+ import org.apache.directory.server.ldap.LdapServer;
+ import org.apache.directory.server.annotations.CreateLdapServer;
+ import org.apache.directory.server.annotations.CreateTransport;
+@@ -34,10 +33,10 @@
+ import javax.naming.directory.DirContext;
+ import javax.naming.directory.InitialDirContext;
+ import javax.security.auth.callback.*;
++import javax.security.auth.login.FailedLoginException;
+ import javax.security.auth.login.LoginContext;
+ import javax.security.auth.login.LoginException;
+ import java.io.IOException;
+-import java.net.URL;
+ import java.util.HashSet;
+ import java.util.Hashtable;
+
+@@ -46,7 +45,7 @@
+ import static org.junit.Assert.fail;
+
+ @RunWith ( FrameworkRunner.class )
+- at CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)})
++ at CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)}, allowAnonymousAccess = true)
+ @ApplyLdifFiles(
+ "test.ldif"
+ )
+@@ -148,4 +147,47 @@
+ }
+
+
++ @Test
++ public void testAuthenticatedViaBindOnAnonConnection() throws Exception {
++ LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler() {
++ @Override
++ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
++ for (int i = 0; i < callbacks.length; i++) {
++ if (callbacks[i] instanceof NameCallback) {
++ ((NameCallback) callbacks[i]).setName("first");
++ } else if (callbacks[i] instanceof PasswordCallback) {
++ ((PasswordCallback) callbacks[i]).setPassword("wrongSecret".toCharArray());
++ } else {
++ throw new UnsupportedCallbackException(callbacks[i]);
++ }
++ }
++ }
++ });
++ try {
++ context.login();
++ fail("Should have failed authenticating");
++ } catch (FailedLoginException expected) {
++ }
++ }
++
++ @Test
++ public void testAuthenticatedOkViaBindOnAnonConnection() throws Exception {
++ LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler() {
++ @Override
++ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
++ for (int i = 0; i < callbacks.length; i++) {
++ if (callbacks[i] instanceof NameCallback) {
++ ((NameCallback) callbacks[i]).setName("first");
++ } else if (callbacks[i] instanceof PasswordCallback) {
++ ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
++ } else {
++ throw new UnsupportedCallbackException(callbacks[i]);
++ }
++ }
++ }
++ });
++ context.login();
++ context.logout();
++ }
++
+ }
+--- a/activemq-jaas/src/test/resources/login.config
++++ b/activemq-jaas/src/test/resources/login.config
+@@ -21,6 +21,23 @@
+ org.apache.activemq.jaas.properties.group="groups.properties";
+ };
+
++EncryptedPropertiesLogin {
++ org.apache.activemq.jaas.PropertiesLoginModule required
++ debug=true
++ org.apache.activemq.jaas.properties.user="users-encrypted.properties"
++ org.apache.activemq.jaas.properties.group="groups.properties"
++ decrypt=true;
++};
++
++EncryptedAESPropertiesLogin {
++ org.apache.activemq.jaas.PropertiesLoginModule required
++ debug=true
++ org.apache.activemq.jaas.properties.user="users-encrypted-aes.properties"
++ org.apache.activemq.jaas.properties.group="groups.properties"
++ algorithm=PBEWITHHMACSHA1ANDAES_128
++ decrypt=true;
++};
++
+ LDAPLogin {
+ org.apache.activemq.jaas.LDAPLoginModule required
+ debug=true
+@@ -58,6 +75,25 @@
+ roleSearchSubtree=false
+ ;
+ };
++
++AnonBindCheckUserLDAPLogin {
++ org.apache.activemq.jaas.LDAPLoginModule required
++ debug=true
++ initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
++ connectionURL="ldap://localhost:1024"
++ connectionUsername=none
++ connectionPassword=none
++ connectionProtocol=s
++ authentication=none
++ userBase="ou=system"
++ userSearchMatching="(uid={0})"
++ userSearchSubtree=false
++ roleBase="ou=system"
++ roleName=cn
++ roleSearchMatching="(member=uid={1},ou=system)"
++ roleSearchSubtree=false
++ ;
++};
+
+ GuestLogin {
+ org.apache.activemq.jaas.GuestLoginModule required
=====================================
debian/patches/CVE-2023-46604.patch
=====================================
@@ -0,0 +1,463 @@
+From: Arturo Borrero Gonzalez <arturo at debian.org>
+Subject: CVE-2023-46604
+Origin: backport, https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0
+Last-Update: 2025-01-10
+
+--- /dev/null
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/OpenWireUtil.java
+@@ -0,0 +1,32 @@
++/**
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.activemq.openwire;
++
++public class OpenWireUtil {
++
++ /**
++ * Verify that the provided class extends {@link Throwable} and throw an
++ * {@link IllegalArgumentException} if it does not.
++ *
++ * @param clazz
++ */
++ public static void validateIsThrowable(Class<?> clazz) {
++ if (!Throwable.class.isAssignableFrom(clazz)) {
++ throw new IllegalArgumentException("Class " + clazz + " is not assignable to Throwable");
++ }
++ }
++}
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v1/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v1/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v2/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v2/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v3/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v3/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v4/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v4/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v5/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v5/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v6/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v6/BaseDataStreamMarshaller.java
+@@ -25,6 +25,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -228,8 +229,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v7/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v7/BaseDataStreamMarshaller.java
+@@ -24,6 +24,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -227,8 +228,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v8/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v8/BaseDataStreamMarshaller.java
+@@ -24,6 +24,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -227,8 +228,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- a/activemq-core/src/main/java/org/apache/activemq/openwire/v9/BaseDataStreamMarshaller.java
++++ b/activemq-core/src/main/java/org/apache/activemq/openwire/v9/BaseDataStreamMarshaller.java
+@@ -24,6 +24,7 @@
+ import org.apache.activemq.openwire.BooleanStream;
+ import org.apache.activemq.openwire.DataStreamMarshaller;
+ import org.apache.activemq.openwire.OpenWireFormat;
++import org.apache.activemq.openwire.OpenWireUtil;
+ import org.apache.activemq.util.ByteSequence;
+
+ public abstract class BaseDataStreamMarshaller implements DataStreamMarshaller {
+@@ -227,8 +228,11 @@
+ private Throwable createThrowable(String className, String message) {
+ try {
+ Class clazz = Class.forName(className, false, BaseDataStreamMarshaller.class.getClassLoader());
++ OpenWireUtil.validateIsThrowable(clazz);
+ Constructor constructor = clazz.getConstructor(new Class[] {String.class});
+ return (Throwable)constructor.newInstance(new Object[] {message});
++ } catch (IllegalArgumentException e) {
++ return e;
+ } catch (Throwable e) {
+ return new Throwable(className + ": " + message);
+ }
+--- /dev/null
++++ b/activemq-core/src/test/java/org/apache/activemq/openwire/OpenWireValidationTest.java
+@@ -0,0 +1,206 @@
++/**
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.activemq.openwire;
++
++import static org.junit.Assert.assertTrue;
++
++import java.io.DataOutput;
++import java.io.IOException;
++import java.lang.reflect.Method;
++import java.util.ArrayList;
++import java.util.Collection;
++import java.util.List;
++import org.apache.activemq.command.CommandTypes;
++import org.apache.activemq.command.ExceptionResponse;
++import org.apache.activemq.util.ByteSequence;
++import org.junit.Test;
++import org.junit.runner.RunWith;
++import org.junit.runners.Parameterized;
++import org.junit.runners.Parameterized.Parameters;
++
++/**
++ * Test that Openwire marshalling will validate Throwable types during
++ * unmarshalling commands that contain a Throwable
++ */
++ at RunWith(Parameterized.class)
++public class OpenWireValidationTest {
++
++ protected final int version;
++
++ @Parameters(name = "version={0}")
++ public static Collection<Object[]> data() {
++ List<Integer> versions = List.of(1, 2, 3, 4, 5, 6, 7, 8, 9);
++ List<Object[]> versionObjs = new ArrayList<>();
++ for (int i : versions) {
++ versionObjs.add(new Object[]{i});
++ }
++
++ // Sanity check to make sure the latest generated version is contained in the list
++ // This will make sure that we don't forget to update this test to include
++ // any future versions that are generated
++ assertTrue("List of Openwire versions does not include latest version",
++ versions.contains((int)CommandTypes.PROTOCOL_VERSION));
++
++ return versionObjs;
++ }
++
++ public OpenWireValidationTest(int version) {
++ this.version = version;
++ }
++
++ @Test
++ public void testOpenwireThrowableValidation() throws Exception {
++ // Create a format which will use loose encoding by default
++ // The code for handling exception creation is shared between both
++ // tight/loose encoding so only need to test 1
++ OpenWireFormat format = new OpenWireFormat();
++
++ // Override the marshaller map with a custom impl to purposely marshal a class type that is
++ // not a Throwable for testing the unmarshaller
++ Class<?> marshallerFactory = getMarshallerFactory();
++ Method createMarshallerMap = marshallerFactory.getMethod("createMarshallerMap", OpenWireFormat.class);
++ DataStreamMarshaller[] map = (DataStreamMarshaller[]) createMarshallerMap.invoke(marshallerFactory, format);
++ map[ExceptionResponse.DATA_STRUCTURE_TYPE] = getExceptionMarshaller();
++ // This will trigger updating the marshaller from the marshaller map with the right version
++ format.setVersion(version);
++
++ // Build the response and try to unmarshal which should give an IllegalArgumentExeption on unmarshall
++ // as the test marshaller should have encoded a class type that is not a Throwable
++ ExceptionResponse r = new ExceptionResponse();
++ r.setException(new Exception());
++ ByteSequence bss = format.marshal(r);
++ ExceptionResponse response = (ExceptionResponse) format.unmarshal(bss);
++
++ assertTrue(response.getException() instanceof IllegalArgumentException);
++ assertTrue(response.getException().getMessage().contains("is not assignable to Throwable"));
++ }
++
++ static class NotAThrowable {
++ private String message;
++
++ public NotAThrowable(String message) {
++ this.message = message;
++ }
++
++ public NotAThrowable() {
++ }
++ }
++
++ private Class<?> getMarshallerFactory() throws ClassNotFoundException {
++ return Class.forName("org.apache.activemq.openwire.v" + version + ".MarshallerFactory");
++ }
++
++ // Create test marshallers for all non-legacy versions that will encode NotAThrowable
++ // instead of the exception type for testing purposes
++ protected DataStreamMarshaller getExceptionMarshaller() {
++ switch (version) {
++ case 9:
++ return new org.apache.activemq.openwire.v9.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 8:
++ return new org.apache.activemq.openwire.v8.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 7:
++ return new org.apache.activemq.openwire.v7.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 6:
++ return new org.apache.activemq.openwire.v6.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 5:
++ return new org.apache.activemq.openwire.v5.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 4:
++ return new org.apache.activemq.openwire.v4.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 3:
++ return new org.apache.activemq.openwire.v3.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 2:
++ return new org.apache.activemq.openwire.v2.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ case 1:
++ return new org.apache.activemq.openwire.v1.ExceptionResponseMarshaller() {
++ @Override
++ protected void looseMarshalThrowable(OpenWireFormat wireFormat, Throwable o,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(o != null);
++ looseMarshalString(NotAThrowable.class.getName(), dataOut);
++ looseMarshalString(o.getMessage(), dataOut);
++ }
++ };
++ default:
++ throw new IllegalArgumentException("Unknown openwire version of " + version);
++ }
++ }
++
++}
+--- a/pom.xml
++++ b/pom.xml
+@@ -299,6 +299,13 @@
+ </dependency>
+ <dependency>
+ <groupId>org.apache.activemq</groupId>
++ <artifactId>activemq-client</artifactId>
++ <version>${project.version}</version>
++ <type>test-jar</type>
++ <scope>test</scope>
++ </dependency>
++ <dependency>
++ <groupId>org.apache.activemq</groupId>
+ <artifactId>activemq-web-demo</artifactId>
+ <version>${activemq-version}</version>
+ <type>war</type>
=====================================
debian/patches/activemq-fileserver-jar.patch
=====================================
@@ -0,0 +1,19 @@
+From: Arturo Borrero Gonzalez <arturo at debian.org>
+Date: Thu, 28 Nov 2024 00:00:01 +0200
+Subject: activemq-fileserver jar
+
+Fix FTBFS due to wrong packaging type.
+Forwarded: no
+---
+
+--- a/activemq-fileserver/pom.xml
++++ b/activemq-fileserver/pom.xml
+@@ -26,7 +26,7 @@
+ </parent>
+
+ <artifactId>activemq-fileserver</artifactId>
+- <packaging>war</packaging>
++ <packaging>jar</packaging>
+ <name>ActiveMQ :: File Server</name>
+ <description>Web File Server for out of band large message exchange</description>
+
=====================================
debian/patches/series
=====================================
@@ -1,3 +1,4 @@
+activemq-fileserver-jar.patch
drop_derby_use.diff
disable_some_modules.diff
exclude_geronimo_jca.diff
@@ -12,3 +13,7 @@ CVE-2014-3612.patch
CVE-2014-3576.patch
CVE-2015-5254.patch
CVE-2015-7559.patch
+CVE-2020-13920.patch
+CVE-2021-26117.patch
+CVE-2023-46604.patch
+CVE-2018-11775.patch
=====================================
debian/salsa-ci.yml
=====================================
@@ -0,0 +1,3 @@
+---
+include:
+ - https://salsa.debian.org/lts-team/pipeline/raw/master/recipes/jessie.yml
View it on GitLab: https://salsa.debian.org/java-team/activemq/-/compare/ff90bd471ce015f0c9f1c9d0e7d2838cb3332f3c...4c47c59183102d992f365ea21755c976953dd9a2
--
View it on GitLab: https://salsa.debian.org/java-team/activemq/-/compare/ff90bd471ce015f0c9f1c9d0e7d2838cb3332f3c...4c47c59183102d992f365ea21755c976953dd9a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20250208/c04bf25e/attachment.htm>
More information about the pkg-java-commits
mailing list