Package: axis / 1.4-16.2+deb7u1

Metadata

Package Version Patches format
axis 1.4-16.2+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 libaxis java build.patch | (download)

build.xml | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 build.xml: don't copy jars during build
02 gcj 4.4.patch | (download)

src/org/apache/axis/i18n/ProjectResourceBundle.java | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 fix ftbfs with gcj-4.4:
 "Cannot override the final method from ResourceBundle"
 Disable function clearCache() which is not used anyway.
Bug-Debian: http://bugs.debian.org/531995
axis bz152255.patch | (download)

src/org/apache/axis/SOAPPart.java | 99 99 + 0 - 0 !
src/org/apache/axis/message/NodeImpl.java | 72 72 + 0 - 0 !
src/org/apache/axis/message/SOAPDocumentImpl.java | 111 111 + 0 - 0 !
src/org/apache/axis/message/Text.java | 15 15 + 0 - 0 !
4 files changed, 297 insertions(+)

 
 fix build with java 1.5
javadoc.diff | (download)

build.xml | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 ensure javadoc call get correct source version (1.3)
add osgi metadata.patch | (download)

build.xml | 21 21 + 0 - 0 !
1 file changed, 21 insertions(+)

 
 add-osgi-metadata
CVE 2014 3596.patch | (download)

src/org/apache/axis/components/net/JSSESocketFactory.java | 309 303 + 6 - 0 !
1 file changed, 303 insertions(+), 6 deletions(-)

 
 cve-2014-3596

The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field.  NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.