Package: axis / 1.4-28

Metadata

Package Version Patches format
axis 1.4-28 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 libaxis java build.patch | (download)

build.xml | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 build.xml: don't copy jars during build
02 gcj 4.4.patch | (download)

src/org/apache/axis/i18n/ProjectResourceBundle.java | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 fix ftbfs with gcj-4.4:
 "Cannot override the final method from ResourceBundle"
 Disable function clearCache() which is not used anyway.
Bug-Debian: http://bugs.debian.org/531995
axis bz152255.patch | (download)

src/org/apache/axis/SOAPPart.java | 99 99 + 0 - 0 !
src/org/apache/axis/message/NodeImpl.java | 72 72 + 0 - 0 !
src/org/apache/axis/message/SOAPDocumentImpl.java | 111 111 + 0 - 0 !
src/org/apache/axis/message/Text.java | 15 15 + 0 - 0 !
4 files changed, 297 insertions(+)

 fix build with java 1.5
javadoc.diff | (download)

build.xml | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 ensure javadoc call get correct source version (1.3)
CVE 2014 3596.patch | (download)

src/org/apache/axis/components/net/JSSESocketFactory.java | 309 303 + 6 - 0 !
1 file changed, 303 insertions(+), 6 deletions(-)

 cve-2014-3596

The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field.  NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.

ant compatibility.patch | (download)

tools/build.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fixes the compatibility with ant 1.9.8 or later
 (see https://bz.apache.org/bugzilla/show_bug.cgi?id=59402)
javadoc encoding.patch | (download)

build.xml | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 javadoc encoding


java9 compatibility.patch | (download)

build.xml | 2 2 + 0 - 0 !
src/org/apache/axis/types/UnsignedInt.java | 6 3 + 3 - 0 !
src/org/apache/axis/types/UnsignedLong.java | 6 3 + 3 - 0 !
tools/org/apache/axis/tools/ant/foreach/ParamSet.java | 12 6 + 6 - 0 !
4 files changed, 14 insertions(+), 12 deletions(-)

 fixes the compatibility with java 9
java11 compatibility.patch | (download)

build.xml | 26 26 + 0 - 0 !
1 file changed, 26 insertions(+)

 fixes the build failure with java 11
CVE 2018 8032.patch | (download)

src/org/apache/axis/encoding/SerializationContext.java | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 correctly escape namespace uris in namespace declarations (cve-2018-8032)