[jira] [Created] (AXIS2-6094) CRC of some axis2 jars distributed via WAR archive is different than CRC of jars distributed via public repositories

[Jira]

Brănaci Șerban-Mihai created AXIS2-6094:
-------------------------------------------

             Summary: CRC of some axis2 jars distributed via WAR archive is 
different than CRC of jars distributed via public repositories
                 Key: AXIS2-6094
                 URL: https://issues.apache.org/jira/browse/AXIS2-6094
             Project: Axis2
          Issue Type: Bug
    Affects Versions: 2.0.0
            Reporter: Brănaci Șerban-Mihai


It seems that some of the axis2 jars included in the WAR archive available at 
[https://axis.apache.org/axis2/java/core/download.html] differ in some way from 
the ones available on mvnrepository (functionality-wise they are not affected 
and size-wise the jars are identical).

Even if functionality-wise this is a non-issue, for SCA/BOM scanning with tools 
like Mend, which rely on the sha1sum for package matching, this is a problem.

Here are the "problematic" packages:

sha1sums from WAR archive:
{code:java}
$ sha1sum *
af76a762087190af90729299b25321d61509c87a *axis2-adb-2.0.0.jar
6148fa39e891be11cfe00ba434e75fcd67ce58be *axis2-clustering-2.0.0.jar
fe9a867ebd07207e467f665f9e07ed2262a84b49 *axis2-codegen-2.0.0.jar
6e063d60320a90d168beb57fe398c17c46eb1d59 *axis2-corba-2.0.0.jar
fb4bc5a477115d486ec222b0d2b9695b3ce530c8 *axis2-fastinfoset-2.0.0.jar
77895d0d38ee8615d7b4170d15989d37af819323 *axis2-jaxws-2.0.0.jar
cb4519531be19f4b01103667486999794ba43ebb *axis2-jibx-2.0.0.jar
e4352032b486a65b708838d5f518fff16728ebf0 *axis2-json-2.0.0.jar
3cddc26c93bdc589fabf8c7e41ec17c2775b51ea *axis2-kernel-2.0.0.jar
6b0e739937ae4c3460a13fb7ce1794693167c621 *axis2-metadata-2.0.0.jar
4369b53dbf07e175b7cbecffb1d65505733a8c65 *axis2-mtompolicy-2.0.0.jar
8e940e51d2cd56431afe0304ee175072226a5c53 *axis2-saaj-2.0.0.jar
cf4dbcfc8a10957035ac2c2574f80f2ba4ac5cd1 *axis2-soapmonitor-servlet-2.0.0.jar
283a77dc0d3ee74ea631c2156ebcfb3216671a42 *axis2-spring-2.0.0.jar
e8c9f41c9e2b48b90046c5a850350fc62d1ac4aa *axis2-transport-http-2.0.0.jar {code}
sha1sums from mvnrepository:
{code:java}
$ sha1sum *
dd7074c4d0313a66d07bfaa65e7a81d319269f50 *axis2-adb-2.0.0.jar
611bc3c601465b88294ef5685fa79b88c98deecc *axis2-clustering-2.0.0.jar
760088129e738e91c5e5ba4b2101b6bfa4b3c4ef *axis2-codegen-2.0.0.jar
01252650ee948a7950ade6d9d0f6467a9e996ea0 *axis2-corba-2.0.0.jar
5be8b59a11de949d9933cf370dd630b37490bdba *axis2-fastinfoset-2.0.0.jar
417c1487beea8978d637bdc0aef30a5e6e425f9e *axis2-jaxws-2.0.0.jar
524e74c9e36149171c30b71440831961047d35da *axis2-jibx-2.0.0.jar
8860d572fe3abe321c60ccbe5409255c0f1951c7 *axis2-json-2.0.0.jar
be70358978fe833bd02838b9a10e3dd79a696e88 *axis2-kernel-2.0.0.jar
969a4e13bd7dd0329b64ed78dc1a68d549164992 *axis2-metadata-2.0.0.jar
6d49734f95fdbd9390e39c63c067be0a9ef318f7 *axis2-mtompolicy-2.0.0.jar
d8130e5ed88e043d05cddc083c55b43e5b94bdd4 *axis2-saaj-2.0.0.jar
146f4a4ac7b05c7fbd8d72edeaa5172f547c4cb5 *axis2-soapmonitor-servlet-2.0.0.jar
afa190d78714c4d795268fa178a64e98253623b9 *axis2-spring-2.0.0.jar
93bf2c434e9d1115d611cac4660a4cfd1a2931e4 *axis2-transport-http-2.0.0.jar {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org