I had filed an issue regarding building JBoss 4.0.2 with the security patch jbas-1875-patch.zip
This issue was closed stating that the patch was not meant to be a full source patch and to check out the full cvs branch.
I am unable to download JBoss 4.0.2 from the cvs.
# cvs -z3 -d:pserver:email@example.com:/cvsroot/jboss co -r JBoss_4_0_2 jboss-4.0
cvs [checkout aborted]: no such tag JBoss_4_0_2
So can I use the following steps to build JBoss 4.0.2 with the jbas-1875-patch.zip
1. Download JBoss 4.0.2 source from
2. Build JBoss Application Server
# cd jboss-4.0.2-src/build/
3. Replace the built jar files in the client(jbossall-client.jar,jbosssx-client.jar) and server(jboss-jca.jar,jboss.jar,jbosssx.jar) directory with the ones present in the jbas-1875- patch.zip
# unzip jbas-1875-patch.zip
# cp client/* jboss-4.0.2-src/build/output/jboss-4.0.2/client/
# cp server/default/lib/* jboss-4.0.2-src/build/output/jboss-4.0.2/server/default/lib
Are the steps to apply this security patch documented anywhere.
Since the patch contains both source files and binary files there is confusion whether it is a source patch or binary patch