diff --git a/_service b/_service
index cdc4fb3..0c1c112 100644
--- a/_service
+++ b/_service
@@ -2,8 +2,8 @@
git
https://github.com/qos-ch/logback.git
- v_1.2.3
- 1.2.3
+ v_1.2.8
+ 1.2.8
logback
logback-access/lib
diff --git a/logback-1.2.3.tar.xz b/logback-1.2.3.tar.xz
deleted file mode 100644
index 1bc4395..0000000
--- a/logback-1.2.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cca5db1d05143817b767e6f5d5f34f1990ff19da8d80f6cdc0c8b14da6ef0e70
-size 2986604
diff --git a/logback-1.1.11-jetty.patch b/logback-1.2.8-jetty.patch
similarity index 59%
rename from logback-1.1.11-jetty.patch
rename to logback-1.2.8-jetty.patch
index 744d7b5..c11a41f 100644
--- a/logback-1.1.11-jetty.patch
+++ b/logback-1.2.8-jetty.patch
@@ -1,32 +1,21 @@
-diff --git a/logback-access/pom.xml b/logback-access/pom.xml
-index ab1319b00..f16d17814 100755
---- a/logback-access/pom.xml
-+++ b/logback-access/pom.xml
-@@ -45,6 +45,12 @@
- compile
+--- logback-1.2.8/logback-access/pom.xml 2021-12-14 12:55:51.000000000 +0100
++++ logback-1.2.8/logback-access/pom.xml 2021-12-16 15:35:11.255651389 +0100
+@@ -47,6 +47,12 @@
true
-+
+
+ org.eclipse.jetty
+ jetty-util
+ compile
+ true
+
-
++
org.codehaus.janino
janino
-@@ -173,4 +179,4 @@
-
-
-
--
-\ No newline at end of file
-+
-diff --git a/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java b/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java
-index bb11766d9..77ca796bb 100644
---- a/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java
-+++ b/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java
-@@ -209,11 +209,6 @@ public class RequestLogImpl extends ContextBase implements RequestLog, AppenderA
+ compile
+--- logback-1.2.8/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java 2021-12-14 12:55:51.000000000 +0100
++++ logback-1.2.8/logback-access/src/main/java/ch/qos/logback/access/jetty/RequestLogImpl.java 2021-12-16 15:35:11.255651389 +0100
+@@ -209,11 +209,6 @@
started = false;
}
@@ -38,7 +27,7 @@ index bb11766d9..77ca796bb 100644
public void setFileName(String fileName) {
this.fileName = fileName;
}
-@@ -227,26 +222,6 @@ public class RequestLogImpl extends ContextBase implements RequestLog, AppenderA
+@@ -227,26 +222,6 @@
return started;
}
@@ -65,7 +54,7 @@ index bb11766d9..77ca796bb 100644
public boolean isQuiet() {
return quiet;
}
-@@ -310,13 +285,7 @@ public class RequestLogImpl extends ContextBase implements RequestLog, AppenderA
+@@ -310,13 +285,7 @@
return fai.getFilterChainDecision(event);
}
diff --git a/logback-1.2.8.tar.xz b/logback-1.2.8.tar.xz
new file mode 100644
index 0000000..1b5ed6f
--- /dev/null
+++ b/logback-1.2.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e8e9455e20c8709cc6cf4099a2ff288500255e50e884e05419c992b516b395cf
+size 2976640
diff --git a/logback.changes b/logback.changes
index f9b88f2..e9fe6a3 100644
--- a/logback.changes
+++ b/logback.changes
@@ -1,13 +1,61 @@
+-------------------------------------------------------------------
+Thu Dec 16 16:21:39 UTC 2021 - Fridrich Strba
+
+- Upgrade to version 1.2.8 (bsc#1193795)
+ * Changes of version 1.2.8
+ + In response to LOGBACK-1591, all JNDI lookup code in logback
+ has been disabled until further notice. This impacts
+ ContextJNDISelector and element in
+ configuration files.
+ + Also in response to LOGBACK-1591, all database (JDBC) related
+ code in the project has been removed with no replacement.
+ + Note that the vulnerability mentioned in LOGBACK-1591 requires
+ write access to logback's configuration file as a
+ prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591
+ are of different severity levels. A successful RCE requires
+ all of the following conditions to be met:
+ - write access to logback.xml
+ - use of versions < 1.2.8
+ - reloading of poisoned configuration data, which implies
+ application restart or scan="true" set prior to attack
+ + As an additional extra precaution, in addition to upgrading to
+ logback version 1.2.8, the users are advised to set their
+ logback configuration files as read-only.
+ * Changes of version 1.2.7
+ + Added hostnameVerification to property SSLSocketAppender.
+ This fixes LOGBACK-1574.
+ * Changes of version 1.2.6
+ + To prevent XML eXternal Entity injection (XXE) attacks, Joran
+ no longer reads external entities passed in XML files. This
+ fixes LOGBACK-1465.
+ * Changes of version 1.2.5
+ + Instead of an Appender, the LayoutWrappingEncoder now accepts
+ a variable of type ContextAware as a parent. This fixes
+ LOGBACK-1326.
+ * Changes of version 1.2.4
+ + Added support for minimum length in %i filename pattern. This
+ fixes LOGBACK-1248.
+ + For size bound log file archiving, allow
+ TimeBasedArchiveRemove to remove files with indexes containing
+ upto 5 digits. This fixes LOGBACK-1175.
+ + Added %prefix composite converter which automatically prefixes
+ child converter output with the name of the converter. This
+ feature is quite handy in environments where log files need to
+ be parsed and monitored.
+- Changed patch:
+ * logback-1.1.11-jetty.patch -> logback-1.2.8-jetty.patch
+ + Rediff to changed context
+
-------------------------------------------------------------------
Fri Nov 29 12:15:18 UTC 2019 - Fridrich Strba
- Do not force building with java < 9
-- Specifiy maven.compiler.release=8 to access the
+- Specify maven.compiler.release=8 to access the
java.util.function.Supplier API, introduced in java 8
- Added patch:
* logback-1.2.3-getCallerClass.patch
+ Access the sun.reflect.Reflection.getCallerClass by
- by reflection, in order to be able to build with jdk >= 9
+ reflection, in order to be able to build with jdk >= 9
-------------------------------------------------------------------
Sun Nov 17 19:45:03 UTC 2019 - Fridrich Strba
diff --git a/logback.spec b/logback.spec
index 25005cf..6f664cc 100644
--- a/logback.spec
+++ b/logback.spec
@@ -1,7 +1,7 @@
#
# spec file for package logback
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,14 @@
Name: logback
-Version: 1.2.3
+Version: 1.2.8
Release: 0
Summary: A Java logging library
-License: LGPL-2.1-or-later OR EPL-1.0
+License: EPL-1.0 OR LGPL-2.1-or-later
URL: https://logback.qos.ch/
Source0: %{name}-%{version}.tar.xz
# Remove deprecated methods
-Patch0: %{name}-1.1.11-jetty.patch
+Patch0: %{name}-1.2.8-jetty.patch
Patch1: logback-1.2.3-getCallerClass.patch
BuildRequires: fdupes
BuildRequires: maven-local
@@ -112,6 +112,21 @@ rm -r %{name}-*/src/test/java/*
%pom_xpath_remove "pom:project/pom:profiles/pom:profile[pom:id = 'javadocjar']"
+%if %{?pkg_vcmp:%pkg_vcmp gmavenplus-plugin < 1.6}%{!?pkg_vcmp:0}
+%pom_remove_plugin "org.codehaus.gmavenplus:gmavenplus-plugin" logback-classic
+%pom_add_plugin "org.codehaus.gmavenplus:gmavenplus-plugin:1.5" logback-classic "
+
+
+
+ generateStubs
+ compile
+ testGenerateStubs
+ testCompile
+
+
+ "
+%endif
+
# disable for now
%pom_disable_module logback-site