This commit is contained in:
Fridrich Strba
Git OBS Bridge
parent
fd2f6b8924
commit
df6c1e89d4
6
_service
6
_service
@ -2,8 +2,10 @@
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="scm">git</param>
|
||||
<param name="url">https://github.com/qos-ch/logback.git</param>
|
||||
<param name="revision">v_1.2.8</param>
|
||||
<param name="versionformat">1.2.8</param>
|
||||
<param name="revision">v_1.2.11</param>
|
||||
<param name="match-tag">v_*</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v_(.*)</param>
|
||||
<param name="filename">logback</param>
|
||||
<param name="exclude">logback-access/lib</param>
|
||||
</service>
|
||||
|
||||
3
logback-1.2.11.tar.xz
Normal file
3
logback-1.2.11.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f19bb3aa39c84a58f5c083220b3b9a7982693242ac99234cf304943bde037572
|
||||
size 2970784
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e8e9455e20c8709cc6cf4099a2ff288500255e50e884e05419c992b516b395cf
|
||||
size 2976640
|
||||
@ -1,3 +1,37 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 28 04:54:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Upgrade to upstream version 1.2.11
|
||||
* Backported fix for LOGBACK-1027.
|
||||
* Fixed incorrect String cast in JNDIUtil. This corrects
|
||||
LOGBACK-1604.
|
||||
* In SMTPAppenderBase empty username parameter is now treated the
|
||||
same way as null. This fixes LOGBACK-1594.
|
||||
* ContextInitializer no longer complains about missing
|
||||
logback.groovy configuration file. This fixes LOGBACK-1601.
|
||||
* In response to CVE-2021-42550 (aka LOGBACK-1591) the following
|
||||
steps were made:
|
||||
1) Hardened logback's JNDI lookup mechanism to only honor
|
||||
requests in the java: namespace. All other types of requests
|
||||
are ignored.
|
||||
2) SMTPAppender was hardened.
|
||||
3) Temporarily removed DB support for security reasons.
|
||||
4) Removed Groovy configuration support. As logging is so
|
||||
pervasive and configuration with Groovy is probably too
|
||||
powerful, this feature is unlikely to be reinstated for
|
||||
security reasons.
|
||||
The aforementioned vulnerability requires write access to
|
||||
logback's configuration file as a prerequisite. A successul
|
||||
RCE attack with CVE-2021-42550 requires all of the following
|
||||
conditions to be met:
|
||||
+ write access to logback.xml
|
||||
+ use of versions < 1.2.9
|
||||
+ reloading of poisoned configuration data, which implies
|
||||
application restart or scan="true" set prior to attack
|
||||
- Set project.build.sourceEncoding property to ISO-8859-1 to
|
||||
avoid the new maven-resources-plugin chocking on trying to filter
|
||||
in UTF-8 encoding JKS (binary) resources
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 22 18:16:52 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
|
||||
14
logback.spec
14
logback.spec
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: logback
|
||||
Version: 1.2.8
|
||||
Version: 1.2.11
|
||||
Release: 0
|
||||
Summary: A Java logging library
|
||||
License: EPL-1.0 OR LGPL-2.1-or-later
|
||||
@ -37,15 +37,12 @@ BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
|
||||
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
|
||||
BuildRequires: mvn(org.apache.tomcat:tomcat-catalina)
|
||||
BuildRequires: mvn(org.apache.tomcat:tomcat-coyote)
|
||||
BuildRequires: mvn(org.codehaus.gmavenplus:gmavenplus-plugin)
|
||||
BuildRequires: mvn(org.codehaus.groovy:groovy-all)
|
||||
BuildRequires: mvn(org.codehaus.janino:janino)
|
||||
BuildRequires: mvn(org.eclipse.jetty:jetty-server)
|
||||
BuildRequires: mvn(org.eclipse.jetty:jetty-util)
|
||||
BuildRequires: mvn(org.fusesource.jansi:jansi)
|
||||
BuildRequires: mvn(org.slf4j:slf4j-api)
|
||||
BuildRequires: mvn(org.slf4j:slf4j-ext)
|
||||
#!BuildRequires: groovy-lib
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
@ -108,13 +105,9 @@ rm -r %{name}-*/src/test/java/*
|
||||
|
||||
# com.oracle:ojdbc14:10.2.0.1 com.microsoft.sqlserver:sqljdbc4:2.0
|
||||
%pom_xpath_remove "pom:project/pom:profiles/pom:profile[pom:id = 'host-orion']" %{name}-access
|
||||
%pom_xpath_remove "pom:project/pom:profiles" %{name}-classic
|
||||
|
||||
%pom_xpath_remove "pom:project/pom:profiles/pom:profile[pom:id = 'javadocjar']"
|
||||
|
||||
%pom_xpath_remove "pom:executions/pom:execution/pom:goals/pom:goal[text() = 'generateTestStubs']" logback-classic
|
||||
%pom_xpath_remove "pom:executions/pom:execution/pom:goals/pom:goal[text() = 'compileTests']" logback-classic
|
||||
|
||||
# disable for now
|
||||
%pom_disable_module logback-site
|
||||
|
||||
@ -125,14 +118,11 @@ rm -r %{name}-*/src/test/java/*
|
||||
|
||||
%build
|
||||
|
||||
# unavailable test dep maven-scala-plugin
|
||||
# slf4jJAR and org.apache.felix.main are required by logback-examples modules for maven-antrun-plugin
|
||||
%{mvn_build} -f -- \
|
||||
%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 9}%{!?pkg_vcmp:0}
|
||||
-Dmaven.compiler.release=8 \
|
||||
%endif
|
||||
-Dorg.slf4j:slf4j-api:jar=$(build-classpath slf4j/api) \
|
||||
-Dorg.apache.felix:org.apache.felix.main:jar=$(build-classpath felix/org.apache.felix.main)
|
||||
-Dsource=8 -Dproject.build.sourceEncoding=ISO-8859-1
|
||||
|
||||
%install
|
||||
%mvn_install
|
||||
|
||||
Loading…
Reference in New Issue
Block a user