rpms
/
log4j12
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import log4j12-1.2.17-24.module_el8.2.0+363+9996591c

Browse Source
c8-stream-201902 imports/c8-stream-201902/log4j12-1.2.17-24.module_el8.2.0+363+9996591c
MSVSphere Packaging Team 9 months ago
commit ced0f58476
9 changed files with 477 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/v1_2_17.tar.gz

1
.log4j12.metadata
Unescape View File

@ -0,0 +1 @@
c26767fd95556e124277d8555eaa4562831eabb3 SOURCES/v1_2_17.tar.gz

127
SOURCES/0001-Backport-fix-for-CVE-2017-5645.patch
Unescape View File

@ -0,0 +1,127 @@
From ea4609eca531916ac347686c048bebdb7b4b6e0d Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Fri, 2 Jun 2017 14:37:35 +0200
Subject: [PATCH] Backport fix for CVE-2017-5645
---
.../apache/log4j/FilteredObjectInputStream.java | 65 ++++++++++++++++++++++
src/main/java/org/apache/log4j/net/SocketNode.java | 17 +++++-
2 files changed, 80 insertions(+), 2 deletions(-)
create mode 100644 src/main/java/org/apache/log4j/FilteredObjectInputStream.java
diff --git a/src/main/java/org/apache/log4j/FilteredObjectInputStream.java b/src/main/java/org/apache/log4j/FilteredObjectInputStream.java
new file mode 100644
index 0000000..b9ef20c
--- /dev/null
+++ b/src/main/java/org/apache/log4j/FilteredObjectInputStream.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache license, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the license for the specific language governing permissions and
+ * limitations under the license.
+ */
+package org.apache.log4j;
+
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
+import java.io.ObjectStreamClass;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Extended ObjectInputStream that only allows certain classes to be deserialized.
+ *
+ * Backported from 2.8.2
+ */
+public class FilteredObjectInputStream extends ObjectInputStream {
+
+ private static final List REQUIRED_JAVA_CLASSES = Arrays.asList(new String[] {
+ // Types of non-trainsient fields of LoggingEvent
+ "java.lang.String",
+ "java.util.Hashtable",
+ // ThrowableInformation
+ "[Ljava.lang.String;"
+ });
+
+ private final Collection allowedClasses;
+
+ public FilteredObjectInputStream(final InputStream in, final Collection allowedClasses) throws IOException {
+ super(in);
+ this.allowedClasses = allowedClasses;
+ }
+
+ protected Class resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException {
+ String name = desc.getName();
+ if (!(isAllowedByDefault(name) || allowedClasses.contains(name))) {
+ throw new InvalidObjectException("Class is not allowed for deserialization: " + name);
+ }
+ return super.resolveClass(desc);
+ }
+
+ private static boolean isAllowedByDefault(final String name) {
+ return name.startsWith("org.apache.log4j.") ||
+ name.startsWith("[Lorg.apache.log4j.") ||
+ REQUIRED_JAVA_CLASSES.contains(name);
+ }
+
+}
diff --git a/src/main/java/org/apache/log4j/net/SocketNode.java b/src/main/java/org/apache/log4j/net/SocketNode.java
index e977f13..f95bb10 100644
--- a/src/main/java/org/apache/log4j/net/SocketNode.java
+++ b/src/main/java/org/apache/log4j/net/SocketNode.java
@@ -22,6 +22,10 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.ObjectInputStream;
import java.net.Socket;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import org.apache.log4j.FilteredObjectInputStream;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.LoggerRepository;
@@ -53,8 +57,9 @@ public class SocketNode implements Runnable {
this.socket = socket;
this.hierarchy = hierarchy;
try {
- ois = new ObjectInputStream(
- new BufferedInputStream(socket.getInputStream()));
+ ois = new FilteredObjectInputStream(
+ new BufferedInputStream(socket.getInputStream()),
+ getAllowedClasses());
} catch(InterruptedIOException e) {
Thread.currentThread().interrupt();
logger.error("Could not open ObjectInputStream to "+socket, e);
@@ -65,6 +70,14 @@ public class SocketNode implements Runnable {
}
}
+ private Collection getAllowedClasses() {
+ Collection allowedClasses = new ArrayList();
+ String property = System.getProperty("org.apache.log4j.net.allowedClasses");
+ if (property != null)
+ allowedClasses.addAll(Arrays.asList(property.split(",")));
+ return allowedClasses;
+ }
+
//public
//void finalize() {
//System.err.println("-------------------------Finalize called");
--
2.9.4

56
SOURCES/0001-logfactor5-changed-userdir.patch
Unescape View File

@ -0,0 +1,56 @@
From bf8f55bbc9baddcb67d0b89edd859f93ce3c949f Mon Sep 17 00:00:00 2001
From: Stanislav Ochotnicky <sochotnicky@redhat.com>
Date: Mon, 17 May 2010 12:57:36 +0200
Subject: [PATCH 01/10] logfactor5 changed userdir
---
.../lf5/viewer/configure/ConfigurationManager.java | 2 +-
.../log4j/lf5/viewer/configure/MRUFileManager.java | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java b/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
index a94ffab..81191f2 100644
--- a/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
+++ b/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
@@ -344,7 +344,7 @@ public class ConfigurationManager extends Object {
String home = System.getProperty("user.home");
String sep = System.getProperty("file.separator");
- return home + sep + "lf5" + sep + CONFIG_FILE_NAME;
+ return home + sep + ".logfactor5" + sep + CONFIG_FILE_NAME;
}
//--------------------------------------------------------------------------
diff --git a/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java b/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
index 6ff275d..ca40d5a 100644
--- a/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
+++ b/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
@@ -175,14 +175,14 @@ public class MRUFileManager {
/**
* Creates the directory where the MRU file list will be written.
- * The "lf5" directory is created in the Documents and Settings
+ * The ".logfactor5" directory is created in the Documents and Settings
* directory on Windows 2000 machines and where ever the user.home
* variable points on all other platforms.
*/
public static void createConfigurationDirectory() {
String home = System.getProperty("user.home");
String sep = System.getProperty("file.separator");
- File f = new File(home + sep + "lf5");
+ File f = new File(home + sep + ".logfactor5");
if (!f.exists()) {
try {
f.mkdir();
@@ -268,7 +268,7 @@ public class MRUFileManager {
String home = System.getProperty("user.home");
String sep = System.getProperty("file.separator");
- return home + sep + "lf5" + sep + CONFIG_FILE_NAME;
+ return home + sep + ".logfactor5" + sep + CONFIG_FILE_NAME;
}
/**
--
1.6.6.1

34
SOURCES/0009-Fix-tests.patch
Unescape View File

@ -0,0 +1,34 @@
From 91349164c1d44eec50ac1b09ef3e2ff41b4aa468 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@redhat.com>
Date: Thu, 11 Jul 2013 11:13:45 +0200
Subject: [PATCH] Fix tests
---
tests/build.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/build.xml b/tests/build.xml
index 74a7139..9149da2 100644
--- a/tests/build.xml
+++ b/tests/build.xml
@@ -31,13 +31,13 @@
the Maven repository can provide all the dependencies. -->
<property name="m2_repo" location="${user.home}/.m2/repository"/>
<property name="oro.version" value="2.0.8"/>
- <property name="jakarta.oro.jar" location="${m2_repo}/oro/oro/${oro.version}/oro-${oro.version}.jar"/>
+ <property name="jakarta.oro.jar" location="lib/jakarta-oro.jar"/>
<property name="checkstyle.version" value="4.1"/>
<property name="checkstyle.jar" location="${m2_repo}/checkstyle/checkstyle/${checkstyle.version}/checkstyle-${checkstyle.version}.jar"/>
- <property name="javamail.jar" location="${m2_repo}/javax/mail/mail/1.4.3/mail-1.4.3.jar"/>
- <property name="activation.jar" location="${m2_repo}/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <property name="javamail.jar" location="lib/mail.jar"/>
+ <property name="activation.jar" location="lib/android-activation.jar"/>
<property name="junit.version" value="3.8.1"/>
- <property name="junit.jar" location="${m2_repo}/junit/junit/${junit.version}/junit-${junit.version}.jar"/>
+ <property name="junit.jar" location="lib/junit.jar"/>
<!-- Read the system environment variables and stores them in properties, -->
--
1.8.1.4

25
SOURCES/0010-Fix-javadoc-link.patch
Unescape View File

@ -0,0 +1,25 @@
From 4753784d3e8ed5ec9973f67e9017bcb7ef41b4b1 Mon Sep 17 00:00:00 2001
From: Stanislav Ochotnicky <sochotnicky@redhat.com>
Date: Tue, 18 May 2010 15:07:00 +0200
Subject: [PATCH 10/10] Fix javadoc link
---
build.xml | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/build.xml b/build.xml
index 54bad8f..c775a68 100644
--- a/build.xml
+++ b/build.xml
@@ -517,8 +517,7 @@
--&gt;'
bottom="Copyright 2000-2007 Apache Software Foundation.">
- <link href="http://java.sun.com/j2se/1.3/docs/api/"/>
- <link href="http://java.sun.com/j2ee/sdk_1.3/techdocs/api/"/>
+ <link href="${jdk.javadoc}"/>
<classpath refid="compile.classpath"/>
</javadoc>
--
1.6.6.1

5
SOURCES/log4j.catalog
Unescape View File

@ -0,0 +1,5 @@
-- log4j DTD catalog --
-- JPackage Project <http://www.jpackage.org/> --
DOCTYPE log4j:configuration log4j.dtd
PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" log4j.dtd

15
SOURCES/sun-reflect-filter-jdk11.patch
Unescape View File

@ -0,0 +1,15 @@
--- log4j-1_2_17/tests/src/java/org/apache/log4j/util/SunReflectFilter.java~ 2012-05-26 12:00:25.000000000 +0200
+++ log4j-1_2_17/tests/src/java/org/apache/log4j/util/SunReflectFilter.java 2019-11-05 10:04:05.622551632 +0100
@@ -37,6 +37,12 @@
if (in.indexOf("at java.lang.reflect.") >= 0) {
return null;
}
+ if (in.indexOf("at java.base/jdk.internal.reflect.") >= 0) {
+ return null;
+ }
+ if (in.indexOf("at java.base/java.lang.reflect.") >= 0) {
+ return null;
+ }
if (in.indexOf("Compiled Code") >= 0) {
if(in.indexOf("junit.framework.TestSuite") >= 0) {
return util.substitute("s/Compiled Code/TestSuite.java:XXX/", in);

213
SPECS/log4j12.spec
Unescape View File

@ -0,0 +1,213 @@
%global archiversion %(echo %{version} | tr . _ )
Name: log4j12
Version: 1.2.17
Release: 24%{?dist}
Summary: Java logging package
License: ASL 2.0
URL: http://logging.apache.org/log4j/1.2/
BuildArch: noarch
Source0: https://github.com/apache/log4j/archive/v%{archiversion}.tar.gz
Source1: log4j.catalog
Patch0: 0001-logfactor5-changed-userdir.patch
Patch1: 0009-Fix-tests.patch
Patch2: 0010-Fix-javadoc-link.patch
Patch3: 0001-Backport-fix-for-CVE-2017-5645.patch
Patch4: sun-reflect-filter-jdk11.patch
BuildRequires: maven-local
BuildRequires: mvn(com.sun.mail:android-activation)
BuildRequires: mvn(javax.mail:mail)
BuildRequires: mvn(junit:junit)
BuildRequires: mvn(org.apache.ant:ant-junit)
BuildRequires: mvn(org.apache.ant:ant-nodeps)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.geronimo.specs:geronimo-jms_1.1_spec)
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-assembly-plugin)
BuildRequires: mvn(oro:oro)
%description
Log4j is a tool to help the programmer output log statements to a
variety of output targets.
%package javadoc
Summary: Javadoc for %{name}
%description javadoc
This package contains javadoc for %{name}.
%prep
%setup -q -n log4j-%{archiversion}
# Cleanup
find . -name "*.jar" -print -delete
find . -name "*.class" -print -delete
find . -name "*.dll" -print -delete
rm -rf docs/api
%patch0 -p1 -b .logfactor-home
%patch1 -p1 -b .fix-tests
%patch2 -p1 -b .xlink-javadoc
%patch3 -p1
%patch4 -p1
# Remove unavailable plugin
%pom_remove_plugin :clirr-maven-plugin
# Remove unwanted plugin
%pom_remove_plugin :maven-site-plugin
%pom_remove_plugin :maven-source-plugin
%pom_remove_plugin :rat-maven-plugin
# Disable javadoc jar
%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-javadoc-plugin']/pom:executions"
# Remove openejb from dependencies
%pom_remove_dep org.apache.openejb:javaee-api
%pom_remove_dep :ant-contrib
%pom_remove_dep sun.jdk:tools
# Fix ant gId
sed -i.ant "s|groupId>ant<|groupId>org.apache.ant<|g" pom.xml
sed -i.javac "s|1.4|1.6|g" pom.xml build.xml
sed -i.javac "s|1.4|1.6|g" pom.xml build.xml
sed -i.javac "s|1.1|1.6|g" tests/build.xml
sed -i.javac "s|1.1|1.6|g" tests/build.xml
# Fix OSGi manifest
sed -i.javax.jmdns "s|javax.jmdns.*;resolution:=optional,|!javax.jmdns.*,|g" pom.xml
# Add proper bundle symbolicname
%pom_xpath_inject "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:configuration/pom:instructions" "
<Bundle-SymbolicName>org.apache.log4j</Bundle-SymbolicName>
<_nouses>true</_nouses>"
# Disable build unwanted dll library
%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-antrun-plugin']/pom:executions/pom:execution[pom:phase = 'process-classes' ]"
# Don't use deprecated "assembly" goal of Maven Assembly Plugin, which
# was removed in version 3.0.0.
%pom_xpath_set "pom:plugin[pom:artifactId='maven-assembly-plugin']/pom:executions/pom:execution/pom:goals/pom:goal[text()='assembly']" single
sed -i 's/\r//g' LICENSE NOTICE src/site/resources/css/*.css
# fix encoding of mailbox files
for i in contribs/JimMoore/mail*;do
iconv --from=ISO-8859-1 --to=UTF-8 "$i" > new
mv new "$i"
done
%mvn_compat_version log4j:log4j 1.2.17 1.2.16 1.2.15 1.2.14 1.2.13 1.2.12 12
# Remove Microsoft Windows platform specific files
rm -r src/main/java/org/apache/log4j/nt/NTEventLogAppender.java \
tests/src/java/org/apache/log4j/nt/NTEventLogAppenderTest.java
# AssertionFailedError
rm tests/src/java/org/apache/log4j/net/TelnetAppenderTest.java
sed -i '/TelnetAppenderTest/d' tests/src/java/org/apache/log4j/CoreTestSuite.java
%mvn_file log4j:log4j log4j %{name}
%build
# Needed by tests
mkdir -p tests/lib/
(cd tests/lib/
ln -s `build-classpath jakarta-oro`
ln -s `build-classpath javamail/mail`
ln -s `build-classpath javamail/android-activation`
ln -s `build-classpath junit`
)
%mvn_build
%install
%mvn_install -X
# log4j-1 symlink for use with build-classpath et al.
install -d -m 755 %{buildroot}%{_javadir}/
ln -s log4j-%{version}.jar %{buildroot}%{_javadir}/log4j-1.jar
%files -f .mfiles
%{_javadir}/log4j-1.jar
%license LICENSE NOTICE
%files javadoc -f .mfiles-javadoc
%license LICENSE NOTICE
%changelog
* Tue Nov 05 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-24
- Mass rebuild for javapackages-tools 201902
* Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-23
- Mass rebuild for javapackages-tools 201901
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 9 2018 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-21
- Remove unneeded BR on xmvn
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jun 02 2017 Michael Simacek <msimacek@redhat.com> - 1.2.17-19
- Backport fix for CVE-2017-5645
* Wed Mar 15 2017 Michael Simacek <msimacek@redhat.com> - 1.2.17-18
- Add dtd conditional
* Mon Feb 13 2017 Michael Simacek <msimacek@redhat.com> - 1.2.17-17
- Add more compat versions
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Nov 17 2016 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-15
- Don't use deprecated goal of maven-assembly-plugin
* Wed Aug 10 2016 gil cattaneo <puntogil@libero.it> 1.2.17-14
- add missing build requires: xmvn
- remove test failure
- increase to 1.6 javac source/target
* Wed Jun 15 2016 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-13
- Add missing build-requires
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Sat Jan 30 2016 gil cattaneo <puntogil@libero.it> 1.2.17-11
- rebuilt
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.17-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Feb 10 2015 gil cattaneo <puntogil@libero.it> 1.2.17-9
- introduce license macro
* Fri Jan 23 2015 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-8
- Add symlink log4j-1
* Fri Sep 05 2014 gil cattaneo <puntogil@libero.it> 1.2.17-7
- fix rhbz#1120854
* Fri Jul 18 2014 gil cattaneo <puntogil@libero.it> 1.2.17-6
- enabling XMvn debugging output rhbz#1120854
* Thu Jul 10 2014 gil cattaneo <puntogil@libero.it> 1.2.17-5
- fix conflict rhbz#1114135
* Wed Jun 18 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.2.17-4
- Add compat version 1.2.12 (used by velocity and xbean)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 gil cattaneo <puntogil@libero.it> 1.2.17-2
- fix compat version
* Thu May 22 2014 gil cattaneo <puntogil@libero.it> 1.2.17-1
- initial rpm
Write Preview
Loading…
Cancel
Save