Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package log4j for openSUSE:Factory checked in at 2021-12-10 21:53:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/log4j (Old) and /work/SRC/openSUSE:Factory/.log4j.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "log4j" Fri Dec 10 21:53:00 2021 rev:31 rq:939178 version:2.13.2 Changes: -------- --- /work/SRC/openSUSE:Factory/log4j/log4j.changes 2020-04-27 23:39:41.287676666 +0200 +++ /work/SRC/openSUSE:Factory/.log4j.new.2520/log4j.changes 2021-12-10 21:53:34.154923989 +0100 @@ -1,0 +2,7 @@ +Fri Dec 10 14:03:24 UTC 2021 - Peter Simons <[email protected]> + +- Apply "CVE-2021-44228.patch" to fix a remote code execution + vulnerability that existed in the LDAP JNDI parser. [bsc#1193611, + CVE-2021-44228] + +------------------------------------------------------------------- New: ---- CVE-2021-44228.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ log4j.spec ++++++ --- /var/tmp/diff_new_pack.NrueLy/_old 2021-12-10 21:53:34.702924232 +0100 +++ /var/tmp/diff_new_pack.NrueLy/_new 2021-12-10 21:53:34.706924233 +0100 @@ -1,7 +1,7 @@ # # spec file for package log4j # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,7 @@ Source0: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz Source1: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz.asc Patch1: logging-log4j-Remove-unsupported-EventDataConverter.patch +Patch2: CVE-2021-44228.patch BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) ++++++ CVE-2021-44228.patch ++++++ ++++ 668 lines (skipped)
