Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package log4j for openSUSE:Factory checked in at 2021-12-18 20:30:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/log4j (Old) and /work/SRC/openSUSE:Factory/.log4j.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "log4j" Sat Dec 18 20:30:21 2021 rev:34 rq:941419 version:2.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/log4j/log4j.changes 2021-12-16 21:19:32.674526544 +0100 +++ /work/SRC/openSUSE:Factory/.log4j.new.2520/log4j.changes 2021-12-18 20:31:17.890277601 +0100 @@ -1,0 +2,27 @@ +Sat Dec 18 15:29:11 UTC 2021 - Andreas Stieger <[email protected]> + +- add upstream signing key to verify source signature + +------------------------------------------------------------------- +Sat Dec 18 11:16:56 UTC 2021 - David Anes <[email protected]> + +- Update to 2.17.0 [bsc#1193887, bsc#1193888, CVE-2021-45105] + * Fixed Bugs + - Fix string substitution recursion. + - Limit JNDI to the java protocol only. JNDI will remain disabled + by default. Rename JNDI enablement property from + 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', + 'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'. + - Limit JNDI to the java protocol only. JNDI will remain disabled + by default. The enablement property has been renamed to + 'log4j2.enableJndiJava' + - Do not declare log4j-api-java9 and log4j-core-java9 as + dependencies as it causes problems with the Maven enforcer + plugin. + - PropertiesConfiguration.parseAppenderFilters NPE when parsing + properties file filters. + - Log4j 1.2 bridge for Syslog Appender defaults to port 512 + instead of 514. + - Log4j 1.2 bridge API hard codes the Syslog protocol to TCP. + +------------------------------------------------------------------- Old: ---- apache-log4j-2.16.0-src.tar.gz apache-log4j-2.16.0-src.tar.gz.asc New: ---- apache-log4j-2.17.0-src.tar.gz apache-log4j-2.17.0-src.tar.gz.asc log4j.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ log4j.spec ++++++ --- /var/tmp/diff_new_pack.d3G8iF/_old 2021-12-18 20:31:18.386277877 +0100 +++ /var/tmp/diff_new_pack.d3G8iF/_new 2021-12-18 20:31:18.390277879 +0100 @@ -17,13 +17,14 @@ Name: log4j -Version: 2.16.0 +Version: 2.17.0 Release: 0 Summary: Java logging package License: Apache-2.0 URL: http://logging.apache.org/%{name} Source0: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz Source1: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz.asc +Source2: https://www.apache.org/dist/logging/KEYS#/%{name}.keyring Patch1: logging-log4j-Remove-unsupported-EventDataConverter.patch BuildRequires: fdupes BuildRequires: maven-local @@ -189,7 +190,7 @@ %{mvn_build} -f -- -Dsource=8 %install -%mvn_install +%{mvn_install} %fdupes -s %{buildroot}%{_javadocdir} %files -f .mfiles ++++++ apache-log4j-2.16.0-src.tar.gz -> apache-log4j-2.17.0-src.tar.gz ++++++ /work/SRC/openSUSE:Factory/log4j/apache-log4j-2.16.0-src.tar.gz /work/SRC/openSUSE:Factory/.log4j.new.2520/apache-log4j-2.17.0-src.tar.gz differ: char 13, line 1 ++++++ log4j.keyring ++++++ ++++ 1036 lines (skipped)
