Hello community, here is the log from the commit of package log4j for openSUSE:Factory checked in at 2020-01-21 21:02:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/log4j (Old) and /work/SRC/openSUSE:Factory/.log4j.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "log4j" Tue Jan 21 21:02:31 2020 rev:28 rq:766064 version:2.13.0 Changes: -------- --- /work/SRC/openSUSE:Factory/log4j/log4j.changes 2020-01-06 15:23:25.456519274 +0100 +++ /work/SRC/openSUSE:Factory/.log4j.new.26092/log4j.changes 2020-01-21 21:03:23.212933461 +0100 @@ -1,0 +2,55 @@ +Tue Jan 21 10:55:28 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Update to 2.13.0 [bsc#1159646, CVE-2019-17571] + * Bugfixes and minor enhancements: + - CVE-2019-17571: Remote code execution: Deserialization of untrusted + data in SocketServer + - Log4j 2 now requires Java 8 or higher to build and run. + - Better integration with Spring Boot by providing access to Spring + variables in Log4j 2 configuration files and allowing Log4j 2 system + properties to be defined in the Spring configuration. + - Support for accessing Kubernetes information via a Log4j 2 Lookup. + - The Gelf Layout now allows the message to be formatted using a + PatternLayout pattern. + - Due to a break in compatibility in the SLF4J binding, Log4j now + ships with two versions of the SLF4J to Log4j adapters. + - log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and + log4j-slf4j18-impl should be used with SLF4J 1.8.x and later. + - Note that the XML, JSON and YAML formats changed in the 2.11.0 release: + they no longer have the "timeMillis" attribute and instead have an + "Instant" element with "epochSecond" and "nanoOfSecond" attributes. + - The Log4j 2.13.0 API, as well as many core components, maintains + binary compatibility with previous releases. + * New Features + - Add ThreadContext.putIfNotNull method. + - Add a Level Patttern Selector. + - Add experimental support for Log4j 1 configuration files. + - Add the ability to lookup Kubernetes attributes in the Log4j + configuration. Allow Log4j properties to be retrieved from the + Spring environment if it is available. + - Allow Spring Boot application properties to be accessed in the + Log4j 2 configuration. Add lower and upper case Lookups. + - Add builder pattern to Logger interface. + * Fixed Bugs + - Prevent recursive calls to java.util.LogManager.getLogger(). + - Added try/finally around event.execute() for RingBufferLogEventHandler + to clear memory correctly in case of exception/error. + - Wrong java version check in ThreadNameCachingStrategy. + - Use a less confusing name for the CompositeConfiguration source. + - Add setKey method to Kafka Appender Builder. + - ArrayIndexOutOfBoundsException could occur with MAC address longer + than 6 bytes. + - The rolling file appenders would fail to compress the file after + rollover if the file name matched the file pattern. + - @PluginValue does not support attribute names besides "value". + - Validation blocks definition of script in properties configuration. + - Set result of rename action to true if file was copied. + - Add automatic module names where missing. + - OutputStreamAppender.Builder ignores setFilter(). + - Prevent a memory leak when async loggers throw errors. + * Changes + - Update Jackson to 2.9.10. + - Allow message portion of GELF layout to be formatted using a PatternLayout. + - Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout. + +------------------------------------------------------------------- Old: ---- apache-log4j-2.11.1-src.tar.gz New: ---- apache-log4j-2.13.0-src.tar.gz apache-log4j-2.13.0-src.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ log4j.spec ++++++ --- /var/tmp/diff_new_pack.NSf1HP/_old 2020-01-21 21:03:24.996934293 +0100 +++ /var/tmp/diff_new_pack.NSf1HP/_new 2020-01-21 21:03:25.028934308 +0100 @@ -18,12 +18,13 @@ %bcond_with extras Name: log4j -Version: 2.11.1 +Version: 2.13.0 Release: 0 Summary: Java logging package License: Apache-2.0 URL: http://logging.apache.org/%{name} Source0: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz +Source1: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz.asc BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) @@ -134,13 +135,14 @@ %pom_remove_plugin -r :maven-doap-plugin %pom_remove_plugin -r :maven-source-plugin %pom_remove_plugin -r :maven-toolchains-plugin +%pom_remove_plugin -r :revapi-maven-plugin # remove all the stuff we'll build ourselves find -name "*.jar" -o -name "*.class" -delete rm -rf docs/api -%pom_disable_module %{name}-samples %pom_disable_module %{name}-distribution +%pom_disable_module %{name}-samples # Apache Flume is not in Fedora yet %pom_disable_module %{name}-flume-ng @@ -201,6 +203,8 @@ %pom_disable_module %{name}-couchdb %pom_disable_module %{name}-cassandra %pom_disable_module %{name}-appserver +%pom_disable_module %{name}-spring-cloud-config +%pom_disable_module %{name}-kubernetes %pom_remove_dep -r :jackson-dataformat-yaml %pom_remove_dep -r :jackson-dataformat-xml @@ -213,7 +217,9 @@ rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/{jackson,config/yaml,parser} rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/appender/{db,mom,nosql} rm log4j-core/src/main/java/org/apache/logging/log4j/core/layout/*{Csv,Jackson,Xml,Yaml,Json,Gelf}*.java +rm log4j-1.2-api/src/main/java/org/apache/log4j/builders/layout/*Xml*.java rm log4j-api/src/main/java/org/apache/logging/log4j/util/Activator.java +rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms %endif %{mvn_alias} :%{name}-1.2-api %{name}:%{name} @@ -237,7 +243,7 @@ %build # missing test deps (mockejb) -%{mvn_build} -f -- -Dsource=7 +%{mvn_build} -f -- -Dsource=8 %install %mvn_install ++++++ apache-log4j-2.11.1-src.tar.gz -> apache-log4j-2.13.0-src.tar.gz ++++++ /work/SRC/openSUSE:Factory/log4j/apache-log4j-2.11.1-src.tar.gz /work/SRC/openSUSE:Factory/.log4j.new.26092/apache-log4j-2.13.0-src.tar.gz differ: char 14, line 1
