Hello community, here is the log from the commit of package log4j for openSUSE:Factory checked in at 2020-04-27 23:39:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/log4j (Old) and /work/SRC/openSUSE:Factory/.log4j.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "log4j" Mon Apr 27 23:39:32 2020 rev:30 rq:798308 version:2.13.2 Changes: -------- --- /work/SRC/openSUSE:Factory/log4j/log4j.changes 2020-02-27 14:40:30.282424295 +0100 +++ /work/SRC/openSUSE:Factory/.log4j.new.2738/log4j.changes 2020-04-27 23:39:41.287676666 +0200 @@ -1,0 +2,95 @@ +Mon Apr 27 14:57:36 UTC 2020 - Fridrich Strba <[email protected]> + +- Do not build the log4j-jpl artifact, as to avoid java-11-only + features + +------------------------------------------------------------------- +Mon Apr 27 11:21:57 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Update to 2.13.2 [bsc#1170535, CVE-2020-9488] + * Bugfixes and minor enhancements: + - CVE-2020-9488: Improper validation of certificate with host mismatch + in Apache Log4j SMTP appender. + - Implement requiresLocation in GelfLayout to reflect whether location + information is used in the message Pattern. + - Add option to restore printing timeMillis in the JsonLayout. + - Initialize pattern processor before triggering policy during reconfiguration. + - Add information about using a url in log4j.configurationFile. + - serializeToBytes was checking wrong variable for null. + - Fix Javadoc for ScriptPatternSelector. + - Allow trailing and leading spaces in log level. + - Correct JsonLayout timestamp sorting issue. + - Allow the file size action to parse the value without being sensitive + to the current locale. + - Make YamlLayoutTest more resiliant to environmental differences. + - Conditionally allocate PluginEntry during PluginCache loading. + - Add missing includeLocation parameter when creating AsyncLogger. + - Fix Exceptions when whitespace is in the file path and Java security + manager is used. + - Avoid NullPointerException when StackWalker returns null. + - TimeFilter did not handle daylight saving time transitions and did + not support a range over 2 days. + - Provide a Log4j implementation of System.Logger. + - Added EventLookup to retrieve fields from the log event. + * Changes: + - Allow the file extension in the file pattern to be modified during reconfiguration. + - Add support for specifying an SSL configuration for SmtpAppender. + - Allow servlet context path to be retrieved without "/". + - Allow Spring Lookup to return default and active profiles. + - Allow Spring Boot applications to use composite configuratons. + - Add ContextDataProviders as an alternative to having to implement a ContextDataInjector. + - [JDBC] Throw a AppenderLoggingException instead of an NPE in the JDBC database manager. +- Update to 2.13.1 + - Prevent LoggerContext from being garbage collected while being created. + - Do not log an error if Files.move does not work. + - Rollover fails when file matches pattern but index is too large. + - Counter stuck at 10 and overwriting files when leading zeros used in the file pattern count. + - ClassLoaderContextSelector was not locating the LoggerContext during shutdown. + - JSON output wrong when using additonal fields. + - GraalVM does not allow use of MethodHandles. + - Allow Lookup keys with leading dashes by using a slash as an escape character. + - ServletContainerInitializer was obtaining the StatusLogger too soon. + - PluginProcessor should use Messager instead of System.out. + - MapMessage.getFormattedMesssage() would incorrectly format objects. + - Always write header on a new OutputStream. + - An error message in RollingFileAppender uses a placeholder for the name but does not + specify the name argument in the logging call. + - NullPointerException when using a custom DirectFileRolloverStrategy without a file name. + - Add mulit-parameter overloads to LogBuilder. + - Fixed NullPointerException after reconfiguring via JMX. + - RollingFileAppender was not rolling on startup if createOnDemand was set to true. + - Warn if pattern is missing on Routes element. Use default route. + - Fix lock contention in the classloader using new versions of slf4j without EventData + on slf4j logger creation. + - Rollover handles parallel file deletion gracefully. + - Remove unnecessary EventLogger references from log4j-slf4j18-impl due to removal from slf4j. + - Fix a memory leak using fully asynchronous logging when the queue is full using the 'discard' + asynchronous queue full strategy. + - Fix erroneous log4j-jul recursive logger detection resulting in some no-op JUL loggers and + 'WARN Recursive call to getLogger' being reported by the status logger. + - PluginCache output is reproducible allowing the annotation processor to produce + deterministic results. + - Fix StackLocator.getCallerClass performance in cases where Reflection.getCallerClass + is not accessible. + - MutableLogEvent and RingBufferLogEvent avoid StringBuffer and parameter array allocation + unless reusable messages are used. + - LoaderUtil.getClassLoaders may discover additional loaders and no longer erroneously returns + a result with a null element in some environments. + - CronExpression.getBeforeTime() would sometimes return incorrect result. + - [JDBC] MS-SQL Server JDBC driver throws SQLServerException when inserting a null value + for a VARBINARY column. + - NullPointerException after reconfiguring via JMX. + - Implement ISO8601_PERIOD_MICROS fixed date format matching ISO8601_PERIOD with support + for microsecond precision. + * Changes: + - Conditionally perform status logging calculations in PluginRegistry. + - Use LinkedBlockingQueue instead of synchronized collction in StatusConfiguration. + - Add a retry count attribute to the KafkaAppender. + - Update log4j-slf4j18-impl slf4j version to 1.8.0-beta4 from 1.8.0-alpha2. + - Update dependencies. +- Remove patch fixed upstream: + * logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch +- Refresh patch: + * logging-log4j-Remove-unsupported-EventDataConverter.patch + +------------------------------------------------------------------- Old: ---- apache-log4j-2.13.0-src.tar.gz apache-log4j-2.13.0-src.tar.gz.asc logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch New: ---- apache-log4j-2.13.2-src.tar.gz apache-log4j-2.13.2-src.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ log4j.spec ++++++ --- /var/tmp/diff_new_pack.XOBkzP/_old 2020-04-27 23:39:43.043680094 +0200 +++ /var/tmp/diff_new_pack.XOBkzP/_new 2020-04-27 23:39:43.047680102 +0200 @@ -18,15 +18,14 @@ %bcond_with extras Name: log4j -Version: 2.13.0 +Version: 2.13.2 Release: 0 Summary: Java logging package License: Apache-2.0 URL: http://logging.apache.org/%{name} Source0: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz Source1: http://archive.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz.asc -Patch1: logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch -Patch2: logging-log4j-Remove-unsupported-EventDataConverter.patch +Patch1: logging-log4j-Remove-unsupported-EventDataConverter.patch BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) @@ -208,6 +207,7 @@ %pom_disable_module %{name}-appserver %pom_disable_module %{name}-spring-cloud-config %pom_disable_module %{name}-kubernetes +%pom_disable_module %{name}-jpl %pom_remove_dep -r :jackson-dataformat-yaml %pom_remove_dep -r :jackson-dataformat-xml ++++++ apache-log4j-2.13.0-src.tar.gz -> apache-log4j-2.13.2-src.tar.gz ++++++ /work/SRC/openSUSE:Factory/log4j/apache-log4j-2.13.0-src.tar.gz /work/SRC/openSUSE:Factory/.log4j.new.2738/apache-log4j-2.13.2-src.tar.gz differ: char 12, line 1 ++++++ logging-log4j-Remove-unsupported-EventDataConverter.patch ++++++ --- /var/tmp/diff_new_pack.XOBkzP/_old 2020-04-27 23:39:43.091680188 +0200 +++ /var/tmp/diff_new_pack.XOBkzP/_new 2020-04-27 23:39:43.095680195 +0200 @@ -74,7 +74,7 @@ - } -} diff --git a/log4j-slf4j-impl/src/main/java/org/apache/logging/slf4j/Log4jLogger.java b/log4j-slf4j-impl/src/main/java/org/apache/logging/slf4j/Log4jLogger.java -index ec4decb..21cbbb6 100644 +index 1fa8080..90cfe4e 100644 --- a/log4j-slf4j-impl/src/main/java/org/apache/logging/slf4j/Log4jLogger.java +++ b/log4j-slf4j-impl/src/main/java/org/apache/logging/slf4j/Log4jLogger.java @@ -27,9 +27,7 @@ import org.apache.logging.log4j.message.Message; @@ -87,44 +87,37 @@ import org.slf4j.impl.StaticMarkerBinder; import org.slf4j.spi.LocationAwareLogger; -@@ -41,17 +39,11 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { - public static final String FQCN = Log4jLogger.class.getName(); +@@ -39,18 +37,13 @@ import org.slf4j.spi.LocationAwareLogger; + public class Log4jLogger implements LocationAwareLogger, Serializable { + public static final String FQCN = Log4jLogger.class.getName(); +- private static final long serialVersionUID = 7869000638091304316L; - private static final Marker EVENT_MARKER = MarkerFactory.getMarker("EVENT"); +- private static final EventDataConverter CONVERTER = createConverter(); + - private final boolean eventLogger; private transient ExtendedLogger logger; private final String name; -- private transient EventDataConverter converter; -- + public Log4jLogger(final ExtendedLogger logger, final String name) { this.logger = logger; - this.eventLogger = "EventLogger".equals(name); this.name = name; -- this.converter = createConverter(); } - @Override -@@ -363,9 +355,7 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { +@@ -363,9 +356,7 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { return; } final Message msg; -- if (eventLogger && marker != null && marker.contains(EVENT_MARKER) && converter != null) { -- msg = converter.convertEvent(message, params, throwable); +- if (CONVERTER != null && eventLogger && marker != null && marker.contains(EVENT_MARKER)) { +- msg = CONVERTER.convertEvent(message, params, throwable); - } else if (params == null) { + if (params == null) { msg = new SimpleMessage(message); } else { msg = new ParameterizedMessage(message, params, throwable); -@@ -400,7 +390,6 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { - // always perform the default de-serialization first - aInputStream.defaultReadObject(); - logger = LogManager.getContext().getLogger(name); -- converter = createConverter(); - } - - /** -@@ -411,15 +400,6 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { +@@ -410,15 +401,6 @@ public class Log4jLogger implements LocationAwareLogger, Serializable { aOutputStream.defaultWriteObject(); } @@ -292,6 +285,3 @@ <Logger name="org.apache.logging.log4j.test2" level="debug" additivity="false"> <AppenderRef ref="File"/> </Logger> --- -2.23.0 -
