From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:18:59 2021 Received: (at submit) by debbugs.gnu.org; 11 Dec 2021 02:18:59 +0000 Received: from localhost ([127.0.0.1]:48256 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvryV-0007DU-6q for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:18:59 -0500 Received: from lists.gnu.org ([209.51.188.17]:39174) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvryS-0007DL-60 for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:18:58 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48398) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mvryR-0001M3-Oc for guix-patches@gnu.org; Fri, 10 Dec 2021 21:18:56 -0500 Received: from [2a00:5884:8208::1] (port=50210 helo=lepiller.eu) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mvryL-0004BS-5Z for guix-patches@gnu.org; Fri, 10 Dec 2021 21:18:55 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 49cb5bfc for ; Sat, 11 Dec 2021 02:12:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=dkim; bh=ByVLQQ7mFroUuk2tBQ+wQQBj9 WMMNZmbT4xfzIsP0II=; b=TS5tYIEh+amjPH5VXa4qAoHILX73l1fBVSSXO9lFk 7yvjOEWxrwT23DzPGvRY7aJCVMUfham0S7SQdCXZTpZcpYRmW7yuMpwPB0uXfRXB kdr5L9GQQQQd296buJQkbGA6nYGMgAY4ob8yUtAaD5S2BZ9ZF8yhAypRwiMUmb2k 8ufvMs5GxOTOk6CAU90ghdlxrkHlbzzQCIaFmssb/zWmKbf3f+/D0DMDFaH0chZX vBXGnU5P+A2XfuxRCdQnwZnhPFHZ3PWqd6Uumi6Qt0TvT+ul5J1Gu8n5j6tHJWoq RlFzLgt+imECTW2N6STPa5NCF6+X6pMgX8vgFDH+1KAig== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 00f24f50 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Sat, 11 Dec 2021 02:12:07 +0000 (UTC) Date: Sat, 11 Dec 2021 03:11:59 +0100 From: Julien Lepiller To: guix-patches@gnu.org Subject: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. Message-ID: <20211211031159.29aa79db@tachikoma.lepiller.eu> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.24; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:5884:8208::1 (failed) Received-SPF: pass client-ip=2a00:5884:8208::1; envelope-from=julien@lepiller.eu; helo=lepiller.eu X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hi Guix! today I learnt about a CVE on log4j. Looking more closely, it seems that log4j2 has had 3 CVEs (at least 3 are listed on https://logging.apache.org/log4j/2.x/security.html) and we're vulnerable to all of them \o/ This series updates to the latest version. Thankfully, log4j keeps a stable API, so there's no breakage in dependents, but a few dependencies had to be added/updated. From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:23:24 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 02:23:24 +0000 Received: from localhost ([127.0.0.1]:48263 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2l-0007Kl-OA for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:24 -0500 Received: from lepiller.eu ([89.234.186.109]:32802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2i-0007KV-GH for 52421@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:22 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 45b83142 for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; s=dkim; bh=S02mXm01VN7gck1upIFapvme3 OSn+ZwarJrQExUwa10=; b=OKboa2bZQAS1VSM/Gbnl/B/ACTgDplXPBYrwZrdGK KDU4JCGEn4Jyq8yjSCLYk6DIBFUt0rMEBvn6dLHntz9miDnAfODuQ6amhJ90MS/P QDh3BReTVLpQlZJ1YEYR2AC6zoNmNlnjcpPmgjzTIRisaOffJAJhLMWfiMM5g+3A +0Q7Rymqn1dqmxho1WD8kDw8Ny7UWCaLR9baEjm7Xn4oTAA+OkmVd794AjdnAx2E /iJMwVMYtPbi/8trmtDlp7PSuqTs8ZoN/6G0ZbxfLM21p4+Sp66yqhSx/HST09/M oTQU3wveuNcrgqgX7WsJW+Jnjc8y5qcOJ6ev/9b2SR0Kw== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 0bfe395c (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:18 +0000 (UTC) From: Julien Lepiller To: 52421@debbugs.gnu.org Subject: [PATCH 1/5] gnu: java-jansi: Update to 2.4.0. Date: Sat, 11 Dec 2021 03:23:03 +0100 Message-Id: X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/java.scm (java-jansi): Update to 2.4.0. (java-jansi-1): New variable. (java-jline-2)[inputs]: Use java-jansi-1. * gnu/packages/groovy.scm (java-groovy-bootstrap)[inputs]: Use java-jansi-1. --- gnu/packages/groovy.scm | 2 +- gnu/packages/java.scm | 82 +++++++++++++++++++++++++++++++++++------ 2 files changed, 71 insertions(+), 13 deletions(-) diff --git a/gnu/packages/groovy.scm b/gnu/packages/groovy.scm index c44a17b59e..382dfe7faf 100644 --- a/gnu/packages/groovy.scm +++ b/gnu/packages/groovy.scm @@ -102,7 +102,7 @@ (define java-groovy-bootstrap ("java-asm-util" ,java-asm-util-8) ("java-classpathx-servletapi" ,java-classpathx-servletapi) ("java-commons-cli" ,java-commons-cli) - ("java-jansi" ,java-jansi) + ("java-jansi" ,java-jansi-1) ("java-jline-2" ,java-jline-2) ("java-picocli" ,java-picocli) ("java-xstream" ,java-xstream))) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 36424ee8b1..51b8bc673d 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -12134,15 +12134,78 @@ (define-public java-jansi-native (define-public java-jansi (package (name "java-jansi") + (version "2.4.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fusesource/jansi") + (commit (string-append "jansi-" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1s6fva06990798b5fyxqzr30zwyj1byq5wrm54j2larcydaryggf")) + (modules '((guix build utils))) + (snippet + ;; contains pre-compiled libraries + '(delete-file-recursively + "src/main/resources/org/fusesource/jansi/internal")))) + (build-system ant-build-system) + (arguments + `(#:jar-name "jansi.jar" + #:source-dir "src/main/java" + #:test-dir "src/test" + #:tests? #f; require junit 3 + #:phases + (modify-phases %standard-phases + (add-before 'build 'build-native + (lambda* (#:key inputs #:allow-other-keys) + (with-directory-excursion "src/main/native" + (invoke "gcc" "-c" "jansi_ttyname.c" "-o" "jansi_ttyname.o" + (string-append "-I" (assoc-ref inputs "jdk") + "/include/linux") + "-fPIC" "-O2") + (invoke "gcc" "-o" "libjansi.so" "-shared" "jansi_ttyname.o")))) + (add-before 'build 'install-native + (lambda _ + (let ((dir (string-append "build/classes/META-INF/org/fusesource/" + "jansi/internal/native/" + ,(match (%current-system) + ("i686-linux" "linux/x86") + ("x86_64-linux" "linux/x86_64") + ("armhf-linux" "linux/armv7") + ("aarch64-linux" "linux/arm64") + ("mips64el-linux" "linux/mips64") + (_ "unknown-kernel"))))) + (install-file "src/main/native/libjansi.so" dir)) + #t)) + (add-before 'build 'copy-resources + (lambda _ + (copy-recursively "src/main/resources" "build/classes") + #t)) + (add-after 'check 'clear-term + (lambda _ + (invoke "echo" "-e" "\\e[0m"))) + (replace 'install + (install-from-pom "pom.xml"))))) + (home-page "https://fusesource.github.io/jansi/") + (synopsis "Portable ANSI escape sequences") + (description "Jansi is a Java library that allows you to use ANSI escape +sequences to format your console output which works on every platform.") + (license license:asl2.0))) + +(define-public java-jansi-1 + (package + (inherit java-jansi) (version "1.16") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/fusesource/jansi/archive/" - "jansi-project-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/fusesource/jansi") + (commit (string-append "jansi-project-" version)))) + (file-name (git-file-name "jansi" version)) (sha256 (base32 - "11kh3144i3fzp21dpy8zg52mjmsr214k7km9p8ly0rqk2px0qq2z")))) - (build-system ant-build-system) + "0ikk0x352gh30b42qn1jd89xwsjj0mavrc5kms7fss15bd8vsayx")))) (arguments `(#:jar-name "jansi.jar" #:source-dir "jansi/src/main/java" @@ -12173,12 +12236,7 @@ (define-public java-jansi `(("java-jansi-native" ,java-jansi-native))) (native-inputs `(("java-junit" ,java-junit) - ("java-hamcrest-core" ,java-hamcrest-core))) - (home-page "https://fusesource.github.io/jansi/") - (synopsis "Portable ANSI escape sequences") - (description "Jansi is a Java library that allows you to use ANSI escape -sequences to format your console output which works on every platform.") - (license license:asl2.0))) + ("java-hamcrest-core" ,java-hamcrest-core))))) (define-public java-jboss-el-api-spec (package @@ -12541,7 +12599,7 @@ (define-public java-jline-2 `(#:jdk ,icedtea-8 ,@(package-arguments java-jline))) (inputs - `(("java-jansi" ,java-jansi) + `(("java-jansi" ,java-jansi-1) ("java-jansi-native" ,java-jansi-native))) (native-inputs `(("java-powermock-modules-junit4" ,java-powermock-modules-junit4) -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:23:24 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 02:23:24 +0000 Received: from localhost ([127.0.0.1]:48265 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2m-0007Kt-Bf for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:24 -0500 Received: from lepiller.eu ([89.234.186.109]:32802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2k-0007KV-Ph for 52421@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:23 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id a3b27020 for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; s=dkim; bh=YzFIDq8XvDDKONL0m+9tEQmZo GTlhhMxjMN/nSCL4i0=; b=YuhMAjS6mG6Bqq6dVLd8YHoORqznH9zNu35qGtJ61 YKEDD97Chy23lLVXaIFWz+sghoHwPQulLTDsTHvzSGmmh4hgt2pKpEE00xeJlh// fFFY/3Ez4jcKYrDNQ3kQMMnOoLJZQcFWhqYSnSwLbCvXaBTnvnI1wuxLPcBQ4mrs 2HkZYq0aINk4QcdyZ/+gcBTut9s8pOqMgQOXwqLlBhoFOB0M9CNUaSWj/uBuBA2e oVngMDFjhBhHPmcBavRMuEEVH37Q6rpZvsZYHX9uhJRAA/KEB9SbePxCiL7VhRY/ be16YK2O+bVDBK/9ZyFWZ6HowV0KwuZQkViwDAGiEredw== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 1c9e6850 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:18 +0000 (UTC) From: Julien Lepiller To: 52421@debbugs.gnu.org Subject: [PATCH 2/5] gnu: Add java-jctools-core-1. Date: Sat, 11 Dec 2021 03:23:04 +0100 Message-Id: <50efd67f908049eaf546d02e2b65aa17ec90c471.1639188753.git.julien@lepiller.eu> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/java.scm (java-jctools-core-1): New variable. --- gnu/packages/java.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 51b8bc673d..f37baabd37 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -11350,6 +11350,33 @@ (define-public java-lmax-disruptor message queues or resource locking.") (license license:asl2.0))) +(define-public java-jctools-core-1 + (package + (name "java-jctools-core") + (version "1.2.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/JCTools/JCTools") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "105my29nwd4djvdllmq8s3jdzbyplbkxzwmddxiiilb4yqr1pghb")))) + (build-system ant-build-system) + (arguments + `(#:jar-name "java-jctools-core.jar" + #:source-dir "jctools-core/src/main/java" + #:test-dir "jctools-core/src/test")) + (native-inputs + `(("java-junit" ,java-junit) + ("java-hamcrest-all" ,java-hamcrest-all))) + (home-page "https://github.com/JCTools/JCTools") + (synopsis "Concurrency Tools for Java") + (description "This library implement concurrent data structures that are +not natively available in Java.") + (license license:asl2.0))) + (define-public java-commons-bcel (package (name "java-commons-bcel") -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:23:27 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 02:23:27 +0000 Received: from localhost ([127.0.0.1]:48269 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2o-0007LI-Mz for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:27 -0500 Received: from lepiller.eu ([89.234.186.109]:32802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2l-0007KV-G2 for 52421@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:24 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id c95d0a0d for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; s=dkim; bh=M6APStGuBYAev6jXK0A+qxWTR mox34psoYwq5XwIPx4=; b=hmf0DTww1kFGSbvuOyEnq1QqhaNrGxvCb7jpUO5aa xQD8beGlAZxCl5+Jxteoxo+mTN7T8nkUuVnDmhYhKAPbQWGeblLHNj+abmvGzuJm iRjT+BY1iwdrg5aznN6gYlNVZ2xHx1ydEzEBJ7N0ncBOaW914cfvkSHgAdx7VS7M jwaLO6KxdXbzwi4Vl1spI2lwCMDBkLpTEnhCPE7ytsd+pxOvdsEzWtdd7FxCfQpX 93q7+enS8XGiBhzURVyYQUFn9R8qOvff+KE43YRSc1Bx/e7z6Fr/QlMJT4LBldiL L1cq9DPTGstvmCbTcmZpNrURYWZashnqGkWEI0dujUt4g== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id aa9e7219 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:19 +0000 (UTC) From: Julien Lepiller To: 52421@debbugs.gnu.org Subject: [PATCH 3/5] gnu: Add java-conversant-disruptor. Date: Sat, 11 Dec 2021 03:23:05 +0100 Message-Id: X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/java.scm (java-conversant-disruptor): New variable. --- gnu/packages/java.scm | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index f37baabd37..192105008f 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -11350,6 +11350,41 @@ (define-public java-lmax-disruptor message queues or resource locking.") (license license:asl2.0))) +(define-public java-conversant-disruptor + (package + (name "java-conversant-disruptor") + (version "1.2.19") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/conversant/disruptor") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0gx1dm7sfg7pa05cs4qby10gfcplai5b5lf1f7ik1a76dh3vhl0g")))) + (build-system ant-build-system) + (arguments + `(#:jar-name "java-conversant-disruptor.jar" + #:source-dir "src/main/java" + #:phases + (modify-phases %standard-phases + (add-before 'build 'copy-resources + (lambda _ + (copy-recursively "src/main/resources" "build/classes"))) + (add-before 'build 'remove-module + (lambda _ + (delete-file "src/main/java/module-info.java")))))) + (native-inputs + `(("java-junit" ,java-junit))) + (home-page "https://github.com/conversant/disruptor") + (synopsis "High performance intra-thread communication") + (description "Conversant Disruptor is the highest performing intra-thread +transfer mechanism available in Java. Conversant Disruptor is an implementation +of this type of ring buffer that has almost no overhead and that exploits a +particularly simple design.") + (license license:asl2.0))) + (define-public java-jctools-core-1 (package (name "java-jctools-core") -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:23:27 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 02:23:27 +0000 Received: from localhost ([127.0.0.1]:48271 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2p-0007LK-5f for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:27 -0500 Received: from lepiller.eu ([89.234.186.109]:32802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2m-0007KV-AM for 52421@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:24 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id f71d34cd for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; s=dkim; bh=77GNtedCKfORiZiVdd8fNybFG NC/4SV/x5h2mNZXHYA=; b=mt49PUFOw+Qfi6sHjR5YBFsv6i3rud3438mhMt/DK 9DOuvDC6fHzGYS7cDDw2wCta4kISDeo42XBlwpxpQ0uYmLtMedER8B6l75NeOuFV nYsIWE4seeFERI8decj7Dfk6OptEwT7bTAalBWgf9w3AcslfKEeFJI7U9xOSIjst /Vj0KxSgndi7icZQiURkRxNjy5vz2N1MbC2icFZ52dkvN7zTRrTo6ouCQA9YyOOt EO2DnosAyCh+1iyRb4Ya/Exb4M1Derh8DvQY2dGFzU3Aoa168ZZLfAN1xteTF5T2 CyutHeJZWI/unYei0PzsIXzmm5cdK7u/pfncIXTYTjWXQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 24633901 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:19 +0000 (UTC) From: Julien Lepiller To: 52421@debbugs.gnu.org Subject: [PATCH 4/5] gnu. java-lmax-disruptor: Update to 3.4.4. Date: Sat, 11 Dec 2021 03:23:06 +0100 Message-Id: X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/java.scm (java-lmax-disruptor): Update to 3.4.4. --- gnu/packages/java.scm | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 192105008f..785e9f13e2 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -11318,15 +11318,16 @@ (define-public java-bouncycastle (define-public java-lmax-disruptor (package (name "java-lmax-disruptor") - (version "3.3.7") + (version "3.4.4") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/LMAX-Exchange/disruptor/" - "archive/" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/LMAX-Exchange/disruptor") + (commit version))) + (file-name (git-file-name name version)) (sha256 (base32 - "17da2gwj5abnlsfgn2xqjk5lgzbg4vkb0hdv2dvc8r2fx4bi7w3g")))) + "02c5kp3n8a73dq9ay7ar53s1k3x61z9yzc5ikqb03m6snr1wpfqn")))) (build-system ant-build-system) (arguments `(#:jar-name "java-lmax-disruptor.jar" -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 10 21:23:27 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 02:23:27 +0000 Received: from localhost ([127.0.0.1]:48273 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2p-0007LS-Eg for submit@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:27 -0500 Received: from lepiller.eu ([89.234.186.109]:32802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mvs2n-0007KV-2Y for 52421@debbugs.gnu.org; Fri, 10 Dec 2021 21:23:25 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id db87287f for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; s=dkim; bh=x52/8jZZFsADjUmMn7r3L5Wef WG/4nztNYErNUPtLqo=; b=li7dMAXTzAbAIhaPsPlqm6rKhZmYL1QUK6paDtmsQ 4eXgzhu1K7nP0kQs+3O+ZY+QglqDQTBAWYQCYnKmtHx0Y2ICaT/TdtWek3OfcXZh XxC+r0Mn+Y5u+QAzIAy46aVGSOXKuN9ZwhGZe0KVUtlW389SUqOJ3IuQArNRzykb OrQEVufbd0vhoG7I3S7cLbBdcqCNpStQ8tHQiXWl7gRbwzP9DaA6uq0vUSJqAdYw pyFlSKTSn2/3FjIVXqpQO5lhg2H5mrvSjWHaJhfvjhK4qAVh+0iqG3ta+9UGxJy+ wTYzZBOlsjqSnsaiKIPZGMLp7KQYqRoGNBV8ef2ul/MPA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 2cf37823 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <52421@debbugs.gnu.org>; Sat, 11 Dec 2021 02:23:20 +0000 (UTC) From: Julien Lepiller To: 52421@debbugs.gnu.org Subject: [PATCH 5/5] gnu: java-log4j-api: Update to 2.15.0. Date: Sat, 11 Dec 2021 03:23:07 +0100 Message-Id: X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Includes fixes for CVE-2017-5645, CVE-2020-9488 and CVE-2021-44228. * gnu/packages/java.scm (java-log4j-api): Update to 2.15.0. (java-log4j-core, java-log4j-1.2-api)[inputs]: Adjust accordingly. --- gnu/packages/java.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 785e9f13e2..d295077113 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -7840,14 +7840,14 @@ (define-public java-javax-mail (define-public java-log4j-api (package (name "java-log4j-api") - (version "2.4.1") + (version "2.15.0") (source (origin (method url-fetch) (uri (string-append "mirror://apache/logging/log4j/" version "/apache-log4j-" version "-src.tar.gz")) (sha256 (base32 - "0j5p9gik0jysh37nlrckqbky12isy95cpwg2gv5fas1rcdqbraxd")))) + "0h4ndw096h9cql0kyi1zd0ymp8hqxc1jdgdxkn0kxf8vd9b4dx14")))) (build-system ant-build-system) (arguments `(#:tests? #f ; tests require unpackaged software @@ -7869,6 +7869,7 @@ (define-public java-log4j-api `(("java-osgi-core" ,java-osgi-core) ("java-hamcrest-core" ,java-hamcrest-core) ("java-junit" ,java-junit))) + (properties '((cpe-name . "log4j"))) (home-page "https://logging.apache.org/log4j/2.x/") (synopsis "API module of the Log4j logging framework for Java") (description @@ -7886,7 +7887,11 @@ (define-public java-log4j-core ("java-log4j-api" ,java-log4j-api) ("java-mail" ,java-mail) ("java-jboss-jms-api-spec" ,java-jboss-jms-api-spec) + ("java-conversant-disruptor" ,java-conversant-disruptor) ("java-lmax-disruptor" ,java-lmax-disruptor) + ("java-jctools-core" ,java-jctools-core-1) + ("java-stax2-api" ,java-stax2-api) + ("java-jansi" ,java-jansi) ("java-kafka" ,java-kafka-clients) ("java-datanucleus-javax-persistence" ,java-datanucleus-javax-persistence) ("java-fasterxml-jackson-annotations" ,java-fasterxml-jackson-annotations) @@ -7934,6 +7939,7 @@ (define-public java-log4j-1.2-api (inputs `(("log4j-api" ,java-log4j-api) ("log4j-core" ,java-log4j-core) + ("java-jboss-jms-api-spec" ,java-jboss-jms-api-spec) ("osgi-core" ,java-osgi-core) ("eclipse-osgi" ,java-eclipse-osgi) ("java-lmax-disruptor" ,java-lmax-disruptor))))) -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Dec 11 16:08:39 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 21:08:39 +0000 Received: from localhost ([127.0.0.1]:50126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mw9bj-0001w8-9h for submit@debbugs.gnu.org; Sat, 11 Dec 2021 16:08:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39526) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mw9bh-0001vv-Mp for 52421@debbugs.gnu.org; Sat, 11 Dec 2021 16:08:38 -0500 Received: from [2001:470:142:3::e] (port=39318 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mw9ba-0006XJ-4G; Sat, 11 Dec 2021 16:08:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=UGwlNQc1IDYh+8o4Zq3OnJwhUIrU6I/PBvBQC2yzvwg=; b=fJwG7uu3mxSLwoEguiY/ Lr/aMpRdZcnQuENtohcWCD5RfcaHNM6+hca20TMes+XU/604BP40odB7Xbb6UVxRwU7mAI5ZZ7D9p 9ddUvno8gEpnYibsN+F2qmcf4Cdx3YKNbCTMVMIv85T4SFJpHc7PSnVyxgZ/jEB1ylXPjtZ7GGFV/ bV1CZT33WPSwBvCVoSmK9/5XOz9CMYOj8h9xuVm1WXzga7NWLBFusTSREqv4jQw3TjI7pF+cd4nCt 4M8LsJqxdwwdKsEt/Ixe4dkIU0XZB7hnMBKMLqW0Futsqz8ioALPA5/wkmpyD5El1iiNkNSqmZQ41 cqjeyJE7ytam+Q==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:63853 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mw9ba-0006qy-2Y; Sat, 11 Dec 2021 16:08:30 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Julien Lepiller Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. References: <20211211031159.29aa79db@tachikoma.lepiller.eu> Date: Sat, 11 Dec 2021 22:08:27 +0100 In-Reply-To: <20211211031159.29aa79db@tachikoma.lepiller.eu> (Julien Lepiller's message of "Sat, 11 Dec 2021 03:11:59 +0100") Message-ID: <87o85m6e9g.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 52421 Cc: 52421@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Julien Lepiller skribis: > today I learnt about a CVE on log4j. Looking more closely, it seems > that log4j2 has had 3 CVEs (at least 3 are listed on > https://logging.apache.org/log4j/2.x/security.html) and we're > vulnerable to all of them \o/ > > This series updates to the latest version. Thankfully, log4j keeps a > stable API, so there's no breakage in dependents, but a few > dependencies had to be added/updated. I had a quick look and it all LGTM. Thanks for taking care of it! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Dec 11 16:09:28 2021 Received: (at 52421) by debbugs.gnu.org; 11 Dec 2021 21:09:28 +0000 Received: from localhost ([127.0.0.1]:50131 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mw9cW-0001xX-Iw for submit@debbugs.gnu.org; Sat, 11 Dec 2021 16:09:28 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mw9cU-0001xK-Ut for 52421@debbugs.gnu.org; Sat, 11 Dec 2021 16:09:27 -0500 Received: from [2001:470:142:3::e] (port=39370 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mw9cP-0006fZ-PQ; Sat, 11 Dec 2021 16:09:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=k9aNX0cX+Eut/Vo7/0I1qzQdu/buwYgkQSAjr9Qn3Jw=; b=PlSsitSa/3seSLDde5SD Q/dWIV35PAmhjZNCERrbZzC3M6vAEdKbLIqNhY4YQlCwwOIHRL15/54OfpncABiXEDyLymPRsMVi0 ROyTaNILioV6dkHALdIrfDCxAAqOo9KhVCEHO+7aeyV0bZc2XOmZ/CTUCnuVRw0FhE544RQqwVkPg ynCCZj/YlfpgAt1vHyEQi/4wbSXYNAea57nMlIT+PHEqBI7/pb6d3c1gEIh1I5MhSckWjYhnz4Hhy JeQ+GJRFKDtbSAIOatr7TMOdEehUzK2Q1bgkTqa+2fmX+ToGZWbguqBEo0A71yH2xTTqHeu/CCrkh DBWN19ZTgvT99A==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59165 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mw9cP-0006vZ-Jt; Sat, 11 Dec 2021 16:09:21 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Julien Lepiller Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. References: <20211211031159.29aa79db@tachikoma.lepiller.eu> <50efd67f908049eaf546d02e2b65aa17ec90c471.1639188753.git.julien@lepiller.eu> Date: Sat, 11 Dec 2021 22:09:19 +0100 In-Reply-To: <50efd67f908049eaf546d02e2b65aa17ec90c471.1639188753.git.julien@lepiller.eu> (Julien Lepiller's message of "Sat, 11 Dec 2021 03:23:04 +0100") Message-ID: <87k0ga6e80.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 52421 Cc: 52421@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Julien Lepiller skribis: > + (home-page "https://github.com/JCTools/JCTools") > + (synopsis "Concurrency Tools for Java") Lowercase =E2=80=9Ctools=E2=80=9D. > + (description "This library implement concurrent data structures that= are =E2=80=9Cimplements=E2=80=9D Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 12 13:25:57 2021 Received: (at 52421-done) by debbugs.gnu.org; 12 Dec 2021 18:25:57 +0000 Received: from localhost ([127.0.0.1]:53066 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwTXp-0003XA-Ll for submit@debbugs.gnu.org; Sun, 12 Dec 2021 13:25:57 -0500 Received: from lepiller.eu ([89.234.186.109]:39588) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwTXn-0003X0-DW for 52421-done@debbugs.gnu.org; Sun, 12 Dec 2021 13:25:56 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 849c060b; Sun, 12 Dec 2021 18:25:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=dkim; bh=OccJyPR2EgFM DGrE8VAGkxjSJSvUakDeQNvxr69QkXg=; b=C2DznyfTkxv9fiuKsYu3um7fxw2W jTv7z9rPLi2ykg+yESSTvrheMezpj8tVKJFr04fHzIyYja8tqvmMGxeSr+Wz4b3P SNe9BhgA7srxHMGxPPfKx6YSnnGl0DJALMSHN5E0lYkZapoqkd53jX8Lpp22DivI uUSYyqod4isH4XjlgUSEOy+7SbpXW6OHvllh4NApvBHFNs8PFz1H6tJ3RrC2j6+g uoYsMC61rV7uCA5aDFNEJPDWhS+Elezc0sf27h542+C4uurDL8E6RtryH0VtMSi5 lD6n04iVm7U4imGtKC2hKbaJiwhwyxq8K0tnVVRb1yCrMP1lfIfQxuwfhg== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 4aecc120 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sun, 12 Dec 2021 18:25:52 +0000 (UTC) Date: Sun, 12 Dec 2021 19:25:44 +0100 From: Julien Lepiller To: Ludovic =?UTF-8?B?Q291cnTDqHM=?= Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. Message-ID: <20211212192544.0b4015e2@tachikoma.lepiller.eu> In-Reply-To: <87k0ga6e80.fsf_-_@gnu.org> References: <20211211031159.29aa79db@tachikoma.lepiller.eu> <50efd67f908049eaf546d02e2b65aa17ec90c471.1639188753.git.julien@lepiller.eu> <87k0ga6e80.fsf_-_@gnu.org> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.24; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52421-done Cc: 52421-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Thanks for the review. I added remarks from IRC and pushed the update as 5259513d5e5a918bb44b87ab7a562621cc78c945 to d5cfca23e30a9166d49faf0b48cca3ee27699f7a. From unknown Tue Jun 17 22:22:09 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 10 Jan 2022 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator