GNU bug report logs - #52421
[PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

Previous Next

Package: guix-patches;

Reported by: Julien Lepiller <julien <at> lepiller.eu>

Date: Sat, 11 Dec 2021 02:19:02 UTC

Severity: normal

Tags: patch

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 52421 <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: 52421 <at> debbugs.gnu.org
Subject: [PATCH 5/5] gnu: java-log4j-api: Update to 2.15.0.
Date: Sat, 11 Dec 2021 03:23:07 +0100

Includes fixes for CVE-2017-5645, CVE-2020-9488 and CVE-2021-44228.

* gnu/packages/java.scm (java-log4j-api): Update to 2.15.0.
(java-log4j-core, java-log4j-1.2-api)[inputs]: Adjust accordingly.
---
 gnu/packages/java.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 785e9f13e2..d295077113 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -7840,14 +7840,14 @@ (define-public java-javax-mail
 (define-public java-log4j-api
   (package
     (name "java-log4j-api")
-    (version "2.4.1")
+    (version "2.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://apache/logging/log4j/" version
                                   "/apache-log4j-" version "-src.tar.gz"))
               (sha256
                (base32
-                "0j5p9gik0jysh37nlrckqbky12isy95cpwg2gv5fas1rcdqbraxd"))))
+                "0h4ndw096h9cql0kyi1zd0ymp8hqxc1jdgdxkn0kxf8vd9b4dx14"))))
     (build-system ant-build-system)
     (arguments
      `(#:tests? #f ; tests require unpackaged software
@@ -7869,6 +7869,7 @@ (define-public java-log4j-api
      `(("java-osgi-core" ,java-osgi-core)
        ("java-hamcrest-core" ,java-hamcrest-core)
        ("java-junit" ,java-junit)))
+    (properties '((cpe-name . "log4j")))
     (home-page "https://logging.apache.org/log4j/2.x/")
     (synopsis "API module of the Log4j logging framework for Java")
     (description
@@ -7886,7 +7887,11 @@ (define-public java-log4j-core
        ("java-log4j-api" ,java-log4j-api)
        ("java-mail" ,java-mail)
        ("java-jboss-jms-api-spec" ,java-jboss-jms-api-spec)
+       ("java-conversant-disruptor" ,java-conversant-disruptor)
        ("java-lmax-disruptor" ,java-lmax-disruptor)
+       ("java-jctools-core" ,java-jctools-core-1)
+       ("java-stax2-api" ,java-stax2-api)
+       ("java-jansi" ,java-jansi)
        ("java-kafka" ,java-kafka-clients)
        ("java-datanucleus-javax-persistence" ,java-datanucleus-javax-persistence)
        ("java-fasterxml-jackson-annotations" ,java-fasterxml-jackson-annotations)
@@ -7934,6 +7939,7 @@ (define-public java-log4j-1.2-api
     (inputs
      `(("log4j-api" ,java-log4j-api)
        ("log4j-core" ,java-log4j-core)
+       ("java-jboss-jms-api-spec" ,java-jboss-jms-api-spec)
        ("osgi-core" ,java-osgi-core)
        ("eclipse-osgi" ,java-eclipse-osgi)
        ("java-lmax-disruptor" ,java-lmax-disruptor)))))
-- 
2.34.0
This bug report was last modified 3 years and 158 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.