diff --git a/SOURCES/0001-Add-test-case-for-JNDI-disablement.patch b/SOURCES/0001-Add-test-case-for-JNDI-disablement.patch
new file mode 100644
index 0000000..f8ba9f7
--- /dev/null
+++ b/SOURCES/0001-Add-test-case-for-JNDI-disablement.patch
@@ -0,0 +1,123 @@
+From 4c962ce4c1356e94b66a5599a2c32c30eb3369e3 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Wed, 15 Dec 2021 17:26:22 +0100
+Subject: [PATCH 1/2] Add test case for JNDI disablement
+
+---
+ tests/build.xml | 14 +++++++-
+ tests/input/JNDI0.properties | 3 ++
+ tests/input/JNDI1.properties | 4 +++
+ .../java/org/apache/log4j/JNDITestCase.java | 34 +++++++++++++++++++
+ 4 files changed, 54 insertions(+), 1 deletion(-)
+ create mode 100644 tests/input/JNDI0.properties
+ create mode 100644 tests/input/JNDI1.properties
+ create mode 100644 tests/src/java/org/apache/log4j/JNDITestCase.java
+
+diff --git a/tests/build.xml b/tests/build.xml
+index 74a7139d..7cac1424 100644
+--- a/tests/build.xml
++++ b/tests/build.xml
+@@ -38,6 +38,8 @@
+ <property name="activation.jar" location="lib/mail.jar"/>
+ <property name="junit.version" value="3.8.1"/>
+ <property name="junit.jar" location="lib/junit.jar"/>
++ <property name="geronimo-jms.jar"
++ value="lib/jms.jar"/>
+
+
+ <!-- Read the system environment variables and stores them in properties, -->
+@@ -71,6 +73,7 @@
+ <pathelement location="${junit.jar}"/>
+ <pathelement location="${javamail.jar}"/>
+ <pathelement location="${activation.jar}"/>
++ <pathelement location="${geronimo-jms.jar}"/>
+ <pathelement path="${java.class.path}"/>
+ </path>
+
+@@ -158,7 +161,7 @@
+ <!-- ================================================================= -->
+ <!-- Run all tests -->
+ <!-- ================================================================= -->
+- <target name="runAll" depends="regression, longUnit"/>
++ <target name="runAll" depends="regression, longUnit, JNDI"/>
+
+ <!-- ================================================================= -->
+ <!-- Tests multiple parts of log4j. These tests are much more fragile -->
+@@ -262,6 +265,15 @@
+ </junit>
+ </target>
+
++ <target name="JNDI" depends="build">
++ <junit printsummary="yes" fork="yes"
++ haltonfailure="${haltonfailure}" dir="${basedir}">
++ <classpath refid="tests.classpath"/>
++ <formatter type="plain" usefile="false"/>
++ <test name="org.apache.log4j.JNDITestCase" />
++ </junit>
++ </target>
++
+ <target name="DefaultInit" depends="build">
+ <!-- Delete possible cruft from previous runs. -->
+ <delete file="${basedir}/classes/log4j.xml"/>
+diff --git a/tests/input/JNDI0.properties b/tests/input/JNDI0.properties
+new file mode 100644
+index 00000000..1fd92627
+--- /dev/null
++++ b/tests/input/JNDI0.properties
+@@ -0,0 +1,3 @@
++log4j.rootLogger=DEBUG, testAppender
++log4j.appender.testAppender=org.apache.log4j.net.JMSAppender
++log4j.appender.testAppender.TopicConnectionFactoryBindingName=foo
+diff --git a/tests/input/JNDI1.properties b/tests/input/JNDI1.properties
+new file mode 100644
+index 00000000..28202fed
+--- /dev/null
++++ b/tests/input/JNDI1.properties
+@@ -0,0 +1,4 @@
++log4j.rootLogger=DEBUG, testAppender
++log4j.appender.testAppender=org.apache.log4j.net.JMSAppender
++log4j.appender.testAppender.TopicConnectionFactoryBindingName=foo
++log4j.appender.testAppender.Enabled=true
+diff --git a/tests/src/java/org/apache/log4j/JNDITestCase.java b/tests/src/java/org/apache/log4j/JNDITestCase.java
+new file mode 100644
+index 00000000..6ef8ec90
+--- /dev/null
++++ b/tests/src/java/org/apache/log4j/JNDITestCase.java
+@@ -0,0 +1,34 @@
++package org.apache.log4j;
++
++import junit.framework.TestCase;
++
++/**
++ * Test for JNDI disablement.
++ *
++ * @author Mikolaj Izdebski
++ */
++public class JNDITestCase extends TestCase {
++
++ public JNDITestCase(String name) {
++ super(name);
++ }
++
++ public void tearDown() {
++ LogManager.resetConfiguration();
++ }
++
++ public void testDisabled() throws Exception {
++ Logger logger = Logger.getLogger(JNDITestCase.class);
++ try {
++ PropertyConfigurator.configure("input/JNDI0.properties");
++ fail("IllegalStateException exception was expected");
++ } catch (IllegalStateException e) {
++ assertTrue(e.getMessage().startsWith("JMS appender is disabled"));
++ }
++ }
++
++ public void testEnabled() throws Exception {
++ Logger logger = Logger.getLogger(JNDITestCase.class);
++ PropertyConfigurator.configure("input/JNDI1.properties");
++ }
++}
+--
+2.33.1
+
diff --git a/SOURCES/0002-Disable-JNDI-by-default.patch b/SOURCES/0002-Disable-JNDI-by-default.patch
new file mode 100644
index 0000000..0f0a1ca
--- /dev/null
+++ b/SOURCES/0002-Disable-JNDI-by-default.patch
@@ -0,0 +1,62 @@
+From 39b0d64d6e4c72b41eb08bebcf24f2ca861574ec Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Wed, 15 Dec 2021 16:02:07 +0100
+Subject: [PATCH 2/2] Disable JNDI by default
+
+JNDI, which is used by JMS appender, has significant security issues.
+It is safer for users to disable JMS appender by default,
+especially since the large majority are unlikely to be using it.
+Those who are will need to explicitly enable it, for example:
+
+ log4j.appender.jms=org.apache.log4j.net.JMSAppender
+ log4j.appender.jms.Enabled=true
+
+This is a simillar approach to the one implemented in Log4J 2:
+https://issues.apache.org/jira/browse/LOG4J2-3208
+---
+ .../java/org/apache/log4j/net/JMSAppender.java | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/main/java/org/apache/log4j/net/JMSAppender.java b/src/main/java/org/apache/log4j/net/JMSAppender.java
+index 3482702d..564da0c5 100644
+--- a/src/main/java/org/apache/log4j/net/JMSAppender.java
++++ b/src/main/java/org/apache/log4j/net/JMSAppender.java
+@@ -101,6 +101,7 @@ import java.util.Properties;
+ @author Ceki Gülcü */
+ public class JMSAppender extends AppenderSkeleton {
+
++ boolean enabled;
+ String securityPrincipalName;
+ String securityCredentials;
+ String initialContextFactoryName;
+@@ -120,6 +121,16 @@ public class JMSAppender extends AppenderSkeleton {
+ JMSAppender() {
+ }
+
++ public
++ void setEnabled(boolean enabled) {
++ this.enabled = enabled;
++ }
++
++ public
++ boolean getEnabled() {
++ return enabled;
++ }
++
+ /**
+ The <b>TopicConnectionFactoryBindingName</b> option takes a
+ string value. Its value will be used to lookup the appropriate
+@@ -170,6 +181,10 @@ public class JMSAppender extends AppenderSkeleton {
+ * Options are activated and become effective only after calling
+ * this method.*/
+ public void activateOptions() {
++ if (!enabled) {
++ throw new IllegalStateException("JMS appender is disabled by default and must be enabled by setting Enabled=true property of the appender");
++ }
++
+ TopicConnectionFactory topicConnectionFactory;
+
+ try {
+--
+2.33.1
+
diff --git a/SPECS/log4j.spec b/SPECS/log4j.spec
index e22f05e..6a2f06b 100644
--- a/SPECS/log4j.spec
+++ b/SPECS/log4j.spec
@@ -3,7 +3,7 @@
Name: log4j
Version: 1.2.17
-Release: 16%{?dist}
+Release: 17%{?dist}
Epoch: 0
Summary: Java logging package
BuildArch: noarch
@@ -24,6 +24,8 @@ Patch3: 0010-Fix-javadoc-link.patch
Patch4: 0011-Remove-openejb.patch
Patch5: 0012-Add-proper-bundle-symbolicname.patch
Patch6: 0001-Backport-fix-for-CVE-2017-5645.patch
+Patch7: 0001-Add-test-case-for-JNDI-disablement.patch
+Patch8: 0002-Disable-JNDI-by-default.patch
BuildRequires: %{__perl}
BuildRequires: maven-local
@@ -61,6 +63,8 @@ Summary: API documentation for %{name}
%patch4 -p1 -b .openejb
%patch5 -p1 -b .bundlename
%patch6 -p1 -b .cve-2017-5645
+%patch7 -p1 -b .log4shell
+%patch8 -p1 -b .log4shell
%pom_remove_plugin :maven-site-plugin
sed -i "s|groupId>ant<|groupId>org.apache.ant<|g" pom.xml
@@ -84,6 +88,7 @@ mkdir -p tests/lib/
ln -s `build-classpath jakarta-oro`
ln -s `build-classpath javamail/mail`
ln -s `build-classpath junit`
+ ln -s `build-classpath jms`
)
@@ -165,6 +170,10 @@ fi
%changelog
+* Wed Dec 15 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-17
+- Fix remote code execution vulnerability
+- Resolves: CVE-2021-4104
+
* Tue Jul 11 2017 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-16
- Fix socket receiver deserialization vulnerability
- Resolves: CVE-2017-5645