%global bootstrap %{?_with_bootstrap:1}%{!?_with_bootstrap:%{?_without_bootstrap:0}%{!?_without_bootstrap:%{?_bootstrap:%{_bootstrap}}%{!?_bootstrap:0}}} Name: log4j Version: 1.2.17 Release: 18%{?dist} Epoch: 0 Summary: Java logging package BuildArch: noarch License: ASL 2.0 URL: http://logging.apache.org/%{name} Source0: http://www.apache.org/dist/logging/%{name}/%{version}/%{name}-%{version}.tar.gz # Converted from src/java/org/apache/log4j/lf5/viewer/images/lf5_small_icon.gif Source102: %{name}-logfactor5.sh Source104: %{name}-logfactor5.1 # Converted from docs/images/logo.jpg Source112: %{name}-chainsaw.sh Source114: %{name}-chainsaw.1 Source200: %{name}.catalog Patch0: 0001-logfactor5-changed-userdir.patch Patch1: 0006-Remove-mvn-clirr-plugin.patch Patch2: 0009-Fix-tests.patch Patch3: 0010-Fix-javadoc-link.patch Patch4: 0011-Remove-openejb.patch Patch5: 0012-Add-proper-bundle-symbolicname.patch Patch6: 0001-Backport-fix-for-CVE-2017-5645.patch Patch7: 0001-Add-test-case-for-JNDI-disablement.patch Patch8: 0002-Disable-JNDI-by-default.patch Patch9: 0001-Fix-CVE-2022-23302-JMSSink.patch Patch10: 0001-Fix-CVE-2022-23305-JDBCAppender.patch Patch11: 0001-Fix-CVE-2022-23307-Chainsaw.patch BuildRequires: %{__perl} BuildRequires: maven-local BuildRequires: javamail BuildRequires: junit BuildRequires: geronimo-jms BuildRequires: jakarta-oro BuildRequires: ant-contrib BuildRequires: ant-junit %description Log4j is a tool to help the programmer output log statements to a variety of output targets. %package manual Summary: Developer manual for %{name} Requires: %{name}-javadoc = %{version}-%{release} %description manual %{summary}. %package javadoc Summary: API documentation for %{name} %description javadoc %{summary}. %prep %setup -q -n apache-%{name}-%{version} # see patch files themselves for reasons for applying %patch0 -p1 -b .logfactor-home %patch1 -p1 -b .remove-mvn-clirr %patch2 -p1 -b .fix-tests %patch3 -p1 -b .xlink-javadoc %patch4 -p1 -b .openejb %patch5 -p1 -b .bundlename %patch6 -p1 -b .cve-2017-5645 %patch7 -p1 -b .log4shell %patch8 -p1 -b .log4shell %patch9 -p1 -b .jms-cve %patch10 -p1 -b .jdbc-cve %patch11 -p1 -b .chainsaw-cve %pom_remove_plugin :maven-site-plugin sed -i "s|groupId>ant<|groupId>org.apache.ant<|g" pom.xml sed -i 's/\r//g' LICENSE NOTICE site/css/*.css site/xref/*.css \ site/xref-test/*.css # fix encoding of mailbox files for i in contribs/JimMoore/mail*;do iconv --from=ISO-8859-1 --to=UTF-8 "$i" > new mv new "$i" done # remove all the stuff we'll build ourselves find -name "*.jar" -o -name "*.class" -delete rm -rf docs/api # Needed by tests mkdir -p tests/lib/ (cd tests/lib/ ln -s `build-classpath jakarta-oro` ln -s `build-classpath javamail/mail` ln -s `build-classpath junit` ln -s `build-classpath jms` ) %build %mvn_file : %{name} %mvn_build %install %mvn_install # scripts install -pD -T -m 755 %{SOURCE102} %{buildroot}%{_bindir}/logfactor5 install -pD -T -m 755 %{SOURCE112} %{buildroot}%{_bindir}/chainsaw # Manual pages install -d -m 755 ${RPM_BUILD_ROOT}%{_mandir}/man1 install -p -m 644 %{SOURCE104} ${RPM_BUILD_ROOT}%{_mandir}/man1/logfactor5.1 install -p -m 644 %{SOURCE114} ${RPM_BUILD_ROOT}%{_mandir}/man1/chainsaw.1 # DTD and the SGML catalog (XML catalog handled in scriptlets) install -pD -T -m 644 src/main/javadoc/org/apache/log4j/xml/doc-files/log4j.dtd \ %{buildroot}%{_datadir}/sgml/%{name}/log4j.dtd install -pD -T -m 644 %{SOURCE200} \ %{buildroot}%{_datadir}/sgml/%{name}/catalog # fix perl location %__perl -p -i -e 's|/opt/perl5/bin/perl|%{__perl}|' \ contribs/KitchingSimon/udpserver.pl %post # Note that we're using versioned catalog, so this is always ok. if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then %{_bindir}/install-catalog --add \ %{_sysconfdir}/sgml/%{name}-%{version}-%{release}.cat \ %{_datadir}/sgml/%{name}/catalog > /dev/null || : fi if [ -x %{_bindir}/xmlcatalog -a -w %{_sysconfdir}/xml/catalog ]; then %{_bindir}/xmlcatalog --noout --add public "-//APACHE//DTD LOG4J 1.2//EN" \ file://%{_datadir}/sgml/%{name}/log4j.dtd %{_sysconfdir}/xml/catalog \ > /dev/null %{_bindir}/xmlcatalog --noout --add system log4j.dtd \ file://%{_datadir}/sgml/%{name}/log4j.dtd %{_sysconfdir}/xml/catalog \ > /dev/null || : fi %preun if [ $1 -eq 0 ]; then if [ -x %{_bindir}/xmlcatalog -a -w %{_sysconfdir}/xml/catalog ]; then %{_bindir}/xmlcatalog --noout --del \ file://%{_datadir}/sgml/%{name}/log4j.dtd \ %{_sysconfdir}/xml/catalog > /dev/null || : fi fi %postun # Note that we're using versioned catalog, so this is always ok. if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then %{_bindir}/install-catalog --remove \ %{_sysconfdir}/sgml/%{name}-%{version}-%{release}.cat \ %{_datadir}/sgml/%{name}/catalog > /dev/null || : fi %files -f .mfiles %doc LICENSE NOTICE %{_bindir}/* %{_mandir}/*/* %{_datadir}/sgml/%{name} %files manual %doc LICENSE NOTICE %doc site/*.html site/css site/images/ site/xref site/xref-test contribs %files javadoc %doc LICENSE NOTICE %doc %{_javadocdir}/%{name} %changelog * Wed Feb 02 2022 Mikolaj Izdebski - 0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 * Wed Dec 15 2021 Mikolaj Izdebski - 0:1.2.17-17 - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 * Tue Jul 11 2017 Mikolaj Izdebski - 0:1.2.17-16 - Fix socket receiver deserialization vulnerability - Resolves: CVE-2017-5645 * Fri Dec 27 2013 Daniel Mach - 01.2.17-15 - Mass rebuild 2013-12-27 * Thu Oct 24 2013 Mikolaj Izdebski - 0:1.2.17-14 - Remove desktop files * Thu Jul 11 2013 Michal Srb - 0:1.2.17-13 - Enable tests - Fix BR * Tue May 14 2013 Ville Skyttä - 0:1.2.17-12 - Add DTD public id to XML and SGML catalogs. * Mon Apr 29 2013 Mikolaj Izdebski - 0:1.2.17-11 - Remove unneeded BR: maven-idea-plugin * Thu Apr 11 2013 Mikolaj Izdebski - 0:1.2.17-10 - Fix manpage names, thanks to Michal Srb for reporting * Mon Apr 8 2013 Mikolaj Izdebski - 0:1.2.17-9 - Reindex sources in more sensible way - Add manual pages; resolves: rhbz#949413 * Thu Feb 14 2013 Fedora Release Engineering - 0:1.2.17-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Feb 06 2013 Java SIG - 0:1.2.17-7 - Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild - Replace maven BuildRequires with maven-local * Mon Jan 21 2013 Mikolaj Izdebski - 0:1.2.17-6 - Build aggregated javadocs with xmvn * Fri Jan 18 2013 Michal Srb - 0:1.2.17-5 - Build with xmvn * Mon Sep 24 2012 Mikolaj Izdebski - 0:1.2.17-4 - Generate javadocs without maven skin * Thu Jul 19 2012 Fedora Release Engineering - 0:1.2.17-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 14 2012 Stanislav Ochotnicky - 0:1.2.17-2 - Remove "uses" OSGI directives from MANIFEST (related #826776) * Mon Jun 04 2012 Stanislav Ochotnicky - 0:1.2.17-1 - Update to latest version - Change OSGI bundle symbolic name to org.apache.log4j - Resolves #826776 * Fri Jan 13 2012 Fedora Release Engineering - 0:1.2.16-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Oct 28 2011 Alexander Kurtakov 0:1.2.16-10 - Remove duplicate import-package declaration. - Adapt to current guidelines. - Remove no longer needed patches. * Tue Feb 08 2011 Fedora Release Engineering - 0:1.2.16-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jan 18 2011 Ville Skyttä - 0:1.2.16-8 - Drop executable file mode bits from icons. * Fri Dec 17 2010 Stanislav Ochotnicky - 0:1.2.16-7 - Use package instead of install mvn target to fix build * Thu Dec 16 2010 Alexander Kurtakov 0:1.2.16-6 - Do not require jaxp_parser_impl. Maven build is not using it all and it's provided by every Java5 JVM. * Thu Dec 9 2010 Stanislav Ochotnicky - 0:1.2.16-5 - Add patch to fix ant groupId - Versionless jars & javadocs * Tue Sep 7 2010 Stanislav Ochotnicky - 0:1.2.16-4 - Fix BRs to include ant-junit - Fix changed path for javadocs after build run * Thu Jul 8 2010 Stanislav Ochotnicky - 0:1.2.16-3 - Add license to javadoc and manual subpackages * Fri May 28 2010 Stanislav Ochotnicky - 0:1.2.16-2 - Install pom file - Trim changelog - Add jpackage-utils to javadoc Requires * Mon May 17 2010 Stanislav Ochotnicky - 0:1.2.16-1 - Complete re-working of whole ebuild to work with maven - Rebase to new version - Drop gcj support * Sat Jul 25 2009 Fedora Release Engineering - 0:1.2.14-6.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Feb 25 2009 Fedora Release Engineering - 0:1.2.14-5.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Jul 9 2008 Tom "spot" Callaway - 0:1.2.14-4.3 - drop repotag * Thu May 29 2008 Tom "spot" Callaway - 0:1.2.14-4jpp.2 - fix license tag * Tue Feb 19 2008 Fedora Release Engineering - 0:1.2.14-4jpp.1 - Autorebuild for GCC 4.3 * Sat May 26 2007 Vivek Lakshmanan 0:1.2.14-3jpp.1 - Upgrade to 1.2.14 - Modify the categories for the .desktop files so they are only displayed under the development/programming menus - Resolves: bug 241447 * Fri May 11 2007 Jason Corley 0:1.2.14-3jpp - rebuild through mock and centos 4 - replace vendor and distribution with macros * Fri Apr 20 2007 Ralph Apel - 0:1.2.14-2jpp - Patch to allow build of org.apache.log4j.jmx.* with mx4j - Restore Vendor: and Distribution: * Sat Feb 17 2007 Fernando Nasser - 0:1.2.14-1jpp - Upgrade * Mon Feb 12 2007 Ralph Apel - 0:1.2.13-4jpp - Add bootstrap option to build core * Wed Aug 09 2006 Vivek Lakshmanan - 0:1.2.13-3jpp.2 - Remove patch for BZ #157585 because it doesnt seem to be needed anymore. * Tue Aug 08 2006 Vivek Lakshmanan - 0:1.2.13-3jpp.1 - Re-sync with latest from JPP. - Update patch for BZ #157585 to apply cleanly. - Partially adopt new naming convention. * Sat Jul 22 2006 Jakub Jelinek - 0:1.2.13-2jpp_2fc - Rebuilt * Fri Jul 21 2006 Vivek Lakshmanan - 0:1.2.13-2jpp_1fc - Merge spec and patches with latest from JPP. - Clean source tar ball off prebuilt jars and classes. - Use classpathx-jaf and jms for buildrequires for the time being. * Wed Jul 12 2006 Jesse Keating - 0:1.2.8-7jpp_9fc - rebuild * Mon Mar 6 2006 Jeremy Katz - 0:1.2.8-7jpp_8fc - fix scriptlet spew * Wed Dec 21 2005 Jesse Keating 0:1.2.8-7jpp7fc - rebuilt again * Fri Dec 09 2005 Jesse Keating - rebuilt * Thu Nov 3 2005 Archit Shah 0:1.2.8-7jpp_6fc - Reenable building of example that uses rmic * Wed Jun 22 2005 Gary Benson 0:1.2.8-7jpp_5fc - Reenable building of classes that require jms. - Remove classes and jarfiles from the tarball. * Mon May 23 2005 Gary Benson 0:1.2.8-7jpp_4fc - Work around chainsaw failure (#157585). * Tue Jan 11 2005 Gary Benson 0:1.2.8-7jpp_3fc - Reenable building of classes that require javax.swing (#130006). * Thu Nov 4 2004 Gary Benson 0:1.2.8-7jpp_2fc - Build into Fedora.