From 53cd5c1e0878eb050686e638f23a2511b8cc566c Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Mon, 28 Jun 2021 12:48:48 +0200
Subject: [PATCH] Disable deprecated log4j logging functionality

---
 ant.spec | 40 ++++++++++++++++------------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/ant.spec b/ant.spec
index 1be7a5c..0b51601 100644
--- a/ant.spec
+++ b/ant.spec
@@ -34,7 +34,7 @@
 
 Name:           ant
 Version:        1.10.9
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Java build tool
 Summary(it):    Tool per la compilazione di programmi java
 Summary(fr):    Outil de compilation pour java
@@ -67,7 +67,6 @@ BuildRequires:  mvn(commons-net:commons-net)
 BuildRequires:  mvn(javax.mail:mail)
 BuildRequires:  mvn(jdepend:jdepend)
 BuildRequires:  mvn(junit:junit)
-BuildRequires:  mvn(org.apache.logging.log4j:log4j-1.2-api)
 BuildRequires:  mvn(org.tukaani:xz)
 BuildRequires:  mvn(oro:oro)
 BuildRequires:  mvn(regexp:regexp)
@@ -209,16 +208,6 @@ Optional apache bcel tasks for %{name}.
 %description apache-bcel -l fr
 Taches apache bcel optionelles pour %{name}.
 
-%package apache-log4j
-Summary:        Optional apache log4j tasks for %{name}
-Requires:       %{name} = %{version}-%{release}
-
-%description apache-log4j
-Optional apache log4j tasks for %{name}.
-
-%description apache-log4j -l fr
-Taches apache log4j optionelles pour %{name}.
-
 %package apache-oro
 Summary:        Optional apache oro tasks for %{name}
 Requires:       %{name} = %{version}-%{release}
@@ -349,11 +338,17 @@ rm src/tests/junit/org/apache/tools/ant/types/selectors/SignedSelectorTest.java
    src/tests/junit/org/apache/tools/ant/taskdefs/JarTest.java \
    src/tests/junit/org/apache/tools/mail/MailMessageTest.java
 
+# Log4jListener is deprecated by upstream: Apache Log4j (1) is not
+# developed any more. Last release is 1.2.17 from 26 May 2012 and
+# contains vulnerability issues.
+rm src/main/org/apache/tools/ant/listener/Log4jListener.java
+
 #install jars
 %if %{with bootstrap}
 build-jar-repository -s -p lib/optional javapackages-bootstrap/junit javapackages-bootstrap/hamcrest-core
 %else
-build-jar-repository -s -p lib/optional antlr bcel javamail/mailapi jdepend junit log4j/log4j-1.2-api oro regexp bsf commons-logging commons-net jsch xalan-j2 xml-commons-resolver xalan-j2-serializer hamcrest/core hamcrest/library xz-java junit5 opentest4j
+export JAVAPACKAGES_DEBUG=1
+build-jar-repository -s -p lib/optional antlr bcel javamail/mailapi jdepend junit oro regexp bsf commons-logging commons-net jsch xalan-j2 xml-commons-resolver xalan-j2-serializer hamcrest/core hamcrest/library xz-java junit5 opentest4j
 %endif
 
 # fix hardcoded paths in ant script and conf
@@ -380,9 +375,6 @@ mv LICENSE.utf8 LICENSE
 # fix javamail dependency coordinates (remove once javamail is updated)
 %pom_change_dep -r com.sun.mail:jakarta.mail javax.mail:mail src/etc/poms/ant-javamail/pom.xml
 
-# switch from log4j 1.2 compat package to log4j 1.2 API shim
-%pom_change_dep log4j:log4j org.apache.logging.log4j:log4j-1.2-api:2.13.3 src/etc/poms/ant-apache-log4j/pom.xml
-
 %build
 %if %{with bootstrap}
 %{ant} jars
@@ -395,9 +387,11 @@ mkdir man
 asciidoc -b docbook -d manpage -o man/%{name}.xml %{SOURCE3}
 xmlto man man/%{name}.xml -o man
 
-#remove empty jai and netrexx jars. Due to missing dependencies they contain only manifests.
-rm -fr build/lib/ant-jai.jar build/lib/ant-netrexx.jar
-# -----------------------------------------------------------------------------
+# remove empty jai and netrexx jars. Due to missing dependencies they contain only manifests.
+rm build/lib/ant-jai.jar build/lib/ant-netrexx.jar
+# log4j logging is deprecated
+rm build/lib/ant-apache-log4j.jar
+
 
 %install
 # ANT_HOME and subdirs
@@ -486,7 +480,6 @@ echo "xml-commons-resolver ant/ant-apache-resolver" > $RPM_BUILD_ROOT%{_sysconfd
 echo "apache-commons-logging ant/ant-commons-logging" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/commons-logging
 echo "apache-commons-net ant/ant-commons-net" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/commons-net
 echo "bcel ant/ant-apache-bcel" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-bcel
-echo "log4j/log4j-1.2-api log4j/log4j-api log4j/log4j-core ant/ant-apache-log4j" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-log4j
 echo "oro ant/ant-apache-oro" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-oro
 echo "regexp ant/ant-apache-regexp" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-regexp
 echo "xalan-j2 xalan-j2-serializer ant/ant-apache-xalan2" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-xalan2
@@ -588,10 +581,6 @@ LC_ALL=C.UTF-8 %{ant} test
 %{ant_home}/lib/%{name}-apache-bcel.jar
 %config(noreplace) %{_sysconfdir}/%{name}.d/apache-bcel
 
-%files apache-log4j -f .mfiles-apache-log4j
-%{ant_home}/lib/%{name}-apache-log4j.jar
-%config(noreplace) %{_sysconfdir}/%{name}.d/apache-log4j
-
 %files apache-oro -f .mfiles-apache-oro
 %{ant_home}/lib/%{name}-apache-oro.jar
 %config(noreplace) %{_sysconfdir}/%{name}.d/apache-oro
@@ -648,6 +637,9 @@ LC_ALL=C.UTF-8 %{ant} test
 # -----------------------------------------------------------------------------
 
 %changelog
+* Mon Jun 28 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.10.9-5
+- Disable deprecated log4j logging functionality
+
 * Mon Jun 21 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.10.9-4
 - Remove support for JavaScript