rpms/log4j
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove dependency on jackson

Browse Source 
Related: rhbz#2054990
This commit is contained in:
Mikolaj Izdebski 2022-02-08 07:06:35 +01:00
parent 82fe2e4701
commit 86981933e7
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
log4j.spec
View File

@ -2,7 +2,7 @@
Name: log4j
Version: 2.17.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Java logging package
BuildArch: noarch
License: ASL 2.0
@ -13,9 +13,6 @@ Source0: https://www.apache.org/dist/logging/%{name}/%{version}/apache-%{
Patch2: logging-log4j-Remove-unsupported-EventDataConverter.patch
BuildRequires: maven-local
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-databind)
BuildRequires: mvn(com.lmax:disruptor)
BuildRequires: mvn(com.sun.activation:jakarta.activation)
BuildRequires: mvn(com.sun.mail:javax.mail)
@ -33,6 +30,7 @@ BuildRequires: mvn(org.slf4j:slf4j-api)
%if %{without jp_minimal}
BuildRequires: mvn(com.datastax.cassandra:cassandra-driver-core)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-databind)
BuildRequires: mvn(com.fasterxml.jackson.dataformat:jackson-dataformat-xml)
@ -214,9 +212,13 @@ rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/appender/mom/kafka
%pom_disable_module %{name}-appserver
%pom_disable_module %{name}-spring-cloud-config
%pom_disable_module %{name}-spring-boot
%pom_disable_module %{name}-docker
%pom_disable_module %{name}-kubernetes
%pom_disable_module %{name}-layout-template-json
%pom_remove_dep -r :jackson-annotations
%pom_remove_dep -r :jackson-core
%pom_remove_dep -r :jackson-databind
%pom_remove_dep -r :jackson-dataformat-yaml
%pom_remove_dep -r :jackson-dataformat-xml
%pom_remove_dep -r :woodstox-core
@ -225,7 +227,7 @@ rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/appender/mom/kafka
%pom_remove_dep -r :jeromq
%pom_remove_dep -r :commons-csv
rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/{jackson,config/yaml,parser}
rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/{jackson,config/yaml,config/json,parser}
rm -r log4j-core/src/main/java/org/apache/logging/log4j/core/appender/{db,mom,nosql}
rm log4j-core/src/main/java/org/apache/logging/log4j/core/layout/*{Csv,Jackson,Xml,Yaml,Json,Gelf}*.java
rm log4j-1.2-api/src/main/java/org/apache/log4j/builders/layout/*Xml*.java
@ -283,6 +285,9 @@ rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms
%changelog
* Mon Feb 21 2022 Mikolaj Izdebski <mizdebsk@redhat.com> - 2.17.1-2
- Remove dependency on jackson
* Tue Dec 28 2021 Paul Wouters <paul.wouters@aiven.io> - 2.17.1-1
- Update log4j to 2.17.1 for CVE-2021-44832 RCE via JDBC Appender (when attacker controls config)