[arch-commits] Commit in logstash/trunk (PKGBUILD log4j.patch)
Massimiliano Torromeo
mtorromeo at gemini.archlinux.org
Sun Dec 12 16:08:34 UTC 2021
Date: Sunday, December 12, 2021 @ 16:08:33
Author: mtorromeo
Revision: 1069148
patched to update log4j to version not vulnerable to CVE-2021-44228
Added:
logstash/trunk/log4j.patch
Modified:
logstash/trunk/PKGBUILD
-------------+
PKGBUILD | 14 +++++++++-----
log4j.patch | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-12-12 15:43:37 UTC (rev 1069147)
+++ PKGBUILD 2021-12-12 16:08:33 UTC (rev 1069148)
@@ -2,7 +2,7 @@
# Maintainer: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
pkgname=logstash
-pkgver=7.10.1
+pkgver=7.10.2
_jrubyver=9.2.13.0
pkgrel=1
pkgdesc='Tool for managing events and logs'
@@ -10,7 +10,7 @@
arch=('x86_64')
license=('Apache')
depends=('java-runtime-headless>=8' 'ruby' 'ruby-bundler' 'coreutils' 'awk')
-makedepends=('java-environment<=14' 'git')
+makedepends=('jdk11-openjdk' 'git')
backup=('etc/conf.d/logstash'
'etc/logstash/jvm.options'
'etc/logstash/log4j2.properties'
@@ -20,6 +20,7 @@
source=(https://github.com/elastic/logstash/archive/v${pkgver}/${pkgname}-${pkgver}.tar.gz
https://repo1.maven.org/maven2/org/jruby/jruby-dist/${_jrubyver}/${_jrubydist}
build.patch
+ log4j.patch
logstash.service
logstash at .service
logstash-sysuser.conf
@@ -26,17 +27,19 @@
logstash-tmpfile.conf
bundle.config)
noextract=(${_jrubydist})
-sha256sums=('9f4732d3c324d27ed348060eccf38840ec74f6baf155ef5f7347346b714a1c58'
+sha256sums=('52288699c9e14453e8655ac940c1d0ee51c8956f4b6356502b67c62abf228429'
'73a8c241a162e644c87e864c3485c55adedeb82a6fd80fa3cb538fdacda7af58'
'9ae56b463b465f16363f60670c7da4e84a9bf03c17324c4364c089d7a480cb4b'
+ '5e52cf3a4372c77dfcb1c5f48160f7a6da5d2f5fc9c84b22b63f91bef85c01dd'
'2b8b29297202334c784fdd7f2eb8d7e776c24c783b3c9f8387b500ab0039335c'
'a01ea29d4f53d785f6eb926ebfe445e64ed5b3dab5d0418848589dd79502d876'
'18a68a59ddb0ce19778e83b65e68dd568d65b7180bf45b4cf298fb332d69eb26'
'346b630484f8a35b1a549e94e53e3e151527852a29c72cc6e529221215a7f533'
'fe05315345e4489458c3eecac43726800109c1e390e74a14584096f6c041fee1')
-sha512sums=('346c707fd60b82b414759b0f78d2e3c603e8341ae652940d37a0bc263ac313352033e8cfeb6727aa7275b2f5393d9aeb129fee0120d3b475059071ead329e1fa'
+sha512sums=('0163dc6d0a4efda4b1e075e63145029931df73dc7633c2601b45cebe10978bcf6972fa46341aa1c12ce949ed193e80d6d33937b791c5c75ff9fd155cf6c7ace2'
'2cba016ad6a376252083122d51335610209d860c41de1902f5cd49ffc2f6b49c350b68df8fc4113c221255af4db7ec07980267b9888369811faf66db369e757c'
'f6ddf9cc70a2c0cabaacf39fa26953c15af0060711713b2de69caddd2b8f845edde535f002cd7a0d0f8fc01abf934d887278fb6617b2a3d640284bc16ea34927'
+ 'fb166705f9e26e47c9b9219fcd814fef5cd602ad936600973132ad2c869a4091d727d5a76c2322ce5c871ac550478df0d502b2291fd54f04b9a32059ab6ea5b6'
'817097565519dc7c5eac7521339947c74c6148683ca594356dd2ceb3274a1e94f8e7318ce310e0fe5789d7ab0d4c23404f814bef31036a11ddfec08d16814c69'
'ce2cef4a784845b00d7c867273555811450bc459669abb5be944bfbbb02708129983e45376a9b308d6db22b2c7b4a7a212827a4826f2a27bc7e143cebc9abfe0'
'd811dc3b18d0032b79b4669c9f6aefca49963897c309d83cbf87616c7b8cb5944c17c8072980bcd115d0fb57ef1624d98259ff1082d402d308c33e766ee89699'
@@ -54,6 +57,7 @@
sed 's|-XX:+UseParNewGC||g' -i config/jvm.options
# patch -p1 -i "$srcdir"/build.patch
+ patch -p1 -i "$srcdir"/log4j.patch
# Use system gradle (currently not working)
# sed 's;./gradlew;gradle;g' -i rakelib/*.rake
@@ -68,7 +72,7 @@
build() {
cd ${pkgname}-${pkgver}
- export PATH="/usr/lib/jvm/java-10-openjdk/bin:$PWD/vendor/jruby/bin:$PATH"
+ export PATH="/usr/lib/jvm/java-11-openjdk/bin:$PWD/vendor/jruby/bin:$PATH"
# gradle -x :logstash-core:javadoc bootstrap (system gradle currently not working)
RELEASE=1 OSS=1 ./gradlew -x :logstash-core:javadoc installDefaultGems
Added: log4j.patch
===================================================================
--- log4j.patch (rev 0)
+++ log4j.patch 2021-12-12 16:08:33 UTC (rev 1069148)
@@ -0,0 +1,40 @@
+diff --git a/logstash-core/build.gradle b/logstash-core/build.gradle
+index 5c837b2..703538e 100644
+--- a/logstash-core/build.gradle
++++ b/logstash-core/build.gradle
+@@ -30,6 +30,8 @@ String jrubyVersion = versionMap['jruby']['version']
+ String jacksonVersion = versionMap['jackson']
+ String jacksonDatabindVersion = versionMap['jackson-databind']
+
++String log4jVersion = '2.15.0'
++
+ repositories {
+ mavenCentral()
+ }
+@@ -153,12 +155,12 @@ def customJRubyDir = project.hasProperty("custom.jruby.path") ? project.property
+ def customJRubyVersion = customJRubyDir == "" ? "" : Files.readAllLines(Paths.get(customJRubyDir, "VERSION")).get(0).trim()
+
+ dependencies {
+- implementation 'org.apache.logging.log4j:log4j-api:2.13.3'
+- annotationProcessor 'org.apache.logging.log4j:log4j-core:2.13.3'
+- api 'org.apache.logging.log4j:log4j-core:2.13.3'
+- runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.13.3'
++ implementation "org.apache.logging.log4j:log4j-api:${log4jVersion}"
++ annotationProcessor "org.apache.logging.log4j:log4j-core:${log4jVersion}"
++ api "org.apache.logging.log4j:log4j-core:${log4jVersion}"
++ runtimeOnly "org.apache.logging.log4j:log4j-slf4j-impl:${log4jVersion}"
+ // concerns libraries such as manticore's http-client 4.5 (using commons-logging)
+- runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.13.3'
++ runtimeOnly "org.apache.logging.log4j:log4j-jcl:${log4jVersion}"
+ // for the log4j-jcl bridge to work commons-logging needs to be on the same class-path
+ runtimeOnly 'commons-logging:commons-logging:1.2'
+ implementation('org.reflections:reflections:0.9.11') {
+@@ -184,7 +186,7 @@ dependencies {
+ exclude group: 'com.google.guava', module: 'guava'
+ }
+ implementation 'org.javassist:javassist:3.26.0-GA'
+- testImplementation 'org.apache.logging.log4j:log4j-core:2.13.3:tests'
++ testImplementation "org.apache.logging.log4j:log4j-core:${log4jVersion}:tests"
+ testImplementation 'junit:junit:4.12'
+ testImplementation 'net.javacrumbs.json-unit:json-unit:2.3.0'
+ testImplementation 'org.elasticsearch:securemock:1.2'
More information about the arch-commits
mailing list