commit kafka-kit for openSUSE:Factory

Source-Sync Fri, 11 Feb 2022 14:08:52 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package kafka-kit for openSUSE:Factory 
checked in at 2022-02-11 23:07:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kafka-kit (Old)
 and      /work/SRC/openSUSE:Factory/.kafka-kit.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "kafka-kit"

Fri Feb 11 23:07:21 2022 rev:3 rq:953241 version:2.1.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/kafka-kit/kafka-kit.changes      2021-12-21 
18:41:26.861917791 +0100
+++ /work/SRC/openSUSE:Factory/.kafka-kit.new.1956/kafka-kit.changes    
2022-02-11 23:08:40.890819635 +0100
@@ -1,0 +2,7 @@
+Thu Jan 20 05:59:11 UTC 2022 - Jan Zerebecki <jan.s...@zerebecki.de>
+
+- Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to
+  prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305,
+  bsc#1194844, CVE-2022-23307
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ kafka-kit.spec ++++++
--- /var/tmp/diff_new_pack.fbDvXO/_old  2022-02-11 23:08:42.850825305 +0100
+++ /var/tmp/diff_new_pack.fbDvXO/_new  2022-02-11 23:08:42.854825316 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package kafka-kit
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -58,7 +58,7 @@
 # avoid log4j security bugs by removing classes
 #zip error: Nothing to do! (./kit/apache-ant-1.9.7/lib/ant-apache-log4j.jar)
 #zip error: Nothing to do! (./kit/gradle-5.1/lib/log4j-over-slf4j-1.7.25.jar)
-zip -q -d 
gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar
 org/apache/logging/log4j/core/lookup/JndiLookup.class 
org/apache/log4j/net/JMSAppender.class
+zip -q -d 
gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar
 org/apache/logging/log4j/core/lookup/JndiLookup.class 
org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class 
org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
 #zip error: Nothing to do! 
(./kit/gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-log4j12/1.7.25/110cefe2df103412849d72ef7a67e4e91e4266b4/slf4j-log4j12-1.7.25.jar)
 
 %install

commit kafka-kit for openSUSE:Factory

Reply via email to