!28 [sync] PR-27: Rebuild for log4j 2.17.2 fix CVE-2021-44832

From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia
Rebuild for log4j 2.17.2 fix CVE-2021-44832
2022-12-12 08:22:51 +00:00 · 2022-12-12 16:04:36 +08:00 · 2022-06-01 10:47:59 +00:00 · 2022-05-31 16:28:44 +08:00 · 2021-12-27 10:43:31 +00:00 · 2021-12-27 11:00:57 +08:00
2 changed files with 18 additions and 5 deletions
--- a/json-lib-2.4-jenkins-3.pom
+++ b/json-lib-2.4-jenkins-3.pom
@ -228,7 +228,7 @@
      <dependency>
         <groupId>org.codehaus.groovy</groupId>
         <artifactId>groovy-all</artifactId>
-         <version>1.8.0</version>
+         <version>2.4.8</version>
         <scope>compile</scope>
         <optional>true</optional>
      </dependency>
--- a/json-lib.spec
+++ b/json-lib.spec
@ -1,6 +1,6 @@
 Name:           json-lib
 Version:        2.4
-Release:        17
+Release:        22
 Summary:        JSON library for Java
 License:        ASL 2.0
 URL:            http://json-lib.sourceforge.net/
@ -16,7 +16,7 @@ BuildRequires:  mvn(commons-collections:commons-collections) mvn(junit:junit) mv
 BuildRequires:  mvn(commons-logging:commons-logging) mvn(net.sf.ezmorph:ezmorph)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin) mvn(oro:oro) mvn(xom:xom)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-site-plugin) mvn(xmlunit:xmlunit)
-BuildRequires:  mvn(org.codehaus.groovy:groovy18:1.8) mvn(org.codehaus.groovy:groovy18-all:1.8)
+BuildRequires:  mvn(org.codehaus.groovy:groovy) mvn(org.codehaus.groovy:groovy-all)
 BuildRequires:  mvn(org.codehaus.mojo:build-helper-maven-plugin) mvn(antlr:antlr) mvn(asm:asm-all)
 BuildRequires:  mvn(commons-cli:commons-cli) mvn(org.slf4j:slf4j-nop)

@ -60,13 +60,11 @@ rm -r src/main/jdk15/net/sf/json/JSON*.java
 </configuration>'

 %pom_remove_dep :commons-httpclient
-%pom_change_dep org.codehaus.groovy:groovy org.codehaus.groovy:groovy18:1.8

 install %{SOURCE2} jenkins-json-lib-%{version}/pom.xml

 cd jenkins-json-lib-%{version}

-%pom_change_dep org.codehaus.groovy:groovy-all org.codehaus.groovy:groovy18-all:1.8
 %mvn_file org.kohsuke.stapler:json-lib jenkins-%{name}
 %mvn_package org.kohsuke.stapler:json-lib jenkins-json-lib

@ -97,6 +95,21 @@ cd -
 %license LICENSE.txt

 %changelog
+* Mon Aug 22 2022 wangkai <wangkai385@h-partners.com> - 2.4-22
+- Rebuild for log4j 2.17.2 fix CVE-2021-44832
+
+* Tue May 31 2022 loong_C <loong_c@yeah.net> - 2.4-21
+- update json-lib.spec
+
+* Mon Dec 27 2021 yaoxin <yaoxin30@huawei.com> - 2.4-20
+- This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild.
+
+* Mon Dec 20 2021 wangkai <wangkai385@huawei.com> - 2.4-19
+- This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild.
+
+* Tue Feb 2 2021 wutao <wutao61@huawei.com> - 2.4-18
+- change depdencies to groovy
+
 * Mon Sep 14 2020 wangyue <wangyue92@huawei.com> - 2.4-17
 - Fix build errors
Author	SHA1	Message	Date
openeuler-ci-bot	f5ca395e1d	!28 [sync] PR-27: Rebuild for log4j 2.17.2 fix CVE-2021-44832 From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2022-12-12 08:22:51 +00:00
wk333	b8257271e6	Rebuild for log4j 2.17.2 fix CVE-2021-44832 (cherry picked from commit 4b9670ef199a07435ee546c91e393f72a4ac1980)	2022-12-12 16:04:36 +08:00
openeuler-ci-bot	973aa440b5	!24 update json-lib.spec From: @loong-C Reviewed-by: @overweight Signed-off-by: @overweight	2022-06-01 10:47:59 +00:00
loong_C	cc91accaab	update json-lib.spec'	2022-05-31 16:28:44 +08:00
openeuler-ci-bot	0023799cc2	!16 This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild. Merge pull request !16 from starlet_dx/openEuler-22.03-LTS-Next	2021-12-27 10:43:31 +00:00
starlet-dx	b525ff9fe4	This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild.	2021-12-27 11:00:57 +08:00
openeuler-ci-bot	16d119c5e1	!10 This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild. Merge pull request !10 from wk333/openEuler-22.03-LTS-Next	2021-12-20 09:26:26 +00:00
wk333	360ce06042	This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild.	2021-12-20 16:22:45 +08:00
openeuler-ci-bot	e439dd9866	!4 change dep From: @jackie_wu123 Reviewed-by: @licihua Signed-off-by: @licihua	2021-02-02 19:01:25 +08:00
jackie_wu	d77e2c9011	change dependency groovy	2021-02-02 15:49:49 +08:00