Update to 2.17.2 for fix CVE-2021-44832

(cherry picked from commit 03566fbcb95b1c4352e5d39c224cc1d19d0dd474)
2022-08-18 14:53:49 +08:00 · 2022-08-18 14:53:49 +08:00 · 1d75d95f90
commit 1d75d95f90
parent 51b84ebd0c
2 changed files with 7 additions and 4 deletions
--- a/apache-log4j-2.17.2-src.tar.gz
+++ b/apache-log4j-2.17.2-src.tar.gz
--- a/log4j.spec
+++ b/log4j.spec
@ -1,6 +1,6 @@
 Name:                log4j
-Version:             2.17.0
-Release:             2
+Version:             2.17.2
+Release:             1
 Summary:             Java logging package
 License:             Apache-2.0
 URL:                 http://logging.apache.org/%{name}
@ -9,7 +9,7 @@ Patch1:              logging-log4j-Remove-unsupported-EventDataConverter.patch
 BuildRequires:       fdupes maven-local mvn(com.fasterxml.jackson.core:jackson-core)
 BuildRequires:       mvn(com.fasterxml.jackson.core:jackson-annotations)
 BuildRequires:       mvn(jakarta.servlet:jakarta.servlet-api)
-BuildRequires:       mvn(com.fasterxml.jackson.core:jackson-databind) mvn(com.lmax:disruptor)
+BuildRequires:       mvn(com.fasterxml.jackson.core:jackson-databind) mvn(com.lmax:disruptor) >= 3.4.4
 BuildRequires:       mvn(com.sun.mail:javax.mail) mvn(org.apache.commons:commons-compress)
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:       mvn(org.apache.logging:logging-parent:pom:)
@ -185,7 +185,10 @@ rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms
 %doc NOTICE.txt

 %changelog
-* Feb Mar 08 2022 Ge Wang <wangge20@huawei.com> - 2.17.0-2
+* Thu Aug 18 2022 wangkai <wangkai385@h-partners.com> - 2.17.2-1
+- Update to 2.17.2 for fix CVE-2021-44832
+
+* Tue Mar 08 2022 Ge Wang <wangge20@huawei.com> - 2.17.0-2
 - Replace javax.servlet-api with jakarta.servlet-api to fix build failure

 * Fri Dec 24 2021 wangkai <wangkai385@huawei.com> - 2.17.0-1