package init

0001-Backport-fix-for-CVE-2017-5645.patch

@@ -0,0 +1,127 @@
+From ea4609eca531916ac347686c048bebdb7b4b6e0d Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek@redhat.com>
+Date: Fri, 2 Jun 2017 14:37:35 +0200
+Subject: [PATCH] Backport fix for CVE-2017-5645
+
+---
+ .../apache/log4j/FilteredObjectInputStream.java    | 65 ++++++++++++++++++++++
+ src/main/java/org/apache/log4j/net/SocketNode.java | 17 +++++-
+ 2 files changed, 80 insertions(+), 2 deletions(-)
+ create mode 100644 src/main/java/org/apache/log4j/FilteredObjectInputStream.java
+
+diff --git a/src/main/java/org/apache/log4j/FilteredObjectInputStream.java b/src/main/java/org/apache/log4j/FilteredObjectInputStream.java
+new file mode 100644
+index 0000000..b9ef20c
+--- /dev/null
++++ b/src/main/java/org/apache/log4j/FilteredObjectInputStream.java
+@@ -0,0 +1,65 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache license, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the license for the specific language governing permissions and
++ * limitations under the license.
++ */
++package org.apache.log4j;
++
++import java.io.FileOutputStream;
++import java.io.IOException;
++import java.io.InputStream;
++import java.io.InvalidObjectException;
++import java.io.ObjectInputStream;
++import java.io.ObjectStreamClass;
++import java.util.Arrays;
++import java.util.Collection;
++import java.util.List;
++
++/**
++ * Extended ObjectInputStream that only allows certain classes to be deserialized.
++ *
++ * Backported from 2.8.2
++ */
++public class FilteredObjectInputStream extends ObjectInputStream {
++
++    private static final List REQUIRED_JAVA_CLASSES = Arrays.asList(new String[] {
++        // Types of non-trainsient fields of LoggingEvent
++        "java.lang.String",
++        "java.util.Hashtable",
++        // ThrowableInformation
++        "[Ljava.lang.String;"
++    });
++
++    private final Collection allowedClasses;
++
++    public FilteredObjectInputStream(final InputStream in, final Collection allowedClasses) throws IOException {
++        super(in);
++        this.allowedClasses = allowedClasses;
++    }
++
++    protected Class resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException {
++        String name = desc.getName();
++        if (!(isAllowedByDefault(name) || allowedClasses.contains(name))) {
++            throw new InvalidObjectException("Class is not allowed for deserialization: " + name);
++        }
++        return super.resolveClass(desc);
++    }
++
++    private static boolean isAllowedByDefault(final String name) {
++        return name.startsWith("org.apache.log4j.") ||
++            name.startsWith("[Lorg.apache.log4j.") ||
++            REQUIRED_JAVA_CLASSES.contains(name);
++    }
++
++}
+diff --git a/src/main/java/org/apache/log4j/net/SocketNode.java b/src/main/java/org/apache/log4j/net/SocketNode.java
+index e977f13..f95bb10 100644
+--- a/src/main/java/org/apache/log4j/net/SocketNode.java
++++ b/src/main/java/org/apache/log4j/net/SocketNode.java
+@@ -22,6 +22,10 @@ import java.io.IOException;
+ import java.io.InterruptedIOException;
+ import java.io.ObjectInputStream;
+ import java.net.Socket;
++import java.util.ArrayList;
++import java.util.Arrays;
++import java.util.Collection;
++import org.apache.log4j.FilteredObjectInputStream;
+ 
+ import org.apache.log4j.Logger;
+ import org.apache.log4j.spi.LoggerRepository;
+@@ -53,8 +57,9 @@ public class SocketNode implements Runnable {
+     this.socket = socket;
+     this.hierarchy = hierarchy;
+     try {
+-      ois = new ObjectInputStream(
+-                         new BufferedInputStream(socket.getInputStream()));
++      ois = new FilteredObjectInputStream(
++                         new BufferedInputStream(socket.getInputStream()),
++                         getAllowedClasses());
+     } catch(InterruptedIOException e) {
+       Thread.currentThread().interrupt();
+       logger.error("Could not open ObjectInputStream to "+socket, e);
+@@ -65,6 +70,14 @@ public class SocketNode implements Runnable {
+     }
+   }
+ 
++  private Collection getAllowedClasses() {
++      Collection allowedClasses = new ArrayList();
++      String property = System.getProperty("org.apache.log4j.net.allowedClasses");
++      if (property != null)
++          allowedClasses.addAll(Arrays.asList(property.split(",")));
++      return allowedClasses;
++  }
++
+   //public
+   //void finalize() {
+   //System.err.println("-------------------------Finalize called");
+-- 
+2.9.4
+

0001-logfactor5-changed-userdir.patch

@@ -0,0 +1,56 @@
+From bf8f55bbc9baddcb67d0b89edd859f93ce3c949f Mon Sep 17 00:00:00 2001
+From: Stanislav Ochotnicky <sochotnicky@redhat.com>
+Date: Mon, 17 May 2010 12:57:36 +0200
+Subject: [PATCH 01/10] logfactor5 changed userdir
+
+---
+ .../lf5/viewer/configure/ConfigurationManager.java |    2 +-
+ .../log4j/lf5/viewer/configure/MRUFileManager.java |    6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java b/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
+index a94ffab..81191f2 100644
+--- a/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
++++ b/src/main/java/org/apache/log4j/lf5/viewer/configure/ConfigurationManager.java
+@@ -344,7 +344,7 @@ public class ConfigurationManager extends Object {
+     String home = System.getProperty("user.home");
+     String sep = System.getProperty("file.separator");
+ 
+-    return home + sep + "lf5" + sep + CONFIG_FILE_NAME;
++    return home + sep + ".logfactor5" + sep + CONFIG_FILE_NAME;
+   }
+ 
+   //--------------------------------------------------------------------------
+diff --git a/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java b/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
+index 6ff275d..ca40d5a 100644
+--- a/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
++++ b/src/main/java/org/apache/log4j/lf5/viewer/configure/MRUFileManager.java
+@@ -175,14 +175,14 @@ public class MRUFileManager {
+ 
+   /**
+    * Creates the directory where the MRU file list will be written.
+-   * The "lf5" directory is created in the Documents and Settings
++   * The ".logfactor5" directory is created in the Documents and Settings
+    * directory on Windows 2000 machines and where ever the user.home
+    * variable points on all other platforms.
+    */
+   public static void createConfigurationDirectory() {
+     String home = System.getProperty("user.home");
+     String sep = System.getProperty("file.separator");
+-    File f = new File(home + sep + "lf5");
++    File f = new File(home + sep + ".logfactor5");
+     if (!f.exists()) {
+       try {
+         f.mkdir();
+@@ -268,7 +268,7 @@ public class MRUFileManager {
+     String home = System.getProperty("user.home");
+     String sep = System.getProperty("file.separator");
+ 
+-    return home + sep + "lf5" + sep + CONFIG_FILE_NAME;
++    return home + sep + ".logfactor5" + sep + CONFIG_FILE_NAME;
+   }
+ 
+   /**
+-- 
+1.6.6.1
+

0009-Fix-tests.patch

@@ -0,0 +1,34 @@
+From 91349164c1d44eec50ac1b09ef3e2ff41b4aa468 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@redhat.com>
+Date: Thu, 11 Jul 2013 11:13:45 +0200
+Subject: [PATCH] Fix tests
+
+---
+ tests/build.xml | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/tests/build.xml b/tests/build.xml
+index 74a7139..9149da2 100644
+--- a/tests/build.xml
++++ b/tests/build.xml
+@@ -31,13 +31,13 @@
+               the Maven repository can provide all the dependencies.  -->
+   <property name="m2_repo" location="${user.home}/.m2/repository"/>
+   <property name="oro.version" value="2.0.8"/>
+-  <property name="jakarta.oro.jar" location="${m2_repo}/oro/oro/${oro.version}/oro-${oro.version}.jar"/>
++  <property name="jakarta.oro.jar" location="lib/jakarta-oro.jar"/>
+   <property name="checkstyle.version" value="4.1"/>
+   <property name="checkstyle.jar" location="${m2_repo}/checkstyle/checkstyle/${checkstyle.version}/checkstyle-${checkstyle.version}.jar"/>
+-  <property name="javamail.jar" location="${m2_repo}/javax/mail/mail/1.4.3/mail-1.4.3.jar"/>
+-  <property name="activation.jar" location="${m2_repo}/javax/activation/activation/1.1/activation-1.1.jar"/>
++  <property name="javamail.jar" location="lib/mail.jar"/>
++  <property name="activation.jar" location="lib/mail.jar"/>
+   <property name="junit.version" value="3.8.1"/>
+-  <property name="junit.jar" location="${m2_repo}/junit/junit/${junit.version}/junit-${junit.version}.jar"/>
++  <property name="junit.jar" location="lib/junit.jar"/>
+ 
+ 
+   <!-- Read the system environment variables and stores them in properties, -->
+-- 
+1.8.1.4
+

0010-Fix-javadoc-link.patch

@@ -0,0 +1,25 @@
+From 4753784d3e8ed5ec9973f67e9017bcb7ef41b4b1 Mon Sep 17 00:00:00 2001
+From: Stanislav Ochotnicky <sochotnicky@redhat.com>
+Date: Tue, 18 May 2010 15:07:00 +0200
+Subject: [PATCH 10/10] Fix javadoc link
+
+---
+ build.xml |    3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 54bad8f..c775a68 100644
+--- a/build.xml
++++ b/build.xml
+@@ -517,8 +517,7 @@
+ --&gt;'
+              bottom="Copyright 2000-2007 Apache Software Foundation.">
+ 
+-      <link href="http://java.sun.com/j2se/1.3/docs/api/"/>
+-      <link href="http://java.sun.com/j2ee/sdk_1.3/techdocs/api/"/>
++      <link href="${jdk.javadoc}"/>
+       <classpath refid="compile.classpath"/>
+     </javadoc>
+ 
+-- 
+1.6.6.1

README.en.md

@@ -1,36 +0,0 @@
-# log4j12
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Instructions
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Contribution
-
-1.  Fork the repository
-2.  Create Feat_xxx branch
-3.  Commit your code
-4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

README.md

@@ -1,39 +0,0 @@
-# log4j12
-
-#### 介绍
-{**以下是码云平台说明，您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 参与贡献
-
-1.  Fork 本仓库
-2.  新建 Feat_xxx 分支
-3.  提交代码
-4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

log4j.catalog

@@ -0,0 +1,5 @@
+-- log4j DTD catalog --
+-- JPackage Project <http://www.jpackage.org/> --
+
+DOCTYPE log4j:configuration log4j.dtd
+PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" log4j.dtd

log4j12.spec

@@ -0,0 +1,123 @@
+Name:          log4j12
+Version:       1.2.17
+Release:       24
+Summary:       A logging library for Java
+License:       ASL 2.0
+URL:           http://logging.apache.org/log4j/1.2/
+BuildArch:     noarch
+Source0:       https://github.com/apache/log4j/archive/v1_2_17.tar.gz
+Source1:       log4j.catalog
+
+Patch0000:     0001-logfactor5-changed-userdir.patch
+Patch0001:     0009-Fix-tests.patch
+Patch0002:     0010-Fix-javadoc-link.patch
+Patch0003:     0001-Backport-fix-for-CVE-2017-5645.patch
+
+BuildRequires: maven-local mvn(ant-contrib:ant-contrib) mvn(javax.mail:mail)
+BuildRequires: mvn(junit:junit) mvn(org.apache.ant:ant-junit)
+BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
+BuildRequires: mvn(org.apache.geronimo.specs:geronimo-jms_1.1_spec)
+BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
+BuildRequires: mvn(org.apache.maven.plugins:maven-assembly-plugin)
+BuildRequires: mvn(oro:oro) mvn(org.apache.ant:ant-nodeps)
+
+Obsoletes:     log4j <= 0:1.2.17-14
+
+%description
+With log4j it is possible to enable logging at runtime
+without modifying the application binary.
+
+%package help
+Summary:       Help for log4j12
+Provides:      log4j12-doc = %{version}-%{release}
+Obsoletes:     log4j12-doc < %{version}-%{release}
+
+%description help
+This package contains help for log4j12.
+
+%prep
+%autosetup -n log4j-1_2_17 -p1
+
+find . \( -name "*.jar" -o -name "*.class" -o -name "*.dll" \) -exec rm -f {} \;
+rm -rf docs/api
+
+%pom_remove_plugin :clirr-maven-plugin
+%pom_remove_plugin :maven-site-plugin
+%pom_remove_plugin :maven-source-plugin
+%pom_remove_plugin :rat-maven-plugin
+%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-javadoc-plugin']/pom:executions"
+
+%pom_remove_dep org.apache.openejb:javaee-api
+
+sed -i.ant "s|groupId>ant<|groupId>org.apache.ant<|g" pom.xml
+
+sed -i.javac "s|1.4|1.6|g" pom.xml build.xml
+sed -i.javac "s|1.1|1.6|g" tests/build.xml
+
+sed -i.javax.jmdns "s|javax.jmdns.*;resolution:=optional,|!javax.jmdns.*,|g" pom.xml
+%pom_xpath_inject "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:configuration/pom:instructions" "
+  <Bundle-SymbolicName>org.apache.log4j</Bundle-SymbolicName>
+  <_nouses>true</_nouses>"
+
+%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-antrun-plugin']/pom:executions/pom:execution[pom:phase = 'process-classes' ]"
+
+%pom_xpath_set "pom:plugin[pom:artifactId='maven-assembly-plugin']/pom:executions/pom:execution/pom:goals/pom:goal[text()='assembly']" single
+
+install -d tests/lib/
+
+cd tests/lib/
+ln -s `build-classpath jakarta-oro`
+ln -s `build-classpath javamail/mail`
+ln -s `build-classpath junit`
+cd -
+
+%mvn_compat_version log4j:log4j 1.2.17 1.2.16 1.2.15 1.2.14 1.2.13 1.2.12 12
+rm -r src/main/java/org/apache/log4j/nt/NTEventLogAppender.java tests/src/java/org/apache/log4j/nt/NTEventLogAppenderTest.java
+
+find tests/src/java/org/apache/log4j/net/TelnetAppenderTest.java -delete
+sed -i '/TelnetAppenderTest/d' tests/src/java/org/apache/log4j/CoreTestSuite.java
+
+%mvn_file log4j:log4j log4j %{name}
+
+%build
+%mvn_build
+
+%install
+%mvn_install -X
+
+ln -s log4j-%{version}.jar %{buildroot}%{_javadir}/log4j-1.jar
+
+install -pD -T -m 644 src/main/javadoc/org/apache/log4j/xml/doc-files/log4j.dtd %{buildroot}%{_datadir}/sgml/log4j/log4j.dtd
+install -pD -T -m 644 %{SOURCE1} %{buildroot}%{_datadir}/sgml/log4j/catalog
+
+%post
+if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then
+  %{_bindir}/install-catalog --add %{_sysconfdir}/sgml/log4j-%{version}-%{release}.cat %{_datadir}/sgml/log4j/catalog > /dev/null || :
+fi
+if [ -x %{_bindir}/xmlcatalog -a -w %{_sysconfdir}/xml/catalog ]; then
+  %{_bindir}/xmlcatalog --noout --add public "-//APACHE//DTD LOG4J 1.2//EN" file://%{_datadir}/sgml/log4j/log4j.dtd %{_sysconfdir}/xml/catalog > /dev/null
+  %{_bindir}/xmlcatalog --noout --add system log4j.dtd file://%{_datadir}/sgml/log4j/log4j.dtd %{_sysconfdir}/xml/catalog > /dev/null || :
+fi
+
+%preun
+if [ $1 -eq 0 ]; then
+  if [ -x %{_bindir}/xmlcatalog -a -w %{_sysconfdir}/xml/catalog ]; then
+    %{_bindir}/xmlcatalog --noout --del file://%{_datadir}/sgml/log4j/log4j.dtd %{_sysconfdir}/xml/catalog > /dev/null || :
+  fi
+fi
+
+%postun
+if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then
+  %{_bindir}/install-catalog --remove %{_sysconfdir}/sgml/log4j-%{version}-%{release}.cat %{_datadir}/sgml/log4j/catalog > /dev/null || :
+fi
+
+%files -f .mfiles
+%{_javadir}/log4j-1.jar
+%{_datadir}/sgml/log4j
+%license LICENSE NOTICE
+
+%files help -f .mfiles-javadoc
+
+%changelog
+* Fri Dec 13 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.17-24
+- Package init