FreeBSD Mail Archives

Date:      Sun, 12 Dec 2021 10:12:56 GMT
From:      Michael Gmelin <grembo@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: cb7eacee95f1 - main - net-im/signald: Address log4shell
Message-ID:  <202112121012.1BCACukh025434@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help

The branch main has been updated by grembo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cb7eacee95f14940c66d99d4e66619641fd51b1b

commit cb7eacee95f14940c66d99d4e66619641fd51b1b
Author:     Michael Gmelin <grembo@FreeBSD.org>
AuthorDate: 2021-12-12 10:08:02 +0000
Commit:     Michael Gmelin <grembo@FreeBSD.org>
CommitDate: 2021-12-12 10:12:13 +0000

    net-im/signald: Address log4shell
    
    This bumps signald's log4j dependency to 2.15.0 to address
    CVE-2021-44228 (aka log4shell).
---
 net-im/signald/Makefile                 |  9 +++++----
 net-im/signald/distinfo                 | 10 +++++-----
 net-im/signald/files/patch-build.gradle |  6 ++++--
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/net-im/signald/Makefile b/net-im/signald/Makefile
index 19ff2f8ce695..cc2936fd3b78 100644
--- a/net-im/signald/Makefile
+++ b/net-im/signald/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	signald
 DISTVERSION=	0.15.0
+PORTREVISION=	1
 CATEGORIES=	net-im java
 MASTER_SITES=	https://plugins.gradle.org/m2/gradle/plugin/de/fuerstenau/BuildConfigPlugin/1.1.8/:buildconfig \
 		https://repo.maven.apache.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.9.0/:jackann \
@@ -18,8 +19,8 @@ MASTER_SITES=	https://plugins.gradle.org/m2/gradle/plugin/de/fuerstenau/BuildCon
 		https://repo.maven.apache.org/maven2/com/squareup/okhttp3/logging-interceptor/4.9.1/:okhttp_interceptor \
 		https://repo.maven.apache.org/maven2/com/squareup/okio/2.6.0/:okjvm \
 		https://repo.maven.apache.org/maven2/info/picocli/picocli/4.5.2/:picocli \
-		https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.14.0/:log4j_api \
-		https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.14.0/:log4j_core \
+		https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/:log4j_api \
+		https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/:log4j_core \
 		https://repo.maven.apache.org/maven2/org/bouncycastle/bcprov-jdk15on/1.66/:bcprov \
 		https://repo.maven.apache.org/maven2/org/flywaydb/flyway-core/7.5.3/:flyway \
 		https://repo.maven.apache.org/maven2/org/jetbrains/annotations/13.0/:jetann \
@@ -44,8 +45,8 @@ DISTFILES=	BuildConfigPlugin-1.1.8.jar:buildconfig \
 		kotlin-stdlib-common-1.3.71.jar:jetkotstdcommon \
 		libphonenumber-8.12.17.jar:libphone \
 		logging-interceptor-4.9.1.jar:okhttp_interceptor \
-		log4j-api-2.14.0.jar:log4j_api \
-		log4j-core-2.14.0.jar:log4j_core \
+		log4j-api-2.15.0.jar:log4j_api \
+		log4j-core-2.15.0.jar:log4j_core \
 		okhttp-4.9.1.jar:okhttp \
 		okio-2.6.0.jar:okjvm \
 		picocli-4.5.2.jar:picocli \
diff --git a/net-im/signald/distinfo b/net-im/signald/distinfo
index ae3ff7f9ddd2..771c2ddde449 100644
--- a/net-im/signald/distinfo
+++ b/net-im/signald/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1634427903
+TIMESTAMP = 1639302771
 SHA256 (BuildConfigPlugin-1.1.8.jar) = 99b5256936af67431a8a92902f253f525837ac3639a5ff05ed2225febaa710af
 SIZE (BuildConfigPlugin-1.1.8.jar) = 52133
 SHA256 (annotations-13.0.jar) = ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
@@ -25,10 +25,10 @@ SHA256 (libphonenumber-8.12.17.jar) = 729483057ef874b01537da8395d67e23b419d504f8
 SIZE (libphonenumber-8.12.17.jar) = 350448
 SHA256 (logging-interceptor-4.9.1.jar) = 08ae52d4e7ab4dde8f94970bbeb1545b51934d4b3f0802f6e816b0522902fa9d
 SIZE (logging-interceptor-4.9.1.jar) = 15680
-SHA256 (log4j-api-2.14.0.jar) = 9791ac85aa3cdad633e512192766f84995eddf4db188cc42facec52a0dae15e8
-SIZE (log4j-api-2.14.0.jar) = 301418
-SHA256 (log4j-core-2.14.0.jar) = f04ee9c0ac417471d9127b5880b96c3147249f20674a8dbb88e9949d855382a8
-SIZE (log4j-core-2.14.0.jar) = 1762731
+SHA256 (log4j-api-2.15.0.jar) = c8c33e7e8e05496dae69cf0caac8c3092cffd937a164526e92922d2d566d0a55
+SIZE (log4j-api-2.15.0.jar) = 301804
+SHA256 (log4j-core-2.15.0.jar) = 419a8512895971b7b4f4f33e620d361254e5c9552b904b0474b09ddd4a6a220b
+SIZE (log4j-core-2.15.0.jar) = 1789769
 SHA256 (okhttp-4.9.1.jar) = 6afdd8f35f4eb60df965c290fa3acf29443fa986545113d0729b8461f6571f8f
 SIZE (okhttp-4.9.1.jar) = 791390
 SHA256 (okio-2.6.0.jar) = 4d84ef686277b58eb05691ac19cd3befa3429a27274982ee65ea0f07044bcc00
diff --git a/net-im/signald/files/patch-build.gradle b/net-im/signald/files/patch-build.gradle
index 8f87d2577a12..ca3f75b343ac 100644
--- a/net-im/signald/files/patch-build.gradle
+++ b/net-im/signald/files/patch-build.gradle
@@ -47,8 +47,10 @@
      implementation 'org.bouncycastle:bcprov-jdk15on:1.66'
      implementation 'com.kohlschutter.junixsocket:junixsocket-common:2.3.2'
      implementation 'com.kohlschutter.junixsocket:junixsocket-native-common:2.3.2'
-     implementation 'org.apache.logging.log4j:log4j-api:2.14.0'
-     implementation 'org.apache.logging.log4j:log4j-core:2.14.0'
+-    implementation 'org.apache.logging.log4j:log4j-api:2.14.0'
+-    implementation 'org.apache.logging.log4j:log4j-core:2.14.0'
++    implementation 'org.apache.logging.log4j:log4j-api:2.15.0'
++    implementation 'org.apache.logging.log4j:log4j-core:2.15.0'
      implementation 'org.slf4j:slf4j-nop:1.8.0-beta4'
 +    implementation 'org.slf4j:slf4j-api:1.8.0-beta4'
      implementation 'info.picocli:picocli:4.5.2'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112121012.1BCACukh025434>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation