Date: Tue, 14 Dec 2021 12:48:46 GMT From: Alexander Leidinger <netchild@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: ef15683d48c1 - main - security/bastillion: fix log4j vulnerablity Message-ID: <202112141248.1BECmk0S072927@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/ports/commit/?id=ef15683d48c1f829a6b3c81a240fb884e9f9d2e2 commit ef15683d48c1f829a6b3c81a240fb884e9f9d2e2 Author: Alexander Leidinger <netchild@FreeBSD.org> AuthorDate: 2021-12-14 12:46:06 +0000 Commit: Alexander Leidinger <netchild@FreeBSD.org> CommitDate: 2021-12-14 12:46:06 +0000 security/bastillion: fix log4j vulnerablity Disable format msg lookup via shell variable on startup. Security: CVE-2021-44228 --- security/bastillion/Makefile | 4 +++- security/bastillion/files/bastillion.in | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/security/bastillion/Makefile b/security/bastillion/Makefile index 329d15e0755f..30c08e8154f2 100644 --- a/security/bastillion/Makefile +++ b/security/bastillion/Makefile @@ -1,9 +1,11 @@ +# $FreeBSD: head/security/bastillion/Makefile 513677 2019-10-03 17:22:17Z glewis $ + PORTNAME= bastillion DISTVERSIONPREFIX= jetty-v DISTVERSION= 3.10_00 DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ ${PORTNAME}-upgrade-3.08.00.jar -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security www java MASTER_SITES= https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/releases/download/v${PORTVERSION}/ diff --git a/security/bastillion/files/bastillion.in b/security/bastillion/files/bastillion.in index 2eb265413623..fed1b9cedefc 100644 --- a/security/bastillion/files/bastillion.in +++ b/security/bastillion/files/bastillion.in @@ -1,4 +1,7 @@ #!/bin/sh +# +# $FreeBSD +# # PROVIDE: bastillion # REQUIRE: NETWORKING SERVERS @@ -40,5 +43,8 @@ else fi export JAVA_HOME +LOG4J_FORMAT_MSG_NO_LOOKUPS=true +export LOG4J_FORMAT_MSG_NO_LOOKUPS + run_rc_command "$1"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112141248.1BECmk0S072927>