log4j-jcl-2.16.0-lp152.3.9.1 4>$  Apaco/=„]z\ ǚK >m2$|3B޿@[X iퟱstv=]R6yf嫿NgؕP&o`F'&}v_Pw0#qMױHJ)H !lui(`B[Voн2?jtԼj7'aWf H$e:Gͩ~j(A:276jg[֏ Wz$; j]9XvŢNEX:_A?^>=}ӬJ2B>p>9 ?8d   Chlx|      4  -Fh| (8(9x:F4G5H5I50X58Y5H\5p]5^5b61c6d7ie7nf7ql7su7v7w8Xx8ly8z88888Clog4j-jcl2.16.0lp152.3.9.1Apache Log4j Commons Logging BridgeApache Log4j Commons Logging Bridge.acScloud108?DopenSUSE Leap 15.2openSUSEApache-2.0http://bugs.opensuse.orgUnspecifiedhttp://logging.apache.org/log4jlinuxnoarch(UA큤A큤ac:ac:ac:ac:ac:12a262305c533c27e47b9f0e2d4211ec4e489bf66699de6084f8a6360a6cc3feded35d1966236bc7324ce1410c1b596fa815fad373c358be412320959ebc93266d684af88baa8473ebc62694ee86fb293ed60db619654466be093967ecc95533rootrootrootrootrootrootrootrootrootrootlog4j-2.16.0-lp152.3.9.1.src.rpmlog4j-jclmvn(org.apache.logging.log4j:log4j-jcl)mvn(org.apache.logging.log4j:log4j-jcl:pom:)osgi(org.apache.logging.log4j.jcl)@ @@@    java-headlessjavapackages-filesystemmvn(commons-logging:commons-logging)mvn(org.apache.logging.log4j:log4j-api)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.82.16.03.0.4-14.6.0-14.0-15.2-14.14.1aa@aA@^@^@^@^V]^&^!@]]?\G\=@\I[u[Xf@ZV@Y@TPTPSimon Lees Peter Simons Peter Simons Fridrich Strba Pedro Monreal Gonzalez Pedro Monreal Gonzalez Fridrich Strba Pedro Monreal Gonzalez Fridrich Strba Fridrich Strba Fridrich Strba Fridrich Strba Fridrich Strba Fridrich Strba Fridrich Strba fstrba@suse.combwiedemann@suse.comfstrba@suse.comtchvatal@suse.comtchvatal@suse.com- Update to 2.16.0 [bsc#1193743, CVE-2021-45046] * Features - Add JsonTemplateLayout. - Create module log4j-mongodb4 to use new major version 4 MongoDB driver. - More flexible configuration of the Disruptor WaitStrategy. Thanks to Stepan Gorban. * Bugfixes and minor enhancements - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as setting the system property log4j2.noFormatMsgLookup to true do NOT mitigate this specific vulnerability. - Upstream initial fix for bsc#1193611, CVE-2021-44228 - Numerous other minor bugfixes * Drop CVE-2021-44228.patch and disable-jndi-by-default.patch included upstream * To make the bots happy this stream isn't affected by bsc#1193662 CVE-2021-4104 which is 1.X only- Apply "disable-jndi-by-default.patch" to disable JNDI support by default. There is evidence that the previous upstream fix for CVE-2021-44228 did not solve the vulnerability entirely. Since JNDI support is ususally not required, upstream recommends this route to be completely safe. [bsc#1193611, CVE-2021-44228]- Apply "CVE-2021-44228.patch" to fix a remote code execution vulnerability that existed in the LDAP JNDI parser. [bsc#1193611, CVE-2021-44228]- Do not build the log4j-jpl artifact, as to avoid java-11-only features- Update to 2.13.2 [bsc#1170535, CVE-2020-9488] * Bugfixes and minor enhancements: - CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. - Implement requiresLocation in GelfLayout to reflect whether location information is used in the message Pattern. - Add option to restore printing timeMillis in the JsonLayout. - Initialize pattern processor before triggering policy during reconfiguration. - Add information about using a url in log4j.configurationFile. - serializeToBytes was checking wrong variable for null. - Fix Javadoc for ScriptPatternSelector. - Allow trailing and leading spaces in log level. - Correct JsonLayout timestamp sorting issue. - Allow the file size action to parse the value without being sensitive to the current locale. - Make YamlLayoutTest more resiliant to environmental differences. - Conditionally allocate PluginEntry during PluginCache loading. - Add missing includeLocation parameter when creating AsyncLogger. - Fix Exceptions when whitespace is in the file path and Java security manager is used. - Avoid NullPointerException when StackWalker returns null. - TimeFilter did not handle daylight saving time transitions and did not support a range over 2 days. - Provide a Log4j implementation of System.Logger. - Added EventLookup to retrieve fields from the log event. * Changes: - Allow the file extension in the file pattern to be modified during reconfiguration. - Add support for specifying an SSL configuration for SmtpAppender. - Allow servlet context path to be retrieved without "/". - Allow Spring Lookup to return default and active profiles. - Allow Spring Boot applications to use composite configuratons. - Add ContextDataProviders as an alternative to having to implement a ContextDataInjector. - [JDBC] Throw a AppenderLoggingException instead of an NPE in the JDBC database manager. - Update to 2.13.1 - Prevent LoggerContext from being garbage collected while being created. - Do not log an error if Files.move does not work. - Rollover fails when file matches pattern but index is too large. - Counter stuck at 10 and overwriting files when leading zeros used in the file pattern count. - ClassLoaderContextSelector was not locating the LoggerContext during shutdown. - JSON output wrong when using additonal fields. - GraalVM does not allow use of MethodHandles. - Allow Lookup keys with leading dashes by using a slash as an escape character. - ServletContainerInitializer was obtaining the StatusLogger too soon. - PluginProcessor should use Messager instead of System.out. - MapMessage.getFormattedMesssage() would incorrectly format objects. - Always write header on a new OutputStream. - An error message in RollingFileAppender uses a placeholder for the name but does not specify the name argument in the logging call. - NullPointerException when using a custom DirectFileRolloverStrategy without a file name. - Add mulit-parameter overloads to LogBuilder. - Fixed NullPointerException after reconfiguring via JMX. - RollingFileAppender was not rolling on startup if createOnDemand was set to true. - Warn if pattern is missing on Routes element. Use default route. - Fix lock contention in the classloader using new versions of slf4j without EventData on slf4j logger creation. - Rollover handles parallel file deletion gracefully. - Remove unnecessary EventLogger references from log4j-slf4j18-impl due to removal from slf4j. - Fix a memory leak using fully asynchronous logging when the queue is full using the 'discard' asynchronous queue full strategy. - Fix erroneous log4j-jul recursive logger detection resulting in some no-op JUL loggers and 'WARN Recursive call to getLogger' being reported by the status logger. - PluginCache output is reproducible allowing the annotation processor to produce deterministic results. - Fix StackLocator.getCallerClass performance in cases where Reflection.getCallerClass is not accessible. - MutableLogEvent and RingBufferLogEvent avoid StringBuffer and parameter array allocation unless reusable messages are used. - LoaderUtil.getClassLoaders may discover additional loaders and no longer erroneously returns a result with a null element in some environments. - CronExpression.getBeforeTime() would sometimes return incorrect result. - [JDBC] MS-SQL Server JDBC driver throws SQLServerException when inserting a null value for a VARBINARY column. - NullPointerException after reconfiguring via JMX. - Implement ISO8601_PERIOD_MICROS fixed date format matching ISO8601_PERIOD with support for microsecond precision. * Changes: - Conditionally perform status logging calculations in PluginRegistry. - Use LinkedBlockingQueue instead of synchronized collction in StatusConfiguration. - Add a retry count attribute to the KafkaAppender. - Update log4j-slf4j18-impl slf4j version to 1.8.0-beta4 from 1.8.0-alpha2. - Update dependencies. - Remove patch fixed upstream: * logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch * log4j-CVE-2020-9488.patch - Refresh patch: * logging-log4j-Remove-unsupported-EventDataConverter.patch- Security fix: [bsc#1170535, CVE-2020-9488] * Improper validation of certificate with host mismatch in SMTP appender. - Add log4j-CVE-2020-9488.patch- Added patches: * logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch * logging-log4j-Remove-unsupported-EventDataConverter.patch + fix build with newer slf4j- Update to 2.13.0 [bsc#1159646, CVE-2019-17571] * Bugfixes and minor enhancements: - CVE-2019-17571: Remote code execution: Deserialization of untrusted data in SocketServer - Log4j 2 now requires Java 8 or higher to build and run. - Better integration with Spring Boot by providing access to Spring variables in Log4j 2 configuration files and allowing Log4j 2 system properties to be defined in the Spring configuration. - Support for accessing Kubernetes information via a Log4j 2 Lookup. - The Gelf Layout now allows the message to be formatted using a PatternLayout pattern. - Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters. - log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl should be used with SLF4J 1.8.x and later. - Note that the XML, JSON and YAML formats changed in the 2.11.0 release: they no longer have the "timeMillis" attribute and instead have an "Instant" element with "epochSecond" and "nanoOfSecond" attributes. - The Log4j 2.13.0 API, as well as many core components, maintains binary compatibility with previous releases. * New Features - Add ThreadContext.putIfNotNull method. - Add a Level Patttern Selector. - Add experimental support for Log4j 1 configuration files. - Add the ability to lookup Kubernetes attributes in the Log4j configuration. Allow Log4j properties to be retrieved from the Spring environment if it is available. - Allow Spring Boot application properties to be accessed in the Log4j 2 configuration. Add lower and upper case Lookups. - Add builder pattern to Logger interface. * Fixed Bugs - Prevent recursive calls to java.util.LogManager.getLogger(). - Added try/finally around event.execute() for RingBufferLogEventHandler to clear memory correctly in case of exception/error. - Wrong java version check in ThreadNameCachingStrategy. - Use a less confusing name for the CompositeConfiguration source. - Add setKey method to Kafka Appender Builder. - ArrayIndexOutOfBoundsException could occur with MAC address longer than 6 bytes. - The rolling file appenders would fail to compress the file after rollover if the file name matched the file pattern. - @PluginValue does not support attribute names besides "value". - Validation blocks definition of script in properties configuration. - Set result of rename action to true if file was copied. - Add automatic module names where missing. - OutputStreamAppender.Builder ignores setFilter(). - Prevent a memory leak when async loggers throw errors. * Changes - Update Jackson to 2.9.10. - Allow message portion of GELF layout to be formatted using a PatternLayout. - Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout.- Obsolete log4j-mini, since on systems where this package is installed, the log4j-mini is not supposed to exist, but the compatibility version log4j12-mini/log4j12- Run fdupes on the javadoc- Upgrade to apache-log4j-2.11.1 - Drop the log4j vs. log4j-mini split * the bootstrapping is done using the log4j12/log4j12-mini compatibility packages - Removed patches: * log4j-javadoc-xlink.patch * log4j-logfactor5-userdir.patch * log4j-mx4j-tools.patch * log4j-reproducible.patch + unnecessary with this version- Build against a generic javamail provider instead of against classpathx-mail- Let log4j provide the log4j-mini and obsolete it too. - Remove conflicts on each other- Depend on the generic xml-apis- Install and package the maven pom and metadata files for the non-bootstrap log4j- Require at least java 8 for build- Add log4j-reproducible.patch to drop javadoc timestamps to make package builds more reproducible (boo#1047218)- Specify java source and target level 1.6 to allow building with jdk9- Version bump to 1.2.17 latest 1.2 series: * No short changelog provided - many small changes - Try to avoid cycle between log4j and apache-common-loggings - Remove obsoleted patch: * log4j-jmx-Agent.patch - Refresh patch to apply to new source: * log4j-mx4j-tools.patch- Cleanup with a spec-cleaner so I can understand what is going around here.cloud108 16397361472.16.0-lp152.3.9.12.16.02.16.02.16.0log4jlog4j-jcl.jarlog4j-jcl.xmllog4jlog4j-jcl.pom/usr/share/java//usr/share/java/log4j//usr/share/maven-metadata//usr/share/maven-poms//usr/share/maven-poms/log4j/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:17289/openSUSE_Leap_15.2_Update/8c2886604672eb8f58c38fb81cbda7ae-log4j.openSUSE_Leap_15.2_Updatecpioxz5noarch-suse-linuxdirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract Zip archive data, at least v2.0 to extract)XML 1.0 document, ASCII textXML 1.0 document textPPPRRRRJnKҌ%mxFutf-856026756512fb5cba082ff055e360852a8d4022ba36da890a0299efbcb696c6f? 7zXZ !t/B <] crt:bLL QDrWT)L]^,- z̥=si׈o7MOd p yD*J׎.\;YkhI]Vq&ҷ'+Y;ݤ5I`RtbYmܡMG| ^6Ƽݼ)D,BB5wjD$04f+["n ct© UK2ƍ.U¨"6z; L'dR`f\-ާ]~A{gfELA6uzU0۹cv%(%jj|C<1.ע'ɱqMa.5m4,98FG 0|_jz#a$MC}Đ|zLjjZ+$cxoItW8a屍bK[^cxQ6i4MRI*!Ph{QM Yؖ`[_ɶE 쿊`߾hD}l̥3:޿nc$$r@4h 58e ?L Bj1H&Y#,,WF奆<rIyCT< W8D bġ!Dig|cf . (ng C+әO2pàGud= 1kɶqG^Lx~6FqEq1;oZ$ץ6l*cEd9IQj>z(1DIZ&ZL[_zoVc\ftsmC1v[kVsKӍ׽D4!k؈‚*co~yj%Oqtێ7φa# ҡ5WLYlA`DC}.<'talxۡ%ȂPM ꢥ# 77hng)X f w@\FCkSiBmD:>7EB  R݃)>u[m)-9 ;]ގ>;PFAӍu`W-~kݑ< _jA`qUu[s-(a5~J[]PA,72|G?QBY,.; e=ZuK#M>N|ާ7+BۖD\v_]\/:Lю9yt"V'pqKK׷$_.(rx% `p< [O Hvԩz@5ӣ?>)U2|Zbd2>Uާ~˘#?Qլ&o #r83TE rQbyɝ'eMes )no2W+H* /v;X$̃șO`yLߦa{ClX+L5r9UZ' S Dt>'L$9[%Ơb-=4Zp3")ԥxO;e1  Y_ xZ,?B9hH5sΉ$")+:0,Xxmv4z;Vu[Nɾn>40}Tm%EK ϟj}-o6SPq)UTGt}JNTnW6';8 -TMېMgjrr:Iݤ ۜ^ {ÑYĐLG^PM{|Z:r`# b'L8 PFPpbGCI5+mǨDƷ Al l}XDȋZ5>aV :щb6q'RMy .[$:ˁuu` K$m~O-k: *̹p]R8@V~$myYh(*m鎝Z%ªovB#E}K+4/=9Bg` O䤝sӎ?;+Rl>I]Uؚ9|e;k >QKNhA)x }Jf@/Fmm$>] C(ޭŞVb8jhQ=%i1冥hT,iㇶζ!CfkZ;QK.f50{JT]FOCc9 峙υ( ?kjAN U6k(1{yMp'?`YبMY<,FlH`Y]/"vaKN@^''>!/ky t]a}Z_ v8QKo$ xOkd>J.'f%6zƺݐe) |L*RAZ0 Е@3[PM8GEGYSPe,2JHh@"|%;mz䍺>(r2WmaD_-kjpD:c !>p{h`Pa-w8*uøyx7u(!q5{iT}eh-z"*Eк~Eܠ*]?h#UQLyp*bŌ| ~iqkgS]t+e!.u~ƈϻJb7ia1=rM>{O7Kt֏;#4-h"Ƨ"nLB؆UchTk%o[ xҕ ^iO_̙ Y ˩ȕ":fqaev jx6[|^0%B- IK1 ͖E=),{{!ꥁ]RjI]I2Ԩk^`CƂ(KUYk`!vX˟S%%r,n$XжDlE+-a0PKKۙ~8S(Y) =-dփ} DS(=йrs`j{#|JDYQv-]?z[fNe" z>2v<dhpqӳ>>=&=׺m qIPwB?O<%"r I%t.v . T}J\2Dg6iHꥃk]0F=|Ҽy鸫1(~o. (A$3Ѩ]=>jyB6긣:"$`9Ou@S*^>Llh !Xn8 6_1Ǔ{DhmA(m *8c `߫M3yzn^-ɹJ|6aQrv%JbH/T@]+tٞ4\Te_#.ʨݧKSVi]0=6}E.#T,1C&WO"NdX1OtmkUL,("66j` uC+ruZZ#[VJk PnAI({/}y|oг/m (zGIw,Q;6EFj, |ۄ0=*O_#4$y͏gVM }-wqʖI)ʲyY SVOLWHNi5(121րi b6̦' Wjy d EL (YCK$^WbzB$:7n6YQJS=ӭjC+ I#tZGszC+i\"ȫ~p79_jȞ ?Fm^wZG) !ʥK T126Q rSm@se2fp}ΗܹyKiּHٌvc"38b~dfX~# /h~LǺD)Z)O,y=R1$j8yXMόЍV|[1Iמ̐cH!/WwH4wT)@3OAuao \נQ6aH/n6yWR9thzvu"碱Z+z(xČVHBA-A> ?z12^DOy9V* "+n)Lȡ-ZJSo?ndqD8sƒ0_70_0A^/&דrY[BWҲu7hU5fxl'bG@b"q-H~Ě-o ø ~! N60R1`l%z,Q&R <0^(,{d͆&gh5/'iBF^y^H!96Rj nIx yq.MM=Zyx'FĈ{9a?䞊Tk+JgE]0ҡ*y^HΪ ?3W{]k֎Y|UYM=H9Rj2=@\3J9KkHKѩx;? :2 w1ljDIց3W}0t|!]qZxŧ)hBQ-zZyO'5m(Q!qB 'gD"@"5jwojASiKj%*R|{+SwB0\ 4eC:Q~}'4J;! 1'\yݺU6vL`ƒdィ)vUiIl͆i4˾ox, Yh>Wuhw '%ZU­'WuK&lDe~ˇ0^KY^$tHHWM%0W3 |UPG-<8Z+6+ o3d@l2Z9m: *{t=n=Dg[P_̱eշDw%Q9zٖ*t ۳(xɳ3WZMTrj*+u#NC`z#&W}x?|`5#jVkAh&zRx柍NZͫWR7^>4U~?s]E %ODN]]u;9")~HycLTQ4Ⱉr4ʓz}c5ɩۚ'վ4Cb6IK"k'Ѹ12 -_\-4m>gu崲{{q[Q"V0],0JuC z%Dk95i @GV7odZ E4rG!] ϩ6T=Em=2i^ MaKOʈl|ZE.NN[tM8-).Rm+6t7QD=nM%ߟuĝ{a ;DPXpɸ=rX%$U|#4,Y(4pTQ=.ޱQW숔`X≘,*7Io U*FkǤIR8&I)JN}kUឺ{}Fnya?4L [8Lvf m4$W MD4#[L`ݗZH2vW( m(Ǝ]0tR<L_An@e.》̄p[T->=a0[GD鴓qwm]xOj4 yDN yBEN>_Rd$pl*B"CM< Tǒ\]1ipVjTI֠g0K$$HckA9d #o ߃#hW:ܸu+@L + j\vWAIdYu-!=dEBi`vq ^@p6;ؙc3]oIMdGnMx2Coy۪j:|OgZ|g0dT5h׉5p4 YqSD;F /\k!~69N~#e 3e lSpb.ڎ'&i싔0~݆yl|l{02';|Fvgy= #?÷XD¤ab_ٖKRG& >[TL!(Kgcy&$ޒijXeE㯶 :`{굷FM&4J"31@a,rБ:uf|[@#HmY.3+}e +.i^!s5j@~1] ,AG]G֙H}tjp>[T9֜z)kݓZ~ |9b Md r ҧ}ũXug_ Zb8 1KehN7m3-W5DW[