Ticket #21657: 21657.2.17.1.patch

File 21657.2.17.1.patch, 3.1 KB (added by taylor.smock, 4 years ago)

Update Log4J to 2.17.1. This fixes CVE-2021-44832.

  • plugins/build-common.xml 

    diff --git a/plugins/build-common.xml b/plugins/build-common.xml
index 818a229fc..b076e0f1f 100644
    a b  
    764764    <target name="ivy-checkdepsupdate" description="Display dependency updates on the console" depends="fetch_dependencies">
    765765        <ivy:checkdepsupdate/>
    766766    </target>
     767    <target name="dependency-tree" description="Displays Ivy dependency tree" depends="fetch_dependencies">
     768        <ivy:dependencytree/>
     769    </target>
    767770</project>

  • plugins/geotools/build.xml 

    diff --git a/plugins/geotools/build.xml b/plugins/geotools/build.xml
index dd994dd03..cd6799726 100644
    a b  
    11<?xml version="1.0" encoding="utf-8"?>
    2 <project name="geotools" default="dist" basedir=".">
     2  <project name="geotools" default="dist" basedir="." xmlns:ivy="antlib:org.apache.ivy.ant">
    33    <!-- enter the SVN commit message -->
    44    <property name="commit.message" value="Commit message"/>
    55    <!-- enter the *lowest* JOSM version this plugin is currently compatible with -->
     
    1010    <property name="plugin.description" value="Provides parts of the GeoTools library for other JOSM plugins. Not meant to be installed directly by users, but rather as a dependency for other plugins."/>
    1111    <property name="plugin.icon" value="images/compass.png"/>
    1212    <property name="plugin.canloadatruntime" value="true"/>
    13     <property name="plugin.requires" value="jts;ejml;apache-commons"/>
     13    <property name="plugin.requires" value="ejml;apache-commons;jaxb;jts"/>
    1414    <property name="plugin.stage" value="20"/>
    1515
    1616    <!-- ** include targets that all plugins have in common ** -->
    1717    <import file="../build-common.xml"/>
    1818
     19    <target name="pre-compile" depends="fetch_dependencies">
     20        <!-- include fetch_dependencies task -->
     21    </target>
     22
    1923        <fileset id="plugin.requires.jars" dir="${plugin.dist.dir}">
    20         <include name="jts.jar"/>
    21         <include name="ejml.jar"/>
    2224        <include name="apache-commons.jar"/>
     25        <include name="ejml.jar"/>
     26        <include name="jaxb.jar"/>
     27        <include name="jts.jar"/>
    2328    </fileset>
    2429
    2530    <target name="merge-geotools-services">

  • plugins/log4j/ivy.xml 

    diff --git a/plugins/log4j/ivy.xml b/plugins/log4j/ivy.xml
index 1fdca823d..2d7f0854c 100644
    a b  
    33<ivy-module version="2.0">
    44    <info organisation="org.openstreetmap.josm.plugins" module="log4j"/>
    55    <dependencies>
    6       <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.0" conf="default->default"/>
    7       <dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.17.0" conf="default->default"/>
    8       <dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.0" conf="default->default"/>
     6      <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.1" conf="default->default"/>
     7      <dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.17.1" conf="default->default"/>
     8      <dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.1" conf="default->default"/>
    99    </dependencies>
    1010</ivy-module>