From 81d4fdc73e01aa965167f1c0942ee4e530a740b2 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Wed, 15 Dec 2021 16:11:33 +0100
Subject: [qemu] Update log4j because of the CVE-2021-44228 security flaw
---
core/modules/qemu/runvirt-plugin-qemu/pom.xml | 12 ++++++------
.../src/main/java/org/openslx/runvirt/plugin/qemu/App.java | 9 +++++----
.../main/java/org/openslx/runvirt/viewer/ViewerUtils.java | 5 +++--
.../test/java/org/openslx/runvirt/plugin/qemu/AppTest.java | 6 +++---
4 files changed, 17 insertions(+), 15 deletions(-)
(limited to 'core/modules/qemu')
diff --git a/core/modules/qemu/runvirt-plugin-qemu/pom.xml b/core/modules/qemu/runvirt-plugin-qemu/pom.xml
index 71946b8b..6c6d6540 100644
--- a/core/modules/qemu/runvirt-plugin-qemu/pom.xml
+++ b/core/modules/qemu/runvirt-plugin-qemu/pom.xml
@@ -78,15 +78,15 @@
1.3
- log4j
- log4j
- [1.2.10,1.2.20]
+ org.apache.logging.log4j
+ log4j-api
+ [2.0,3.0)
compile
- org.slf4j
- slf4j-log4j12
- 1.7.25
+ org.apache.logging.log4j
+ log4j-core
+ [2.0,3.0)
compile
diff --git a/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/plugin/qemu/App.java b/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/plugin/qemu/App.java
index 86ea6e58..3457f224 100644
--- a/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/plugin/qemu/App.java
+++ b/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/plugin/qemu/App.java
@@ -3,9 +3,10 @@ package org.openslx.runvirt.plugin.qemu;
import java.io.File;
import java.util.Arrays;
-import org.apache.log4j.BasicConfigurator;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.core.config.Configurator;
+import org.apache.logging.log4j.core.config.DefaultConfiguration;
import org.openslx.libvirt.domain.Domain;
import org.openslx.libvirt.xml.LibvirtXmlDocumentException;
import org.openslx.libvirt.xml.LibvirtXmlSerializationException;
@@ -80,7 +81,7 @@ public class App
public static void main( String[] args )
{
// initialize logging
- BasicConfigurator.configure();
+ Configurator.initialize( new DefaultConfiguration() );
// parse command line arguments
CommandLineArgs cmdLn = new CommandLineArgs();
diff --git a/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/viewer/ViewerUtils.java b/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/viewer/ViewerUtils.java
index 40c45671..9ff0f552 100644
--- a/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/viewer/ViewerUtils.java
+++ b/core/modules/qemu/runvirt-plugin-qemu/src/main/java/org/openslx/runvirt/viewer/ViewerUtils.java
@@ -9,7 +9,8 @@ import org.apache.commons.exec.PumpStreamHandler;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.ByteArrayOutputStream;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
/**
* Utils for viewing displays of virtual machines.
@@ -22,7 +23,7 @@ public class ViewerUtils
/**
* Reference to the global logger for this class.
*/
- private static final Logger LOGGER = Logger.getLogger( ViewerUtils.class );
+ private static final Logger LOGGER = LogManager.getLogger( ViewerUtils.class );
/**
* Synchronously executes a viewer program specified by a command line call.
diff --git a/core/modules/qemu/runvirt-plugin-qemu/src/test/java/org/openslx/runvirt/plugin/qemu/AppTest.java b/core/modules/qemu/runvirt-plugin-qemu/src/test/java/org/openslx/runvirt/plugin/qemu/AppTest.java
index aca51d07..1a24174a 100644
--- a/core/modules/qemu/runvirt-plugin-qemu/src/test/java/org/openslx/runvirt/plugin/qemu/AppTest.java
+++ b/core/modules/qemu/runvirt-plugin-qemu/src/test/java/org/openslx/runvirt/plugin/qemu/AppTest.java
@@ -6,8 +6,8 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.core.config.Configurator;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
@@ -23,7 +23,7 @@ public class AppTest
private static void setUp()
{
// disable logging with log4j
- LogManager.getRootLogger().setLevel( Level.OFF );
+ Configurator.setRootLevel( Level.OFF );
}
@Nested
--
cgit v1.2.3-55-g7522