From 932f537231cba02c9f08558475e6aea5a1c5d838 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Thu, 16 Dec 2021 07:56:00 +0100
Subject: Update log4j because of the CVE-2021-44228 security flaw

---
 api/pom.xml                                                  | 12 ++++++------
 .../main/java/org/openslx/taskmanager/api/AbstractTask.java  |  5 +++--
 .../main/java/org/openslx/taskmanager/api/Environment.java   |  5 +++--
 .../java/org/openslx/taskmanager/api/SystemCommandTask.java  |  5 +++--
 daemon/pom.xml                                               | 12 ++++++++++++
 daemon/src/main/java/org/openslx/taskmanager/App.java        | 11 +++++++----
 daemon/src/main/java/org/openslx/taskmanager/Global.java     |  5 +++--
 .../main/java/org/openslx/taskmanager/main/Taskmanager.java  |  5 +++--
 .../org/openslx/taskmanager/network/NetworkHandlerTcp.java   |  5 +++--
 .../org/openslx/taskmanager/network/NetworkHandlerUdp.java   |  5 +++--
 .../java/org/openslx/taskmanager/network/RequestParser.java  |  5 +++--
 11 files changed, 49 insertions(+), 26 deletions(-)

diff --git a/api/pom.xml b/api/pom.xml
index 6ff09fb..3993a09 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -48,15 +48,15 @@
 
 	<dependencies>
 		<dependency>
-			<groupId>log4j</groupId>
-			<artifactId>log4j</artifactId>
-			<version>1.2.17</version>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>[2.0,3.0)</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.7.5</version>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>[2.0,3.0)</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
diff --git a/api/src/main/java/org/openslx/taskmanager/api/AbstractTask.java b/api/src/main/java/org/openslx/taskmanager/api/AbstractTask.java
index 35d179d..43240ce 100644
--- a/api/src/main/java/org/openslx/taskmanager/api/AbstractTask.java
+++ b/api/src/main/java/org/openslx/taskmanager/api/AbstractTask.java
@@ -2,7 +2,8 @@ package org.openslx.taskmanager.api;
 
 import java.util.UUID;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.api.TaskStatus.StatusCode;
 
 import com.google.gson.annotations.Expose;
@@ -11,7 +12,7 @@ public abstract class AbstractTask implements Runnable
 {
 
 	private static final long RELEASE_DELAY = 10l * 60l * 1000l;
-	private static final Logger LOG = Logger.getLogger( AbstractTask.class );
+	private static final Logger LOG = LogManager.getLogger( AbstractTask.class );
 
 	/*
 	 * To be set from task invocation (json data)
diff --git a/api/src/main/java/org/openslx/taskmanager/api/Environment.java b/api/src/main/java/org/openslx/taskmanager/api/Environment.java
index 2a33a17..e5705db 100644
--- a/api/src/main/java/org/openslx/taskmanager/api/Environment.java
+++ b/api/src/main/java/org/openslx/taskmanager/api/Environment.java
@@ -9,7 +9,8 @@ import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * Holds the environment that tasks running a system command *should*
@@ -18,7 +19,7 @@ import org.apache.log4j.Logger;
 public class Environment
 {
 
-	private static final Logger log = Logger.getLogger( Environment.class );
+	private static final Logger log = LogManager.getLogger( Environment.class );
 
 	private static Map<String, String> env = null;
 
diff --git a/api/src/main/java/org/openslx/taskmanager/api/SystemCommandTask.java b/api/src/main/java/org/openslx/taskmanager/api/SystemCommandTask.java
index c1aa6e5..172d2ed 100644
--- a/api/src/main/java/org/openslx/taskmanager/api/SystemCommandTask.java
+++ b/api/src/main/java/org/openslx/taskmanager/api/SystemCommandTask.java
@@ -8,12 +8,13 @@ import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 public abstract class SystemCommandTask extends AbstractTask
 {
 
-	private static final Logger log = Logger.getLogger( SystemCommandTask.class );
+	private static final Logger log = LogManager.getLogger( SystemCommandTask.class );
 
 	private String[] command = null;
 
diff --git a/daemon/pom.xml b/daemon/pom.xml
index 7c26855..5733063 100644
--- a/daemon/pom.xml
+++ b/daemon/pom.xml
@@ -64,6 +64,18 @@
 			<version>${project.version}</version>
 			<scope>compile</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>[2.0,3.0)</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>[2.0,3.0)</version>
+			<scope>compile</scope>
+		</dependency>
 	</dependencies>
 
 
diff --git a/daemon/src/main/java/org/openslx/taskmanager/App.java b/daemon/src/main/java/org/openslx/taskmanager/App.java
index 6580550..cf63448 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/App.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/App.java
@@ -4,8 +4,10 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
-import org.apache.log4j.BasicConfigurator;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.core.config.Configurator;
+import org.apache.logging.log4j.core.config.DefaultConfiguration;
 import org.openslx.taskmanager.api.Environment;
 import org.openslx.taskmanager.main.Taskmanager;
 import org.openslx.taskmanager.network.NetworkHandlerTcp;
@@ -19,11 +21,12 @@ import org.openslx.taskmanager.network.RequestParser;
 public class App
 {
 	
-	private static final Logger log = Logger.getLogger( App.class );
+	private static final Logger log = LogManager.getLogger( App.class );
 
 	public static void main( String[] args ) throws InterruptedException, IOException
 	{
-		BasicConfigurator.configure();
+		Configurator.initialize( new DefaultConfiguration() );
+
 		if (Global.PORT_UDP == -1 && Global.PORT_TCP == -1) {
 			log.fatal( "Neither UDP nor TCP configured" );
 			System.exit( 1 );
diff --git a/daemon/src/main/java/org/openslx/taskmanager/Global.java b/daemon/src/main/java/org/openslx/taskmanager/Global.java
index 5be8196..cdba3f8 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/Global.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/Global.java
@@ -11,13 +11,14 @@ import java.nio.file.Paths;
 import java.nio.file.attribute.PosixFilePermission;
 import java.util.Properties;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.util.Util;
 
 public class Global
 {
 
-	private static final Logger log = Logger.getLogger( Global.class );
+	private static final Logger log = LogManager.getLogger( Global.class );
 
 	public static final String TASK_PACKAGE_NAME = "org.openslx.taskmanager.tasks";
 
diff --git a/daemon/src/main/java/org/openslx/taskmanager/main/Taskmanager.java b/daemon/src/main/java/org/openslx/taskmanager/main/Taskmanager.java
index 74fc1b7..77d3405 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/main/Taskmanager.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/main/Taskmanager.java
@@ -11,7 +11,8 @@ import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.Global;
 import org.openslx.taskmanager.api.AbstractTask;
 import org.openslx.taskmanager.api.CancellableTask;
@@ -26,7 +27,7 @@ import com.google.gson.JsonSyntaxException;
 public class Taskmanager implements FinishCallback, Runnable
 {
 
-	private static final Logger log = Logger.getLogger( Taskmanager.class );
+	private static final Logger log = LogManager.getLogger( Taskmanager.class );
 
 	private final ThreadPoolExecutor threadPool = new ThreadPoolExecutor( 8, 32, 1, TimeUnit.MINUTES,
 			new ArrayBlockingQueue<Runnable>( 4 ), new ThreadFactory() {
diff --git a/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerTcp.java b/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerTcp.java
index 4b69e55..6492f2e 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerTcp.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerTcp.java
@@ -14,7 +14,8 @@ import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.Global;
 
 /**
@@ -24,7 +25,7 @@ import org.openslx.taskmanager.Global;
 public class NetworkHandlerTcp extends NetworkHandlerBase
 {
 
-	private static final Logger log = Logger.getLogger( NetworkHandlerTcp.class );
+	private static final Logger log = LogManager.getLogger( NetworkHandlerTcp.class );
 
 	/**
 	 * UDP socket for sending and receiving.
diff --git a/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerUdp.java b/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerUdp.java
index 7a25ed1..767e6a4 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerUdp.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/network/NetworkHandlerUdp.java
@@ -10,7 +10,8 @@ import java.nio.charset.StandardCharsets;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.LinkedBlockingQueue;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.Global;
 
 /**
@@ -20,7 +21,7 @@ import org.openslx.taskmanager.Global;
 public class NetworkHandlerUdp extends NetworkHandlerBase
 {
 
-	private static final Logger log = Logger.getLogger( NetworkHandlerUdp.class );
+	private static final Logger log = LogManager.getLogger( NetworkHandlerUdp.class );
 
 	private Thread sendThread = null;
 	/**
diff --git a/daemon/src/main/java/org/openslx/taskmanager/network/RequestParser.java b/daemon/src/main/java/org/openslx/taskmanager/network/RequestParser.java
index 55a44a5..09b94ce 100644
--- a/daemon/src/main/java/org/openslx/taskmanager/network/RequestParser.java
+++ b/daemon/src/main/java/org/openslx/taskmanager/network/RequestParser.java
@@ -3,7 +3,8 @@ package org.openslx.taskmanager.network;
 import java.nio.charset.StandardCharsets;
 import java.util.zip.Deflater;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.openslx.taskmanager.api.BoundedLog;
 import org.openslx.taskmanager.api.TaskStatus;
 import org.openslx.taskmanager.main.Taskmanager;
@@ -14,7 +15,7 @@ import com.google.gson.GsonBuilder;
 
 public class RequestParser
 {
-	private static final Logger log = Logger.getLogger( RequestParser.class );
+	private static final Logger log = LogManager.getLogger( RequestParser.class );
 
 	/**
 	 * Our very own gson instance (for serializing replies)
-- 
cgit v1.2.3-55-g7522