From f0ee8936e154f6fcd9de03a87f9fdddaad071046 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Thu, 16 Dec 2021 09:44:55 +0100
Subject: Update log4j because of the CVE-2021-44228 security flaw
---
pom.xml | 12 ++++++++++++
src/main/java/org/openslx/satserver/util/IrcClient.java | 5 +++--
.../org/openslx/taskmanager/tasks/CompileIPxeLegacy.java | 3 ---
.../java/org/openslx/taskmanager/tasks/CompileIPxeNew.java | 3 ---
.../java/org/openslx/taskmanager/tasks/CopyDirectory.java | 3 ---
.../java/org/openslx/taskmanager/tasks/CreateLdapConfig.java | 5 +++--
src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java | 5 +++--
.../org/openslx/taskmanager/tasks/LocalAddressesList.java | 5 +++--
src/main/java/org/openslx/taskmanager/tasks/RemoteExec.java | 5 +++--
src/main/java/org/openslx/taskmanager/tasks/SleepTask.java | 5 +++--
10 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/pom.xml b/pom.xml
index ddfa71e..49ea7cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -121,5 +121,17 @@
[1.0,3.0)
compile
+
+ org.apache.logging.log4j
+ log4j-api
+ [2.0,3.0)
+ compile
+
+
+ org.apache.logging.log4j
+ log4j-core
+ [2.0,3.0)
+ compile
+
diff --git a/src/main/java/org/openslx/satserver/util/IrcClient.java b/src/main/java/org/openslx/satserver/util/IrcClient.java
index 423c7c7..4f0c290 100644
--- a/src/main/java/org/openslx/satserver/util/IrcClient.java
+++ b/src/main/java/org/openslx/satserver/util/IrcClient.java
@@ -14,7 +14,8 @@ import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.schwering.irc.lib.IRCConfig;
import org.schwering.irc.lib.IRCConfigBuilder;
import org.schwering.irc.lib.IRCConnection;
@@ -29,7 +30,7 @@ import org.schwering.irc.lib.util.IRCModeParser;
public class IrcClient
{
- private static final Logger LOGGER = Logger.getLogger( IrcClient.class );
+ private static final Logger LOGGER = LogManager.getLogger( IrcClient.class );
private static final Map connections = new HashMap<>();
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeLegacy.java b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeLegacy.java
index c55276e..40b98f5 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeLegacy.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeLegacy.java
@@ -7,7 +7,6 @@ import java.nio.charset.StandardCharsets;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.io.FileUtils;
-import org.apache.log4j.Logger;
import org.openslx.satserver.util.Exec;
import org.openslx.satserver.util.Exec.ExecCallback;
import org.openslx.taskmanager.api.AbstractTask;
@@ -17,8 +16,6 @@ import com.google.gson.annotations.Expose;
public class CompileIPxeLegacy extends AbstractTask
{
- private static final Logger LOG = Logger.getLogger( CompileIPxeLegacy.class );
-
@Expose
private String defaultentry = null;
@Expose
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeNew.java b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeNew.java
index ad921ac..a4b4ada 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeNew.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxeNew.java
@@ -15,7 +15,6 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.io.FileUtils;
-import org.apache.log4j.Logger;
import org.openslx.satserver.util.Exec;
import org.openslx.satserver.util.Exec.ExecCallback;
import org.openslx.taskmanager.api.AbstractTask;
@@ -25,8 +24,6 @@ import com.google.gson.annotations.Expose;
public class CompileIPxeNew extends AbstractTask
{
- private static final Logger LOG = Logger.getLogger( CompileIPxeNew.class );
-
@Expose
private String ipaddress = null;
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CopyDirectory.java b/src/main/java/org/openslx/taskmanager/tasks/CopyDirectory.java
index 041c681..9bbeab7 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CopyDirectory.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CopyDirectory.java
@@ -5,7 +5,6 @@ import java.io.IOException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
-import org.apache.log4j.Logger;
import org.openslx.satserver.util.Util;
import org.openslx.taskmanager.api.AbstractTask;
@@ -13,8 +12,6 @@ import com.google.gson.annotations.Expose;
public class CopyDirectory extends AbstractTask
{
- private static final Logger LOG = Logger.getLogger( CopyDirectory.class );
-
protected static final String[] ALLOWED_DIRS =
{ "/tmp/", "/srv/openslx/www/boot/" };
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
index e9928d7..6abc5a8 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
@@ -12,7 +12,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openslx.satserver.util.Archive;
import org.openslx.satserver.util.Constants;
import org.openslx.satserver.util.Exec;
@@ -25,7 +26,7 @@ import com.google.gson.annotations.Expose;
public class CreateLdapConfig extends AbstractTask
{
- private static final Logger LOGGER = Logger.getLogger( CreateLdapConfig.class );
+ private static final Logger LOGGER = LogManager.getLogger( CreateLdapConfig.class );
public static final String DEFAULT_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
protected static final String[] ALLOWED_DIRS =
{ "/tmp/", "/opt/openslx/configs/" };
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
index f5e5f7a..0b0c467 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
@@ -8,7 +8,8 @@ import java.util.List;
import java.util.Random;
import org.apache.commons.io.FileUtils;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openslx.satserver.util.LdapMapping;
import org.openslx.satserver.util.Util;
import org.openslx.taskmanager.api.SystemCommandTask;
@@ -18,7 +19,7 @@ import com.google.gson.annotations.Expose;
public class LdapSearch extends SystemCommandTask
{
- private static final Logger LOGGER = Logger.getLogger( LdapSearch.class );
+ private static final Logger LOGGER = LogManager.getLogger( LdapSearch.class );
@Expose
private String server = null;
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LocalAddressesList.java b/src/main/java/org/openslx/taskmanager/tasks/LocalAddressesList.java
index ad5d539..3c8cc84 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LocalAddressesList.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LocalAddressesList.java
@@ -9,12 +9,13 @@ import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openslx.taskmanager.api.AbstractTask;
public class LocalAddressesList extends AbstractTask
{
- private static final Logger LOG = Logger.getLogger( LocalAddressesList.class );
+ private static final Logger LOG = LogManager.getLogger( LocalAddressesList.class );
private Output status = new Output();
diff --git a/src/main/java/org/openslx/taskmanager/tasks/RemoteExec.java b/src/main/java/org/openslx/taskmanager/tasks/RemoteExec.java
index ca3dea2..daec329 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/RemoteExec.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/RemoteExec.java
@@ -16,7 +16,8 @@ import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openslx.satserver.util.Util;
import org.openslx.taskmanager.api.AbstractTask;
@@ -29,7 +30,7 @@ import com.jcraft.jsch.Session;
public class RemoteExec extends AbstractTask
{
- private static final Logger LOGGER = Logger.getLogger( RemoteExec.class );
+ private static final Logger LOGGER = LogManager.getLogger( RemoteExec.class );
protected final static int MAX_OUTPUT_PER_CLIENT = 400000;
diff --git a/src/main/java/org/openslx/taskmanager/tasks/SleepTask.java b/src/main/java/org/openslx/taskmanager/tasks/SleepTask.java
index 3556abc..88892fa 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/SleepTask.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/SleepTask.java
@@ -1,6 +1,7 @@
package org.openslx.taskmanager.tasks;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openslx.taskmanager.api.AbstractTask;
import com.google.gson.annotations.Expose;
@@ -12,7 +13,7 @@ import com.google.gson.annotations.Expose;
public class SleepTask extends AbstractTask
{
- private static final Logger LOG = Logger.getLogger( SleepTask.class );
+ private static final Logger LOG = LogManager.getLogger( SleepTask.class );
@Expose
private int seconds = 0;
--
cgit v1.2.3-55-g7522