PR#2: drop log4j12 dependency and switch junit module to log4j 1.2 API shim - rpms/jdom2

rpms / jdom2

#2 drop log4j12 dependency and switch junit module to log4j 1.2 API shim

Merged 3 years ago by decathorpe. Opened 3 years ago by decathorpe.

Unknown source master into master

drop log4j12 dependency and switch junit module to log4j 1.2 API shim

Fabio Valentini • 3 years ago

edd3ffd

jdom-junit-template.pom

file modified

+3 -3

		`@@ -95,9 +95,9 @@`
		`<optional>true</optional>`
		`</dependency>`
		`<dependency>`
		`- <groupId>log4j</groupId>`
		`- <artifactId>log4j</artifactId>`
		`- <version>1.2.17</version>`
		`+ <groupId>org.apache.logging.log4j</groupId>`
		`+ <artifactId>log4j-1.2-api</artifactId>`
		`+ <version>2.13.3</version>`
		`<optional>true</optional>`
		`</dependency>`
		`<dependency>`

jdom2.spec

file modified

+4 -2

		`@@ -1,6 +1,6 @@`
		`Name: jdom2`
		`Version: 2.0.6`
		`- Release: 19%{?dist}`
		`+ Release: 20%{?dist}`
		`Summary: Java manipulation of XML made easy`
		`License: Saxpath`
		`URL: http://www.jdom.org/`
		`@@ -26,7 +26,6 @@`
		`BuildRequires: xalan-j2`
		`BuildRequires: xerces-j2`
		`BuildRequires: xml-commons-apis`
		`- BuildRequires: log4j12`
		`BuildRequires: aqute-bnd`

		`BuildArch: noarch`
		`@@ -90,6 +89,9 @@`
		`%license LICENSE.txt`

		`%changelog`
		`+ * Thu Sep 10 2020 Fabio Valentini <decathorpe@gmail.com> - 2.0.6-20`
		`+ - Drop log4j12 dependency and switch junit module to log4j 1.2 API shim.`
		`+`
		`* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.6-19`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild`

decathorpe commented 3 years ago

log4j12 is old and gross and has open security bugs. I want to get rid of it.
Serendipitously, log4j 2 actually provides a 1.2 API shim that requires no code changes.

Test builds in COPR:
https://copr.fedorainfracloud.org/coprs/decathorpe/jdom2-log4j-pr/monitor/

Not sure if the jdom2-junit module is actually used by anything :shrug: