������logback-access-1.2.11-150200.3.10.1���������������������������������������������������������������<���>�������,���������������������������������������������������2�����g5p9|��ӥ��T_)i(P�TO"7^D,Fav
u�ŏ|O��*�B=�[4X�+dڱ���;%��8�Ɗ-�Z>;UQ�dU�
uz7R�hՋ�>z2I X\1䘰]%39`<)K��{l0d8�Wnj6Jx_�x_|�@u*o0p?V:�z��ݴ��Ug
��+|�]f�&J1gtQ�B�;~z:n6+*���>��������������������>������?��������������d��������������������������������������������������������������� ���&���������� ���T�������������� ��������������$��������������0��������������4��������������M��������������n������������������������ ���������������������������������������������������������������������������������� ��������������
�����������������������(���������������/�������
�������8���������������T���������������w������������������������������������������������������������T���������������p�����������������������(�������B�������8�������L��� ���9�������p��� ���:����������� ���F��������������G��������������H���������������I�������4�������X�������<�������Y�������L�������\�������x�������]��������������^��������������b��������������c�������U�������d��������������e��������������f��������������l��������������u��������������v���������������w��������������x��������������y���������������z�������(��������������8��������������<��������������B������������������C�logback-access�1.2.11�150200.3.10.1�Logback-access module for Servlet integration�The logback-access module integrates with Servlet containers, such as Tomcat
and Jetty, to provide HTTP-access log functionality. Note that you could
easily build your own module on top of logback-core.��g5h01-ch2d������SUSE Linux Enterprise 15�SUSE LLC �EPL-1.0 OR LGPL-2.1-or-later�https://www.suse.com/�Unspecified�https://logback.qos.ch/�linux�noarch��������������������������eA큤A큤A큤��������������g5g5g5b#g5g5g5�53c5353f1cab6844ecfd0b4e164ec0b33b6012850d92aa2f9c506315c1e0899e��94a99c6ee7e8b5ba3ef66a1d234c22a55c149e93584040d66a7f6694d552e7ea�ef6652c06e882a2f617d464cba6f4fecc56a730e4ef4e00fc1eed535fdc3e887��cd0f37be71ba79ff7f17ae840f88e35be2996867dd0c50a15f8c42ee4d8995b0�������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�logback-1.2.11-150200.3.10.1.src.rpm������logback-access�mvn(ch.qos.logback:logback-access)�mvn(ch.qos.logback:logback-access:pom:)�osgi(ch.qos.logback.access)�����@���@���@����
���
���
���
java-headless�javapackages-filesystem�mvn(ch.qos.logback:logback-core)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�1.8��1.2.11�3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.1����g~hed^@bjb�@a{a*@]�@]6@gus.kenion@suse.com�gus.kenion@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�- CVE-2024-12798 (bsc#1234742) Arbitrary code execution via
JaninoEventEvaluator
* Resolution: remove JaninoEventEvaluator
- CVE-2024-12801 (bsc#1234743) Server-Side Request Forgery (SSRF)
in SaxEventRecorder
* Resolution: prevent Server-Side Request Forgery (SSRF) attacks
by ignoring external DTD files in DOCTYPE
* Remove SaxEventRecorder
- Add logback-CVE-2024-12801-CVE-2024-12798.patch�- Use %patch -P N instead of deprecated %patchN.�- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp�- Upgrade to upstream version 1.2.11
* Backported fix for LOGBACK-1027.
* Fixed incorrect String cast in JNDIUtil. This corrects
LOGBACK-1604.
* In SMTPAppenderBase empty username parameter is now treated the
same way as null. This fixes LOGBACK-1594.
* ContextInitializer no longer complains about missing
logback.groovy configuration file. This fixes LOGBACK-1601.
* In response to CVE-2021-42550 (aka LOGBACK-1591) the following
steps were made:
1) Hardened logback's JNDI lookup mechanism to only honor
requests in the java: namespace. All other types of requests
are ignored.
2) SMTPAppender was hardened.
3) Temporarily removed DB support for security reasons.
4) Removed Groovy configuration support. As logging is so
pervasive and configuration with Groovy is probably too
powerful, this feature is unlikely to be reinstated for
security reasons.
The aforementioned vulnerability requires write access to
logback's configuration file as a prerequisite. A successul
RCE attack with CVE-2021-42550 requires all of the following
conditions to be met:
+ write access to logback.xml
+ use of versions < 1.2.9
+ reloading of poisoned configuration data, which implies
application restart or scan="true" set prior to attack
- Set project.build.sourceEncoding property to ISO-8859-1 to
avoid the new maven-resources-plugin chocking on trying to filter
in UTF-8 encoding JKS (binary) resources�- Do not build against the log4j12 packages�- Do not execute goals generateTestStubs and compileTests of
gmavenplus-plugin, since we are not compiling or runnig tests
during the rpm build. This also allows us to use a wider range
of gmavenplus-plugin versions, since those executions changed
names in 1.6.�- Upgrade to version 1.2.8 (bsc#1193795)
* Changes of version 1.2.8
+ In response to LOGBACK-1591, all JNDI lookup code in logback
has been disabled until further notice. This impacts
ContextJNDISelector and element in
configuration files.
+ Also in response to LOGBACK-1591, all database (JDBC) related
code in the project has been removed with no replacement.
+ Note that the vulnerability mentioned in LOGBACK-1591 requires
write access to logback's configuration file as a
prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591
are of different severity levels. A successful RCE requires
all of the following conditions to be met:
- write access to logback.xml
- use of versions < 1.2.8
- reloading of poisoned configuration data, which implies
application restart or scan="true" set prior to attack
+ As an additional extra precaution, in addition to upgrading to
logback version 1.2.8, the users are advised to set their
logback configuration files as read-only.
* Changes of version 1.2.7
+ Added hostnameVerification to property SSLSocketAppender.
This fixes LOGBACK-1574.
* Changes of version 1.2.6
+ To prevent XML eXternal Entity injection (XXE) attacks, Joran
no longer reads external entities passed in XML files. This
fixes LOGBACK-1465.
* Changes of version 1.2.5
+ Instead of an Appender, the LayoutWrappingEncoder now accepts
a variable of type ContextAware as a parent. This fixes
LOGBACK-1326.
* Changes of version 1.2.4
+ Added support for minimum length in %i filename pattern. This
fixes LOGBACK-1248.
+ For size bound log file archiving, allow
TimeBasedArchiveRemove to remove files with indexes containing
upto 5 digits. This fixes LOGBACK-1175.
+ Added %prefix composite converter which automatically prefixes
child converter output with the name of the converter. This
feature is quite handy in environments where log files need to
be parsed and monitored.
- Changed patch:
* logback-1.1.11-jetty.patch -> logback-1.2.8-jetty.patch
+ Rediff to changed context�- Do not force building with java < 9
- Specify maven.compiler.release=8 to access the
java.util.function.Supplier API, introduced in java 8
- Added patch:
* logback-1.2.3-getCallerClass.patch
+ Access the sun.reflect.Reflection.getCallerClass by
reflection, in order to be able to build with jdk >= 9�- Initial packaging of logback 1.2.3�h01-ch2d 1736521163���������������������������������������������������������������������������������1.2.11-150200.3.10.1�1.2.11�1.2.11�1.2.11�������������������������������logback�logback-access.jar�logback-access�LICENSE.txt�logback-access.xml�logback�logback-access.pom�/usr/share/java/�/usr/share/java/logback/�/usr/share/licenses/�/usr/share/licenses/logback-access/�/usr/share/maven-metadata/�/usr/share/maven-poms/�/usr/share/maven-poms/logback/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:36966/SUSE_SLE-15-SP2_Update/9207f77962a89a1bad54b203fe4f1da0-logback.SUSE_SLE-15-SP2_Update�drpm�xz�5�noarch-suse-linux������������������������������directory�ASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract Zip archive data, at least v2.0 to extract)�ASCII text�XML 1.0 document, ASCII text�XML 1.0 document text����������������������������������������������������������P���P���P���R���R���R���ז0%��>N����utf-8�d521699ca567e03e0f77065e50c6670f0250ce0ced424317a59b97a470a72326���������?���� ����7zXZ��
���!�����t/�~�]�"��k%20+0�~}:]]c��`&&;�Q�����@�^�d*��۲S~ (uZH�m$;(k:/~wx8LCV+�Lt�hjN
,Zyll �w�0l�8�b
oCqba^?^s�W
)?첫�h$$ќ/Ťhy�K|}�Mm�/l斲7.d��qgg�^AX �cݮ�^cYt<9Ȍ|NZLL!|Z���Q'L�kǥ�pM|�~yܓX�qnW=�D�5�TeLl0GS����y^pO�}\�a�ʈײG NϗirB�y]$
�
o`wAoZb^N(3��UӮفS"(�g+���ܶ�!�qYq�-�LQ�0�CÉ�s֊~r�d@e~8�٫LN�0R�xF^4WLAR��7g7*|$_ӗҐ�n� �(R�R�kn爹&UMi��d���26�cZ$/�_Z'[r79{Te$'�i{�qy�� GSD�]�jƤivVj7ٟ1?^x�eS'�vB~ԙuK)�݉&�0\�}+"�3b:�iOo!*odX�],N��"/d��mZKn�^��Ӷp6^NبFl|֨7`{�UT��'6yn�EZ��
U��pȶ^@U{� ji7���>:r\IÜ'>��DEO�wз�g�igW} -V`p?�U�5�s,]�te�bi���h�՝`qTwp]˜ު:��� $�e�F!Q2N�A.����uӻx�E�ya�Z>0+L{�d�h��b�FDnl}jg�nEK;/B�H=d{r"M�aF~o�
ٵ�ܹv��R>1Kwa��E��Ff"2
%8%;)A�#h�*>ӨU�ڰt/#kM?E�/�1.RQ�
,\J�zzbO�Gf<1ܰ�j
NbT?��ƷBρ�dyiƪiSzy�j>#�(Z�]z3�nk��sv�u���(=�k}�{6X0�߾��Ue�g={5\�,"nƯ~g%mG��7E����yY�W VޯX�&[SEzt�K�;=Ĝ;"f$_�9YRzY?
u5�Ӑ| DNdm�.VeF�7RJn�hp8uWJƧW1DA�y�Kn
:ң{�{�'ڃ)q�|_3ꂈq<�g|29ׯֳܘKG$�z_dǾH
n8z��%=f=�+=Gii0L�`(dS�VIl^$QwX`�!uvg@��(l 0䐘;�Vm2R<-��Pv%mN�0!V�x>�h2�Gą)zY9k MTL5[Y!�d�QW|kp
�]eI^m��}FkX�j�/�e*o/ΓM�,�N,UPQl�EEsOO��*ǺCгjnY�6q�""&7�O�U6Ӈ�KH��w?Biy#`q�(DRaWIR{i�D� �VwX
,85SF'�b�k�D#B"�Y-Jmv�
FD~-C#_":YtMu䭌uٞƄZ[��=�p&+��bxA y81Mi5�p �����q,[-t[Qd.X yjp��'oD~dsV�:�y86/P�_�13I �C9S�P5SjCKX��kE<+�\�_�$��Q�Gڼi�m�_
}a؛ܞ�Ϩ�\�;T=�qQSMu�)㨤6Q��sؕuU8,A+8��?O1J$zl%i�
[Mf"x@�'mi�ڑ\ [j`|
�uq�s{�>U�e]h�UQ>�4꩸W6uJbW�TU6e&n5a��ߤHޕ𮋷
3�
��BJx3:�b쎊r@�jD��v5q� 8�6o$pg=r~eTNƐjEmb Jtu_'y%v��.Gr�Kl7�QCAMIv�μ6WR�HN/-� n=xb
TԽ{XA0݈ҷ?*k�a�M_Ћ¸�Ώ�Χ�V̡e^i�Q|uN*&��!������`o?���cP��h��*П4Z�й^4m|LER[E鰢#];X*p�Ao�M4ID2uyUȴQv�"Aj-XIOw^��jnK6$]Sk2'w�
'w)Z�}ڰ�l�4�A#u
|"r_�俳O����xO�q�L�Zγ"o2h4Tě?'r�! %UV.�Q5��46��Ei�(EP�~ti�c]�نS/n�:+$7�iBy4�GͬeS� @���1�)Z��?
aOd!%3�JR��Pޥ%Mc9�U� NಪFH
ov4U�˳f\�m��ƶ������
YZ