logback-access-1.2.13-150200.3.13.1<>,ehp9|>g q| ~rl9: zy:6 ^,o”@M} FD-0{nCi,/1btl&3Иt|p| y?.gjE3,$LCIrM?*#Alfı]7tRV9~zŴ]mhw8ce/U].(e?R %džuQ о2\ h3`NC \m4-|(j^ }$C4:Bqt>>"?"d & T $04Mn     ( / 8TwTp(B8L 9x :0 FGH$I@XHYX\]^bc ad e f l u!v!w!x"y"z"4"D"H"N"Clogback-access1.2.13150200.3.13.1Logback-access module for Servlet integrationThe logback-access module integrates with Servlet containers, such as Tomcat and Jetty, to provide HTTP-access log functionality. Note that you could easily build your own module on top of logback-core.hh01-ch3cSUSE Linux Enterprise 15SUSE LLC EPL-1.0 OR LGPL-2.1-or-laterhttps://www.suse.com/Unspecifiedhttps://logback.qos.ch/linuxnoarchpA큤A큤A큤hhheihhhdba0ebe5406f115b4046ba156b002c9cfa7706ce398123f5f8929e3537ae99fe94a99c6ee7e8b5ba3ef66a1d234c22a55c149e93584040d66a7f6694d552e7ea4188321abdcb50fbdf4df1f31d933ecf2a6094b2c40d54aa33ec32fa290a50b25d661f24262f7d07b3fa34a4d9ecd27ee77c6846b993380322e3fcf49375464crootrootrootrootrootrootrootrootrootrootrootrootrootrootlogback-1.2.13-150200.3.13.1.src.rpmlogback-accessmvn(ch.qos.logback:logback-access)mvn(ch.qos.logback:logback-access:pom:)osgi(ch.qos.logback.access)@ @@    java-headlessjavapackages-filesystemmvn(ch.qos.logback:logback-core)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.81.2.133.0.4-14.6.0-14.0-15.2-14.14.1hߺg@g~hed^@bjb@a{a*@]@]6@fstrba@suse.comfstrba@suse.comgus.kenion@suse.comgus.kenion@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.com- Upgrade to upstream version 1.2.13 * Fixed NPE in ThrowableProxy if extractSupressedThrowables method returns null. This fixes LOGBACK-1623 * Fixed incorrect use of HttpServletResponse.getStatus in logback-access as reported in LOGBACK-1580 * Fixed incorrect use of HttpServletRequest.getParameterNames() logback-access as reported in LOGBACK-1581 * Fixed incorrect SCP URL in Maven pom.xml. This issue was reported in LOGBACK-1633 * Fixes for CVE-2023-6481 as well CVE-2023-6378 were back-ported into the 1.2.x branch. Fixes will be effective only when run under Java 9 and later. Note that a successful exploitation of CVE-2023-6378/CVE-2023-6381 requires that logback-receiver component is enabled and also reachable by the attacker. - Removed patch: * logback-1.2.8-jetty.patch + not needed with this version - Added patch: * logback-CVE-2025-11226.patch + backport of upstream fix for bsc#1250715, CVE-2025-11226: ACE vulnerability in conditional configuration file processing- Added patch: * filtering.patch + Newer maven-filtering versions will throw error when trying to filter binary files and failing to do so. This avoids filtering on *.jks (Java Key Store) files.- CVE-2024-12798 (bsc#1234742) Arbitrary code execution via JaninoEventEvaluator * Resolution: remove JaninoEventEvaluator - CVE-2024-12801 (bsc#1234743) Server-Side Request Forgery (SSRF) in SaxEventRecorder * Resolution: prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD files in DOCTYPE * Remove SaxEventRecorder - Add logback-CVE-2024-12801-CVE-2024-12798.patch- Use %patch -P N instead of deprecated %patchN.- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp- Upgrade to upstream version 1.2.11 * Backported fix for LOGBACK-1027. * Fixed incorrect String cast in JNDIUtil. This corrects LOGBACK-1604. * In SMTPAppenderBase empty username parameter is now treated the same way as null. This fixes LOGBACK-1594. * ContextInitializer no longer complains about missing logback.groovy configuration file. This fixes LOGBACK-1601. * In response to CVE-2021-42550 (aka LOGBACK-1591) the following steps were made: 1) Hardened logback's JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. 2) SMTPAppender was hardened. 3) Temporarily removed DB support for security reasons. 4) Removed Groovy configuration support. As logging is so pervasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons. The aforementioned vulnerability requires write access to logback's configuration file as a prerequisite. A successul RCE attack with CVE-2021-42550 requires all of the following conditions to be met: + write access to logback.xml + use of versions < 1.2.9 + reloading of poisoned configuration data, which implies application restart or scan="true" set prior to attack - Set project.build.sourceEncoding property to ISO-8859-1 to avoid the new maven-resources-plugin chocking on trying to filter in UTF-8 encoding JKS (binary) resources- Do not build against the log4j12 packages- Do not execute goals generateTestStubs and compileTests of gmavenplus-plugin, since we are not compiling or runnig tests during the rpm build. This also allows us to use a wider range of gmavenplus-plugin versions, since those executions changed names in 1.6.- Upgrade to version 1.2.8 (bsc#1193795) * Changes of version 1.2.8 + In response to LOGBACK-1591, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and element in configuration files. + Also in response to LOGBACK-1591, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions < 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan="true" set prior to attack + As an additional extra precaution, in addition to upgrading to logback version 1.2.8, the users are advised to set their logback configuration files as read-only. * Changes of version 1.2.7 + Added hostnameVerification to property SSLSocketAppender. This fixes LOGBACK-1574. * Changes of version 1.2.6 + To prevent XML eXternal Entity injection (XXE) attacks, Joran no longer reads external entities passed in XML files. This fixes LOGBACK-1465. * Changes of version 1.2.5 + Instead of an Appender, the LayoutWrappingEncoder now accepts a variable of type ContextAware as a parent. This fixes LOGBACK-1326. * Changes of version 1.2.4 + Added support for minimum length in %i filename pattern. This fixes LOGBACK-1248. + For size bound log file archiving, allow TimeBasedArchiveRemove to remove files with indexes containing upto 5 digits. This fixes LOGBACK-1175. + Added %prefix composite converter which automatically prefixes child converter output with the name of the converter. This feature is quite handy in environments where log files need to be parsed and monitored. - Changed patch: * logback-1.1.11-jetty.patch -> logback-1.2.8-jetty.patch + Rediff to changed context- Do not force building with java < 9 - Specify maven.compiler.release=8 to access the java.util.function.Supplier API, introduced in java 8 - Added patch: * logback-1.2.3-getCallerClass.patch + Access the sun.reflect.Reflection.getCallerClass by reflection, in order to be able to build with jdk >= 9- Initial packaging of logback 1.2.3h01-ch3c 17595087001.2.13-150200.3.13.11.2.131.2.131.2.13logbacklogback-access.jarlogback-accessLICENSE.txtlogback-access.xmllogbacklogback-access.pom/usr/share/java//usr/share/java/logback//usr/share/licenses//usr/share/licenses/logback-access//usr/share/maven-metadata//usr/share/maven-poms//usr/share/maven-poms/logback/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:41008/SUSE_SLE-15-SP2_Update/5ff35bc7c5ab6150b740e2dfcc390114-logback.SUSE_SLE-15-SP2_Updatedrpmxz5noarch-suse-linuxdirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract Zip archive data, at least v2.0 to extract)ASCII textXML 1.0 document, ASCII textXML 1.0 document textPPPRRRi %MEutf-85a9b42d398c9b180b1e9bc8178baef16fff8a27b055a4ca5fc637e0afe60971b? 7zXZ !t/MS>]"k%+0+0~}:]]c `4.LׂPB[@[ i i)B@V 87dWG" wKǰ`݊?0hC=qH5s S6͊[M5l{g*.; $L00,'\ϱU7Bp8|F2Q}iѹMޒB%a%,Os;W~?eFj(NDr,~orDk&eTDo1V9̪ rF_kPz2o2fCJ˾NcG`f%+ (ƌ2>Š5;߉< dU 3s0>).1SKTX@ˑ*2§_(zV2>ZVl F!|ާnԀd^"$jw$*WlPcd9',{1T2KD("#쐏p@DdAcܦM| lXa>䭃`heq6bw*pq\RZꢱ?H@IԌ^yNt4BDP5(1ޥ3Lv~}B&2rHV 6vaɄEU7 Temku]c7HQ]/i>G_[ӳbQ7@Z7h*)SX! T" fol?鹖qlXZzrf5Mݛzadl5Q9 1cUfihӴX~#{jQ5 0r|y(V7* NIc1v859Z_2nD}BCt-}>(2$ >6o,8pNst O4=?z8e΍!`*|E9`@LJKU4_{ :! mЄD+CP;lR(N敼sll4&Ke/a*# =$&VSU{'p6|Aj+T],&. 8Jì@ivrRV}{Iv?O  ӋխUi@p^zR$y=X|fx-Uoꡘ&, 7q:zr&5۵@YLjquKs5⾋OYE,6z2ե+,dR#-| N'eѪ jZ99Ί }ɔ6+ )@Kyԉѭx ג PqxU'ʌo?Fk9FX͡@Qłw|:k&6ޯ83^B6s}ҏ6U iٝOV Cӏ19yדr\w&6aA{ny3 685QW7%qLȕf1r*@qoю[ؚ szlO9 []r.1%˅څ[RMG!PZ0ٟ6.sa }ֹ`7<=9hcWmLݫuMi'v<.x^b[4g\[Lz pWat]Cۿ&7fonv Z]UN4HE(}GpOzv7[x䓪'3Dԁ4/)R=p-j:x ;d'LODoݛ"[ͯ/,S|`ֵ]Aծ;p5TdBiSqn4%9v5ʍG&jcp %5-+w^%+'2Kx gzږzUɖ0sf ODfEk =S^l҅rf/g1}V7IcҺG3@&e_9Ҵ0Mܻ' X4h`ͤ/%玗 hAcݒY䔩`W*6`74~94 "ސ5>a1L:/ZRJ9rx2s[7{jwgkP4ϣ4nʢ歁^ }^ja36:` g!"j浪d7JpM 6iT 6'[3p"-.V]&Q5: ^W䠘!0,kdG_q@C9t//#; ؄fj+7HYۄ-mZ=3.P~ub^;(dDjvs~_~CjL0!˂1gk1ttoND ~`"}%ӯ| )QLbγq*6NgImG:%1JR n.\໅ NT2So}5Iupq̷%^ Z|GmHe(2'5ѩ; ʳH㺑D\)Ʈ:s=qVy°hpZ^nѽ4 U^$=2k`<$X=+Ww-,Ϸ]Ou=ťZc >@1\u*֐U#ǙQ&>wl#2qJ|&bm-NmpyѷƇROV%&G_SZk^&U֊jHŽ|}'I5H3֚:$hs$*P.8)o`{="e17{N w^N07HO'i|^Bm,SN9XO Yq (,Qʑl@W סާ=vzsSejS{SZC }:0rY hQƣ"bV*1o4-qZ4xȃi6] 4@Y tL=d쨡2$\t>!N~uG(u3Db ``z?|ޢ&3a^yۙp`#;b?⮝9/7LYbW[)li%6!ە7S)Av AbBxPL_,m Ü%(Ur"&"PNGT_+E 9PY go;$H |o_+O4:Km_3i(Ge=6KkY.s~i@RnW4Gz"NL04 AS)˩intxۄ_2E6'pj#]0b o&l[{zNЪ万& tϮ{ 2_#,1+*@sW/h0YElX*҉WQt3ih sWNxnFU5z->$;Њ)<|<[4i3jZI%\uI#` |9Il+UJ`Y^kw,cwΦvG!Z<1a:HJn _{;:A.>lGQLў|/q!E~07ݑIpFbՋ^_1F  00 _*iu%+%6DL>ho-־t*tSˏv兯0TPR. \R$ku@2ʼnPpK2&q0((9J"ɳL2Q>EBQ~fg>\@z:~ {6j,,s{)72MmzsJ@40W[?hCzề|0⦒XA;X/3Qᜆio>'Y̋ m(~x<CJf-kN?!ro _ߚ+ :pëDd 6~zMqu^)Pk`u¼صX1P?4:+hJJkJ6z{l =`ɨ11 Ncg]ŃӦ~#۳ոCU"SOG'zp-~곀SQύ|@/ scݚv' c]/CdV#ucTKH]30ERU >6éFK0j, t%"d'CYywI<&aj' :_вjCRa(;B 6]u(4fsUˈl9G?|#lq!k%'!!xПDD 69G5:פ`ȯ2tGR؇ <}UPha< }L˿ƈOꎷ+~Y.!VnͿ%F0IUej@ Sރ]Y)4 Y s.E|+TT_O3g#\vKa^UΘz3ǵtp?n [tðPbD}\%~OS(>hYX.^\ (yz-=[ 1ؙYxQvK 0 `L{ཧ(y\]ai;D|DGUdϾNPS~K f{VJޫ$fbofE$4d}X mXe9  +7u)`ǡYr?\#%!z{}d63+B3ղoTɰu",͆Afc'xMxNlc=Fod`Ior_nGd:TƢ*śIWIa=bNKV[g|W5A:Վ J%!9dQb UUs'-1]ašibԎf"hWCdlu(H'>!v hvm}o[ q;ye]8 F.P׶#9-:?N+CD"Y~QD1/%1zy$>yK3[#0(͍R_o2;sECȑh}%CIե{p~e-3Zg<r޸<ԫ3ۈPʋ{A>N1 M,GmMzmЖ4z5mCUv_4p$v 7ΣL2`( &ݭ*^&f;Sj\ű3f]'=Q 9thUT_lĒbio7G<-[,Lw*~ 64H_ys۪Z%`퉎dA_JXWs=Bry2s'rH6m\ojajkWV )Q/:{ZC\#WNf\-aV=[Fr6SipB1KE)Ǔ 8>@KJ¦n=%w2_U>(Zd9+cVI!½o̜a_޹}ki{R#>jI VʴfaY, 2u6SW%EIufq5ƾ1mOvLf`x͋# c|GܽZuذdlΧ+'ﯰ>X} lheuJv䄃"m{ZOT6sJA1\9ϵOEm_d0*g@ߜZ}1 #YFӴ2 9 e#frES&Blz]6{eXYI(ll"uSDvF'+Z:)Z~u#rD_PH 8XrȈ/L< PjFO'Ѯ8 s2E] 5J7ގMOQ*N5V!Vէ䉉 snfIˁh7Ӻ}z6'%0{ D(A'Cm7\Ogn '2G@3MwJH8_:ߪÔlK]#~) qyD;`UC|:Fy(RK0MQYc]!J.OpeEϑQ9^5~!?T`\,`xp ]X$C/0]w5)"A{OƚGiADyJ? '._R_مa:%{簦y ?#aY`Nj תw.:D v}ww(vDr6m;BtϺ)?| A7-,+b3@+|1ϛvb^7h 2&꣼iWUJpɟAT3<,ٳZ:-a*磃; ܱ/{$C rRy>D\d $KE$W6skA9M.09 ^_Лm~DڱtN=w!эїĪ`*{cM(䇡op՘J+X4yВ[Ng8iPQl;N6(z? =qdJڍlfȳl@zIi[>Yo#ny7PiqKil3N,.|jLhnV6_e`歩@Rã\^{UIb& ttOv]):bQSZZf`JW% BwuaI8 # 7h@ȥjUB ybW:m^+$&QJ4ZI9t..{R@kNXP<:gي2Gt=:zۍ]|R" i,]+];y*{!(Q> v Ee@#t$e\P\cy 'W٩AC@BAcI &o>^|@߆3Iс+ˍ[BrL3DNf˧BkS+ aƒ?b? UߕUuW7ǗR2ؒnG֡ *4<%a(R\QzvٝoR'ÕRZh|7ݙz?*T?LT"k{)%r7Ȳ@;“G?ճ:fA]SU`z v'XUFP-:4oCPȡ‚_tP½eW 'lfTv&7芄_cMᢄ= d"8(zhس?3Ys*N>9e ZRM @ Cŧ3^i[Wn}<:ew\z3 w M"-=_3 ВvDsG9͘N}K֑5 EX% a%i(-GJs& %R}ZbG͏&saPڻ(QjME]xX5KDƎY U^?2S>!xƟYqRƒ"KuOٷ? #I/(^(Rz°KFx0U%2thR y4_s?7/v]qUL)*WP}>p'93Di&'hSڳCq+kL1}~R@cuU!9~guv Zq%=.䎒oӛϣI?v%CfD0e.`JkTӟI :NҢ}>؎CB?~_wD\YX _郫 ?owk!Zċow]˨^o+hbk3Ǿ1_Da"r[c}}( mD`۠SDzkhF '(v@9?׸8cDOSk`9V\Ǥ agQ{NG/7Q*g8$ށN˂9G! CAw-$᛻}CF(ʃ`hK"5sv08OYͻ[OH\s/loL9gHŴ ǚQG_ m]obS ID#.[y S64%U[677q!C`W;SU!ǩ-^iz61{,Td@L߼};z; vW|숿0 vVל%ژXE#ﺓf )< 1A_b*/kntfjS>BZ^k8[ Ѝf?3\L:^&l4qv̒@R}BǤu;{_$=Խ<+7 EOEV y*>Ik@ĶG.0m~1DnJЗ7yHzfV4AU݅ Ou1KdD h=/ԣ'sa+dT# >hRp'ǥ$ dE7iC" ]7G𷠫dՖ?sV=`y ԟCz7YA-w"Pkxy)K]kO5aMR ~mL8尫Xtf;21Ub1bgʌI+M ;ᡗӅ*i~s$cY>}s>N_R&SQ{+)4PJSymvDSG\3,{{>OdJY!ڳf֛er}}0Ċ}tT8[totS+D $}3"/OWq!tHvn膷j  {sr{n(}lrnu.יIv!we6$5[#)P?łI^CplC/&+7˜,!hxt?pn]bҴE8]ki$(v >j[@4}a+E45Cfڷ su)g#<>a>E^t7z3] 00 Nlqa~ %> 4 @oMo _ 5#@٢$4:EǏCod6 J)G*r >_T,E{o6`w>6sZmA3 @a;ٚMtiݞ+P'Xb`JK.Y:XBϪdT&)6ޛzA#x7Kr|̏tf]?cCcj.8ez/:lK.[tEN=o(kd>zI&;0Hle+i)j3 ќGR2ړtdr[Ԃ}qU \]ì._w~{ cKCoXicQ1,}Z~ >J_W Be0-`exSN kM1 4y[nցValk-9m·Ha5hh!,/瀧 F6uXԑo}$3EBlO.ԖRrF;:j=>=*R] M+yy9 ~nbDZƯX>]> LuV~`v|aT%E(/^IxԈWTl5̝I.֘ҶiBuFKvo: ޓKDIRLTaH!TLZp{0 ӛ׸߰;*+*0@1[D\J !:$%+K_Rɇ/}t;/+cs Z UFw9Lq֜d栰uWf&̾OԚn 4`$kv_*k6b z<|bWZG3*BV#5Ĺ,ZN 8**"Ŋab3+v?'Tj>r[Q7㗎Ec#]@[ ]vknC,!ը9$~pai<.Ҝs9 v0n2YT\rt [0NCk|\m?oa,IfȘз+/HWfhU&϶S,I𝕥Y.. A] $yxkx@!9u=_/.>GLzGd0Qgȏ4"59 ]>2;|MyiGC"Hj}"0 Qj)ht4iu4n.ԣ:o.Л.I}Q!&Tq+9EeH,# vXd517 6\Wx2 ,NBYI_r-~5zހ6GF(*!0/5߲0w@TKW67'[F։LTUTB%;-G|g$,ء ج_ N]plT(k,L@mK|&.׷$!KD- 9s1q-|-ق%p^u܀Bl7=oxa>v3/7geAVI8״qmhnvoٓZl2京ۋ$IمKŔG9Jy|c@y)J0J|4Ջrvj2kWֈA̅U8sGcRoVG7Ѿj_C ըv^K!Bb&S p`t;9a O.f#gRh= @d L UtdzF,{FB3FqwUQA@Ǔ Gy@:KE $r=f $;D HHe2EvO1 ̃b>8h]|oP&q/=Xc׶Tl BueEh1}PI3a 5L/Źˆcdn@ |ndM1AMl=s-Lg\y *f ; S8K\%xd 5y ~UYq: 9c+"1a6Dd5G 7{K!|fANq[od3 \zB 'p< d8XL@-Jsl3D$|v,Tf/.rG+<ͻ;{uCj'x# H.<pĭ;MdL4ZIVT(L7k'`Y!vKi/=ʆPPdmOW8i  WqCP.5вfٚ:Ebi nuۇu?*m> kwGGd<<6.b!r|f(yrʷXa9x eYl.^B[PW x\1𳩏h!pcүHuOp25'J/etp ~`i`] X >)JQhFMJ- D| P:S{ WۓYOЬfepKHT[(c*&P˸ts9݂ *tg V81R$(\ꃛy PwduD'w)Kz=,P6YTf\=)!45:#O/1'@N6YoM>Kh,\^]uWjN8T}<;ifZVj@kPsw)QZK1\2ٕO^XJWb^~"y-vQ\-;#),SO0M3nY&w @,\~R26 jy:«CLjUC