<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/445b13f2947d8c66f4d894b3b72312b6a98eba8f">https://github.com/macports/macports-ports/commit/445b13f2947d8c66f4d894b3b72312b6a98eba8f</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 445b13f2947 apache-solr8: Update to version 8.11.0, log4j vulnerability mitigation
</span>445b13f2947 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 445b13f2947d8c66f4d894b3b72312b6a98eba8f
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sun Dec 12 10:33:20 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> apache-solr8: Update to version 8.11.0, log4j vulnerability mitigation
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Update to version 8.11.0
</span><span style='display:block; white-space:pre;color:#404040;'> * Addresses log4j vulnerability CVE-2021-44228
</span><span style='display:block; white-space:pre;color:#404040;'> * See https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
</span>---
java/apache-solr8/Portfile | 12 ++++++++----
java/apache-solr8/files/patch-solr-in-sh.diff | 13 +++++++++++++
2 files changed, 21 insertions(+), 4 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/java/apache-solr8/Portfile b/java/apache-solr8/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 9a2395d12b6..b8dac998cec 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/java/apache-solr8/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/java/apache-solr8/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,7 +4,7 @@ PortSystem 1.0
</span> PortGroup java 1.0
name apache-solr8
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 8.9.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 8.11.0
</span> revision 0
categories java textproc
maintainers {ieee.org:s.t.smith @essandess} openmaintainer
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -25,9 +25,13 @@ extract.suffix .tgz
</span>
master_sites apache:lucene/solr/${version}/
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 b781608474fb33060740df303a58ec3e428f91a2 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 c9c970e0603318eac1ca5bae24e9a85e917d012266159237e572e636c5a3da62 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 202942547
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 7ec0e184f17427877e8ac52e4c9e9807dcd722c1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 ba69bffc624e5c1e35b3b2e0929d82f2ba7871d7ba5941f202c2b97945eb730c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 217788568
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# log4j vulnerability CVE-2021-44228
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# diff -NaurdwB -I '^ *#' ./solr-orig/bin/solr.in.sh ./solr-new/bin/solr.in.sh | sed -E -e 's/\.\/solr-(orig|new)\//\.\//' > patch-solr-in-sh.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles-append patch-solr-in-sh.diff
</span>
# see https://lucene.apache.org/solr/guide/8_1/solr-system-requirements.html
java.version 9+
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/java/apache-solr8/files/patch-solr-in-sh.diff b/java/apache-solr8/files/patch-solr-in-sh.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..5458e2b9e12
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/java/apache-solr8/files/patch-solr-in-sh.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,13 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./bin/solr.in.sh 2021-12-12 10:15:40.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./bin/solr.in.sh 2021-12-12 10:17:50.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -100,6 +100,10 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# log4j vulnerability CVE-2021-44228
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# https://github.com/apache/solr/pull/454#issuecomment-991169501
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Location where the bin/solr script will save PID files for running instances
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # If not set, the script will create PID files in $SOLR_TIP/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #SOLR_PID_DIR=
</span></pre><pre style='margin:0'>
</pre>