textproc/apache-solr: disable format lookup for log4j

As recommended here: https://solr.apache.org/news.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 disable lookup that opens a security vulnerability with log4j < 2.15.0. This is a mitigation for CVE-2021-44228. PR: 260373
2021-12-13 16:04:44 +01:00 · 2021-12-13 16:04:44 +01:00 · 7604d31e30
commit 7604d31e30
parent f1d86749b6
1 changed files with 2 additions and 1 deletions
--- a/textproc/apache-solr/Makefile
+++ b/textproc/apache-solr/Makefile
@ -2,6 +2,7 @@

 PORTNAME=	apache-solr
 PORTVERSION=	8.11.0
+PORTREVISION=	1
 CATEGORIES=	textproc java
 MASTER_SITES=	https://archive.apache.org/dist/lucene/solr/${PORTVERSION}/
 DISTNAME=	solr-${PORTVERSION}
@ -47,7 +48,7 @@ do-install:
 	${ECHO} 'SOLR_LOGS_DIR="/var/log/solr"' >> ${STAGEDIR}${PREFIX}/etc/solr.in.sh.sample
 	${ECHO} 'SOLR_PORT="8983"' >> ${STAGEDIR}${PREFIX}/etc/solr.in.sh.sample
 	${ECHO} 'SOLR_PID_DIR="/var/db/solr"' >> ${STAGEDIR}${PREFIX}/etc/solr.in.sh.sample
-	${ECHO} 'SOLR_OPTS="$$SOLR_OPTS -Djetty.host=localhost"' >> ${STAGEDIR}${PREFIX}/etc/solr.in.sh.sample
+	${ECHO} 'SOLR_OPTS="$$SOLR_OPTS -Djetty.host=localhost -Dlog4j2.formatMsgNoLookups=true"' >> ${STAGEDIR}${PREFIX}/etc/solr.in.sh.sample

 	${MKDIR} ${STAGEDIR}/var/db/solr
 	${MKDIR} ${STAGEDIR}/var/log/solr