From fb418db538a4990293b1afa47d735cd506497865 Mon Sep 17 00:00:00 2001 From: Ceki Gulcu Date: Tue, 19 Feb 2019 17:21:46 +0100 Subject: [PATCH] fix SLF4J-456 --- jcl-over-slf4j/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 .../src/main/resources/META-INF/MANIFEST.MF | 2 +- log4j-over-slf4j/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 pom.xml | 55 ++++++++++++++----- release.sh | 49 +++++++++++++++++ slf4j-api/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 slf4j-jdk14/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 slf4j-nop/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 slf4j-simple/pom.xml | 6 +- .../src/main/{java => java9}/module-info.java | 0 slf4j-site/pom.xml | 23 +++++++- slf4j-site/src/site/pages/download.html | 6 +- slf4j-site/src/site/pages/news.html | 48 ++++++++++------ 18 files changed, 177 insertions(+), 42 deletions(-) rename jcl-over-slf4j/src/main/{java => java9}/module-info.java (100%) rename log4j-over-slf4j/src/main/{java => java9}/module-info.java (100%) create mode 100755 release.sh rename slf4j-api/src/main/{java => java9}/module-info.java (100%) rename slf4j-jdk14/src/main/{java => java9}/module-info.java (100%) rename slf4j-nop/src/main/{java => java9}/module-info.java (100%) rename slf4j-simple/src/main/{java => java9}/module-info.java (100%) diff --git a/jcl-over-slf4j/pom.xml b/jcl-over-slf4j/pom.xml index bb3719764..cb72b2af8 100755 --- a/jcl-over-slf4j/pom.xml +++ b/jcl-over-slf4j/pom.xml @@ -16,6 +16,10 @@ JCL 1.2 implemented over SLF4J http://www.slf4j.org + + org.apache.commons.logging + + org.slf4j @@ -28,4 +32,4 @@ - \ No newline at end of file + diff --git a/jcl-over-slf4j/src/main/java/module-info.java b/jcl-over-slf4j/src/main/java9/module-info.java similarity index 100% rename from jcl-over-slf4j/src/main/java/module-info.java rename to jcl-over-slf4j/src/main/java9/module-info.java diff --git a/jul-to-slf4j/src/main/resources/META-INF/MANIFEST.MF b/jul-to-slf4j/src/main/resources/META-INF/MANIFEST.MF index 9f61320fd..6e4ed9ee0 100644 --- a/jul-to-slf4j/src/main/resources/META-INF/MANIFEST.MF +++ b/jul-to-slf4j/src/main/resources/META-INF/MANIFEST.MF @@ -5,4 +5,4 @@ Bundle-Vendor: SLF4J.ORG Bundle-RequiredExecutionEnvironment: J2SE-1.5 Export-Package: org.slf4j.bridge;version=${parsedVersion.osgiVersion};uses:="org.slf4j,org.slf4j.spi" Import-Package: org.slf4j;version=${parsedVersion.osgiVersion},org.slf4j.spi;version=${parsedVersion.osgiVersion} -Automatic-Module-Name: jul_to_slf4j +Automatic-Module-Name: jul.to.slf4j diff --git a/log4j-over-slf4j/pom.xml b/log4j-over-slf4j/pom.xml index e449c9e20..b0acda486 100755 --- a/log4j-over-slf4j/pom.xml +++ b/log4j-over-slf4j/pom.xml @@ -25,6 +25,10 @@ + + log4j + + org.slf4j @@ -37,4 +41,4 @@ - \ No newline at end of file + diff --git a/log4j-over-slf4j/src/main/java/module-info.java b/log4j-over-slf4j/src/main/java9/module-info.java similarity index 100% rename from log4j-over-slf4j/src/main/java/module-info.java rename to log4j-over-slf4j/src/main/java9/module-info.java diff --git a/pom.xml b/pom.xml index 5c9a0152d..3386c4899 100755 --- a/pom.xml +++ b/pom.xml @@ -33,7 +33,7 @@ - 1.7.25 + 1.7.26 1.6 ${jdk.version} @@ -50,6 +50,7 @@ 3.6 3.6.1 2.10.4 + 3.0.1 @@ -183,34 +184,45 @@ - base-compile + default-compile compile - - module-info.java - + + [6, ) + + ${jdk.version} + ${jdk.version} - - default-compile + + module-compile + compile + + compile + [9, ) 9 + + ${project.basedir}/src/main/java9 + + ${project.build.outputDirectory}/META-INF/versions/9 + + --patch-module + ${module-name}=${project.build.outputDirectory} + + + + - - - [1.6, ) - - ${jdk.version} - ${jdk.version} - + @@ -225,6 +237,7 @@ ${maven.compiler.source} ${maven.compiler.target} ${project.version} + true ${project.build.outputDirectory}/META-INF/MANIFEST.MF @@ -251,7 +264,7 @@ org.apache.maven.plugins maven-source-plugin - 2.1.2 + ${maven-source-plugin.version} package @@ -492,6 +505,18 @@ + + apache-snapshot-repo + apache-snapshot-repo + https://repository.apache.org/content/groups/snapshots/ + + false + + + true + + + diff --git a/release.sh b/release.sh new file mode 100755 index 000000000..4934ebdaa --- /dev/null +++ b/release.sh @@ -0,0 +1,49 @@ +#mvn versions:set -DgenerateBackupPoms=false -DnewVersion=${VERSION_NUMBER} + +MVN='/java/maven-3.5.2//bin/mvn' + +PASS=$1 +echo $PASS + +function checkExit(){ + if test "$?" != "0"; then + echo Command $1 exited with abnormal status + exit 1; + else echo $? + fi +} + +function echoThenRun () { # echo and then run the command + echo $1 + $1 + ret=$? + echo $ret + return $ret +} + +$MVN clean +checkExit "mvn clean" + + +$MVN install +checkExit "mvn install" + + +$MVN site:site +checkExit "mvn site:ste" + + +$MVN assembly:single +checkExit "mvn assembly:single" + + +$MVN deploy -P javadocjar,sign-artifacts -Dgpg.passphrase=$PASS +checkExit "mvn deploy -P javadocjar,sign-artifacts -Dgpg.passphrase=xxx" + +#$MVN site:deploy -N # with Java 8!!! +#checkExit "mvn site:deploy -N" + +#git tag -m "tagging" -a v_${VERSION_NUMBER} +#git push --tags + +#release version and add next version on jira diff --git a/slf4j-api/pom.xml b/slf4j-api/pom.xml index eedd8800b..715c3c2dc 100755 --- a/slf4j-api/pom.xml +++ b/slf4j-api/pom.xml @@ -18,6 +18,10 @@ http://www.slf4j.org + + org.slf4j + + @@ -52,4 +56,4 @@ - \ No newline at end of file + diff --git a/slf4j-api/src/main/java/module-info.java b/slf4j-api/src/main/java9/module-info.java similarity index 100% rename from slf4j-api/src/main/java/module-info.java rename to slf4j-api/src/main/java9/module-info.java diff --git a/slf4j-jdk14/pom.xml b/slf4j-jdk14/pom.xml index a699aed09..1c84d3673 100755 --- a/slf4j-jdk14/pom.xml +++ b/slf4j-jdk14/pom.xml @@ -16,6 +16,10 @@ SLF4J JDK14 Binding http://www.slf4j.org + + org.slf4j.jul + + org.slf4j @@ -31,4 +35,4 @@ - \ No newline at end of file + diff --git a/slf4j-jdk14/src/main/java/module-info.java b/slf4j-jdk14/src/main/java9/module-info.java similarity index 100% rename from slf4j-jdk14/src/main/java/module-info.java rename to slf4j-jdk14/src/main/java9/module-info.java diff --git a/slf4j-nop/pom.xml b/slf4j-nop/pom.xml index c8cae49e2..0bbe4c145 100755 --- a/slf4j-nop/pom.xml +++ b/slf4j-nop/pom.xml @@ -17,6 +17,10 @@ SLF4J NOP Binding http://www.slf4j.org + + org.slf4j.nop + + org.slf4j @@ -24,4 +28,4 @@ - \ No newline at end of file + diff --git a/slf4j-nop/src/main/java/module-info.java b/slf4j-nop/src/main/java9/module-info.java similarity index 100% rename from slf4j-nop/src/main/java/module-info.java rename to slf4j-nop/src/main/java9/module-info.java diff --git a/slf4j-simple/pom.xml b/slf4j-simple/pom.xml index cb8be5f61..1e055b6c3 100755 --- a/slf4j-simple/pom.xml +++ b/slf4j-simple/pom.xml @@ -16,6 +16,10 @@ SLF4J Simple binding http://www.slf4j.org + + org.slf4j.simple + + org.slf4j @@ -31,4 +35,4 @@ - \ No newline at end of file + diff --git a/slf4j-simple/src/main/java/module-info.java b/slf4j-simple/src/main/java9/module-info.java similarity index 100% rename from slf4j-simple/src/main/java/module-info.java rename to slf4j-simple/src/main/java9/module-info.java diff --git a/slf4j-site/pom.xml b/slf4j-site/pom.xml index 37401a371..818ccbb9f 100755 --- a/slf4j-site/pom.xml +++ b/slf4j-site/pom.xml @@ -38,7 +38,28 @@ ${project.parent.basedir}/target/site + + + org.apache.maven.plugins + maven-source-plugin + ${maven-source-plugin.version} + + + + **/META-INF/* + + + + + package + + jar + + + + - \ No newline at end of file + diff --git a/slf4j-site/src/site/pages/download.html b/slf4j-site/src/site/pages/download.html index af42373d9..2516436c2 100755 --- a/slf4j-site/src/site/pages/download.html +++ b/slf4j-site/src/site/pages/download.html @@ -43,12 +43,12 @@

Would you like to subscribe to the QOS.CH announcements mailing

Latest STABLE version

-

Download version ${stable.version} including full source code, +

Download version ${latest.stable.version} including full source code, class files and documentation in ZIP or TAR.GZ format:

Java 9 Modularized EXPERIMENTAL version

diff --git a/slf4j-site/src/site/pages/news.html b/slf4j-site/src/site/pages/news.html index d115b9876..1dd0cd1ea 100755 --- a/slf4j-site/src/site/pages/news.html +++ b/slf4j-site/src/site/pages/news.html @@ -31,17 +31,19 @@

SLF4J News

announce mailing list.

+
+

February 16th, 2019 - Release of SLF4J 1.8.0-beta3

@@ -74,28 +76,39 @@

February 16th, 2019 - Release of SLF4J 1.8.0-beta3

SLF4J-409 as reported by Devin Smith.

+

For reasons of coherency, the + Automatic-Automatic-Module-Name for the jul-to-slf4j + module is now "jul.to.slf4j". In the eartly versions of Java 9 the + string "to" within "jul.to.slf4j" was incorrectly interpreted as a + reserved keyword. This bug has been fixed in the JDK for a while. +

+

Fixed CVE-2018-8088 by removing the EventData EventException EventLogger classes in the same way as done in SLF4J 1.7.26.

+ +

Removed MDCStrLookup class in + org.slf4j.ext package which relied on + commons-lang. Thus, slf4j-ext module no + longer depends on commons-lang fixing SLF4J-454. +

February 16th, 2019 - Release of SLF4J 1.7.26

-

Due to popular demand in relation Due to popular demand in relation to CVE-2018-8088, - removed EventData EventException - EventLogger classes in the org.slf4j.ext - package in the slf4j-ext module. These classes were rarely - used. + EventData, EventException and + EventLogger classes were removed from the + org.slf4j.ext package located in the + slf4j-ext module.

-

The aforementioned vulnerabilty has quite a low severty but was - incorrectly marked critical in National Vulnerability - Database. However, it was easier to remove the rarely-used - incriminated classes than to try to convince the universe that the - severity of the vulnerability was indeed low. +

The aforementioned vulnerabilty has a low severty but was + incorrectly marked critical in the National Vulnerability Database.

@@ -112,6 +125,9 @@

21st of March, 2018 - Release of SLF4J 1.8.0-beta2

Automatic-Module-Name: jul_to_slf4j

+

In later versions of Java 9 this problem was fixed and we + reverted to jul.to.slf4j in 1.8.0-beta3 and later.

+

See also SLF4J-428.