Sync from SUSE:SLFO:Main postgresql-jdbc revision 9d2842004dbd0015af9183b1bbfeb31f

2025-01-27 11:25:40 +01:00 · 2025-01-27 11:25:40 +01:00 · 63e0603f5f
commit 63e0603f5f
4 changed files with 225 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/postgresql-42.7.2-jdbc-src.tar.gz
+++ b/postgresql-42.7.2-jdbc-src.tar.gz
--- a/postgresql-jdbc.changes
+++ b/postgresql-jdbc.changes
@ -0,0 +1,131 @@
+-------------------------------------------------------------------
+Thu Feb 29 16:40:26 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream version 42.7.2
+  * Security fix:
+    + CVE-2024-1597 (bsc#1220644) postgresql vulnerable to SQL
+      Injection via line comment generation
+  * Other changes:
+    + perf: avoid autoboxing bind indexes
+    + add: Add PasswordUtil for encrypting passwords client side
+    + refactor: document that encodePassword will zero out the
+      password array, and remove driver's default encodePassword
+    + change: Use simple query for isValid. Using Extended query
+      sends two messages
+- Removed patches:
+  * CVE-2022-26520.patch
+  * fix-SQL-Injection-CVE-2022-31197.patch
+  * fix-createTempFile-vulnerability-CVE-2022-41946.patch
+    + issues fixed by upstream before this version
+
+-------------------------------------------------------------------
+Wed Feb 21 10:53:23 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Sun Jan  8 17:54:43 UTC 2023 - Michael Calmer <mc@suse.com>
+
+- fix createTempFile vulnerability - CVE-2022-41946 (bsc#1206921)
+  * Added: fix-createTempFile-vulnerability-CVE-2022-41946.patch
+
+-------------------------------------------------------------------
+Tue Sep 27 14:35:20 UTC 2022 - Michael Calmer <mc@suse.com>
+
+- Address SQL Injection Vulnerability CVE-2022-31197
+  (bsc#1202170)
+  * Add: fix-SQL-Injection-CVE-2022-31197.patch
+
+-------------------------------------------------------------------
+Fri Jun  3 10:34:36 UTC 2022 - Michael Calmer <mc@suse.com>
+
+- Address arbitrary File Write Vulnerability CVE-2022-26520
+  (bsc#1197356)
+  * Add: CVE-2022-26520.patch
+
+-------------------------------------------------------------------
+Thu Mar  3 16:01:03 UTC 2022 - Michael Calmer <mc@suse.com>
+
+- Upgrade to upstream version 42.2.25
+  * uses SASLprep normalization for SCRAM authentication fixing
+    some issues with spaces in passwords. (bsc#1196693)
+    (jsc#SLE-23993, jsc#SLE-23994)
+  * https://jdbc.postgresql.org/documentation/changelog.html
+
+-------------------------------------------------------------------
+Fri Aug 28 15:14:36 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream version 42.2.16
+  * building with maven
+- Removed patch:
+  * jdbc-postgresql-9.4_p1201-remove-sspi.patch
+    - not needed any more
+
+-------------------------------------------------------------------
+Tue Sep 19 08:47:08 UTC 2017 - fstrba@suse.com
+
+- Build with java compatibility 1.6
+- Modified file:
+  * build.xml
+    + Detect correctly java 9
+
+-------------------------------------------------------------------
+Mon Jul  6 11:37:30 UTC 2015 - dmacvicar@suse.de
+
+- update to version 9.4-1200 (fate#318788)
+  * https://jdbc.postgresql.org/documentation/changelog.html
+- Add patch:
+  * jdbc-postgresql-9.4_p1201-remove-sspi.patch
+
+-------------------------------------------------------------------
+Fri Jul 11 13:52:03 UTC 2014 - tchvatal@suse.com
+
+- Do not version java docdir.
+
+-------------------------------------------------------------------
+Tue Jul  8 10:34:41 UTC 2014 - tchvatal@suse.com
+
+- Do not depend on ant-trax.
+
+-------------------------------------------------------------------
+Fri Jun 27 12:49:44 UTC 2014 - tchvatal@suse.com
+
+- Fix build on SLE11
+
+-------------------------------------------------------------------
+Fri Jun 27 11:58:20 UTC 2014 - tchvatal@suse.com
+
+- Version bump to latest release 9.3:
+  * Various fixes
+  * Better integration with pgsql9.3
+- Cleanup with spec-cleaner
+
+-------------------------------------------------------------------
+Mon Sep  9 11:06:17 UTC 2013 - tchvatal@suse.com
+
+- Move from jpackage-utils to javapackage-tools
+
+-------------------------------------------------------------------
+Thu Mar 28 15:56:58 UTC 2013 - darin@darins.net
+
+- Set the correct license 
+
+-------------------------------------------------------------------
+Tue Mar 26 16:55:12 UTC 2013 - darin@darins.net
+
+- Update license
+- rpmlint cleanup 
+
+-------------------------------------------------------------------
+Thu Feb 21 10:16:34 UTC 2013 - darin@darins.net
+
+- Update to 9.2
+- cleaned up .spec
+- moved %changelog to .changes
+ 
+
+-------------------------------------------------------------------
+Thu Mar  3 00:00:00 UTC 2011 - vlado.paskov@gmail.com
+
+- Initial package release.
+
--- a/postgresql-jdbc.spec
+++ b/postgresql-jdbc.spec
@ -0,0 +1,68 @@
+#
+# spec file for package postgresql-jdbc
+#
+# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2000-2005, JPackage Project
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           postgresql-jdbc
+Version:        42.7.2
+Release:        0
+Summary:        JDBC driver for PostgreSQL
+License:        BSD-2-Clause
+URL:            https://jdbc.postgresql.org/
+Source0:        https://repo1.maven.org/maven2/org/postgresql/postgresql/%{version}/postgresql-%{version}-jdbc-src.tar.gz
+BuildRequires:  fdupes
+BuildRequires:  maven-local
+BuildRequires:  mvn(com.ongres.scram:client) >= 2.0
+BuildArch:      noarch
+
+%description
+PostgreSQL is an advanced Object-Relational database management
+system. The postgresql-jdbc package includes the .jar files needed for
+Java programs to access a PostgreSQL database.
+
+%package javadoc
+Summary:        API docs for %{name}
+
+%description javadoc
+This package contains the API Documentation for %{name}.
+
+%prep
+%setup -q -n postgresql-%{version}-jdbc-src
+
+# Build parent POMs in the same Maven call.
+%pom_xpath_remove "pom:plugin[pom:artifactId = 'maven-shade-plugin']"
+
+%{mvn_file} org.postgresql:postgresql %{name}/postgresql %{name}
+
+# For compat reasons, make Maven artifact available under older coordinates.
+%{mvn_alias} org.postgresql:postgresql postgresql:postgresql
+
+%build
+%{mvn_build} -f -- -Dsource=8
+
+%install
+%mvn_install
+%fdupes -s %{buildroot}%{_javadocdir}
+
+%files -f .mfiles
+%license LICENSE
+%doc README.md
+
+%files javadoc -f .mfiles-javadoc
+%license LICENSE
+
+%changelog