- Version update to 5.1.42 bsc#1035210 bsc#1035697 bsc#1035211:
* CVE-2017-3589 CVE-2017-3523 CVE-2017-3586 * http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html - Remove upstreamed mysql-connector-java-5.1.35-CVE-2017-3523.patch OBS-URL: https://build.opensuse.org/package/show/Java:packages/mysql-connector-java?expand=0&rev=31
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
918e798c4c
commit
62f74de843
@ -1,49 +0,0 @@
|
||||
--- mysql-connector-java-5.1.35.orig/src/com/mysql/jdbc/ResultSetImpl.java
|
||||
+++ mysql-connector-java-5.1.35/src/com/mysql/jdbc/ResultSetImpl.java
|
||||
@@ -3436,27 +3436,26 @@ public class ResultSetImpl implements Re
|
||||
byte[] data = getBytes(columnIndex);
|
||||
Object obj = data;
|
||||
|
||||
- if ((data != null) && (data.length >= 2)) {
|
||||
- if ((data[0] == -84) && (data[1] == -19)) {
|
||||
- // Serialized object?
|
||||
- try {
|
||||
- ByteArrayInputStream bytesIn = new ByteArrayInputStream(data);
|
||||
- ObjectInputStream objIn = new ObjectInputStream(bytesIn);
|
||||
- obj = objIn.readObject();
|
||||
- objIn.close();
|
||||
- bytesIn.close();
|
||||
- } catch (ClassNotFoundException cnfe) {
|
||||
- throw SQLError.createSQLException(
|
||||
- Messages.getString("ResultSet.Class_not_found___91") + cnfe.toString()
|
||||
- + Messages.getString("ResultSet._while_reading_serialized_object_92"), getExceptionInterceptor());
|
||||
- } catch (IOException ex) {
|
||||
- obj = data; // not serialized?
|
||||
+ if (this.connection.getAutoDeserialize()) {
|
||||
+ if ((data != null) && (data.length >= 2)) {
|
||||
+ if ((data[0] == -84) && (data[1] == -19)) {
|
||||
+ // Serialized object?
|
||||
+ try {
|
||||
+ ByteArrayInputStream bytesIn = new ByteArrayInputStream(data);
|
||||
+ ObjectInputStream objIn = new ObjectInputStream(bytesIn);
|
||||
+ obj = objIn.readObject();
|
||||
+ objIn.close();
|
||||
+ bytesIn.close();
|
||||
+ } catch (ClassNotFoundException cnfe) {
|
||||
+ throw SQLError.createSQLException(Messages.getString("ResultSet.Class_not_found___91") + cnfe.toString()
|
||||
+ + Messages.getString("ResultSet._while_reading_serialized_object_92"), getExceptionInterceptor());
|
||||
+ } catch (IOException ex) {
|
||||
+ obj = data; // not serialized?
|
||||
+ }
|
||||
}
|
||||
- }
|
||||
-
|
||||
- return obj.toString();
|
||||
- }
|
||||
-
|
||||
+ return obj.toString();
|
||||
+ }
|
||||
+ }
|
||||
return extractStringFromNativeColumn(columnIndex, mysqlType);
|
||||
}
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9c2e0805b8e40d6b09b5dccfaf0f071d6e35470d7c392d019feddf885c1fe5d0
|
||||
size 1432996
|
||||
3
mysql-connector-java-5.1.42-suse.tar.xz
Normal file
3
mysql-connector-java-5.1.42-suse.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d0b150764cedb1e2f5b1ee82705e17f52e343cbbe1c9499859ed3c06ed9ab4a9
|
||||
size 1395624
|
||||
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 18 10:42:07 UTC 2017 - tchvatal@suse.com
|
||||
|
||||
- Version update to 5.1.42 bsc#1035210 bsc#1035697 bsc#1035211:
|
||||
* CVE-2017-3589 CVE-2017-3523 CVE-2017-3586
|
||||
* http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
|
||||
- Remove upstreamed mysql-connector-java-5.1.35-CVE-2017-3523.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 2 15:20:16 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user