From 62f74de84382afa6edee7ca61a97ffd19ed1f382d2371c83cdaeca8f00c7350c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Thu, 18 May 2017 10:44:41 +0000
Subject: [PATCH] - Version update to 5.1.42 bsc#1035210 bsc#1035697
 bsc#1035211:   * CVE-2017-3589 CVE-2017-3523 CVE-2017-3586   *
 http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html - Remove
 upstreamed mysql-connector-java-5.1.35-CVE-2017-3523.patch

OBS-URL: https://build.opensuse.org/package/show/Java:packages/mysql-connector-java?expand=0&rev=31
---
 ...-connector-java-5.1.35-CVE-2017-3523.patch | 49 -------------------
 mysql-connector-java-5.1.35-suse.tar.xz       |  3 --
 mysql-connector-java-5.1.42-suse.tar.xz       |  3 ++
 mysql-connector-java.changes                  |  8 +++
 4 files changed, 11 insertions(+), 52 deletions(-)
 delete mode 100644 mysql-connector-java-5.1.35-CVE-2017-3523.patch
 delete mode 100644 mysql-connector-java-5.1.35-suse.tar.xz
 create mode 100644 mysql-connector-java-5.1.42-suse.tar.xz

diff --git a/mysql-connector-java-5.1.35-CVE-2017-3523.patch b/mysql-connector-java-5.1.35-CVE-2017-3523.patch
deleted file mode 100644
index a789763..0000000
--- a/mysql-connector-java-5.1.35-CVE-2017-3523.patch
+++ /dev/null
@@ -1,49 +0,0 @@
---- mysql-connector-java-5.1.35.orig/src/com/mysql/jdbc/ResultSetImpl.java
-+++ mysql-connector-java-5.1.35/src/com/mysql/jdbc/ResultSetImpl.java
-@@ -3436,27 +3436,26 @@ public class ResultSetImpl implements Re
-                         byte[] data = getBytes(columnIndex);
-                         Object obj = data;
- 
--                        if ((data != null) && (data.length >= 2)) {
--                            if ((data[0] == -84) && (data[1] == -19)) {
--                                // Serialized object?
--                                try {
--                                    ByteArrayInputStream bytesIn = new ByteArrayInputStream(data);
--                                    ObjectInputStream objIn = new ObjectInputStream(bytesIn);
--                                    obj = objIn.readObject();
--                                    objIn.close();
--                                    bytesIn.close();
--                                } catch (ClassNotFoundException cnfe) {
--                                    throw SQLError.createSQLException(
--                                            Messages.getString("ResultSet.Class_not_found___91") + cnfe.toString()
--                                                    + Messages.getString("ResultSet._while_reading_serialized_object_92"), getExceptionInterceptor());
--                                } catch (IOException ex) {
--                                    obj = data; // not serialized?
-+                        if (this.connection.getAutoDeserialize()) {
-+			    if ((data != null) && (data.length >= 2)) {
-+                                if ((data[0] == -84) && (data[1] == -19)) {
-+                                    // Serialized object?
-+                                    try {
-+                                        ByteArrayInputStream bytesIn = new ByteArrayInputStream(data);
-+                                        ObjectInputStream objIn = new ObjectInputStream(bytesIn);
-+                                        obj = objIn.readObject();
-+                                        objIn.close();
-+                                        bytesIn.close();
-+                                    } catch (ClassNotFoundException cnfe) {
-+                                        throw SQLError.createSQLException(Messages.getString("ResultSet.Class_not_found___91") + cnfe.toString()
-+                                                + Messages.getString("ResultSet._while_reading_serialized_object_92"), getExceptionInterceptor());
-+				    } catch (IOException ex) {
-+                                        obj = data; // not serialized?
-+                                    }
-                                 }
--                            }
--
--                            return obj.toString();
--                        }
--
-+				return obj.toString();
-+			    }
-+			}
-                         return extractStringFromNativeColumn(columnIndex, mysqlType);
-                     }
- 
diff --git a/mysql-connector-java-5.1.35-suse.tar.xz b/mysql-connector-java-5.1.35-suse.tar.xz
deleted file mode 100644
index ebfdbfc..0000000
--- a/mysql-connector-java-5.1.35-suse.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9c2e0805b8e40d6b09b5dccfaf0f071d6e35470d7c392d019feddf885c1fe5d0
-size 1432996
diff --git a/mysql-connector-java-5.1.42-suse.tar.xz b/mysql-connector-java-5.1.42-suse.tar.xz
new file mode 100644
index 0000000..8968c39
--- /dev/null
+++ b/mysql-connector-java-5.1.42-suse.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d0b150764cedb1e2f5b1ee82705e17f52e343cbbe1c9499859ed3c06ed9ab4a9
+size 1395624
diff --git a/mysql-connector-java.changes b/mysql-connector-java.changes
index 223191f..a7cc5ba 100644
--- a/mysql-connector-java.changes
+++ b/mysql-connector-java.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu May 18 10:42:07 UTC 2017 - tchvatal@suse.com
+
+- Version update to 5.1.42 bsc#1035210 bsc#1035697 bsc#1035211:
+  * CVE-2017-3589 CVE-2017-3523 CVE-2017-3586 
+  * http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
+- Remove upstreamed mysql-connector-java-5.1.35-CVE-2017-3523.patch 
+
 -------------------------------------------------------------------
 Tue May  2 15:20:16 UTC 2017 - pmonrealgonzalez@suse.com