From 9a3bd11c4c39db434c190ee6e980e8ca39d2478d3d2bd9962f5f8f0cdc3a82ca Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 28 Feb 2022 08:08:26 +0000 Subject: [PATCH] Accepting request 957902 from home:david.anes:branches:Java:packages - Build now from GitHub official repo: * Updated source package to build from gihub official repository. * Remove utility generate-tarball.sh which is not needed anymore. - Add patch to temporarily remove OCI IAM support while it's packaged: * Add mysql-connector-java-remove-oci-support.patch - Update to 8.0.28 (CVE-2021-2471, bsc#1195557): Changes in 8.0.28: * Fix for Bug#99260 (31189960), statement.setQueryTimeout,creates a database connection and does not close. * Fix for Bug#103324 (32770013), X DevAPI Collection.replaceOne() missing matching _id check. * Fix for Bug#105197 (33461744), Statement.executeQuery() may return non-navigable ResultSet. * Fix for Bug#105323 (33507321), README.md contains broken links. * Fix for Bug#96900 (30355150), STATEMENT.CANCEL()CREATE A DATABASE CONNECTION BUT DOES NOT CLOSE THE CONNECTION. * Fix for Bug#104067 (33054827), No reset autoCommit after unknown issue occurs. * Fix for Bug#85223 (25656020), MYSQLSQLXML SETSTRING CRASH. * Fix for Bug#84365 (33425867), INSERT..VALUE with VALUES function lead to a StringIndexOutOfBoundsException. * Fix for Bug#105211 (33468860), class java.time.LocalDate cannot be cast to class java.sql.Date. * Fix for Bug#101389 (32089018), GETWARNINGS SHOULD CHECK WARNING COUNT BEFORE SENDING SHOW. * Fix for Bug#33488091, Remove all references to xdevapi.useAsyncProtocol from properties and code. * WL#14805, Remove support for TLS 1.0 and 1.1. * WL#14650, Support for MFA (multi factor authentication) authentication. Changesd in 8.0.27 * Fix for Bug#103612 (32902019), Incorrectly identified WITH...SELECT as unsafe for read-only connections. * Fix for Bug#71929 (18346501), Prefixing query with double comments cancels query DML validation. * Fix for Bug#23204652, CURSOR POSITIONING API'S DOESNOT CHECK THE VALIDITY OF RESULTSET. * Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING. * Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART CHARSET DETECTION. * Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can return duplicated foreign keys. * Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting conversion of 'T' and 'F' in a VARCHAR to True/False (boolean). * Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA. OBS-URL: https://build.opensuse.org/request/show/957902 OBS-URL: https://build.opensuse.org/package/show/Java:packages/mysql-connector-java?expand=0&rev=64 --- generate-tarball.sh | 15 -- mysql-connector-java-8.0.25-suse.tar.xz | 3 - mysql-connector-java-8.0.28.tar.gz | 3 + mysql-connector-java-remove-oci-support.patch | 217 ++++++++++++++++++ mysql-connector-java.changes | 56 +++++ mysql-connector-java.spec | 14 +- 6 files changed, 283 insertions(+), 25 deletions(-) delete mode 100644 generate-tarball.sh delete mode 100644 mysql-connector-java-8.0.25-suse.tar.xz create mode 100644 mysql-connector-java-8.0.28.tar.gz create mode 100644 mysql-connector-java-remove-oci-support.patch diff --git a/generate-tarball.sh b/generate-tarball.sh deleted file mode 100644 index 6b0e9e5..0000000 --- a/generate-tarball.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -VERSION=$1 - -rm -rf mysql-connector-java-$VERSION - -tar xfz mysql-connector-java-$VERSION.tar.gz || exit 1 - -find mysql-connector-java-$VERSION -name '*.jar' -exec rm {} \; -o -name '*.zip' -exec rm {} \; - -tar cfJ mysql-connector-java-$VERSION-suse.tar.xz mysql-connector-java-$VERSION || exit 1 - -rm -rf mysql-connector-java-$VERSION - -exit 0 diff --git a/mysql-connector-java-8.0.25-suse.tar.xz b/mysql-connector-java-8.0.25-suse.tar.xz deleted file mode 100644 index 2149780..0000000 --- a/mysql-connector-java-8.0.25-suse.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cbdec0e3fc27abd547251a5ae7891f098b30bb3bdc986901e5a549e5da5a6dfa -size 1136844 diff --git a/mysql-connector-java-8.0.28.tar.gz b/mysql-connector-java-8.0.28.tar.gz new file mode 100644 index 0000000..6826883 --- /dev/null +++ b/mysql-connector-java-8.0.28.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2260d656eb12c90a81f365acc215d79bda2364c90046e8dc7cd4a4a0fc375885 +size 1886765 diff --git a/mysql-connector-java-remove-oci-support.patch b/mysql-connector-java-remove-oci-support.patch new file mode 100644 index 0000000..0af5df4 --- /dev/null +++ b/mysql-connector-java-remove-oci-support.patch @@ -0,0 +1,217 @@ +Index: mysql-connector-j-8.0.28/src/main/protocol-impl/java/com/mysql/cj/protocol/a/authentication/AuthenticationOciClient.java +=================================================================== +--- mysql-connector-j-8.0.28.orig/src/main/protocol-impl/java/com/mysql/cj/protocol/a/authentication/AuthenticationOciClient.java ++++ mysql-connector-j-8.0.28/src/main/protocol-impl/java/com/mysql/cj/protocol/a/authentication/AuthenticationOciClient.java +@@ -1,175 +0,0 @@ +-/* +- * Copyright (c) 2021, Oracle and/or its affiliates. +- * +- * This program is free software; you can redistribute it and/or modify it under +- * the terms of the GNU General Public License, version 2.0, as published by the +- * Free Software Foundation. +- * +- * This program is also distributed with certain software (including but not +- * limited to OpenSSL) that is licensed under separate terms, as designated in a +- * particular file or component or in included license documentation. The +- * authors of MySQL hereby grant you an additional permission to link the +- * program and your derivative works with the separately licensed software that +- * they have included with MySQL. +- * +- * Without limiting anything contained in the foregoing, this file, which is +- * part of MySQL Connector/J, is also subject to the Universal FOSS Exception, +- * version 1.0, a copy of which can be found at +- * http://oss.oracle.com/licenses/universal-foss-exception. +- * +- * This program is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +- * FOR A PARTICULAR PURPOSE. See the GNU General Public License, version 2.0, +- * for more details. +- * +- * You should have received a copy of the GNU General Public License along with +- * this program; if not, write to the Free Software Foundation, Inc., +- * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +- */ +- +-package com.mysql.cj.protocol.a.authentication; +- +-import java.io.IOException; +-import java.nio.charset.Charset; +-import java.nio.file.Files; +-import java.nio.file.Paths; +-import java.security.interfaces.RSAPrivateKey; +-import java.util.Base64; +-import java.util.List; +- +-import com.mysql.cj.Messages; +-import com.mysql.cj.callback.MysqlCallbackHandler; +-import com.mysql.cj.callback.UsernameCallback; +-import com.mysql.cj.conf.PropertyKey; +-import com.mysql.cj.exceptions.ExceptionFactory; +-import com.mysql.cj.exceptions.RSAException; +-import com.mysql.cj.protocol.AuthenticationPlugin; +-import com.mysql.cj.protocol.ExportControlled; +-import com.mysql.cj.protocol.Protocol; +-import com.mysql.cj.protocol.a.NativeConstants.StringSelfDataType; +-import com.mysql.cj.protocol.a.NativePacketPayload; +-import com.mysql.cj.util.StringUtils; +-import com.oracle.bmc.ConfigFileReader; +-import com.oracle.bmc.ConfigFileReader.ConfigFile; +- +-/** +- * MySQL 'authentication_iam_client' authentication plugin. +- */ +-public class AuthenticationOciClient implements AuthenticationPlugin { +- public static String PLUGIN_NAME = "authentication_oci_client"; +- +- private String sourceOfAuthData = PLUGIN_NAME; +- +- protected Protocol protocol = null; +- private MysqlCallbackHandler usernameCallbackHandler = null; +- private String fingerprint = null; +- private RSAPrivateKey privateKey = null; +- +- @Override +- public void init(Protocol prot, MysqlCallbackHandler cbh) { +- this.protocol = prot; +- this.usernameCallbackHandler = cbh; +- } +- +- @Override +- public void reset() { +- this.fingerprint = null; +- this.privateKey = null; +- } +- +- @Override +- public void destroy() { +- reset(); +- } +- +- @Override +- public String getProtocolPluginName() { +- return PLUGIN_NAME; +- } +- +- @Override +- public boolean requiresConfidentiality() { +- return false; +- } +- +- @Override +- public boolean isReusable() { +- return false; +- } +- +- @Override +- public void setAuthenticationParameters(String user, String password) { +- if (user == null && this.usernameCallbackHandler != null) { +- // Fall-back to system login user. +- this.usernameCallbackHandler.handle(new UsernameCallback(System.getProperty("user.name"))); +- } +- } +- +- @Override +- public void setSourceOfAuthData(String sourceOfAuthData) { +- this.sourceOfAuthData = sourceOfAuthData; +- } +- +- @Override +- public boolean nextAuthenticationStep(NativePacketPayload fromServer, List toServer) { +- toServer.clear(); +- +- if (!this.sourceOfAuthData.equals(PLUGIN_NAME) || fromServer.getPayloadLength() == 0) { +- // Cannot do anything with whatever payload comes from the server, so just skip this iteration and wait for a Protocol::AuthSwitchRequest or a +- // Protocol::AuthNextFactor. +- toServer.add(new NativePacketPayload(0)); +- return true; +- } +- +- initializePrivateKey(); +- +- byte[] nonce = fromServer.readBytes(StringSelfDataType.STRING_EOF); +- byte[] signature = ExportControlled.sign(nonce, this.privateKey); +- if (signature == null) { +- signature = new byte[0]; +- } +- String payload = String.format("{\"fingerprint\":\"%s\", \"signature\":\"%s\"}", this.fingerprint, Base64.getEncoder().encodeToString(signature)); +- toServer.add(new NativePacketPayload(payload.getBytes(Charset.defaultCharset()))); +- return true; +- } +- +- private void initializePrivateKey() { +- if (this.privateKey != null) { +- // Already initialized. +- return; +- } +- +- ConfigFile configFile; +- try { +- String configFilePath = this.protocol.getPropertySet().getStringProperty(PropertyKey.ociConfigFile.getKeyName()).getStringValue(); +- if (StringUtils.isNullOrEmpty(configFilePath)) { +- configFile = ConfigFileReader.parseDefault(); +- } else if (Files.exists(Paths.get(configFilePath))) { +- configFile = ConfigFileReader.parse(configFilePath); +- } else { +- throw ExceptionFactory.createException("configuration file does not exist"); +- } +- } catch (NoClassDefFoundError e) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.SdkNotFound"), e); +- } catch (IOException e) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.OciConfigFileError"), e); +- } +- this.fingerprint = configFile.get("fingerprint"); +- if (StringUtils.isNullOrEmpty(this.fingerprint)) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.OciConfigFileMissingEntry")); +- } +- String keyFilePath = configFile.get("key_file"); +- if (StringUtils.isNullOrEmpty(keyFilePath)) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.OciConfigFileMissingEntry")); +- } +- +- try { +- String key = new String(Files.readAllBytes(Paths.get(keyFilePath)), Charset.defaultCharset()); +- this.privateKey = ExportControlled.decodeRSAPrivateKey(key); +- } catch (IOException e) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.PrivateKeyNotFound"), e); +- } catch (RSAException | IllegalArgumentException e) { +- throw ExceptionFactory.createException(Messages.getString("AuthenticationOciClientPlugin.PrivateKeyNotValid"), e); +- } +- } +-} +Index: mysql-connector-j-8.0.28/src/main/protocol-impl/java/com/mysql/cj/protocol/a/NativeAuthenticationProvider.java +=================================================================== +--- mysql-connector-j-8.0.28.orig/src/main/protocol-impl/java/com/mysql/cj/protocol/a/NativeAuthenticationProvider.java ++++ mysql-connector-j-8.0.28/src/main/protocol-impl/java/com/mysql/cj/protocol/a/NativeAuthenticationProvider.java +@@ -57,7 +57,6 @@ import com.mysql.cj.protocol.a.NativeCon + import com.mysql.cj.protocol.a.NativeConstants.StringSelfDataType; + import com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient; + import com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin; +-import com.mysql.cj.protocol.a.authentication.AuthenticationOciClient; + import com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin; + import com.mysql.cj.protocol.a.authentication.MysqlClearPasswordPlugin; + import com.mysql.cj.protocol.a.authentication.MysqlNativePasswordPlugin; +@@ -255,7 +254,6 @@ public class NativeAuthenticationProvide + pluginsToInit.add(new MysqlOldPasswordPlugin()); + pluginsToInit.add(new AuthenticationLdapSaslClientPlugin()); + pluginsToInit.add(new AuthenticationKerberosClient()); +- pluginsToInit.add(new AuthenticationOciClient()); + + // plugins from authenticationPluginClasses connection parameter + String authenticationPluginClasses = this.propertySet.getStringProperty(PropertyKey.authenticationPlugins).getValue(); +Index: mysql-connector-j-8.0.28/src/main/resources/com/mysql/cj/LocalizedErrorMessages.properties +=================================================================== +--- mysql-connector-j-8.0.28.orig/src/main/resources/com/mysql/cj/LocalizedErrorMessages.properties ++++ mysql-connector-j-8.0.28/src/main/resources/com/mysql/cj/LocalizedErrorMessages.properties +@@ -44,12 +44,6 @@ AuthenticationLdapSaslClientPlugin.Missi + AuthenticationLdapSaslClientPlugin.FailCreateSaslClient=Failed creating a SASL client for the authentication mechanism ''{0}''. + AuthenticationLdapSaslClientPlugin.ErrProcessingAuthIter=Error while processing an authentication iteration for the authentication mechanism ''{0}''. + +-AuthenticationOciClientPlugin.SdkNotFound=The OCI SDK could not be found or is not installed. +-AuthenticationOciClientPlugin.OciConfigFileError=OCI configuration file could not be read. +-AuthenticationOciClientPlugin.OciConfigFileMissingEntry=OCI configuration file does not contain a ''fingerprint'' or ''key_file'' entry. +-AuthenticationOciClientPlugin.PrivateKeyNotFound=Private key could not be found at location given by OCI configuration entry ''key_file''. +-AuthenticationOciClientPlugin.PrivateKeyNotValid=OCI configuration entry ''key_file'' does not reference a valid key file. +- + AuthenticationProvider.BadAuthenticationPlugin=Unable to load authentication plugin ''{0}''. + AuthenticationProvider.BadDefaultAuthenticationPlugin=Improper value "{0}" for property ''defaultAuthenticationPlugin''. + AuthenticationProvider.DefaultAuthenticationPluginIsNotListed=Default authentication plugin "{0}" is neither one of the built-in plugins nor one of the plugins listed in ''authenticationPlugins''. diff --git a/mysql-connector-java.changes b/mysql-connector-java.changes index 3f04656..8914fe2 100644 --- a/mysql-connector-java.changes +++ b/mysql-connector-java.changes @@ -1,3 +1,59 @@ +------------------------------------------------------------------- +Fri Feb 25 20:40:59 UTC 2022 - David Anes + +- Build now from GitHub official repo: + * Updated source package to build from gihub official repository. + * Remove utility generate-tarball.sh which is not needed anymore. + +- Add patch to temporarily remove OCI IAM support while it's + packaged: + * Add mysql-connector-java-remove-oci-support.patch + +- Update to 8.0.28 (CVE-2021-2471, bsc#1195557): + Changes in 8.0.28: + * Fix for Bug#99260 (31189960), statement.setQueryTimeout,creates a database connection and does not close. + * Fix for Bug#103324 (32770013), X DevAPI Collection.replaceOne() missing matching _id check. + * Fix for Bug#105197 (33461744), Statement.executeQuery() may return non-navigable ResultSet. + * Fix for Bug#105323 (33507321), README.md contains broken links. + * Fix for Bug#96900 (30355150), STATEMENT.CANCEL()CREATE A DATABASE CONNECTION BUT DOES NOT CLOSE THE CONNECTION. + * Fix for Bug#104067 (33054827), No reset autoCommit after unknown issue occurs. + * Fix for Bug#85223 (25656020), MYSQLSQLXML SETSTRING CRASH. + * Fix for Bug#84365 (33425867), INSERT..VALUE with VALUES function lead to a StringIndexOutOfBoundsException. + * Fix for Bug#105211 (33468860), class java.time.LocalDate cannot be cast to class java.sql.Date. + * Fix for Bug#101389 (32089018), GETWARNINGS SHOULD CHECK WARNING COUNT BEFORE SENDING SHOW. + * Fix for Bug#33488091, Remove all references to xdevapi.useAsyncProtocol from properties and code. + * WL#14805, Remove support for TLS 1.0 and 1.1. + * WL#14650, Support for MFA (multi factor authentication) authentication. + Changesd in 8.0.27 + * Fix for Bug#103612 (32902019), Incorrectly identified WITH...SELECT as unsafe for read-only connections. + * Fix for Bug#71929 (18346501), Prefixing query with double comments cancels query DML validation. + * Fix for Bug#23204652, CURSOR POSITIONING API'S DOESNOT CHECK THE VALIDITY OF RESULTSET. + * Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING. + * Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART CHARSET DETECTION. + * Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can return duplicated foreign keys. + * Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting conversion of 'T' and 'F' in a VARCHAR to True/False (boolean). + * Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA. + * Fix for Bug#104559 (33232419), ResultSet.getObject(i, java.util.Date.class) throws NPE when the value is null. + * WL#14707, Support OCI IAM authentication. + * WL#14660, Testsuite with support for single MySQL server instance. + * Fix for Bug#103878 (32954449), CONNECTOR/J 8 : QUERY WITH 'SHOW XXX' WILL GET EXCEPTION WHEN USE CURSOR. + * Fix for Bug#103796 (32922715), CONNECTOR/J 8 STMT SETQUERYTIMEOUT CAN NOT WORK. + * Fix for Bug#104170 (33064455), CONTRIBUTION: CLIENTPREPAREDSTMT: LEAVE CALENDAR UNTOUCHED. + * Fix for Bug#95564 (29894324), createDatabaseIfNotExist is not working for databases with hyphen in name. + Changes in 8.0.26 + * Fix for Bug#32954396, EXECUTEQUERY HANGS WITH USECURSORFETCH=TRUE & SETFETCHSIZE. + * Fix for Bug#102372 (32459408), v8.0.23 unusable in OSGi. + * Fix for Bug#25554464, CONNECT FAILS WITH NPE WHEN THE SERVER STARTED WITH CUSTOM COLLATION. + * Fix for Bug#100606 (31818423), UNECESARY CALL TO "SET NAMES 'UTF8' COLLATE 'UTF8_GENERAL_CI'". + * Fix for Bug#102404 (32435618), CONTRIBUTION: ADD TRACK SESSION STATE CHANGE. + * Fix for Bug#95280 (29757140), DATABASEMETADATA.GETIMPORTEDKEYS RETURNS DOUBLE THE ROWS. + * Fix for Bug#97269 (30438500), POSSIBLE BUG IN COM.MYSQL.CJ.XDEVAPI.STREAMINGDOCRESULTBUILDER. + * Fix for Bug#103303 (32766143), JAVA.LANG.CLASSCASTEXCEPTION WHEN INSERTING BLOB WITH SERVER PREPARED STATEMENT. + * WL#14205, Support query attributes. + * WL#14411, Support for authentication_kerberos_client authentication plugin. + * WL#14559, Deprecate TLS 1.0 and 1.1. + * WL#14391, Migrate QA tests to main repo. + ------------------------------------------------------------------- Tue Feb 22 19:01:52 UTC 2022 - Fridrich Strba diff --git a/mysql-connector-java.spec b/mysql-connector-java.spec index 1e414fb..9885025 100644 --- a/mysql-connector-java.spec +++ b/mysql-connector-java.spec @@ -17,17 +17,16 @@ Name: mysql-connector-java -Version: 8.0.25 +Version: 8.0.28 Release: 0 Summary: Official JDBC Driver for MySQL License: GPL-2.0-or-later URL: https://dev.mysql.com/downloads/connector/j/ -Source0: %{name}-%{version}-suse.tar.xz +Source0: https://github.com/mysql/mysql-connector-j/archive/refs/tags/%{version}.tar.gz#:/%{name}-%{version}.tar.gz Group: Development/Languages/Java -# Script to repack upstream tarball -# ./generate-tarball.sh VERSION -Source99: generate-tarball.sh Patch0: javac-check.patch +# TODO: Oracle OCI is not packaged yet +Patch1: %{name}-remove-oci-support.patch BuildRequires: ant BuildRequires: ant-contrib BuildRequires: apache-commons-logging @@ -35,7 +34,7 @@ BuildRequires: geronimo-jta-1_1-api BuildRequires: git BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local -BuildRequires: javassist >= 3.23.1 +BuildRequires: javassist >= 3.28.0 BuildRequires: junit BuildRequires: protobuf-java >= 3.9.2 BuildRequires: reload4j @@ -61,8 +60,9 @@ Connector/J is a Type IV JDBC driver and has a complete JDBC feature set that supports the capabilities of MySQL. %prep -%setup -q +%setup -q -n mysql-connector-j-%{version} %patch0 -p1 +%patch1 -p1 # extra libs mkdir -p lib