Accepting request 1153496 from Java:packages

- Upgrade to upstream version 42.7.2
  * Security fix:
    + CVE-2024-1597 (bsc#1220644) postgresql vulnerable to SQL
      Injection via line comment generation
  * Other changes:
    + perf: avoid autoboxing bind indexes
    + add: Add PasswordUtil for encrypting passwords client side
    + refactor: document that encodePassword will zero out the
      password array, and remove driver's default encodePassword
    + change: Use simple query for isValid. Using Extended query
      sends two messages
- Removed patches:
  * CVE-2022-26520.patch
  * fix-SQL-Injection-CVE-2022-31197.patch
  * fix-createTempFile-vulnerability-CVE-2022-41946.patch
    + issues fixed by upstream before this version

OBS-URL: https://build.opensuse.org/request/show/1153496
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql-jdbc?expand=0&rev=7

postgresql-jdbc.changes

@@ -1,43 +1,3 @@
--------------------------------------------------------------------
-Thu Jun 12 09:15:13 UTC 2025 - Michael Calmer <mc@suse.com>
-
-- Upgrade to upstream version 42.7.7
-  - security: Client Allows Fallback to Insecure Authentication Despite
-    channelBinding=require configuration - CVE-2025-49146 (bsc#1244490)
-  - fix: ensure Connection.isValid() returns true even if prepared
-    statements deallocate
-  - fix: isValid incorrectly called execute, instead of executeWithFlags
-  - add the ability to turn off automatic LSN flush
-  - Handle protocol 3.2 and wider cancel keys
-  - Use query to find the current catalog instead of relying on the
-    database in the connection URL or connection properties as this
-    could be different if connected through a pooler or proxy
-  - fix: ArrayIndexOutOfBounds when write big object into GSS enabled
-    connection, make GSSInputStream robust in face of streams that
-    produce incomplete reads
-  - fix: EOFException on PreparedStatement#toString with unset bytea
-    parameter
-
--------------------------------------------------------------------
-Tue Apr  1 13:14:03 UTC 2025 - Michael Calmer <mc@suse.com>
-
-- Upgrade to upstream version 42.7.5
-  - fix: PgDatabaseMetaData implementation of catalog as param and return value
-  - fix: Support default GSS credentials in the Java Postgres client
-  - fix: return only the transactions accessible by the current_user in XAResource.recover
-  - feat: don’t force send extra_float_digits for PostgreSQL >= 12 fix
-  - fix: exclude “include columns” from the list of primary keys
-  - perf: Enhance the meta query performance by specifying the oid
-  - feat: support getObject(int, byte[].class) for bytea
-  - fix: Added way to check for major server version, fixed check for RULE
-  - fix: Reuse buffers and reduce allocations in GSSInputStream addresses
-  - fix: getSchemas()
-  - fix: Update rpm postgresql-jdbc.spec.tpl with scram-client
-  - fix: Clearing thisRow and rowBuffer on close() of ResultSet
-  - fix: As of version 18 the RULE privilege has been removed
-  - fix: use buffered inputstream to create GSSInputStream
-  - fix: boolean types not handled in SimpleQuery mode
-
 -------------------------------------------------------------------
 Thu Feb 29 16:40:26 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

postgresql-jdbc.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package postgresql-jdbc
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2000-2005, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@
 
 
 Name:           postgresql-jdbc
-Version:        42.7.7
+Version:        42.7.2
 Release:        0
 Summary:        JDBC driver for PostgreSQL
 License:        BSD-2-Clause
@@ -26,7 +26,7 @@ URL:            https://jdbc.postgresql.org/
 Source0:        https://repo1.maven.org/maven2/org/postgresql/postgresql/%{version}/postgresql-%{version}-jdbc-src.tar.gz
 BuildRequires:  fdupes
 BuildRequires:  maven-local
-BuildRequires:  mvn(com.ongres.scram:scram-client) >= 3.1
+BuildRequires:  mvn(com.ongres.scram:client) >= 2.0
 BuildArch:      noarch
 
 %description
@@ -42,25 +42,17 @@ This package contains the API Documentation for %{name}.
 
 %prep
 %setup -q -n postgresql-%{version}-jdbc-src
-find -type f \( -name "*.jar" -or -name "*.class" \) -delete
 
 # Build parent POMs in the same Maven call.
-%pom_remove_plugin :maven-shade-plugin
+%pom_xpath_remove "pom:plugin[pom:artifactId = 'maven-shade-plugin']"
 
-# compat symlink: requested by dtardon (libreoffice)
 %{mvn_file} org.postgresql:postgresql %{name}/postgresql %{name}
 
 # For compat reasons, make Maven artifact available under older coordinates.
 %{mvn_alias} org.postgresql:postgresql postgresql:postgresql
 
-# For compat reasons, make Maven artifact available under older coordinates.
-%{mvn_alias} org.postgresql:postgresql postgresql:postgresql
-
-# remove unmet dependency
-%pom_remove_dep uk.org.webcompere:system-stubs-jupiter
-
 %build
-%{mvn_build} -f
+%{mvn_build} -f -- -Dsource=8
 
 %install
 %mvn_install