Auto sync2gitlab import of postgresql-jdbc-42.2.3-3.el8_2.src.rpm

This commit is contained in:
James Antill 2022-05-26 13:25:47 -04:00
parent 9f61997d07
commit 057d6028fb
6 changed files with 1166 additions and 1 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/pgjdbc-REL42.2.3.tar.gz
/pgjdbc-parent-poms-REL1.1.5.tar.gz

1
EMPTY
View File

@ -1 +0,0 @@

View File

@ -0,0 +1,13 @@
diff --git a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
index 188183a..c0e4cca 100644
--- a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
+++ b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
@@ -104,7 +104,7 @@ import org.junit.runners.Suite;
LoginTimeoutTest.class,
TestACL.class,
- ConnectTimeoutTest.class,
+ // ConnectTimeoutTest.class,
PGPropertyTest.class,

752
fix-XXE-vulnerability.patch Normal file
View File

@ -0,0 +1,752 @@
From 3b2a73ad85da069637a73beca432950204535979 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Wed, 22 Jul 2020 11:39:42 +0200
Subject: [PATCH] Fix for XXE vulnerability
by defaulting to disabling external access and doc types. The
legacy insecure behavior can be restored via the new connection property xmlFactoryFactory
with a value of LEGACY_INSECURE. Alternatively, a custom class name can be specified that
implements org.postgresql.xml.PGXmlFactoryFactory and takes a no argument constructor.
* refactor: Clean up whitespace in existing PgSQLXMLTest
* fix: Fix XXE vulnerability in PgSQLXML by disabling external access and doctypes
* fix: Add missing getter and setter for XML_FACTORY_FACTORY to BasicDataSource
---
.../main/java/org/postgresql/PGProperty.java | 11 ++
.../org/postgresql/core/BaseConnection.java | 9 ++
.../postgresql/ds/common/BaseDataSource.java | 8 +
.../org/postgresql/jdbc/PgConnection.java | 41 +++++
.../java/org/postgresql/jdbc/PgSQLXML.java | 44 +++---
.../xml/DefaultPGXmlFactoryFactory.java | 141 ++++++++++++++++++
.../xml/EmptyStringEntityResolver.java | 23 +++
.../LegacyInsecurePGXmlFactoryFactory.java | 57 +++++++
.../org/postgresql/xml/NullErrorHandler.java | 25 ++++
.../postgresql/xml/PGXmlFactoryFactory.java | 30 ++++
.../org/postgresql/jdbc/PgSQLXMLTest.java | 124 +++++++++++++++
.../postgresql/test/jdbc2/Jdbc2TestSuite.java | 2 +
12 files changed, 489 insertions(+), 26 deletions(-)
create mode 100644 pgjdbc/src/main/java/org/postgresql/xml/DefaultPGXmlFactoryFactory.java
create mode 100644 pgjdbc/src/main/java/org/postgresql/xml/EmptyStringEntityResolver.java
create mode 100644 pgjdbc/src/main/java/org/postgresql/xml/LegacyInsecurePGXmlFactoryFactory.java
create mode 100644 pgjdbc/src/main/java/org/postgresql/xml/NullErrorHandler.java
create mode 100644 pgjdbc/src/main/java/org/postgresql/xml/PGXmlFactoryFactory.java
create mode 100644 pgjdbc/src/test/java/org/postgresql/jdbc/PgSQLXMLTest.java
diff --git a/pgjdbc/src/main/java/org/postgresql/PGProperty.java b/pgjdbc/src/main/java/org/postgresql/PGProperty.java
index e56e05e..7c2eed8 100644
--- a/pgjdbc/src/main/java/org/postgresql/PGProperty.java
+++ b/pgjdbc/src/main/java/org/postgresql/PGProperty.java
@@ -331,6 +331,17 @@ public enum PGProperty {
*/
USE_SPNEGO("useSpnego", "false", "Use SPNEGO in SSPI authentication requests"),
+ /**
+ * Factory class to instantiate factories for XML processing.
+ * The default factory disables external entity processing.
+ * Legacy behavior with external entity processing can be enabled by specifying a value of LEGACY_INSECURE.
+ * Or specify a custom class that implements {@code org.postgresql.xml.PGXmlFactoryFactory}.
+ */
+ XML_FACTORY_FACTORY(
+ "xmlFactoryFactory",
+ "",
+ "Factory class to instantiate factories for XML processing"),
+
/**
* Force one of
* <ul>
diff --git a/pgjdbc/src/main/java/org/postgresql/core/BaseConnection.java b/pgjdbc/src/main/java/org/postgresql/core/BaseConnection.java
index 1d316a0..5f85964 100644
--- a/pgjdbc/src/main/java/org/postgresql/core/BaseConnection.java
+++ b/pgjdbc/src/main/java/org/postgresql/core/BaseConnection.java
@@ -9,6 +9,7 @@ import org.postgresql.PGConnection;
import org.postgresql.jdbc.FieldMetadata;
import org.postgresql.jdbc.TimestampUtils;
import org.postgresql.util.LruCache;
+import org.postgresql.xml.PGXmlFactoryFactory;
import java.sql.Connection;
import java.sql.ResultSet;
@@ -202,4 +203,12 @@ public interface BaseConnection extends PGConnection, Connection {
* @param flushCacheOnDeallocate true if statement cache should be reset when "deallocate/discard" message observed
*/
void setFlushCacheOnDeallocate(boolean flushCacheOnDeallocate);
+
+ /**
+ * Retrieve the factory to instantiate XML processing factories.
+ *
+ * @return The factory to use to instantiate XML processing factories
+ * @throws SQLException if the class cannot be found or instantiated.
+ */
+ PGXmlFactoryFactory getXmlFactoryFactory() throws SQLException;
}
diff --git a/pgjdbc/src/main/java/org/postgresql/ds/common/BaseDataSource.java b/pgjdbc/src/main/java/org/postgresql/ds/common/BaseDataSource.java
index 268d936..2fb4e06 100644
--- a/pgjdbc/src/main/java/org/postgresql/ds/common/BaseDataSource.java
+++ b/pgjdbc/src/main/java/org/postgresql/ds/common/BaseDataSource.java
@@ -1313,4 +1313,12 @@ public abstract class BaseDataSource implements CommonDataSource, Referenceable
return Logger.getLogger("org.postgresql");
}
//#endif
+
+ public String getXmlFactoryFactory() {
+ return PGProperty.XML_FACTORY_FACTORY.get(properties);
+ }
+
+ public void setXmlFactoryFactory(String xmlFactoryFactory) {
+ PGProperty.XML_FACTORY_FACTORY.set(properties, xmlFactoryFactory);
+ }
}
diff --git a/pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java b/pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java
index 7140ab4..c9c4ada 100644
--- a/pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java
+++ b/pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java
@@ -37,6 +37,9 @@ import org.postgresql.util.PGBinaryObject;
import org.postgresql.util.PGobject;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
+import org.postgresql.xml.DefaultPGXmlFactoryFactory;
+import org.postgresql.xml.LegacyInsecurePGXmlFactoryFactory;
+import org.postgresql.xml.PGXmlFactoryFactory;
import java.io.IOException;
import java.sql.Array;
@@ -142,6 +145,9 @@ public class PgConnection implements BaseConnection {
private final LruCache<FieldMetadata.Key, FieldMetadata> fieldMetadataCache;
+ private final String xmlFactoryFactoryClass;
+ private PGXmlFactoryFactory xmlFactoryFactory;
+
final CachedQuery borrowQuery(String sql) throws SQLException {
return queryExecutor.borrowQuery(sql);
}
@@ -290,6 +296,8 @@ public class PgConnection implements BaseConnection {
false);
replicationConnection = PGProperty.REPLICATION.get(info) != null;
+
+ xmlFactoryFactoryClass = PGProperty.XML_FACTORY_FACTORY.get(info);
}
private static Set<Integer> getBinaryOids(Properties info) throws PSQLException {
@@ -1729,4 +1737,37 @@ public class PgConnection implements BaseConnection {
}
return ps;
}
+
+ @Override
+ public PGXmlFactoryFactory getXmlFactoryFactory() throws SQLException {
+ if (xmlFactoryFactory == null) {
+ if (xmlFactoryFactoryClass == null || xmlFactoryFactoryClass.equals("")) {
+ xmlFactoryFactory = DefaultPGXmlFactoryFactory.INSTANCE;
+ } else if (xmlFactoryFactoryClass.equals("LEGACY_INSECURE")) {
+ xmlFactoryFactory = LegacyInsecurePGXmlFactoryFactory.INSTANCE;
+ } else {
+ Class<?> clazz;
+ try {
+ clazz = Class.forName(xmlFactoryFactoryClass);
+ } catch (ClassNotFoundException ex) {
+ throw new PSQLException(
+ GT.tr("Could not instantiate xmlFactoryFactory: {0}", xmlFactoryFactoryClass),
+ PSQLState.INVALID_PARAMETER_VALUE, ex);
+ }
+ if (!clazz.isAssignableFrom(PGXmlFactoryFactory.class)) {
+ throw new PSQLException(
+ GT.tr("Connection property xmlFactoryFactory must implement PGXmlFactoryFactory: {0}", xmlFactoryFactoryClass),
+ PSQLState.INVALID_PARAMETER_VALUE);
+ }
+ try {
+ xmlFactoryFactory = (PGXmlFactoryFactory) clazz.newInstance();
+ } catch (Exception ex) {
+ throw new PSQLException(
+ GT.tr("Could not instantiate xmlFactoryFactory: {0}", xmlFactoryFactoryClass),
+ PSQLState.INVALID_PARAMETER_VALUE, ex);
+ }
+ }
+ }
+ return xmlFactoryFactory;
+ }
}
diff --git a/pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java b/pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java
index 9fb0eed..dd7d5ac 100644
--- a/pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java
+++ b/pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java
@@ -9,10 +9,11 @@ import org.postgresql.core.BaseConnection;
import org.postgresql.util.GT;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
+import org.postgresql.xml.DefaultPGXmlFactoryFactory;
+import org.postgresql.xml.PGXmlFactoryFactory;
-import org.xml.sax.ErrorHandler;
import org.xml.sax.InputSource;
-import org.xml.sax.SAXParseException;
+import org.xml.sax.XMLReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,7 +28,6 @@ import java.sql.SQLException;
import java.sql.SQLXML;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
@@ -77,6 +77,13 @@ public class PgSQLXML implements SQLXML {
_freed = false;
}
+ private PGXmlFactoryFactory getXmlFactoryFactory() throws SQLException {
+ if (_conn != null) {
+ return _conn.getXmlFactoryFactory();
+ }
+ return DefaultPGXmlFactoryFactory.INSTANCE;
+ }
+
public synchronized void free() {
_freed = true;
_data = null;
@@ -128,18 +135,17 @@ public class PgSQLXML implements SQLXML {
try {
if (sourceClass == null || DOMSource.class.equals(sourceClass)) {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder builder = factory.newDocumentBuilder();
- builder.setErrorHandler(new NonPrintingErrorHandler());
+ DocumentBuilder builder = getXmlFactoryFactory().newDocumentBuilder();
InputSource input = new InputSource(new StringReader(_data));
return (T) new DOMSource(builder.parse(input));
} else if (SAXSource.class.equals(sourceClass)) {
+ XMLReader reader = getXmlFactoryFactory().createXMLReader();
InputSource is = new InputSource(new StringReader(_data));
- return (T) new SAXSource(is);
+ return (T) new SAXSource(reader, is);
} else if (StreamSource.class.equals(sourceClass)) {
return (T) new StreamSource(new StringReader(_data));
} else if (StAXSource.class.equals(sourceClass)) {
- XMLInputFactory xif = XMLInputFactory.newInstance();
+ XMLInputFactory xif = getXmlFactoryFactory().newXMLInputFactory();
XMLStreamReader xsr = xif.createXMLStreamReader(new StringReader(_data));
return (T) new StAXSource(xsr);
}
@@ -168,6 +174,7 @@ public class PgSQLXML implements SQLXML {
public synchronized Writer setCharacterStream() throws SQLException {
checkFreed();
initialize();
+ _active = true;
_stringWriter = new StringWriter();
return _stringWriter;
}
@@ -182,8 +189,7 @@ public class PgSQLXML implements SQLXML {
return (T) _domResult;
} else if (SAXResult.class.equals(resultClass)) {
try {
- SAXTransformerFactory transformerFactory =
- (SAXTransformerFactory) SAXTransformerFactory.newInstance();
+ SAXTransformerFactory transformerFactory = getXmlFactoryFactory().newSAXTransformerFactory();
TransformerHandler transformerHandler = transformerFactory.newTransformerHandler();
_stringWriter = new StringWriter();
transformerHandler.setResult(new StreamResult(_stringWriter));
@@ -200,7 +206,7 @@ public class PgSQLXML implements SQLXML {
} else if (StAXResult.class.equals(resultClass)) {
_stringWriter = new StringWriter();
try {
- XMLOutputFactory xof = XMLOutputFactory.newInstance();
+ XMLOutputFactory xof = getXmlFactoryFactory().newXMLOutputFactory();
XMLStreamWriter xsw = xof.createXMLStreamWriter(_stringWriter);
_active = true;
return (T) new StAXResult(xsw);
@@ -262,7 +268,7 @@ public class PgSQLXML implements SQLXML {
// and use the identify transform to get it into a
// friendlier result format.
try {
- TransformerFactory factory = TransformerFactory.newInstance();
+ TransformerFactory factory = getXmlFactoryFactory().newTransformerFactory();
Transformer transformer = factory.newTransformer();
DOMSource domSource = new DOMSource(_domResult.getNode());
StringWriter stringWriter = new StringWriter();
@@ -289,19 +295,5 @@ public class PgSQLXML implements SQLXML {
}
_initialized = true;
}
-
- // Don't clutter System.err with errors the user can't silence.
- // If something bad really happens an exception will be thrown.
- static class NonPrintingErrorHandler implements ErrorHandler {
- public void error(SAXParseException e) {
- }
-
- public void fatalError(SAXParseException e) {
- }
-
- public void warning(SAXParseException e) {
- }
- }
-
}
diff --git a/pgjdbc/src/main/java/org/postgresql/xml/DefaultPGXmlFactoryFactory.java b/pgjdbc/src/main/java/org/postgresql/xml/DefaultPGXmlFactoryFactory.java
new file mode 100644
index 0000000..b6a381d
--- /dev/null
+++ b/pgjdbc/src/main/java/org/postgresql/xml/DefaultPGXmlFactoryFactory.java
@@ -0,0 +1,141 @@
+
+/*
+ * Copyright (c) 2020, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.xml;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
+import org.xml.sax.helpers.XMLReaderFactory;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.sax.SAXTransformerFactory;
+
+/**
+ * Default implementation of PGXmlFactoryFactory that configures each factory per OWASP recommendations.
+ *
+ * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html">https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html</a>
+ */
+public class DefaultPGXmlFactoryFactory implements PGXmlFactoryFactory {
+ public static final DefaultPGXmlFactoryFactory INSTANCE = new DefaultPGXmlFactoryFactory();
+
+ private DefaultPGXmlFactoryFactory() {
+ }
+
+ private DocumentBuilderFactory getDocumentBuilderFactory() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ setFactoryProperties(factory);
+ factory.setXIncludeAware(false);
+ factory.setExpandEntityReferences(false);
+ return factory;
+ }
+
+ @Override
+ public DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
+ DocumentBuilder builder = getDocumentBuilderFactory().newDocumentBuilder();
+ builder.setEntityResolver(EmptyStringEntityResolver.INSTANCE);
+ builder.setErrorHandler(NullErrorHandler.INSTANCE);
+ return builder;
+ }
+
+ @Override
+ public TransformerFactory newTransformerFactory() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ setFactoryProperties(factory);
+ return factory;
+ }
+
+ @Override
+ public SAXTransformerFactory newSAXTransformerFactory() {
+ SAXTransformerFactory factory = (SAXTransformerFactory) SAXTransformerFactory.newInstance();
+ setFactoryProperties(factory);
+ return factory;
+ }
+
+ @Override
+ public XMLInputFactory newXMLInputFactory() {
+ XMLInputFactory factory = XMLInputFactory.newInstance();
+ setPropertyQuietly(factory, XMLInputFactory.SUPPORT_DTD, false);
+ setPropertyQuietly(factory, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+ return factory;
+ }
+
+ @Override
+ public XMLOutputFactory newXMLOutputFactory() {
+ XMLOutputFactory factory = XMLOutputFactory.newInstance();
+ return factory;
+ }
+
+ @Override
+ public XMLReader createXMLReader() throws SAXException {
+ XMLReader factory = XMLReaderFactory.createXMLReader();
+ setFeatureQuietly(factory, "http://apache.org/xml/features/disallow-doctype-decl", true);
+ setFeatureQuietly(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ setFeatureQuietly(factory, "http://xml.org/sax/features/external-general-entities", false);
+ setFeatureQuietly(factory, "http://xml.org/sax/features/external-parameter-entities", false);
+ factory.setErrorHandler(NullErrorHandler.INSTANCE);
+ return factory;
+ }
+
+ private static void setFeatureQuietly(Object factory, String name, boolean value) {
+ try {
+ if (factory instanceof DocumentBuilderFactory) {
+ ((DocumentBuilderFactory) factory).setFeature(name, value);
+ } else if (factory instanceof TransformerFactory) {
+ ((TransformerFactory) factory).setFeature(name, value);
+ } else if (factory instanceof XMLReader) {
+ ((XMLReader) factory).setFeature(name, value);
+ } else {
+ throw new Error("Invalid factory class: " + factory.getClass());
+ }
+ return;
+ } catch (Exception ignore) {
+ }
+ }
+
+ private static void setAttributeQuietly(Object factory, String name, Object value) {
+ try {
+ if (factory instanceof DocumentBuilderFactory) {
+ ((DocumentBuilderFactory) factory).setAttribute(name, value);
+ } else if (factory instanceof TransformerFactory) {
+ ((TransformerFactory) factory).setAttribute(name, value);
+ } else {
+ throw new Error("Invalid factory class: " + factory.getClass());
+ }
+ } catch (Exception ignore) {
+ }
+ }
+
+ private static void setFactoryProperties(Object factory) {
+ setFeatureQuietly(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ setFeatureQuietly(factory, "http://apache.org/xml/features/disallow-doctype-decl", true);
+ setFeatureQuietly(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ setFeatureQuietly(factory, "http://xml.org/sax/features/external-general-entities", false);
+ setFeatureQuietly(factory, "http://xml.org/sax/features/external-parameter-entities", false);
+ // Values from XMLConstants inlined for JDK 1.6 compatibility
+ setAttributeQuietly(factory, "http://javax.xml.XMLConstants/property/accessExternalDTD", "");
+ setAttributeQuietly(factory, "http://javax.xml.XMLConstants/property/accessExternalSchema", "");
+ setAttributeQuietly(factory, "http://javax.xml.XMLConstants/property/accessExternalStylesheet", "");
+ }
+
+ private static void setPropertyQuietly(Object factory, String name, Object value) {
+ try {
+ if (factory instanceof XMLReader) {
+ ((XMLReader) factory).setProperty(name, value);
+ } else if (factory instanceof XMLInputFactory) {
+ ((XMLInputFactory) factory).setProperty(name, value);
+ } else {
+ throw new Error("Invalid factory class: " + factory.getClass());
+ }
+ } catch (Exception ignore) {
+ }
+ }
+}
\ No newline at end of file
diff --git a/pgjdbc/src/main/java/org/postgresql/xml/EmptyStringEntityResolver.java b/pgjdbc/src/main/java/org/postgresql/xml/EmptyStringEntityResolver.java
new file mode 100644
index 0000000..39227e0
--- /dev/null
+++ b/pgjdbc/src/main/java/org/postgresql/xml/EmptyStringEntityResolver.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2020, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.xml;
+
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import java.io.IOException;
+import java.io.StringReader;
+
+public class EmptyStringEntityResolver implements EntityResolver {
+ public static final EmptyStringEntityResolver INSTANCE = new EmptyStringEntityResolver();
+
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws SAXException, IOException {
+ return new InputSource(new StringReader(""));
+ }
+}
\ No newline at end of file
diff --git a/pgjdbc/src/main/java/org/postgresql/xml/LegacyInsecurePGXmlFactoryFactory.java b/pgjdbc/src/main/java/org/postgresql/xml/LegacyInsecurePGXmlFactoryFactory.java
new file mode 100644
index 0000000..ed7a66b
--- /dev/null
+++ b/pgjdbc/src/main/java/org/postgresql/xml/LegacyInsecurePGXmlFactoryFactory.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2020, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.xml;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
+import org.xml.sax.helpers.XMLReaderFactory;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.sax.SAXTransformerFactory;
+
+public class LegacyInsecurePGXmlFactoryFactory implements PGXmlFactoryFactory {
+ public static final LegacyInsecurePGXmlFactoryFactory INSTANCE = new LegacyInsecurePGXmlFactoryFactory();
+
+ private LegacyInsecurePGXmlFactoryFactory() {
+ }
+
+ @Override
+ public DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ builder.setErrorHandler(NullErrorHandler.INSTANCE);
+ return builder;
+ }
+
+ @Override
+ public TransformerFactory newTransformerFactory() {
+ return TransformerFactory.newInstance();
+ }
+
+ @Override
+ public SAXTransformerFactory newSAXTransformerFactory() {
+ return (SAXTransformerFactory) SAXTransformerFactory.newInstance();
+ }
+
+ @Override
+ public XMLInputFactory newXMLInputFactory() {
+ return XMLInputFactory.newInstance();
+ }
+
+ @Override
+ public XMLOutputFactory newXMLOutputFactory() {
+ return XMLOutputFactory.newInstance();
+ }
+
+ @Override
+ public XMLReader createXMLReader() throws SAXException {
+ return XMLReaderFactory.createXMLReader();
+ }
+}
\ No newline at end of file
diff --git a/pgjdbc/src/main/java/org/postgresql/xml/NullErrorHandler.java b/pgjdbc/src/main/java/org/postgresql/xml/NullErrorHandler.java
new file mode 100644
index 0000000..ad486c7
--- /dev/null
+++ b/pgjdbc/src/main/java/org/postgresql/xml/NullErrorHandler.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2020, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.xml;
+
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXParseException;
+
+/**
+ * Error handler that silently suppresses all errors.
+ */
+public class NullErrorHandler implements ErrorHandler {
+ public static final NullErrorHandler INSTANCE = new NullErrorHandler();
+
+ public void error(SAXParseException e) {
+ }
+
+ public void fatalError(SAXParseException e) {
+ }
+
+ public void warning(SAXParseException e) {
+ }
+}
\ No newline at end of file
diff --git a/pgjdbc/src/main/java/org/postgresql/xml/PGXmlFactoryFactory.java b/pgjdbc/src/main/java/org/postgresql/xml/PGXmlFactoryFactory.java
new file mode 100644
index 0000000..4bb98e4
--- /dev/null
+++ b/pgjdbc/src/main/java/org/postgresql/xml/PGXmlFactoryFactory.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2020, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.xml;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.sax.SAXTransformerFactory;
+
+public interface PGXmlFactoryFactory {
+ DocumentBuilder newDocumentBuilder() throws ParserConfigurationException;
+
+ TransformerFactory newTransformerFactory();
+
+ SAXTransformerFactory newSAXTransformerFactory();
+
+ XMLInputFactory newXMLInputFactory();
+
+ XMLOutputFactory newXMLOutputFactory();
+
+ XMLReader createXMLReader() throws SAXException;
+}
\ No newline at end of file
diff --git a/pgjdbc/src/test/java/org/postgresql/jdbc/PgSQLXMLTest.java b/pgjdbc/src/test/java/org/postgresql/jdbc/PgSQLXMLTest.java
new file mode 100644
index 0000000..49e389c
--- /dev/null
+++ b/pgjdbc/src/test/java/org/postgresql/jdbc/PgSQLXMLTest.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2019, PostgreSQL Global Development Group
+ * See the LICENSE file in the project root for more information.
+ */
+
+package org.postgresql.jdbc;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.postgresql.PGProperty;
+import org.postgresql.core.BaseConnection;
+import org.postgresql.test.TestUtil;
+import org.postgresql.test.jdbc2.BaseTest4;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.StringWriter;
+import java.io.Writer;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.SQLXML;
+import java.sql.Statement;
+import java.util.Properties;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.sax.SAXSource;
+import javax.xml.transform.stax.StAXSource;
+import javax.xml.transform.stream.StreamResult;
+
+public class PgSQLXMLTest extends BaseTest4 {
+
+ @Override
+ @Before
+ public void setUp() throws Exception {
+ super.setUp();
+ TestUtil.createTempTable(con, "xmltab", "x xml");
+ }
+
+ @Test
+ public void setCharacterStream() throws Exception {
+ String exmplar = "<x>value</x>";
+ SQLXML pgSQLXML = con.createSQLXML();
+ Writer writer = pgSQLXML.setCharacterStream();
+ writer.write(exmplar);
+ PreparedStatement preparedStatement = con.prepareStatement("insert into xmltab values (?)");
+ preparedStatement.setSQLXML(1, pgSQLXML);
+ preparedStatement.execute();
+
+ Statement statement = con.createStatement();
+ ResultSet rs = statement.executeQuery("select * from xmltab");
+ assertTrue(rs.next());
+ SQLXML result = rs.getSQLXML(1);
+ assertNotNull(result);
+ assertEquals(exmplar, result.getString());
+ }
+
+ private static final String LICENSE_URL =
+ PgSQLXMLTest.class.getClassLoader().getResource("META-INF/LICENSE").toString();
+ private static final String XXE_EXAMPLE =
+ "<!DOCTYPE foo [<!ELEMENT foo ANY >\n"
+ + "<!ENTITY xxe SYSTEM \"" + LICENSE_URL + "\">]>"
+ + "<foo>&xxe;</foo>";
+
+ @Test
+ public void testLegacyXxe() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(PGProperty.XML_FACTORY_FACTORY.getName(), "LEGACY_INSECURE");
+ try (Connection conn = TestUtil.openDB(props)) {
+ BaseConnection baseConn = conn.unwrap(BaseConnection.class);
+ PgSQLXML xml = new PgSQLXML(baseConn, XXE_EXAMPLE);
+ xml.getSource(null);
+ }
+ }
+
+ private static String sourceToString(Source source) throws TransformerException {
+ StringWriter sw = new StringWriter();
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.transform(source, new StreamResult(sw));
+ return sw.toString();
+ }
+
+ @Test(expected = SQLException.class)
+ public void testGetSourceXxeNull() throws Exception {
+ PgSQLXML xml = new PgSQLXML(null, XXE_EXAMPLE);
+ xml.getSource(null);
+ }
+
+ @Test(expected = SQLException.class)
+ public void testGetSourceXxeDOMSource() throws Exception {
+ PgSQLXML xml = new PgSQLXML(null, XXE_EXAMPLE);
+ xml.getSource(DOMSource.class);
+ }
+
+ @Test(expected = TransformerException.class)
+ public void testGetSourceXxeSAXSource() throws Exception {
+ PgSQLXML xml = new PgSQLXML(null, XXE_EXAMPLE);
+ SAXSource source = xml.getSource(SAXSource.class);
+ sourceToString(source);
+
+ }
+
+ @Test(expected = XMLStreamException.class)
+ public void testGetSourceXxeStAXSource() throws Exception {
+ PgSQLXML xml = new PgSQLXML(null, XXE_EXAMPLE);
+ StAXSource source = xml.getSource(StAXSource.class);
+ XMLStreamReader reader = source.getXMLStreamReader();
+ // STAX will not throw XXE error until we actually read the element
+ while (reader.hasNext()) {
+ reader.next();
+ }
+ }
+}
diff --git a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
index 6314d21..814288c 100644
--- a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
+++ b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java
@@ -13,6 +13,7 @@ import org.postgresql.core.ParserTest;
import org.postgresql.core.ReturningParserTest;
import org.postgresql.core.v3.V3ParameterListTests;
import org.postgresql.jdbc.DeepBatchedInsertStatementTest;
+import org.postgresql.jdbc.PgSQLXMLTest;
import org.postgresql.jdbc.PrimitiveArraySupportTest;
import org.postgresql.test.core.JavaVersionTest;
import org.postgresql.test.core.NativeQueryBindLengthTest;
@@ -76,6 +77,7 @@ import org.junit.runners.Suite;
TimestampTest.class,
TimezoneTest.class,
PGTimeTest.class,
+ PgSQLXMLTest.class,
PGTimestampTest.class,
TimezoneCachingTest.class,
ParserTest.class,
--
2.24.1

397
postgresql-jdbc.spec Normal file
View File

@ -0,0 +1,397 @@
# Copyright (c) 2000-2005, JPackage Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the JPackage Project nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Configuration for rpmbuild, might be specified by options
# like e.g. 'rpmbuild --define "runselftest 0"'.
%{!?runselftest:%global runselftest 1}
%global section devel
%global source_path pgjdbc/src/main/java/org/postgresql
%global parent_ver 1.1.5
%global parent_poms_builddir ./pgjdbc-parent-poms
%global pgjdbc_mvn_options -DwaffleEnabled=false -DosgiEnabled=false \\\
-DexcludePackageNames=org.postgresql.osgi:org.postgresql.sspi
Summary: JDBC driver for PostgreSQL
Name: postgresql-jdbc
Version: 42.2.3
Release: 3%{?dist}
License: BSD
URL: http://jdbc.postgresql.org/
Source0: https://github.com/pgjdbc/pgjdbc/archive/REL%{version}/pgjdbc-REL%{version}.tar.gz
Provides: pgjdbc = %version-%release
# Upstream moved parent pom.xml into separate project (even though there is only
# one dependant project on it?). Let's try to not complicate packaging by
# having separate spec file for it, too.
Source1: https://github.com/pgjdbc/pgjdbc-parent-poms/archive/REL%parent_ver/pgjdbc-parent-poms-REL%{parent_ver}.tar.gz
# disable test that makes unpredictable assumptions about non-routable IPs
# See https://github.com/pgjdbc/pgjdbc/issues/556
Patch0: disable-ConnectTimeoutTest.patch
Patch1: fix-XXE-vulnerability.patch
BuildArch: noarch
BuildRequires: java-devel >= 1.8
BuildRequires: maven-local
BuildRequires: java-comment-preprocessor
BuildRequires: properties-maven-plugin
BuildRequires: maven-enforcer-plugin
BuildRequires: maven-plugin-bundle
BuildRequires: maven-plugin-build-helper
BuildRequires: classloader-leak-test-framework
BuildRequires: mvn(com.ongres.scram:client)
BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin)
%if %runselftest
BuildRequires: postgresql-contrib
BuildRequires: postgresql-test-rpm-macros
%endif
# gettext is only needed if we try to update translations
#BuildRequires: gettext
Obsoletes: %{name}-parent-poms < 42.2.2-2
%description
PostgreSQL is an advanced Object-Relational database management
system. The postgresql-jdbc package includes the .jar files needed for
Java programs to access a PostgreSQL database.
%package javadoc
Summary: API docs for %{name}
%description javadoc
This package contains the API Documentation for %{name}.
%prep
%setup -c -q -a 1
mv pgjdbc-REL%version/* .
mv pgjdbc-parent-poms-REL%parent_ver pgjdbc-parent-poms
%patch0 -p1
%patch1 -p1
# remove any binary libs
find -name "*.jar" -or -name "*.class" | xargs rm -f
# Build parent POMs in the same Maven call.
%pom_xpath_inject pom:modules "<module>%parent_poms_builddir</module>"
%pom_xpath_inject pom:parent "<relativePath>pgjdbc-parent-poms/pgjdbc-versions</relativePath>"
%pom_xpath_set pom:relativePath ../pgjdbc-parent-poms/pgjdbc-core-parent pgjdbc
%pom_xpath_remove "pom:plugin[pom:artifactId = 'maven-shade-plugin']" pgjdbc
# compat symlink: requested by dtardon (libreoffice), reverts part of
# 0af97ce32de877 commit.
%mvn_file org.postgresql:postgresql %{name}/postgresql %{name} postgresql
# Parent POMs should not be installed.
%mvn_package ":*{parent,versions,prevjre}*" __noinstall
# For compat reasons, make Maven artifact available under older coordinates.
%mvn_alias org.postgresql:postgresql postgresql:postgresql
# Hack #1! This directory is missing for some reason, it is most probably some
# misunderstanding between maven, maven-compiler-plugin and
# java-comment-preprocessor? Not solved yet. See rhbz#1325060.
mkdir -p pgjdbc/target/generated-sources/annotations
%build
# Ideally we would run "sh update-translations.sh" here, but that results
# in inserting the build timestamp into the generated messages_*.class
# files, which makes rpmdiff complain about multilib conflicts if the
# different platforms don't build in the same minute. For now, rely on
# upstream to have updated the translations files before packaging.
# Include PostgreSQL testing methods and variables.
%if %runselftest
%postgresql_tests_init
PGTESTS_LOCALE=C.UTF-8
cat <<EOF > build.local.properties
server=localhost
port=$PGTESTS_PORT
database=test
username=test
password=test
privilegedUser=$PGTESTS_ADMIN
privilegedPassword=$PGTESTS_ADMINPASS
preparethreshold=5
loglevel=0
protocolVersion=0
EOF
# Start the local PG cluster.
%postgresql_tests_start
%else
# -f is equal to -Dmaven.test.skip=true
opts="-f"
%endif
%mvn_build $opts -- %pgjdbc_mvn_options
%install
%mvn_install
%files -f .mfiles
%license LICENSE
%doc README.md
%files javadoc -f .mfiles-javadoc
%license LICENSE
%changelog
* Wed Jul 22 2020 Ondrej Dubaj <odubaj@redhat.com> - 42.2.3-3
- fixed XXE vulnerability unit test
* Tue Jul 14 2020 Ondrej Dubaj <odubaj@redhat.com> - 42.2.3-2
- fixed XXE vulnerability (CVE-2020-13692)
* Fri Jul 13 2018 Pavel Raiskup <praiskup@redhat.com> - 42.2.3-1
- new upstream release (rhbz#1600759)
* Wed May 30 2018 Mikolaj Izdebski <mizdebsk@redhat.com> - 42.2.2-2
- Remove and obsolete parent-poms subpackage
* Fri Apr 20 2018 Pavel Raiskup <praiskup@redhat.com> - 42.2.2-2
- provide postgresql.jar, as that's the upstream's artifactId
* Fri Apr 13 2018 Pavel Raiskup <praiskup@redhat.com> - 42.2.2-1
- rebase to latest upstream release
* Fri Apr 13 2018 Pavel Raiskup <praiskup@redhat.com> - 42.2.0-1
- rebase to the latest upstream release
- nicer github source urls
- sync with upstream spec
- use new postgresql testing macros (rawhide only)
- depend on postgresql-test-rpm-macros
* Wed Aug 23 2017 Pavel Raiskup <praiskup@redhat.com> - 42.1.4-1
- rebase to latest upstream release
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.4.1212-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.4.1212-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Dec 22 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1212-2
- Disable unpredictable test to fix FTBFS (BZ#1406931),
patch by Merlin Mathesius
* Thu Nov 03 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1212-1
- new release, rhbz#1377317, per announcement:
https://www.postgresql.org/message-id/CAB=Je-FjbvQ_MmAGmhZ-1sSMnodpjr9Uz6Q=faxqCxOvpRO-UQ@mail.gmail.com
* Tue Oct 04 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1210-2
- depend on test macros from postgresql-setup
* Thu Sep 08 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1210-1
- new release, rhbz#1374106, per announcement:
https://www.postgresql.org/message-id/CAB=Je-FzuqwDXLTT62VfzvTUhR4QTfLjmw2D5QfgaykDkhW7nw@mail.gmail.com
* Mon Aug 29 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1209-6
- fix License, pgjdbc is BSD only
* Thu Jul 21 2016 gil cattaneo <puntogil@libero.it> 9.4.1209-5
- fix postgresql-jdbc.jar symlink using javapackages macros
- adapt to current guideline
- install doc and license file in parent-poms sub package
- simplified runselftest check
* Wed Jul 20 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1209-4
- restore one compat symlink
* Wed Jul 20 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1209-3
- bump: for Mikolaj's fixes
* Wed Jul 20 2016 Pavel Raiskup <praiskup@redhat.com> - 9.4.1209-2
- update to latest release version, thanks to Pavel Kajaba, Michael Simacek and
Vladimir Sitnikov for big help
- fix Provides, remove old compatibility hacks
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 9.4.1200-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.4.1200-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Feb 04 2015 Pavel Raiskup <praiskup@redhat.com> - 9.4.1200-1
- rebase to most recent version (#1188827)
* Mon Jul 14 2014 Pavel Raiskup <praiskup@redhat.com> - 9.3.1102-1
- Rebase to most recent version (#1118667)
- revert back upstream commit for travis build
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.3.1101-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 19 2014 Pavel Raiskup <praiskup@redhat.com> - 9.3.1101-3
- run upstream testsuite when '%%runselftest' defined
* Wed Apr 23 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 9.3.1101-2
- Add explicit requires on java-headless
* Wed Apr 23 2014 Pavel Raiskup <praiskup@redhat.com> - 9.3.1101-1
- Rebase to most recent version (#1090366)
* Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 9.2.1002-5
- Use Requires: java-headless rebuild (#1067528)
* Tue Aug 06 2013 Pavel Raiskup <praiskup@redhat.com> - 9.2.1002-4
- add javadoc subpackage
* Tue Aug 06 2013 Pavel Raiskup <praiskup@redhat.com> - 9.2.1002-4
- don't use removed macro %%add_to_maven_depmap (#992816)
- lint: trim-lines, reuse %%{name} macro, fedora-review fixes
- merge cleanup changes by Stano Ochotnicky
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.2.1002-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.2.1002-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 14 2012 Tom Lane <tgl@redhat.com> 9.2.1002-1
- Update to build 9.2-1002 (just to correct mispackaging of source tarball)
* Tue Nov 13 2012 Tom Lane <tgl@redhat.com> 9.2.1001-1
- Update to build 9.2-1001 for compatibility with PostgreSQL 9.2
* Sun Jul 22 2012 Tom Lane <tgl@redhat.com> 9.1.902-1
- Update to build 9.1-902
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.1.901-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Feb 23 2012 Tom Lane <tgl@redhat.com> 9.1.901-3
- Change BuildRequires: java-1.6.0-openjdk-devel to just java-devel.
As of 9.1-901, upstream has support for JDBC4.1, so we don't have to
restrict to JDK6 anymore, and Fedora is moving to JDK7
Resolves: #796580
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.1.901-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Sep 12 2011 Tom Lane <tgl@redhat.com> 9.1.901-1
- Update to build 9.1-901 for compatibility with PostgreSQL 9.1
* Mon Aug 15 2011 Tom Lane <tgl@redhat.com> 9.0.801-4
- Add BuildRequires: java-1.6.0-openjdk-devel to ensure we have recent JDK
Related: #730588
- Remove long-obsolete minimum versions from BuildRequires
* Sun Jul 17 2011 Tom Lane <tgl@redhat.com> 9.0.801-3
- Switch to non-GCJ build, since GCJ is now deprecated in Fedora
Resolves: #722247
- Use %%{_mavendepmapfragdir} to fix FTBFS with maven 3
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.0.801-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Dec 29 2010 Tom Lane <tgl@redhat.com> 9.0.801-1
- Update to build 9.0-801
* Mon May 31 2010 Tom Lane <tgl@redhat.com> 8.4.701-4
- Update gcj_support sections to meet Packaging/GCJGuidelines;
fixes FTBFS in F-14 rawhide
* Tue Nov 24 2009 Tom Lane <tgl@redhat.com> 8.4.701-3
- Seems the .pom file *must* have a package version number in it, sigh
Resolves: #538487
* Mon Nov 23 2009 Tom Lane <tgl@redhat.com> 8.4.701-2
- Add a .pom file to ease use by maven-based packages (courtesy Deepak Bhole)
Resolves: #538487
* Tue Aug 18 2009 Tom Lane <tgl@redhat.com> 8.4.701-1
- Update to build 8.4-701
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:8.3.603-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Apr 21 2009 Tom Lane <tgl@redhat.com> 8.3.603-3
- Avoid multilib conflict caused by overeager attempt to rebuild translations
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:8.3.603-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Jul 9 2008 Tom "spot" Callaway <tcallawa@redhat.com> 8.3.603-1.1
- drop repotag
* Tue Feb 12 2008 Tom Lane <tgl@redhat.com> 8.3.603-1jpp
- Update to build 8.3-603
* Sun Aug 12 2007 Tom Lane <tgl@redhat.com> 8.2.506-1jpp
- Update to build 8.2-506
* Tue Apr 24 2007 Tom Lane <tgl@redhat.com> 8.2.505-1jpp
- Update to build 8.2-505
- Work around 1.4 vs 1.5 versioning inconsistency
* Fri Dec 15 2006 Tom Lane <tgl@redhat.com> 8.2.504-1jpp
- Update to build 8.2-504
* Wed Aug 16 2006 Tom Lane <tgl@redhat.com> 8.1.407-1jpp.4
- Fix Requires: for rebuild-gcj-db (bz #202544)
* Wed Aug 16 2006 Fernando Nasser <fnasser@redhat.com> 8.1.407-1jpp.3
- Merge with upstream
* Sat Jul 22 2006 Jakub Jelinek <jakub@redhat.com> 8.1.407-1jpp.2
- Rebuilt
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0:8.1.407-1jpp.1
- rebuild
* Wed Jun 14 2006 Tom Lane <tgl@redhat.com> 8.1.407-1jpp
- Update to build 8.1-407
* Mon Mar 27 2006 Tom Lane <tgl@redhat.com> 8.1.405-2jpp
- Back-patch upstream fix to support unspecified-type strings.
* Thu Feb 16 2006 Tom Lane <tgl@redhat.com> 8.1.405-1jpp
- Split postgresql-jdbc into its own SRPM (at last).
- Build it from source. Add support for gcj compilation.

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (pgjdbc-REL42.2.3.tar.gz) = c73976999baa752d5b0f24ef367c3dd11c46e4969554e1e39cc34c650f3436911a5320f38cfa28d6269acc3ce809de1e3b69ea98bcccc6745399843dab86642f
SHA512 (pgjdbc-parent-poms-REL1.1.5.tar.gz) = 924cfca194555e81174ccc8128810744ea7fe3b573e87353a0720e39e0846076dd115e40ad628c0b68fe46cf6993f402a2b01f07c71b580dddab2fd896cfa464