From cb046d8352861246ca0a8156525a93ed16b6b186 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 9 May 2023 05:23:27 +0000
Subject: [PATCH] import postgresql-jdbc-42.2.27-1.el9

---
 .gitignore                                   |  2 +-
 .postgresql-jdbc.metadata                    |  2 +-
 SOURCES/postgresql-jdbc-CVE-2022-31197.patch | 92 --------------------
 SPECS/postgresql-jdbc.spec                   | 11 +--
 4 files changed, 8 insertions(+), 99 deletions(-)
 delete mode 100644 SOURCES/postgresql-jdbc-CVE-2022-31197.patch

diff --git a/.gitignore b/.gitignore
index 3623f7e..ac31f38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/postgresql-42.2.18-jdbc-src.tar.gz
+SOURCES/postgresql-42.2.27-jdbc-src.tar.gz
diff --git a/.postgresql-jdbc.metadata b/.postgresql-jdbc.metadata
index fa8d063..b2ba1ff 100644
--- a/.postgresql-jdbc.metadata
+++ b/.postgresql-jdbc.metadata
@@ -1 +1 @@
-a5f91177e5da1e4c9a771a9196845095a223bd44 SOURCES/postgresql-42.2.18-jdbc-src.tar.gz
+189347e9b24d6200d00d171636795bdce6e1307e SOURCES/postgresql-42.2.27-jdbc-src.tar.gz
diff --git a/SOURCES/postgresql-jdbc-CVE-2022-31197.patch b/SOURCES/postgresql-jdbc-CVE-2022-31197.patch
deleted file mode 100644
index efa1b4f..0000000
--- a/SOURCES/postgresql-jdbc-CVE-2022-31197.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-Fix CVE-2022-31197
-
-Source of this commit and more information about it is here:
-https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
-
-diff --git a/src/main/java/org/postgresql/jdbc/PgResultSet.java b/src/main/java/org/postgresql/jdbc/PgResultSet.java
-index 42c6dda6..81a5ef1d 100644
---- a/src/main/java/org/postgresql/jdbc/PgResultSet.java
-+++ b/src/main/java/org/postgresql/jdbc/PgResultSet.java
-@@ -1323,7 +1323,7 @@ public class PgResultSet implements ResultSet, org.postgresql.PGRefCursorResultS
-       if (i > 1) {
-         selectSQL.append(", ");
-       }
--      selectSQL.append(pgmd.getBaseColumnName(i));
-+      Utils.escapeIdentifier(selectSQL, pgmd.getBaseColumnName(i));
-     }
-     selectSQL.append(" from ").append(onlyTable).append(tableName).append(" where ");
-
-@@ -1333,7 +1333,8 @@ public class PgResultSet implements ResultSet, org.postgresql.PGRefCursorResultS
-     for (int i = 0; i < numKeys; i++) {
-
-       PrimaryKey primaryKey = primaryKeys.get(i);
--      selectSQL.append(primaryKey.name).append("= ?");
-+      Utils.escapeIdentifier(selectSQL, primaryKey.name);
-+      selectSQL.append(" = ?");
-
-       if (i < numKeys - 1) {
-         selectSQL.append(" and ");
-
-diff --git a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java
-new file mode 100644
-index 00000000..3a4a7e51
---- /dev/null
-+++ b/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2022, PostgreSQL Global Development Group
-+ * See the LICENSE file in the project root for more information.
-+ */
-+
-+package org.postgresql.test.jdbc2;
-+
-+import static org.junit.Assert.assertTrue;
-+
-+import org.postgresql.test.TestUtil;
-+
-+import org.junit.Test;
-+
-+import java.sql.ResultSet;
-+import java.sql.SQLException;
-+import java.sql.Statement;
-+import java.sql.Connection;
-+
-+public class ResultSetRefreshTest extends BaseTest4 {
-+  @Test
-+  public void testWithDataColumnThatRequiresEscaping() throws Exception {
-+    Connection conn = con;
-+    TestUtil.dropTable(conn, "refresh_row_bad_ident");
-+    TestUtil.execute("CREATE TABLE refresh_row_bad_ident (id int PRIMARY KEY, \"1 FROM refresh_row_bad_ident; SELECT 2; SELECT *\" int)",conn);
-+    TestUtil.execute("INSERT INTO refresh_row_bad_ident (id) VALUES (1), (2), (3)",conn);
-+
-+    Statement stmt = conn.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE);
-+    ResultSet rs = stmt.executeQuery("SELECT * FROM refresh_row_bad_ident");
-+    assertTrue(rs.next());
-+    try {
-+      rs.refreshRow();
-+    } catch (SQLException ex) {
-+      throw new RuntimeException("ResultSet.refreshRow() did not handle escaping data column identifiers", ex);
-+    }
-+    rs.close();
-+    stmt.close();
-+  }
-+
-+  @Test
-+  public void testWithKeyColumnThatRequiresEscaping() throws Exception {
-+    Connection conn = con;
-+    TestUtil.dropTable(conn, "refresh_row_bad_ident");
-+    TestUtil.execute("CREATE TABLE refresh_row_bad_ident (\"my key\" int PRIMARY KEY)",conn);
-+    TestUtil.execute("INSERT INTO refresh_row_bad_ident VALUES (1), (2), (3)",conn);
-+
-+    Statement stmt = conn.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE);
-+    ResultSet rs = stmt.executeQuery("SELECT * FROM refresh_row_bad_ident");
-+    assertTrue(rs.next());
-+    try {
-+      rs.refreshRow();
-+    } catch (SQLException ex) {
-+      throw new RuntimeException("ResultSet.refreshRow() did not handle escaping key column identifiers", ex);
-+    }
-+    rs.close();
-+    stmt.close();
-+  }
-+}
diff --git a/SPECS/postgresql-jdbc.spec b/SPECS/postgresql-jdbc.spec
index 6eaffe7..70eafd9 100644
--- a/SPECS/postgresql-jdbc.spec
+++ b/SPECS/postgresql-jdbc.spec
@@ -48,13 +48,12 @@
 
 Summary:	JDBC driver for PostgreSQL
 Name:		postgresql-jdbc
-Version:  42.2.18
-Release:	6%{?dist}
+Version:  42.2.27
+Release:	1%{?dist}
 License:	BSD
 URL:		http://jdbc.postgresql.org/
 
 Source0:	https://repo1.maven.org/maven2/org/postgresql/postgresql/%{version}/postgresql-%{version}-jdbc-src.tar.gz
-Patch0:	postgresql-jdbc-CVE-2022-31197.patch
 
 Provides:	pgjdbc = %version-%release
 
@@ -100,8 +99,6 @@ This package contains the API Documentation for %{name}.
 
 mv postgresql-%{version}-jdbc-src/* .
 
-%patch0 -p1
-
 # remove any binary libs
 find -type f \( -name "*.jar" -or -name "*.class" \) | xargs rm -f
 
@@ -168,6 +165,10 @@ opts="-f"
 
 
 %changelog
+* Tue Jan 03 2023 Zuzana Miklankova <zmiklank@redhat.com> - 42.2.27-1
+- rebase to 42.2.27
+- fix for CVE-2022-41946
+
 * Tue Oct 11 2022 Zuzana Miklankova <zmiklank@redhat.com> - 42.2.18-6
 - fix for CVE-2022-31197