packages/hsqldb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:67ae2f214d0e2bea2ed83566a8a4c0a25135127b
Branches Tags
packages:main
...
compare: packages:6629a1ce03c96b8ec1adc8943fbb158f2f410295
Branches Tags
packages:main

10 Commits
67ae2f214d ... 6629a1ce03

Author SHA1 Message Date
openeuler-ci-bot
6629a1ce03
!22 [sync] PR-20: Fix CVE-2022-41853 
From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2023-12-07 09:22:56 +00:00
starlet-dx
de78bc3f4f Fix CVE-2022-41853 
(cherry picked from commit 0d23d3bd3815334677954222c59d6fa3532dd666)
 2023-12-07 16:39:55 +08:00
openeuler-ci-bot
f6578d71ab
!13 Modify invalid Source 
From: @starlet-dx 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2022-11-23 07:19:33 +00:00
starlet-dx
d8424f1b0f Modify invalid Source 2022-11-23 15:06:21 +08:00
openeuler-ci-bot
a77e820b77 !6 Add dependency javapackages-tools required by hsqldb service 
From: @ultra_planet
Reviewed-by: @small_leek,@si-gui,@wangchong1995924
Signed-off-by: @wangchong1995924
 2021-06-16 07:01:27 +00:00
lingsheng
ec9ef80081 Add dependency javapackages-tools required by hsqldb service 2021-06-16 14:48:49 +08:00
openeuler-ci-bot
43ea906390 !2 Fix 0002-Build-cmdline-classes.patch 
From: @maminjie
Reviewed-by: @wang_yue111,@wangchong1995924
Signed-off-by: @wangchong1995924
 2021-06-07 14:29:59 +08:00
maminjie
f8717675b4 Fix 0002-Build-cmdline-classes.patch 2021-06-07 13:14:04 +08:00
openeuler-ci-bot
8887fa7332 !1 Package init 
Merge pull request !1 from 雷炬/master
 2020-08-31 19:12:20 +08:00
lei_ju
d09bea89c2 Modify spec file 2020-08-31 16:20:28 +08:00
6 changed files with 95 additions and 21 deletions
Show Stats Expand all files Collapse all files

26
0002-Build-cmdline-classes.patch
View File

@ -1,17 +1,17 @@
From 4db4a99c17d5c058dbe8f33a3b4cc7f0cd5fb9b6 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Thu, 30 Nov 2017 19:53:15 +0200
Subject: [PATCH 2/2] Build cmdline classes
From bd384fb37738ac7c7bbc99585b3cdcd82fb984a5 Mon Sep 17 00:00:00 2001
From: maminjie <maminjie1@huawei.com>
Date: Mon, 7 Jun 2021 12:46:38 +0800
Subject: [PATCH] Build cmdline classes
---
build/build.xml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/build/build.xml b/build/build.xml
index 054db25..2a70d2b 100644
index d5fbd2b..59882f2 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -443,7 +443,7 @@ examples:
@@ -442,7 +442,7 @@ examples:
</target>
<!-- compiles the cmdline classes -->
@ -20,14 +20,14 @@ index 054db25..2a70d2b 100644
depends="-prepare, -update-switch-branch,
-conditionalize-sqlfile-scanner, -sqlfile-scanner">
<javac srcdir="${swsrc}"
@@ -601,7 +601,6 @@ examples:
</manifest>
<exclude name="org/hsqldb/jmx/**"/>
<exclude name="org/hsqldb/util/**"/>
@@ -689,7 +689,6 @@ examples:
<exclude name="org/hsqldb/util/Zaurus*"/>
<exclude name="org/hsqldb/test/*.class"/>
<exclude name="org/hsqldb/sample/*.class"/>
- <exclude name="org/hsqldb/cmdline/**"/>
<exclude name="org/hsqldb/test/**"/>
<exclude name="org/hsqldb/sample/**"/>
</jar>
</target>
--
2.14.3
2.23.0

61
CVE-2022-41853.patch Normal file
View File

@ -0,0 +1,61 @@
From: Markus Koschany <apo@debian.org>
Date: Wed, 7 Dec 2022 13:00:46 +0100
Subject: CVE-2022-41853
Bug-Debian: https://bugs.debian.org/1023573
Origin: https://sourceforge.net/p/hsqldb/svn/6614/
---
src/org/hsqldb/persist/HsqlDatabaseProperties.java | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/src/org/hsqldb/persist/HsqlDatabaseProperties.java b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
index bc03e82..bee0ea6 100644
--- a/src/org/hsqldb/persist/HsqlDatabaseProperties.java
+++ b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
@@ -51,28 +51,28 @@ import org.hsqldb.lib.StringUtil;
*/
public class HsqlDatabaseProperties extends HsqlProperties {
- private static final String hsqldb_method_class_names =
+ public static final String hsqldb_method_class_names =
"hsqldb.method_class_names";
public static final String textdb_allow_full_path =
"textdb.allow_full_path";
- private static HashSet accessibleJavaMethodNames;
+ public static String methodClassNames;
+ private static final HashSet accessibleJavaMethodNames = new HashSet();
private static boolean allowFullPath;
static {
try {
- String prop = System.getProperty(hsqldb_method_class_names);
+ methodClassNames = System.getProperty(hsqldb_method_class_names);
- if (prop != null) {
- accessibleJavaMethodNames = new HashSet();
+ if (methodClassNames != null) {
- String[] names = StringUtil.split(prop, ";");
+ String[] names = StringUtil.split(methodClassNames, ";");
for (int i = 0; i < names.length; i++) {
accessibleJavaMethodNames.add(names[i]);
}
}
- prop = System.getProperty(textdb_allow_full_path);
+ String prop = System.getProperty(textdb_allow_full_path);
if (prop != null) {
if (Boolean.valueOf(prop)) {
@@ -97,10 +97,6 @@ public class HsqlDatabaseProperties extends HsqlProperties {
*/
public static boolean supportsJavaMethod(String name) {
- if (accessibleJavaMethodNames == null) {
- return true;
- }
-
if (name.startsWith("java.lang.Math.")) {
return true;
}

BIN
hsqldb-2.4.0.tar.gz Normal file
View File

Binary file not shown.

BIN
hsqldb-2.4.0.zip
View File

Binary file not shown.

25
hsqldb.spec
View File

@ -1,11 +1,11 @@
Name: hsqldb
Version: 2.4.0
Release: 1
Release: 5
Epoch: 1
Summary: HyperSQL Database Engine
License: BSD
URL: http://hsqldb.sourceforge.net/
Source0: http://downloads.sourceforge.net/hsqldb/hsqldb-%{version}.zip
URL: https://github.com/ryenus/hsqldb
Source0: https://github.com/ryenus/hsqldb/archive/%{version}/hsqldb-%{version}.tar.gz
Source1: %{name}.cfg
Source2: %{name}-server.properties
Source3: %{name}-webserver.properties
@ -17,9 +17,12 @@ Source8: %{name}-post
Source9: %{name}-stop
Patch0: 0001-Fix-javadoc-build.patch
Patch1: 0002-Build-cmdline-classes.patch
# https://sourceforge.net/p/hsqldb/svn/6614/
Patch2: CVE-2022-41853.patch
BuildRequires: ant javapackages-local systemd-units glassfish-servlet-api
Requires: %{name}-lib = %{epoch}:%{version}-%{release} glassfish-servlet-api
Requires: javapackages-tools
Requires(pre): shadow-utils
Requires(post): systemd-units
Requires(preun): systemd-units
@ -69,9 +72,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
Demonstrations and samples for %{name}.
%prep
%setup -q -n %{name}-%{version}/%{name}
%patch0 -p1
%patch1 -p1
%autosetup -n %{name}-%{version} -p1
find . -name "*.sh" -exec chmod 755 \{\} \;
for dir in `find . -name _notes`; do rm -rf $dir; done
find . -name "*.jar" -exec rm -f {} \;
@ -159,5 +160,17 @@ popd
%files demo
%changelog
* Thu Dec 07 2023 yaoxin <yao_xin001@hoperun.com> - 1:2.4.0-5
- Fix CVE-2022-41853
* Wed Nov 23 2022 yaoxin <yaoxin30@h-partners.com> - 1:2.4.0-4
- Modify invalid Source
* Wed Jun 16 2021 lingsheng <lingsheng@huawei.com> - 2.4.0-3
- Add dependency javapackages-tools required by hsqldb service
* Mon Jun 07 2021 maminjie <maminjie1@huawei.com> - 2.4.0-2
- Fix 0002-Build-cmdline-classes.patch
* Tue Aug 4 2020 leiju <leiju4@huawei.com> - 2.4.0-1
- Package init

4
hsqldb.yaml
View File

@ -1,4 +1,4 @@
version_control: svn
src_repo: https://svn.code.sf.net/p/hsqldb/svn/
version_control: github
src_repo: ryenus/hsqldb
tag_prefix: "^"
seperator: "."