Bug#913307: osmosis: please switch to libmariadb-java
Markus Koschany
apo at debian.org
Fri Nov 9 13:04:37 GMT 2018
Package: osmosis
Version: 0.47-2
Severity: important
Tags: patch
Hello,
we would like to remove libmysql-java from Debian because it is
frequently affected by security vulnerabilities which are not fully
disclosed. This makes it hard to determine the impact of such a flaw.[1]
However we also have libmariadb-java which is a drop-in replacement
and upstream is more transparent about security issues.
Please find attached two patches that make the necessary changes to
the Debian packaging.
[1] https://bugs.debian.org/912916
Regards,
Markus
-------------- next part --------------
>From 561c7f24a826bd66698eab804e52b7e4e2e9d2c1 Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo at debian.org>
Date: Fri, 9 Nov 2018 13:39:08 +0100
Subject: [PATCH 1/2] Switch from libmysql-java to libmariadb-java.
---
debian/control | 4 ++--
debian/maven.rules | 1 +
debian/patches/02-fix_plexus.patch | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/control b/debian/control
index 1484230..fb9f2af 100644
--- a/debian/control
+++ b/debian/control
@@ -17,7 +17,7 @@ Build-Depends: debhelper (>= 9),
libcommons-dbcp-java,
libjdepend-java,
libjpf-java,
- libmysql-java,
+ libmariadb-java,
# libnetty-3.9-java,
libpostgis-java,
libpostgresql-jdbc-java,
@@ -47,7 +47,7 @@ Depends: default-jre-headless | java8-runtime-headless,
libcommons-dbcp-java,
libcommons-pool-java,
libjpf-java,
- libmysql-java,
+ libmariadb-java,
# libnetty-3.9-java,
libpostgis-java,
libpostgresql-jdbc-java,
diff --git a/debian/maven.rules b/debian/maven.rules
index 71365ce..3898b15 100644
--- a/debian/maven.rules
+++ b/debian/maven.rules
@@ -5,3 +5,4 @@ org.springframework spring-jdbc * s/.*/debian/ * *
#s/org.jboss.netty/io.netty/ netty * s/.*/debian/ * *
s/org.postgis/net.postgis/ postgis-jdbc * s/.*/debian/ * *
s/com.fasterxml.woodstox/org.codehaus.woodstox/ s/woodstox-core/woodstox-core-lgpl/ * s/.*/debian/ * *
+s/mysql/org.mariadb.jdbc/ s/mysql-connector-java/mariadb-java-client/ * s/.*/debian/ * *
diff --git a/debian/patches/02-fix_plexus.patch b/debian/patches/02-fix_plexus.patch
index 26151a2..4fc867c 100644
--- a/debian/patches/02-fix_plexus.patch
+++ b/debian/patches/02-fix_plexus.patch
@@ -14,7 +14,7 @@ Forwarded: not-needed
+load /usr/share/java/commons-compress.jar
+load /usr/share/java/commons-codec.jar
+load /usr/share/java/commons-dbcp.jar
-+load /usr/share/java/mysql-connector-java.jar
++load /usr/share/java/mariadb-java-client.jar
+load /usr/share/java/postgis-jdbc.jar
+load /usr/share/java/postgresql.jar
+load /usr/share/java/spring3-beans.jar
--
2.19.1
-------------- next part --------------
>From 4b71149fb6e54088c184c0a6d75bce327688dfb6 Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo at debian.org>
Date: Fri, 9 Nov 2018 13:56:12 +0100
Subject: [PATCH 2/2] Add mariadb.patch
---
debian/patches/mariadb.patch | 24 ++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 25 insertions(+)
create mode 100644 debian/patches/mariadb.patch
diff --git a/debian/patches/mariadb.patch b/debian/patches/mariadb.patch
new file mode 100644
index 0000000..86e2359
--- /dev/null
+++ b/debian/patches/mariadb.patch
@@ -0,0 +1,24 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 9 Nov 2018 13:55:11 +0100
+Subject: mariadb
+
+Use MariaDB driver class.
+
+Forwarded: no
+---
+ .../java/org/openstreetmap/osmosis/apidb/common/DataSourceFactory.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/osmosis-apidb/src/main/java/org/openstreetmap/osmosis/apidb/common/DataSourceFactory.java b/osmosis-apidb/src/main/java/org/openstreetmap/osmosis/apidb/common/DataSourceFactory.java
+index fe0f28d..adc4924 100644
+--- a/osmosis-apidb/src/main/java/org/openstreetmap/osmosis/apidb/common/DataSourceFactory.java
++++ b/osmosis-apidb/src/main/java/org/openstreetmap/osmosis/apidb/common/DataSourceFactory.java
+@@ -38,7 +38,7 @@ public final class DataSourceFactory {
+ /*+ "?loglevel=2"*/);
+ break;
+ case MYSQL:
+- dataSource.setDriverClassName("com.mysql.jdbc.Driver");
++ dataSource.setDriverClassName("com.mariadb.jdbc.Driver");
+ dataSource.setUrl("jdbc:mysql://" + credentials.getHost() + "/" + credentials.getDatabase());
+ break;
+ default:
diff --git a/debian/patches/series b/debian/patches/series
index abefb2d..ef0b803 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
02-fix_plexus.patch
04-osmosis-version.patch
disable-netty3.patch
+mariadb.patch
--
2.19.1
More information about the Pkg-grass-devel
mailing list