[Git][java-team/derby][upstream] New upstream version 10.14.2.0
Emmanuel Bourg
gitlab at salsa.debian.org
Wed May 16 17:04:52 BST 2018
Emmanuel Bourg pushed to branch upstream at Debian Java Maintainers / derby
Commits:
91b274b9 by Emmanuel Bourg at 2018-05-16T17:44:06+02:00
New upstream version 10.14.2.0
- - - - -
17 changed files:
- NOTICE
- RELEASE-NOTES.html
- STATUS
- java/drda/org/apache/derby/drda/NetworkServerControl.java
- java/drda/org/apache/derby/drda/server.policy
- + java/drda/org/apache/derby/drda/server.policy.rej
- java/drda/org/apache/derby/drda/template.policy
- java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
- java/engine/org/apache/derby/iapi/reference/Property.java
- java/engine/org/apache/derby/impl/sql/execute/AlterTableConstantAction.java
- java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
- java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
- java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DatabaseMetaDataTest.java
- java/tools/org/apache/derby/impl/tools/sysinfo/Main.java
- releaseSummary.xml
- tools/ant/properties/release.properties
- tools/release/build.xml
Changes:
=====================================
NOTICE
=====================================
--- a/NOTICE
+++ b/NOTICE
@@ -8,7 +8,7 @@
=========================================================================
Apache Derby
-Copyright 2004-2017 The Apache Software Foundation
+Copyright 2004-2018 The Apache Software Foundation
This product includes software developed by
The Apache Software Foundation (http://www.apache.org/).
=====================================
RELEASE-NOTES.html
=====================================
--- a/RELEASE-NOTES.html
+++ b/RELEASE-NOTES.html
@@ -1,10 +1,10 @@
<html lang="en">
-<title>Release Notes for Apache Derby 10.14.1.0</title>
+<title>Release Notes for Apache Derby 10.14.2.0</title>
<body>
<h1>
-<a name="Release Notes for Apache Derby 10.14.1.0"></a>Release Notes for Apache Derby 10.14.1.0</h1>
+<a name="Release Notes for Apache Derby 10.14.2.0"></a>Release Notes for Apache Derby 10.14.2.0</h1>
<div>
-<p>These notes describe the difference between Apache Derby release 10.14.1.0 and the preceding release 10.13.1.1.</p>
+<p>These notes describe the difference between Apache Derby release 10.14.2.0 and the preceding release 10.14.1.0.</p>
</div>
<ul>
<li>
@@ -77,25 +77,15 @@ Support for Java SE 8 is being sunsetted and will not be supported by the next (
<p>
-This is a feature release. The following new features were added:
+This is a patch release. No new features have been added.
</p>
-<ul>
-
-
-<li>
-<b>ALTER TABLE cycling</b> - The ALTER TABLE command can now change the cycling behavior of auto-increment columns. See the section on this statement in the Derby Reference Manual.</li>
-
-
-</ul>
-
-
</div>
<h2>
<a name="Bug Fixes"></a>Bug Fixes</h2>
<div>
-<p>The following issues are addressed by Derby release 10.14.1.0. These issues are not addressed in the preceding 10.13.1.1 release.</p>
+<p>The following issues are addressed by Derby release 10.14.2.0. These issues are not addressed in the preceding 10.14.1.0 release.</p>
<table border="2">
<tr>
<th>
@@ -103,65 +93,134 @@ This is a feature release. The following new features were added:
</th><th>Description</th>
</tr>
<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6962">DERBY-6962</a></td><td>Forbid ALTER TABLE ... SET CYCLE on identity columns in pre-10.11 databases</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6961">DERBY-6961</a></td><td>SET CYCLE fails to let an identity column cycle if the range is already exhausted</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6959">DERBY-6959</a></td><td>Require the Standard SET keyword in the syntax for changing the cycle behavior of identity columns</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6956">DERBY-6956</a></td><td>Create table as Select cannot copy Decimal columns</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6936">DERBY-6936</a></td><td>Documentation for changes made as part of DERBY-6904</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6935">DERBY-6935</a></td><td>Test Coverage for added features.</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6918">DERBY-6918</a></td><td>Problem with schema name starting with number followed by a dot</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6916">DERBY-6916</a></td><td>Doc of derbyrun.jar should describe complete list of referenced jars</td>
+<td><a href="https://issues.apache.org/jira/browse/DERBY-6987">DERBY-6987</a></td><td>The default Network Server security policy file could be trimmed down somewhat.</td>
</tr>
<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6906">DERBY-6906</a></td><td>Allow a GENERATED column to explicitly specify NO CYCLE</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6903">DERBY-6903</a></td><td>ALTER TABLE ALTER COLUMN resets CYCLE option of IDENTITY column</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6899">DERBY-6899</a></td><td>Improve docs build.xml to remove CLASSPATH requirement</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6898">DERBY-6898</a></td><td>Improve developer documentation for docs</td>
-</tr>
-<tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-6857">DERBY-6857</a></td><td>Deprecate support for building Derby under JDKs 6 and 7</td>
+<td><a href="https://issues.apache.org/jira/browse/DERBY-6986">DERBY-6986</a></td><td>Network Server COMMAND_TESTCONNECTION need not try to open a database</td>
</tr>
</table>
</div>
<h2>
<a name="Issues"></a>Issues</h2>
<div>
-<ul></ul>
-<p>No issues required detailed release notes.</p>
+<ul>
+<li>
+<a href="#Note for DERBY-6987"><span>Note for DERBY-6987:
+The default Network Server security policy has been simplified.
+</span></a>
+</li>
+<li>
+<a href="#Note for DERBY-6986"><span>Note for DERBY-6986:
+COMMAND_TESTCONNECTION no longer has database open support.
+</span></a>
+</li>
+</ul>
+<p>Compared with the previous release (10.14.1.0), Derby release 10.14.2.0 introduces the following new features and incompatibilities. These merit your special attention.</p>
+<hr>
+<h3>
+<a name="Note for DERBY-6987"></a>Note for DERBY-6987</h3>
+<div>
+
+
+<h4>Summary of Change</h4>
+
+<p>
+The default Network Server security policy has been simplified.
+</p>
+
+
+
+<h4>Symptoms Seen by Applications Affected by Change</h4>
+
+<p>
+If you start the Network Server without specifying a security
+manager, the Network Server will install a default Java
+security manager that enforces a basic policy. This security
+policy is now simpler than it was in previous releases.
+</p>
+
+
+
+<h4>Incompatibilities with Previous Release</h4>
+
+<p>
+If your Network Server deployment has particular security
+requirements, the default security policy is not right for
+you. You should instead deploy the Network Server with a
+customized security policy file, as described in the
+Security guide.
+</p>
+
+
+
+<h4>Rationale for Change</h4>
+
+<p>
+A simpler default security policy file is preferable, as it
+is easier to understand.
+</p>
+
+
+
+<h4>Application Changes Required</h4>
+
+<p>
+Please review the "Configuring Java security" topic in
+the Security guide for a detailed description of how to
+configure the Network Server security policy.
+</p>
+
+
+
+</div>
+<hr>
+<h3>
+<a name="Note for DERBY-6986"></a>Note for DERBY-6986</h3>
+<div>
+
+
+<h4>Summary of Change</h4>
+
+<p>
+COMMAND_TESTCONNECTION no longer has database open support.
+</p>
+
+
+
+<h4>Symptoms Seen by Applications Affected by Change</h4>
+
+<p>
+The Network Server's COMMAND_TESTCONNECTION operation, which is
+used by the Network Server 'ping' feature, contained code which
+could attempt to open a database specified as part of the 'ping'
+request. This code has been removed.
+</p>
+
+
+<h4>Rationale for Change</h4>
+
+<p>
+It is not necessary to attempt to open a database in order
+to ping the Network Server.
+</p>
+
+
+
+</div>
</div>
<h2>
<a name="Build Environment"></a>Build Environment</h2>
<div>
-<p>Derby release 10.14.1.0 was built using the following environment:</p>
+<p>Derby release 10.14.2.0 was built using the following environment:</p>
<ul>
<li>
<b>Branch</b> - Source code came from the 10.14 branch.</li>
<li>
-<b>Machine</b> - Mac OSX 10.11.5.</li>
+<b>Machine</b> - Fedora 27</li>
<li>
-<b>Ant</b> - Apache Ant(TM) version 1.9.2 compiled on July 8 2013.</li>
+<b>Ant</b> - Apache Ant(TM) version 1.9.5 compiled on May 31 2015</li>
<li>
-<b>Compiler</b> - All classes were compiled by the javac from the 1.8.0_101 JDK, Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode).</li>
+<b>Compiler</b> - All classes were compiled by the javac from the 1.8.0_151 JDK, OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)</li>
</ul>
</div>
<h2>
=====================================
STATUS
=====================================
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
APACHE DERBY STATUS:
-Last modified at [$Date: 2017-09-18 18:10:21 -0700 (Mon, 18 Sep 2017) $] by $Author: rhillegas $.
+Last modified at [$Date: 2017-10-22 14:08:35 -0700 (Sun, 22 Oct 2017) $] by $Author: rhillegas $.
Web site: http://db.apache.org/derby/
@@ -21,6 +21,7 @@ Project info
period of time can earn a contributor commit access to the codebase.
Official releases:
+ * 10.14.1.0 : Released 2017-10-22
* 10.13.1.1 : Released 2016-10-26
* 10.12.1.1 : Released 2015-10-11
* 10.11.1.1 : Released 2014-08-27
@@ -64,6 +65,7 @@ RECENT VOTES
The community voted to sunset support for Java SE 8. The vote closed on 2017-07-09.
The community voted to sunset support for Java SE 7. The vote closed on 2015-09-12.
The community voted to sunset support for Java SE 6. The vote closed on 2014-09-15.
+Release 10.14.1.0 was approved as a release on 2017-10-11, published on 2017-10-14, and announced on 2017-10-22.
Release 10.13.1.1 was approved as a release on 2016-10-24, published on 2016-10-26, and announced on 2016-10-29.
Release 10.12.1.1 was approved as a release on 2015-10-05, published on 2015-10-10, and announced on 2015-10-11.
Release 10.11.1.1 was approved as a release on 2014-08-25, published on 2014-08-26, and announced on 2014-08-27.
=====================================
java/drda/org/apache/derby/drda/NetworkServerControl.java
=====================================
--- a/java/drda/org/apache/derby/drda/NetworkServerControl.java
+++ b/java/drda/org/apache/derby/drda/NetworkServerControl.java
@@ -21,6 +21,7 @@
package org.apache.derby.drda;
+import java.io.File;
import java.io.PrintWriter;
import java.net.Inet6Address;
import java.net.InetAddress;
@@ -686,10 +687,14 @@ public class NetworkServerControl{
// network codesources. Do not let the customer
// override this
//
- String derbyInstallURL = getCodeSourcePrefix( server );
+ URL derbyInstallURL = getCodeSourceURL( server );
+ String derbyInstallStr = getCodeSourcePrefix( server, derbyInstallURL );
+ String derbyInstallPth = new File(derbyInstallURL.getFile())
+ .getParentFile().getAbsolutePath();
+
+ System.setProperty( Property.DERBY_INSTALL_URL, derbyInstallStr );
+ System.setProperty( Property.DERBY_INSTALL_PATH, derbyInstallPth );
- System.setProperty( Property.DERBY_INSTALL_URL, derbyInstallURL );
-
//
// Now install a SecurityManager, using the Basic policy file.
//
@@ -790,7 +795,7 @@ public class NetworkServerControl{
* same directory.
* </p>
*/
- private static String getCodeSourcePrefix( NetworkServerControlImpl server )
+ private static URL getCodeSourceURL( NetworkServerControlImpl server )
throws Exception
{
// Note: This method is expected to run only when no security manager
@@ -801,9 +806,14 @@ public class NetworkServerControl{
return null;
}
URL url = cs.getLocation();
- if (url == null) {
- return null;
- }
+ return url;
+ }
+
+ private static String getCodeSourcePrefix(
+ NetworkServerControlImpl server,
+ URL url )
+ throws Exception
+ {
// Replace in "file://some", but not in "file:///some".
String extForm = url.toExternalForm().replaceFirst(
"^file://([^/].*)", "file:////$1");
=====================================
java/drda/org/apache/derby/drda/server.policy
=====================================
--- a/java/drda/org/apache/derby/drda/server.policy
+++ b/java/drda/org/apache/derby/drda/server.policy
@@ -32,17 +32,7 @@ grant codeBase "${derby.install.url}derby.jar"
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
- // This permission lets you backup and restore databases to and from
- // arbitrary locations in your file system.
- //
- // This permission also lets you import/export data to and from arbitrary
- // locations in your file system.
- //
- // You may want to restrict this access to specific directories.
- //
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
-
- // Needed by sysinfo. The file permission is needed to check the existence of
+ // Needed by sysinfo. A file permission is needed to check the existence of
// jars on the classpath. You can limit this permission to just the locations
// which hold your jar files. This block is reproduced for all codebases
// which include the sysinfo classes--the policy file syntax does not let you
@@ -54,9 +44,9 @@ grant codeBase "${derby.install.url}derby.jar"
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "java.runtime.version", "read";
permission java.io.FilePermission "java.fullversion", "read";
+ permission java.io.FilePermission "${derby.install.path}${/}-", "read";
// Permissions needed for JMX based management and monitoring.
//
@@ -143,7 +133,7 @@ grant codeBase "${derby.install.url}derbynet.jar"
"control,monitor";
permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
- // Needed by sysinfo. The file permission is needed to check the existence of
+ // Needed by sysinfo. A file permission is needed to check the existence of
// jars on the classpath. You can limit this permission to just the locations
// which hold your jar files. This block is reproduced for all codebases
// which include the sysinfo classes--the policy file syntax does not let you
@@ -155,15 +145,15 @@ grant codeBase "${derby.install.url}derbynet.jar"
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "java.runtime.version", "read";
permission java.io.FilePermission "java.fullversion", "read";
+ permission java.io.FilePermission "${derby.install.path}${/}-", "read";
};
grant codeBase "${derby.install.url}derbytools.jar"
{
- // Needed by sysinfo. The file permission is needed to check the existence of
+ // Needed by sysinfo. A file permission is needed to check the existence of
// jars on the classpath. You can limit this permission to just the locations
// which hold your jar files. This block is for all codebases which include
// the sysinfo classes--the policy file syntax does not let you grant
@@ -182,7 +172,7 @@ grant codeBase "${derby.install.url}derbytools.jar"
grant codeBase "${derby.install.url}derbyclient.jar"
{
- // Needed by sysinfo. The file permission is needed to check the existence of
+ // Needed by sysinfo. A file permission is needed to check the existence of
// jars on the classpath. You can limit this permission to just the locations
// which hold your jar files. This block is reproduced for all codebases
// which include the sysinfo classes--the policy file syntax does not let you
@@ -194,7 +184,7 @@ grant codeBase "${derby.install.url}derbyclient.jar"
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.io.FilePermission "${derby.install.path}${/}-", "read";
// The following permission must be granted for Connection.abort(Executor) to
// work. Note that this permission must also be granted to outer
=====================================
java/drda/org/apache/derby/drda/server.policy.rej
=====================================
--- /dev/null
+++ b/java/drda/org/apache/derby/drda/server.policy.rej
@@ -0,0 +1,13 @@
+--- java/drda/org/apache/derby/drda/server.policy (revision 1825268)
++++ java/drda/org/apache/derby/drda/server.policy (working copy)
+@@ -182,9 +172,9 @@
+ permission java.util.PropertyPermission "java.runtime.version", "read";
+ permission java.util.PropertyPermission "java.fullversion", "read";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+- permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.io.FilePermission "java.runtime.version", "read";
+ permission java.io.FilePermission "java.fullversion", "read";
++ permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+ permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+ };
=====================================
java/drda/org/apache/derby/drda/template.policy
=====================================
--- a/java/drda/org/apache/derby/drda/template.policy
+++ b/java/drda/org/apache/derby/drda/template.policy
@@ -52,9 +52,13 @@ grant codeBase "${derby.install.url}derby.jar"
// This permission also lets you import/export data to and from arbitrary
// locations in your file system.
//
- // You may want to restrict this access to specific directories.
+ // NOTE: this permission is commented out. You should NOT grant blanket
+ // permission to the entire filesystem! If you choose to use this
+ // permission to allow the server to access files outside of the
+ // server's home directory, you should name those specific directories
+ // in the permisson (that is, do NOT specify ALL FILES).
//
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ // permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
// Permissions needed for JMX based management and monitoring.
//
@@ -139,9 +143,11 @@ grant codeBase "${derby.install.url}derbynet.jar"
//
// permission java.net.SocketPermission "*", "connect,resolve";
- // Needed by sysinfo. The file permission is needed to check the existence of
- // jars on the classpath. You can limit this permission to just the locations
- // which hold your jar files.
+ // Needed by sysinfo. A file permission is needed to check the existence of
+ // jars on the classpath. Note that this permission is commented out!
+ // You should limit this permission to just the locations which hold
+ // your jar files; do NOT grant blanket permission to read the entire
+ // filesystem.
//
// In this template file, this block of permissions is granted to
// derbynet.jar under the assumption that derbynet.jar is the first jar file
@@ -155,12 +161,12 @@ grant codeBase "${derby.install.url}derbynet.jar"
// derbyclient.jar
// derbytools.jar
//
+ // permission java.io.FilePermission "${derby.install.directory}${/}-", "read";
permission java.util.PropertyPermission "user.*", "read";
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.class.path", "read";
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
};
=====================================
java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
=====================================
--- a/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
+++ b/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
@@ -1820,11 +1820,11 @@ public final class NetworkServerControlImpl {
consolePropertyMessage("DRDA_TraceDirectoryChange.I", traceDirectory);
break;
case COMMAND_TESTCONNECTION:
- databaseArg = reader.readCmdString();
- userArg = reader.readCmdString();
- passwordArg = reader.readCmdString();
+ databaseArg = reader.readCmdString(); // This is ...
+ userArg = reader.readCmdString(); // ... no longer ...
+ passwordArg = reader.readCmdString(); // ... supported.
if (databaseArg != null)
- connectToDatabase(writer, databaseArg, userArg, passwordArg);
+ sendMessage(writer, ERROR, "Usage: ping()");
else
sendOK(writer);
break;
@@ -3932,46 +3932,6 @@ public final class NetworkServerControlImpl {
/**
- * Connect to a database to test whether a connection can be made
- *
- * @param writer connection to send message to
- * @param database database directory to connect to
- * @param user user to use
- * @param password password to use
- */
- private void connectToDatabase(DDMWriter writer, String database, String user,
- String password) throws Exception
- {
- Properties p = new Properties();
- if (user != null)
- p.put("user", user);
- if (password != null)
- p.put("password", password);
- try {
- Class.forName(CLOUDSCAPE_DRIVER);
- }
- catch (Exception e) {
- sendMessage(writer, ERROR, e.getMessage());
- return;
- }
- try {
- //Note, we add database to the url so that we can allow additional
- //url attributes
- Connection conn = getDriver().connect(Attribute.PROTOCOL+database, p);
- // send warnings
- SQLWarning warn = conn.getWarnings();
- if (warn != null)
- sendSQLMessage(writer, warn, SQLWARNING);
- else
- sendOK(writer);
- conn.close();
- return;
- } catch (SQLException se) {
- sendSQLMessage(writer, se, SQLERROR);
- }
- }
-
- /**
* Wrap SQL Error - display to console and raise exception
*
* @param messageKey Derby SQL Exception message id
=====================================
java/engine/org/apache/derby/iapi/reference/Property.java
=====================================
--- a/java/engine/org/apache/derby/iapi/reference/Property.java
+++ b/java/engine/org/apache/derby/iapi/reference/Property.java
@@ -416,6 +416,7 @@ public interface Property {
* This property is the location of the derby jars.
**/
public static final String DERBY_INSTALL_URL = "derby.install.url";
+ public static final String DERBY_INSTALL_PATH = "derby.install.path";
/**
* This property is private to Derby.
=====================================
java/engine/org/apache/derby/impl/sql/execute/AlterTableConstantAction.java
=====================================
--- a/java/engine/org/apache/derby/impl/sql/execute/AlterTableConstantAction.java
+++ b/java/engine/org/apache/derby/impl/sql/execute/AlterTableConstantAction.java
@@ -2303,7 +2303,7 @@ class AlterTableConstantAction extends DDLSingleTableConstantAction
* @param dtd The type of the autoincrement column.
* @param topOrBottom RANGE_TOP or RANGE_BOTTOM
*
- * @returns the top or bottom of the range
+ * @return the top or bottom of the range
*/
private long getRangeBound(DataTypeDescriptor dtd, int topOrBottom)
throws StandardException
=====================================
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
=====================================
--- a/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
+++ b/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
@@ -22,6 +22,10 @@
package org.apache.derbyTesting.functionTests.tests.derbynet;
import java.io.File;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import javax.net.SocketFactory;
+import java.net.Socket;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessController;
@@ -205,6 +209,138 @@ public class NetworkServerControlApiTest extends BaseJDBCTestCase {
// expected exception
}
}
+
+ /*
+ * CVE-2018-1313: Attempt to pass arguments to COMMAND_TESTCONNECTION
+ */
+ public void test_03_ping_args() throws Exception
+ {
+ String response = tryPingDbError("mydatabase", "myuser", "mypassword");
+ //System.out.println(response);
+ // This once said: XJ004:Database 'mydatabase' not found.
+ assertEquals("Usage", response.substring(0,5));
+
+ response = tryPingDbError("some/sorta/db","someone","somecredentials");
+ //System.out.println(response);
+ assertEquals("Usage", response.substring(0,5));
+
+ response = tryPingDbError("\\\\192.168.1.2\\guest\\db1","tata","tata");
+ //System.out.println(response);
+ assertEquals("Usage", response.substring(0,5));
+
+ response = tryPingDbError("my/nocred/db", "", "");
+ //System.out.println(response);
+ assertEquals("Usage", response.substring(0,5));
+
+ response = tryPingDbOK("", "scarface", "evildoer");
+ //System.out.println(response);
+ assertEquals("OK", response.substring(0,2));
+ }
+
+ private Socket privilegedClientSocket(final String host, int port)
+ throws Exception
+ {
+ try {
+ return AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Socket>() {
+ public Socket run() throws Exception {
+ return SocketFactory.getDefault().createSocket(
+ InetAddress.getByName(host), port);
+ }
+ });
+ } catch (PrivilegedActionException pae) {
+ throw (Exception)pae.getCause();
+ }
+ }
+
+ private static String byteArrayToHex(byte[] ba, int l)
+ {
+ if (l < 0) return "STRING OF NEGATIVE LENGTH("+l+")";
+ StringBuilder sb = new StringBuilder(l * 2);
+ for (int i = 0; i < l; i++) sb.append(String.format("%02x", ba[i]));
+ return sb.toString();
+ }
+
+ private String tryPingDbError(String d, String u, String p)
+ throws Exception
+ {
+ return tryPingDbTest(2, d, u, p); // Result 2: ERROR
+ }
+
+ private String tryPingDbOK(String d, String u, String p)
+ throws Exception
+ {
+ return tryPingDbTest(0, d, u, p); // Result 0: OK
+ }
+
+ private String tryPingDbTest(int rc, String d, String u, String p)
+ throws Exception
+ {
+ //System.out.println("database: '"+d+"' (len: "+d.length()+")");
+ //System.out.println(" user: '"+u+"' (len: "+u.length()+")");
+ //System.out.println("password: '"+p+"' (len: "+p.length()+")");
+
+ Socket clientSocket = privilegedClientSocket(
+ TestConfiguration.getCurrent().getHostName(),
+ TestConfiguration.getCurrent().getPort());
+ ByteArrayOutputStream byteArrayOs = new ByteArrayOutputStream();
+ DataOutputStream commandOs = new DataOutputStream(byteArrayOs);
+
+ byte[] msgBytes = "CMD:".getBytes("UTF8");
+ commandOs.write(msgBytes,0,msgBytes.length);
+ commandOs.writeByte((byte) 0); // default version: 02
+ commandOs.writeByte((byte) 2); // default version: 02
+ commandOs.writeByte((byte) 0); // default locale: 0
+ commandOs.writeByte((byte) 0); // default codeset: 0
+ commandOs.writeByte((byte) 4); // COMMAND_TESTCONNECTION
+
+ msgBytes = d.getBytes("UTF8");
+ commandOs.writeByte((byte)(msgBytes.length >> 8 ));
+ commandOs.writeByte((byte) msgBytes.length);
+ commandOs.write(msgBytes,0,msgBytes.length);
+
+ msgBytes = u.getBytes("UTF8");
+ commandOs.writeByte((byte)(msgBytes.length >> 8 ));
+ commandOs.writeByte((byte) msgBytes.length);
+ commandOs.write(msgBytes,0,msgBytes.length);
+
+ msgBytes = p.getBytes("UTF8");
+ commandOs.writeByte((byte)(msgBytes.length >> 8 ));
+ commandOs.writeByte((byte) msgBytes.length);
+ commandOs.write(msgBytes,0,msgBytes.length);
+
+ byteArrayOs.writeTo(clientSocket.getOutputStream());
+ commandOs.flush();
+ byteArrayOs.reset();
+ clientSocket.shutdownOutput();
+
+ byte[]result = new byte[1024];
+ int resultLen = clientSocket.getInputStream().read(result);
+
+ clientSocket.close();
+
+ //System.out.println( "Result was " + resultLen + " bytes long");
+ //System.out.println( byteArrayToHex(result,resultLen) );
+
+ if (resultLen < 0)
+ return "DISCONNECT";
+
+ String r = "RPY:";
+ int rl = r.length();
+ assertTrue(resultLen > rl);
+ String header = new String(result, 0, rl, "UTF8");
+ assertEquals(r, header);
+ assertEquals(rc, result[rl++]); // 0: OK, 2: ERROR, 3: SQLERROR, etc.
+
+ if (rc == 0)
+ return "OK";
+
+ int l = ((result[rl++] & 0xff) << 8) + (result[rl++] & 0xff);
+ String response = new String(result, rl, l, "UTF8");
+
+ return response;
+ }
+
/**
* Wraps InitAddress.getByName in privilege block.
=====================================
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
=====================================
--- a/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
+++ b/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
@@ -186,6 +186,10 @@ grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
// Needed by NetworkServerTestSetup when probing ports.
permission java.net.SocketPermission "localhost", "listen";
+ permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
+ permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+ permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
};
//
=====================================
java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DatabaseMetaDataTest.java
=====================================
--- a/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DatabaseMetaDataTest.java
+++ b/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DatabaseMetaDataTest.java
@@ -3576,12 +3576,12 @@ public class DatabaseMetaDataTest extends BaseJDBCTestCase {
{"2", "I", "4", "INTEGER", "4", null, "10", "1"},
{"2", "VC10", "12", "VARCHAR", "10", null, null, "1"}
};
- JDBC.assertFullResultSet(rs[0], expRS, true);
+ JDBC.assertUnorderedResultSet(rs[0], expRS, true);
// set buffer_length expected for ODBC; for most of the simple
// tables/rows in our test it's "4" so set in verifyBRIResults
expRS[0][5] = "4";
expRS[1][5] = "20";
- JDBC.assertFullResultSet(rs[1], expRS, true);
+ JDBC.assertUnorderedResultSet(rs[1], expRS, true);
// test DERBY-2610 for fun; can't pass in null table name
try {
@@ -3597,10 +3597,10 @@ public class DatabaseMetaDataTest extends BaseJDBCTestCase {
expRS = new String [][] {
{"2", "TABLEID", "1", "CHAR", "36", null, null, "1"}
};
- JDBC.assertFullResultSet(rs[0], expRS, true);
+ JDBC.assertUnorderedResultSet(rs[0], expRS, true);
// set buffer_length expected for ODBC
expRS[0][5] = "72";
- JDBC.assertFullResultSet(rs[1], expRS, true);
+ JDBC.assertUnorderedResultSet(rs[1], expRS, true);
getConnection().setAutoCommit(true);
=====================================
java/tools/org/apache/derby/impl/tools/sysinfo/Main.java
=====================================
--- a/java/tools/org/apache/derby/impl/tools/sysinfo/Main.java
+++ b/java/tools/org/apache/derby/impl/tools/sysinfo/Main.java
@@ -23,6 +23,8 @@ package org.apache.derby.impl.tools.sysinfo;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.util.Arrays;
+import java.util.List;
import java.util.Locale;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@@ -889,6 +891,31 @@ public static void getMainInfo (java.io.PrintWriter aw, boolean pause) {
".properties",
};
+ private static final String jarNames[] =
+ {
+ "derby.jar",
+ "derbyclient.jar",
+ "derbynet.jar",
+ "derbyoptionaltools.jar",
+ "derbyrun.jar",
+ "derbyshared.jar",
+ "derbyTesting.jar",
+ "derbytools.jar",
+ "derbyLocale_cs.jar",
+ "derbyLocale_de_DE.jar",
+ "derbyLocale_es.jar",
+ "derbyLocale_ja_JP.jar",
+ "derbyLocale_ko_KR.jar",
+ "derbyLocale_pl.jar",
+ "derbyLocale_pt_BR.jar",
+ "derbyLocale_ru.jar",
+ "derbyLocale_fr.jar",
+ "derbyLocale_zh_CN.jar",
+ "derbyLocale_hu.jar",
+ "derbyLocale_zh_TW.jar",
+ "derbyLocale_it.jar"
+ };
+
/**
* Get all the info we can obtain from the local execution context
* as to the availability of the Derby classes by attempting to load
@@ -920,9 +947,23 @@ public static void getMainInfo (java.io.PrintWriter aw, boolean pause) {
{
if (classpath != null) {
String cp [] = parseClasspath(classpath);
+ List<String> jarNamesList = Arrays.asList(jarNames);
Vector<ZipInfoProperties> v = new Vector<ZipInfoProperties>();
for (int i = 0; i < cp.length; i++)
{
+ boolean matches = false;
+ String candidate = cp[i];
+ for (String jarName : jarNames)
+ {
+ if (candidate.endsWith(jarName))
+ {
+ matches = true;
+ break;
+ }
+ }
+ if (!matches)
+ continue;
+
ZipInfoProperties zip = null;
try {
zip = checkForInfo(cp[i]);
=====================================
releaseSummary.xml
=====================================
--- a/releaseSummary.xml
+++ b/releaseSummary.xml
@@ -33,7 +33,7 @@ with real information.
E.g.: 10.2.1.7
-->
-<previousReleaseID>10.13.1.1</previousReleaseID>
+<previousReleaseID>10.14.1.0</previousReleaseID>
<!--
Identifier(s) of previously released versions. Any issue that was fixed in
@@ -47,10 +47,10 @@ with real information.
<buildInfo>
<!-- Machine environment. E.g.: Cygwin on Microsoft Windows XP Professional Version 2002 Service Pack 2. -->
- <machine>Mac OSX 10.11.5.</machine>
+ <machine>Fedora 27</machine>
<!-- Ant version. E.g.: Apache Ant version 1.6.5 compiled on June 2 2005. -->
- <antVersion>Apache Ant(TM) version 1.9.2 compiled on July 8 2013.</antVersion>
+ <antVersion>Apache Ant(TM) version 1.9.5 compiled on May 31 2015</antVersion>
<!--
Say which compilers you used.
@@ -59,7 +59,7 @@ with real information.
The 1.4.2_12-b03 javac was used to compile all classes
except for the JDBC4 drivers. The JDBC4 driver classes were compiled using the 1.6.0-b105 javac.
-->
- <compilers>All classes were compiled by the javac from the 1.8.0_101 JDK, Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode).</compilers>
+ <compilers>All classes were compiled by the javac from the 1.8.0_151 JDK, OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)</compilers>
</buildInfo>
@@ -96,15 +96,9 @@ Support for Java SE 8 is being sunsetted and will not be supported by the next (
<newFeatures>
<p>
-This is a feature release. The following new features were added:
+This is a patch release. No new features have been added.
</p>
-<ul>
-
-<li><b>ALTER TABLE cycling</b> - The ALTER TABLE command can now change the cycling behavior of auto-increment columns. See the section on this statement in the Derby Reference Manual.</li>
-
-</ul>
-
</newFeatures>
<!--
=====================================
tools/ant/properties/release.properties
=====================================
--- a/tools/ant/properties/release.properties
+++ b/tools/ant/properties/release.properties
@@ -15,12 +15,12 @@
drdamaint=0
-maint=1000000
+maint=2000000
major=10
minor=14
eversion=10.14
beta=false
-copyright.comment=Copyright 1997, 2017 The Apache Software Foundation or its licensors, as applicable.
+copyright.comment=Copyright 1997, 2018 The Apache Software Foundation or its licensors, as applicable.
vendor=The Apache Software Foundation
-copyright.year=2017
-release.id.long=10.14.1.0
+copyright.year=2018
+release.id.long=10.14.2.0
=====================================
tools/release/build.xml
=====================================
--- a/tools/release/build.xml
+++ b/tools/release/build.xml
@@ -120,41 +120,6 @@
depends="missing-properties, maven-exec-windows, maven-exec-unix"
description="Generates the release notes. Takes the following properties: jira.user, jira.password, release.version, relnotes.src.reports, jira.filter.id (optional), reportDisqualifications (optional)">
- <!-- Build the JIRA SOAP client -->
- <exec executable="${mvn.exec}"
- dir="${basedir}/tools/release/jirasoap">
- <!-- comment out the two lines below for debugging -->
- <arg line="--quiet"/>
- <arg line="--batch-mode"/>
- <arg line="-Pbuildclient"/>
- </exec>
-
- <!-- Define the task which generates the issue list data for the
- release notes generator
- -->
- <taskdef
- name="jirasoapclient"
- classname="org.apache.derbyBuild.jirasoap.FilteredIssueListerAntWrapper"
- classpath="${jirasoap.generated}/JiraSOAP-LATEST-jar-with-dependencies.jar"
- />
-
- <!-- Set default for jira.filter.id (0 to use JQL). -->
- <condition property="jira.filter.id" value="0">
- <not>
- <isset property="${jira.filter.id}" />
- </not>
- </condition>
-
- <!-- Execute the JIRA SOAP client -->
- <jirasoapclient
- user="${jira.user}"
- password="${jira.password}"
- releaseVersion="${release.version}"
- filterId="${jira.filter.id}"
- outputFile="${relnotes.src.buglist}"
- reportDisqualifications="${reportDisqualifications}"
- />
-
<generateReleaseNotes
summaryFileName="${relnotes.src.summary}"
bugListFileName="${relnotes.src.buglist}"
View it on GitLab: https://salsa.debian.org/java-team/derby/commit/91b274b9300181a6677d5325aca6b9f698404037
---
View it on GitLab: https://salsa.debian.org/java-team/derby/commit/91b274b9300181a6677d5325aca6b9f698404037
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180516/76fc66c8/attachment.html>
More information about the pkg-java-commits
mailing list