[Git][java-team/libhibernate3-java][master] Import 3.6.10.Final-11
Markus Koschany
gitlab at salsa.debian.org
Sun Jan 3 20:31:47 GMT 2021
Markus Koschany pushed to branch master at Debian Java Maintainers / libhibernate3-java
Commits:
d1ff7556 by Markus Koschany at 2021-01-03T21:31:11+01:00
Import 3.6.10.Final-11
- - - - -
4 changed files:
- debian/changelog
- debian/control
- + debian/patches/CVE-2020-25638.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,18 @@
+libhibernate3-java (3.6.10.Final-11) unstable; urgency=medium
+
+ * Team upload.
+ * Fix CVE-2020-25638:
+ A flaw was found in hibernate-core. A SQL injection in the implementation
+ of the JPA Criteria API can permit unsanitized literals when a literal is
+ used in the SQL comments of the query. This flaw could allow an attacker to
+ access unauthorized information or possibly conduct further attacks. The
+ highest threat from this vulnerability is to data confidentiality and
+ integrity.
+ * Declare compliance with Debian Policy 4.5.1.
+ * Switch to debhelper-compat = 13.
+
+ -- Markus Koschany <apo at debian.org> Sun, 03 Jan 2021 16:45:50 +0100
+
libhibernate3-java (3.6.10.Final-10) unstable; urgency=medium
* Depend on libgeronimo-validation-1.1-spec-java
=====================================
debian/control
=====================================
@@ -8,7 +8,7 @@ Uploaders:
Emmanuel Bourg <ebourg at apache.org>
Build-Depends:
ant,
- debhelper-compat (= 12),
+ debhelper-compat (= 13),
default-jdk,
junit,
libantlr-java,
@@ -36,7 +36,7 @@ Build-Depends:
libproxool-java,
libswarmcache-java,
maven-debian-helper (>= 2.0)
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Vcs-Git: https://salsa.debian.org/java-team/libhibernate3-java.git
Vcs-Browser: https://salsa.debian.org/java-team/libhibernate3-java
Homepage: http://www.hibernate.org
=====================================
debian/patches/CVE-2020-25638.patch
=====================================
@@ -0,0 +1,177 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sun, 3 Jan 2021 14:42:46 +0100
+Subject: CVE-2020-25638
+
+Origin: https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78
+---
+ .../src/main/java/org/hibernate/dialect/Dialect.java | 11 +++++++++++
+ .../src/main/java/org/hibernate/loader/Loader.java | 3 ++-
+ .../src/main/java/org/hibernate/sql/Delete.java | 4 +++-
+ .../src/main/java/org/hibernate/sql/Insert.java | 2 +-
+ .../src/main/java/org/hibernate/sql/InsertSelect.java | 2 +-
+ .../src/main/java/org/hibernate/sql/QuerySelect.java | 2 +-
+ .../src/main/java/org/hibernate/sql/Select.java | 3 ++-
+ .../src/main/java/org/hibernate/sql/SimpleSelect.java | 2 +-
+ .../src/main/java/org/hibernate/sql/Update.java | 2 +-
+ 9 files changed, 23 insertions(+), 8 deletions(-)
+
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/dialect/Dialect.java b/project/hibernate-core/src/main/java/org/hibernate/dialect/Dialect.java
+index 1b0c776..65acb85 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/dialect/Dialect.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/dialect/Dialect.java
+@@ -36,6 +36,7 @@ import java.util.List;
+ import java.util.Map;
+ import java.util.Properties;
+ import java.util.Set;
++import java.util.regex.Pattern;
+
+ import org.slf4j.Logger;
+ import org.slf4j.LoggerFactory;
+@@ -121,6 +122,8 @@ public abstract class Dialect {
+ // TODO: shouldn't SerializableToBlobType be in this list???
+ }
+
++ private static final Pattern ESCAPE_CLOSING_COMMENT_PATTERN = Pattern.compile( "\\*/" );
++ private static final Pattern ESCAPE_OPENING_COMMENT_PATTERN = Pattern.compile( "/\\*" );
+ private final TypeNames typeNames = new TypeNames();
+ private final TypeNames hibernateTypeNames = new TypeNames();
+
+@@ -1654,6 +1657,14 @@ public abstract class Dialect {
+ return false;
+ }
+
++ public static String escapeComment(String comment) {
++ if ( StringHelper.isNotEmpty( comment ) ) {
++ final String escaped = ESCAPE_CLOSING_COMMENT_PATTERN.matcher( comment ).replaceAll( "*\\\\/" );
++ return ESCAPE_OPENING_COMMENT_PATTERN.matcher( escaped ).replaceAll( "/\\\\*" );
++ }
++ return comment;
++ }
++
+ /**
+ * Does this dialect support column-level check constraints?
+ *
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/loader/Loader.java b/project/hibernate-core/src/main/java/org/hibernate/loader/Loader.java
+index 805c7cd..29c9b40 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/loader/Loader.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/loader/Loader.java
+@@ -237,9 +237,10 @@ public abstract class Loader {
+ return sql;
+ }
+ else {
++ String newcomment = Dialect.escapeComment( comment );
+ return new StringBuffer( comment.length() + sql.length() + 5 )
+ .append( "/* " )
+- .append( comment )
++ .append( newcomment )
+ .append( " */ " )
+ .append( sql )
+ .toString();
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/Delete.java b/project/hibernate-core/src/main/java/org/hibernate/sql/Delete.java
+index 6ec17cc..2fcfbb8 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/Delete.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/Delete.java
+@@ -28,6 +28,8 @@ import java.util.Iterator;
+ import java.util.LinkedHashMap;
+ import java.util.Map;
+
++import org.hibernate.dialect.Dialect;
++
+ /**
+ * An SQL <tt>DELETE</tt> statement
+ *
+@@ -55,7 +57,7 @@ public class Delete {
+ public String toStatementString() {
+ StringBuffer buf = new StringBuffer( tableName.length() + 10 );
+ if ( comment!=null ) {
+- buf.append( "/* " ).append(comment).append( " */ " );
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+ buf.append( "delete from " ).append(tableName);
+ if ( where != null || !primaryKeyColumns.isEmpty() || versionColumnName != null ) {
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/Insert.java b/project/hibernate-core/src/main/java/org/hibernate/sql/Insert.java
+index 5d8e232..7672654 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/Insert.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/Insert.java
+@@ -109,7 +109,7 @@ public class Insert {
+ public String toStatementString() {
+ StringBuffer buf = new StringBuffer( columns.size()*15 + tableName.length() + 10 );
+ if ( comment != null ) {
+- buf.append( "/* " ).append( comment ).append( " */ " );
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+ buf.append("insert into ")
+ .append(tableName);
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/InsertSelect.java b/project/hibernate-core/src/main/java/org/hibernate/sql/InsertSelect.java
+index 69a54ea..4887fea 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/InsertSelect.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/InsertSelect.java
+@@ -81,7 +81,7 @@ public class InsertSelect {
+
+ StringBuffer buf = new StringBuffer( (columnNames.size() * 15) + tableName.length() + 10 );
+ if ( comment!=null ) {
+- buf.append( "/* " ).append( comment ).append( " */ " );
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+ buf.append( "insert into " ).append( tableName );
+ if ( !columnNames.isEmpty() ) {
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/QuerySelect.java b/project/hibernate-core/src/main/java/org/hibernate/sql/QuerySelect.java
+index f019782..822444c 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/QuerySelect.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/QuerySelect.java
+@@ -135,7 +135,7 @@ public class QuerySelect {
+
+ public String toQueryString() {
+ StringBuffer buf = new StringBuffer(50);
+- if (comment!=null) buf.append("/* ").append(comment).append(" */ ");
++ if (comment!=null) buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ buf.append("select ");
+ if (distinct) buf.append("distinct ");
+ String from = joins.toFromFragmentString();
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/Select.java b/project/hibernate-core/src/main/java/org/hibernate/sql/Select.java
+index 9a52cd4..0ee9133 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/Select.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/Select.java
+@@ -30,6 +30,7 @@ import org.hibernate.dialect.Dialect;
+ import org.hibernate.util.StringHelper;
+
+
++
+ /**
+ * A simple SQL <tt>SELECT</tt> statement
+ * @author Gavin King
+@@ -59,7 +60,7 @@ public class Select {
+ public String toStatementString() {
+ StringBuffer buf = new StringBuffer(guesstimatedBufferSize);
+ if ( StringHelper.isNotEmpty(comment) ) {
+- buf.append("/* ").append(comment).append(" */ ");
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+
+ buf.append("select ").append(selectClause)
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/SimpleSelect.java b/project/hibernate-core/src/main/java/org/hibernate/sql/SimpleSelect.java
+index 5035eeb..cca2d65 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/SimpleSelect.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/SimpleSelect.java
+@@ -156,7 +156,7 @@ public class SimpleSelect {
+ );
+
+ if ( comment!=null ) {
+- buf.append("/* ").append(comment).append(" */ ");
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+
+ buf.append("select ");
+diff --git a/project/hibernate-core/src/main/java/org/hibernate/sql/Update.java b/project/hibernate-core/src/main/java/org/hibernate/sql/Update.java
+index 400fe7c..b8ea145 100644
+--- a/project/hibernate-core/src/main/java/org/hibernate/sql/Update.java
++++ b/project/hibernate-core/src/main/java/org/hibernate/sql/Update.java
+@@ -181,7 +181,7 @@ public class Update {
+ public String toStatementString() {
+ StringBuffer buf = new StringBuffer( (columns.size() * 15) + tableName.length() + 10 );
+ if ( comment!=null ) {
+- buf.append( "/* " ).append( comment ).append( " */ " );
++ buf.append( "/* " ).append( Dialect.escapeComment( comment ) ).append( " */ " );
+ }
+ buf.append( "update " ).append( tableName ).append( " set " );
+ boolean assignmentsAppended = false;
=====================================
debian/patches/series
=====================================
@@ -1,2 +1,3 @@
0002-disable-tests-for-entitymanager.patch
0004-cglib3-compatibility.patch
+CVE-2020-25638.patch
View it on GitLab: https://salsa.debian.org/java-team/libhibernate3-java/-/commit/d1ff755629f0afe68a759689925978f18a75c998
--
View it on GitLab: https://salsa.debian.org/java-team/libhibernate3-java/-/commit/d1ff755629f0afe68a759689925978f18a75c998
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210103/37e9ef7c/attachment.html>
More information about the pkg-java-commits
mailing list