[Git][java-team/openrefine][bookworm] 2 commits: Fix CVE-2023-41887-and-CVE-2023-41886
Markus Koschany (@apo)
gitlab at salsa.debian.org
Wed Oct 4 14:20:23 BST 2023
Markus Koschany pushed to branch bookworm at Debian Java Maintainers / openrefine
Commits:
434cdc9c by Markus Koschany at 2023-10-04T15:02:22+02:00
Fix CVE-2023-41887-and-CVE-2023-41886
- - - - -
97013005 by Markus Koschany at 2023-10-04T15:07:06+02:00
Update changelog
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2023-41887-and-CVE-2023-41886.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+openrefine (3.6.2-2+deb12u2) bookworm; urgency=medium
+
+ * Fix CVE-2023-41887 and CVE-2023-41886:
+ OpenRefine is a powerful free, open source tool for working with messy
+ data. Prior to this version, a remote code execution vulnerability allows
+ any unauthenticated user to execute code on the server.
+
+ -- Markus Koschany <apo at debian.org> Wed, 04 Oct 2023 15:02:45 +0200
+
openrefine (3.6.2-2+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-37476:
=====================================
debian/patches/CVE-2023-41887-and-CVE-2023-41886.patch
=====================================
@@ -0,0 +1,183 @@
+From: Markus Koschany <apo at debian.org>
+Date: Wed, 4 Oct 2023 14:39:55 +0200
+Subject: CVE-2023-41887 and CVE-2023-41886
+
+Origin: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511
+---
+ .../extension/database/DatabaseConfiguration.java | 16 ++++++++++++++++
+ .../database/mariadb/MariaDBConnectionManager.java | 12 +-----------
+ .../database/mysql/MySQLConnectionManager.java | 11 +----------
+ .../database/pgsql/PgSQLConnectionManager.java | 11 +----------
+ .../database/sqlite/SQLiteConnectionManager.java | 9 ++++++++-
+ .../database/DatabaseConfigurationTest.java | 21 +++++++++++++++++++++
+ 6 files changed, 48 insertions(+), 32 deletions(-)
+ create mode 100644 extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
+
+diff --git a/extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java b/extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
+index 47dad7f..3f0dd57 100644
+--- a/extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
++++ b/extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
+@@ -29,6 +29,9 @@
+ package com.google.refine.extension.database;
+
+
++import java.net.URI;
++import java.net.URISyntaxException;
++
+ public class DatabaseConfiguration {
+
+ private String connectionName;
+@@ -128,4 +131,17 @@ public class DatabaseConfiguration {
+
+
+
++ public URI toURI() {
++ try {
++ return new URI(
++ "jdbc:" + databaseType.toLowerCase(),
++ databaseHost + ((databasePort == 0) ? "" : (":" + databasePort)),
++ "/" + databaseName,
++ useSSL ? "useSSL=true" : null,
++ null
++ );
++ } catch (URISyntaxException e) {
++ throw new IllegalArgumentException(e);
++ }
++ }
+ }
+diff --git a/extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java b/extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
+index 4af014a..04c7dc8 100644
+--- a/extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
++++ b/extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
+@@ -139,7 +139,7 @@ public class MariaDBConnectionManager {
+
+ Class.forName(type.getClassPath());
+ DriverManager.setLoginTimeout(10);
+- String dbURL = getDatabaseUrl(databaseConfiguration);
++ String dbURL = databaseConfiguration.toURI().toString();
+ connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
+ databaseConfiguration.getDatabasePassword());
+
+@@ -173,14 +173,4 @@ public class MariaDBConnectionManager {
+ }
+
+ }
+-
+-
+-
+- private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
+-
+- int port = dbConfig.getDatabasePort();
+- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
+- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
+-
+- }
+ }
+diff --git a/extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java b/extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
+index 9e81fd2..ac11dfe 100644
+--- a/extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
++++ b/extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
+@@ -131,7 +131,7 @@ public class MySQLConnectionManager {
+ return connection;
+ }
+ }
+- String dbURL = getDatabaseUrl(databaseConfiguration);
++ String dbURL = databaseConfiguration.toURI().toString();
+ Class.forName(type.getClassPath());
+
+ //logger.info("*** type.getClassPath() ::{}, {}**** ", type.getClassPath());
+@@ -171,13 +171,4 @@ public class MySQLConnectionManager {
+ }
+
+ }
+-
+-
+- private String getDatabaseUrl(DatabaseConfiguration dbConfig) {
+-
+- int port = dbConfig.getDatabasePort();
+- return "jdbc:" + dbConfig.getDatabaseType() + "://" + dbConfig.getDatabaseHost()
+- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName() + "?useSSL=" + dbConfig.isUseSSL();
+-
+- }
+ }
+diff --git a/extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java b/extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
+index bef6c9a..156997f 100644
+--- a/extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
++++ b/extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
+@@ -142,7 +142,7 @@ public class PgSQLConnectionManager {
+
+ Class.forName(type.getClassPath());
+ DriverManager.setLoginTimeout(10);
+- String dbURL = getDatabaseUrl(databaseConfiguration);
++ String dbURL = databaseConfiguration.toURI().toString();
+ connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
+ databaseConfiguration.getDatabasePassword());
+
+@@ -173,13 +173,4 @@ public class PgSQLConnectionManager {
+ }
+
+ }
+-
+-
+- private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
+-
+- int port = dbConfig.getDatabasePort();
+- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
+- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
+-
+- }
+ }
+diff --git a/extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java b/extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
+index 5b9b4cf..7d42e00 100644
+--- a/extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
++++ b/extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
+@@ -35,6 +35,8 @@ import com.google.refine.extension.database.SQLType;
+ import org.slf4j.Logger;
+ import org.slf4j.LoggerFactory;
+
++import java.net.URI;
++import java.net.URISyntaxException;
+ import java.sql.Connection;
+ import java.sql.DriverManager;
+ import java.sql.SQLException;
+@@ -66,7 +68,12 @@ public class SQLiteConnectionManager {
+ }
+
+ public static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
+- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + ":" + dbConfig.getDatabaseName();
++ try {
++ URI uri = new URI("jdbc:" + dbConfig.getDatabaseType().toLowerCase(), dbConfig.getDatabaseName(), null);
++ return uri.toASCIIString();
++ } catch (URISyntaxException e) {
++ throw new IllegalArgumentException(e);
++ }
+ }
+
+ /**
+diff --git a/extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java b/extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
+new file mode 100644
+index 0000000..5a571e8
+--- /dev/null
++++ b/extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
+@@ -0,0 +1,21 @@
++package com.google.refine.extension.database;
++
++import org.testng.annotations.Test;
++
++import static org.testng.Assert.assertEquals;
++
++public class DatabaseConfigurationTest {
++
++ @Test
++ public void testToURI() {
++ DatabaseConfiguration config = new DatabaseConfiguration();
++ config.setDatabaseType("mysql");
++ config.setDatabaseHost("my.host");
++ // maliciously crafted database name which attempts to enable local file reads for an exploit
++ config.setDatabaseName("test?allowLoadLocalInfile=true#");
++
++ String url = config.toURI().toString();
++ // the database name is escaped, preventing the exploit
++ assertEquals(url, "jdbc:mysql://my.host/test%3FallowLoadLocalInfile=true%23");
++ }
++}
=====================================
debian/patches/series
=====================================
@@ -5,3 +5,4 @@ log4j-api.patch
no-java-files.patch
gdata-extension.patch
CVE-2023-37476.patch
+CVE-2023-41887-and-CVE-2023-41886.patch
View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/f478d899cd97bc614bddd723f5d4973ec9e23db3...970130057b9f72545d968bcc17e54890fe5e6b45
--
View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/f478d899cd97bc614bddd723f5d4973ec9e23db3...970130057b9f72545d968bcc17e54890fe5e6b45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20231004/3be98cfd/attachment.htm>
More information about the pkg-java-commits
mailing list