[Git][java-team/openrefine][master] 3 commits: New upstream version 3.7.5

Markus Koschany (@apo) gitlab at salsa.debian.org
Fri Sep 15 11:42:36 BST 2023



Markus Koschany pushed to branch master at Debian Java Maintainers / openrefine


Commits:
6d639ba3 by Markus Koschany at 2023-09-15T12:37:03+02:00
New upstream version 3.7.5
- - - - -
d9f47d51 by Markus Koschany at 2023-09-15T12:37:14+02:00
Update upstream source from tag 'upstream/3.7.5'

Update to upstream version '3.7.5'
with Debian dir cafb9987d9ffa9476533fe21467f17433c90f494
- - - - -
cf33a9bb by Markus Koschany at 2023-09-15T12:37:47+02:00
Update changelog

- - - - -


20 changed files:

- benchmark/pom.xml
- debian/changelog
- extensions/database/pom.xml
- extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
- extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
- + extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
- extensions/gdata/pom.xml
- extensions/jython/pom.xml
- extensions/pc-axis/pom.xml
- extensions/phonetic/pom.xml
- extensions/pom.xml
- extensions/wikibase/pom.xml
- main/pom.xml
- main/src/com/google/refine/RefineServlet.java
- packaging/pom.xml
- pom.xml
- server/pom.xml


Changes:

=====================================
benchmark/pom.xml
=====================================
@@ -6,7 +6,7 @@
   <parent>
     <artifactId>openrefine</artifactId>
     <groupId>org.openrefine</groupId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <artifactId>benchmark</artifactId>


=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+openrefine (3.7.5-1) unstable; urgency=medium
+
+  * New upstream version 3.7.5.
+
+ -- Markus Koschany <apo at debian.org>  Fri, 15 Sep 2023 12:37:36 +0200
+
 openrefine (3.7.4-1) unstable; urgency=medium
 
   * New upstream version 3.7.4


=====================================
extensions/database/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <build>


=====================================
extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
=====================================
@@ -29,6 +29,9 @@
 
 package com.google.refine.extension.database;
 
+import java.net.URI;
+import java.net.URISyntaxException;
+
 public class DatabaseConfiguration {
 
     private String connectionName;
@@ -123,4 +126,17 @@ public class DatabaseConfiguration {
                 + databaseSchema + ", useSSL=" + useSSL + "]";
     }
 
+    public URI toURI() {
+        try {
+            return new URI(
+                    "jdbc:" + databaseType.toLowerCase(),
+                    databaseHost + ((databasePort == 0) ? "" : (":" + databasePort)),
+                    "/" + databaseName,
+                    useSSL ? "useSSL=true" : null,
+                    null
+            );
+        } catch (URISyntaxException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
 }


=====================================
extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
=====================================
@@ -134,7 +134,7 @@ public class MariaDBConnectionManager {
 
             Class.forName(type.getClassPath());
             DriverManager.setLoginTimeout(10);
-            String dbURL = getDatabaseUrl(databaseConfiguration);
+            String dbURL = databaseConfiguration.toURI().toString();
             connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
                     databaseConfiguration.getDatabasePassword());
 
@@ -162,14 +162,6 @@ public class MariaDBConnectionManager {
                 logger.warn("Non-Managed connection could not be closed. Whoops!", e);
             }
         }
-
     }
 
-    private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
-        int port = dbConfig.getDatabasePort();
-        return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
-                + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
-
-    }
 }


=====================================
extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
=====================================
@@ -129,7 +129,7 @@ public class MySQLConnectionManager {
                     return connection;
                 }
             }
-            String dbURL = getDatabaseUrl(databaseConfiguration);
+            String dbURL = databaseConfiguration.toURI().toString();
             Class.forName(type.getClassPath());
 
             // logger.info("*** type.getClassPath() ::{}, {}**** ", type.getClassPath());
@@ -166,11 +166,4 @@ public class MySQLConnectionManager {
 
     }
 
-    private String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
-        int port = dbConfig.getDatabasePort();
-        return "jdbc:" + dbConfig.getDatabaseType() + "://" + dbConfig.getDatabaseHost()
-                + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName() + "?useSSL=" + dbConfig.isUseSSL();
-
-    }
 }


=====================================
extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
=====================================
@@ -136,7 +136,7 @@ public class PgSQLConnectionManager {
 
             Class.forName(type.getClassPath());
             DriverManager.setLoginTimeout(10);
-            String dbURL = getDatabaseUrl(databaseConfiguration);
+            String dbURL = databaseConfiguration.toURI().toString();
             connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
                     databaseConfiguration.getDatabasePassword());
 
@@ -165,11 +165,4 @@ public class PgSQLConnectionManager {
 
     }
 
-    private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
-        int port = dbConfig.getDatabasePort();
-        return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
-                + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
-
-    }
 }


=====================================
extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
=====================================
@@ -35,6 +35,8 @@ import com.google.refine.extension.database.SQLType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.SQLException;
@@ -66,7 +68,12 @@ public class SQLiteConnectionManager {
     }
 
     public static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-        return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + ":" + dbConfig.getDatabaseName();
+        try {
+            URI uri = new URI("jdbc:" + dbConfig.getDatabaseType().toLowerCase(), dbConfig.getDatabaseName(), null);
+            return uri.toASCIIString();
+        } catch (URISyntaxException e) {
+            throw new IllegalArgumentException(e);
+        }
     }
 
     /**


=====================================
extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
=====================================
@@ -0,0 +1,21 @@
+package com.google.refine.extension.database;
+
+import org.testng.annotations.Test;
+
+import static org.testng.Assert.assertEquals;
+
+public class DatabaseConfigurationTest {
+
+    @Test
+    public void testToURI() {
+        DatabaseConfiguration config = new DatabaseConfiguration();
+        config.setDatabaseType("mysql");
+        config.setDatabaseHost("my.host");
+        // maliciously crafted database name which attempts to enable local file reads for an exploit
+        config.setDatabaseName("test?allowLoadLocalInfile=true#");
+
+        String url = config.toURI().toString();
+        // the database name is escaped, preventing the exploit
+        assertEquals(url, "jdbc:mysql://my.host/test%3FallowLoadLocalInfile=true%23");
+    }
+}


=====================================
extensions/gdata/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <properties>


=====================================
extensions/jython/pom.xml
=====================================
@@ -5,7 +5,7 @@
   <groupId>org.openrefine</groupId>
   <artifactId>jython</artifactId>
   <packaging>jar</packaging>
-  <version>3.7.4</version>
+  <version>3.7.5</version>
 
   <name>OpenRefine - Jython extension</name>
   <description>OpenRefine integration of Python as an expression language</description>
@@ -13,7 +13,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <build>


=====================================
extensions/pc-axis/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <build>


=====================================
extensions/phonetic/pom.xml
=====================================
@@ -5,7 +5,7 @@
   <groupId>org.openrefine</groupId>
   <artifactId>phonetic</artifactId>
   <packaging>jar</packaging>
-  <version>3.7.4</version>
+  <version>3.7.5</version>
 
   <name>OpenRefine - Phonetic clustering extension</name>
   <description>Adds a few advanced phonetic clustering methods</description>
@@ -13,7 +13,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <build>


=====================================
extensions/pom.xml
=====================================
@@ -5,7 +5,7 @@
   <groupId>org.openrefine</groupId>
   <artifactId>extensions</artifactId>
   <packaging>pom</packaging>
-  <version>3.7.4</version>
+  <version>3.7.5</version>
 
   <name>OpenRefine - extensions</name>
   <description>Extensions add importers, exporters and other sorts of features to OpenRefine</description>
@@ -14,7 +14,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>openrefine</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <modules>


=====================================
extensions/wikibase/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>extensions</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <properties>


=====================================
main/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>openrefine</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <properties>


=====================================
main/src/com/google/refine/RefineServlet.java
=====================================
@@ -65,7 +65,7 @@ import edu.mit.simile.butterfly.ButterflyModule;
 
 public class RefineServlet extends Butterfly {
 
-    static private String ASSIGNED_VERSION = "3.7.4";
+    static private String ASSIGNED_VERSION = "3.7.5";
 
     static public String VERSION = "";
     static public String REVISION = "";


=====================================
packaging/pom.xml
=====================================
@@ -10,7 +10,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>openrefine</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
   <properties>
     <rootdir>${basedir}/..</rootdir>


=====================================
pom.xml
=====================================
@@ -5,7 +5,7 @@
   <groupId>org.openrefine</groupId>
   <artifactId>openrefine</artifactId>
   <packaging>pom</packaging>
-  <version>3.7.4</version>
+  <version>3.7.5</version>
 
   <name>OpenRefine</name>
   <description>OpenRefine is a free, open source power tool for working with messy data and improving it</description>


=====================================
server/pom.xml
=====================================
@@ -11,7 +11,7 @@
   <parent>
     <groupId>org.openrefine</groupId>
     <artifactId>openrefine</artifactId>
-    <version>3.7.4</version>
+    <version>3.7.5</version>
   </parent>
 
   <properties>



View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/a1d7328f1a60d7b73ad42ff4ca82dd292ac87e78...cf33a9bb8a015bca7828aa2d42710b974d2ef2e0

-- 
View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/a1d7328f1a60d7b73ad42ff4ca82dd292ac87e78...cf33a9bb8a015bca7828aa2d42710b974d2ef2e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230915/7185bd44/attachment.htm>


More information about the pkg-java-commits mailing list