[Git][java-team/openrefine][master] 3 commits: New upstream version 3.7.5
Markus Koschany (@apo)
gitlab at salsa.debian.org
Fri Sep 15 11:42:36 BST 2023
Markus Koschany pushed to branch master at Debian Java Maintainers / openrefine
Commits:
6d639ba3 by Markus Koschany at 2023-09-15T12:37:03+02:00
New upstream version 3.7.5
- - - - -
d9f47d51 by Markus Koschany at 2023-09-15T12:37:14+02:00
Update upstream source from tag 'upstream/3.7.5'
Update to upstream version '3.7.5'
with Debian dir cafb9987d9ffa9476533fe21467f17433c90f494
- - - - -
cf33a9bb by Markus Koschany at 2023-09-15T12:37:47+02:00
Update changelog
- - - - -
20 changed files:
- benchmark/pom.xml
- debian/changelog
- extensions/database/pom.xml
- extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
- extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
- extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
- + extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
- extensions/gdata/pom.xml
- extensions/jython/pom.xml
- extensions/pc-axis/pom.xml
- extensions/phonetic/pom.xml
- extensions/pom.xml
- extensions/wikibase/pom.xml
- main/pom.xml
- main/src/com/google/refine/RefineServlet.java
- packaging/pom.xml
- pom.xml
- server/pom.xml
Changes:
=====================================
benchmark/pom.xml
=====================================
@@ -6,7 +6,7 @@
<parent>
<artifactId>openrefine</artifactId>
<groupId>org.openrefine</groupId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<artifactId>benchmark</artifactId>
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+openrefine (3.7.5-1) unstable; urgency=medium
+
+ * New upstream version 3.7.5.
+
+ -- Markus Koschany <apo at debian.org> Fri, 15 Sep 2023 12:37:36 +0200
+
openrefine (3.7.4-1) unstable; urgency=medium
* New upstream version 3.7.4
=====================================
extensions/database/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<build>
=====================================
extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java
=====================================
@@ -29,6 +29,9 @@
package com.google.refine.extension.database;
+import java.net.URI;
+import java.net.URISyntaxException;
+
public class DatabaseConfiguration {
private String connectionName;
@@ -123,4 +126,17 @@ public class DatabaseConfiguration {
+ databaseSchema + ", useSSL=" + useSSL + "]";
}
+ public URI toURI() {
+ try {
+ return new URI(
+ "jdbc:" + databaseType.toLowerCase(),
+ databaseHost + ((databasePort == 0) ? "" : (":" + databasePort)),
+ "/" + databaseName,
+ useSSL ? "useSSL=true" : null,
+ null
+ );
+ } catch (URISyntaxException e) {
+ throw new IllegalArgumentException(e);
+ }
+ }
}
=====================================
extensions/database/src/com/google/refine/extension/database/mariadb/MariaDBConnectionManager.java
=====================================
@@ -134,7 +134,7 @@ public class MariaDBConnectionManager {
Class.forName(type.getClassPath());
DriverManager.setLoginTimeout(10);
- String dbURL = getDatabaseUrl(databaseConfiguration);
+ String dbURL = databaseConfiguration.toURI().toString();
connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
databaseConfiguration.getDatabasePassword());
@@ -162,14 +162,6 @@ public class MariaDBConnectionManager {
logger.warn("Non-Managed connection could not be closed. Whoops!", e);
}
}
-
}
- private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
- int port = dbConfig.getDatabasePort();
- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
-
- }
}
=====================================
extensions/database/src/com/google/refine/extension/database/mysql/MySQLConnectionManager.java
=====================================
@@ -129,7 +129,7 @@ public class MySQLConnectionManager {
return connection;
}
}
- String dbURL = getDatabaseUrl(databaseConfiguration);
+ String dbURL = databaseConfiguration.toURI().toString();
Class.forName(type.getClassPath());
// logger.info("*** type.getClassPath() ::{}, {}**** ", type.getClassPath());
@@ -166,11 +166,4 @@ public class MySQLConnectionManager {
}
- private String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
- int port = dbConfig.getDatabasePort();
- return "jdbc:" + dbConfig.getDatabaseType() + "://" + dbConfig.getDatabaseHost()
- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName() + "?useSSL=" + dbConfig.isUseSSL();
-
- }
}
=====================================
extensions/database/src/com/google/refine/extension/database/pgsql/PgSQLConnectionManager.java
=====================================
@@ -136,7 +136,7 @@ public class PgSQLConnectionManager {
Class.forName(type.getClassPath());
DriverManager.setLoginTimeout(10);
- String dbURL = getDatabaseUrl(databaseConfiguration);
+ String dbURL = databaseConfiguration.toURI().toString();
connection = DriverManager.getConnection(dbURL, databaseConfiguration.getDatabaseUser(),
databaseConfiguration.getDatabasePassword());
@@ -165,11 +165,4 @@ public class PgSQLConnectionManager {
}
- private static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
-
- int port = dbConfig.getDatabasePort();
- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + "://" + dbConfig.getDatabaseHost()
- + ((port == 0) ? "" : (":" + port)) + "/" + dbConfig.getDatabaseName();
-
- }
}
=====================================
extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java
=====================================
@@ -35,6 +35,8 @@ import com.google.refine.extension.database.SQLType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
@@ -66,7 +68,12 @@ public class SQLiteConnectionManager {
}
public static String getDatabaseUrl(DatabaseConfiguration dbConfig) {
- return "jdbc:" + dbConfig.getDatabaseType().toLowerCase() + ":" + dbConfig.getDatabaseName();
+ try {
+ URI uri = new URI("jdbc:" + dbConfig.getDatabaseType().toLowerCase(), dbConfig.getDatabaseName(), null);
+ return uri.toASCIIString();
+ } catch (URISyntaxException e) {
+ throw new IllegalArgumentException(e);
+ }
}
/**
=====================================
extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java
=====================================
@@ -0,0 +1,21 @@
+package com.google.refine.extension.database;
+
+import org.testng.annotations.Test;
+
+import static org.testng.Assert.assertEquals;
+
+public class DatabaseConfigurationTest {
+
+ @Test
+ public void testToURI() {
+ DatabaseConfiguration config = new DatabaseConfiguration();
+ config.setDatabaseType("mysql");
+ config.setDatabaseHost("my.host");
+ // maliciously crafted database name which attempts to enable local file reads for an exploit
+ config.setDatabaseName("test?allowLoadLocalInfile=true#");
+
+ String url = config.toURI().toString();
+ // the database name is escaped, preventing the exploit
+ assertEquals(url, "jdbc:mysql://my.host/test%3FallowLoadLocalInfile=true%23");
+ }
+}
=====================================
extensions/gdata/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<properties>
=====================================
extensions/jython/pom.xml
=====================================
@@ -5,7 +5,7 @@
<groupId>org.openrefine</groupId>
<artifactId>jython</artifactId>
<packaging>jar</packaging>
- <version>3.7.4</version>
+ <version>3.7.5</version>
<name>OpenRefine - Jython extension</name>
<description>OpenRefine integration of Python as an expression language</description>
@@ -13,7 +13,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<build>
=====================================
extensions/pc-axis/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<build>
=====================================
extensions/phonetic/pom.xml
=====================================
@@ -5,7 +5,7 @@
<groupId>org.openrefine</groupId>
<artifactId>phonetic</artifactId>
<packaging>jar</packaging>
- <version>3.7.4</version>
+ <version>3.7.5</version>
<name>OpenRefine - Phonetic clustering extension</name>
<description>Adds a few advanced phonetic clustering methods</description>
@@ -13,7 +13,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<build>
=====================================
extensions/pom.xml
=====================================
@@ -5,7 +5,7 @@
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
<packaging>pom</packaging>
- <version>3.7.4</version>
+ <version>3.7.5</version>
<name>OpenRefine - extensions</name>
<description>Extensions add importers, exporters and other sorts of features to OpenRefine</description>
@@ -14,7 +14,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>openrefine</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<modules>
=====================================
extensions/wikibase/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>extensions</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<properties>
=====================================
main/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>openrefine</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<properties>
=====================================
main/src/com/google/refine/RefineServlet.java
=====================================
@@ -65,7 +65,7 @@ import edu.mit.simile.butterfly.ButterflyModule;
public class RefineServlet extends Butterfly {
- static private String ASSIGNED_VERSION = "3.7.4";
+ static private String ASSIGNED_VERSION = "3.7.5";
static public String VERSION = "";
static public String REVISION = "";
=====================================
packaging/pom.xml
=====================================
@@ -10,7 +10,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>openrefine</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<properties>
<rootdir>${basedir}/..</rootdir>
=====================================
pom.xml
=====================================
@@ -5,7 +5,7 @@
<groupId>org.openrefine</groupId>
<artifactId>openrefine</artifactId>
<packaging>pom</packaging>
- <version>3.7.4</version>
+ <version>3.7.5</version>
<name>OpenRefine</name>
<description>OpenRefine is a free, open source power tool for working with messy data and improving it</description>
=====================================
server/pom.xml
=====================================
@@ -11,7 +11,7 @@
<parent>
<groupId>org.openrefine</groupId>
<artifactId>openrefine</artifactId>
- <version>3.7.4</version>
+ <version>3.7.5</version>
</parent>
<properties>
View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/a1d7328f1a60d7b73ad42ff4ca82dd292ac87e78...cf33a9bb8a015bca7828aa2d42710b974d2ef2e0
--
View it on GitLab: https://salsa.debian.org/java-team/openrefine/-/compare/a1d7328f1a60d7b73ad42ff4ca82dd292ac87e78...cf33a9bb8a015bca7828aa2d42710b974d2ef2e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230915/7185bd44/attachment.htm>
More information about the pkg-java-commits
mailing list