[jboss-cvs] Repository SVN: r2182 - in hsqldb: 1.8.0.8.patch01-brew and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 18 12:32:01 EST 2007
Author: fnasser at redhat.com
Date: 2007-12-18 12:32:00 -0500 (Tue, 18 Dec 2007)
New Revision: 2182
Added:
hsqldb/1.8.0.8.patch01-brew/
hsqldb/1.8.0.8.patch01-brew/component-info.xml
hsqldb/1.8.0.8.patch01-brew/lib/
hsqldb/1.8.0.8.patch01-brew/lib/hsqldb.jar
hsqldb/1.8.0.8.patch01-brew/src/
hsqldb/1.8.0.8.patch01-brew/src/hsqldb-1.8.0.8-backport.patch
hsqldb/1.8.0.8.patch01-brew/src/hsqldb-tmp.patch
hsqldb/1.8.0.8.patch01-brew/src/hsqldb_1_8_0_8.zip
Log:
Add version with fix for CVE-2007-4576
Added: hsqldb/1.8.0.8.patch01-brew/component-info.xml
===================================================================
--- hsqldb/1.8.0.8.patch01-brew/component-info.xml (rev 0)
+++ hsqldb/1.8.0.8.patch01-brew/component-info.xml 2007-12-18 17:32:00 UTC (rev 2182)
@@ -0,0 +1,15 @@
+<project name="hsqldb-component-info">
+ <component id="hsqldb"
+ version="1.8.0.8.patch01-brew"
+ licenseType="hsqldb"
+ projectHome="http://hsqldb.org/"
+ description="Java relational database engine supporting a subset of ANSI-92 SQL plus SQL 99 and 2003 enhancements (with fix for CVE-2007-4576)"
+ scm=":ext:cvs.devel.redhat.com:/cvs/dist/hsqldb"
+ tag="hsqldb-1_8_0_8-2_patch01_1jpp_ep1_1">
+ <!-- Built using JDK 1.4 -->
+ <artifact id="hsqldb.jar"/>
+ <export>
+ <include input="hsqldb.jar"/>
+ </export>
+ </component>
+</project>
Added: hsqldb/1.8.0.8.patch01-brew/lib/hsqldb.jar
===================================================================
(Binary files differ)
Property changes on: hsqldb/1.8.0.8.patch01-brew/lib/hsqldb.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: hsqldb/1.8.0.8.patch01-brew/src/hsqldb-1.8.0.8-backport.patch
===================================================================
--- hsqldb/1.8.0.8.patch01-brew/src/hsqldb-1.8.0.8-backport.patch (rev 0)
+++ hsqldb/1.8.0.8.patch01-brew/src/hsqldb-1.8.0.8-backport.patch 2007-12-18 17:32:00 UTC (rev 2182)
@@ -0,0 +1,90 @@
+--- hsqldb/src/org/hsqldb/persist/HsqlDatabaseProperties.java.orig 2007-10-19 13:25:36.000000000 -0400
++++ hsqldb/src/org/hsqldb/persist/HsqlDatabaseProperties.java 2007-10-23 14:54:25.000000000 -0400
+@@ -44,6 +44,7 @@ import org.hsqldb.lib.Set;
+ import org.hsqldb.lib.SimpleLog;
+ import org.hsqldb.lib.java.JavaSystem;
+ import org.hsqldb.store.ValuePool;
++import org.hsqldb.lib.StringUtil;
+
+ /**
+ * Manages a .properties file for a database.
+@@ -53,6 +54,53 @@ import org.hsqldb.store.ValuePool;
+ * @since 1.7.0
+ */
+ public class HsqlDatabaseProperties extends HsqlProperties {
++ private static String hsqldb_method_class_names =
++ "hsqldb.method_class_names";
++ private static HashSet accessibleJavaMethodNames;
++
++ static {
++ try {
++ String prop = System.getProperty(hsqldb_method_class_names);
++
++ if (prop != null) {
++ accessibleJavaMethodNames = new HashSet();
++
++ String[] names = StringUtil.split(prop, ";");
++
++ for (int i = 0; i < names.length; i++) {
++ accessibleJavaMethodNames.add(names[i]);
++ }
++ }
++ } catch (Exception e) {}
++ }
++
++ /**
++ * If the system property "hsqldb.method_class_names" is not set, then
++ * static methods of all available Java classes can be accessed as functions
++ * in HSQLDB. If the property is set, then only the list of semicolon
++ * seperated method names becomes accessible. An empty property value means
++ * no class is accessible.<p>
++ *
++ * All methods of org.hsqldb.Library are always accessible.
++ *
++ *
++ */
++ public static boolean supportsJavaMethod(String name) {
++
++ if (name.startsWith("org.hsqldb.Library")) {
++ return true;
++ }
++
++ if (accessibleJavaMethodNames == null) {
++ return true;
++ }
++
++ if (accessibleJavaMethodNames.contains(name)) {
++ return true;
++ }
++
++ return false;
++ }
+
+ // column number mappings
+ public static final int indexName = 0;
+--- hsqldb/src/org/hsqldb/Database.java.orig 2007-10-19 13:24:32.000000000 -0400
++++ hsqldb/src/org/hsqldb/Database.java 2007-10-23 14:55:07.000000000 -0400
+@@ -473,12 +473,19 @@ public class Database {
+ * the given method alias. If there is no Java method, then returns the
+ * alias itself.
+ */
+- String getJavaName(String s) {
++ String getJavaName(String name) throws HsqlException {
+
+- String alias = (String) hAlias.get(s);
++ String target = (String) hAlias.get(name);
+
+- return (alias == null) ? s
+- : alias;
++ if (target == null) {
++ target = name;
++ }
++
++ if (HsqlDatabaseProperties.supportsJavaMethod(target)) {
++ return target;
++ }
++
++ throw Trace.error(Trace.ACCESS_IS_DENIED, target);
+ }
+
+ /**
Added: hsqldb/1.8.0.8.patch01-brew/src/hsqldb-tmp.patch
===================================================================
--- hsqldb/1.8.0.8.patch01-brew/src/hsqldb-tmp.patch (rev 0)
+++ hsqldb/1.8.0.8.patch01-brew/src/hsqldb-tmp.patch 2007-12-18 17:32:00 UTC (rev 2182)
@@ -0,0 +1,15 @@
+diff -ur hsqldb.orig/bin/hsqldb hsqldb/bin/hsqldb
+--- hsqldb.orig/bin/hsqldb 2006-09-05 10:37:12.000000000 -0400
++++ hsqldb/bin/hsqldb 2006-09-05 10:50:45.000000000 -0400
+@@ -110,7 +110,10 @@
+ SU_ECHO_SECS=1
+ # File used as semaphore. If file is removed, a running pid checker
+ # process will exit.
+-PIDCHECKER_FLAGFILE=/tmp/pidchecker.run
++PIDCHECKER_FLAGFILE=`mktemp /tmp/hsqldb.XXXXXXXX`
++if [ x"$PIDCHECKER_FLAGFILE" = "x" ] ; then
++ echo "unable to create tmp file"; exit 1
++fi
+ # The following settings get overridden by optional setting in the config file.
+ # Time to allow for JVM to die after all HSQLDB instances stopped.
+ MAX_TERMINATE_SECS=1
Added: hsqldb/1.8.0.8.patch01-brew/src/hsqldb_1_8_0_8.zip
===================================================================
(Binary files differ)
Property changes on: hsqldb/1.8.0.8.patch01-brew/src/hsqldb_1_8_0_8.zip
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list