!24 9.8分的CVE-2022-46337

From: @dillon_chen 
Reviewed-by: @zhengzhenyu 
Signed-off-by: @zhengzhenyu

CVE-2022-46337.patch

@@ -0,0 +1,159 @@
+Origin: https://svn.apache.org/viewvc?view=revision&revision=1905586
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056755
+Forwarded: not-needed
+
+--
+--- a/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java
++++ b/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java
+@@ -191,6 +191,54 @@
+ 	
+ 
+     /**
++     * Given an LDAP search string, returns the string with certain characters
++     * escaped according to RFC 2254 guidelines. Cribbed from org.apache.catalina.realm.JNDIRealm.
++     *
++     * The character mapping is as follows:
++     *     char ->  Replacement
++     *    ---------------------------
++     *     *  -> \2a
++     *     (  -> \28
++     *     )  -> \29
++     *     \  -> \5c
++     *     \0 -> \00
++     *
++     * @param inString string to escape according to RFC 2254 guidelines
++     *
++     * @return String the escaped/encoded result
++     */
++    protected String doFilterEscaping(String inString) {
++        if (inString == null) {
++            return null;
++        }
++        StringBuilder buf = new StringBuilder(inString.length());
++        for (int i = 0; i < inString.length(); i++) {
++            char c = inString.charAt(i);
++            switch (c) {
++                case '\\':
++                    buf.append("\\5c");
++                    break;
++                case '*':
++                    buf.append("\\2a");
++                    break;
++                case '(':
++                    buf.append("\\28");
++                    break;
++                case ')':
++                    buf.append("\\29");
++                    break;
++                case '\0':
++                    buf.append("\\00");
++                    break;
++                default:
++                    buf.append(c);
++                    break;
++            }
++        }
++        return buf.toString();
++    }
++
++    /**
+      * Call new InitialDirContext in a privilege block
+      * @param env environment used to create the initial DirContext. Null indicates an empty environment.
+      * @return an initial DirContext using the supplied environment. 
+@@ -411,7 +459,10 @@
+ 	private String getDNFromUID(String uid)
+ 		throws javax.naming.NamingException
+ 	{
+-		//
++            // Escape the uid as a defense against LDAP injection. See DERBY-7147.
++            uid = doFilterEscaping(uid);
++
++                //
+ 		// We bind to the LDAP server here
+ 		// Note that this bind might be anonymous (if anonymous searches
+ 		// are allowed in the LDAP server, or authenticated if we were
+--- /dev/null
++++ b/tools/release/notices/tomcat.txt
+@@ -0,0 +1,72 @@
++Derby uses the org.apache.catalina.realm.JNDIRealm.doFilterEscaping()
++routine from the Apache Tomcat project. The following notice covers
++the Tomcat sources:
++
++Apache Tomcat
++Copyright 1999-2022 The Apache Software Foundation
++
++This product includes software developed at
++The Apache Software Foundation (https://www.apache.org/).
++
++This software contains code derived from netty-native
++developed by the Netty project
++(https://netty.io, https://github.com/netty/netty-tcnative/)
++and from finagle-native developed at Twitter
++(https://github.com/twitter/finagle).
++
++This software contains code derived from jgroups-kubernetes
++developed by the JGroups project (http://www.jgroups.org/).
++
++The Windows Installer is built with the Nullsoft
++Scriptable Install System (NSIS), which is
++open source software.  The original software and
++related information is available at
++http://nsis.sourceforge.net.
++
++Java compilation software for JSP pages is provided by the Eclipse
++JDT Core Batch Compiler component, which is open source software.
++The original software and related information is available at
++https://www.eclipse.org/jdt/core/.
++
++org.apache.tomcat.util.json.JSONParser.jj is a public domain javacc grammar
++for JSON written by Robert Fischer.
++https://github.com/RobertFischer/json-parser
++
++For portions of the Tomcat JNI OpenSSL API and the OpenSSL JSSE integration
++The org.apache.tomcat.jni and the org.apache.tomcat.net.openssl packages
++are derivative work originating from the Netty project and the finagle-native
++project developed at Twitter
++* Copyright 2014 The Netty Project
++* Copyright 2014 Twitter
++
++For portions of the Tomcat cloud support
++The org.apache.catalina.tribes.membership.cloud package contains derivative
++work originating from the jgroups project.
++https://github.com/jgroups-extras/jgroups-kubernetes
++Copyright 2002-2018 Red Hat Inc.
++
++The original XML Schemas for Java EE Deployment Descriptors:
++ - javaee_5.xsd
++ - javaee_web_services_1_2.xsd
++ - javaee_web_services_client_1_2.xsd
++ - javaee_6.xsd
++ - javaee_web_services_1_3.xsd
++ - javaee_web_services_client_1_3.xsd
++ - jsp_2_2.xsd
++ - web-app_3_0.xsd
++ - web-common_3_0.xsd
++ - web-fragment_3_0.xsd
++ - javaee_7.xsd
++ - javaee_web_services_1_4.xsd
++ - javaee_web_services_client_1_4.xsd
++ - jsp_2_3.xsd
++ - web-app_3_1.xsd
++ - web-common_3_1.xsd
++ - web-fragment_3_1.xsd
++ - javaee_8.xsd
++ - web-app_4_0.xsd
++ - web-common_4_0.xsd
++ - web-fragment_4_0.xsd
++
++may be obtained from:
++http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html
+--- a/build.xml
++++ b/build.xml
+@@ -2022,6 +2022,7 @@
+      <antcall target="appendnotice"><param name="sourcefile" value="felix.txt"/></antcall>
+      <antcall target="appendnotice"><param name="sourcefile" value="lucene.txt"/></antcall>
+      <antcall target="appendnotice"><param name="sourcefile" value="simpleJson.txt"/></antcall>
++     <antcall target="appendnotice"><param name="sourcefile" value="tomcat.txt"/></antcall>
+      
+       <antcall target="checkinfile">
+          <param name="checkinComment" value="Check in NOTICE as part of building a release."/>

derby-javacc.patch

@@ -0,0 +1,21 @@
+--- ./java/tools/org/apache/derby/impl/tools/ij/UCode_CharStream.java.orig	2017-02-10 16:11:32.668177524 +0000
++++ ./java/tools/org/apache/derby/impl/tools/ij/UCode_CharStream.java	2017-02-10 16:52:46.219879419 +0000
+@@ -50,6 +50,9 @@
+   private int maxNextCharInd = 0;
+   private int nextCharInd = -1;
+ 
++  private int tabSize = 1;
++  private boolean trackLineColumn = true;
++
+   private final void ExpandBuff(boolean wrapAround)
+   {
+      char[] newbuffer = new char[bufsize + 2048];
+@@ -414,4 +417,8 @@
+      column = bufcolumn[j];
+   }
+ 
++  public int getTabSize() { return tabSize; }
++  public void setTabSize(int i) { tabSize = i; }
++  public boolean getTrackLineColumn() { return trackLineColumn; }
++  public void setTrackLineColumn(boolean tlc) { trackLineColumn = tlc; }
+ }

derby-lucene.patch

@@ -0,0 +1,25 @@
+--- java/optional/org/apache/derby/optional/api/LuceneUtils.java.orig	2015-06-18 17:39:57.626721793 +0100
++++ java/optional/org/apache/derby/optional/api/LuceneUtils.java	2015-06-18 17:40:24.430371127 +0100
+@@ -108,21 +108,7 @@
+     @SuppressWarnings("deprecation")
+     public  static  Version currentVersion()
+     {
+-        Version retval = null;
+-
+-        // the current version is the highest one
+-        for ( Version current : Version.values() )
+-        {
+-            if ( current == Version.LUCENE_CURRENT ) { continue; }
+-            
+-            if ( retval == null ) { retval = current; }
+-            else
+-            {
+-                if ( current.onOrAfter( retval ) ) { retval = current; }
+-            }
+-        }
+-        
+-        return retval;
++        return Version.LATEST;
+     }
+ 
+     /**

derby-script

@@ -0,0 +1,63 @@
+#!/bin/bash
+# 
+# Derby script
+# Lubomir Rintel <lkundrak@v3.sk>
+
+# Source functions library
+if [ -f /usr/share/java-utils/java-functions ] ; then 
+	. /usr/share/java-utils/java-functions
+else
+	echo "Can't find functions library, aborting"
+	exit 1
+fi
+
+# Configuration
+SCRIPT_PATH=$0
+PROGNAME=$(basename $SCRIPT_PATH |sed 's/^derby-//')
+
+# Wrappers
+[ $PROGNAME = ij ]		&& MAIN_CLASS=org.apache.derby.tools.ij
+[ $PROGNAME = sysinfo ]		&& MAIN_CLASS=org.apache.derby.tools.sysinfo
+[ $PROGNAME = NetworkServerControl ] && MAIN_CLASS=org.apache.derby.drda.NetworkServerControl
+[ $PROGNAME = startNetworkServer ] && MAIN_CLASS=org.apache.derby.drda.NetworkServerControl
+[ $PROGNAME = stopNetworkServer ] && MAIN_CLASS=org.apache.derby.drda.NetworkServerControl
+
+# Default parameters
+[ $PROGNAME = startNetworkServer ] && set -- start "$@"
+[ $PROGNAME = stopNetworkServer ] && set -- shutdown "$@"
+
+# Load system-wide configuration
+if [ -f /etc/derby.conf ]; then
+  . /etc/derby.conf
+fi
+
+# Load user configuration
+[ -f "$HOME/.derbyrc" ] && . "$HOME/.derbyrc"
+[ -f "$HOME/.derby/startup" ] && . "$HOME/.derby/startup"
+
+# Bail out if there's nothing to run
+if [ -z "$MAIN_CLASS" ]
+then
+	echo "Can not determine main class for '$PROGNAME'" >&2
+	exit 1
+fi
+
+# Not loading all of derby, so that secure class loader
+# can kick in
+BASE_JARS="$BASE_JARS derby/derby"
+BASE_JARS="$BASE_JARS derby/derbynet"
+BASE_JARS="$BASE_JARS derby/derbytools"
+BASE_JARS="$BASE_JARS derby/derbyclient"
+
+# Set parameters
+set_jvm
+set_classpath $BASE_JARS
+set_flags $BASE_FLAGS
+set_options $BASE_OPTIONS $DERBY_OPTS
+
+# Add locales in a rather dirty way
+CLASSPATH=$CLASSPATH:$(build-classpath derby |sed 's/:/\n/g' |
+	grep derbyLocale |xargs echo |sed 's/ /:/g')
+
+# Let's start
+run "$@"

derby.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Apache Derby Database Network Server
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/var/lib/derby
+StandardOutput=syslog
+User=derby
+ExecStart=/usr/bin/derby-NetworkServerControl start
+ExecStop=/usr/bin/derby-NetworkServerControl shutdown
+
+[Install]
+WantedBy=multi-user.target

derby.spec

@@ -0,0 +1,130 @@
+Name:                derby
+Version:             10.14.2.0
+Release:             1
+Summary:             Relational database implemented entirely in Java
+License:             ASL 2.0
+URL:                 http://db.apache.org/derby/
+Source0:             http://archive.apache.org/dist/db/derby/db-derby-%{version}/db-derby-%{version}-src.tar.gz
+Source1:             derby-script
+Source2:             derby.service
+Patch1:              derby-javacc.patch
+Patch2:              derby-lucene.patch
+Patch3:              CVE-2022-46337.patch
+
+BuildRequires:       apache-parent javapackages-local glassfish-servlet-api jakarta-oro javacc
+BuildRequires:       json_simple lucene4 junit ant systemd
+Requires(pre):       shadow-utils
+Requires(post):      systemd
+Requires(preun):     systemd
+Requires(postun):    systemd
+Requires:            javapackages-tools
+BuildArch:           noarch
+
+%description
+Apache Derby, an Apache DB sub-project, is a relational database implemented
+entirely in Java. Some key advantages include a small footprint, conformance
+to Java, JDBC, and SQL standards and embedded JDBC driver.
+
+%package javadoc
+Summary:             API documentation for derby.
+
+%description javadoc
+%{summary}.
+
+%prep
+%setup -q -c
+find -name '*.jar' -delete
+find -name '*.class' -delete
+pushd db-derby-%{version}-src
+%patch1 -p0
+%patch2 -p0
+%patch3 -p1
+sed -i -e '/Class-Path/d' build.xml
+sed -e 's/initjars,set-doclint,install_packagelists/initjars,set-doclint/' \
+    -e '/<link offline/,+1d' \
+    -i build.xml
+ln -sf $(build-classpath oro) tools/java/jakarta-oro-2.0.8.jar
+ln -sf $(build-classpath glassfish-servlet-api) tools/java/geronimo-spec-servlet-2.4-rc4.jar
+ln -sf $(build-classpath javacc) tools/java/javacc.jar
+ln -sf $(build-classpath json_simple) tools/java/json_simple-1.1.jar
+ln -sf $(build-classpath junit) tools/java/junit.jar
+ln -sf $(build-classpath lucene4/lucene-core-4) tools/java/lucene-core.jar
+ln -sf $(build-classpath lucene4/lucene-analyzers-common-4) tools/java/lucene-analyzers-common.jar
+ln -sf $(build-classpath lucene4/lucene-queryparser-4) tools/java/lucene-queryparser.jar
+popd
+
+%build
+pushd db-derby-%{version}-src
+ant buildsource buildjars javadoc
+find maven2 -name pom.xml | xargs sed -i -e 's|ALPHA_VERSION|%{version}|'
+%mvn_artifact maven2/pom.xml
+for p in engine net client tools \
+    derbyLocale_cs derbyLocale_de_DE derbyLocale_es derbyLocale_fr derbyLocale_hu \
+    derbyLocale_it derbyLocale_ja_JP derbyLocale_ko_KR derbyLocale_pl derbyLocale_pt_BR \
+    derbyLocale_ru derbyLocale_zh_CN derbyLocale_zh_TW ; do
+  d=derby${p#derby}
+  %mvn_artifact maven2/${p}/pom.xml jars/sane/${d%engine}.jar
+done
+popd
+
+%install
+pushd db-derby-%{version}-src
+%mvn_install -J javadoc
+install -d $RPM_BUILD_ROOT%{_bindir}
+install -p -m755 %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/%{name}-ij
+for P in sysinfo NetworkServerControl startNetworkServer stopNetworkServer
+do
+        ln $RPM_BUILD_ROOT%{_bindir}/%{name}-ij \
+                $RPM_BUILD_ROOT%{_bindir}/%{name}-$P
+done
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -p -m 644 %{SOURCE2} \
+        $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
+install -dm 755 $RPM_BUILD_ROOT/var/lib/derby
+popd
+
+%pre
+getent group derby >/dev/null || groupadd -r derby
+getent passwd derby >/dev/null || \
+    useradd -r -g derby -d /var/lib/derby -s /sbin/nologin \
+    -c "Apache Derby service account" derby
+exit 0
+
+%post
+%systemd_post derby.service
+
+%preun
+%systemd_preun derby.service
+
+%postun
+%systemd_postun_with_restart derby.service
+
+%files -f  db-derby-%{version}-src/.mfiles
+%{_bindir}/*
+%doc db-%{name}-%{version}-src/published_api_overview.html
+%doc db-%{name}-%{version}-src/RELEASE-NOTES.html
+%doc db-%{name}-%{version}-src/README
+%{_unitdir}/%{name}.service
+%attr(755,derby,derby) %{_sharedstatedir}/%{name}
+%license db-derby-%{version}-src/LICENSE
+%license db-derby-%{version}-src/NOTICE
+
+%files javadoc -f db-derby-%{version}-src/.mfiles-javadoc
+%license db-derby-%{version}-src/LICENSE
+%license db-derby-%{version}-src/NOTICE
+
+%changelog
+* Fri Dec  1 2023 dillon chen <dillon.chen@gmail.com> - 10.14.2.0-1
+- Update to 10.14.2.0 for fix CVE-2023-48284(patch from debian)
+
+* Thu May 13 2021 lingsheng <lingsheng@huawei.com> - 10.13.1.1-3
+- Add requires javapackages-tools to fix derby service start
+
+* Wed Nov 11 2020 wangxiao <wangxiao65@huawei.com> - 10.13.1.1-2
+- fix CVE-2018-1313
+- a specially-crafted network packet can be used to request the
+- Derby Network Server to boot a database whose location and contents
+- are under the user's control.
+
+* Thu Jul 30 2020 leiju <leiju4@huawei.com> - 10.13.1.1-1
+- Package init

derby.yaml

@@ -0,0 +1,4 @@
+version_control: svn
+src_repo: https://svn.apache.org/repos/asf/db/derby/code/
+tag_prefix: "^"
+seperator: "."