CVE-2019-14900.patch

@@ -1,48 +0,0 @@
-From 64a0cec764bfdd93c5e3d57e9fc342bcc9824ea3 Mon Sep 17 00:00:00 2001
-From: wang_yue111 <648774160@qq.com>
-Date: Fri, 19 Mar 2021 11:45:31 +0800
-Subject: [PATCH] fix CVE-2019-14900
-
----
- .../expression/LiteralExpression.java         | 20 +++++++++++++------
- 1 file changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
-index ac485b4..6125363 100644
---- a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
-+++ b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
-@@ -58,17 +58,25 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
- 		return ':' + parameterName;
- 	}
- 
-+	private String escapeLiteral(String literal) {
-+		return literal.replace("'", "''");
-+	}
-+
-+	private String inlineLiteral(String literal) {
-+		return String.format( "\'%s\'", escapeLiteral( literal) );
-+	}
-+
- 	@SuppressWarnings({ "unchecked" })
- 	public String renderProjection(RenderingContext renderingContext) {
-+		if ( ValueHandlerFactory.isCharacter( literal ) ) {
-+			// In case literal is a Character, pass literal.toString() as the argument.
-+			return inlineLiteral( literal.toString() );
-+		}
-+
- 		// some drivers/servers do not like parameters in the select clause
- 		final ValueHandlerFactory.ValueHandler handler =
- 				ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
--		if ( ValueHandlerFactory.isCharacter( literal ) ) {
--			return '\'' + handler.render( literal ) + '\'';
--		}
--		else {
--			return handler.render( literal );
--		}
-+		return handler.render( literal );
- 	}
- 
- 	@Override
--- 
-2.23.0
-

hibernate.spec

@@ -5,7 +5,7 @@
 Name:          hibernate
 Summary:       an easy-to-use and powerful object relational persistence framework for Java applications
 Version:       5.0.10
-Release:       10
+Release:       7
 License:       LGPLv2+ and ASL 2.0
 URL:           http://www.hibernate.org/
 
@@ -34,7 +34,7 @@ Source67:      Bundle-Description-Name.txt
 Source68:      manifestFile.txt
 
 Patch0000:     CVE-2020-25638.patch
-Patch0001:     CVE-2019-14900.patch
+
 BuildRequires: maven-local mvn(antlr:antlr) mvn(com.experlog:xapool) mvn(com.fasterxml:classmate)
 BuildRequires: mvn(com.mchange:c3p0) mvn(com.zaxxer:HikariCP) mvn(dom4j:dom4j) mvn(java_cup:java_cup)
 BuildRequires: mvn(javax.enterprise:cdi-api) mvn(javax.validation:validation-api) mvn(junit:junit)
@@ -151,9 +151,6 @@ done
 %pom_disable_module hibernate-spatial
 
 %build
-%if "%{_arch}" == "riscv64"
-export JAVA_TOOL_OPTIONS="-Xmx4096m"
-%endif
 %mvn_build -s -f -- -Dproject.build.sourceEncoding=UTF-8
 
 %install
@@ -167,15 +164,6 @@ export JAVA_TOOL_OPTIONS="-Xmx4096m"
 %doc hibernate-osgi/README.md
 
 %changelog
-* Wed Apr 10 2024 Dingli Zhang <dingli@iscas.ac.cn> - 5.0.10-10
-- Add -Xmx4096m for riscv64
-
-* Wed Nov 9 2022 liyanan <liyanan32@h-partners.com>  - 5.0.10-9
-- Change source
-
-* Thu Mar 18 2021 wangyue<wangyue92@huawei.com>  5.0.10-8
-- fix CVE-2019-14900
-
 * Sat Dec 12 2020  zhangtao<zhangtao221@huawei.com> - 5.0.10-7
 - CVE-2020-25638