packages/hibernate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:d3c029f5b6422061b1f7cb759c2c1124a3990e04
Branches Tags
packages:main
...
compare: packages:51d522214e842c8125a10723ce7403759604b6a4
Branches Tags
packages:main

11 Commits
d3c029f5b6 ... 51d522214e

Author SHA1 Message Date
openeuler-ci-bot
51d522214e
!30 [sync] PR-29: Add -Xmx4096m for riscv64 
From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2024-04-28 01:25:51 +00:00
Dingli Zhang
9241cccf0a Add -Xmx4096m for riscv64 
(cherry picked from commit 340d664f40c7ae2d1740c66b5f260afac0ce3dfd)
 2024-04-25 23:59:09 +08:00
openeuler-ci-bot
07d967c921
!28 [sync] PR-21: change source 
From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-04-01 02:27:54 +00:00
lyn1001
b0db7d27fe Change source 
(cherry picked from commit eb200d9f8bf7f65cd8d3c98a32397d0991dbb35c)
 2024-04-01 09:55:11 +08:00
openeuler-ci-bot
cd919f6665
!27 回退 'Pull Request !24 : Change source' 
From: @cherry530 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2024-04-01 01:52:28 +00:00
xu_ping
52e4767624
回退 'Pull Request !24 : Change source' 2024-03-29 07:15:01 +00:00
openeuler-ci-bot
cba1f59754
!24 Change source 
From: @yueyaoqiang 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-03-28 09:23:21 +00:00
openeuler-ci-bot
c032b5c656
!21 change source 
From: @lyn1001 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2022-11-09 10:35:21 +00:00
lyn1001
eb200d9f8b Change source 2022-11-09 17:23:06 +08:00
openeuler-ci-bot
2a1fc51336 !6 fix CVE-2019-14900 
From: @wang_yue111
Reviewed-by: @wangchong1995924
Signed-off-by: @wangchong1995924
 2021-03-22 09:44:28 +08:00
wang_yue111
da9512fc51 fix CVE-2019-14900 2021-03-19 11:50:33 +08:00
3 changed files with 62 additions and 2 deletions
Show Stats Expand all files Collapse all files

48
CVE-2019-14900.patch Normal file
View File

@ -0,0 +1,48 @@
From 64a0cec764bfdd93c5e3d57e9fc342bcc9824ea3 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Fri, 19 Mar 2021 11:45:31 +0800
Subject: [PATCH] fix CVE-2019-14900
---
.../expression/LiteralExpression.java | 20 +++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
index ac485b4..6125363 100644
--- a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
@@ -58,17 +58,25 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
return ':' + parameterName;
}
+ private String escapeLiteral(String literal) {
+ return literal.replace("'", "''");
+ }
+
+ private String inlineLiteral(String literal) {
+ return String.format( "\'%s\'", escapeLiteral( literal) );
+ }
+
@SuppressWarnings({ "unchecked" })
public String renderProjection(RenderingContext renderingContext) {
+ if ( ValueHandlerFactory.isCharacter( literal ) ) {
+ // In case literal is a Character, pass literal.toString() as the argument.
+ return inlineLiteral( literal.toString() );
+ }
+
// some drivers/servers do not like parameters in the select clause
final ValueHandlerFactory.ValueHandler handler =
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
- if ( ValueHandlerFactory.isCharacter( literal ) ) {
- return '\'' + handler.render( literal ) + '\'';
- }
- else {
- return handler.render( literal );
- }
+ return handler.render( literal );
}
@Override
--
2.23.0

BIN
hibernate-5.0.10.Final.tar.gz
View File

Binary file not shown.

16
hibernate.spec
View File

@ -5,7 +5,7 @@
Name: hibernate Name: hibernate
Summary: an easy-to-use and powerful object relational persistence framework for Java applications Summary: an easy-to-use and powerful object relational persistence framework for Java applications
Version: 5.0.10 Version: 5.0.10
Release: 7 Release: 10
License: LGPLv2+ and ASL 2.0 License: LGPLv2+ and ASL 2.0
URL: http://www.hibernate.org/ URL: http://www.hibernate.org/
@ -34,7 +34,7 @@ Source67: Bundle-Description-Name.txt
Source68: manifestFile.txt Source68: manifestFile.txt
Patch0000: CVE-2020-25638.patch Patch0000: CVE-2020-25638.patch
Patch0001: CVE-2019-14900.patch
BuildRequires: maven-local mvn(antlr:antlr) mvn(com.experlog:xapool) mvn(com.fasterxml:classmate) BuildRequires: maven-local mvn(antlr:antlr) mvn(com.experlog:xapool) mvn(com.fasterxml:classmate)
BuildRequires: mvn(com.mchange:c3p0) mvn(com.zaxxer:HikariCP) mvn(dom4j:dom4j) mvn(java_cup:java_cup) BuildRequires: mvn(com.mchange:c3p0) mvn(com.zaxxer:HikariCP) mvn(dom4j:dom4j) mvn(java_cup:java_cup)
BuildRequires: mvn(javax.enterprise:cdi-api) mvn(javax.validation:validation-api) mvn(junit:junit) BuildRequires: mvn(javax.enterprise:cdi-api) mvn(javax.validation:validation-api) mvn(junit:junit)
@ -151,6 +151,9 @@ done
%pom_disable_module hibernate-spatial %pom_disable_module hibernate-spatial
%build %build
%if "%{_arch}" == "riscv64"
export JAVA_TOOL_OPTIONS="-Xmx4096m"
%endif
%mvn_build -s -f -- -Dproject.build.sourceEncoding=UTF-8 %mvn_build -s -f -- -Dproject.build.sourceEncoding=UTF-8
%install %install
@ -164,6 +167,15 @@ done
%doc hibernate-osgi/README.md %doc hibernate-osgi/README.md
%changelog %changelog
* Wed Apr 10 2024 Dingli Zhang <dingli@iscas.ac.cn> - 5.0.10-10
- Add -Xmx4096m for riscv64
* Wed Nov 9 2022 liyanan <liyanan32@h-partners.com> - 5.0.10-9
- Change source
* Thu Mar 18 2021 wangyue<wangyue92@huawei.com> 5.0.10-8
- fix CVE-2019-14900
* Sat Dec 12 2020 zhangtao<zhangtao221@huawei.com> - 5.0.10-7 * Sat Dec 12 2020 zhangtao<zhangtao221@huawei.com> - 5.0.10-7
- CVE-2020-25638 - CVE-2020-25638