diff --git a/disable-ConnectTimeoutTest.patch b/disable-ConnectTimeoutTest.patch deleted file mode 100644 index 3c42f1e..0000000 --- a/disable-ConnectTimeoutTest.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java -index 01d9fbf..f0c956d 100644 ---- a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java -+++ b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/Jdbc2TestSuite.java -@@ -47,7 +47,7 @@ import org.junit.runners.Suite; - CommandCompleteParserTest.class, - ConcurrentStatementFetch.class, - ConnectionTest.class, -- ConnectTimeoutTest.class, -+ // ConnectTimeoutTest.class, - CopyLargeFileTest.class, - CopyTest.class, - CursorFetchTest.class, diff --git a/postgresql-jdbc.spec b/postgresql-jdbc.spec index decd722..63e1119 100644 --- a/postgresql-jdbc.spec +++ b/postgresql-jdbc.spec @@ -50,18 +50,20 @@ %global parent_poms_builddir ./pgjdbc-parent-poms %global pgjdbc_mvn_options -DwaffleEnabled=false -DosgiEnabled=false \\\ - -DexcludePackageNames=org.postgresql.osgi:org.postgresql.sspi -Dmaven.javadoc.skip=true + -DexcludePackageNames=org.postgresql.osgi:org.postgresql.sspi Summary: JDBC driver for PostgreSQL Name: postgresql-jdbc Version: 42.2.12 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD URL: http://jdbc.postgresql.org/ Source0: https://github.com/pgjdbc/pgjdbc/archive/REL%{version}/pgjdbc-REL%{version}.tar.gz Provides: pgjdbc = %version-%release +Patch0: remove-SSPIClient.patch + # Upstream moved parent pom.xml into separate project (even though there is only # one dependant project on it?). Let's try to not complicate packaging by # having separate spec file for it, too. @@ -75,9 +77,12 @@ BuildRequires: maven-enforcer-plugin BuildRequires: maven-plugin-bundle BuildRequires: maven-plugin-build-helper BuildRequires: classloader-leak-test-framework +BuildRequires: jna BuildRequires: mvn(com.ongres.scram:client) BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin) +BuildRequires: mvn(org.osgi:osgi.cmpn) +BuildRequires: mvn(org.osgi:osgi.core) %if %runselftest BuildRequires: postgresql-contrib @@ -108,6 +113,8 @@ This package contains the API Documentation for %{name}. mv pgjdbc-REL%version/* . mv pgjdbc-parent-poms-REL%parent_ver pgjdbc-parent-poms +%patch0 -p1 + # remove any binary libs find -name "*.jar" -or -name "*.class" | xargs rm -f @@ -121,6 +128,10 @@ find -name "*.jar" -or -name "*.class" | xargs rm -f %pom_remove_plugin :properties-maven-plugin pgjdbc-parent-poms/pgjdbc-core-parent %pom_remove_plugin :properties-maven-plugin pgjdbc-parent-poms/pgjdbc-versions +%pom_add_dep org.osgi:osgi.cmpn +%pom_add_dep org.osgi:osgi.core +%pom_add_dep net.java.dev.jna:jna + # compat symlink: requested by dtardon (libreoffice), reverts part of # 0af97ce32de877 commit. @@ -171,7 +182,7 @@ EOF opts="-f" %endif -%mvn_build $opts -- %pgjdbc_mvn_options +%mvn_build $opts --xmvn-javadoc -- %pgjdbc_mvn_options %install @@ -183,11 +194,15 @@ opts="-f" %doc README.md -#%files javadoc -f .mfiles-javadoc +%files javadoc -f .mfiles-javadoc %license LICENSE %changelog +* Fri Jul 24 2020 Ondrej Dubaj - 42.2.12-3 +- fixed javadoc build problem + added missing dependencies +- remove SSPIClient for windows API + * Sat Jul 11 2020 Jiri Vanek - 42.2.12-2 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 diff --git a/remove-SSPIClient.patch b/remove-SSPIClient.patch new file mode 100644 index 0000000..e9ea635 --- /dev/null +++ b/remove-SSPIClient.patch @@ -0,0 +1,248 @@ +diff --git a/pgjdbc/src/main/java/org/postgresql/sspi/SSPIClient.java b/pgjdbc/src/main/java/org/postgresql/sspi/SSPIClient.java +deleted file mode 100644 +index b6c47b8..0000000 +--- a/pgjdbc/src/main/java/org/postgresql/sspi/SSPIClient.java ++++ /dev/null +@@ -1,242 +0,0 @@ +-/* +- * Copyright (c) 2003, PostgreSQL Global Development Group +- * See the LICENSE file in the project root for more information. +- */ +-// Copyright (c) 2004, Open Cloud Limited. +- +-package org.postgresql.sspi; +- +-import org.postgresql.core.PGStream; +-import org.postgresql.util.HostSpec; +-import org.postgresql.util.PSQLException; +-import org.postgresql.util.PSQLState; +- +-import com.sun.jna.LastErrorException; +-import com.sun.jna.Platform; +-import com.sun.jna.platform.win32.Sspi; +-import com.sun.jna.platform.win32.Sspi.SecBufferDesc; +-import com.sun.jna.platform.win32.Win32Exception; +-import waffle.windows.auth.IWindowsCredentialsHandle; +-import waffle.windows.auth.impl.WindowsCredentialsHandleImpl; +-import waffle.windows.auth.impl.WindowsSecurityContextImpl; +- +-import java.io.IOException; +-import java.sql.SQLException; +-import java.util.logging.Level; +-import java.util.logging.Logger; +- +-/** +- *

Use Waffle-JNI to support SSPI authentication when PgJDBC is running on a Windows client and +- * talking to a Windows server.

+- * +- *

SSPI is not supported on a non-Windows client.

+- * +- * @author craig +- */ +-public class SSPIClient implements ISSPIClient { +- +- public static final String SSPI_DEFAULT_SPN_SERVICE_CLASS = "POSTGRES"; +- +- private static final Logger LOGGER = Logger.getLogger(SSPIClient.class.getName()); +- private final PGStream pgStream; +- private final String spnServiceClass; +- private final boolean enableNegotiate; +- +- private IWindowsCredentialsHandle clientCredentials; +- private WindowsSecurityContextImpl sspiContext; +- private String targetName; +- +- /** +- *

Instantiate an SSPIClient for authentication of a connection.

+- * +- *

SSPIClient is not re-usable across connections.

+- * +- *

It is safe to instantiate SSPIClient even if Waffle and JNA are missing or on non-Windows +- * platforms, however you may not call any methods other than isSSPISupported().

+- * +- * @param pgStream PostgreSQL connection stream +- * @param spnServiceClass SSPI SPN service class, defaults to POSTGRES if null +- * @param enableNegotiate enable negotiate +- */ +- public SSPIClient(PGStream pgStream, String spnServiceClass, boolean enableNegotiate) { +- this.pgStream = pgStream; +- +- if (spnServiceClass == null || spnServiceClass.isEmpty()) { +- spnServiceClass = SSPI_DEFAULT_SPN_SERVICE_CLASS; +- } +- this.spnServiceClass = spnServiceClass; +- +- /* If we're forcing Kerberos (no spnego), disable SSPI negotiation */ +- this.enableNegotiate = enableNegotiate; +- } +- +- /** +- * Test whether we can attempt SSPI authentication. If false, do not attempt to call any other +- * SSPIClient methods. +- * +- * @return true if it's safe to attempt SSPI authentication +- */ +- @Override +- public boolean isSSPISupported() { +- try { +- /* +- * SSPI is windows-only. Attempt to use JNA to identify the platform. If Waffle is missing we +- * won't have JNA and this will throw a NoClassDefFoundError. +- */ +- if (!Platform.isWindows()) { +- LOGGER.log(Level.FINE, "SSPI not supported: non-Windows host"); +- return false; +- } +- /* Waffle must be on the CLASSPATH */ +- Class.forName("waffle.windows.auth.impl.WindowsSecurityContextImpl"); +- return true; +- } catch (NoClassDefFoundError ex) { +- LOGGER.log(Level.WARNING, "SSPI unavailable (no Waffle/JNA libraries?)", ex); +- return false; +- } catch (ClassNotFoundException ex) { +- LOGGER.log(Level.WARNING, "SSPI unavailable (no Waffle/JNA libraries?)", ex); +- return false; +- } +- } +- +- private String makeSPN() throws PSQLException { +- final HostSpec hs = pgStream.getHostSpec(); +- +- try { +- /* +- The GSSAPI implementation does not use the port in the service name. +- Force the port number to 0 +- Fixes issue 1482 +- */ +- return NTDSAPIWrapper.instance.DsMakeSpn(spnServiceClass, hs.getHost(), null, +- (short) 0, null); +- } catch (LastErrorException ex) { +- throw new PSQLException("SSPI setup failed to determine SPN", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT, ex); +- } +- } +- +- /** +- * Respond to an authentication request from the back-end for SSPI authentication (AUTH_REQ_SSPI). +- * +- * @throws SQLException on SSPI authentication handshake failure +- * @throws IOException on network I/O issues +- */ +- @Override +- public void startSSPI() throws SQLException, IOException { +- +- /* +- * We usually use SSPI negotiation (spnego), but it's disabled if the client asked for GSSPI and +- * usespngo isn't explicitly turned on. +- */ +- final String securityPackage = enableNegotiate ? "negotiate" : "kerberos"; +- +- LOGGER.log(Level.FINEST, "Beginning SSPI/Kerberos negotiation with SSPI package: {0}", securityPackage); +- +- try { +- /* +- * Acquire a handle for the local Windows login credentials for the current user +- * +- * See AcquireCredentialsHandle +- * (http://msdn.microsoft.com/en-us/library/windows/desktop/aa374712%28v=vs.85%29.aspx) +- * +- * This corresponds to pg_SSPI_startup in libpq/fe-auth.c . +- */ +- try { +- clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); +- clientCredentials.initialize(); +- } catch (Win32Exception ex) { +- throw new PSQLException("Could not obtain local Windows credentials for SSPI", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT /* TODO: Should be authentication error */, ex); +- } +- +- try { +- targetName = makeSPN(); +- +- LOGGER.log(Level.FINEST, "SSPI target name: {0}", targetName); +- +- sspiContext = new WindowsSecurityContextImpl(); +- sspiContext.setPrincipalName(targetName); +- sspiContext.setCredentialsHandle(clientCredentials); +- sspiContext.setSecurityPackage(securityPackage); +- sspiContext.initialize(null, null, targetName); +- } catch (Win32Exception ex) { +- throw new PSQLException("Could not initialize SSPI security context", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT /* TODO: Should be auth error */, ex); +- } +- +- sendSSPIResponse(sspiContext.getToken()); +- LOGGER.log(Level.FINEST, "Sent first SSPI negotiation message"); +- } catch (NoClassDefFoundError ex) { +- throw new PSQLException( +- "SSPI cannot be used, Waffle or its dependencies are missing from the classpath", +- PSQLState.NOT_IMPLEMENTED, ex); +- } +- } +- +- /** +- * Continue an existing authentication conversation with the back-end in resonse to an +- * authentication request of type AUTH_REQ_GSS_CONT. +- * +- * @param msgLength Length of message to read, excluding length word and message type word +- * @throws SQLException if something wrong happens +- * @throws IOException if something wrong happens +- */ +- @Override +- public void continueSSPI(int msgLength) throws SQLException, IOException { +- +- if (sspiContext == null) { +- throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin"); +- } +- +- LOGGER.log(Level.FINEST, "Continuing SSPI negotiation"); +- +- /* Read the response token from the server */ +- byte[] receivedToken = pgStream.receive(msgLength); +- +- SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, receivedToken); +- +- sspiContext.initialize(sspiContext.getHandle(), continueToken, targetName); +- +- /* +- * Now send the response token. If negotiation is complete there may be zero bytes to send, in +- * which case we shouldn't send a reply as the server is not expecting one; see fe-auth.c in +- * libpq for details. +- */ +- byte[] responseToken = sspiContext.getToken(); +- if (responseToken.length > 0) { +- sendSSPIResponse(responseToken); +- LOGGER.log(Level.FINEST, "Sent SSPI negotiation continuation message"); +- } else { +- LOGGER.log(Level.FINEST, "SSPI authentication complete, no reply required"); +- } +- } +- +- private void sendSSPIResponse(byte[] outToken) throws IOException { +- /* +- * The sspiContext now contains a token we can send to the server to start the handshake. Send a +- * 'password' message containing the required data; the server knows we're doing SSPI +- * negotiation and will deal with it appropriately. +- */ +- pgStream.sendChar('p'); +- pgStream.sendInteger4(4 + outToken.length); +- pgStream.send(outToken); +- pgStream.flush(); +- } +- +- /** +- * Clean up native win32 resources after completion or failure of SSPI authentication. This +- * SSPIClient instance becomes unusable after disposal. +- */ +- @Override +- public void dispose() { +- if (sspiContext != null) { +- sspiContext.dispose(); +- sspiContext = null; +- } +- if (clientCredentials != null) { +- clientCredentials.dispose(); +- clientCredentials = null; +- } +- } +-}