[Spacewalk-devel] [PATCH] CVEs missing in the security patches listing (on Oracle 11)
Hey,
apparently the method getColumnLabel() of class ResultSetMetaData returns the
column
label in uppercase with Oracle 11 (using ojdbc5.jar). Therefore an
equals(cve) in
SecurityErrataOverview.java is not sufficient anymore and leads to an empty
CVEs
column in the listing of relevant security errata:
https://hostname/rhn/errata/RelevantSecurityErrata.do
The attached patch fixes the problem by replacing equals with
equalsIgnoreCase().
Regards,
Johannes
--
SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg)
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
From dd9bf777412f470c7a8fee58408b495036f0d55b Mon Sep 17 00:00:00 2001
From: Johannes Renner jren...@suse.de
Date: Fri, 17 Aug 2012 12:06:49 +0200
Subject: [PATCH] Fix missing CVEs in patches listing with Oracle 11
---
.../rhn/frontend/dto/SecurityErrataOverview.java |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/java/code/src/com/redhat/rhn/frontend/dto/SecurityErrataOverview.java b/java/code/src/com/redhat/rhn/frontend/dto/SecurityErrataOverview.java
index 070d561..62a0db1 100644
--- a/java/code/src/com/redhat/rhn/frontend/dto/SecurityErrataOverview.java
+++ b/java/code/src/com/redhat/rhn/frontend/dto/SecurityErrataOverview.java
@@ -52,7 +52,7 @@ public class SecurityErrataOverview extends ErrataOverview
// expected errata_cves_elab returns 2 columns
if (columnCount 3) {
for (int i = 1; i = columnCount; i++) {
-if (meta.getColumnLabel(i).equals(cve)) {
+if (meta.getColumnLabel(i).equalsIgnoreCase(cve)) {
String cve = rs.getString(cve);
if (cve != null) {
addCve(cve);
--
1.7.7
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] CVEs missing in the security patches listing (on Oracle 11)
On Fri, Aug 17, 2012 at 01:02:38PM +0200, Johannes Renner wrote: Hey, apparently the method getColumnLabel() of class ResultSetMetaData returns the column label in uppercase with Oracle 11 (using ojdbc5.jar). Therefore an equals(cve) in SecurityErrataOverview.java is not sufficient anymore and leads to an empty CVEs column in the listing of relevant security errata: Is there a configuration (session level or something) option which would make it lowercase? Because I assume that if this is the case, we will have many more places where we simply expect the column name to be lowercase, so I'd rather make getColumnLabel keep its old behaviour. -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] CVEs missing in the security patches listing (on Oracle 11)
On 08/17/2012 01:20 PM, Jan Pazdziora wrote: On Fri, Aug 17, 2012 at 01:02:38PM +0200, Johannes Renner wrote: Hey, apparently the method getColumnLabel() of class ResultSetMetaData returns the column label in uppercase with Oracle 11 (using ojdbc5.jar). Therefore an equals(cve) in SecurityErrataOverview.java is not sufficient anymore and leads to an empty CVEs column in the listing of relevant security errata: Is there a configuration (session level or something) option which would make it lowercase? Because I assume that if this is the case, we will have many more places where we simply expect the column name to be lowercase, so I'd rather make getColumnLabel keep its old behaviour. Not that I would be aware of such an option. Further note that this is the only call to getColumnLabel/getColumnName, at least in the Java parts of spacewalk. Not sure about similar stuff in Python, Perl and others, but I don't think this would cause so many additional problems. Another possible fix that I just tried does unfortunately not fix the problem: I saw that in the elaborator query CVE is written in uppercase, so I lowercased it there, but it doesn't work (see errata_cves_elab in Errata_queries.xml). The Oracle seems to return it in uppercase anyways, no matter how it is written in the query ... -- SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] CVEs missing in the security patches listing (on Oracle 11)
On Friday 17 of August 2012 15:58:47 Johannes Renner wrote: On 08/17/2012 01:20 PM, Jan Pazdziora wrote: On Fri, Aug 17, 2012 at 01:02:38PM +0200, Johannes Renner wrote: Hey, apparently the method getColumnLabel() of class ResultSetMetaData returns the column label in uppercase with Oracle 11 (using ojdbc5.jar). Therefore an equals(cve) in SecurityErrataOverview.java is not sufficient anymore and leads to an empty CVEs column in the listing of relevant security errata: Is there a configuration (session level or something) option which would make it lowercase? Because I assume that if this is the case, we will have many more places where we simply expect the column name to be lowercase, so I'd rather make getColumnLabel keep its old behaviour. Not that I would be aware of such an option. Further note that this is the only call to getColumnLabel/getColumnName, at least in the Java parts of spacewalk. Not sure about similar stuff in Python, Perl and others, but I don't think this would cause so many additional problems. Another possible fix that I just tried does unfortunately not fix the problem: I saw that in the elaborator query CVE is written in uppercase, so I lowercased it there, but it doesn't work (see errata_cves_elab in Errata_queries.xml). The Oracle seems to return it in uppercase anyways, no matter how it is written in the query ... Committed as: b03a36a09edf0cc26a97621ec88502a83bae6f34 Thank you, Johannes. Tomas -- Tomas Lestach RHN Satellite Engineering ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
