From 5385af196033f5b1b04502dcaa6ca83270020c23 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Fri, 22 Jan 2021 12:21:50 +0800
Subject: [PATCH] fix cves

---
 CVE-2020-36179-36180-36181-36182.patch        | 74 +++++++++++++++++++
 CVE-2020-36183.patch                          | 26 +++++++
 ...tch => CVE-2020-36184-CVE-2020-36185.patch |  0
 CVE-2020-36187-CVE-2020-36186.patch           | 28 +++++++
 CVE-2020-36188-CVE-2020-36189.patch           | 28 +++++++
 jackson-databind.spec                         | 14 +++-
 6 files changed, 168 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2020-36179-36180-36181-36182.patch
 create mode 100644 CVE-2020-36183.patch
 rename CVE-2020-36185.patch => CVE-2020-36184-CVE-2020-36185.patch (100%)
 create mode 100644 CVE-2020-36187-CVE-2020-36186.patch
 create mode 100644 CVE-2020-36188-CVE-2020-36189.patch

diff --git a/CVE-2020-36179-36180-36181-36182.patch b/CVE-2020-36179-36180-36181-36182.patch
new file mode 100644
index 0000000..014e182
--- /dev/null
+++ b/CVE-2020-36179-36180-36181-36182.patch
@@ -0,0 +1,74 @@
+From 3d55f744ac2ce771ddf7e9da2a55b1955c035f6d Mon Sep 17 00:00:00 2001
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Fri, 22 Jan 2021 10:45:32 +0800
+Subject: [PATCH] Fixed #3004
+
+---
+ .../jsontype/impl/SubTypeValidator.java        | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index 2be6d49..db6866d 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -118,9 +118,12 @@ public class SubTypeValidator
+         // [databind#2704]: xalan2
+         s.add("com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool");
+ 
+-        // [databind#2478]: comons-dbcp, p6spy
++	// [databind#2478]: commons-dbcp 1.x, p6spy
++	// [databind#3004]: commons-dbcp 1.x
++	s.add("org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS");
+         s.add("org.apache.commons.dbcp.datasources.PerUserPoolDataSource");
+         s.add("org.apache.commons.dbcp.datasources.SharedPoolDataSource");
++
+         s.add("com.p6spy.engine.spy.P6DataSource");
+ 
+         // [databind#2498]: log4j-extras (1.2)
+@@ -184,9 +187,9 @@ public class SubTypeValidator
+         // [databind#2682]: commons-jelly
+         s.add("org.apache.commons.jelly.impl.Embedded");
+ 
+-        // [databind#2688]: apache/drill
++	// [databind#2688], [databind#3004]: apache/drill
+         s.add("oadd.org.apache.xalan.lib.sql.JNDIConnectionPool");
+-
++	s.add("oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS");
+         // [databind#2698]: weblogic w/ oracle/aq-jms
+         // (note: dependency not available via Maven Central, but as part of
+         // weblogic installation, possibly fairly old version(s))
+@@ -202,16 +205,18 @@ public class SubTypeValidator
+         // [databind#2798]: com.pastdev.httpcomponents:
+         s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
+         
+-        // [databind#2986]: dbcp2
++	// [databind#2986], [databind#3004]: dbcp2
+         s.add("org.apache.commons.dbcp2.datasources.PerUserPoolDataSource");
+         s.add("org.apache.commons.dbcp2.datasources.SharedPoolDataSource");
++	s.add("org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS");
+ 
+         // [databind#2999]: org.glassfish.web/javax.servlet.jsp.jstl (embedded Xalan)
+         // (derivative of #2469)
+         s.add("com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool");
+ 
+-	// [databind#2998]: org.apache.tomcat/tomcat-dbcp (embedded dbcp 2.x)
++	// [databind#2998]/[databind#3004]: org.apache.tomcat/tomcat-dbcp (embedded dbcp 2.x)
+ 	// (derivative of #2478)
++	s.add("org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS");
+ 	s.add("org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource");
+ 	s.add("org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource");
+ 
+@@ -220,8 +225,9 @@ public class SubTypeValidator
+ 	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource");
+ 	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource");
+ 
+-	// [databind#2997]: tomcat/naming-factory-dbcp (embedded dbcp 1.x)
++	// [databind#2997]/[databind#3004]: tomcat/naming-factory-dbcp (embedded dbcp 1.x)
+ 	// (derivative of #2478)
++	s.add("org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS");
+ 	s.add("org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource");
+ 	s.add("org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource");
+ 
+-- 
+2.23.0
+
diff --git a/CVE-2020-36183.patch b/CVE-2020-36183.patch
new file mode 100644
index 0000000..5e6fd04
--- /dev/null
+++ b/CVE-2020-36183.patch
@@ -0,0 +1,26 @@
+From ed90729275eb5e97357728667de9008a5c3cf9a7 Mon Sep 17 00:00:00 2001
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Fri, 22 Jan 2021 14:53:17 +0800
+Subject: [PATCH] Fixed #3003
+
+---
+ .../jackson/databind/jsontype/impl/SubTypeValidator.java       | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index db6866d..91ce229 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -214,6 +214,9 @@ public class SubTypeValidator
+         // (derivative of #2469)
+         s.add("com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool");
+ 
++	// [databind#3003]: another case of embedded Xalan (derivative of #2469)
++	s.add("org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool");
++
+ 	// [databind#2998]/[databind#3004]: org.apache.tomcat/tomcat-dbcp (embedded dbcp 2.x)
+ 	// (derivative of #2478)
+ 	s.add("org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS");
+-- 
+2.23.0
+
diff --git a/CVE-2020-36185.patch b/CVE-2020-36184-CVE-2020-36185.patch
similarity index 100%
rename from CVE-2020-36185.patch
rename to CVE-2020-36184-CVE-2020-36185.patch
diff --git a/CVE-2020-36187-CVE-2020-36186.patch b/CVE-2020-36187-CVE-2020-36186.patch
new file mode 100644
index 0000000..9a911a3
--- /dev/null
+++ b/CVE-2020-36187-CVE-2020-36186.patch
@@ -0,0 +1,28 @@
+From 706f47b898fcc614447ad8c97276df12f9a9f391 Mon Sep 17 00:00:00 2001
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Thu, 21 Jan 2021 15:32:20 +0800
+Subject: [PATCH] Fixed #2997
+
+---
+ .../jackson/databind/jsontype/impl/SubTypeValidator.java     | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index 94f2b95..2be6d49 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -220,6 +220,11 @@ public class SubTypeValidator
+ 	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource");
+ 	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource");
+ 
++	// [databind#2997]: tomcat/naming-factory-dbcp (embedded dbcp 1.x)
++	// (derivative of #2478)
++	s.add("org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource");
++	s.add("org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource");
++
+         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
+     }
+ 
+-- 
+2.23.0
+
diff --git a/CVE-2020-36188-CVE-2020-36189.patch b/CVE-2020-36188-CVE-2020-36189.patch
new file mode 100644
index 0000000..9776230
--- /dev/null
+++ b/CVE-2020-36188-CVE-2020-36189.patch
@@ -0,0 +1,28 @@
+From 506ad31e38a80f2862d85aa385c88496b3d341cb Mon Sep 17 00:00:00 2001
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Thu, 21 Jan 2021 15:26:02 +0800
+Subject: [PATCH] Fixed #2996
+
+---
+ .../jackson/databind/jsontype/impl/SubTypeValidator.java     | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index 9df94ec..94f2b95 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -215,6 +215,11 @@ public class SubTypeValidator
+ 	s.add("org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource");
+ 	s.add("org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource");
+ 
++	// [databind#2996]: newrelic-agent + embedded-logback-core
++	// (derivative of #2334 and #2389)
++	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource");
++	s.add("com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource");
++
+         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
+     }
+ 
+-- 
+2.23.0
+
diff --git a/jackson-databind.spec b/jackson-databind.spec
index a9aedd2..b5da6e0 100644
--- a/jackson-databind.spec
+++ b/jackson-databind.spec
@@ -1,6 +1,6 @@
 Name:                jackson-databind
 Version:             2.9.8
-Release:             5
+Release:             6
 Summary:             General data-binding package for Jackson (2.x)
 License:             ASL 2.0 and LGPLv2+
 URL:                 https://github.com/FasterXML/jackson-databind/
@@ -40,7 +40,12 @@ Patch0031:           CVE-2020-24616.patch
 Patch0032:           CVE-2020-25649.patch
 Patch0033:           CVE-2020-35490-CVE-2020-35491.patch
 Patch0034:           CVE-2020-35728.patch
-Patch0035:           CVE-2020-36185.patch
+Patch0035:           CVE-2020-36184-CVE-2020-36185.patch
+Patch0036:           CVE-2020-36188-CVE-2020-36189.patch
+Patch0037:           CVE-2020-36187-CVE-2020-36186.patch
+#The CVE-2020-36179-36180-36181-36182.patch is used to fix CVE-2020-36179 and CVE-2020-36180 and CVE-2020-36181 and CVE-2020-36182
+Patch0038:           CVE-2020-36179-36180-36181-36182.patch
+Patch0039:           CVE-2020-36183.patch
 
 BuildRequires:       maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
 BuildRequires:       mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
@@ -93,6 +98,11 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest
 %license LICENSE NOTICE
 
 %changelog
+* Fri Jan 22 2021 wangyue <wangyue92@huawei.com> - 2.9.8-6
+- fix CVE-2020-36179 CVE-2020-36180 CVE-2020-36181
+  CVE-2020-36182 CVE-2020-36188 CVE-2020-36189
+  CVE-2020-36187 CVE-2020-36186 CVE-2020-36184 CVE-2020-36183
+
 * Mon Jan 18 2021 wangyue <wangyue92@huaweo.com> - 2.9.8-5
 - fix CVE-2020-36185
 
-- 
Gitee