Christoph Berg pushed to branch master at Debian Java Maintainers / libpostgresql-jdbc-java
Commits: 8c6b8af7 by Christoph Berg at 2026-06-30T11:17:33+02:00 New upstream version 42.7.12 - - - - - 3fae30e5 by Christoph Berg at 2026-06-30T11:17:36+02:00 Update upstream source from tag 'upstream/42.7.12' Update to upstream version '42.7.12' with Debian dir f8467ebe7e01a435dd511e33b6832b19da1fef23 - - - - - 51d5cc78 by Christoph Berg at 2026-06-30T09:20:36+00:00 New upstream version 42.7.12. - - - - - 5 changed files: - debian/changelog - pom.xml - src/main/java/org/postgresql/core/v3/ScramAuthenticator.java - src/main/java/org/postgresql/util/DriverInfo.java - src/main/resources/META-INF/MANIFEST.MF Changes: ===================================== debian/changelog ===================================== @@ -1,8 +1,9 @@ -libpgjava (42.7.11-2) UNRELEASED; urgency=medium +libpgjava (42.7.12-1) unstable; urgency=medium + * New upstream version 42.7.12. * Switch to Static-Built-Using. - -- Christoph Berg <[email protected]> Sat, 13 Jun 2026 18:56:34 +0200 + -- Christoph Berg <[email protected]> Tue, 30 Jun 2026 11:17:37 +0200 libpgjava (42.7.11-1) unstable; urgency=medium ===================================== pom.xml ===================================== @@ -8,7 +8,7 @@ <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> - <version>42.7.11</version> + <version>42.7.12</version> <packaging>jar</packaging> <name>PostgreSQL JDBC Driver - JDBC 4.2</name> <description>Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database</description> ===================================== src/main/java/org/postgresql/core/v3/ScramAuthenticator.java ===================================== @@ -62,6 +62,15 @@ final class ScramAuthenticator { .stringPreparation(StringPreparation.POSTGRESQL_PREPARATION) .build(); + // channelBinding=require must never silently downgrade: regardless of how negotiation + // resolved, the selected mechanism must actually use channel binding (a -PLUS mechanism). + if (channelBinding == ChannelBinding.REQUIRE && !client.getScramMechanism().isPlus()) { + throw new PSQLException( + GT.tr("Channel Binding is required, but the negotiated SCRAM mechanism \"{0}\" " + + "does not use channel binding.", client.getScramMechanism().getName()), + PSQLState.CONNECTION_REJECTED); + } + LOGGER.log(Level.FINEST, () -> " Using SCRAM mechanism: " + client.getScramMechanism().getName()); return client; @@ -111,7 +120,22 @@ final class ScramAuthenticator { Certificate peerCert = certificates[0]; // First certificate is the peer's certificate if (peerCert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) peerCert; - return TlsServerEndpoint.getChannelBindingData(cert); + byte[] cbindData = TlsServerEndpoint.getChannelBindingData(cert); + if (cbindData.length > 0) { + return cbindData; + } + // An empty result means no channel binding hash could be derived from the + // certificate signature algorithm: for example Ed25519 has no associated hash + // under RFC 5929 tls-server-end-point. Under REQUIRE this must fail rather than + // silently downgrade to a non-PLUS mechanism. + if (channelBinding == ChannelBinding.REQUIRE) { + throw new PSQLException( + GT.tr("Channel Binding is required, but the server certificate signature " + + "algorithm \"{0}\" does not support tls-server-end-point channel " + + "binding (RFC 5929). Use a server certificate signed with RSA or ECDSA.", + cert.getSigAlgName()), + PSQLState.CONNECTION_REJECTED); + } } } } catch (CertificateEncodingException | SSLPeerUnverifiedException e) { ===================================== src/main/java/org/postgresql/util/DriverInfo.java ===================================== @@ -16,13 +16,13 @@ public final class DriverInfo { // Driver name public static final String DRIVER_NAME = "PostgreSQL JDBC Driver"; public static final String DRIVER_SHORT_NAME = "PgJDBC"; - public static final String DRIVER_VERSION = "42.7.11"; + public static final String DRIVER_VERSION = "42.7.12"; public static final String DRIVER_FULL_NAME = DRIVER_NAME + " " + DRIVER_VERSION; // Driver version public static final int MAJOR_VERSION = 42; public static final int MINOR_VERSION = 7; - public static final int PATCH_VERSION = 11; + public static final int PATCH_VERSION = 12; // JDBC specification public static final String JDBC_VERSION = "4.2"; ===================================== src/main/resources/META-INF/MANIFEST.MF ===================================== @@ -1,7 +1,7 @@ Manifest-Version: 1.0 Bundle-License: BSD-2-Clause Implementation-Title: PostgreSQL JDBC Driver -Implementation-Version: 42.7.11 +Implementation-Version: 42.7.12 Specification-Vendor: Oracle Corporation Specification-Version: 4.2 Specification-Title: JDBC View it on GitLab: https://salsa.debian.org/java-team/libpostgresql-jdbc-java/-/compare/162a5db56005788646427995670b2a7f3e072b7b...51d5cc78837b46a437e87abd5843a1fb78244e4c -- View it on GitLab: https://salsa.debian.org/java-team/libpostgresql-jdbc-java/-/compare/162a5db56005788646427995670b2a7f3e072b7b...51d5cc78837b46a437e87abd5843a1fb78244e4c You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits

