diff options
| author | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
| commit | cb7095580ab18262f02e705d5ca622063ac42137 (patch) | |
| tree | 80c7435d598076d59e5b3c15db33a97bd3db4769 /databases/postgresql92 | |
| parent | 5bf004b2cbb9e7c089d7faa3e34b43a29e725d81 (diff) | |
| download | pkgsrc-cb7095580ab18262f02e705d5ca622063ac42137.tar.gz | |
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Diffstat (limited to 'databases/postgresql92')
| -rw-r--r-- | databases/postgresql92/Makefile.common | 4 | ||||
| -rw-r--r-- | databases/postgresql92/distinfo | 10 | ||||
| -rw-r--r-- | databases/postgresql92/patches/patch-contrib_dblink_dblink.c | 6 |
3 files changed, 10 insertions, 10 deletions
diff --git a/databases/postgresql92/Makefile.common b/databases/postgresql92/Makefile.common index 1eeb08422c0..e5413a6f78e 100644 --- a/databases/postgresql92/Makefile.common +++ b/databases/postgresql92/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.4 2013/02/09 11:19:17 adam Exp $ +# $NetBSD: Makefile.common,v 1.5 2013/04/04 21:08:36 adam Exp $ # # used by databases/postgresql92-adminpack/Makefile # used by databases/postgresql92-client/Makefile @@ -21,7 +21,7 @@ # <lang>-postgresql client-side interface to PostgreSQL # postgresql-<lang> server-side module for PostgreSQL backend -DISTNAME= postgresql-9.2.3 +DISTNAME= postgresql-9.2.4 CATEGORIES= databases MASTER_SITES= ${MASTER_SITE_PGSQL:=source/v${PKGVERSION_NOREV}/} EXTRACT_SUFX= .tar.bz2 diff --git a/databases/postgresql92/distinfo b/databases/postgresql92/distinfo index dc891cf85a3..408b1c2a0e2 100644 --- a/databases/postgresql92/distinfo +++ b/databases/postgresql92/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.3 2013/02/09 11:19:17 adam Exp $ +$NetBSD: distinfo,v 1.4 2013/04/04 21:08:36 adam Exp $ -SHA1 (postgresql-9.2.3.tar.bz2) = fe46685c36f6a7a04edd67be5695b4f5acebedff -RMD160 (postgresql-9.2.3.tar.bz2) = bcbb159c411d068bc038f37bb40c030f70c3ac2a -Size (postgresql-9.2.3.tar.bz2) = 16371616 bytes +SHA1 (postgresql-9.2.4.tar.bz2) = 75b53c884cb10ed9404747b51677358f12082152 +RMD160 (postgresql-9.2.4.tar.bz2) = 7d3f523e20e79651ca0dbfe2c8ee240da52cb404 +Size (postgresql-9.2.4.tar.bz2) = 16395184 bytes SHA1 (patch-config_missing) = c2d7d742922ba6861e7660c75b7b53f09e564813 SHA1 (patch-config_perl.m4) = c7e5aaff1c47d2e33df7692a412ef984c77ffcc0 SHA1 (patch-configure) = 21b27add570cff1a24c440201eb1ed49f8223747 SHA1 (patch-contrib_dblink_Makefile) = 4960ad57d42465fae203870548e4c53f8a32ce04 -SHA1 (patch-contrib_dblink_dblink.c) = 0b867b256886765a6546c65e7e6a22795bd57218 +SHA1 (patch-contrib_dblink_dblink.c) = 245ce06df88837ba88142aea1d0ba787d65ddb45 SHA1 (patch-src_Makefile.shlib) = fedf35f38439a724fa6522e1aaef110c9909866a SHA1 (patch-src_backend_Makefile) = 76ddd3015d93b19cdd6000eaffc4f53cbd4965b5 SHA1 (patch-src_makefiles_Makefile.solaris) = 0168f5bc105ffc89d5db40907a08966d8465f5a0 diff --git a/databases/postgresql92/patches/patch-contrib_dblink_dblink.c b/databases/postgresql92/patches/patch-contrib_dblink_dblink.c index e195e18b391..cc6a8e91924 100644 --- a/databases/postgresql92/patches/patch-contrib_dblink_dblink.c +++ b/databases/postgresql92/patches/patch-contrib_dblink_dblink.c @@ -1,6 +1,6 @@ -$NetBSD: patch-contrib_dblink_dblink.c,v 1.1 2012/10/05 21:03:10 adam Exp $ +$NetBSD: patch-contrib_dblink_dblink.c,v 1.2 2013/04/04 21:08:36 adam Exp $ ---- contrib/dblink/dblink.c.orig 2012-09-19 21:47:58.000000000 +0000 +--- contrib/dblink/dblink.c.orig 2013-04-01 18:20:36.000000000 +0000 +++ contrib/dblink/dblink.c @@ -46,7 +46,7 @@ #include "parser/scansup.h" @@ -8,6 +8,6 @@ $NetBSD: patch-contrib_dblink_dblink.c,v 1.1 2012/10/05 21:03:10 adam Exp $ #include "utils/builtins.h" -#include "utils/fmgroids.h" +#include "postgresql/server/utils/fmgroids.h" + #include "utils/guc.h" #include "utils/lsyscache.h" #include "utils/memutils.h" - #include "utils/rel.h" |