diff options
| author | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
| commit | cb7095580ab18262f02e705d5ca622063ac42137 (patch) | |
| tree | 80c7435d598076d59e5b3c15db33a97bd3db4769 /mk | |
| parent | 5bf004b2cbb9e7c089d7faa3e34b43a29e725d81 (diff) | |
| download | pkgsrc-cb7095580ab18262f02e705d5ca622063ac42137.tar.gz | |
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/pgsql.buildlink3.mk | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/mk/pgsql.buildlink3.mk b/mk/pgsql.buildlink3.mk index 224b72ba7a8..4279e2e61d8 100644 --- a/mk/pgsql.buildlink3.mk +++ b/mk/pgsql.buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: pgsql.buildlink3.mk,v 1.34 2012/10/05 21:09:02 adam Exp $ +# $NetBSD: pgsql.buildlink3.mk,v 1.35 2013/04/04 21:08:25 adam Exp $ # # User-settable variables: # @@ -25,7 +25,7 @@ _SYS_VARS.pgsql= PG_LIB_EXT PGSQL_TYPE PGPKGSRCDIR .include "../../mk/bsd.prefs.mk" PGSQL_VERSION_DEFAULT?= 91 -PGSQL_VERSIONS_ACCEPTED?= 92 91 90 84 83 +PGSQL_VERSIONS_ACCEPTED?= 92 91 90 84 # transform the list into individual variables .for pv in ${PGSQL_VERSIONS_ACCEPTED} @@ -52,9 +52,6 @@ _PGSQL_VERSION_90_INSTALLED= yes . if exists(${LOCALBASE}/lib/libecpg.6.1.dylib) _PGSQL_VERSION_84_INSTALLED= yes . endif -. if exists(${LOCALBASE}/lib/libecpg.6.0.dylib) -_PGSQL_VERSION_83_INSTALLED= yes -. endif .else . if exists(${LOCALBASE}/lib/libecpg.so.6.4) _PGSQL_VERSION_92_INSTALLED= yes @@ -68,9 +65,6 @@ _PGSQL_VERSION_90_INSTALLED= yes . if exists(${LOCALBASE}/lib/libecpg.so.6.1) _PGSQL_VERSION_84_INSTALLED= yes . endif -. if exists(${LOCALBASE}/lib/libecpg.so.6.0) -_PGSQL_VERSION_83_INSTALLED= yes -. endif .endif # if a version is explicitely required, take it @@ -107,9 +101,7 @@ _PGSQL_VERSION= ${PGSQL_VERSION_DEFAULT} _PGSQL_VERSION= ${_PGSQL_VERSION_FIRSTACCEPTED} .endif -# # set variables for the version we decided to use: -# .if ${_PGSQL_VERSION} == "92" PGSQL_TYPE= postgresql92-client PGPKGSRCDIR= ../../databases/postgresql92-client @@ -122,9 +114,6 @@ PGPKGSRCDIR= ../../databases/postgresql90-client .elif ${_PGSQL_VERSION} == "84" PGSQL_TYPE= postgresql84-client PGPKGSRCDIR= ../../databases/postgresql84-client -.elif ${_PGSQL_VERSION} == "83" -PGSQL_TYPE= postgresql83-client -PGPKGSRCDIR= ../../databases/postgresql83-client .else # force an error PGSQL_TYPE= none |