From 488648470d89354f9445a87b6be793e0417526de Mon Sep 17 00:00:00 2001 From: wiz Date: Thu, 30 Jun 2005 01:50:10 +0000 Subject: Update postgresql74* packages to 7.4.8. Release Notes Release 7.4.8 Release date: 2005-05-09 This release contains a variety of fixes from 7.4.7, including several security-related issues. __________________________________________________________________ Migration to version 7.4.8 A dump/restore is not required for those running 7.4.X. However, it is one possible way of handling two significant security problems that have been found in the initial contents of 7.4.X system catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will automatically correct these problems. The larger security problem is that the built-in character set encoding conversion functions can be invoked from SQL commands by unprivileged users, but the functions were not designed for such use and are not secure against malicious choices of arguments. The fix involves changing the declared parameter list of these functions so that they can no longer be invoked from SQL commands. (This does not affect their normal use by the encoding conversion machinery.) The lesser problem is that the "contrib/tsearch2" module creates several functions that are misdeclared to return internal when they do not accept internal arguments. This breaks type safety for all functions using internal arguments. It is strongly recommended that all installations repair these errors, either by initdb or by following the manual repair procedures given below. The errors at least allow unprivileged database users to crash their server process, and may allow unprivileged users to gain the privileges of a database superuser. While here, fix postgresql74-client package installation on 2.0 (broken -X), and avoid the need for gtar in tcl-postgresql74. --- databases/postgresql74-client/Makefile | 6 +- databases/postgresql74-client/PLIST | 6 +- databases/postgresql74-client/files/man.client | 114 ++++++++++++++++++++++++ databases/postgresql74-client/files/man.exclude | 7 -- databases/postgresql74-docs/PLIST | 15 +++- databases/postgresql74-lib/PLIST | 3 +- databases/postgresql74/Makefile.common | 4 +- databases/postgresql74/distinfo | 9 +- databases/postgresql74/patches/patch-ah | 85 ------------------ databases/tcl-postgresql74/Makefile | 5 +- 10 files changed, 146 insertions(+), 108 deletions(-) create mode 100644 databases/postgresql74-client/files/man.client delete mode 100644 databases/postgresql74-client/files/man.exclude delete mode 100644 databases/postgresql74/patches/patch-ah (limited to 'databases') diff --git a/databases/postgresql74-client/Makefile b/databases/postgresql74-client/Makefile index 186391aa77b..2cd7b177d81 100644 --- a/databases/postgresql74-client/Makefile +++ b/databases/postgresql74-client/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.11 2005/05/16 01:32:22 jlam Exp $ +# $NetBSD: Makefile,v 1.12 2005/06/30 01:50:10 wiz Exp $ PKGNAME= postgresql74-client-${BASE_VERS} PKGREVISION= # empty @@ -24,8 +24,8 @@ pre-build: ../../src/include/parser/parse.h ../../src/include/utils/fmgroids.h post-install: - ${EGREP} -v "^#" ${FILESDIR}/man.exclude > ${WRKDIR}/man_tar_exclude - ${TAR} -zxm -C ${PREFIX}/man -X ${WRKDIR}/man_tar_exclude \ + ${EGREP} -v "^#" ${FILESDIR}/man.client > ${WRKDIR}/man_tar_files + ${TAR} -zxm -C ${PREFIX}/man -T ${WRKDIR}/man_tar_files \ -f ${WRKSRC}/doc/man.tar.gz .include "../../mk/bsd.prefs.mk" diff --git a/databases/postgresql74-client/PLIST b/databases/postgresql74-client/PLIST index 9d59f4ce450..67d071275fc 100644 --- a/databases/postgresql74-client/PLIST +++ b/databases/postgresql74-client/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2004/12/18 14:26:15 darcy Exp $ +@comment $NetBSD: PLIST,v 1.4 2005/06/30 01:50:10 wiz Exp $ bin/clusterdb bin/createdb bin/createlang @@ -182,6 +182,10 @@ ${PKGLOCALEDIR}/locale/sv/LC_MESSAGES/pg_dump.mo ${PKGLOCALEDIR}/locale/sv/LC_MESSAGES/pg_resetxlog.mo ${PKGLOCALEDIR}/locale/sv/LC_MESSAGES/pgscripts.mo ${PKGLOCALEDIR}/locale/sv/LC_MESSAGES/psql.mo +${PKGLOCALEDIR}/locale/tr/LC_MESSAGES/pg_controldata.mo +${PKGLOCALEDIR}/locale/tr/LC_MESSAGES/pg_resetxlog.mo +${PKGLOCALEDIR}/locale/tr/LC_MESSAGES/pgscripts.mo +${PKGLOCALEDIR}/locale/tr/LC_MESSAGES/psql.mo ${PKGLOCALEDIR}/locale/zh_CN/LC_MESSAGES/pg_controldata.mo ${PKGLOCALEDIR}/locale/zh_CN/LC_MESSAGES/pg_dump.mo ${PKGLOCALEDIR}/locale/zh_CN/LC_MESSAGES/pg_resetxlog.mo diff --git a/databases/postgresql74-client/files/man.client b/databases/postgresql74-client/files/man.client new file mode 100644 index 00000000000..1d8ff49d342 --- /dev/null +++ b/databases/postgresql74-client/files/man.client @@ -0,0 +1,114 @@ +# $NetBSD: man.client,v 1.1 2005/06/30 01:50:10 wiz Exp $ +# +man1/clusterdb.1 +man1/createdb.1 +man1/createlang.1 +man1/createuser.1 +man1/dropdb.1 +man1/droplang.1 +man1/dropuser.1 +man1/initdb.1 +man1/initlocation.1 +man1/ipcclean.1 +man1/pg_config.1 +man1/pg_controldata.1 +man1/pg_ctl.1 +man1/pg_dump.1 +man1/pg_dumpall.1 +man1/pg_resetxlog.1 +man1/pg_restore.1 +man1/psql.1 +man1/vacuumdb.1 +manl/abort.l +manl/alter_aggregate.l +manl/alter_conversion.l +manl/alter_database.l +manl/alter_domain.l +manl/alter_function.l +manl/alter_group.l +manl/alter_language.l +manl/alter_operator_class.l +manl/alter_schema.l +manl/alter_sequence.l +manl/alter_table.l +manl/alter_trigger.l +manl/alter_user.l +manl/analyze.l +manl/begin.l +manl/checkpoint.l +manl/close.l +manl/cluster.l +manl/comment.l +manl/commit.l +manl/copy.l +manl/create_aggregate.l +manl/create_cast.l +manl/create_constraint_trigger.l +manl/create_conversion.l +manl/create_database.l +manl/create_domain.l +manl/create_function.l +manl/create_group.l +manl/create_index.l +manl/create_language.l +manl/create_operator.l +manl/create_operator_class.l +manl/create_rule.l +manl/create_schema.l +manl/create_sequence.l +manl/create_table.l +manl/create_table_as.l +manl/create_trigger.l +manl/create_type.l +manl/create_user.l +manl/create_view.l +manl/deallocate.l +manl/declare.l +manl/delete.l +manl/drop_aggregate.l +manl/drop_cast.l +manl/drop_conversion.l +manl/drop_database.l +manl/drop_domain.l +manl/drop_function.l +manl/drop_group.l +manl/drop_index.l +manl/drop_language.l +manl/drop_operator.l +manl/drop_operator_class.l +manl/drop_rule.l +manl/drop_schema.l +manl/drop_sequence.l +manl/drop_table.l +manl/drop_trigger.l +manl/drop_type.l +manl/drop_user.l +manl/drop_view.l +manl/end.l +manl/execute.l +manl/explain.l +manl/fetch.l +manl/grant.l +manl/insert.l +manl/listen.l +manl/load.l +manl/lock.l +manl/move.l +manl/notify.l +manl/prepare.l +manl/reindex.l +manl/reset.l +manl/revoke.l +manl/rollback.l +manl/select.l +manl/select_into.l +manl/set.l +manl/set_constraints.l +manl/set_session_authorization.l +manl/set_transaction.l +manl/show.l +manl/start_transaction.l +manl/truncate.l +manl/unlisten.l +manl/update.l +manl/vacuum.l diff --git a/databases/postgresql74-client/files/man.exclude b/databases/postgresql74-client/files/man.exclude deleted file mode 100644 index f85ba8b2ec8..00000000000 --- a/databases/postgresql74-client/files/man.exclude +++ /dev/null @@ -1,7 +0,0 @@ -# $NetBSD: man.exclude,v 1.1.1.1 2004/04/19 00:03:25 recht Exp $ -# -man1/ecpg.1 -man1/pgtclsh.1 -man1/pgtksh.1 -man1/postgres.1 -man1/postmaster.1 diff --git a/databases/postgresql74-docs/PLIST b/databases/postgresql74-docs/PLIST index 224897a6fab..e9bf6880d79 100644 --- a/databases/postgresql74-docs/PLIST +++ b/databases/postgresql74-docs/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2004/06/27 16:38:32 recht Exp $ +@comment $NetBSD: PLIST,v 1.4 2005/06/30 01:50:11 wiz Exp $ share/doc/postgresql/FAQ share/doc/postgresql/FAQ_AIX share/doc/postgresql/FAQ_DEV @@ -432,16 +432,29 @@ share/doc/postgresql/release-7-2-1.html share/doc/postgresql/release-7-2-2.html share/doc/postgresql/release-7-2-3.html share/doc/postgresql/release-7-2-4.html +share/doc/postgresql/release-7-2-5.html +share/doc/postgresql/release-7-2-6.html +share/doc/postgresql/release-7-2-7.html +share/doc/postgresql/release-7-2-8.html share/doc/postgresql/release-7-2.html share/doc/postgresql/release-7-3-1.html +share/doc/postgresql/release-7-3-10.html share/doc/postgresql/release-7-3-2.html share/doc/postgresql/release-7-3-3.html share/doc/postgresql/release-7-3-4.html share/doc/postgresql/release-7-3-5.html share/doc/postgresql/release-7-3-6.html +share/doc/postgresql/release-7-3-7.html +share/doc/postgresql/release-7-3-8.html +share/doc/postgresql/release-7-3-9.html share/doc/postgresql/release-7-3.html share/doc/postgresql/release-7-4-1.html share/doc/postgresql/release-7-4-2.html +share/doc/postgresql/release-7-4-3.html +share/doc/postgresql/release-7-4-4.html +share/doc/postgresql/release-7-4-5.html +share/doc/postgresql/release-7-4-6.html +share/doc/postgresql/release-7-4-7.html share/doc/postgresql/release-7-4.html share/doc/postgresql/release.html share/doc/postgresql/resources.html diff --git a/databases/postgresql74-lib/PLIST b/databases/postgresql74-lib/PLIST index 9bac0a7cf77..3b2ffb4f053 100644 --- a/databases/postgresql74-lib/PLIST +++ b/databases/postgresql74-lib/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2004/12/18 14:26:15 darcy Exp $ +@comment $NetBSD: PLIST,v 1.5 2005/06/30 01:50:11 wiz Exp $ bin/ecpg bin/pg_config include/ecpg_informix.h @@ -385,6 +385,7 @@ ${PKGLOCALEDIR}/locale/pt_BR/LC_MESSAGES/libpq.mo ${PKGLOCALEDIR}/locale/ru/LC_MESSAGES/libpq.mo ${PKGLOCALEDIR}/locale/sl/LC_MESSAGES/libpq.mo ${PKGLOCALEDIR}/locale/sv/LC_MESSAGES/libpq.mo +${PKGLOCALEDIR}/locale/tr/LC_MESSAGES/libpq.mo ${PKGLOCALEDIR}/locale/zh_CN/LC_MESSAGES/libpq.mo ${PKGLOCALEDIR}/locale/zh_TW/LC_MESSAGES/libpq.mo share/postgresql/pg_service.conf.sample diff --git a/databases/postgresql74/Makefile.common b/databases/postgresql74/Makefile.common index 849bce12d7d..e41cdf46cbc 100644 --- a/databases/postgresql74/Makefile.common +++ b/databases/postgresql74/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.23 2005/05/22 20:07:46 jlam Exp $ +# $NetBSD: Makefile.common,v 1.24 2005/06/30 01:50:10 wiz Exp $ # # This Makefile fragment is included by all PostgreSQL packages built from # the main sources of the PostgreSQL distribution except jdbc-postgresql. @@ -36,7 +36,7 @@ PATCHDIR?= ${.CURDIR}/../postgresql74/patches # BASE_VERS pkgsrc-mangled version number (convert pl -> .) # # Note: Do not forget jdbc-postgresql when updating version -DIST_VERS?= 7.4.7 +DIST_VERS?= 7.4.8 BASE_VERS?= ${DIST_VERS} BUILDLINK_DEPENDS.postgresql74-lib?= postgresql74-lib>=${BASE_VERS} diff --git a/databases/postgresql74/distinfo b/databases/postgresql74/distinfo index 9b1d183be58..22537e787c4 100644 --- a/databases/postgresql74/distinfo +++ b/databases/postgresql74/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $ +$NetBSD: distinfo,v 1.18 2005/06/30 01:50:10 wiz Exp $ -SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8 -RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346 -Size (postgresql-7.4.7.tar.bz2) = 10235394 bytes +SHA1 (postgresql-7.4.8.tar.bz2) = a565ff14e1a3b58a151b219bcffcf53dfc62ec41 +RMD160 (postgresql-7.4.8.tar.bz2) = 3ee8c70e0506e2a49bae20bc2282391513ee9d65 +Size (postgresql-7.4.8.tar.bz2) = 10235413 bytes SHA1 (patch-aa) = 626b4b4bf0d47913072399535c55d413b90675a4 SHA1 (patch-ab) = f44a544c56452bad197a88cb827e88624c54656c SHA1 (patch-ac) = 81ef677cc5d196762b6cc3c3e38dee4a37e75ac2 @@ -10,4 +10,3 @@ SHA1 (patch-ad) = fae5e82e0943ea982c9d3aace290b56c6a7629f9 SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48 SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414 -SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2 diff --git a/databases/postgresql74/patches/patch-ah b/databases/postgresql74/patches/patch-ah deleted file mode 100644 index 410688199b1..00000000000 --- a/databases/postgresql74/patches/patch-ah +++ /dev/null @@ -1,85 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2005/03/17 22:35:48 jschauma Exp $ - ---- src/pl/plpgsql/src/gram.y.orig 2005-01-20 19:31:21.000000000 -0500 -+++ src/pl/plpgsql/src/gram.y 2005-03-17 17:29:03.000000000 -0500 -@@ -1713,6 +1713,15 @@ - } - } - -+ /* Check for array overflow */ -+ if (nparams >= 1024) -+ { -+ plpgsql_error_lineno = lno; -+ ereport(ERROR, -+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), -+ errmsg("too many variables specified in SQL statement"))); -+ } -+ - expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int)); - expr->dtype = PLPGSQL_DTYPE_EXPR; - expr->query = strdup(plpgsql_dstring_get(&ds)); -@@ -1856,6 +1865,15 @@ - - while ((tok = yylex()) == ',') - { -+ /* Check for array overflow */ -+ if (nfields >= 1024) -+ { -+ plpgsql_error_lineno = plpgsql_scanner_lineno(); -+ ereport(ERROR, -+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), -+ errmsg("too many variables specified in SQL statement"))); -+ } -+ - tok = yylex(); - switch(tok) - { -@@ -1918,6 +1936,15 @@ - plpgsql_dstring_append(&ds, yytext); - break; - } -+ -+ /* Check for array overflow */ -+ if (nparams >= 1024) -+ { -+ plpgsql_error_lineno = plpgsql_scanner_lineno(); -+ ereport(ERROR, -+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), -+ errmsg("too many variables specified in SQL statement"))); -+ } - } - - expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int)); -@@ -1952,12 +1979,12 @@ - - return (PLpgSQL_stmt *)execsql; - } --} -+ } - - --static PLpgSQL_stmt * --make_fetch_stmt(void) --{ -+ static PLpgSQL_stmt * -+ make_fetch_stmt(void) -+ { - int tok; - PLpgSQL_row *row = NULL; - PLpgSQL_rec *rec = NULL; -@@ -1989,6 +2016,15 @@ - - while ((tok = yylex()) == ',') - { -+ /* Check for array overflow */ -+ if (nfields >= 1024) -+ { -+ plpgsql_error_lineno = plpgsql_scanner_lineno(); -+ ereport(ERROR, -+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), -+ errmsg("too many variables specified in SQL statement"))); -+ } -+ - tok = yylex(); - switch(tok) - { diff --git a/databases/tcl-postgresql74/Makefile b/databases/tcl-postgresql74/Makefile index 1f72aa7c967..ce03188acaf 100644 --- a/databases/tcl-postgresql74/Makefile +++ b/databases/tcl-postgresql74/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.2 2005/05/16 01:15:30 jlam Exp $ +# $NetBSD: Makefile,v 1.3 2005/06/30 01:50:11 wiz Exp $ PKGNAME= tcl-postgresql74-${BASE_VERS} COMMENT= Tcl interface to PostgreSQL .include "../postgresql74/Makefile.common" -PKGSRC_USE_TOOLS+= gtar CONFIGURE_ARGS+= --with-openssl=${SSLBASE} CONFIGURE_ARGS+= --with-tcl CONFIGURE_ARGS+= --with-tclconfig="${BUILDLINK_PREFIX.tcl}/lib" @@ -18,7 +17,7 @@ BUILD_DIRS+= ${WRKSRC}/src/interfaces/libpgtcl BUILD_DIRS+= ${WRKSRC}/src/bin/pgtclsh post-install: - ${GTAR} zxCf ${PREFIX}/man ${WRKSRC}/doc/man.tar.gz \ + cd ${PREFIX}/man && ${TAR} -zxf ${WRKSRC}/doc/man.tar.gz \ `${SED} -e "s|#.*||" ${FILESDIR}/man.tcl` .include "../postgresql74-lib/buildlink3.mk" -- cgit v1.2.3