Re: security: postgresql 9.4.6

Fri, 12 Feb 2016 10:07:54 -0800 

Le 12 février 2016 18:31:06 GMT+01:00, Stuart Henderson <s...@spacehopper.org> 
a écrit :
>"This release closes security hole CVE-2016-0773, an issue with regular
>expression (regex) parsing. Prior code allowed users to pass in
>expressions which included out-of-range Unicode characters, triggering
>a
>backend crash. This issue is critical for PostgreSQL systems with
>untrusted users or which generate regexes based on user input."
>
>(there's also a security fix for PL/Java but we don't package that,
>and some other bugfixes some of which are fairly important, see
>http://www.postgresql.org/docs/current/static/release-9-4-6.html).
>
>OK?
>
>Index: Makefile
>===================================================================
>RCS file: /cvs/ports/databases/postgresql/Makefile,v
>retrieving revision 1.208
>diff -u -p -r1.208 Makefile
>--- Makefile   3 Nov 2015 09:35:31 -0000       1.208
>+++ Makefile   12 Feb 2016 17:29:29 -0000
>@@ -11,7 +11,7 @@ BROKEN-sparc=        Requires v9|v9a|v9b; reque
># DO NOT FORGET to also change the @ask-update entry in
>pkg/PLIST-server
> # in case a dump before / restore after pkg_add -u is required!
> 
>-VERSION=      9.4.5
>+VERSION=      9.4.6
> DISTNAME=     postgresql-${VERSION}
> PKGNAME-main= postgresql-client-${VERSION}
> PKGNAME-server=       postgresql-server-${VERSION}
>Index: distinfo
>===================================================================
>RCS file: /cvs/ports/databases/postgresql/distinfo,v
>retrieving revision 1.58
>diff -u -p -r1.58 distinfo
>--- distinfo   3 Nov 2015 09:35:31 -0000       1.58
>+++ distinfo   12 Feb 2016 17:29:29 -0000
>@@ -1,2 +1,2 @@
>-SHA256 (postgresql-9.4.5.tar.gz) =
>qh15GK54Kg/F4Yhv1GP8iQPl/8PrbTtRUABlrsmIohA=
>-SIZE (postgresql-9.4.5.tar.gz) = 23211720
>+SHA256 (postgresql-9.4.6.tar.gz) =
>yTINOQEO7uR7rbqD8EzjJGLzHl5jI+y6NJCay0sKwFk=
>+SIZE (postgresql-9.4.6.tar.gz) = 23249307
>Index: patches/patch-src_backend_libpq_ip_c
>===================================================================
>RCS file:
>/cvs/ports/databases/postgresql/patches/patch-src_backend_libpq_ip_c,v
>retrieving revision 1.1
>diff -u -p -r1.1 patch-src_backend_libpq_ip_c
>--- patches/patch-src_backend_libpq_ip_c       18 Feb 2015 17:49:56 -0000      
>1.1
>+++ patches/patch-src_backend_libpq_ip_c       12 Feb 2016 17:29:29 -0000
>@@ -3,9 +3,9 @@ $OpenBSD: patch-src_backend_libpq_ip_c,v
> Use the address family from the address, not from the netmask,
> since the latter is unreliable. Fixes "samenet"/"samehost".
> 
>---- src/backend/libpq/ip.c.orig       Mon Feb 16 23:36:42 2015
>-+++ src/backend/libpq/ip.c    Mon Feb 16 23:47:56 2015
>-@@ -496,17 +496,16 @@ run_ifaddr_callback(PgIfAddrCallback callback,
>void *c
>+--- src/backend/libpq/ip.c.orig       Mon Feb  8 21:15:19 2016
>++++ src/backend/libpq/ip.c    Fri Feb 12 17:18:09 2016
>+@@ -423,17 +423,16 @@ run_ifaddr_callback(PgIfAddrCallback callback,
>void *c
>       /* Check that the mask is valid */
>       if (mask)
>       {
>Index: patches/patch-src_include_storage_s_lock_h
>===================================================================
>RCS file:
>/cvs/ports/databases/postgresql/patches/patch-src_include_storage_s_lock_h,v
>retrieving revision 1.2
>diff -u -p -r1.2 patch-src_include_storage_s_lock_h
>--- patches/patch-src_include_storage_s_lock_h 16 Jan 2015 20:43:48
>-0000  1.2
>+++ patches/patch-src_include_storage_s_lock_h 12 Feb 2016 17:29:29
>-0000
>@@ -1,7 +1,7 @@
>$OpenBSD: patch-src_include_storage_s_lock_h,v 1.2 2015/01/16 20:43:48
>landry Exp $
>---- src/include/storage/s_lock.h.orig Mon Dec 15 18:07:34 2014
>-+++ src/include/storage/s_lock.h      Fri Jan 16 06:16:48 2015
>-@@ -745,6 +745,29 @@ typedef unsigned char slock_t;
>+--- src/include/storage/s_lock.h.orig Mon Feb  8 21:15:19 2016
>++++ src/include/storage/s_lock.h      Fri Feb 12 17:18:09 2016
>+@@ -749,6 +749,29 @@ typedef unsigned char slock_t;
>  #endif
>  
>  
>Index: patches/patch-src_interfaces_ecpg_compatlib_Makefile
>===================================================================
>RCS file:
>/cvs/ports/databases/postgresql/patches/patch-src_interfaces_ecpg_compatlib_Makefile,v
>retrieving revision 1.9
>diff -u -p -r1.9 patch-src_interfaces_ecpg_compatlib_Makefile
>--- patches/patch-src_interfaces_ecpg_compatlib_Makefile       8 Jan 2015
>15:01:11 -0000 1.9
>+++ patches/patch-src_interfaces_ecpg_compatlib_Makefile       12 Feb 2016
>17:29:29 -0000
>@@ -1,6 +1,6 @@
>$OpenBSD: patch-src_interfaces_ecpg_compatlib_Makefile,v 1.9 2015/01/08
>15:01:11 pea Exp $
>---- src/interfaces/ecpg/compatlib/Makefile.orig       Mon May  6 13:57:06
>2013
>-+++ src/interfaces/ecpg/compatlib/Makefile    Thu May 16 15:15:48 2013
>+--- src/interfaces/ecpg/compatlib/Makefile.orig       Mon Feb  8 21:15:19
>2016
>++++ src/interfaces/ecpg/compatlib/Makefile    Fri Feb 12 17:18:09 2016
> @@ -14,8 +14,8 @@ top_builddir = ../../../..
>  include $(top_builddir)/src/Makefile.global
>  
>@@ -11,4 +11,4 @@ $OpenBSD: patch-src_interfaces_ecpg_comp
> +SO_MINOR_VERSION= ${LIBecpg_compat_MINOR}
>  
>override CPPFLAGS := -I../include
>-I$(top_srcdir)/src/interfaces/ecpg/include \
>-      -I$(libpq_srcdir) -I$(top_srcdir)/src/include/utils $(CPPFLAGS)
>+      -I$(libpq_srcdir) -I$(top_srcdir)/src/include/utils -DFRONTEND
>$(CPPFLAGS)
>Index: patches/patch-src_interfaces_ecpg_pgtypeslib_Makefile
>===================================================================
>RCS file:
>/cvs/ports/databases/postgresql/patches/patch-src_interfaces_ecpg_pgtypeslib_Makefile,v
>retrieving revision 1.9
>diff -u -p -r1.9 patch-src_interfaces_ecpg_pgtypeslib_Makefile
>--- patches/patch-src_interfaces_ecpg_pgtypeslib_Makefile      8 Jan 2015
>15:01:11 -0000 1.9
>+++ patches/patch-src_interfaces_ecpg_pgtypeslib_Makefile      12 Feb 2016
>17:29:29 -0000
>@@ -1,6 +1,6 @@
>$OpenBSD: patch-src_interfaces_ecpg_pgtypeslib_Makefile,v 1.9
>2015/01/08 15:01:11 pea Exp $
>---- src/interfaces/ecpg/pgtypeslib/Makefile.orig      Mon May  6 13:57:06
>2013
>-+++ src/interfaces/ecpg/pgtypeslib/Makefile   Thu May 16 15:17:02 2013
>+--- src/interfaces/ecpg/pgtypeslib/Makefile.orig      Mon Feb  8 21:15:19
>2016
>++++ src/interfaces/ecpg/pgtypeslib/Makefile   Fri Feb 12 17:18:09 2016
> @@ -14,8 +14,9 @@ top_builddir = ../../../..
>  include $(top_builddir)/src/Makefile.global
>  
>@@ -12,4 +12,4 @@ $OpenBSD: patch-src_interfaces_ecpg_pgty
> +
>  
>override CPPFLAGS := -I../include
>-I$(top_srcdir)/src/interfaces/ecpg/include \
>-      -I$(top_srcdir)/src/include/utils -I$(libpq_srcdir) $(CPPFLAGS)
>+      -I$(top_srcdir)/src/include/utils -I$(libpq_srcdir) -DFRONTEND
>$(CPPFLAGS)
>Index: pkg/PLIST-docs
>===================================================================
>RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
>retrieving revision 1.70
>diff -u -p -r1.70 PLIST-docs
>--- pkg/PLIST-docs     3 Nov 2015 09:35:31 -0000       1.70
>+++ pkg/PLIST-docs     12 Feb 2016 17:29:29 -0000
>@@ -848,6 +848,7 @@ share/doc/postgresql/html/release-9-1-17
> share/doc/postgresql/html/release-9-1-18.html
> share/doc/postgresql/html/release-9-1-19.html
> share/doc/postgresql/html/release-9-1-2.html
>+share/doc/postgresql/html/release-9-1-20.html
> share/doc/postgresql/html/release-9-1-3.html
> share/doc/postgresql/html/release-9-1-4.html
> share/doc/postgresql/html/release-9-1-5.html
>@@ -862,6 +863,7 @@ share/doc/postgresql/html/release-9-2-11
> share/doc/postgresql/html/release-9-2-12.html
> share/doc/postgresql/html/release-9-2-13.html
> share/doc/postgresql/html/release-9-2-14.html
>+share/doc/postgresql/html/release-9-2-15.html
> share/doc/postgresql/html/release-9-2-2.html
> share/doc/postgresql/html/release-9-2-3.html
> share/doc/postgresql/html/release-9-2-4.html
>@@ -873,6 +875,7 @@ share/doc/postgresql/html/release-9-2-9.
> share/doc/postgresql/html/release-9-2.html
> share/doc/postgresql/html/release-9-3-1.html
> share/doc/postgresql/html/release-9-3-10.html
>+share/doc/postgresql/html/release-9-3-11.html
> share/doc/postgresql/html/release-9-3-2.html
> share/doc/postgresql/html/release-9-3-3.html
> share/doc/postgresql/html/release-9-3-4.html
>@@ -887,11 +890,13 @@ share/doc/postgresql/html/release-9-4-2.
> share/doc/postgresql/html/release-9-4-3.html
> share/doc/postgresql/html/release-9-4-4.html
> share/doc/postgresql/html/release-9-4-5.html
>+share/doc/postgresql/html/release-9-4-6.html
> share/doc/postgresql/html/release-9-4.html
> share/doc/postgresql/html/release.html
> share/doc/postgresql/html/resources.html
> share/doc/postgresql/html/role-attributes.html
> share/doc/postgresql/html/role-membership.html
>+share/doc/postgresql/html/role-removal.html
> share/doc/postgresql/html/routine-reindex.html
> share/doc/postgresql/html/routine-vacuuming.html
> share/doc/postgresql/html/row-estimation-examples.html
>Index: pkg/PLIST-main
>===================================================================
>RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-main,v
>retrieving revision 1.25
>diff -u -p -r1.25 PLIST-main
>--- pkg/PLIST-main     22 May 2015 11:31:11 -0000      1.25
>+++ pkg/PLIST-main     12 Feb 2016 17:29:29 -0000
>@@ -84,6 +84,7 @@ lib/postgresql/
> lib/postgresql/pgxs/
> lib/postgresql/pgxs/config/
> lib/postgresql/pgxs/config/install-sh
>+lib/postgresql/pgxs/config/missing
> lib/postgresql/pgxs/src/
> lib/postgresql/pgxs/src/Makefile.global
> lib/postgresql/pgxs/src/Makefile.port

Yes please commit. I'm not at home and have intermitent net acces.
Thanks
-- 
Pierre-Emmanuel André <pea at raveland.org>
GPG key: 0x487CE475

Reply via email to