Critical SECURITY update to PostgreSQL, fixing CVE-2013-1899,

CVE-2013-1900 and CVE-2013-1901. ok jasper@

"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center."   http://www.postgresql.org/about/news/1456/
This commit is contained in:
sthen 2013-04-04 14:45:46 +00:00
parent 050aa0ae59
commit 20b4cba0fb
3 changed files with 13 additions and 8 deletions

View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.172 2013/03/11 02:52:07 espie Exp $
# $OpenBSD: Makefile,v 1.173 2013/04/04 14:45:46 sthen Exp $
COMMENT-main= PostgreSQL RDBMS (client)
COMMENT-server= PostgreSQL RDBMS (server)
COMMENT-docs= PostgreSQL RDBMS documentation
COMMENT-contrib=PostgreSQL RDBMS contributions
VERSION= 9.2.3
VERSION= 9.2.4
DISTNAME= postgresql-${VERSION}
PKGNAME-main= postgresql-client-${VERSION}
PKGNAME-server= postgresql-server-${VERSION}
@ -26,9 +26,10 @@ MAINTAINER= Pierre-Emmanuel Andre <pea@openbsd.org>
PERMIT_PACKAGE_CDROM= Yes
WANTLIB= c com_err crypto m readline ssl termcap z
MASTER_SITES= ftp://ftp5.us.postgresql.org/pub/PostgreSQL/source/v${VERSION}/ \
ftp://ftp5.es.postgresql.org/mirror/postgresql/source/v${VERSION}/ \
ftp://ftp.postgresql.org/pub/source/v${VERSION}/
MASTER_SITES= http://ftp.postgresql.org/pub/source/v${VERSION}/ \
http://ftp5.es.postgresql.org/mirror/postgresql/source/v${VERSION}/ \
ftp://ftp.postgresql.org/pub/source/v${VERSION}/ \
ftp://ftp5.us.postgresql.org/pub/PostgreSQL/source/v${VERSION}/
MULTI_PACKAGES= -docs -main -server -contrib

View File

@ -1,2 +1,2 @@
SHA256 (postgresql-9.2.3.tar.gz) = rWZEzajyM2gZdiheh3aqH06OmVMON62MXkILqVJoh+A=
SIZE (postgresql-9.2.3.tar.gz) = 21490350
SHA256 (postgresql-9.2.4.tar.gz) = 8IQO3Px3gMRAeXQJIc+bUbN64oNVgO30eOjwOEEWai8=
SIZE (postgresql-9.2.4.tar.gz) = 21539369

View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-docs,v 1.59 2013/02/07 17:29:05 jasper Exp $
@comment $OpenBSD: PLIST-docs,v 1.60 2013/04/04 14:45:46 sthen Exp $
share/doc/postgresql/
share/doc/postgresql/COPYRIGHT
share/doc/postgresql/HISTORY
@ -767,6 +767,7 @@ share/doc/postgresql/html/release-8-4-13.html
share/doc/postgresql/html/release-8-4-14.html
share/doc/postgresql/html/release-8-4-15.html
share/doc/postgresql/html/release-8-4-16.html
share/doc/postgresql/html/release-8-4-17.html
share/doc/postgresql/html/release-8-4-2.html
share/doc/postgresql/html/release-8-4-3.html
share/doc/postgresql/html/release-8-4-4.html
@ -780,6 +781,7 @@ share/doc/postgresql/html/release-9-0-1.html
share/doc/postgresql/html/release-9-0-10.html
share/doc/postgresql/html/release-9-0-11.html
share/doc/postgresql/html/release-9-0-12.html
share/doc/postgresql/html/release-9-0-13.html
share/doc/postgresql/html/release-9-0-2.html
share/doc/postgresql/html/release-9-0-3.html
share/doc/postgresql/html/release-9-0-4.html
@ -797,10 +799,12 @@ share/doc/postgresql/html/release-9-1-5.html
share/doc/postgresql/html/release-9-1-6.html
share/doc/postgresql/html/release-9-1-7.html
share/doc/postgresql/html/release-9-1-8.html
share/doc/postgresql/html/release-9-1-9.html
share/doc/postgresql/html/release-9-1.html
share/doc/postgresql/html/release-9-2-1.html
share/doc/postgresql/html/release-9-2-2.html
share/doc/postgresql/html/release-9-2-3.html
share/doc/postgresql/html/release-9-2-4.html
share/doc/postgresql/html/release-9-2.html
share/doc/postgresql/html/release.html
share/doc/postgresql/html/resources.html