This patch fixes a problem where low privileged users can invoke the
LOAD extension to load arbitrary libraries into the postgres process
space.
ok peter.galbavy at knowtion.net
- Rework WANTLIB as this port has SUBPACKAGES
- Replace RUN_DEPENDS with LIB_DEPENDS
- Add PKG_ARCH
- Bump PKGNAME
ok sturm@, Brandon Palmer (MAINTAINER)
Changes in the package layout means that there is now a -client and
-server subpackage, and users no longer need to decide which, as
the -server depends on the -client, just like the sane cases in
mysql and openldap.
Other changes include:
* Removal of the tcl FLAVOR until someone with more tcl/tk knowledge
can make it work correctly.
* The INSTALL-server script now created a _postgresql user and group
if they don't already exist, and also a default database in
/var/postgresql if that directory also doesn't exist.
* The port is marked for NO_SHARED_ARCHS as the -server subpackage
needs shared lib support to build.
* The port will build with spinlocks disabled on hppa until someone
can check and test this problem more closely.
Built and checked on i386, sparc64, amd64, macppc (waiting for regress
test feedback).
Dependent packages will be updated after this commit, shortly.
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
in the abstract data type (ADT) to ASCII conversion functions.
It is believed that, under the right circumstances, an attacker may use
this vulnerability to execute arbitrary instructions on the PostgreSQL
server.
ok Brandon Palmer (maintainer)
The license says:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose, without fee, and without a written agreement
is hereby granted, provided that the above copyright notice and this
paragraph and the following two paragraphs appear in all copies.
noticed by markus@
- .else if -> .elif
- remove unnecessary symlinks used on "other" ELF-based systems which were
intentionally removed awhile back
--
Ok'd by: Brandon Palmer <bpalmer@crimelabs.net>
* The package is now called `postgresql' and not `pgsql'.
* The default user that is suggested for the admin account is also
`postgresql'. This will work with OpenBSD-current with long username
support. If anything breaks please report to the maintainers.
* pgwrap is no longer shipped or supported
* Please note, you will HAVE TO BACKUP your old data if you are
upgrading from a previous release of postgresql. Do this before
removing the old pgsql package.
From the announcement last weekend:
Key New Features and Capabilities of Version 7.1 Include:
* Write-ahead Log (WAL) increases data integrity and processing
speed. To maintain database consistency in case of an operating
system crash, previous releases of PostgreSQL have forced all all
data modifications to disk before each transaction commit. With
WAL, only one log file must be flushed to disk, greatly improving
performance. (Tech note: can eliminate use of -F in to disable disk
flushes)
* TOAST (The Oversized-Attribute Storage Technique) Past releases
had compiled-in row length limit typically between 8Kb & 32Kb. This
restriction made storage of long text fields difficult, cumbersome
and slow. TOAST enables rows of any length while maintaing the high
performance PostgreSQL users have come to expect.
* SQL92 Outer Joins are now supported. (Tech note: eliminates the
UNION/NOT IN workaround)
* 64-bit C Language Function Manager support The previous C function
manager did not handle support 64-bit CPU's (e.g. Alpha, Sun,
Itanium). (Tech note: This change should not impact existing custom
functions developed for past versions, but performance will be
improved through rewriting to use the new call interface.)
* Complex Queries that are better, stronger and faster Many complex
queries were unsupported in previous releases. With v7.1 combinations
of views, aggregates, UNION, LIMIT, cursors, subqueries, and inherited
tables are enabled. Inherited tables are now accessed by default,
and subqueries in FROM are now supported.
- bump NEED_VERSION
- use PKGNAME-foo instead of overriding PKGNAME
- fixup INSTALL/DEINSTALL
- takeover as MAINTAINER until Pavel has a working e-mail address that
doesn't bounce.
