cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
31439b28cc
openbsd-ports/databases
History
mbalmer 2c2240c2f4 Security update to PostgreSQL version 8.1.3. 
Vulnerabilities in PostgreSQL SET ROLE/SET SESSION AUTHORIZATION

By issuing SET ROLE with a specially crafted argument, it is possible
for any logged-in database user to acquire the privileges of any other
database user, including superusers.  Database superuser status allows
access to the machine's filesystem and hence might be used to mount
remote attacks against the rest of the server's operating system.
This error exists in PostgreSQL releases 8.1.0 - 8.1.2 and is fixed in 8.1.3.

The same underlying bug exists in SET SESSION AUTHORIZATION in all
releases back to 7.3.  This variant cannot be exploited for privilege
escalation, because one must already be superuser to use SET SESSION
AUTHORIZATION.  However, if the server has been compiled with Asserts
enabled (which is not the default), then it is possible to trigger an
Assert failure before the privilege check is reached.  This would cause
a momentary denial of service to other database users.  This is repaired
in PostgreSQL releases 8.1.3, 8.0.7, 7.4.12, and 7.3.14.
2006-02-14 18:59:36 +00:00
..
db belated C++ libs bumps; ok espie@ 2006-01-17 14:25:32 +00:00
dbh kill a libtool -release that snuck in with the MODGNU_SHARED_LIBS removal 2006-01-12 20:53:35 +00:00
evolution-data-server remove some SHARED_LIBS work-arounds that are no longer necessary 2006-01-10 18:47:50 +00:00
freetds remove some SHARED_LIBS work-arounds that are no longer necessary 2006-01-10 18:47:50 +00:00
gdbm remove some SHARED_LIBS work-arounds that are no longer necessary 2006-01-10 18:47:50 +00:00
gnats clock_t is arch specific and comes from time.h, now 2005-11-30 21:51:44 +00:00
gq fix WANTLIB after gtk+2 downgrade 2006-01-16 17:14:40 +00:00
iodbc remove some SHARED_LIBS work-arounds that are no longer necessary 2006-01-10 18:47:50 +00:00
libpqxx Bump C++ shared libs numbers and corresponding package names, 2006-01-13 19:12:15 +00:00
luasqlite3 update to 0.3 2005-06-17 00:01:58 +00:00
mnemo Update to mnemo-h3-2.0.2 2005-10-31 15:18:48 +00:00
mysql Bump C++ shared libs numbers and corresponding package names, 2006-01-13 19:12:15 +00:00
mysql2pgsql SIZE 2005-01-05 16:22:24 +00:00
mysql-administrator fix WANTLIB after gtk+2 downgrade 2006-01-17 11:02:20 +00:00
mysql-query-browser fix WANTLIB after gtk+2 downgrade 2006-01-17 12:49:18 +00:00
mysqlcc use correct values of MYSQL_VERSION_IDs, brad@ agrees 2005-09-07 13:58:35 +00:00
mytop Import mytop 1.4 2005-05-17 18:18:36 +00:00
ocaml-postgresql update to ocaml-postgresql-1.4.6, prodded by bsdlist@mumak.com 2005-09-22 13:10:47 +00:00
openldap move any perl or sed substitutions from post-patch to pre-configure 2006-02-08 04:54:48 +00:00
p5-AsciiDB-TagFile SIZE 2005-01-05 16:22:24 +00:00
p5-BerkeleyDB update to v0.27; from Jasper Lievisse Adriaanse 2005-12-04 20:15:56 +00:00
p5-Class-DBI SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-AbstractSearch SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-AsForm SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-FromCGI SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-Loader SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-Loader-Relationship SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-mysql SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-Pager SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-Plugin-RetrieveAll SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-Plugin-Type SIZE 2005-01-05 16:22:24 +00:00
p5-Class-DBI-SQLite SIZE 2005-01-05 16:22:24 +00:00
p5-Data-Page SIZE 2005-01-05 16:22:24 +00:00
p5-DBD-CSV - update to 0.21 after lengthy maintainer timeout 2005-02-13 16:28:09 +00:00
p5-DBD-mysql oops 2005-07-27 08:31:14 +00:00
p5-DBD-mysqlPP SIZE 2005-01-05 16:22:24 +00:00
p5-DBD-Pg - update to 1.41 2005-05-03 17:05:45 +00:00
p5-DBD-SQLite sqlite is not needed for regression tests, so remove it. 2005-05-30 20:37:36 +00:00
p5-DBD-SQLite2 this port supports SQLite2 not 3 2005-09-26 17:28:13 +00:00
p5-DBD-Sybase fixed manpages with new make-plist. 2005-09-05 13:12:47 +00:00
p5-DBI SIZE 2005-01-05 16:22:24 +00:00
p5-DBIx-ContextualFetch update to 1.03 2006-01-07 10:22:10 +00:00
p5-DBIx-SearchBuilder - update to 1.27 2005-05-13 20:22:03 +00:00
p5-DBIx-XHTML_Table remove maintainer Shell Hung due to years of inactivity 2005-09-23 19:36:02 +00:00
p5-Ima-DBI SIZE 2005-01-05 16:22:24 +00:00
p5-ldap remove maintainer Shell Hung due to years of inactivity 2005-09-23 19:36:02 +00:00
p5-pgsql SIZE 2005-01-05 16:22:24 +00:00
p5-SQL-Abstract SIZE 2005-01-05 16:22:24 +00:00
p5-SQL-Statement SIZE 2005-01-05 16:22:24 +00:00
p5-sybperl fixed manpages with new make-plist. 2005-09-05 13:12:47 +00:00
p5-Tie-DBI remove peter galbavy as maintainer per his request 2005-07-06 23:18:09 +00:00
pear-DB Reuse DISTNAME for PKGNAME. 2005-03-02 14:11:17 +00:00
postgresql Security update to PostgreSQL version 8.1.3. 2006-02-14 18:59:36 +00:00
py-cdb SIZE 2005-01-05 16:22:24 +00:00
py-ldap Update to version 2.0.10, released 2005-09-23 2005-09-23 11:59:02 +00:00
py-mysql fix dependencies 2005-11-17 19:07:12 +00:00
py-psycopg Overhaul and update to 1.1.21 2006-01-28 11:18:52 +00:00
py-sqlite drop maintainership of these, I don't have time to give them enought attention 2005-04-29 00:02:05 +00:00
py-sqlite2 py-sqlite2-2.0.4 (bugfix release) 2005-09-19 02:10:46 +00:00
py-sybase use the gettext module instead of WANTLIB=intl 2005-06-10 17:07:43 +00:00
qdbm Update to qdbm-1.8.44. 2006-01-25 16:03:35 +00:00
sqlite zap MODGNU_SHARED_LIBS 2006-01-11 12:19:43 +00:00
sqlite3 zap MODGNU_SHARED_LIBS 2006-01-11 12:19:43 +00:00
sqsh move post-patch to pre-configure (fixes make update-patches); ok sturm@ 2006-02-05 15:08:43 +00:00
xmysql remove margarida@ from the maintainer position after a generous timeout 2005-02-07 19:01:47 +00:00
xmysqladmin SIZE 2005-01-05 16:22:24 +00:00
Makefile sort SUBDIR list; ok sturm@ 2006-02-12 16:24:50 +00:00