misc/144863: databases/postgresql84-server needs to be updated to
8.4.3
Alexander
alp at rsu.ru
Thu Mar 18 19:50:02 UTC 2010
>Number: 144863
>Category: misc
>Synopsis: databases/postgresql84-server needs to be updated to 8.4.3
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 18 19:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Alexander
>Release: 8.0
>Organization:
Pyhalov
>Environment:
>Description:
Serious security vulnerability was found in Postgres 8.4.2 (CVE-2010-0442). Usual user may crash server process, and in that way disconnect all current session from server. (Sample incorrectly processed query may be found here - https://bugzilla.redhat.com/show_bug.cgi?id=559259 ).
Postgres should be updated to 8.4.3
>How-To-Repeat:
Execute
select substring(B'10101010101010101010101010101010101010101010101',33,-15);
in one session. Other will be disconnected.
>Fix:
Update to postgresql-8.4.3.
Patch attached with submission follows:
diff -ur postgresql84-server.old/Makefile postgresql84-server/Makefile
--- postgresql84-server.old/Makefile 2010-02-03 15:09:08.000000000 +0000
+++ postgresql84-server/Makefile 2010-03-18 19:04:23.429439357 +0000
@@ -6,7 +6,7 @@
#
PORTNAME?= postgresql
-DISTVERSION?= 8.4.2
+DISTVERSION?= 8.4.3
PORTREVISION?= 1
CATEGORIES?= databases
MASTER_SITES= ${MASTER_SITE_PGSQL}
diff -ur postgresql84-server.old/distinfo postgresql84-server/distinfo
--- postgresql84-server.old/distinfo 2010-02-03 15:09:08.000000000 +0000
+++ postgresql84-server/distinfo 2010-03-18 19:04:23.428428636 +0000
@@ -1,6 +1,6 @@
-MD5 (postgresql/postgresql-8.4.2.tar.bz2) = d738227e2f1f742d2f2d4ab56496c5c6
-SHA256 (postgresql/postgresql-8.4.2.tar.bz2) = adb3c5c90396195d76e986f835c2bd0e0dad438f91f4dc2b62048caf6d9869f2
-SIZE (postgresql/postgresql-8.4.2.tar.bz2) = 13600699
+MD5 (postgresql/postgresql-8.4.3.tar.bz2) = 7f70e7b140fb190f268837255582b07e
+SHA256 (postgresql/postgresql-8.4.3.tar.bz2) = 050c3e8324b453715e819456638fc1561351b33c8011b7cb63db98bbc2061564
+SIZE (postgresql/postgresql-8.4.3.tar.bz2) = 13645257
SHA256 (postgresql/pg-840-icu-2009-09-15.diff.gz) = c09d3b59340a3bb6ea754e985739d4fbb47f730d1e48a357c5585825034fc72e
MD5 (postgresql/pg-840-icu-2009-09-15.diff.gz) = 2b81134b462e01623bc9387fe4de7136
SIZE (postgresql/pg-840-icu-2009-09-15.diff.gz) = 4321
diff -ur postgresql84-server.old/pkg-plist-server postgresql84-server/pkg-plist-server
--- postgresql84-server.old/pkg-plist-server 2009-12-17 16:07:11.000000000 +0000
+++ postgresql84-server/pkg-plist-server 2010-03-18 19:04:23.429439357 +0000
@@ -252,6 +252,7 @@
%%TZDATA%%share/postgresql/timezone/America/Manaus
%%TZDATA%%share/postgresql/timezone/America/Marigot
%%TZDATA%%share/postgresql/timezone/America/Martinique
+%%TZDATA%%share/postgresql/timezone/America/Matamoros
%%TZDATA%%share/postgresql/timezone/America/Mazatlan
%%TZDATA%%share/postgresql/timezone/America/Mendoza
%%TZDATA%%share/postgresql/timezone/America/Menominee
@@ -270,6 +271,7 @@
%%TZDATA%%share/postgresql/timezone/America/Noronha
%%TZDATA%%share/postgresql/timezone/America/North_Dakota/Center
%%TZDATA%%share/postgresql/timezone/America/North_Dakota/New_Salem
+%%TZDATA%%share/postgresql/timezone/America/Ojinaga
%%TZDATA%%share/postgresql/timezone/America/Panama
%%TZDATA%%share/postgresql/timezone/America/Pangnirtung
%%TZDATA%%share/postgresql/timezone/America/Paramaribo
@@ -286,6 +288,7 @@
%%TZDATA%%share/postgresql/timezone/America/Resolute
%%TZDATA%%share/postgresql/timezone/America/Rio_Branco
%%TZDATA%%share/postgresql/timezone/America/Rosario
+%%TZDATA%%share/postgresql/timezone/America/Santa_Isabel
%%TZDATA%%share/postgresql/timezone/America/Santarem
%%TZDATA%%share/postgresql/timezone/America/Santiago
%%TZDATA%%share/postgresql/timezone/America/Santo_Domingo
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list