aboutsummaryrefslogtreecommitdiffstats
path: root/databases/postgresql92-server
diff options
context:
space:
mode:
authorgirgen <girgen@FreeBSD.org>2005-02-19 20:07:46 +0800
committergirgen <girgen@FreeBSD.org>2005-02-19 20:07:46 +0800
commite5be677d7b9b6c5a146137055967bdc08dd96c29 (patch)
treeb4a2a085733d64ca8848e4915ed1daa102c9c1e8 /databases/postgresql92-server
parentd170805bd4936fea920f860c077afb7b6de64ca9 (diff)
downloadfreebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.tar.gz
freebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.tar.zst
freebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.zip
Fix security alert using a patch from PostgreSQL's CVS repository:
Prevent overrunning a heap-allocated buffer if more than 1024 parameters to a refcursor declaration are specified. This is a minimally-invasive fix for the buffer overrun. Define LATEST_LINK to avoid package name clashes between the different branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to branch 7.4, keep its LATEST_LINK to a generic value.) Set UNIQUENAME and let it be the same for server & client, so each branch's ports will share the same options file. This adds some no-op knobs to the -client port, but IMO it is better this way. Add space inside paranthesis in OSVERSION conditional to work around (ancient) make bug. [2] Remove the Rendez-Vouz knob for 8.0 since I can't find the software needed to even compile it on FreeBSD. Bump portrevision (for -server only). Noted by: kris [1] PR: ports/77530 [2] Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html Approved by: seanc (mentor)
Diffstat (limited to 'databases/postgresql92-server')
-rw-r--r--databases/postgresql92-server/Makefile24
-rw-r--r--databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y80
2 files changed, 89 insertions, 15 deletions
diff --git a/databases/postgresql92-server/Makefile b/databases/postgresql92-server/Makefile
index 4ffa1b1bbb28..4505f524c045 100644
--- a/databases/postgresql92-server/Makefile
+++ b/databases/postgresql92-server/Makefile
@@ -8,7 +8,7 @@
PORTNAME?= postgresql
PKGNAMESUFFIX?= -server
PORTVERSION?= 8.0.1
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES?= databases
MASTER_SITES= ${MASTER_SITE_PGSQL}
MASTER_SITE_SUBDIR= source/v${PORTVERSION}
@@ -24,6 +24,9 @@ CONFLICTS?= ${PORTNAME}-client-7.[0-9]* \
WRKSRC= ${WRKDIR}/postgresql-${PORTVERSION}
DIST_SUBDIR= postgresql
+UNIQUENAME?= ${PORTNAME}80
+LATEST_LINK?= ${PKGNAMEPREFIX}${UNIQUENAME}${PKGNAMESUFFIX}
+
PKGINSTALL?= ${PKGDIR}/pkg-install${PKGNAMESUFFIX}
USE_BZIP2= YES
USE_GMAKE= YES
@@ -74,27 +77,18 @@ BROKEN= "Coredump during build on alpha 4.x"
.if !defined(SLAVE_ONLY)
# gnugetopt will always be used if already installed
-. if (${OSVERSION} < 500041) && !exists(${LOCALBASE}/include/getopt.h)
+. if ( ${OSVERSION} < 500041 ) && !exists(${LOCALBASE}/include/getopt.h)
OPTIONS+= GNUGETOPT "Use GNU getopt" on
. endif
-. if defined(SERVER_ONLY)
-OPTIONS+= PAM "Build with PAM support" off
-OPTIONS+= RENDEZVOUZ "Add support for Apple's Rendez-Vouz" off
-. endif
+OPTIONS+= PAM "Build with PAM support (server only)" off
OPTIONS+= MIT_KRB5 "Build with MIT's kerberos support" off
-OPTIONS+= HEIMDAL_KRB5 "Builds with Heimdal's kerberos support" off
+OPTIONS+= HEIMDAL_KRB5 "Builds with Heimdal kerberos support" off
OPTIONS+= OPTIMIZED_CFLAGS "Builds with compiler optimizations (-O3)" off
-. if defined(SERVER_ONLY)
-OPTIONS+= LIBC_R "Link with libc_r, needed by plpython" off
+OPTIONS+= LIBC_R "Link w/ libc_r, used by plpython (server)" off
# to run regression tests:
-OPTIONS+= TESTS "Allows the use of a \"check\" target" off
-. endif
+OPTIONS+= TESTS "Allows the use of a \"check\" target (server)" off
OPTIONS+= DEBUG "Builds with debugging symbols" off
-.if defined(SERVER_ONLY) && defined(WITH_RENDEZVOUS)
-CONFIGURE_ARGS+=--with-rendezvous
-.endif
-
. if defined(SERVER_ONLY) && defined(WITH_PAM)
CONFIGURE_ARGS+=--with-pam
. endif
diff --git a/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y b/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y
new file mode 100644
index 000000000000..672745ce2760
--- /dev/null
+++ b/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y
@@ -0,0 +1,80 @@
+--- src/pl/plpgsql/src/gram.y 2005/01/21 00:17:02 1.64.4.1 REL8_0_1
++++ src/pl/plpgsql/src/gram.y 2005/02/08 18:21:59 1.64.4.3 REL8_0_STABLE
+@@ -4,7 +4,7 @@
+ * procedural language
+ *
+ * IDENTIFICATION
+- * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.1 2005/01/21 00:17:02 neilc Exp $
++ * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.2 2005/02/07 03:52:22 neilc Exp $
+ *
+ * This software is copyrighted by Jan Wieck - Hamburg.
+ *
+@@ -1766,8 +1766,19 @@ read_sql_construct(int until,
+ errmsg("missing \"%s\" at end of SQL statement",
+ expected)));
+ }
++
+ if (plpgsql_SpaceScanned)
+ plpgsql_dstring_append(&ds, " ");
++
++ /* Check for array overflow */
++ if (nparams >= 1024)
++ {
++ plpgsql_error_lineno = lno;
++ ereport(ERROR,
++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++ errmsg("too many variables specified in SQL statement")));
++ }
++
+ switch (tok)
+ {
+ case T_SCALAR:
+@@ -1940,6 +1951,15 @@ make_select_stmt(void)
+
+ while ((tok = yylex()) == ',')
+ {
++ /* Check for array overflow */
++ if (nfields >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ ereport(ERROR,
++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++ errmsg("too many INTO variables specified")));
++ }
++
+ tok = yylex();
+ switch(tok)
+ {
+@@ -1990,6 +2010,16 @@ make_select_stmt(void)
+
+ if (plpgsql_SpaceScanned)
+ plpgsql_dstring_append(&ds, " ");
++
++ /* Check for array overflow */
++ if (nparams >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ ereport(ERROR,
++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++ errmsg("too many variables specified in SQL statement")));
++ }
++
+ switch (tok)
+ {
+ case T_SCALAR:
+@@ -2085,6 +2115,15 @@ make_fetch_stmt(void)
+
+ while ((tok = yylex()) == ',')
+ {
++ /* Check for array overflow */
++ if (nfields >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ ereport(ERROR,
++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++ errmsg("too many INTO variables specified")));
++ }
++
+ tok = yylex();
+ switch(tok)
+ {