diff options
author | girgen <girgen@FreeBSD.org> | 2005-02-19 20:07:46 +0800 |
---|---|---|
committer | girgen <girgen@FreeBSD.org> | 2005-02-19 20:07:46 +0800 |
commit | e5be677d7b9b6c5a146137055967bdc08dd96c29 (patch) | |
tree | b4a2a085733d64ca8848e4915ed1daa102c9c1e8 /databases/postgresql92-server | |
parent | d170805bd4936fea920f860c077afb7b6de64ca9 (diff) | |
download | freebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.tar.gz freebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.tar.zst freebsd-ports-gnome-e5be677d7b9b6c5a146137055967bdc08dd96c29.zip |
Fix security alert using a patch from PostgreSQL's CVS repository:
Prevent overrunning a heap-allocated buffer if more than 1024
parameters to a refcursor declaration are specified. This is a
minimally-invasive fix for the buffer overrun.
Define LATEST_LINK to avoid package name clashes between the different
branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to
branch 7.4, keep its LATEST_LINK to a generic value.)
Set UNIQUENAME and let it be the same for server & client, so each
branch's ports will share the same options file. This adds some no-op
knobs to the -client port, but IMO it is better this way.
Add space inside paranthesis in OSVERSION conditional to work around
(ancient) make bug. [2]
Remove the Rendez-Vouz knob for 8.0 since I can't find the software
needed to even compile it on FreeBSD.
Bump portrevision (for -server only).
Noted by: kris [1]
PR: ports/77530 [2]
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (mentor)
Diffstat (limited to 'databases/postgresql92-server')
-rw-r--r-- | databases/postgresql92-server/Makefile | 24 | ||||
-rw-r--r-- | databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y | 80 |
2 files changed, 89 insertions, 15 deletions
diff --git a/databases/postgresql92-server/Makefile b/databases/postgresql92-server/Makefile index 4ffa1b1bbb28..4505f524c045 100644 --- a/databases/postgresql92-server/Makefile +++ b/databases/postgresql92-server/Makefile @@ -8,7 +8,7 @@ PORTNAME?= postgresql PKGNAMESUFFIX?= -server PORTVERSION?= 8.0.1 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= databases MASTER_SITES= ${MASTER_SITE_PGSQL} MASTER_SITE_SUBDIR= source/v${PORTVERSION} @@ -24,6 +24,9 @@ CONFLICTS?= ${PORTNAME}-client-7.[0-9]* \ WRKSRC= ${WRKDIR}/postgresql-${PORTVERSION} DIST_SUBDIR= postgresql +UNIQUENAME?= ${PORTNAME}80 +LATEST_LINK?= ${PKGNAMEPREFIX}${UNIQUENAME}${PKGNAMESUFFIX} + PKGINSTALL?= ${PKGDIR}/pkg-install${PKGNAMESUFFIX} USE_BZIP2= YES USE_GMAKE= YES @@ -74,27 +77,18 @@ BROKEN= "Coredump during build on alpha 4.x" .if !defined(SLAVE_ONLY) # gnugetopt will always be used if already installed -. if (${OSVERSION} < 500041) && !exists(${LOCALBASE}/include/getopt.h) +. if ( ${OSVERSION} < 500041 ) && !exists(${LOCALBASE}/include/getopt.h) OPTIONS+= GNUGETOPT "Use GNU getopt" on . endif -. if defined(SERVER_ONLY) -OPTIONS+= PAM "Build with PAM support" off -OPTIONS+= RENDEZVOUZ "Add support for Apple's Rendez-Vouz" off -. endif +OPTIONS+= PAM "Build with PAM support (server only)" off OPTIONS+= MIT_KRB5 "Build with MIT's kerberos support" off -OPTIONS+= HEIMDAL_KRB5 "Builds with Heimdal's kerberos support" off +OPTIONS+= HEIMDAL_KRB5 "Builds with Heimdal kerberos support" off OPTIONS+= OPTIMIZED_CFLAGS "Builds with compiler optimizations (-O3)" off -. if defined(SERVER_ONLY) -OPTIONS+= LIBC_R "Link with libc_r, needed by plpython" off +OPTIONS+= LIBC_R "Link w/ libc_r, used by plpython (server)" off # to run regression tests: -OPTIONS+= TESTS "Allows the use of a \"check\" target" off -. endif +OPTIONS+= TESTS "Allows the use of a \"check\" target (server)" off OPTIONS+= DEBUG "Builds with debugging symbols" off -.if defined(SERVER_ONLY) && defined(WITH_RENDEZVOUS) -CONFIGURE_ARGS+=--with-rendezvous -.endif - . if defined(SERVER_ONLY) && defined(WITH_PAM) CONFIGURE_ARGS+=--with-pam . endif diff --git a/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y b/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y new file mode 100644 index 000000000000..672745ce2760 --- /dev/null +++ b/databases/postgresql92-server/files/patch-src-pl-plpgsql-src-gram-y @@ -0,0 +1,80 @@ +--- src/pl/plpgsql/src/gram.y 2005/01/21 00:17:02 1.64.4.1 REL8_0_1 ++++ src/pl/plpgsql/src/gram.y 2005/02/08 18:21:59 1.64.4.3 REL8_0_STABLE +@@ -4,7 +4,7 @@ + * procedural language + * + * IDENTIFICATION +- * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.1 2005/01/21 00:17:02 neilc Exp $ ++ * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.2 2005/02/07 03:52:22 neilc Exp $ + * + * This software is copyrighted by Jan Wieck - Hamburg. + * +@@ -1766,8 +1766,19 @@ read_sql_construct(int until, + errmsg("missing \"%s\" at end of SQL statement", + expected))); + } ++ + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = lno; ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_SCALAR: +@@ -1940,6 +1951,15 @@ make_select_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = yylex(); + switch(tok) + { +@@ -1990,6 +2010,16 @@ make_select_stmt(void) + + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_SCALAR: +@@ -2085,6 +2115,15 @@ make_fetch_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = yylex(); + switch(tok) + { |