Fixes the following security issue:
CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
... REFERENCING
For more details, see the advisory:
https://www.postgresql.org/about/news/1905/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_PACKAGE_POSTGRESQL option depends on BR2_USE_MMU, so the
Config.in comment about the dynamic library dependency should only be
displayed if the BR2_USE_MMU requirement is met.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9fec3eb913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Add a hash for the license file.
- PostgreSQL 10.0 and above will default to checking for /dev/urandom if an
SSL library is not found, which will fail when cross compiling.
Since /dev/urandom is guaranteed to be provided on Linux systems,
add ac_cv_file__dev_urandom=yes to the configure environment if a SSL library
is not selected.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: minor tweaks to the /dev/urandom comment in the .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-12172: Start scripts permit database administrator to modify
root-owned files.
CVE-2017-15098: Memory disclosure in JSON functions.
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT
privileges.
See the announcement for more details:
https://www.postgresql.org/about/news/1801/
While we're at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Just needed to add --with-ldap to POSTGRESQL_CONF_OPTS and add openldap
to POSTGRESQL_DEPENDENCIES when BR2_PACKAGE_OPENLDAP is on
Signed-off-by: Chris Frederick <cdf123@cdf123.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-5423 - CASE/WHEN with inlining can cause untrusted pointer
dereference (bsc#993454).
CVE-2016-5424 - Fix client programs' handling of special characters in
database and role names (bsc#993453).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-0766 - privilege escalation issue for users of PL/Java.
CVE-2016-0773 - issue with regular expression (regex) parsing. Prior
code allowed users to pass in expressions which included out-of-range
Unicode characters, triggering a backend crash. This issue is critical
for PostgreSQL systems with untrusted users or which generate regexes
based on user input.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
sparc build fix patch upstream so drop it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'ZIC=$$(ZIC)' assignment is seen as 'ZIC=$(ZIC)' by the shell, that
interprets that as command substitution causing an error like:
/bin/sh: ZIC: command not found
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adds "-w" option to init script to wait till the database server
has fully started and accepts connections before continuing.
Prevents other applications that depend on PostgreSQL from
failing to start, if the database server is not ready yet.
Times out after 60 seconds by default.
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- overwrite platform support with linux template
- disable spinlock support
[Thomas: use the --with-template=linux option unconditionally.]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Assist configure IPv6 support detection for uclibc,
fixes the following uclibc compile failure:
auth.c: In function ‘CheckRADIUSAuth’:
auth.c:2379:24: error: ‘in6addr_any’ undeclared (first use in this function)
localaddr.sin6_addr = in6addr_any;
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Build with uclibc and locale support failes with the following error
message:
regc_pg_locale.c: In function ‘pg_wc_isdigit’:
regc_pg_locale.c:312:6: error: dereferencing pointer to incomplete type
isdigit_l((unsigned char) c, pg_regex_locale));
This can be fixed by overwriting the HAVE_LOCALE_T detection (thanks
to Alex Potapenko <opotapenko@gmail.com> for the hint [1]).
[1] http://lists.busybox.net/pipermail/buildroot/2015-March/121088.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
