* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
@ 2015-10-08 18:59 Gustavo Zacarias
2015-10-09 12:18 ` Vicente Olivert Riera
2015-10-09 13:24 ` Thomas Petazzoni
0 siblings, 2 replies; 4+ messages in thread
From: Gustavo Zacarias @ 2015-10-08 18:59 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
sparc build fix patch upstream so drop it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/postgresql/0002-fix-sparc-compile.patch | 38 -------------------------
package/postgresql/postgresql.hash | 4 +--
package/postgresql/postgresql.mk | 2 +-
3 files changed, 3 insertions(+), 41 deletions(-)
delete mode 100644 package/postgresql/0002-fix-sparc-compile.patch
diff --git a/package/postgresql/0002-fix-sparc-compile.patch b/package/postgresql/0002-fix-sparc-compile.patch
deleted file mode 100644
index 9eec23a..0000000
--- a/package/postgresql/0002-fix-sparc-compile.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-The gcc predefines for Linux are __sparc_v8__/__sparc_v7__
-
-Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
-
-diff -Nur postgresql-9.4.4.orig/src/include/storage/s_lock.h postgresql-9.4.4/src/include/storage/s_lock.h
---- postgresql-9.4.4.orig/src/include/storage/s_lock.h 2015-06-09 21:29:38.000000000 +0200
-+++ postgresql-9.4.4/src/include/storage/s_lock.h 2015-08-09 19:57:06.000000000 +0200
-@@ -420,12 +420,12 @@
- : "=r"(_res), "+m"(*lock)
- : "r"(lock)
- : "memory");
--#if defined(__sparcv7)
-+#if defined(__sparcv7) || defined(__sparc_v7__)
- /*
- * No stbar or membar available, luckily no actually produced hardware
- * requires a barrier.
- */
--#elif defined(__sparcv8)
-+#elif defined(__sparcv8) || defined(__sparc_v8__)
- /* stbar is available (and required for both PSO, RMO), membar isn't */
- __asm__ __volatile__ ("stbar \n":::"memory");
- #else
-@@ -438,13 +438,13 @@
- return (int) _res;
- }
-
--#if defined(__sparcv7)
-+#if defined(__sparcv7) || defined(__sparc_v7__)
- /*
- * No stbar or membar available, luckily no actually produced hardware
- * requires a barrier.
- */
- #define S_UNLOCK(lock) (*((volatile slock_t *) (lock)) = 0)
--#elif defined(__sparcv8)
-+#elif defined(__sparcv8) || defined(__sparc_v8__)
- /* stbar is available (and required for both PSO, RMO), membar isn't */
- #define S_UNLOCK(lock) \
- do \
diff --git a/package/postgresql/postgresql.hash b/package/postgresql/postgresql.hash
index 5f415af..97bb56d 100644
--- a/package/postgresql/postgresql.hash
+++ b/package/postgresql/postgresql.hash
@@ -1,2 +1,2 @@
-# From https://ftp.postgresql.org/pub/source/v9.4.4/postgresql-9.4.4.tar.bz2.sha256
-sha256 538ed99688d6fdbec6fd166d1779cf4588bf2f16c52304e5ef29f904c43b0013 postgresql-9.4.4.tar.bz2
+# From https://ftp.postgresql.org/pub/source/v9.4.5/postgresql-9.4.5.tar.bz2.sha256
+sha256 b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39 postgresql-9.4.5.tar.bz2
diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
index e710e92..a42fe73 100644
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@@ -4,7 +4,7 @@
#
################################################################################
-POSTGRESQL_VERSION = 9.4.4
+POSTGRESQL_VERSION = 9.4.5
POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
POSTGRESQL_SITE = http://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
POSTGRESQL_LICENSE = PostgreSQL
--
2.4.9
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
@ 2015-10-09 12:18 ` Vicente Olivert Riera
2015-10-09 12:24 ` Vicente Olivert Riera
2015-10-09 13:24 ` Thomas Petazzoni
1 sibling, 1 reply; 4+ messages in thread
From: Vicente Olivert Riera @ 2015-10-09 12:18 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On 10/08/2015 07:59 PM, Gustavo Zacarias wrote:
> Fixes:
>
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
>
> CVE-2015-5288: The crypt() function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
>
> sparc build fix patch upstream so drop it.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
$ grep ^POSTGRESQL_VERSION package/postgresql/postgresql.mk
POSTGRESQL_VERSION = 9.4.5
$ file output/target/usr/bin/postgres
output/target/usr/bin/postgres: ELF 32-bit MSB executable, MIPS, MIPS32
rel2 version 1 (SYSV), dynamically linked (uses shared libs), for
GNU/Linux 2.6.32, with unknown capability 0x41000000 = 0xf676e75, with
unknown capability 0x10000 = 0x70401, stripped
Regards,
Vincent.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
2015-10-09 12:18 ` Vicente Olivert Riera
@ 2015-10-09 12:24 ` Vicente Olivert Riera
0 siblings, 0 replies; 4+ messages in thread
From: Vicente Olivert Riera @ 2015-10-09 12:24 UTC (permalink / raw)
To: buildroot
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
2015-10-09 12:18 ` Vicente Olivert Riera
@ 2015-10-09 13:24 ` Thomas Petazzoni
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2015-10-09 13:24 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Thu, 8 Oct 2015 15:59:12 -0300, Gustavo Zacarias wrote:
> Fixes:
>
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
>
> CVE-2015-5288: The crypt() function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
>
> sparc build fix patch upstream so drop it.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/postgresql/0002-fix-sparc-compile.patch | 38 -------------------------
> package/postgresql/postgresql.hash | 4 +--
> package/postgresql/postgresql.mk | 2 +-
> 3 files changed, 3 insertions(+), 41 deletions(-)
> delete mode 100644 package/postgresql/0002-fix-sparc-compile.patch
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-10-09 13:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
2015-10-09 12:18 ` Vicente Olivert Riera
2015-10-09 12:24 ` Vicente Olivert Riera
2015-10-09 13:24 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox