[Buildroot] [PATCH] postgresql: security bump to version 9.4.5

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
@ 2015-10-08 18:59 Gustavo Zacarias
  2015-10-09 12:18 ` Vicente Olivert Riera
  2015-10-09 13:24 ` Thomas Petazzoni
  0 siblings, 2 replies; 4+ messages in thread
From: Gustavo Zacarias @ 2015-10-08 18:59 UTC (permalink / raw)
  To: buildroot

Fixes:

CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.

CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.

sparc build fix patch upstream so drop it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/postgresql/0002-fix-sparc-compile.patch | 38 -------------------------
 package/postgresql/postgresql.hash              |  4 +--
 package/postgresql/postgresql.mk                |  2 +-
 3 files changed, 3 insertions(+), 41 deletions(-)
 delete mode 100644 package/postgresql/0002-fix-sparc-compile.patch

diff --git a/package/postgresql/0002-fix-sparc-compile.patch b/package/postgresql/0002-fix-sparc-compile.patch
deleted file mode 100644
index 9eec23a..0000000
--- a/package/postgresql/0002-fix-sparc-compile.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-The gcc predefines for Linux are __sparc_v8__/__sparc_v7__
-
-Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
-
-diff -Nur postgresql-9.4.4.orig/src/include/storage/s_lock.h postgresql-9.4.4/src/include/storage/s_lock.h
---- postgresql-9.4.4.orig/src/include/storage/s_lock.h	2015-06-09 21:29:38.000000000 +0200
-+++ postgresql-9.4.4/src/include/storage/s_lock.h	2015-08-09 19:57:06.000000000 +0200
-@@ -420,12 +420,12 @@
- :		"=r"(_res), "+m"(*lock)
- :		"r"(lock)
- :		"memory");
--#if defined(__sparcv7)
-+#if defined(__sparcv7) || defined(__sparc_v7__)
- 	/*
- 	 * No stbar or membar available, luckily no actually produced hardware
- 	 * requires a barrier.
- 	 */
--#elif defined(__sparcv8)
-+#elif defined(__sparcv8) || defined(__sparc_v8__)
- 	/* stbar is available (and required for both PSO, RMO), membar isn't */
- 	__asm__ __volatile__ ("stbar	 \n":::"memory");
- #else
-@@ -438,13 +438,13 @@
- 	return (int) _res;
- }
- 
--#if defined(__sparcv7)
-+#if defined(__sparcv7) || defined(__sparc_v7__)
- /*
-  * No stbar or membar available, luckily no actually produced hardware
-  * requires a barrier.
-  */
- #define S_UNLOCK(lock)		(*((volatile slock_t *) (lock)) = 0)
--#elif defined(__sparcv8)
-+#elif defined(__sparcv8) || defined(__sparc_v8__)
- /* stbar is available (and required for both PSO, RMO), membar isn't */
- #define S_UNLOCK(lock)	\
- do \
diff --git a/package/postgresql/postgresql.hash b/package/postgresql/postgresql.hash
index 5f415af..97bb56d 100644
--- a/package/postgresql/postgresql.hash
+++ b/package/postgresql/postgresql.hash
@@ -1,2 +1,2 @@
-# From https://ftp.postgresql.org/pub/source/v9.4.4/postgresql-9.4.4.tar.bz2.sha256
-sha256	538ed99688d6fdbec6fd166d1779cf4588bf2f16c52304e5ef29f904c43b0013  postgresql-9.4.4.tar.bz2
+# From https://ftp.postgresql.org/pub/source/v9.4.5/postgresql-9.4.5.tar.bz2.sha256
+sha256	b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39  postgresql-9.4.5.tar.bz2
diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
index e710e92..a42fe73 100644
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-POSTGRESQL_VERSION = 9.4.4
+POSTGRESQL_VERSION = 9.4.5
 POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
 POSTGRESQL_SITE = http://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
 POSTGRESQL_LICENSE = PostgreSQL
-- 
2.4.9

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
  2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
@ 2015-10-09 12:18 ` Vicente Olivert Riera
  2015-10-09 12:24   ` Vicente Olivert Riera
  2015-10-09 13:24 ` Thomas Petazzoni
  1 sibling, 1 reply; 4+ messages in thread
From: Vicente Olivert Riera @ 2015-10-09 12:18 UTC (permalink / raw)
  To: buildroot

Dear Gustavo Zacarias,

On 10/08/2015 07:59 PM, Gustavo Zacarias wrote:
> Fixes:
> 
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
> 
> CVE-2015-5288: The crypt() function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
> 
> sparc build fix patch upstream so drop it.
> 
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>


$ grep ^POSTGRESQL_VERSION package/postgresql/postgresql.mk
POSTGRESQL_VERSION = 9.4.5

$ file output/target/usr/bin/postgres
output/target/usr/bin/postgres: ELF 32-bit MSB executable, MIPS, MIPS32
rel2 version 1 (SYSV), dynamically linked (uses shared libs), for
GNU/Linux 2.6.32, with unknown capability 0x41000000 = 0xf676e75, with
unknown capability 0x10000 = 0x70401, stripped

Regards,

Vincent.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
  2015-10-09 12:18 ` Vicente Olivert Riera
@ 2015-10-09 12:24   ` Vicente Olivert Riera
  0 siblings, 0 replies; 4+ messages in thread
From: Vicente Olivert Riera @ 2015-10-09 12:24 UTC (permalink / raw)
  To: buildroot

Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] postgresql: security bump to version 9.4.5
  2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
  2015-10-09 12:18 ` Vicente Olivert Riera
@ 2015-10-09 13:24 ` Thomas Petazzoni
  1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2015-10-09 13:24 UTC (permalink / raw)
  To: buildroot

Dear Gustavo Zacarias,

On Thu,  8 Oct 2015 15:59:12 -0300, Gustavo Zacarias wrote:
> Fixes:
> 
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
> 
> CVE-2015-5288: The crypt() function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
> 
> sparc build fix patch upstream so drop it.
> 
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
>  package/postgresql/0002-fix-sparc-compile.patch | 38 -------------------------
>  package/postgresql/postgresql.hash              |  4 +--
>  package/postgresql/postgresql.mk                |  2 +-
>  3 files changed, 3 insertions(+), 41 deletions(-)
>  delete mode 100644 package/postgresql/0002-fix-sparc-compile.patch

Applied, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-10-09 13:24 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-08 18:59 [Buildroot] [PATCH] postgresql: security bump to version 9.4.5 Gustavo Zacarias
2015-10-09 12:18 ` Vicente Olivert Riera
2015-10-09 12:24   ` Vicente Olivert Riera
2015-10-09 13:24 ` Thomas Petazzoni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox