OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Oct-2004 21:42:09
Branch: OPENPKG_2_1_SOLID Handle: 2004102820420701
Modified files: (Branch: OPENPKG_2_1_SOLID)
openpkg-src/postgresql postgresql.patch postgresql.spec
Log:
fix security bugs
Summary:
Revision Changes Path
1.1.8.1 +86 -0 openpkg-src/postgresql/postgresql.patch
1.97.2.3 +1 -1 openpkg-src/postgresql/postgresql.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/postgresql/postgresql.patch
============================================================================
$ cvs diff -u -r1.1 -r1.1.8.1 postgresql.patch
--- openpkg-src/postgresql/postgresql.patch 1 Jul 2003 15:36:59 -0000 1.1
+++ openpkg-src/postgresql/postgresql.patch 28 Oct 2004 19:42:07 -0000 1.1.8.1
@@ -45,3 +45,89 @@
${RANLIB} [EMAIL PROTECTED]
@rm -f $@
$(LD) -x -Bshareable -Bforcearchive \
+
+-----------------------------------------------------------------------------
+
+Security Fixes:
+
+o Avoid using temp files in /tmp in make_oidjoins_check This has been
+ reported as a security issue, though it's hardly worthy of concern since
+ there is no reason for non-developers to use this script anyway.
+o Disallow running pg_ctl as root This is to guard against any possible
+ security issues.
+
+Index: contrib/findoidjoins/make_oidjoins_check
+--- contrib/findoidjoins/make_oidjoins_check 2002-09-05 21:57:32 +0200
++++ contrib/findoidjoins/make_oidjoins_check 2004-10-21 19:12:19 +0200
+@@ -10,27 +10,32 @@
+ # Caution: you may need to use GNU awk.
+ AWK=${AWK:-awk}
+
+-trap "rm -f /tmp/$$ /tmp/$$a /tmp/$$b" 0 1 2 3 15
++INPUTFILE="tmp$$a"
++DUPSFILE="tmp$$b"
++NONDUPSFILE="tmp$$c"
++rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE
++
++trap "rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE" 0 1 2 3 15
+
+ # Read input
+-cat "$@" >/tmp/$$
++cat "$@" >$INPUTFILE
+
+ # Look for fields with multiple references.
+-cat /tmp/$$ | cut -d' ' -f2 | sort | uniq -d >/tmp/$$a
+-if [ -s /tmp/$$a ] ; then
++cat $INPUTFILE | cut -d' ' -f2 | sort | uniq -d >$DUPSFILE
++if [ -s $DUPSFILE ] ; then
+ echo "Ignoring these fields that link to multiple tables:" 1>&2
+- cat /tmp/$$a 1>&2
++ cat $DUPSFILE 1>&2
+ fi
+
+ # Get the non-multiply-referenced fields.
+-cat /tmp/$$ | while read LINE
++cat $INPUTFILE | while read LINE
+ do
+ set -- $LINE
+- grep "^$2\$" /tmp/$$a >/dev/null 2>&1 || echo $LINE
+-done >/tmp/$$b
++ grep "^$2\$" $DUPSFILE >/dev/null 2>&1 || echo $LINE
++done >$NONDUPSFILE
+
+ # Generate the output.
+-cat /tmp/$$b |
++cat $NONDUPSFILE |
+ $AWK -F'[ \.]' '\
+ BEGIN \
+ {
+Index: src/bin/pg_ctl/pg_ctl.sh
+--- src/bin/pg_ctl/pg_ctl.sh 2003-08-14 20:56:41 +0200
++++ src/bin/pg_ctl/pg_ctl.sh 2004-10-22 02:24:27 +0200
+@@ -111,6 +111,14 @@
+
+ po_path="$PGPATH/postmaster"
+
++if [ `$PGPATH/pg_id -u` -eq 0 ]
++then
++ echo "$CMDNAME: cannot be run as root" 1>&2
++ echo "Please log in (using, e.g., \"su\") as the (unprivileged) user that
will" 1>&2
++ echo "own the server process." 1>&2
++ exit 1
++fi
++
+ wait=
+ wait_seconds=60
+ logfile=
+@@ -238,6 +246,11 @@
+ wait=no
+ fi
+
++# Prevent duplicate of -D flags on each restart
++if [ "$op" = "restart" ];then
++ PGDATAOPTS=""
++fi
++
+ DEFPOSTOPTS=$PGDATA/postmaster.opts.default
+ POSTOPTSFILE=$PGDATA/postmaster.opts
+ PIDFILE=$PGDATA/postmaster.pid
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/postgresql/postgresql.spec
============================================================================
$ cvs diff -u -r1.97.2.2 -r1.97.2.3 postgresql.spec
--- openpkg-src/postgresql/postgresql.spec 3 Jul 2004 07:07:11 -0000
1.97.2.2
+++ openpkg-src/postgresql/postgresql.spec 28 Oct 2004 19:42:08 -0000
1.97.2.3
@@ -41,7 +41,7 @@
Group: Database
License: GPL
Version: %{V_postgresql}
-Release: 2.1.0
+Release: 2.1.1
# package options
%option with_server yes
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
