Lock down regression testing temporary clusters on Windows. Use SSPI authentication to allow connections exclusively from the OS user that launched the test suite. This closes on Windows the vulnerability that commit be76a6d39e2832d4b88c0e1cc381aa44a7f86881 closed on other platforms. Users of "make installcheck" or custom test harnesses can run "pg_regress --config-auth=DATADIR" to activate the same authentication configuration that "make check" would use. Back-patch to 9.0 (all supported versions).
Security: CVE-2014-0067 Branch ------ REL9_1_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/6aa98e957924ed3a82877186567f3593da4cf6e0 Modified Files -------------- contrib/dblink/Makefile | 3 +- contrib/dblink/expected/dblink.out | 2 - contrib/dblink/sql/dblink.sql | 2 - doc/src/sgml/regress.sgml | 13 --- src/test/regress/pg_regress.c | 175 ++++++++++++++++++++++++++++++++++++ 5 files changed, 177 insertions(+), 18 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
