subject:"\[Update \/ security\] PostgreSQL 9.6.4"

Re: [Update / security] PostgreSQL 9.6.4

2017-08-14 Thread Pierre-Emmanuel André

On Fri, Aug 11, 2017 at 10:26:34AM +0200, Pierre-Emmanuel André wrote:
> Hi,
> 
> A new version of PostgreSQL is available. It fixes 3 CVE:
> 
> CVE-2017-7546: Empty password accepted in some authentication methods
> CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to 
> users lacking server privileges
> CVE-2017-7548: lo_put() function ignores ACLs
> 
> 
> Tested on @amd64.
> 
> Comments, ok ?
> 
> Regards,


And the diffs for 6.1 and 6.0.
Comments, ok ?

Regards,
Index: Makefile
===
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.223.2.1
diff -u -p -u -p -r1.223.2.1 Makefile
--- Makefile	25 May 2017 11:34:21 -	1.223.2.1
+++ Makefile	14 Aug 2017 12:00:31 -
@@ -7,7 +7,7 @@ COMMENT-contrib=PostgreSQL RDBMS contrib
 COMMENT-plpython=Python procedural language for PostgreSQL
 COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
 
-VERSION=	9.6.3
+VERSION=	9.6.4
 PREV_MAJOR=	9.5
 DISTNAME=	postgresql-${VERSION}
 PKGNAME-main=	postgresql-client-${VERSION}
Index: distinfo
===
RCS file: /cvs/ports/databases/postgresql/distinfo,v
retrieving revision 1.65.2.1
diff -u -p -u -p -r1.65.2.1 distinfo
--- distinfo	25 May 2017 11:34:21 -	1.65.2.1
+++ distinfo	14 Aug 2017 12:00:31 -
@@ -1,2 +1,2 @@
-SHA256 (postgresql-9.6.3.tar.gz) = 3wiDciMLHdIdh7uBaGRxUI9MQglNT08ytdjmhv6mn6Y=
-SIZE (postgresql-9.6.3.tar.gz) = 25536998
+SHA256 (postgresql-9.6.4.tar.gz) = rlx+IgvUvaTF9rD6lgG0+c1XvvhLEAI2HhmSMUgLz9A=
+SIZE (postgresql-9.6.4.tar.gz) = 25636545
Index: pkg/PLIST-docs
===
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
retrieving revision 1.77.2.1
diff -u -p -u -p -r1.77.2.1 PLIST-docs
--- pkg/PLIST-docs	25 May 2017 11:34:21 -	1.77.2.1
+++ pkg/PLIST-docs	14 Aug 2017 12:00:31 -
@@ -903,6 +903,7 @@ share/doc/postgresql/html/release-9-2-19
 share/doc/postgresql/html/release-9-2-2.html
 share/doc/postgresql/html/release-9-2-20.html
 share/doc/postgresql/html/release-9-2-21.html
+share/doc/postgresql/html/release-9-2-22.html
 share/doc/postgresql/html/release-9-2-3.html
 share/doc/postgresql/html/release-9-2-4.html
 share/doc/postgresql/html/release-9-2-5.html
@@ -920,6 +921,7 @@ share/doc/postgresql/html/release-9-3-14
 share/doc/postgresql/html/release-9-3-15.html
 share/doc/postgresql/html/release-9-3-16.html
 share/doc/postgresql/html/release-9-3-17.html
+share/doc/postgresql/html/release-9-3-18.html
 share/doc/postgresql/html/release-9-3-2.html
 share/doc/postgresql/html/release-9-3-3.html
 share/doc/postgresql/html/release-9-3-4.html
@@ -933,6 +935,7 @@ share/doc/postgresql/html/release-9-4-1.
 share/doc/postgresql/html/release-9-4-10.html
 share/doc/postgresql/html/release-9-4-11.html
 share/doc/postgresql/html/release-9-4-12.html
+share/doc/postgresql/html/release-9-4-13.html
 share/doc/postgresql/html/release-9-4-2.html
 share/doc/postgresql/html/release-9-4-3.html
 share/doc/postgresql/html/release-9-4-4.html
@@ -949,10 +952,12 @@ share/doc/postgresql/html/release-9-5-4.
 share/doc/postgresql/html/release-9-5-5.html
 share/doc/postgresql/html/release-9-5-6.html
 share/doc/postgresql/html/release-9-5-7.html
+share/doc/postgresql/html/release-9-5-8.html
 share/doc/postgresql/html/release-9-5.html
 share/doc/postgresql/html/release-9-6-1.html
 share/doc/postgresql/html/release-9-6-2.html
 share/doc/postgresql/html/release-9-6-3.html
+share/doc/postgresql/html/release-9-6-4.html
 share/doc/postgresql/html/release-9-6.html
 share/doc/postgresql/html/release.html
 share/doc/postgresql/html/replication-origins.html
Index: Makefile
===
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.215.2.3
diff -u -p -u -p -r1.215.2.3 Makefile
--- Makefile	6 Apr 2017 03:49:40 -	1.215.2.3
+++ Makefile	14 Aug 2017 12:55:47 -
@@ -11,7 +11,7 @@ BROKEN-sparc=	Requires v9|v9a|v9b; reque
 # DO NOT FORGET to also change the @ask-update entry in pkg/PLIST-server
 # in case a dump before / restore after pkg_add -u is required!
 
-VERSION=	9.5.6
+VERSION=	9.5.8
 DISTNAME=	postgresql-${VERSION}
 PKGNAME-main=	postgresql-client-${VERSION}
 PKGNAME-server=	postgresql-server-${VERSION}
Index: distinfo
===
RCS file: /cvs/ports/databases/postgresql/distinfo,v
retrieving revision 1.62.2.3
diff -u -p -u -p -r1.62.2.3 distinfo
--- distinfo	6 Apr 2017 03:49:40 -	1.62.2.3
+++ distinfo	14 Aug 2017 12:55:47 -
@@ -1,2 +1,2 @@
-SHA256 (postgresql-9.5.6.tar.gz) = qorJ8S/iVqOhnogP2FUbN/e2npwu6jVSQTNeOmG9vjc=
-SIZE (postgresql-9.5.6.tar.gz) = 24264195
+SHA256 (postgresql-9.5.8.tar.gz) = d8tRGnwbWUZOzyqZXFCARDsNKQdRQtw/g/olB2pqPoA=
+SIZE (postgresql-9.5.8.tar.gz) = 24376560
Index: pkg/PLIST-docs

[Update / security] PostgreSQL 9.6.4

2017-08-11 Thread Pierre-Emmanuel André

Hi,

A new version of PostgreSQL is available. It fixes 3 CVE:

CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users 
lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs


Tested on @amd64.

Comments, ok ?

Regards,
Index: Makefile
===
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.227
diff -u -p -u -p -r1.227 Makefile
--- Makefile	13 Jun 2017 12:59:47 -	1.227
+++ Makefile	11 Aug 2017 08:23:10 -
@@ -7,7 +7,7 @@ COMMENT-contrib=PostgreSQL RDBMS contrib
 COMMENT-plpython=Python procedural language for PostgreSQL
 COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
 
-VERSION=	9.6.3
+VERSION=	9.6.4
 PREV_MAJOR=	9.5
 DISTNAME=	postgresql-${VERSION}
 PKGNAME-main=	postgresql-client-${VERSION}
@@ -16,10 +16,6 @@ PKGNAME-docs=	postgresql-docs-${VERSION}
 PKGNAME-contrib=postgresql-contrib-${VERSION}
 PKGNAME-plpython=postgresql-plpython-${VERSION}
 PKGNAME-pg_upgrade=postgresql-pg_upgrade-${VERSION}
-REVISION-main=	0
-REVISION-server= 1
-REVISION-contrib= 0
-REVISION-pg_upgrade= 0
 
 CATEGORIES=	databases
 SHARED_LIBS=	ecpg		7.8 \
Index: distinfo
===
RCS file: /cvs/ports/databases/postgresql/distinfo,v
retrieving revision 1.66
diff -u -p -u -p -r1.66 distinfo
--- distinfo	17 May 2017 07:34:19 -	1.66
+++ distinfo	11 Aug 2017 08:23:10 -
@@ -1,2 +1,2 @@
-SHA256 (postgresql-9.6.3.tar.gz) = 3wiDciMLHdIdh7uBaGRxUI9MQglNT08ytdjmhv6mn6Y=
-SIZE (postgresql-9.6.3.tar.gz) = 25536998
+SHA256 (postgresql-9.6.4.tar.gz) = rlx+IgvUvaTF9rD6lgG0+c1XvvhLEAI2HhmSMUgLz9A=
+SIZE (postgresql-9.6.4.tar.gz) = 25636545
Index: patches/patch-src_pl_plperl_GNUmakefile
===
RCS file: /cvs/ports/databases/postgresql/patches/patch-src_pl_plperl_GNUmakefile,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-src_pl_plperl_GNUmakefile
--- patches/patch-src_pl_plperl_GNUmakefile	11 May 2017 13:44:15 -	1.1
+++ patches/patch-src_pl_plperl_GNUmakefile	11 Aug 2017 08:23:10 -
@@ -3,12 +3,12 @@ $OpenBSD: patch-src_pl_plperl_GNUmakefil
 Index: src/pl/plperl/GNUmakefile
 --- src/pl/plperl/GNUmakefile.orig
 +++ src/pl/plperl/GNUmakefile
-@@ -12,7 +12,7 @@ override CPPFLAGS += -DPLPERL_HAVE_UID_GID
- override CPPFLAGS += -Wno-comment
- endif
- 
--override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) -I$(perl_archlibexp)/CORE
-+override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) -I$(perl_archlibexp)/CORE -DNO_LOCALE_NUMERIC -DNO_LOCALE_COLLATE -DBIG_TIME
+@@ -16,7 +16,7 @@ endif
+ # probably because it sometimes contains some header files with names
+ # that clash with some of ours, or with some that we include, notably on
+ # Windows.
+-override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) $(perl_embed_ccflags) -I$(perl_archlibexp)/CORE
++override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) $(perl_embed_ccflags) -I$(perl_archlibexp)/CORE -DNO_LOCALE_NUMERIC -DNO_LOCALE_COLLATE -DBIG_TIME
  
  rpathdir = $(perl_archlibexp)/CORE
  
Index: pkg/PLIST-docs
===
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
retrieving revision 1.78
diff -u -p -u -p -r1.78 PLIST-docs
--- pkg/PLIST-docs	17 May 2017 07:34:19 -	1.78
+++ pkg/PLIST-docs	11 Aug 2017 08:23:10 -
@@ -903,6 +903,7 @@ share/doc/postgresql/html/release-9-2-19
 share/doc/postgresql/html/release-9-2-2.html
 share/doc/postgresql/html/release-9-2-20.html
 share/doc/postgresql/html/release-9-2-21.html
+share/doc/postgresql/html/release-9-2-22.html
 share/doc/postgresql/html/release-9-2-3.html
 share/doc/postgresql/html/release-9-2-4.html
 share/doc/postgresql/html/release-9-2-5.html
@@ -920,6 +921,7 @@ share/doc/postgresql/html/release-9-3-14
 share/doc/postgresql/html/release-9-3-15.html
 share/doc/postgresql/html/release-9-3-16.html
 share/doc/postgresql/html/release-9-3-17.html
+share/doc/postgresql/html/release-9-3-18.html
 share/doc/postgresql/html/release-9-3-2.html
 share/doc/postgresql/html/release-9-3-3.html
 share/doc/postgresql/html/release-9-3-4.html
@@ -933,6 +935,7 @@ share/doc/postgresql/html/release-9-4-1.
 share/doc/postgresql/html/release-9-4-10.html
 share/doc/postgresql/html/release-9-4-11.html
 share/doc/postgresql/html/release-9-4-12.html
+share/doc/postgresql/html/release-9-4-13.html
 share/doc/postgresql/html/release-9-4-2.html
 share/doc/postgresql/html/release-9-4-3.html
 share/doc/postgresql/html/release-9-4-4.html
@@ -949,10 +952,12 @@ share/doc/postgresql/html/release-9-5-4.
 share/doc/postgresql/html/release-9-5-5.html
 share/doc/postgresql/html/release-9-5-6.html
 share/doc/postgresql/html/release-9-5-7.html
+share/doc/postgresql/html/release-9-5-8.html
 share/doc/postgresql/html/release-9-5.html

Re: [Update / security] PostgreSQL 9.6.4

[Update / security] PostgreSQL 9.6.4

2 matches

Site Navigation

Mail list logo

Footer information