Re: [Update / security] PostgreSQL 9.6.4
On Fri, Aug 11, 2017 at 10:26:34AM +0200, Pierre-Emmanuel André wrote: > Hi, > > A new version of PostgreSQL is available. It fixes 3 CVE: > > CVE-2017-7546: Empty password accepted in some authentication methods > CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to > users lacking server privileges > CVE-2017-7548: lo_put() function ignores ACLs > > > Tested on @amd64. > > Comments, ok ? > > Regards, And the diffs for 6.1 and 6.0. Comments, ok ? Regards, Index: Makefile === RCS file: /cvs/ports/databases/postgresql/Makefile,v retrieving revision 1.223.2.1 diff -u -p -u -p -r1.223.2.1 Makefile --- Makefile 25 May 2017 11:34:21 - 1.223.2.1 +++ Makefile 14 Aug 2017 12:00:31 - @@ -7,7 +7,7 @@ COMMENT-contrib=PostgreSQL RDBMS contrib COMMENT-plpython=Python procedural language for PostgreSQL COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version -VERSION= 9.6.3 +VERSION= 9.6.4 PREV_MAJOR= 9.5 DISTNAME= postgresql-${VERSION} PKGNAME-main= postgresql-client-${VERSION} Index: distinfo === RCS file: /cvs/ports/databases/postgresql/distinfo,v retrieving revision 1.65.2.1 diff -u -p -u -p -r1.65.2.1 distinfo --- distinfo 25 May 2017 11:34:21 - 1.65.2.1 +++ distinfo 14 Aug 2017 12:00:31 - @@ -1,2 +1,2 @@ -SHA256 (postgresql-9.6.3.tar.gz) = 3wiDciMLHdIdh7uBaGRxUI9MQglNT08ytdjmhv6mn6Y= -SIZE (postgresql-9.6.3.tar.gz) = 25536998 +SHA256 (postgresql-9.6.4.tar.gz) = rlx+IgvUvaTF9rD6lgG0+c1XvvhLEAI2HhmSMUgLz9A= +SIZE (postgresql-9.6.4.tar.gz) = 25636545 Index: pkg/PLIST-docs === RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v retrieving revision 1.77.2.1 diff -u -p -u -p -r1.77.2.1 PLIST-docs --- pkg/PLIST-docs 25 May 2017 11:34:21 - 1.77.2.1 +++ pkg/PLIST-docs 14 Aug 2017 12:00:31 - @@ -903,6 +903,7 @@ share/doc/postgresql/html/release-9-2-19 share/doc/postgresql/html/release-9-2-2.html share/doc/postgresql/html/release-9-2-20.html share/doc/postgresql/html/release-9-2-21.html +share/doc/postgresql/html/release-9-2-22.html share/doc/postgresql/html/release-9-2-3.html share/doc/postgresql/html/release-9-2-4.html share/doc/postgresql/html/release-9-2-5.html @@ -920,6 +921,7 @@ share/doc/postgresql/html/release-9-3-14 share/doc/postgresql/html/release-9-3-15.html share/doc/postgresql/html/release-9-3-16.html share/doc/postgresql/html/release-9-3-17.html +share/doc/postgresql/html/release-9-3-18.html share/doc/postgresql/html/release-9-3-2.html share/doc/postgresql/html/release-9-3-3.html share/doc/postgresql/html/release-9-3-4.html @@ -933,6 +935,7 @@ share/doc/postgresql/html/release-9-4-1. share/doc/postgresql/html/release-9-4-10.html share/doc/postgresql/html/release-9-4-11.html share/doc/postgresql/html/release-9-4-12.html +share/doc/postgresql/html/release-9-4-13.html share/doc/postgresql/html/release-9-4-2.html share/doc/postgresql/html/release-9-4-3.html share/doc/postgresql/html/release-9-4-4.html @@ -949,10 +952,12 @@ share/doc/postgresql/html/release-9-5-4. share/doc/postgresql/html/release-9-5-5.html share/doc/postgresql/html/release-9-5-6.html share/doc/postgresql/html/release-9-5-7.html +share/doc/postgresql/html/release-9-5-8.html share/doc/postgresql/html/release-9-5.html share/doc/postgresql/html/release-9-6-1.html share/doc/postgresql/html/release-9-6-2.html share/doc/postgresql/html/release-9-6-3.html +share/doc/postgresql/html/release-9-6-4.html share/doc/postgresql/html/release-9-6.html share/doc/postgresql/html/release.html share/doc/postgresql/html/replication-origins.html Index: Makefile === RCS file: /cvs/ports/databases/postgresql/Makefile,v retrieving revision 1.215.2.3 diff -u -p -u -p -r1.215.2.3 Makefile --- Makefile 6 Apr 2017 03:49:40 - 1.215.2.3 +++ Makefile 14 Aug 2017 12:55:47 - @@ -11,7 +11,7 @@ BROKEN-sparc= Requires v9|v9a|v9b; reque # DO NOT FORGET to also change the @ask-update entry in pkg/PLIST-server # in case a dump before / restore after pkg_add -u is required! -VERSION= 9.5.6 +VERSION= 9.5.8 DISTNAME= postgresql-${VERSION} PKGNAME-main= postgresql-client-${VERSION} PKGNAME-server= postgresql-server-${VERSION} Index: distinfo === RCS file: /cvs/ports/databases/postgresql/distinfo,v retrieving revision 1.62.2.3 diff -u -p -u -p -r1.62.2.3 distinfo --- distinfo 6 Apr 2017 03:49:40 - 1.62.2.3 +++ distinfo 14 Aug 2017 12:55:47 - @@ -1,2 +1,2 @@ -SHA256 (postgresql-9.5.6.tar.gz) = qorJ8S/iVqOhnogP2FUbN/e2npwu6jVSQTNeOmG9vjc= -SIZE (postgresql-9.5.6.tar.gz) = 24264195 +SHA256 (postgresql-9.5.8.tar.gz) = d8tRGnwbWUZOzyqZXFCARDsNKQdRQtw/g/olB2pqPoA= +SIZE (postgresql-9.5.8.tar.gz) = 24376560 Index: pkg/PLIST-docs
[Update / security] PostgreSQL 9.6.4
Hi, A new version of PostgreSQL is available. It fixes 3 CVE: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put() function ignores ACLs Tested on @amd64. Comments, ok ? Regards, Index: Makefile === RCS file: /cvs/ports/databases/postgresql/Makefile,v retrieving revision 1.227 diff -u -p -u -p -r1.227 Makefile --- Makefile 13 Jun 2017 12:59:47 - 1.227 +++ Makefile 11 Aug 2017 08:23:10 - @@ -7,7 +7,7 @@ COMMENT-contrib=PostgreSQL RDBMS contrib COMMENT-plpython=Python procedural language for PostgreSQL COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version -VERSION= 9.6.3 +VERSION= 9.6.4 PREV_MAJOR= 9.5 DISTNAME= postgresql-${VERSION} PKGNAME-main= postgresql-client-${VERSION} @@ -16,10 +16,6 @@ PKGNAME-docs= postgresql-docs-${VERSION} PKGNAME-contrib=postgresql-contrib-${VERSION} PKGNAME-plpython=postgresql-plpython-${VERSION} PKGNAME-pg_upgrade=postgresql-pg_upgrade-${VERSION} -REVISION-main= 0 -REVISION-server= 1 -REVISION-contrib= 0 -REVISION-pg_upgrade= 0 CATEGORIES= databases SHARED_LIBS= ecpg 7.8 \ Index: distinfo === RCS file: /cvs/ports/databases/postgresql/distinfo,v retrieving revision 1.66 diff -u -p -u -p -r1.66 distinfo --- distinfo 17 May 2017 07:34:19 - 1.66 +++ distinfo 11 Aug 2017 08:23:10 - @@ -1,2 +1,2 @@ -SHA256 (postgresql-9.6.3.tar.gz) = 3wiDciMLHdIdh7uBaGRxUI9MQglNT08ytdjmhv6mn6Y= -SIZE (postgresql-9.6.3.tar.gz) = 25536998 +SHA256 (postgresql-9.6.4.tar.gz) = rlx+IgvUvaTF9rD6lgG0+c1XvvhLEAI2HhmSMUgLz9A= +SIZE (postgresql-9.6.4.tar.gz) = 25636545 Index: patches/patch-src_pl_plperl_GNUmakefile === RCS file: /cvs/ports/databases/postgresql/patches/patch-src_pl_plperl_GNUmakefile,v retrieving revision 1.1 diff -u -p -u -p -r1.1 patch-src_pl_plperl_GNUmakefile --- patches/patch-src_pl_plperl_GNUmakefile 11 May 2017 13:44:15 - 1.1 +++ patches/patch-src_pl_plperl_GNUmakefile 11 Aug 2017 08:23:10 - @@ -3,12 +3,12 @@ $OpenBSD: patch-src_pl_plperl_GNUmakefil Index: src/pl/plperl/GNUmakefile --- src/pl/plperl/GNUmakefile.orig +++ src/pl/plperl/GNUmakefile -@@ -12,7 +12,7 @@ override CPPFLAGS += -DPLPERL_HAVE_UID_GID - override CPPFLAGS += -Wno-comment - endif - --override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) -I$(perl_archlibexp)/CORE -+override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) -I$(perl_archlibexp)/CORE -DNO_LOCALE_NUMERIC -DNO_LOCALE_COLLATE -DBIG_TIME +@@ -16,7 +16,7 @@ endif + # probably because it sometimes contains some header files with names + # that clash with some of ours, or with some that we include, notably on + # Windows. +-override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) $(perl_embed_ccflags) -I$(perl_archlibexp)/CORE ++override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) $(perl_embed_ccflags) -I$(perl_archlibexp)/CORE -DNO_LOCALE_NUMERIC -DNO_LOCALE_COLLATE -DBIG_TIME rpathdir = $(perl_archlibexp)/CORE Index: pkg/PLIST-docs === RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v retrieving revision 1.78 diff -u -p -u -p -r1.78 PLIST-docs --- pkg/PLIST-docs 17 May 2017 07:34:19 - 1.78 +++ pkg/PLIST-docs 11 Aug 2017 08:23:10 - @@ -903,6 +903,7 @@ share/doc/postgresql/html/release-9-2-19 share/doc/postgresql/html/release-9-2-2.html share/doc/postgresql/html/release-9-2-20.html share/doc/postgresql/html/release-9-2-21.html +share/doc/postgresql/html/release-9-2-22.html share/doc/postgresql/html/release-9-2-3.html share/doc/postgresql/html/release-9-2-4.html share/doc/postgresql/html/release-9-2-5.html @@ -920,6 +921,7 @@ share/doc/postgresql/html/release-9-3-14 share/doc/postgresql/html/release-9-3-15.html share/doc/postgresql/html/release-9-3-16.html share/doc/postgresql/html/release-9-3-17.html +share/doc/postgresql/html/release-9-3-18.html share/doc/postgresql/html/release-9-3-2.html share/doc/postgresql/html/release-9-3-3.html share/doc/postgresql/html/release-9-3-4.html @@ -933,6 +935,7 @@ share/doc/postgresql/html/release-9-4-1. share/doc/postgresql/html/release-9-4-10.html share/doc/postgresql/html/release-9-4-11.html share/doc/postgresql/html/release-9-4-12.html +share/doc/postgresql/html/release-9-4-13.html share/doc/postgresql/html/release-9-4-2.html share/doc/postgresql/html/release-9-4-3.html share/doc/postgresql/html/release-9-4-4.html @@ -949,10 +952,12 @@ share/doc/postgresql/html/release-9-5-4. share/doc/postgresql/html/release-9-5-5.html share/doc/postgresql/html/release-9-5-6.html share/doc/postgresql/html/release-9-5-7.html +share/doc/postgresql/html/release-9-5-8.html share/doc/postgresql/html/release-9-5.html