From owner-cvs-all Wed Jan 9 12:49: 7 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B368937B41D; Wed, 9 Jan 2002 12:49:02 -0800 (PST) Received: (from mi@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g09Kn2501366; Wed, 9 Jan 2002 12:49:02 -0800 (PST) (envelope-from mi) Message-Id: <200201092049.g09Kn2501366@freefall.freebsd.org> From: Mikhail Teterin Date: Wed, 9 Jan 2002 12:49:02 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/pam-pgsql Makefile ports/security/pam-pgsql/files Makefile.bsd pqescape.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG mi 2002/01/09 12:49:02 PST Modified files: security/pam-pgsql Makefile security/pam-pgsql/files Makefile.bsd Added files: security/pam-pgsql/files pqescape.c Log: Close the security hole by making it escape all of the untrusted input before passing it to the SQL server. The code in the added pqescape.c is going to be in the next PostgreSQL release, but it is not there yet and this port will use its own private copy for now. No REVISION bump since the port was forbidden ever since the last upgrade. Submitter reviewed my tweaks of his patch and approved them authorizing (as one of the SOs) the removal of the FORBIDDEN flag. Submitted by: nectar Reviewed by: nectar Approved by: nectar Obtained from: http://CERT.uni-stuttgart.de/doc/postgresql/escape/ Revision Changes Path 1.8 +1 -3 ports/security/pam-pgsql/Makefile 1.6 +4 -1 ports/security/pam-pgsql/files/Makefile.bsd 1.1 +66 -0 ports/security/pam-pgsql/files/pqescape.c (new) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message