Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Mar 2010 19:40:15 GMT
From:      Alexander <alp@rsu.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/144863: databases/postgresql84-server needs to be updated to 8.4.3
Message-ID:  <201003181940.o2IJeFn4067906@www.freebsd.org>
Resent-Message-ID: <201003181950.o2IJo2Mt086916@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         144863
>Category:       misc
>Synopsis:       databases/postgresql84-server needs to be updated to 8.4.3
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 18 19:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Alexander
>Release:        8.0
>Organization:
Pyhalov
>Environment:
>Description:
Serious security vulnerability was found in Postgres 8.4.2 (CVE-2010-0442). Usual user may crash server process, and in that way disconnect all current session from server. (Sample incorrectly processed query may be found here - https://bugzilla.redhat.com/show_bug.cgi?id=559259 ). 
Postgres should be updated to 8.4.3
>How-To-Repeat:
Execute
select substring(B'10101010101010101010101010101010101010101010101',33,-15);    
in one session. Other will be disconnected.
>Fix:
Update to postgresql-8.4.3.

Patch attached with submission follows:

diff -ur postgresql84-server.old/Makefile postgresql84-server/Makefile
--- postgresql84-server.old/Makefile	2010-02-03 15:09:08.000000000 +0000
+++ postgresql84-server/Makefile	2010-03-18 19:04:23.429439357 +0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME?=	postgresql
-DISTVERSION?=	8.4.2
+DISTVERSION?=	8.4.3
 PORTREVISION?=	1
 CATEGORIES?=	databases
 MASTER_SITES=	${MASTER_SITE_PGSQL}
diff -ur postgresql84-server.old/distinfo postgresql84-server/distinfo
--- postgresql84-server.old/distinfo	2010-02-03 15:09:08.000000000 +0000
+++ postgresql84-server/distinfo	2010-03-18 19:04:23.428428636 +0000
@@ -1,6 +1,6 @@
-MD5 (postgresql/postgresql-8.4.2.tar.bz2) = d738227e2f1f742d2f2d4ab56496c5c6
-SHA256 (postgresql/postgresql-8.4.2.tar.bz2) = adb3c5c90396195d76e986f835c2bd0e0dad438f91f4dc2b62048caf6d9869f2
-SIZE (postgresql/postgresql-8.4.2.tar.bz2) = 13600699
+MD5 (postgresql/postgresql-8.4.3.tar.bz2) = 7f70e7b140fb190f268837255582b07e
+SHA256 (postgresql/postgresql-8.4.3.tar.bz2) = 050c3e8324b453715e819456638fc1561351b33c8011b7cb63db98bbc2061564
+SIZE (postgresql/postgresql-8.4.3.tar.bz2) = 13645257
 SHA256 (postgresql/pg-840-icu-2009-09-15.diff.gz) = c09d3b59340a3bb6ea754e985739d4fbb47f730d1e48a357c5585825034fc72e
 MD5 (postgresql/pg-840-icu-2009-09-15.diff.gz) = 2b81134b462e01623bc9387fe4de7136
 SIZE (postgresql/pg-840-icu-2009-09-15.diff.gz) = 4321
diff -ur postgresql84-server.old/pkg-plist-server postgresql84-server/pkg-plist-server
--- postgresql84-server.old/pkg-plist-server	2009-12-17 16:07:11.000000000 +0000
+++ postgresql84-server/pkg-plist-server	2010-03-18 19:04:23.429439357 +0000
@@ -252,6 +252,7 @@
 %%TZDATA%%share/postgresql/timezone/America/Manaus
 %%TZDATA%%share/postgresql/timezone/America/Marigot
 %%TZDATA%%share/postgresql/timezone/America/Martinique
+%%TZDATA%%share/postgresql/timezone/America/Matamoros
 %%TZDATA%%share/postgresql/timezone/America/Mazatlan
 %%TZDATA%%share/postgresql/timezone/America/Mendoza
 %%TZDATA%%share/postgresql/timezone/America/Menominee
@@ -270,6 +271,7 @@
 %%TZDATA%%share/postgresql/timezone/America/Noronha
 %%TZDATA%%share/postgresql/timezone/America/North_Dakota/Center
 %%TZDATA%%share/postgresql/timezone/America/North_Dakota/New_Salem
+%%TZDATA%%share/postgresql/timezone/America/Ojinaga
 %%TZDATA%%share/postgresql/timezone/America/Panama
 %%TZDATA%%share/postgresql/timezone/America/Pangnirtung
 %%TZDATA%%share/postgresql/timezone/America/Paramaribo
@@ -286,6 +288,7 @@
 %%TZDATA%%share/postgresql/timezone/America/Resolute
 %%TZDATA%%share/postgresql/timezone/America/Rio_Branco
 %%TZDATA%%share/postgresql/timezone/America/Rosario
+%%TZDATA%%share/postgresql/timezone/America/Santa_Isabel
 %%TZDATA%%share/postgresql/timezone/America/Santarem
 %%TZDATA%%share/postgresql/timezone/America/Santiago
 %%TZDATA%%share/postgresql/timezone/America/Santo_Domingo


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003181940.o2IJeFn4067906>