kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

2018-03-01 Security Update Release

Browse source 
The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.

The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.

We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.

After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.

Security:	CVE-2018-1058
This commit is contained in:
Palle Girgensohn 2018-03-01 15:10:17 +00:00
parent 272c5dad80
commit 70184a53b3
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=463327
16 changed files with 41 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
databases/postgresql10-server/Makefile
View file

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME?= postgresql
DISTVERSION?= 10.2
DISTVERSION?= 10.3
PORTREVISION?= 0
CATEGORIES?= databases
MASTER_SITES= PGSQL/source/v${DISTVERSION}

6
databases/postgresql10-server/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1518110073
SHA256 (postgresql/postgresql-10.2.tar.bz2) = fe32009b62ddb97f7f014307ce9d0edb6972f5a698e63cb531088e147d145bad
SIZE (postgresql/postgresql-10.2.tar.bz2) = 19901836
TIMESTAMP = 1519720433
SHA256 (postgresql/postgresql-10.3.tar.bz2) = 6ea268780ee35e88c65cdb0af7955ad90b7d0ef34573867f223f14e43467931a
SIZE (postgresql/postgresql-10.3.tar.bz2) = 19959653

3
databases/postgresql10-server/pkg-plist-client
View file

@ -309,6 +309,7 @@ include/postgresql/server/executor/tablefunc.h
include/postgresql/server/executor/tqueue.h
include/postgresql/server/executor/tstoreReceiver.h
include/postgresql/server/executor/tuptable.h
include/postgresql/server/fe_utils/connect.h
include/postgresql/server/fe_utils/mbprint.h
include/postgresql/server/fe_utils/print.h
include/postgresql/server/fe_utils/psqlscan.h
@ -1048,6 +1049,7 @@ man/man7/WITH.7.gz
%%NLS%%share/locale/ja/LC_MESSAGES/pg_config-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_dump-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pgscripts-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/psql-10.mo
%%NLS%%share/locale/ko/LC_MESSAGES/ecpg-10.mo
%%NLS%%share/locale/ko/LC_MESSAGES/ecpglib6-10.mo
%%NLS%%share/locale/ko/LC_MESSAGES/libpq5-10.mo
@ -1091,6 +1093,7 @@ man/man7/WITH.7.gz
%%NLS%%share/locale/tr/LC_MESSAGES/libpq5-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_config-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_dump-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pgscripts-10.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/ecpg-10.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/ecpglib6-10.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/libpq5-10.mo

14
databases/postgresql10-server/pkg-plist-server
View file

@ -87,6 +87,7 @@ lib/libpgcommon.a
%%NLS%%share/locale/es/LC_MESSAGES/pg_rewind-10.mo
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-10.mo
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-10.mo
%%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-10.mo
%%NLS%%share/locale/es/LC_MESSAGES/plpgsql-10.mo
%%NLS%%share/locale/es/LC_MESSAGES/postgres-10.mo
%%NLS%%share/locale/fr/LC_MESSAGES/initdb-10.mo
@ -113,10 +114,16 @@ lib/libpgcommon.a
%%NLS%%share/locale/it/LC_MESSAGES/plpgsql-10.mo
%%NLS%%share/locale/it/LC_MESSAGES/postgres-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/initdb-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_archivecleanup-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_basebackup-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_controldata-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_ctl-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_resetwal-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_rewind-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_test_fsync-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_test_timing-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_upgrade-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/pg_waldump-10.mo
%%NLS%%share/locale/ja/LC_MESSAGES/plpgsql-10.mo
%%NLS%%share/locale/ko/LC_MESSAGES/initdb-10.mo
%%NLS%%share/locale/ko/LC_MESSAGES/pg_archivecleanup-10.mo
@ -175,11 +182,18 @@ lib/libpgcommon.a
%%NLS%%share/locale/sv/LC_MESSAGES/pg_waldump-10.mo
%%NLS%%share/locale/sv/LC_MESSAGES/plpgsql-10.mo
%%NLS%%share/locale/sv/LC_MESSAGES/postgres-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/initdb-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_archivecleanup-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_basebackup-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_controldata-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_ctl-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_resetwal-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_rewind-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_test_fsync-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_test_timing-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_upgrade-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/pg_waldump-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/plpgsql-10.mo
%%NLS%%share/locale/tr/LC_MESSAGES/postgres-10.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-10.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-10.mo

2
databases/postgresql93-server/Makefile
View file

@ -1,7 +1,7 @@
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
# $FreeBSD$
DISTVERSION?= 9.3.21
DISTVERSION?= 9.3.22
PORTREVISION= 0
PKGNAMESUFFIX?= ${DISTVERSION:R:S/.//}${COMPONENT}

6
databases/postgresql93-server/distinfo
View file

@ -1,5 +1,5 @@
TIMESTAMP = 1517868536
SHA256 (postgresql/postgresql-9.3.21.tar.bz2) = b9babc5148188a410e023d7178a5678e989ec2e276498de6cd0028bc331a40e0
SIZE (postgresql/postgresql-9.3.21.tar.bz2) = 17014472
TIMESTAMP = 1519745501
SHA256 (postgresql/postgresql-9.3.22.tar.bz2) = 1b18ed4aa59bab6283a0d8f3a00b9d896f4588bb2ba88ceef2816cb5c4cce91a
SIZE (postgresql/postgresql-9.3.22.tar.bz2) = 17022938
SHA256 (postgresql/pg-9314-icu-2016-08-10.diff.gz) = 4be31ad9899d5caf9f57ad7ebfc0d14f0fcf58ad539c82fb353b016fb76c0c30
SIZE (postgresql/pg-9314-icu-2016-08-10.diff.gz) = 5583

1
databases/postgresql93-server/pkg-plist-client
View file

@ -238,6 +238,7 @@ include/postgresql/server/executor/spi.h
include/postgresql/server/executor/spi_priv.h
include/postgresql/server/executor/tstoreReceiver.h
include/postgresql/server/executor/tuptable.h
include/postgresql/server/fe_utils/connect.h
include/postgresql/server/fmgr.h
include/postgresql/server/foreign/fdwapi.h
include/postgresql/server/foreign/foreign.h

2
databases/postgresql94-server/Makefile
View file

@ -1,7 +1,7 @@
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
# $FreeBSD$
DISTVERSION?= 9.4.16
DISTVERSION?= 9.4.17
PORTREVISION= 0
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}

6
databases/postgresql94-server/distinfo
View file

@ -1,5 +1,5 @@
TIMESTAMP = 1517868536
SHA256 (postgresql/postgresql-9.4.16.tar.bz2) = dcbc62b621e4d8a445c2f33750f7d96257c38103cccebeb934e6913a3c135e81
SIZE (postgresql/postgresql-9.4.16.tar.bz2) = 17778763
TIMESTAMP = 1519745501
SHA256 (postgresql/postgresql-9.4.17.tar.bz2) = 7a320cd335052b840d209dc9688f09965763351c590e3cc7bf577591179fd7c6
SIZE (postgresql/postgresql-9.4.17.tar.bz2) = 17807762
SHA256 (postgresql/pg-949-icu-2016-10-02.diff.gz) = 34612e685a79874db04bc6b66c700bfc6412042840c532eef0da7832d1f70d43
SIZE (postgresql/pg-949-icu-2016-10-02.diff.gz) = 5289

1
databases/postgresql94-server/pkg-plist-client
View file

@ -241,6 +241,7 @@ include/postgresql/server/executor/spi.h
include/postgresql/server/executor/spi_priv.h
include/postgresql/server/executor/tstoreReceiver.h
include/postgresql/server/executor/tuptable.h
include/postgresql/server/fe_utils/connect.h
include/postgresql/server/fmgr.h
include/postgresql/server/foreign/fdwapi.h
include/postgresql/server/foreign/foreign.h

2
databases/postgresql95-server/Makefile
View file

@ -1,7 +1,7 @@
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
# $FreeBSD$
DISTVERSION?= 9.5.11
DISTVERSION?= 9.5.12
PORTREVISION= 0
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}

6
databases/postgresql95-server/distinfo
View file

@ -1,5 +1,5 @@
TIMESTAMP = 1517868536
SHA256 (postgresql/postgresql-9.5.11.tar.bz2) = 8182cd74e27a75ae39166b2603b5014f4272855b4101b40819761b853a77c8dd
SIZE (postgresql/postgresql-9.5.11.tar.bz2) = 18572811
TIMESTAMP = 1519745501
SHA256 (postgresql/postgresql-9.5.12.tar.bz2) = 02e86f5c66467731bbec18fde96e0daf38c13c9141d8e7d41be663ab6fa6f698
SIZE (postgresql/postgresql-9.5.12.tar.bz2) = 18589538
SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365
SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952

1
databases/postgresql95-server/pkg-plist-client
View file

@ -266,6 +266,7 @@ include/postgresql/server/executor/spi.h
include/postgresql/server/executor/spi_priv.h
include/postgresql/server/executor/tstoreReceiver.h
include/postgresql/server/executor/tuptable.h
include/postgresql/server/fe_utils/connect.h
include/postgresql/server/fmgr.h
include/postgresql/server/foreign/fdwapi.h
include/postgresql/server/foreign/foreign.h

2
databases/postgresql96-server/Makefile
View file

@ -1,7 +1,7 @@
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
# $FreeBSD$
DISTVERSION?= 9.6.7
DISTVERSION?= 9.6.8
PORTREVISION?= 0
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}

6
databases/postgresql96-server/distinfo
View file

@ -1,5 +1,5 @@
TIMESTAMP = 1517868545
SHA256 (postgresql/postgresql-9.6.7.tar.bz2) = 2ebe3df3c1d1eab78023bdc3ffa55a154aa84300416b075ef996598d78a624c6
SIZE (postgresql/postgresql-9.6.7.tar.bz2) = 19504886
TIMESTAMP = 1519720435
SHA256 (postgresql/postgresql-9.6.8.tar.bz2) = eafdb3b912e9ec34bdd28b651d00226a6253ba65036cb9a41cad2d9e82e3eb70
SIZE (postgresql/postgresql-9.6.8.tar.bz2) = 19528927
SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e
SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998

1
databases/postgresql96-server/pkg-plist-client
View file

@ -279,6 +279,7 @@ include/postgresql/server/executor/spi_priv.h
include/postgresql/server/executor/tqueue.h
include/postgresql/server/executor/tstoreReceiver.h
include/postgresql/server/executor/tuptable.h
include/postgresql/server/fe_utils/connect.h
include/postgresql/server/fe_utils/mbprint.h
include/postgresql/server/fe_utils/print.h
include/postgresql/server/fe_utils/psqlscan.h