The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
2013-04-04 23:08:25 +02:00
|
|
|
# $NetBSD: pgsql.buildlink3.mk,v 1.35 2013/04/04 21:08:25 adam Exp $
|
2006-10-18 22:48:58 +02:00
|
|
|
#
|
|
|
|
|
# User-settable variables:
|
|
|
|
|
#
|
|
|
|
|
# PGSQL_VERSION_DEFAULT
|
|
|
|
|
#
|
|
|
|
|
# Package-settable variables:
|
|
|
|
|
#
|
|
|
|
|
# PGSQL_VERSIONS_ACCEPTED
|
|
|
|
|
#
|
|
|
|
|
# Variables set by this file:
|
|
|
|
|
#
|
|
|
|
|
# PG_LIB_EXT
|
|
|
|
|
# PGSQL_TYPE
|
|
|
|
|
# PGPKGSRCDIR
|
2004-07-23 23:40:00 +02:00
|
|
|
|
|
|
|
|
.if !defined(PGVERSION_MK)
|
|
|
|
|
PGVERSION_MK= defined
|
|
|
|
|
|
2007-06-06 14:40:05 +02:00
|
|
|
_VARGROUPS+= pgsql
|
|
|
|
|
_USER_VARS.pgsql= PGSQL_VERSION_DEFAULT
|
|
|
|
|
_PKG_VARS.pgsql= PGSQL_VERSIONS_ACCEPTED
|
|
|
|
|
_SYS_VARS.pgsql= PG_LIB_EXT PGSQL_TYPE PGPKGSRCDIR
|
|
|
|
|
|
2004-07-23 23:40:00 +02:00
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
|
|
2012-08-02 05:53:19 +02:00
|
|
|
PGSQL_VERSION_DEFAULT?= 91
|
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
2013-04-04 23:08:25 +02:00
|
|
|
PGSQL_VERSIONS_ACCEPTED?= 92 91 90 84
|
2004-07-23 23:40:00 +02:00
|
|
|
|
|
|
|
|
# transform the list into individual variables
|
|
|
|
|
.for pv in ${PGSQL_VERSIONS_ACCEPTED}
|
|
|
|
|
_PGSQL_VERSION_${pv}_OK= yes
|
|
|
|
|
.endfor
|
|
|
|
|
|
2005-04-11 22:35:24 +02:00
|
|
|
.if ${_OPSYS_SHLIB_TYPE} == "dylib"
|
|
|
|
|
PG_LIB_EXT=dylib
|
|
|
|
|
.else
|
|
|
|
|
PG_LIB_EXT=so
|
|
|
|
|
.endif
|
|
|
|
|
|
2004-07-23 23:40:00 +02:00
|
|
|
# check what is installed
|
2005-04-11 22:35:24 +02:00
|
|
|
.if ${OPSYS} == "Darwin"
|
2012-10-05 23:09:02 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.6.4.dylib)
|
|
|
|
|
_PGSQL_VERSION_92_INSTALLED= yes
|
|
|
|
|
. endif
|
2011-09-15 10:35:40 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.6.3.dylib)
|
|
|
|
|
_PGSQL_VERSION_91_INSTALLED= yes
|
|
|
|
|
. endif
|
2011-05-08 21:29:02 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.6.2.dylib)
|
2010-09-21 09:56:11 +02:00
|
|
|
_PGSQL_VERSION_90_INSTALLED= yes
|
2011-05-08 21:29:02 +02:00
|
|
|
. endif
|
|
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.6.1.dylib)
|
2009-07-29 08:33:03 +02:00
|
|
|
_PGSQL_VERSION_84_INSTALLED= yes
|
2011-05-08 21:29:02 +02:00
|
|
|
. endif
|
2005-04-11 22:35:24 +02:00
|
|
|
.else
|
2012-10-05 23:09:02 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.so.6.4)
|
|
|
|
|
_PGSQL_VERSION_92_INSTALLED= yes
|
|
|
|
|
. endif
|
2011-09-15 10:35:40 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.so.6.3)
|
|
|
|
|
_PGSQL_VERSION_91_INSTALLED= yes
|
|
|
|
|
. endif
|
2011-05-08 21:29:02 +02:00
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.so.6.2)
|
2010-09-21 09:56:11 +02:00
|
|
|
_PGSQL_VERSION_90_INSTALLED= yes
|
2011-05-08 21:29:02 +02:00
|
|
|
. endif
|
|
|
|
|
. if exists(${LOCALBASE}/lib/libecpg.so.6.1)
|
2009-07-29 08:33:03 +02:00
|
|
|
_PGSQL_VERSION_84_INSTALLED= yes
|
2011-05-08 21:29:02 +02:00
|
|
|
. endif
|
2005-04-11 22:35:24 +02:00
|
|
|
.endif
|
2004-07-23 23:40:00 +02:00
|
|
|
|
|
|
|
|
# if a version is explicitely required, take it
|
|
|
|
|
.if defined(PGSQL_VERSION_REQD)
|
|
|
|
|
_PGSQL_VERSION= ${PGSQL_VERSION_REQD}
|
|
|
|
|
.endif
|
|
|
|
|
# if the default is already installed, it is first choice
|
|
|
|
|
.if !defined(_PGSQL_VERSION)
|
|
|
|
|
.if defined(_PGSQL_VERSION_${PGSQL_VERSION_DEFAULT}_OK)
|
|
|
|
|
.if defined(_PGSQL_VERSION_${PGSQL_VERSION_DEFAULT}_INSTALLED)
|
|
|
|
|
_PGSQL_VERSION= ${PGSQL_VERSION_DEFAULT}
|
|
|
|
|
.endif
|
|
|
|
|
.endif
|
|
|
|
|
.endif
|
|
|
|
|
# prefer an already installed version, in order of "accepted"
|
|
|
|
|
.if !defined(_PGSQL_VERSION)
|
|
|
|
|
.for pv in ${PGSQL_VERSIONS_ACCEPTED}
|
|
|
|
|
.if defined(_PGSQL_VERSION_${pv}_INSTALLED)
|
|
|
|
|
_PGSQL_VERSION?= ${pv}
|
|
|
|
|
.else
|
|
|
|
|
# keep information as last resort - see below
|
|
|
|
|
_PGSQL_VERSION_FIRSTACCEPTED?= ${pv}
|
|
|
|
|
.endif
|
|
|
|
|
.endfor
|
|
|
|
|
.endif
|
|
|
|
|
# if the default is OK for the addon pkg, take this
|
|
|
|
|
.if !defined(_PGSQL_VERSION)
|
|
|
|
|
.if defined(_PGSQL_VERSION_${PGSQL_VERSION_DEFAULT}_OK)
|
|
|
|
|
_PGSQL_VERSION= ${PGSQL_VERSION_DEFAULT}
|
|
|
|
|
.endif
|
|
|
|
|
.endif
|
|
|
|
|
# take the first one accepted by the package
|
|
|
|
|
.if !defined(_PGSQL_VERSION)
|
|
|
|
|
_PGSQL_VERSION= ${_PGSQL_VERSION_FIRSTACCEPTED}
|
|
|
|
|
.endif
|
|
|
|
|
|
|
|
|
|
# set variables for the version we decided to use:
|
2012-10-05 23:09:02 +02:00
|
|
|
.if ${_PGSQL_VERSION} == "92"
|
|
|
|
|
PGSQL_TYPE= postgresql92-client
|
|
|
|
|
PGPKGSRCDIR= ../../databases/postgresql92-client
|
|
|
|
|
.elif ${_PGSQL_VERSION} == "91"
|
2011-09-15 10:35:40 +02:00
|
|
|
PGSQL_TYPE= postgresql91-client
|
|
|
|
|
PGPKGSRCDIR= ../../databases/postgresql91-client
|
|
|
|
|
.elif ${_PGSQL_VERSION} == "90"
|
2010-09-21 09:56:11 +02:00
|
|
|
PGSQL_TYPE= postgresql90-client
|
|
|
|
|
PGPKGSRCDIR= ../../databases/postgresql90-client
|
|
|
|
|
.elif ${_PGSQL_VERSION} == "84"
|
2009-07-29 08:33:03 +02:00
|
|
|
PGSQL_TYPE= postgresql84-client
|
|
|
|
|
PGPKGSRCDIR= ../../databases/postgresql84-client
|
2004-07-23 23:40:00 +02:00
|
|
|
.else
|
|
|
|
|
# force an error
|
2005-03-17 22:44:58 +01:00
|
|
|
PGSQL_TYPE= none
|
2007-02-10 09:59:07 +01:00
|
|
|
PKG_FAIL_REASON+= "${_PGSQL_VERSION} is not a valid package"
|
2004-07-23 23:40:00 +02:00
|
|
|
.endif
|
|
|
|
|
|
2005-03-24 18:46:00 +01:00
|
|
|
.include "${PGPKGSRCDIR}/buildlink3.mk"
|
2005-03-17 22:44:58 +01:00
|
|
|
PGSQL_PREFIX= ${BUILDLINK_PREFIX.${PGSQL_TYPE}}
|
2004-07-23 23:40:00 +02:00
|
|
|
|
2005-05-24 12:01:25 +02:00
|
|
|
PGSQL_VERSION= ${_PGSQL_VERSION}
|
|
|
|
|
|
2004-07-23 23:40:00 +02:00
|
|
|
.endif # PGVERSION_MK
|
