postgresql: Security Advisory-postgresql-CVE-2016-0766

add CVE-2016-0766 patch for avoiding attackers to gain privileges via unspecified vectors. Patch comes from: http://git.postgresql.org/gitweb/?p=postgresql.git;a=summary commit f4aa3a18a20d51575562520754aa376b3b08b2d0 Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Zhixiong Chi <zhixiong.chi@windriver.com> 2016-03-08 13:43:20 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-03-14 12:15:37 +0100
commit: 21f72b1fe09ca919316f8ed8545b9bf88aa83b29 (patch)
tree: c2a8da556e8e0da3c177fb7813d77888751ccc18 /meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch
parent: 830607415dd63ca5244ab8e51f402e046b03ca85 (diff)
download: meta-openembedded-21f72b1fe09ca919316f8ed8545b9bf88aa83b29.tar.gz
1 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch b/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch
new file mode 100644
index 0000000000..df89eb0a14
--- /dev/null
+++ b/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch
@@ -0,0 +1,35 @@
+From f4aa3a18a20d51575562520754aa376b3b08b2d0 Mon Sep 17 00:00:00 2001
+From: Noah Misch <noah@leadboat.com>
+Date: Fri, 5 Feb 2016 20:22:51 -0500
+Subject: [PATCH] Force certain "pljava" custom GUCs to be PGC_SUSET.
+Future PL/Java versions will close CVE-2016-0766 by making these GUCs
+PGC_SUSET.  This PostgreSQL change independently mitigates that PL/Java
+vulnerability, helping sites that update PostgreSQL more frequently than
+PL/Java.  Back-patch to 9.1 (all supported versions).
+Upstream-Status: Backport
+Signed-off-by: Noah Misch <noah@leadboat.com>
+Index: postgresql-9.4.4/src/backend/utils/misc/guc.c
+===================================================================
+--- postgresql-9.4.4.orig/src/backend/utils/misc/guc.c  2015-06-10 03:29:38.000000000 +0800
+++ postgresql-9.4.4/src/backend/utils/misc/guc.c       2016-03-04 15:58:26.459266951 +0800
+@@ -7072,6 +7072,17 @@
+                !process_shared_preload_libraries_in_progress)
+                elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
+ 
+       /*
+        * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
+        * (2015-12-15), two of that module's PGC_USERSET variables facilitated
+        * trivial escalation to superuser privileges.  Restrict the variables to
+        * protect sites that have yet to upgrade pljava.
+        */
+       if (context == PGC_USERSET &&
+               (strcmp(name, "pljava.classpath") == 0 ||
+                strcmp(name, "pljava.vmoptions") == 0))
+               context = PGC_SUSET;
+
+        gen = (struct config_generic *) guc_malloc(ERROR, sz);
+        memset(gen, 0, sz);
+
author	Zhixiong Chi <zhixiong.chi@windriver.com>	2016-03-08 13:43:20 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-03-14 12:15:37 +0100
commit	21f72b1fe09ca919316f8ed8545b9bf88aa83b29 (patch)
tree	c2a8da556e8e0da3c177fb7813d77888751ccc18 /meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch
parent	830607415dd63ca5244ab8e51f402e046b03ca85 (diff)
download	meta-openembedded-21f72b1fe09ca919316f8ed8545b9bf88aa83b29.tar.gz

diff --git a/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch b/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch new file mode 100644 index 0000000000..df89eb0a14 --- /dev/null +++ b/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch
@@ -0,0 +1,35 @@
	1	From f4aa3a18a20d51575562520754aa376b3b08b2d0 Mon Sep 17 00:00:00 2001
	2	From: Noah Misch <noah@leadboat.com>
	3	Date: Fri, 5 Feb 2016 20:22:51 -0500
	4	Subject: [PATCH] Force certain "pljava" custom GUCs to be PGC_SUSET.
	5
	6	Future PL/Java versions will close CVE-2016-0766 by making these GUCs
	7	PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java
	8	vulnerability, helping sites that update PostgreSQL more frequently than
	9	PL/Java. Back-patch to 9.1 (all supported versions).
	10
	11	Upstream-Status: Backport
	12
	13	Signed-off-by: Noah Misch <noah@leadboat.com>
	14	Index: postgresql-9.4.4/src/backend/utils/misc/guc.c
	15	===================================================================
	16	--- postgresql-9.4.4.orig/src/backend/utils/misc/guc.c 2015-06-10 03:29:38.000000000 +0800
	17	+++ postgresql-9.4.4/src/backend/utils/misc/guc.c 2016-03-04 15:58:26.459266951 +0800
	18	@@ -7072,6 +7072,17 @@
	19	!process_shared_preload_libraries_in_progress)
	20	elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
	21
	22	+ /*
	23	+ * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
	24	+ * (2015-12-15), two of that module's PGC_USERSET variables facilitated
	25	+ * trivial escalation to superuser privileges. Restrict the variables to
	26	+ * protect sites that have yet to upgrade pljava.
	27	+ */
	28	+ if (context == PGC_USERSET &&
	29	+ (strcmp(name, "pljava.classpath") == 0 \|\|
	30	+ strcmp(name, "pljava.vmoptions") == 0))
	31	+ context = PGC_SUSET;
	32	+
	33	gen = (struct config_generic *) guc_malloc(ERROR, sz);
	34	memset(gen, 0, sz);
	35