diff options
author | mingli.yu@windriver.com <mingli.yu@windriver.com> | 2016-08-05 14:38:11 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-08-08 13:54:05 +0200 |
commit | 92c500e967b241b9d91fbaba26a6d3cd065701f5 (patch) | |
tree | d11518c8078fc154d0113f49c44afaef57f6a076 /meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch | |
parent | aff7b7ee79cc437bf3dd31b2656960f9725734e1 (diff) | |
download | meta-openembedded-92c500e967b241b9d91fbaba26a6d3cd065701f5.tar.gz |
postgresql: 9.4.5 -> 9.4.8
* Upgrade postgresql from 9.4.5 to 9.4.8
* Update LIC_FILES_CHKSUM as COPYRIGHT file
updates
* Remove two backport CVE patches
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch')
-rw-r--r-- | meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch b/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch deleted file mode 100644 index df89eb0a1..000000000 --- a/meta-oe/recipes-support/postgresql/files/postgresql-CVE-2016-0766.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From f4aa3a18a20d51575562520754aa376b3b08b2d0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Noah Misch <noah@leadboat.com> | ||
3 | Date: Fri, 5 Feb 2016 20:22:51 -0500 | ||
4 | Subject: [PATCH] Force certain "pljava" custom GUCs to be PGC_SUSET. | ||
5 | |||
6 | Future PL/Java versions will close CVE-2016-0766 by making these GUCs | ||
7 | PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java | ||
8 | vulnerability, helping sites that update PostgreSQL more frequently than | ||
9 | PL/Java. Back-patch to 9.1 (all supported versions). | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Noah Misch <noah@leadboat.com> | ||
14 | Index: postgresql-9.4.4/src/backend/utils/misc/guc.c | ||
15 | =================================================================== | ||
16 | --- postgresql-9.4.4.orig/src/backend/utils/misc/guc.c 2015-06-10 03:29:38.000000000 +0800 | ||
17 | +++ postgresql-9.4.4/src/backend/utils/misc/guc.c 2016-03-04 15:58:26.459266951 +0800 | ||
18 | @@ -7072,6 +7072,17 @@ | ||
19 | !process_shared_preload_libraries_in_progress) | ||
20 | elog(FATAL, "cannot create PGC_POSTMASTER variables after startup"); | ||
21 | |||
22 | + /* | ||
23 | + * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139 | ||
24 | + * (2015-12-15), two of that module's PGC_USERSET variables facilitated | ||
25 | + * trivial escalation to superuser privileges. Restrict the variables to | ||
26 | + * protect sites that have yet to upgrade pljava. | ||
27 | + */ | ||
28 | + if (context == PGC_USERSET && | ||
29 | + (strcmp(name, "pljava.classpath") == 0 || | ||
30 | + strcmp(name, "pljava.vmoptions") == 0)) | ||
31 | + context = PGC_SUSET; | ||
32 | + | ||
33 | gen = (struct config_generic *) guc_malloc(ERROR, sz); | ||
34 | memset(gen, 0, sz); | ||
35 | |||