postgresql: add fix for CVE-2014-0062 Security Advisory

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Kang Kai <kai.kang@windriver.com> 2014-10-29 08:30:55 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2014-11-07 15:05:45 +0100
commit: bd9378688e32c96e26b65c3f74724c7c7d81aada (patch)
tree: dc4befd39f5707d81f9b9f301a9a4afc5f2cd0e4 /meta-oe/recipes-support/postgresql/postgresql.inc
parent: 30f8a0515a959ac4c45771b406fdcf01cc1aca1c (diff)
download: meta-openembedded-bd9378688e32c96e26b65c3f74724c7c7d81aada.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc
index e2e5947b7..9cfb2b6d8 100644
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
           file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \
           file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \
           file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
+           file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
          "
 LEAD_SONAME = "libpq.so"
author	Kang Kai <kai.kang@windriver.com>	2014-10-29 08:30:55 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2014-11-07 15:05:45 +0100
commit	bd9378688e32c96e26b65c3f74724c7c7d81aada (patch)
tree	dc4befd39f5707d81f9b9f301a9a4afc5f2cd0e4 /meta-oe/recipes-support/postgresql/postgresql.inc
parent	30f8a0515a959ac4c45771b406fdcf01cc1aca1c (diff)
download	meta-openembedded-bd9378688e32c96e26b65c3f74724c7c7d81aada.tar.gz

diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc index e2e5947b7..9cfb2b6d8 100644 --- a/meta-oe/recipes-support/postgresql/postgresql.inc +++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
34	file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \	34	file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \
35	file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \	35	file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \
36	file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \	36	file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
		37	file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
37	"	38	"
38		39
39	LEAD_SONAME = "libpq.so"	40	LEAD_SONAME = "libpq.so"