<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-support/postgresql/postgresql.inc, branch krogoth-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=krogoth-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=krogoth-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2016-05-02T21:03:03+00:00</updated>
<entry>
<title>meta-oe: use bb.utils.contains() instead of base_contains()</title>
<updated>2016-05-02T21:03:03+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2016-04-22T19:48:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=cf1819332d48d3307aa2e80255834aa7911cd0dc'/>
<id>urn:sha1:cf1819332d48d3307aa2e80255834aa7911cd0dc</id>
<content type='text'>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: Security Advisory-postgresql-CVE-2016-0773</title>
<updated>2016-03-25T10:26:55+00:00</updated>
<author>
<name>Zhixiong Chi</name>
<email>zhixiong.chi@windriver.com</email>
</author>
<published>2016-03-10T02:57:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8354a07d12933a60201064ab61f5b7156bf94dca'/>
<id>urn:sha1:8354a07d12933a60201064ab61f5b7156bf94dca</id>
<content type='text'>
add CVE-2016-0773 patch for avoiding attackers to cause a denial
of service (infinite loop or buffer overflow and crash)
via a large Unicode character range in a regular expression.
Patch comes from:
http://git.postgresql.org/gitweb/?p=postgresql.git;a=summary
commit 3bb3f42f3749d40b8d4de65871e8d828b18d4a45

Signed-off-by: Zhixiong Chi &lt;Zhixiong.Chi@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: Security Advisory-postgresql-CVE-2016-0766</title>
<updated>2016-03-14T11:15:37+00:00</updated>
<author>
<name>Zhixiong Chi</name>
<email>zhixiong.chi@windriver.com</email>
</author>
<published>2016-03-08T05:43:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=21f72b1fe09ca919316f8ed8545b9bf88aa83b29'/>
<id>urn:sha1:21f72b1fe09ca919316f8ed8545b9bf88aa83b29</id>
<content type='text'>
add CVE-2016-0766 patch for avoiding attackers to gain privileges
via unspecified vectors.
Patch comes from:
http://git.postgresql.org/gitweb/?p=postgresql.git;a=summary
commit f4aa3a18a20d51575562520754aa376b3b08b2d0

Signed-off-by: Zhixiong Chi &lt;Zhixiong.Chi@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: Don't symlink to perl if it's disabled</title>
<updated>2015-12-18T11:42:08+00:00</updated>
<author>
<name>George McCollister</name>
<email>george.mccollister@gmail.com</email>
</author>
<published>2015-11-12T18:35:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b2bf995c4e68f0eb434549ed512e06313fa67881'/>
<id>urn:sha1:b2bf995c4e68f0eb434549ed512e06313fa67881</id>
<content type='text'>
Don't create a symlink to libperl.so if perl isn't in PACKAGECONFIG.
Attempting to do so will fail if perl hasn't been built.

Signed-off-by: George McCollister &lt;george.mccollister@gmail.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql.inc: fix indentation to use 4 spaces</title>
<updated>2015-09-23T13:34:26+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2015-09-08T14:37:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=57f718ec3eb75b10278b0ea0d7e3dbd8e8d8bd74'/>
<id>urn:sha1:57f718ec3eb75b10278b0ea0d7e3dbd8e8d8bd74</id>
<content type='text'>
* like rest of meta-oe and other sane layers
* never mix tabs and spaces (especially on the same line)

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: set the tclsh as target path</title>
<updated>2015-09-23T13:34:25+00:00</updated>
<author>
<name>Yue Tao</name>
<email>Yue.Tao@windriver.com</email>
</author>
<published>2015-09-06T05:27:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=11d91e658ff2f9c38481f96c7b162ef6883da023'/>
<id>urn:sha1:11d91e658ff2f9c38481f96c7b162ef6883da023</id>
<content type='text'>
The tclsh path in pltcl_listmod is set to sysroot, which causes pltcl_listmod
to fails to run on target, so fix the path to /usr/bin/tclsh.
    $ pltcl_listmod
    /usr/bin/pltcl_listmod: line 5: /buildarea1/WRLinux70-STD-0825/bitbake_build/tmp/sysroots/x86_64-linux/usr/bin/tclsh: No such file or directory
    $

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: Add explict getVar expansion parameter</title>
<updated>2015-07-30T19:00:27+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2015-07-08T17:00:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=09a36b234c05a65e1acac3617da0a3521895dccf'/>
<id>urn:sha1:09a36b234c05a65e1acac3617da0a3521895dccf</id>
<content type='text'>
Bitbake is likely to require this parameter in future, add
the default value.

Patch generated with the command:

sed -e 's:\(getVar([^,()]*\)\s*):\1, False):g' -i `grep -ril getVar *`

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: upgrade to 9.4.2</title>
<updated>2015-06-23T10:40:10+00:00</updated>
<author>
<name>Roy Li</name>
<email>rongqing.li@windriver.com</email>
</author>
<published>2015-06-09T03:07:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=13a7f47192ffdce659da610322122d887c53b325'/>
<id>urn:sha1:13a7f47192ffdce659da610322122d887c53b325</id>
<content type='text'>
1. remove Backport patches
2. Update the checksume, include CopyRight file, since date in it
is changed
3. remove --without-krb5 configure options, since it become useless
4. Update remove.autoconf.version.check.patch
5. skip to check libperl

Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory</title>
<updated>2014-11-07T14:05:45+00:00</updated>
<author>
<name>Kang Kai</name>
<email>kai.kang@windriver.com</email>
</author>
<published>2014-10-29T00:30:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ffb649d04322db8c3e218ee1a4499e202657375d'/>
<id>urn:sha1:ffb649d04322db8c3e218ee1a4499e202657375d</id>
<content type='text'>
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue.  Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues.  This
issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>postgresql: add fix for CVE-2014-0067 Security Advisory</title>
<updated>2014-11-07T14:05:45+00:00</updated>
<author>
<name>Kang Kai</name>
<email>kai.kang@windriver.com</email>
</author>
<published>2014-10-29T00:30:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=59e457955474385b3ca47488ca0028fc72869b7f'/>
<id>urn:sha1:59e457955474385b3ca47488ca0028fc72869b7f</id>
<content type='text'>
The make check command for the test suites in PostgreSQL 9.3.3 and
earlier does not properly invoke initdb to specify the authentication
requirements for a database cluster to be used for the tests, which
allows local users to gain privileges by leveraging access to this
cluster.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
</feed>
