Commit 4cab124a authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Thomas Petazzoni
Browse files

postgresql: security bump to version 9.4.5 



Fixes:

CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.

CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.

sparc build fix patch upstream so drop it.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: default avatarVicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: default avatarVicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
parent 633f2f57

package/postgresql/0002-fix-sparc-compile.patch

deleted100644 → 0
+0 −38
Original line number Diff line number Diff line 
The gcc predefines for Linux are __sparc_v8__/__sparc_v7__



Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>



diff -Nur postgresql-9.4.4.orig/src/include/storage/s_lock.h postgresql-9.4.4/src/include/storage/s_lock.h

--- postgresql-9.4.4.orig/src/include/storage/s_lock.h	2015-06-09 21:29:38.000000000 +0200

+++ postgresql-9.4.4/src/include/storage/s_lock.h	2015-08-09 19:57:06.000000000 +0200

@@ -420,12 +420,12 @@

 :		"=r"(_res), "+m"(*lock)

 :		"r"(lock)

 :		"memory");

-#if defined(__sparcv7)

+#if defined(__sparcv7) || defined(__sparc_v7__)

 	/*

 	 * No stbar or membar available, luckily no actually produced hardware

 	 * requires a barrier.

 	 */

-#elif defined(__sparcv8)

+#elif defined(__sparcv8) || defined(__sparc_v8__)

 	/* stbar is available (and required for both PSO, RMO), membar isn't */

 	__asm__ __volatile__ ("stbar	 \n":::"memory");

 #else

@@ -438,13 +438,13 @@

 	return (int) _res;

 }

 

-#if defined(__sparcv7)

+#if defined(__sparcv7) || defined(__sparc_v7__)

 /*

  * No stbar or membar available, luckily no actually produced hardware

  * requires a barrier.

  */

 #define S_UNLOCK(lock)		(*((volatile slock_t *) (lock)) = 0)

-#elif defined(__sparcv8)

+#elif defined(__sparcv8) || defined(__sparc_v8__)

 /* stbar is available (and required for both PSO, RMO), membar isn't */

 #define S_UNLOCK(lock)	\

 do \

package/postgresql/postgresql.hash

+2 −2
Original line number Diff line number Diff line 
# From https://ftp.postgresql.org/pub/source/v9.4.4/postgresql-9.4.4.tar.bz2.sha256

sha256	538ed99688d6fdbec6fd166d1779cf4588bf2f16c52304e5ef29f904c43b0013  postgresql-9.4.4.tar.bz2
 
# From https://ftp.postgresql.org/pub/source/v9.4.5/postgresql-9.4.5.tar.bz2.sha256

sha256	b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39  postgresql-9.4.5.tar.bz2

package/postgresql/postgresql.mk

+1 −1
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
#

################################################################################



POSTGRESQL_VERSION = 9.4.4

POSTGRESQL_VERSION = 9.4.5

POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2

POSTGRESQL_SITE = http://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)

POSTGRESQL_LICENSE = PostgreSQL