Subject: CVS commit: [pkgsrc-2013Q1] pkgsrc/databases
From: Matthias Scheler
Date: 2013-04-09 12:33:33
Message id: 20130409103333.8FA55175DD@cvs.netbsd.org

Log Message:
Pullup ticket #4112 - requested by fhajny
databases/postgresql84: security update
databases/postgresql84-client: security update
databases/postgresql84-server: security update
databases/postgresql90: security update
databases/postgresql90-client: security update
databases/postgresql90-docs: security update
databases/postgresql90-server: security update
databases/postgresql91: security update
databases/postgresql91-client: security update
databases/postgresql91-docs: security update
databases/postgresql91-server: security update
databases/postgresql92: security update
databases/postgresql92-client: security update
databases/postgresql92-docs: security update
databases/postgresql92-server: security update

Revisions pulled up:
- databases/Makefile                                            1.428
- databases/postgresql84-client/PLIST                           1.19
- databases/postgresql84-server/PLIST                           1.15
- databases/postgresql84/Makefile.common                        1.26
- databases/postgresql84/distinfo                               1.25
- databases/postgresql90-docs/PLIST                             1.15
- databases/postgresql90-server/PLIST                           1.12
- databases/postgresql90/Makefile.common                        1.24
- databases/postgresql90/distinfo                               1.17
- databases/postgresql91-docs/PLIST                             1.11
- databases/postgresql91-server/PLIST                           1.7
- databases/postgresql91/Makefile.common                        1.14
- databases/postgresql91/distinfo                               1.14
- databases/postgresql92-client/PLIST                           1.4
- databases/postgresql92-docs/PLIST                             1.4
- databases/postgresql92-server/PLIST                           1.3
- databases/postgresql92/Makefile.common                        1.5
- databases/postgresql92/distinfo                               1.4
- databases/postgresql92/patches/patch-contrib_dblink_dblink.c  1.2

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Thu Apr  4 21:08:38 UTC 2013

   Modified Files:
   	pkgsrc/databases: Makefile
   	pkgsrc/databases/postgresql84: Makefile.common distinfo
   	pkgsrc/databases/postgresql84-client: PLIST
   	pkgsrc/databases/postgresql84-server: PLIST
   	pkgsrc/databases/postgresql90: Makefile.common distinfo
   	pkgsrc/databases/postgresql90-docs: PLIST
   	pkgsrc/databases/postgresql90-server: PLIST
   	pkgsrc/databases/postgresql91: Makefile.common distinfo
   	pkgsrc/databases/postgresql91-docs: PLIST
   	pkgsrc/databases/postgresql91-server: PLIST
   	pkgsrc/databases/postgresql92: Makefile.common distinfo
   	pkgsrc/databases/postgresql92-client: PLIST
   	pkgsrc/databases/postgresql92-docs: PLIST
   	pkgsrc/databases/postgresql92-server: PLIST
   	pkgsrc/databases/postgresql92/patches: patch-contrib_dblink_dblink.c
   	pkgsrc/mk: pgsql.buildlink3.mk
   Removed Files:
   	pkgsrc/databases/jdbc-postgresql83: DESCR Makefile PLIST distinfo
   	pkgsrc/databases/postgresql83: DESCR Makefile Makefile.common PLIST
   	    distinfo options.mk
   	pkgsrc/databases/postgresql83-client: DESCR Makefile PLIST
   	    buildlink3.mk
   	pkgsrc/databases/postgresql83-plperl: DESCR MESSAGE Makefile PLIST
   	pkgsrc/databases/postgresql83-plpython: DESCR MESSAGE Makefile PLIST
   	pkgsrc/databases/postgresql83-pltcl: DESCR MESSAGE Makefile PLIST
   	pkgsrc/databases/postgresql83-server: DEINSTALL DESCR MESSAGE Makefile
   	    PLIST
   	pkgsrc/databases/postgresql83-server/files: pgsql.sh
   	pkgsrc/databases/postgresql83-uuid: Makefile
   	pkgsrc/databases/postgresql83/files: GNUmakefile.libpq dynloader-ltdl.h
   	pkgsrc/databases/postgresql83/patches: patch-aa patch-ab patch-ac
   	    patch-ad patch-af patch-ag patch-ah patch-ai patch-ba
   	    patch-src_interfaces_ecpg_ecpglib_Makefile
   	    patch-src_makefiles_Makefile.solaris patch-src_pl_plperl_plperl.h
   	    patch-src_pl_plpgsql_src_Makefile

   Log Message:
   The PostgreSQL Global Development Group has released a security update to all \ 
current versions of the PostgreSQL database system, including versions 9.2.4, \ 
9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security \ 
vulnerability in versions 9.0 and later. All users of the affected versions are \ 
strongly urged to apply the update immediately.

   A major security issue fixed in this release, CVE-2013-1899, makes it \ 
possible for a connection request containing a database name that begins with \ 
"-" to be crafted that can damage or destroy files within a server's \ 
data directory. Anyone with access to the port the PostgreSQL server listens on \ 
can initiate this request.

   Two lesser security fixes are also included in this release: CVE-2013-1900, \ 
wherein random numbers generated by contrib/pgcrypto functions may be easy for \ 
another database user to guess, and CVE-2013-1901, which mistakenly allows an \ 
unprivileged user to run commands that could interfere with in-progress backups. \ 
Finally, this release fixes two security issues with the graphical installers \ 
for Linux and Mac OS X: insecure passing of superuser passwords to a script, \ 
CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.

Files:
RevisionActionfile
1.25.2.1modifypkgsrc/databases/postgresql84/Makefile.common
1.24.2.1modifypkgsrc/databases/postgresql84/distinfo
1.18.2.1modifypkgsrc/databases/postgresql84-client/PLIST
1.14.2.1modifypkgsrc/databases/postgresql84-server/PLIST
1.23.2.1modifypkgsrc/databases/postgresql90/Makefile.common
1.16.2.1modifypkgsrc/databases/postgresql90/distinfo
1.14.2.1modifypkgsrc/databases/postgresql90-docs/PLIST
1.11.2.1modifypkgsrc/databases/postgresql90-server/PLIST
1.13.2.1modifypkgsrc/databases/postgresql91/Makefile.common
1.13.2.1modifypkgsrc/databases/postgresql91/distinfo
1.10.2.1modifypkgsrc/databases/postgresql91-docs/PLIST
1.6.2.1modifypkgsrc/databases/postgresql91-server/PLIST
1.4.2.1modifypkgsrc/databases/postgresql92/Makefile.common
1.3.2.1modifypkgsrc/databases/postgresql92/distinfo
1.3.2.1modifypkgsrc/databases/postgresql92-client/PLIST
1.3.2.1modifypkgsrc/databases/postgresql92-docs/PLIST
1.2.2.1modifypkgsrc/databases/postgresql92-server/PLIST
1.1.4.1modifypkgsrc/databases/postgresql92/patches/patch-contrib_dblink_dblink.c