Subject: pkg/30638: postgresql74-server security update
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <geert.hendrickx@ua.ac.be>
List: pkgsrc-bugs
Date: 06/30/2005 09:23:00
>Number: 30638
>Category: pkg
>Synopsis: postgresql74-server security update
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Jun 30 09:23:00 +0000 2005
>Originator: Geert Hendrickx
>Release:
>Organization:
>Environment:
>Description:
postgresql74-server (version 7.4.7) has been flagged as vulnerable for a
while now (also in pkgsrc-2005Q5), however an update (version 7.4.8) has
been released by PostgreSQL more than a month ago.
>How-To-Repeat:
>Fix:
Here are the diffs to update the postgresql74-* packages to 7.4.8. The
only real difference (to pkgsrc) is that our postgresql74/patches/patch-ah
has now been applied upstream, so that patch doesn't apply anymore, and of
course that postgresql74-7.4.8 is not vulnerable anymore. :-)
postgresql74-libs, -client, -server and -doc build fine with these patches.
--- databases/postgresql74/Makefile.common 2005-05-22 22:07:46.000000000 +0200
+++ databases/postgresql74/Makefile.common 2005-06-29 11:39:35.000000000 +0200
@@ -36,7 +36,7 @@
# BASE_VERS pkgsrc-mangled version number (convert pl -> .)
#
# Note: Do not forget jdbc-postgresql when updating version
-DIST_VERS?= 7.4.7
+DIST_VERS?= 7.4.8
BASE_VERS?= ${DIST_VERS}
BUILDLINK_DEPENDS.postgresql74-lib?= postgresql74-lib>=${BASE_VERS}
--- databases/postgresql74/distinfo 2005-03-17 23:35:48.000000000 +0100
+++ databases/postgresql74/distinfo 2005-06-29 11:59:15.000000000 +0200
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $
-SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8
-RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346
-Size (postgresql-7.4.7.tar.bz2) = 10235394 bytes
+SHA1 (postgresql-7.4.8.tar.bz2) = a565ff14e1a3b58a151b219bcffcf53dfc62ec41
+RMD160 (postgresql-7.4.8.tar.bz2) = 3ee8c70e0506e2a49bae20bc2282391513ee9d65
+Size (postgresql-7.4.8.tar.bz2) = 10235413 bytes
SHA1 (patch-aa) = 626b4b4bf0d47913072399535c55d413b90675a4
SHA1 (patch-ab) = f44a544c56452bad197a88cb827e88624c54656c
SHA1 (patch-ac) = 81ef677cc5d196762b6cc3c3e38dee4a37e75ac2
@@ -10,4 +10,3 @@
SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b
SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48
SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
-SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2
Only in databases/postgresql74/patches: patch-ah