Subject: Re: PostgeSQL security update?
To: None <tech-pkg@netbsd.org>
From: Geert Hendrickx <geert.hendrickx@ua.ac.be>
List: tech-pkg
Date: 06/29/2005 12:19:34
On Wed, Jun 29, 2005 at 11:12:59AM +0200, Geert Hendrickx wrote:
> postgresql74-server (version 7.4.7) has been flagged as vulnerable for a
> while now (also in pkgsrc-2005Q5), however an update (version 7.4.8) has
> been released by PostgreSQL more than a month ago.  Is anyone working on
> updating the pkgsrc package?  Are there problems with it, or is it just
> that noone has looked at it yet?  (volunteering, then)

Here are the diffs to update the postgresql74-* packages to 7.4.8.  The
only real difference (to pkgsrc) is that our postgresql74/patches/patch-ah
has now been applied upstream, so that patch doesn't apply anymore, and of
course that postgresql74-7.4.8 is not vulnerable anymore. :-)  

postgresql74-libs, -client, -server and -doc build fine with these patches.  


--- databases/postgresql74/Makefile.common      2005-05-22 22:07:46.000000000 +0200
+++ databases/postgresql74/Makefile.common   2005-06-29 11:39:35.000000000 +0200
@@ -36,7 +36,7 @@
 # BASE_VERS            pkgsrc-mangled version number (convert pl -> .)
 #
 # Note: Do not forget jdbc-postgresql when updating version
-DIST_VERS?=            7.4.7
+DIST_VERS?=            7.4.8
 BASE_VERS?=            ${DIST_VERS}
 
 BUILDLINK_DEPENDS.postgresql74-lib?=   postgresql74-lib>=${BASE_VERS}

--- databases/postgresql74/distinfo     2005-03-17 23:35:48.000000000 +0100
+++ databases/postgresql74/distinfo  2005-06-29 11:59:15.000000000 +0200
@@ -1,8 +1,8 @@
 $NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $
 
-SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8
-RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346
-Size (postgresql-7.4.7.tar.bz2) = 10235394 bytes
+SHA1 (postgresql-7.4.8.tar.bz2) = a565ff14e1a3b58a151b219bcffcf53dfc62ec41
+RMD160 (postgresql-7.4.8.tar.bz2) = 3ee8c70e0506e2a49bae20bc2282391513ee9d65
+Size (postgresql-7.4.8.tar.bz2) = 10235413 bytes
 SHA1 (patch-aa) = 626b4b4bf0d47913072399535c55d413b90675a4
 SHA1 (patch-ab) = f44a544c56452bad197a88cb827e88624c54656c
 SHA1 (patch-ac) = 81ef677cc5d196762b6cc3c3e38dee4a37e75ac2
@@ -10,4 +10,3 @@
 SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b
 SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48
 SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
-SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2

Only in databases/postgresql74/patches: patch-ah


GH

-- 
:wq