diff options
author | Andrew Ross <aross@gentoo.org> | 2007-05-01 05:59:46 +0000 |
---|---|---|
committer | Andrew Ross <aross@gentoo.org> | 2007-05-01 05:59:46 +0000 |
commit | bdd8858b7a64f6b6e24650e9217ce2cedfd5452f (patch) | |
tree | 77ac139056adc595230e55ab2bfce7466dd3ccfa | |
parent | version bump (diff) | |
download | gentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.tar.gz gentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.tar.bz2 gentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.zip |
Version bump to 8.0.13 for bug #175791 (CVE-2007-2138 privilege escalation in SECURITY DEFINER functions).
(Portage version: 2.1.2.2)
-rw-r--r-- | dev-db/postgresql/ChangeLog | 9 | ||||
-rw-r--r-- | dev-db/postgresql/files/digest-postgresql-8.0.13 | 12 | ||||
-rw-r--r-- | dev-db/postgresql/files/postgresql-8.0.13-sh.patch | 34 | ||||
-rw-r--r-- | dev-db/postgresql/postgresql-8.0.13.ebuild | 271 |
4 files changed, 325 insertions, 1 deletions
diff --git a/dev-db/postgresql/ChangeLog b/dev-db/postgresql/ChangeLog index c2af7782749c..c92c95b24b34 100644 --- a/dev-db/postgresql/ChangeLog +++ b/dev-db/postgresql/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-db/postgresql # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.331 2007/04/28 22:04:20 tove Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.332 2007/05/01 05:59:46 aross Exp $ + +*postgresql-8.0.13 (01 May 2007) + + 01 May 2007; Andrew Ross <aross@gentoo.org> + +files/postgresql-8.0.13-sh.patch, +postgresql-8.0.13.ebuild: + Version bump for bug #175791 (CVE-2007-2138 privilege escalation in SECURITY + DEFINER functions). 28 Apr 2007; Torsten Veller <tove@gentoo.org> postgresql-7.3.15-r1.ebuild, postgresql-7.4.13.ebuild, postgresql-8.0.8.ebuild: diff --git a/dev-db/postgresql/files/digest-postgresql-8.0.13 b/dev-db/postgresql/files/digest-postgresql-8.0.13 new file mode 100644 index 000000000000..1a68a72fc3b7 --- /dev/null +++ b/dev-db/postgresql/files/digest-postgresql-8.0.13 @@ -0,0 +1,12 @@ +MD5 d3b5185dc6a12f2443f06f83cdee03d0 postgresql-base-8.0.13.tar.bz2 7848290 +RMD160 de34ef01b76d777e9b22bcd16dd29328a11d35cf postgresql-base-8.0.13.tar.bz2 7848290 +SHA256 5627ad76e6a6c8eb85c1debe5fce2c12b42611434dabe0fd5763b8a72c7ac49d postgresql-base-8.0.13.tar.bz2 7848290 +MD5 877fc8417555cff0a889d38013afefd6 postgresql-docs-8.0.13.tar.bz2 2271196 +RMD160 fdb9775d082da9c10aebb9394d84c55cfea3f4d7 postgresql-docs-8.0.13.tar.bz2 2271196 +SHA256 a703a22b11288eb20b5c4f28e34cfeeed11c730cebf51671049ad37ace5e204d postgresql-docs-8.0.13.tar.bz2 2271196 +MD5 824caf8451dec685a0d5886eb4892807 postgresql-opt-8.0.13.tar.bz2 134769 +RMD160 f3fb741c5dcff23045a58baf57f4386099e3c563 postgresql-opt-8.0.13.tar.bz2 134769 +SHA256 9f63fc12ede1a605934cdc462ff45c0e924288284f411ae38dec1c5b6e87ce25 postgresql-opt-8.0.13.tar.bz2 134769 +MD5 e736c9887ca4c66051501ce2b95a88f8 postgresql-test-8.0.13.tar.bz2 932945 +RMD160 d1a1c5e05337d82fb1fc2a7249e98ce8df375978 postgresql-test-8.0.13.tar.bz2 932945 +SHA256 ea7e45aa8d9d8f127704e659575a0e860fd53abdaefa7c0f256f246c283ff1cf postgresql-test-8.0.13.tar.bz2 932945 diff --git a/dev-db/postgresql/files/postgresql-8.0.13-sh.patch b/dev-db/postgresql/files/postgresql-8.0.13-sh.patch new file mode 100644 index 000000000000..fc1dafe83d15 --- /dev/null +++ b/dev-db/postgresql/files/postgresql-8.0.13-sh.patch @@ -0,0 +1,34 @@ +--- src/include/storage/s_lock.h 2005-01-01 07:03:42.000000000 +0900 ++++ src/include/storage/s_lock.h 2005-08-17 23:09:19.000000000 +0900 +@@ -239,6 +239,31 @@ + #endif /* __s390__ || __s390x__ */ + + ++#if defined(__sh__) ++#define HAS_TEST_AND_SET ++ ++typedef unsigned char slock_t; ++ ++#define TAS(lock) tas(lock) ++ ++static __inline__ int ++tas(volatile slock_t *lock) ++{ ++ register int _res = 1; ++ ++ __asm__ __volatile__( ++ "tas.b @%1\n\t" ++ "movt %0\n\t" ++ "xor #1,%0" ++: "=z"(_res) ++: "r"(lock) ++: "t","memory"); ++ return _res; ++} ++ ++#endif /* __sh__ */ ++ ++ + #if defined(__sparc__) + #define HAS_TEST_AND_SET + diff --git a/dev-db/postgresql/postgresql-8.0.13.ebuild b/dev-db/postgresql/postgresql-8.0.13.ebuild new file mode 100644 index 000000000000..6a87811f0b1d --- /dev/null +++ b/dev-db/postgresql/postgresql-8.0.13.ebuild @@ -0,0 +1,271 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/postgresql-8.0.13.ebuild,v 1.1 2007/05/01 05:59:46 aross Exp $ + +inherit eutils gnuconfig flag-o-matic multilib toolchain-funcs versionator + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + +DESCRIPTION="Sophisticated and powerful Object-Relational DBMS." +HOMEPAGE="http://www.postgresql.org/" +SRC_URI="mirror://postgresql/source/v${PV}/${PN}-base-${PV}.tar.bz2 + mirror://postgresql/source/v${PV}/${PN}-opt-${PV}.tar.bz2 + doc? ( mirror://postgresql/source/v${PV}/${PN}-docs-${PV}.tar.bz2 ) + test? ( mirror://postgresql/source/v${PV}/${PN}-test-${PV}.tar.bz2 )" +LICENSE="POSTGRESQL" +SLOT="0" +IUSE="doc kerberos nls pam perl pg-intdatetime python readline selinux ssl tcl test xml zlib" + +RDEPEND="~dev-db/libpq-${PV} + >=sys-libs/ncurses-5.2 + kerberos? ( virtual/krb5 ) + pam? ( virtual/pam ) + perl? ( >=dev-lang/perl-5.6.1-r2 ) + python? ( >=dev-lang/python-2.2 dev-python/egenix-mx-base ) + readline? ( >=sys-libs/readline-4.1 ) + selinux? ( sec-policy/selinux-postgresql ) + ssl? ( >=dev-libs/openssl-0.9.6-r1 ) + tcl? ( >=dev-lang/tcl-8 ) + xml? ( dev-libs/libxml2 dev-libs/libxslt ) + zlib? ( >=sys-libs/zlib-1.1.3 )" +DEPEND="${RDEPEND} + sys-devel/autoconf + >=sys-devel/bison-1.875 + nls? ( sys-devel/gettext ) + xml? ( dev-util/pkgconfig )" + +PG_DIR="/var/lib/postgresql" +[[ -z "${PG_MAX_CONNECTIONS}" ]] && PG_MAX_CONNECTIONS="512" + +cluster_exists() { + [[ -f "${PG_DIR}/data/PG_VERSION" ]] && return 0 + return 1 +} + +pkg_setup() { + if hasq pg-hier ${USE} ; then + ewarn "Warning: pg-hier USE-flag detected:" + ewarn "The hier-patch has been dropped for this version and the pg-hier USE-flag is therefore deprecated." + ewarn "If you really used the 'hier' patch in your database with the 'CONNECT BY' statement," + ewarn "you should stop now and reconsider. You will be able to reuse your data, but not" + ewarn "any VIEWS or QUERIES based on that statement." + ewarn "Please disable the pg-hier USE-flag!" + ebeep 3 + if cluster_exists ; then + eerror "There is already a database in '${PG_DIR}/data' and you have the pg-hier USE-flag set." + eerror "Please read the message above first. If you decide that the warnings there don't" + eerror "apply to your situation, dump the database using pg_dump and move the '${PG_DIR}/data'" + eerror "away. Then restart the merge. After that create a new database cluster and use pg_restore to" + eerror "re-import the previously dumped data." + eerror "Moving '${PG_DIR}/data' temporarely away or just disable the 'pg-hier' USE-flag won't work." + die "Can't update this database." + fi + fi + if cluster_exists ; then + local cluster_version=$(cat "${PG_DIR}/data/PG_VERSION") + if [[ ${cluster_version} != $(get_version_component_range 1-2) ]] ; then + eerror "There is a database in '${PG_DIR}/data' from PostgreSQL version ${cluster_version}." + eerror "PostgreSQL doesn't support upgrades between major versions, you have to use pg_dump" + eerror "to dump your existing database. Then move your '${PG_DIR}/data' directory away and" + eerror "restart the merge. After that create a new database cluster and use pg_restore to" + eerror "re-import the previously dumped data." + die "Can't update this database." + fi + fi + + enewgroup postgres 70 + enewuser postgres 70 /bin/bash /var/lib postgres +} + +src_unpack() { + unpack ${A} + cd "${S}" + + # libpq is provided separately as dev-db/libpq + sed -i -e 's/^DIRS := libpq ecpg/DIRS := ecpg/' src/interfaces/Makefile + sed -i -e '/\W\+\$.MAKE. -C include \$/d' src/Makefile + sed -i -e '/^\W\+psql scripts pg_config pg_controldata/ s/pg_config //' src/bin/Makefile + + epatch "${FILESDIR}/${P}-sh.patch" + + # Prepare package for future tests + if use test ; then + # Fix sandbox violation + sed -e "s|/no/such/location|${S}/src/test/regress/tmp_check/no/such/location|g" -i src/test/regress/{input,output}/tablespace.source + + # We need to run the tests as a non-root user, portage seems the most fitting here, + # so if userpriv is enabled, we use it directly. If userpriv is disabled, well, we + # don't support that in this version of PostgreSQL ... :) + mkdir -p "${S}/src/test/regress/tmp_check" + chown portage "${S}/src/test/regress/tmp_check" + einfo "Tests will be run as user portage." + fi +} + +src_compile() { + filter-flags -ffast-math -feliminate-dwarf2-dups + + # Detect mips systems properly + gnuconfig_update + + cd "${S}" + + ./configure --prefix=/usr \ + --includedir=/usr/include/postgresql/pgsql \ + --sysconfdir=/etc/postgresql \ + --mandir=/usr/share/man \ + --host=${CHOST} \ + --with-docdir=/usr/share/doc/${PF} \ + --libdir=/usr/$(get_libdir) \ + --enable-depend \ + $(use_with kerberos krb5) \ + $(use_enable nls ) \ + $(use_with pam) \ + $(use_with perl) \ + $(use_enable pg-intdatetime integer-datetimes ) \ + $(use_with python) \ + $(use_with readline) \ + $(use_with ssl openssl) \ + $(use_with tcl) \ + $(use_with zlib) \ + || die "configure failed" + + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "main emake failed" + + cd "${S}/contrib" + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib emake failed" + + if use xml ; then + cd "${S}/contrib/xml2" + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib/xml2 emake failed" + fi +} + +src_install() { + if use perl ; then + mv -f "${S}/src/pl/plperl/GNUmakefile" "${S}/src/pl/plperl/GNUmakefile_orig" + sed -e "s:\$(DESTDIR)\$(plperl_installdir):\$(plperl_installdir):" \ + "${S}/src/pl/plperl/GNUmakefile_orig" > "${S}/src/pl/plperl/GNUmakefile" + fi + + cd "${S}" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "main emake install failed" + + cd "${S}/contrib" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib emake install failed" + + if use xml ; then + cd "${S}/contrib/xml2" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib/xml2 emake install failed" + fi + + cd "${S}" + dodoc README HISTORY + dodoc contrib/adddepend/* + + cd "${S}/doc" + dodoc FAQ* README.* TODO bug.template + + if use doc ; then + cd "${S}/doc" + docinto FAQ_html + dodoc src/FAQ/* + docinto sgml + dodoc src/sgml/*.{sgml,dsl} + docinto sgml/ref + dodoc src/sgml/ref/*.sgml + docinto TODO.detail + dodoc TODO.detail/* + fi + + newinitd "${FILESDIR}/postgresql.init-${PV%.*}" postgresql || die "Inserting init.d-file failed" + newconfd "${FILESDIR}/postgresql.conf-${PV%.*}" postgresql || die "Inserting conf.d-file failed" + + newinitd "${FILESDIR}/pg_autovacuum.init-${PV%.*}" pg_autovacuum || die "Inserting pg_autovacuum init.d-file failed" + newconfd "${FILESDIR}/pg_autovacuum.conf-${PV%.*}" pg_autovacuum || die "Inserting pg_autovacuum conf.d-file failed" + dosed "s:___DOCDIR___:/usr/share/doc/${PF}:" /etc/init.d/pg_autovacuum +} + +pkg_postinst() { + elog "Execute the following command to setup the initial database environment:" + elog + elog "emerge --config =${PF}" + elog + elog "If you need a global psqlrc-file, you can place it in '${ROOT}/etc/postgresql/'." +} + +pkg_config() { + einfo "Creating the data directory ..." + mkdir -p "${PG_DIR}/data" + chown -Rf postgres:postgres "${PG_DIR}" + chmod 0700 "${PG_DIR}/data" + + einfo "Initializing the database ..." + if [[ -f "${PG_DIR}/data/PG_VERSION" ]] ; then + eerror "PostgreSQL ${PV} cannot upgrade your existing databases." + eerror "You must remove your entire database directory to continue." + eerror "(database directory = ${PG_DIR})." + die "Remove your database directory to continue" + else + if use kernel_linux ; then + local SEM=`sysctl -n kernel.sem | cut -f-3` + local SEMMNI=`sysctl -n kernel.sem | cut -f4` + local SEMMNI_MIN=`expr \( ${PG_MAX_CONNECTIONS} + 15 \) / 16` + local SHMMAX=`sysctl -n kernel.shmmax` + local SHMMAX_MIN=`expr 500000 + 30600 \* ${PG_MAX_CONNECTIONS}` + + if [ ${SEMMNI} -lt ${SEMMNI_MIN} ] ; then + eerror "The current value of SEMMNI is too low" + eerror "for PostgreSQL to run ${PG_MAX_CONNECTIONS} connections!" + eerror "Temporary setting this value to ${SEMMNI_MIN} while creating the initial database." + echo ${SEM} ${SEMMNI_MIN} > /proc/sys/kernel/sem + fi + + su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data" + + if [ ! `sysctl -n kernel.sem | cut -f4` -eq ${SEMMNI} ] ; then + echo ${SEM} ${SEMMNI} > /proc/sys/kernel/sem + ewarn "Restoring the SEMMNI value to the previous value." + ewarn "Please edit the last value of kernel.sem in /etc/sysctl.conf" + ewarn "and set it to at least ${SEMMNI_MIN}:" + ewarn + ewarn " kernel.sem = ${SEM} ${SEMMNI_MIN}" + ewarn + fi + + if [ ${SHMMAX} -lt ${SHMMAX_MIN} ] ; then + eerror "The current value of SHMMAX is too low for postgresql to run." + eerror "Please edit /etc/sysctl.conf and set this value to at least ${SHMMAX_MIN}:" + eerror + eerror " kernel.shmmax = ${SHMMAX_MIN}" + eerror + fi + else + su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data" + fi + + einfo + einfo "You can use the '${ROOT}/etc/init.d/postgresql' script to run PostgreSQL instead of 'pg_ctl'." + einfo + fi +} + +src_test() { + cd "${S}" + + einfo ">>> Test phase [check]: ${CATEGORY}/${PF}" + if hasq userpriv ${FEATURES} ; then + if ! emake -j1 check ; then + hasq test ${FEATURES} && die "Make check failed. See above for details." + hasq test ${FEATURES} || eerror "Make check failed. See above for details." + fi + else + eerror "Tests won't be run if FEATURES=userpriv is disabled!" + fi + + einfo "Yes, there are other tests which could be run." + einfo "... and no, we don't plan to add/support them." + einfo "For now, the main regressions tests will suffice." + einfo "If you think other tests are necessary, please submit a" + einfo "bug including a patch for this ebuild to enable them." +} |