summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Ross <aross@gentoo.org>2007-05-01 05:59:46 +0000
committerAndrew Ross <aross@gentoo.org>2007-05-01 05:59:46 +0000
commitbdd8858b7a64f6b6e24650e9217ce2cedfd5452f (patch)
tree77ac139056adc595230e55ab2bfce7466dd3ccfa
parentversion bump (diff)
downloadgentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.tar.gz
gentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.tar.bz2
gentoo-2-bdd8858b7a64f6b6e24650e9217ce2cedfd5452f.zip
Version bump to 8.0.13 for bug #175791 (CVE-2007-2138 privilege escalation in SECURITY DEFINER functions).
(Portage version: 2.1.2.2)
-rw-r--r--dev-db/postgresql/ChangeLog9
-rw-r--r--dev-db/postgresql/files/digest-postgresql-8.0.1312
-rw-r--r--dev-db/postgresql/files/postgresql-8.0.13-sh.patch34
-rw-r--r--dev-db/postgresql/postgresql-8.0.13.ebuild271
4 files changed, 325 insertions, 1 deletions
diff --git a/dev-db/postgresql/ChangeLog b/dev-db/postgresql/ChangeLog
index c2af7782749c..c92c95b24b34 100644
--- a/dev-db/postgresql/ChangeLog
+++ b/dev-db/postgresql/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for dev-db/postgresql
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.331 2007/04/28 22:04:20 tove Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.332 2007/05/01 05:59:46 aross Exp $
+
+*postgresql-8.0.13 (01 May 2007)
+
+ 01 May 2007; Andrew Ross <aross@gentoo.org>
+ +files/postgresql-8.0.13-sh.patch, +postgresql-8.0.13.ebuild:
+ Version bump for bug #175791 (CVE-2007-2138 privilege escalation in SECURITY
+ DEFINER functions).
28 Apr 2007; Torsten Veller <tove@gentoo.org> postgresql-7.3.15-r1.ebuild,
postgresql-7.4.13.ebuild, postgresql-8.0.8.ebuild:
diff --git a/dev-db/postgresql/files/digest-postgresql-8.0.13 b/dev-db/postgresql/files/digest-postgresql-8.0.13
new file mode 100644
index 000000000000..1a68a72fc3b7
--- /dev/null
+++ b/dev-db/postgresql/files/digest-postgresql-8.0.13
@@ -0,0 +1,12 @@
+MD5 d3b5185dc6a12f2443f06f83cdee03d0 postgresql-base-8.0.13.tar.bz2 7848290
+RMD160 de34ef01b76d777e9b22bcd16dd29328a11d35cf postgresql-base-8.0.13.tar.bz2 7848290
+SHA256 5627ad76e6a6c8eb85c1debe5fce2c12b42611434dabe0fd5763b8a72c7ac49d postgresql-base-8.0.13.tar.bz2 7848290
+MD5 877fc8417555cff0a889d38013afefd6 postgresql-docs-8.0.13.tar.bz2 2271196
+RMD160 fdb9775d082da9c10aebb9394d84c55cfea3f4d7 postgresql-docs-8.0.13.tar.bz2 2271196
+SHA256 a703a22b11288eb20b5c4f28e34cfeeed11c730cebf51671049ad37ace5e204d postgresql-docs-8.0.13.tar.bz2 2271196
+MD5 824caf8451dec685a0d5886eb4892807 postgresql-opt-8.0.13.tar.bz2 134769
+RMD160 f3fb741c5dcff23045a58baf57f4386099e3c563 postgresql-opt-8.0.13.tar.bz2 134769
+SHA256 9f63fc12ede1a605934cdc462ff45c0e924288284f411ae38dec1c5b6e87ce25 postgresql-opt-8.0.13.tar.bz2 134769
+MD5 e736c9887ca4c66051501ce2b95a88f8 postgresql-test-8.0.13.tar.bz2 932945
+RMD160 d1a1c5e05337d82fb1fc2a7249e98ce8df375978 postgresql-test-8.0.13.tar.bz2 932945
+SHA256 ea7e45aa8d9d8f127704e659575a0e860fd53abdaefa7c0f256f246c283ff1cf postgresql-test-8.0.13.tar.bz2 932945
diff --git a/dev-db/postgresql/files/postgresql-8.0.13-sh.patch b/dev-db/postgresql/files/postgresql-8.0.13-sh.patch
new file mode 100644
index 000000000000..fc1dafe83d15
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-8.0.13-sh.patch
@@ -0,0 +1,34 @@
+--- src/include/storage/s_lock.h 2005-01-01 07:03:42.000000000 +0900
++++ src/include/storage/s_lock.h 2005-08-17 23:09:19.000000000 +0900
+@@ -239,6 +239,31 @@
+ #endif /* __s390__ || __s390x__ */
+
+
++#if defined(__sh__)
++#define HAS_TEST_AND_SET
++
++typedef unsigned char slock_t;
++
++#define TAS(lock) tas(lock)
++
++static __inline__ int
++tas(volatile slock_t *lock)
++{
++ register int _res = 1;
++
++ __asm__ __volatile__(
++ "tas.b @%1\n\t"
++ "movt %0\n\t"
++ "xor #1,%0"
++: "=z"(_res)
++: "r"(lock)
++: "t","memory");
++ return _res;
++}
++
++#endif /* __sh__ */
++
++
+ #if defined(__sparc__)
+ #define HAS_TEST_AND_SET
+
diff --git a/dev-db/postgresql/postgresql-8.0.13.ebuild b/dev-db/postgresql/postgresql-8.0.13.ebuild
new file mode 100644
index 000000000000..6a87811f0b1d
--- /dev/null
+++ b/dev-db/postgresql/postgresql-8.0.13.ebuild
@@ -0,0 +1,271 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/postgresql-8.0.13.ebuild,v 1.1 2007/05/01 05:59:46 aross Exp $
+
+inherit eutils gnuconfig flag-o-matic multilib toolchain-funcs versionator
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+
+DESCRIPTION="Sophisticated and powerful Object-Relational DBMS."
+HOMEPAGE="http://www.postgresql.org/"
+SRC_URI="mirror://postgresql/source/v${PV}/${PN}-base-${PV}.tar.bz2
+ mirror://postgresql/source/v${PV}/${PN}-opt-${PV}.tar.bz2
+ doc? ( mirror://postgresql/source/v${PV}/${PN}-docs-${PV}.tar.bz2 )
+ test? ( mirror://postgresql/source/v${PV}/${PN}-test-${PV}.tar.bz2 )"
+LICENSE="POSTGRESQL"
+SLOT="0"
+IUSE="doc kerberos nls pam perl pg-intdatetime python readline selinux ssl tcl test xml zlib"
+
+RDEPEND="~dev-db/libpq-${PV}
+ >=sys-libs/ncurses-5.2
+ kerberos? ( virtual/krb5 )
+ pam? ( virtual/pam )
+ perl? ( >=dev-lang/perl-5.6.1-r2 )
+ python? ( >=dev-lang/python-2.2 dev-python/egenix-mx-base )
+ readline? ( >=sys-libs/readline-4.1 )
+ selinux? ( sec-policy/selinux-postgresql )
+ ssl? ( >=dev-libs/openssl-0.9.6-r1 )
+ tcl? ( >=dev-lang/tcl-8 )
+ xml? ( dev-libs/libxml2 dev-libs/libxslt )
+ zlib? ( >=sys-libs/zlib-1.1.3 )"
+DEPEND="${RDEPEND}
+ sys-devel/autoconf
+ >=sys-devel/bison-1.875
+ nls? ( sys-devel/gettext )
+ xml? ( dev-util/pkgconfig )"
+
+PG_DIR="/var/lib/postgresql"
+[[ -z "${PG_MAX_CONNECTIONS}" ]] && PG_MAX_CONNECTIONS="512"
+
+cluster_exists() {
+ [[ -f "${PG_DIR}/data/PG_VERSION" ]] && return 0
+ return 1
+}
+
+pkg_setup() {
+ if hasq pg-hier ${USE} ; then
+ ewarn "Warning: pg-hier USE-flag detected:"
+ ewarn "The hier-patch has been dropped for this version and the pg-hier USE-flag is therefore deprecated."
+ ewarn "If you really used the 'hier' patch in your database with the 'CONNECT BY' statement,"
+ ewarn "you should stop now and reconsider. You will be able to reuse your data, but not"
+ ewarn "any VIEWS or QUERIES based on that statement."
+ ewarn "Please disable the pg-hier USE-flag!"
+ ebeep 3
+ if cluster_exists ; then
+ eerror "There is already a database in '${PG_DIR}/data' and you have the pg-hier USE-flag set."
+ eerror "Please read the message above first. If you decide that the warnings there don't"
+ eerror "apply to your situation, dump the database using pg_dump and move the '${PG_DIR}/data'"
+ eerror "away. Then restart the merge. After that create a new database cluster and use pg_restore to"
+ eerror "re-import the previously dumped data."
+ eerror "Moving '${PG_DIR}/data' temporarely away or just disable the 'pg-hier' USE-flag won't work."
+ die "Can't update this database."
+ fi
+ fi
+ if cluster_exists ; then
+ local cluster_version=$(cat "${PG_DIR}/data/PG_VERSION")
+ if [[ ${cluster_version} != $(get_version_component_range 1-2) ]] ; then
+ eerror "There is a database in '${PG_DIR}/data' from PostgreSQL version ${cluster_version}."
+ eerror "PostgreSQL doesn't support upgrades between major versions, you have to use pg_dump"
+ eerror "to dump your existing database. Then move your '${PG_DIR}/data' directory away and"
+ eerror "restart the merge. After that create a new database cluster and use pg_restore to"
+ eerror "re-import the previously dumped data."
+ die "Can't update this database."
+ fi
+ fi
+
+ enewgroup postgres 70
+ enewuser postgres 70 /bin/bash /var/lib postgres
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # libpq is provided separately as dev-db/libpq
+ sed -i -e 's/^DIRS := libpq ecpg/DIRS := ecpg/' src/interfaces/Makefile
+ sed -i -e '/\W\+\$.MAKE. -C include \$/d' src/Makefile
+ sed -i -e '/^\W\+psql scripts pg_config pg_controldata/ s/pg_config //' src/bin/Makefile
+
+ epatch "${FILESDIR}/${P}-sh.patch"
+
+ # Prepare package for future tests
+ if use test ; then
+ # Fix sandbox violation
+ sed -e "s|/no/such/location|${S}/src/test/regress/tmp_check/no/such/location|g" -i src/test/regress/{input,output}/tablespace.source
+
+ # We need to run the tests as a non-root user, portage seems the most fitting here,
+ # so if userpriv is enabled, we use it directly. If userpriv is disabled, well, we
+ # don't support that in this version of PostgreSQL ... :)
+ mkdir -p "${S}/src/test/regress/tmp_check"
+ chown portage "${S}/src/test/regress/tmp_check"
+ einfo "Tests will be run as user portage."
+ fi
+}
+
+src_compile() {
+ filter-flags -ffast-math -feliminate-dwarf2-dups
+
+ # Detect mips systems properly
+ gnuconfig_update
+
+ cd "${S}"
+
+ ./configure --prefix=/usr \
+ --includedir=/usr/include/postgresql/pgsql \
+ --sysconfdir=/etc/postgresql \
+ --mandir=/usr/share/man \
+ --host=${CHOST} \
+ --with-docdir=/usr/share/doc/${PF} \
+ --libdir=/usr/$(get_libdir) \
+ --enable-depend \
+ $(use_with kerberos krb5) \
+ $(use_enable nls ) \
+ $(use_with pam) \
+ $(use_with perl) \
+ $(use_enable pg-intdatetime integer-datetimes ) \
+ $(use_with python) \
+ $(use_with readline) \
+ $(use_with ssl openssl) \
+ $(use_with tcl) \
+ $(use_with zlib) \
+ || die "configure failed"
+
+ emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "main emake failed"
+
+ cd "${S}/contrib"
+ emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib emake failed"
+
+ if use xml ; then
+ cd "${S}/contrib/xml2"
+ emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib/xml2 emake failed"
+ fi
+}
+
+src_install() {
+ if use perl ; then
+ mv -f "${S}/src/pl/plperl/GNUmakefile" "${S}/src/pl/plperl/GNUmakefile_orig"
+ sed -e "s:\$(DESTDIR)\$(plperl_installdir):\$(plperl_installdir):" \
+ "${S}/src/pl/plperl/GNUmakefile_orig" > "${S}/src/pl/plperl/GNUmakefile"
+ fi
+
+ cd "${S}"
+ emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "main emake install failed"
+
+ cd "${S}/contrib"
+ emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib emake install failed"
+
+ if use xml ; then
+ cd "${S}/contrib/xml2"
+ emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib/xml2 emake install failed"
+ fi
+
+ cd "${S}"
+ dodoc README HISTORY
+ dodoc contrib/adddepend/*
+
+ cd "${S}/doc"
+ dodoc FAQ* README.* TODO bug.template
+
+ if use doc ; then
+ cd "${S}/doc"
+ docinto FAQ_html
+ dodoc src/FAQ/*
+ docinto sgml
+ dodoc src/sgml/*.{sgml,dsl}
+ docinto sgml/ref
+ dodoc src/sgml/ref/*.sgml
+ docinto TODO.detail
+ dodoc TODO.detail/*
+ fi
+
+ newinitd "${FILESDIR}/postgresql.init-${PV%.*}" postgresql || die "Inserting init.d-file failed"
+ newconfd "${FILESDIR}/postgresql.conf-${PV%.*}" postgresql || die "Inserting conf.d-file failed"
+
+ newinitd "${FILESDIR}/pg_autovacuum.init-${PV%.*}" pg_autovacuum || die "Inserting pg_autovacuum init.d-file failed"
+ newconfd "${FILESDIR}/pg_autovacuum.conf-${PV%.*}" pg_autovacuum || die "Inserting pg_autovacuum conf.d-file failed"
+ dosed "s:___DOCDIR___:/usr/share/doc/${PF}:" /etc/init.d/pg_autovacuum
+}
+
+pkg_postinst() {
+ elog "Execute the following command to setup the initial database environment:"
+ elog
+ elog "emerge --config =${PF}"
+ elog
+ elog "If you need a global psqlrc-file, you can place it in '${ROOT}/etc/postgresql/'."
+}
+
+pkg_config() {
+ einfo "Creating the data directory ..."
+ mkdir -p "${PG_DIR}/data"
+ chown -Rf postgres:postgres "${PG_DIR}"
+ chmod 0700 "${PG_DIR}/data"
+
+ einfo "Initializing the database ..."
+ if [[ -f "${PG_DIR}/data/PG_VERSION" ]] ; then
+ eerror "PostgreSQL ${PV} cannot upgrade your existing databases."
+ eerror "You must remove your entire database directory to continue."
+ eerror "(database directory = ${PG_DIR})."
+ die "Remove your database directory to continue"
+ else
+ if use kernel_linux ; then
+ local SEM=`sysctl -n kernel.sem | cut -f-3`
+ local SEMMNI=`sysctl -n kernel.sem | cut -f4`
+ local SEMMNI_MIN=`expr \( ${PG_MAX_CONNECTIONS} + 15 \) / 16`
+ local SHMMAX=`sysctl -n kernel.shmmax`
+ local SHMMAX_MIN=`expr 500000 + 30600 \* ${PG_MAX_CONNECTIONS}`
+
+ if [ ${SEMMNI} -lt ${SEMMNI_MIN} ] ; then
+ eerror "The current value of SEMMNI is too low"
+ eerror "for PostgreSQL to run ${PG_MAX_CONNECTIONS} connections!"
+ eerror "Temporary setting this value to ${SEMMNI_MIN} while creating the initial database."
+ echo ${SEM} ${SEMMNI_MIN} > /proc/sys/kernel/sem
+ fi
+
+ su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data"
+
+ if [ ! `sysctl -n kernel.sem | cut -f4` -eq ${SEMMNI} ] ; then
+ echo ${SEM} ${SEMMNI} > /proc/sys/kernel/sem
+ ewarn "Restoring the SEMMNI value to the previous value."
+ ewarn "Please edit the last value of kernel.sem in /etc/sysctl.conf"
+ ewarn "and set it to at least ${SEMMNI_MIN}:"
+ ewarn
+ ewarn " kernel.sem = ${SEM} ${SEMMNI_MIN}"
+ ewarn
+ fi
+
+ if [ ${SHMMAX} -lt ${SHMMAX_MIN} ] ; then
+ eerror "The current value of SHMMAX is too low for postgresql to run."
+ eerror "Please edit /etc/sysctl.conf and set this value to at least ${SHMMAX_MIN}:"
+ eerror
+ eerror " kernel.shmmax = ${SHMMAX_MIN}"
+ eerror
+ fi
+ else
+ su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data"
+ fi
+
+ einfo
+ einfo "You can use the '${ROOT}/etc/init.d/postgresql' script to run PostgreSQL instead of 'pg_ctl'."
+ einfo
+ fi
+}
+
+src_test() {
+ cd "${S}"
+
+ einfo ">>> Test phase [check]: ${CATEGORY}/${PF}"
+ if hasq userpriv ${FEATURES} ; then
+ if ! emake -j1 check ; then
+ hasq test ${FEATURES} && die "Make check failed. See above for details."
+ hasq test ${FEATURES} || eerror "Make check failed. See above for details."
+ fi
+ else
+ eerror "Tests won't be run if FEATURES=userpriv is disabled!"
+ fi
+
+ einfo "Yes, there are other tests which could be run."
+ einfo "... and no, we don't plan to add/support them."
+ einfo "For now, the main regressions tests will suffice."
+ einfo "If you think other tests are necessary, please submit a"
+ einfo "bug including a patch for this ebuild to enable them."
+}