diff options
author | Andrew Ross <aross@gentoo.org> | 2007-05-03 04:41:52 +0000 |
---|---|---|
committer | Andrew Ross <aross@gentoo.org> | 2007-05-03 04:41:52 +0000 |
commit | 7584db1c4600868ecf095844de9ce1a17f1284be (patch) | |
tree | dd0bf8dcd6f8297b4e40d57678c3f303cfb5e270 | |
parent | Version bump snapshot required for turbogears-1.0.2.2. Dropped amd64 keyword ... (diff) | |
download | gentoo-2-7584db1c4600868ecf095844de9ce1a17f1284be.tar.gz gentoo-2-7584db1c4600868ecf095844de9ce1a17f1284be.tar.bz2 gentoo-2-7584db1c4600868ecf095844de9ce1a17f1284be.zip |
Version bump to 7.3.19 for bug #175791 (CVE-2007-2138 privilege escalation in SECURITY DEFINER functions).
(Portage version: 2.1.2.2)
-rw-r--r-- | dev-db/postgresql/ChangeLog | 9 | ||||
-rw-r--r-- | dev-db/postgresql/files/digest-postgresql-7.3.19 | 12 | ||||
-rw-r--r-- | dev-db/postgresql/files/postgresql-7.3.19-cubeparse.patch | 36 | ||||
-rw-r--r-- | dev-db/postgresql/postgresql-7.3.19.ebuild | 248 |
4 files changed, 304 insertions, 1 deletions
diff --git a/dev-db/postgresql/ChangeLog b/dev-db/postgresql/ChangeLog index fa1b9af4d7b7..52c97fc2b1f5 100644 --- a/dev-db/postgresql/ChangeLog +++ b/dev-db/postgresql/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-db/postgresql # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.334 2007/05/02 08:50:01 voxus Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/ChangeLog,v 1.335 2007/05/03 04:41:52 aross Exp $ + +*postgresql-7.3.19 (03 May 2007) + + 03 May 2007; Andrew Ross <aross@gentoo.org> + +files/postgresql-7.3.19-cubeparse.patch, +postgresql-7.3.19.ebuild: + Version bump to 7.3.19 for bug #175791 (CVE-2007-2138 privilege escalation + in SECURITY DEFINER functions). *postgresql-8.2.4-r1 (02 May 2007) diff --git a/dev-db/postgresql/files/digest-postgresql-7.3.19 b/dev-db/postgresql/files/digest-postgresql-7.3.19 new file mode 100644 index 000000000000..770e85467eac --- /dev/null +++ b/dev-db/postgresql/files/digest-postgresql-7.3.19 @@ -0,0 +1,12 @@ +MD5 b9b2dca0468bafff72486bd54812c317 postgresql-base-7.3.19.tar.bz2 5691127 +RMD160 802bbba70d1368097a74de6b67589ab9645597cc postgresql-base-7.3.19.tar.bz2 5691127 +SHA256 1804e0424e4444f67acfb98b4e4ad2ede26748d1ddb4a9201cbff7627e394e6a postgresql-base-7.3.19.tar.bz2 5691127 +MD5 de4888125bef49f9f53824d4f9ae7bf6 postgresql-docs-7.3.19.tar.bz2 2365906 +RMD160 acad805217a5b16badc5ea1c5f88e2780d48e849 postgresql-docs-7.3.19.tar.bz2 2365906 +SHA256 0a4910cf776b6be8017eaf68a60c541be59288079fe5696d955bdace22ebde0a postgresql-docs-7.3.19.tar.bz2 2365906 +MD5 1fe88fa959492155518787c0eb197b14 postgresql-opt-7.3.19.tar.bz2 342076 +RMD160 7ee1dea5c906d88ba3384ea805368a9dcb8af47d postgresql-opt-7.3.19.tar.bz2 342076 +SHA256 2735bceed9f0d27befb3ec26b5d76f9272da1cdf2434ceb9d68327494912017f postgresql-opt-7.3.19.tar.bz2 342076 +MD5 a0958b2352586b7cd4083f46e1ba1ae8 postgresql-test-7.3.19.tar.bz2 891109 +RMD160 4f5ee0f9c4dd86b6ee54a818e25e929c2fc2334f postgresql-test-7.3.19.tar.bz2 891109 +SHA256 8df80f3fb5f61d61fe6348e037c614b3c0f2114ae5c8a7f3050b5fadde517ba3 postgresql-test-7.3.19.tar.bz2 891109 diff --git a/dev-db/postgresql/files/postgresql-7.3.19-cubeparse.patch b/dev-db/postgresql/files/postgresql-7.3.19-cubeparse.patch new file mode 100644 index 000000000000..705e073c8e45 --- /dev/null +++ b/dev-db/postgresql/files/postgresql-7.3.19-cubeparse.patch @@ -0,0 +1,36 @@ +--- contrib/cube/cubescan.l.orig 2006-07-05 06:56:04.000000000 +0000 ++++ contrib/cube/cubescan.l 2006-07-05 06:56:12.000000000 +0000 +@@ -9,6 +9,10 @@ + + + /* flex screws a couple symbols when used with the -P option; fix those */ ++#ifndef YY_PROTO ++#define YY_PROTO(proto) proto ++#endif ++ + #define YY_DECL int cube_yylex YY_PROTO(( void )); \ + int cube_yylex YY_PROTO(( void )) + #define yylval cube_yylval +--- contrib/seg/segscan.l.orig 2006-07-05 07:08:26.000000000 +0000 ++++ contrib/seg/segscan.l 2006-07-05 07:08:51.000000000 +0000 +@@ -9,6 +9,10 @@ + + + /* flex screws a couple symbols when used with the -P option; fix those */ ++#ifndef YY_PROTO ++#define YY_PROTO(proto) proto ++#endif ++ + #define YY_DECL int seg_yylex YY_PROTO(( void )); \ + int seg_yylex YY_PROTO(( void )) + #define yylval seg_yylval +--- contrib/tsearch/parser.l.orig 2006-07-05 07:22:36.000000000 +0000 ++++ contrib/tsearch/parser.l 2006-07-05 07:23:33.000000000 +0000 +@@ -18,6 +18,7 @@ + char *s = NULL; /* to return WHOLE hyphenated-word */ + + YY_BUFFER_STATE buf = NULL; /* buffer to parse; it need for parse from string */ ++static YY_BUFFER_STATE yy_current_buffer = 0; + + int lrlimit = -1; /* for limiting read from filehandle ( -1 - unlimited read ) */ + int bytestoread = 0; /* for limiting read from filehandle */ diff --git a/dev-db/postgresql/postgresql-7.3.19.ebuild b/dev-db/postgresql/postgresql-7.3.19.ebuild new file mode 100644 index 000000000000..c78e39865e8c --- /dev/null +++ b/dev-db/postgresql/postgresql-7.3.19.ebuild @@ -0,0 +1,248 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql/postgresql-7.3.19.ebuild,v 1.1 2007/05/03 04:41:52 aross Exp $ + +inherit eutils gnuconfig flag-o-matic multilib toolchain-funcs versionator + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + +DESCRIPTION="Sophisticated and powerful Object-Relational DBMS." +HOMEPAGE="http://www.postgresql.org/" +SRC_URI="mirror://postgresql/source/v${PV}/${PN}-base-${PV}.tar.bz2 + mirror://postgresql/source/v${PV}/${PN}-opt-${PV}.tar.bz2 + doc? ( mirror://postgresql/source/v${PV}/${PN}-docs-${PV}.tar.bz2 ) + test? ( mirror://postgresql/source/v${PV}/${PN}-test-${PV}.tar.bz2 )" +LICENSE="POSTGRESQL" +SLOT="0" +IUSE="doc kerberos nls pam perl pg-intdatetime python readline selinux ssl tcl test xml zlib" + +RDEPEND="~dev-db/libpq-${PV} + >=sys-libs/ncurses-5.2 + kerberos? ( virtual/krb5 ) + pam? ( virtual/pam ) + perl? ( >=dev-lang/perl-5.6.1-r2 ) + python? ( >=dev-lang/python-2.2 dev-python/egenix-mx-base ) + readline? ( >=sys-libs/readline-4.1 ) + selinux? ( sec-policy/selinux-postgresql ) + ssl? ( >=dev-libs/openssl-0.9.6-r1 ) + tcl? ( >=dev-lang/tcl-8 ) + xml? ( dev-libs/libxml2 dev-libs/libxslt ) + zlib? ( >=sys-libs/zlib-1.1.3 )" +DEPEND="${RDEPEND} + sys-devel/autoconf + >=sys-devel/bison-1.875 + nls? ( sys-devel/gettext ) + xml? ( dev-util/pkgconfig )" + +PG_DIR="/var/lib/postgresql" +[[ -z "${PG_MAX_CONNECTIONS}" ]] && PG_MAX_CONNECTIONS="512" + +pkg_setup() { + if [[ -f "${PG_DIR}/data/PG_VERSION" ]] ; then + if [[ $(cat "${PG_DIR}/data/PG_VERSION") != $(get_version_component_range 1-2) ]] ; then + eerror "PostgreSQL ${PV} cannot upgrade your existing databases, you must" + eerror "use pg_dump to export your existing databases to a file, and then" + eerror "pg_restore to import them when you have upgraded completely." + eerror "You must remove your entire database directory to continue." + eerror "(database directory = ${PG_DIR})." + die "Remove your database directory to continue" + fi + fi + enewgroup postgres 70 + enewuser postgres 70 /bin/bash /var/lib postgres +} + +src_unpack() { + unpack ${A} + cd "${S}" + + sed -i -e '/for pgac_lib in "" " -ltermcap"/ s/" -ltermcap"//' configure + + # libpq is provided separately as dev-db/libpq + sed -i -e 's/^DIRS := libpq ecpg/DIRS := ecpg/' src/interfaces/Makefile + sed -i -e '/\W\+\$.MAKE. -C include \$/d' src/Makefile + sed -i -e '/^\W\+psql scripts pg_config pg_controldata/ s/pg_config //' src/bin/Makefile + + epatch "${FILESDIR}/${P}-cubeparse.patch" + + # Prepare package for future tests + if use test ; then + # We need to run the tests as a non-root user, portage seems the most fitting here, + # so if userpriv is enabled, we use it directly. If userpriv is disabled, well, we + # don't support that in this version of PostgreSQL ... :) + mkdir -p "${S}/src/test/regress/tmp_check" + chown portage "${S}/src/test/regress/tmp_check" + einfo "Tests will be run as user portage." + fi +} + +src_compile() { + filter-flags -ffast-math -feliminate-dwarf2-dups + + # Correctly support the XML stuff + if use xml ; then + CFLAGS="${CFLAGS} $(pkg-config --cflags libxml-2.0)" + LIBS="${LIBS} $(pkg-config --libs libxml-2.0)" + fi + + # Detect mips systems properly + gnuconfig_update + + cd "${S}" + + ./configure --prefix=/usr \ + --includedir=/usr/include/postgresql/pgsql \ + --sysconfdir=/etc/postgresql \ + --mandir=/usr/share/man \ + --host=${CHOST} \ + --docdir=/usr/share/doc/${PF} \ + --libdir=/usr/$(get_libdir) \ + --enable-depend \ + $(use_with kerberos krb5) \ + $(use_enable nls ) \ + $(use_with pam) \ + $(use_with perl) \ + $(use_enable pg-intdatetime integer-datetimes ) \ + $(use_with python) \ + $(use_with readline) \ + $(use_with ssl openssl) \ + $(use_with tcl) \ + --without-tk \ + $(use_with zlib) \ + || die "configure failed" + + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "main emake failed" + + cd "${S}/contrib" + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib emake failed" + + if use xml ; then + cd "${S}/contrib/xml" + emake -j1 LD="$(tc-getLD) $(get_abi_LDFLAGS)" || die "contrib/xml emake failed" + fi +} + +src_install() { + if use perl ; then + mv -f "${S}/src/pl/plperl/GNUmakefile" "${S}/src/pl/plperl/GNUmakefile_orig" + sed -e "s:\$(DESTDIR)\$(plperl_installdir):\$(plperl_installdir):" \ + "${S}/src/pl/plperl/GNUmakefile_orig" > "${S}/src/pl/plperl/GNUmakefile" + fi + + cd "${S}" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "main emake install failed" + + cd "${S}/contrib" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib emake install failed" + + if use xml ; then + cd "${S}/contrib/xml" + emake -j1 DESTDIR="${D}" LIBDIR="${D}/usr/$(get_libdir)" install || die "contrib/xml emake install failed" + fi + + cd "${S}" + dodoc README HISTORY + dodoc contrib/adddepend/* + + cd "${S}/doc" + dodoc FAQ* README.* TODO bug.template + + if use doc ; then + cd "${S}/doc" + docinto FAQ_html + dodoc src/FAQ/* + docinto sgml + dodoc src/sgml/*.{sgml,dsl} + docinto sgml/ref + dodoc src/sgml/ref/*.sgml + docinto TODO.detail + dodoc TODO.detail/* + fi + + newinitd "${FILESDIR}/postgresql.init-${PV%.*}" postgresql || die "Inserting init.d-file failed" + newconfd "${FILESDIR}/postgresql.conf-${PV%.*}" postgresql || die "Inserting conf.d-file failed" +} + +pkg_postinst() { + elog "Execute the following command to setup the initial database environment:" + elog + elog "emerge --config =${PF}" + elog + elog "If you need a global psqlrc-file, you can place it in '${ROOT%/}/etc/postgresql/'." +} + +pkg_config() { + einfo "Creating the data directory ..." + mkdir -p "${PG_DIR}/data" + chown -Rf postgres:postgres "${PG_DIR}" + chmod 0700 "${PG_DIR}/data" + + einfo "Initializing the database ..." + if [[ -f "${PG_DIR}/data/PG_VERSION" ]] ; then + eerror "PostgreSQL ${PV} cannot upgrade your existing databases." + eerror "You must remove your entire database directory to continue." + eerror "(database directory = ${PG_DIR})." + die "Remove your database directory to continue" + else + if use kernel_linux ; then + local SEM=`sysctl -n kernel.sem | cut -f-3` + local SEMMNI=`sysctl -n kernel.sem | cut -f4` + local SEMMNI_MIN=`expr \( ${PG_MAX_CONNECTIONS} + 15 \) / 16` + local SHMMAX=`sysctl -n kernel.shmmax` + local SHMMAX_MIN=`expr 500000 + 30600 \* ${PG_MAX_CONNECTIONS}` + + if [ ${SEMMNI} -lt ${SEMMNI_MIN} ] ; then + eerror "The current value of SEMMNI is too low" + eerror "for PostgreSQL to run ${PG_MAX_CONNECTIONS} connections!" + eerror "Temporary setting this value to ${SEMMNI_MIN} while creating the initial database." + echo ${SEM} ${SEMMNI_MIN} > /proc/sys/kernel/sem + fi + + su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data" + + if [ ! `sysctl -n kernel.sem | cut -f4` -eq ${SEMMNI} ] ; then + echo ${SEM} ${SEMMNI} > /proc/sys/kernel/sem + ewarn "Restoring the SEMMNI value to the previous value." + ewarn "Please edit the last value of kernel.sem in /etc/sysctl.conf" + ewarn "and set it to at least ${SEMMNI_MIN}:" + ewarn + ewarn " kernel.sem = ${SEM} ${SEMMNI_MIN}" + ewarn + fi + + if [ ${SHMMAX} -lt ${SHMMAX_MIN} ] ; then + eerror "The current value of SHMMAX is too low for postgresql to run." + eerror "Please edit /etc/sysctl.conf and set this value to at least ${SHMMAX_MIN}:" + eerror + eerror " kernel.shmmax = ${SHMMAX_MIN}" + eerror + fi + else + su postgres -c "/usr/bin/initdb --pgdata ${PG_DIR}/data" + fi + + einfo + einfo "You can use the '${ROOT%/}/etc/init.d/postgresql' script to run PostgreSQL instead of 'pg_ctl'." + einfo + fi +} + +src_test() { + cd "${S}" + + einfo ">>> Test phase [check]: ${CATEGORY}/${PF}" + if hasq userpriv ${FEATURES} ; then + if ! emake -j1 check ; then + hasq test ${FEATURES} && die "Make check failed. See above for details." + hasq test ${FEATURES} || eerror "Make check failed. See above for details." + fi + else + eerror "Tests won't be run if FEATURES=userpriv is disabled!" + fi + + einfo "Yes, there are other tests which could be run." + einfo "... and no, we don't plan to add/support them." + einfo "For now, the main regressions tests will suffice." + einfo "If you think other tests are necessary, please submit a" + einfo "bug including a patch for this ebuild to enable them." +} |