diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2005-02-19 12:07:46 +0000 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2005-02-19 12:07:46 +0000 |
| commit | 9c89540227221ee9001868542fa9f8e5bdceae53 (patch) | |
| tree | 7fa5d33d41d8fe5a91a045cac4c4fd5fe5cb3764 /databases/postgresql73-server/files/patch-src-pl-plpgsql-src-gram-y | |
| parent | Update to version 1.41 (diff) | |
Fix security alert using a patch from PostgreSQL's CVS repository:
Prevent overrunning a heap-allocated buffer if more than 1024
parameters to a refcursor declaration are specified. This is a
minimally-invasive fix for the buffer overrun.
Define LATEST_LINK to avoid package name clashes between the different
branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to
branch 7.4, keep its LATEST_LINK to a generic value.)
Set UNIQUENAME and let it be the same for server & client, so each
branch's ports will share the same options file. This adds some no-op
knobs to the -client port, but IMO it is better this way.
Add space inside paranthesis in OSVERSION conditional to work around
(ancient) make bug. [2]
Remove the Rendez-Vouz knob for 8.0 since I can't find the software
needed to even compile it on FreeBSD.
Bump portrevision (for -server only).
Noted by: kris [1]
PR: ports/77530 [2]
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (mentor)
Notes
Notes:
svn path=/head/; revision=129277
Diffstat (limited to '')
| -rw-r--r-- | databases/postgresql73-server/files/patch-src-pl-plpgsql-src-gram-y | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/databases/postgresql73-server/files/patch-src-pl-plpgsql-src-gram-y b/databases/postgresql73-server/files/patch-src-pl-plpgsql-src-gram-y new file mode 100644 index 000000000000..e9d23cac61ea --- /dev/null +++ b/databases/postgresql73-server/files/patch-src-pl-plpgsql-src-gram-y @@ -0,0 +1,69 @@ +--- src/pl/plpgsql/src/gram.y 2005/01/27 01:44:42 1.39.2.1 REL7_3_9 ++++ src/pl/plpgsql/src/gram.y 2005/02/08 18:22:45 1.39.2.2 REL7_3_STABLE +@@ -4,7 +4,7 @@ + * procedural language + * + * IDENTIFICATION +- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.1 2005/01/27 01:44:42 neilc Exp $ ++ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.2 2005/02/08 18:22:45 tgl Exp $ + * + * This software is copyrighted by Jan Wieck - Hamburg. + * +@@ -1612,6 +1612,14 @@ read_sql_construct(int until, + } + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = lno; ++ elog(ERROR, "too many variables specified in SQL statement"); ++ } ++ + switch (tok) + { + case T_VARIABLE: +@@ -1761,6 +1769,13 @@ make_select_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = yylineno; ++ elog(ERROR, "too many INTO variables specified"); ++ } ++ + tok = yylex(); + switch(tok) + { +@@ -1809,6 +1824,14 @@ make_select_stmt(void) + + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = yylineno; ++ elog(ERROR, "too many variables specified in SQL statement"); ++ } ++ + switch (tok) + { + case T_VARIABLE: +@@ -1892,6 +1915,13 @@ make_fetch_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = yylineno; ++ elog(ERROR, "too many INTO variables specified"); ++ } ++ + tok = yylex(); + switch(tok) + { |