diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2005-02-19 12:07:46 +0000 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2005-02-19 12:07:46 +0000 |
| commit | 9c89540227221ee9001868542fa9f8e5bdceae53 (patch) | |
| tree | 7fa5d33d41d8fe5a91a045cac4c4fd5fe5cb3764 /databases/postgresql74-server/files | |
| parent | Update to version 1.41 (diff) | |
Fix security alert using a patch from PostgreSQL's CVS repository:
Prevent overrunning a heap-allocated buffer if more than 1024
parameters to a refcursor declaration are specified. This is a
minimally-invasive fix for the buffer overrun.
Define LATEST_LINK to avoid package name clashes between the different
branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to
branch 7.4, keep its LATEST_LINK to a generic value.)
Set UNIQUENAME and let it be the same for server & client, so each
branch's ports will share the same options file. This adds some no-op
knobs to the -client port, but IMO it is better this way.
Add space inside paranthesis in OSVERSION conditional to work around
(ancient) make bug. [2]
Remove the Rendez-Vouz knob for 8.0 since I can't find the software
needed to even compile it on FreeBSD.
Bump portrevision (for -server only).
Noted by: kris [1]
PR: ports/77530 [2]
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (mentor)
Notes
Notes:
svn path=/head/; revision=129277
Diffstat (limited to 'databases/postgresql74-server/files')
| -rw-r--r-- | databases/postgresql74-server/files/patch-src-pl-plpgsql-src-gram-y | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-gram-y b/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-gram-y new file mode 100644 index 000000000000..053c44d5baf8 --- /dev/null +++ b/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-gram-y @@ -0,0 +1,77 @@ +--- src/pl/plpgsql/src/gram.y 2005/01/21 00:31:21 1.48.2.1 REL7_4_7 ++++ src/pl/plpgsql/src/gram.y 2005/02/08 18:22:11 1.48.2.3 REL7_4_STABLE +@@ -4,7 +4,7 @@ + * procedural language + * + * IDENTIFICATION +- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.1 2005/01/21 00:31:21 neilc Exp $ ++ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.3 2005/02/08 18:22:11 tgl Exp $ + * + * This software is copyrighted by Jan Wieck - Hamburg. + * +@@ -1699,6 +1699,16 @@ read_sql_construct(int until, + } + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = lno; ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_VARIABLE: +@@ -1856,6 +1866,15 @@ make_select_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = yylex(); + switch(tok) + { +@@ -1906,6 +1925,16 @@ make_select_stmt(void) + + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_VARIABLE: +@@ -1989,6 +2018,15 @@ make_fetch_stmt(void) + + while ((tok = yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = yylex(); + switch(tok) + { |