postgresql: add fix for CVE-2014-0067 Security Advisory

The make check command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2026-04-20 23:48:20 +00:00 · 2014-10-29 08:30:57 +08:00
parent f1978efac9
commit 59e4579554
2 changed files with 76 additions and 0 deletions
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -36,6 +36,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
           file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
           file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
           file://0006-Fix-handling-of-wide-datetime-input-output.patch \
+           file://0007-Make-pqsignal-available-to-pg_regress-of-ECPG-and-is.patch \
          "

 LEAD_SONAME = "libpq.so"