postgresql: add fix for CVE-2014-0064 Security Advisory

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2026-04-20 11:38:34 +00:00 · 2014-10-29 08:30:52 +08:00
parent 3692902448
commit cd4cd79199
2 changed files with 608 additions and 2 deletions
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -28,10 +28,11 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
           file://postgresql.init \
           file://postgresql-bashprofile \
           file://postgresql.pam \
-           file://0001-Use-pkg-config-for-libxml2-detection.patch \
           file://postgresql-setup \
           file://postgresql.service \
-"
+           file://0001-Use-pkg-config-for-libxml2-detection.patch \
+           file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \
+          "

 LEAD_SONAME = "libpq.so"