postgresql: add fix for CVE-2014-0063 Security Advisory

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2026-04-20 23:48:20 +00:00 · 2014-10-29 08:30:56 +08:00
parent bd9378688e
commit f1978efac9
2 changed files with 466 additions and 0 deletions
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -35,6 +35,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
           file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \
           file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
           file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
+           file://0006-Fix-handling-of-wide-datetime-input-output.patch \
          "

 LEAD_SONAME = "libpq.so"