pkgsrc-changes: CVS commit: pkgsrc/databases

Subject: CVS commit: pkgsrc/databases
To: None <pkgsrc-changes@NetBSD.org>
From: Thomas Klausner <wiz@netbsd.org>
List: pkgsrc-changes
Date: 06/30/2005 01:50:11
Module Name:	pkgsrc
Committed By:	wiz
Date:		Thu Jun 30 01:50:11 UTC 2005

Modified Files:
	pkgsrc/databases/postgresql74: Makefile.common distinfo
	pkgsrc/databases/postgresql74-client: Makefile PLIST
	pkgsrc/databases/postgresql74-docs: PLIST
	pkgsrc/databases/postgresql74-lib: PLIST
	pkgsrc/databases/tcl-postgresql74: Makefile
Added Files:
	pkgsrc/databases/postgresql74-client/files: man.client
Removed Files:
	pkgsrc/databases/postgresql74-client/files: man.exclude
	pkgsrc/databases/postgresql74/patches: patch-ah

Log Message:
Update postgresql74* packages to 7.4.8.

                                Release Notes

                                Release 7.4.8

     Release date: 2005-05-09

   This release contains a variety of fixes from 7.4.7, including several
   security-related issues.
     __________________________________________________________________

Migration to version 7.4.8

   A dump/restore is not required for those running 7.4.X. However, it is
   one possible way of handling two significant security problems that
   have been found in the initial contents of 7.4.X system catalogs. A
   dump/initdb/reload sequence using 7.4.8's initdb will automatically
   correct these problems.

   The larger security problem is that the built-in character set encoding
   conversion functions can be invoked from SQL commands by unprivileged
   users, but the functions were not designed for such use and are not
   secure against malicious choices of arguments. The fix involves
   changing the declared parameter list of these functions so that they
   can no longer be invoked from SQL commands. (This does not affect their
   normal use by the encoding conversion machinery.)

   The lesser problem is that the "contrib/tsearch2" module creates
   several functions that are misdeclared to return internal when they do
   not accept internal arguments. This breaks type safety for all
   functions using internal arguments.

   It is strongly recommended that all installations repair these errors,
   either by initdb or by following the manual repair procedures given
   below. The errors at least allow unprivileged database users to crash
   their server process, and may allow unprivileged users to gain the
   privileges of a database superuser.

While here, fix postgresql74-client package installation on 2.0
(broken -X), and avoid the need for gtar in tcl-postgresql74.


To generate a diff of this commit:
cvs rdiff -r1.23 -r1.24 pkgsrc/databases/postgresql74/Makefile.common
cvs rdiff -r1.17 -r1.18 pkgsrc/databases/postgresql74/distinfo
cvs rdiff -r1.11 -r1.12 pkgsrc/databases/postgresql74-client/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/databases/postgresql74-client/PLIST
cvs rdiff -r0 -r1.1 pkgsrc/databases/postgresql74-client/files/man.client
cvs rdiff -r1.1.1.1 -r0 \
    pkgsrc/databases/postgresql74-client/files/man.exclude
cvs rdiff -r1.3 -r1.4 pkgsrc/databases/postgresql74-docs/PLIST
cvs rdiff -r1.4 -r1.5 pkgsrc/databases/postgresql74-lib/PLIST
cvs rdiff -r1.1 -r0 pkgsrc/databases/postgresql74/patches/patch-ah
cvs rdiff -r1.2 -r1.3 pkgsrc/databases/tcl-postgresql74/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.