Update to PostgreSQL 8.2.6 to fix CVE-2007-6600 and others

2008-01-07 19:01:59 +00:00 · 2008-01-07 19:01:59 +00:00 · 6bcab53b12
commit 6bcab53b12
parent e5fb010be7
4 changed files with 30 additions and 4 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,4 +1,4 @@
-postgresql-8.2.5.tar.bz2
+postgresql-8.2.6.tar.bz2
 PyGreSQL-3.8.1.tgz
 pgtcl1.6.0.tar.gz
 pgtcldocs-20070115.zip
--- a/postgresql-ac-version.patch
+++ b/postgresql-ac-version.patch
@ -0,0 +1,20 @@
+Upstream has a policy of only supporting one autoconf version with any
+given PostgreSQL version; which is good for ensuring repeatable results
+for PostgreSQL, but it's not very tenable in the Fedora/RHEL world.
+Dike out the check.
+
+
+diff -Naur postgresql-8.2.6.orig/configure.in postgresql-8.2.6/configure.in
+--- postgresql-8.2.6.orig/configure.in	2008-01-03 16:40:50.000000000 -0500
+++ postgresql-8.2.6/configure.in	2008-01-04 11:25:42.000000000 -0500
+@@ -19,10 +19,6 @@
+ 
+ AC_INIT([PostgreSQL], [8.2.6], [pgsql-bugs@postgresql.org])
+ 
+-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.59], [], [m4_fatal([Autoconf version 2.59 is required.
+-Untested combinations of 'autoconf' and PostgreSQL versions are not
+-recommended.  You can remove the check from 'configure.in' but it is then
+-your responsibility whether the result works or not.])])
+ AC_COPYRIGHT([Copyright (c) 1996-2006, PostgreSQL Global Development Group])
+ AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
+ AC_CONFIG_AUX_DIR(config)
--- a/postgresql.spec
+++ b/postgresql.spec
@ -80,8 +80,8 @@

 Summary: PostgreSQL client programs and libraries
 Name: postgresql
-Version: 8.2.5
-Release: 2%{?dist}
+Version: 8.2.6
+Release: 1%{?dist}
 License: BSD
 Group: Applications/Databases
 Url: http://www.postgresql.org/ 
@ -101,6 +101,7 @@ Source19: http://pgfoundry.org/projects/pgtclng/pgtcl1.6.0.tar.gz
 Source20: http://pgfoundry.org/projects/pgtclng/pgtcldocs-20070115.zip

 Patch1: rpm-pgsql.patch
+Patch2: postgresql-ac-version.patch
 Patch3: postgresql-logging.patch
 Patch4: postgresql-test.patch
 Patch5: pgtcl-no-rpath.patch
@ -339,6 +340,7 @@ system, including regression tests and benchmarks.
 %prep
 %setup -q 
 %patch1 -p1
+%patch2 -p1
 %patch3 -p1
 %patch4 -p1
 # patch5 is applied later
@ -822,6 +824,10 @@ rm -rf $RPM_BUILD_ROOT
 %endif

 %changelog
+* Mon Jan  7 2008 Tom Lane <tgl@redhat.com> 8.2.6-1
+- Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772,
+  CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
+
 * Wed Dec  5 2007 Tom Lane <tgl@redhat.com> 8.2.5-2
 - Rebuild for new openssl

--- a/2
+++ b/2
@ -1,4 +1,4 @@
-bb1cd309ea72f070cb964736f5755847  postgresql-8.2.5.tar.bz2
+17b9049b4fcad42ee95410833c1db228  postgresql-8.2.6.tar.bz2
 5575979dac93c9c5795d7693a8f91c86  PyGreSQL-3.8.1.tgz
 25eda4bb40fb3d4ec9b205a1fdc1bbbc  pgtcl1.6.0.tar.gz
 8ce98e93b238c3329d0fe43810442c44  pgtcldocs-20070115.zip