head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.1.0.12 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.10 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.8 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.6 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.4 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.2 pkgsrc-2011Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2013.04.04.21.08.28; author adam; state dead; branches; next 1.1; 1.1 date 2011.10.12.19.43.27; author hans; state Exp; branches; next ; desc @@ 1.2 log @The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately. A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902. @ text @$NetBSD: patch-src_makefiles_Makefile.solaris,v 1.1 2011/10/12 19:43:27 hans Exp $ --- src/makefiles/Makefile.solaris.orig 2011-09-23 00:06:36.000000000 +0200 +++ src/makefiles/Makefile.solaris 2011-10-11 12:14:55.511535061 +0200 @@@@ -18,5 +18,3 @@@@ endif %.so: %.o $(LD) -G -Bdynamic -o $@@ $< - -sqlmansect = 5sql @ 1.1 log @Fix build on SunOS. @ text @d1 1 a1 1 $NetBSD$ @