From e68b9aaaa8d272c4b456ac1c02980b52be56467c Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 21 Jun 2019 14:43:27 -0400 Subject: user/postgresql: [CVE] bump to 10.8 Dump/restore is not required for this update. However, if the pg_stat_statements extension is used, the changelog has this to say: https://www.postgresql.org/docs/10/release-10-6.html "In contrib/pg_stat_statements, disallow the pg_read_all_stats role from executing pg_stat_statements_reset() (Haribabu Kommi) pg_read_all_stats is only meant to grant permission to read statistics, not to change them, so this grant was incorrect. To cause this change to take effect, run ALTER EXTENSION pg_stat_statements UPDATE in each database where pg_stat_statements has been installed." --- user/postgresql/APKBUILD | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) (limited to 'user/postgresql') diff --git a/user/postgresql/APKBUILD b/user/postgresql/APKBUILD index 7fed2351e..996168875 100644 --- a/user/postgresql/APKBUILD +++ b/user/postgresql/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Jakub Jirutka # Maintainer: A. Wilcox pkgname=postgresql -pkgver=10.5 +pkgver=10.8 pkgrel=0 pkgdesc="Featureful object-relational database system (RDBMS)" url="https://www.postgresql.org/" @@ -35,23 +35,26 @@ source="https://ftp.postgresql.org/pub/source/v$pkgver/$pkgname-$pkgver.tar.bz2 # secfixes: # 9.6.4-r0: -# - CVE-2017-7546 -# - CVE-2017-7547 -# - CVE-2017-7548 +# - CVE-2017-7546 +# - CVE-2017-7547 +# - CVE-2017-7548 # 9.6.3-r0: -# - CVE-2017-7484 -# - CVE-2017-7485 -# - CVE-2017-7486 +# - CVE-2017-7484 +# - CVE-2017-7485 +# - CVE-2017-7486 # 10.1-r0: -# - CVE-2017-15098 -# - CVE-2017-15099 +# - CVE-2017-15098 +# - CVE-2017-15099 # 10.2-r0: -# - CVE-2018-1052 -# - CVE-2018-1053 +# - CVE-2018-1052 +# - CVE-2018-1053 # 10.3-r0: -# - CVE-2018-1058 +# - CVE-2018-1058 # 10.4-r0: -# - CVE-2018-1115 +# - CVE-2018-1115 +# 10.8-r0: +# - CVE-2018-16850 +# - CVE-2019-10130 prepare() { default_prepare @@ -249,7 +252,7 @@ _submv() { done } -sha512sums="1bad30ae88beca66f7e8b99b82e7f02aac1e9230b328e6e5a762a704cdd9dc767d924f5a66c68c93586badfef91b7ff336120a567ce970eaa58bb44c662ad48c postgresql-10.5.tar.bz2 +sha512sums="c9cd0298f553e13e32d4315e17e9e61c1fd011391c5203282d9040f26fd08c85f749e6f2cea3bcc42d1ca153a1272bcd773196ef3bf2bdfb74cd12c5f523b7ca postgresql-10.8.tar.bz2 1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch 5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch 8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch -- cgit v1.2.3-70-g09d2