[odc] Daily ports changes for 2006-02-14

ODC auto at squish.net
Wed Feb 15 07:04:40 GMT 2006


OpenBSD ports changes summary for 2006-02-14
============================================

archivers/rzip                          databases/postgresql
net/olsrd                               print/jadetex
x11/kde                                 

== archivers ========================================================= 01/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers

rzip

  ~ Makefile                              

  > add working master site, and update maintainer e-mail address.
  > from Lawrence Teo (maintainer) (steven@)

== databases ========================================================= 02/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/databases

postgresql

  ~ Makefile                              ~ distinfo
  ~ pkg/PLIST-docs                        

  > Security update to PostgreSQL version 8.1.3.
  > Vulnerabilities in PostgreSQL SET ROLE/SET SESSION AUTHORIZATION
  > By issuing SET ROLE with a specially crafted argument, it is possible
  > for any logged-in database user to acquire the privileges of any other
  > database user, including superusers.  Database superuser status allows
  > access to the machine's filesystem and hence might be used to mount
  > remote attacks against the rest of the server's operating system.
  > This error exists in PostgreSQL releases 8.1.0 - 8.1.2 and is fixed in
  > 8.1.3.
  > The same underlying bug exists in SET SESSION AUTHORIZATION in all
  > releases back to 7.3.  This variant cannot be exploited for privilege
  > escalation, because one must already be superuser to use SET SESSION
  > AUTHORIZATION.  However, if the server has been compiled with Asserts
  > enabled (which is not the default), then it is possible to trigger an
  > Assert failure before the privilege check is reached.  This would cause
  > a momentary denial of service to other database users.  This is repaired
  > in PostgreSQL releases 8.1.3, 8.0.7, 7.4.12, and 7.3.14. (mbalmer@)

== net =============================================================== 03/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/net

olsrd

  + patches/patch-src_cfgparser_Makefile

  > -fPIC needed for shared libs (pvalchev@)

== print ============================================================= 04/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/print

jadetex

  ~ Makefile                              

  > remove unneeded WANTLIB and LIB_DEPENDS (only symlinks are installed, not
  > executables). (steven@)

== x11 =============================================================== 05/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/x11

kde

  ~ office3/Makefile                      ~ office3/pkg/PLIST
  + office3/patches/patch-karbon_Makefile_in

  > fix installation of karboncommon (espie@)

===============================================================================



More information about the odc mailing list