From bd9378688e32c96e26b65c3f74724c7c7d81aada Mon Sep 17 00:00:00 2001
From: Kang Kai <kai.kang@windriver.com>
Date: Wed, 29 Oct 2014 08:30:55 +0800
Subject: postgresql: add fix for CVE-2014-0062 Security Advisory

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE
commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote
authenticated users to create an unauthorized index or read portions of
unauthorized tables by creating or deleting a table with the same name
during the timing window.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
 meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-oe/recipes-support/postgresql/postgresql.inc')

diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc
index e2e5947b7c..9cfb2b6d87 100644
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
            file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \
            file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \
            file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
+           file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
           "
 
 LEAD_SONAME = "libpq.so"
-- 
cgit v1.2.3-54-g00ecf