mirror of
https://git.freebsd.org/ports.git
synced 2025-05-21 03:23:10 -04:00
0e8e77e466
supported versions of our database system, including 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22. This release fixes two security issues in the PostgreSQL server, a security issue found in two of the PostgreSQL Windows installers, and over 60 bugs reported over the last three months. Security: CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. Security: CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL project thanks Dean Rasheed for reporting this problem. Also fix a FreeBSD port problem with LLVM [1] and add promote command to `service postgresql` [2] PR: 236100, 234879 Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2]
117 lines
3.2 KiB
Bash
117 lines
3.2 KiB
Bash
#!/bin/sh
|
|
|
|
# $FreeBSD$
|
|
#
|
|
# PROVIDE: postgresql
|
|
# REQUIRE: sshd
|
|
# KEYWORD: shutdown
|
|
#
|
|
# Add the following line to /etc/rc.conf to enable PostgreSQL:
|
|
#
|
|
# postgresql_enable="YES"
|
|
# # optional
|
|
# postgresql_data="/var/db/%%PG_USER%%/data11"
|
|
# postgresql_flags="-w -s -m fast"
|
|
# postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
|
|
# postgresql_class="default"
|
|
# postgresql_profiles=""
|
|
#
|
|
# See %%PREFIX%%/share/doc/postgresql/README-server for more info
|
|
#
|
|
# This scripts takes one of the following commands:
|
|
#
|
|
# start stop restart reload status initdb
|
|
#
|
|
# For postmaster startup options, edit ${postgresql_data}/postgresql.conf
|
|
|
|
command=%%PREFIX%%/bin/pg_ctl
|
|
|
|
. /etc/rc.subr
|
|
|
|
load_rc_config postgresql
|
|
|
|
# set defaults
|
|
postgresql_enable=${postgresql_enable:-"NO"}
|
|
postgresql_flags=${postgresql_flags:-"-w -s -m fast"}
|
|
postgresql_user=${postgresql_user:-"%%PG_USER%%"}
|
|
eval postgresql_data=${postgresql_data:-"~${postgresql_user}/data11"}
|
|
postgresql_class=${postgresql_class:-"default"}
|
|
postgresql_initdb_flags=${postgresql_initdb_flags:-"--encoding=utf-8 --lc-collate=C"}
|
|
|
|
name=postgresql
|
|
rcvar=postgresql_enable
|
|
extra_commands="reload initdb"
|
|
|
|
start_cmd="postgresql_command start"
|
|
stop_cmd="postgresql_command stop"
|
|
restart_cmd="postgresql_command restart"
|
|
reload_cmd="postgresql_command reload"
|
|
status_cmd="postgresql_command status"
|
|
promote_cmd="postgresql_command promote"
|
|
|
|
initdb_cmd="postgresql_initdb"
|
|
|
|
su_cmd="/usr/bin/su"
|
|
|
|
if [ -n "$2" ]; then
|
|
profile="$2"
|
|
if [ "x${postgresql_profiles}" != "x" ]; then
|
|
eval postgresql_data="\${postgresql_${profile}_data:-}"
|
|
if [ "x${postgresql_data}" = "x" ]; then
|
|
echo "You must define a data directory (postgresql_${profile}_data)"
|
|
exit 1
|
|
fi
|
|
eval postgresql_enable="\${postgresql_${profile}_enable:-${postgresql_enable}}"
|
|
eval postgresql_data="\${postgresql_${profile}_data:-${postgresql_data}}"
|
|
eval postgresql_flags="\${postgresql_${profile}_flags:-${postgresql_flags}}"
|
|
eval postgresql_initdb_flags="\${postgresql_${profile}_initdb_flags:-${postgresql_initdb_flags}}"
|
|
fi
|
|
else
|
|
if [ "x${postgresql_profiles}" != "x" -a "x$1" != "x" ]; then
|
|
for profile in ${postgresql_profiles}; do
|
|
eval _enable="\${postgresql_${profile}_enable}"
|
|
case "x${_enable:-${postgresql_enable}}" in
|
|
x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
|
|
continue
|
|
;;
|
|
x[Yy][Ee][Ss])
|
|
;;
|
|
*)
|
|
if test -z "$_enable"; then
|
|
_var=postgresql_enable
|
|
else
|
|
_var=postgresql_"${profile}"_enable
|
|
fi
|
|
echo "Bad value" \
|
|
"'${_enable:-${postgresql_enable}}'" \
|
|
"for ${_var}. " \
|
|
"Profile ${profile} skipped."
|
|
continue
|
|
;;
|
|
esac
|
|
echo "===> postgresql profile: ${profile}"
|
|
%%PREFIX%%/etc/rc.d/postgresql $1 ${profile}
|
|
retcode="$?"
|
|
if [ "0${retcode}" -ne 0 ]; then
|
|
failed="${profile} (${retcode}) ${failed:-}"
|
|
else
|
|
success="${profile} ${success:-}"
|
|
fi
|
|
done
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
command_args="-D ${postgresql_data} ${postgresql_flags}"
|
|
|
|
postgresql_command()
|
|
{
|
|
${su_cmd} -l ${postgresql_user} -c "exec ${command} ${command_args} ${rc_arg}"
|
|
}
|
|
|
|
postgresql_initdb()
|
|
{
|
|
${su_cmd} -l -c ${postgresql_class} ${postgresql_user} -c "exec %%PREFIX%%/bin/initdb ${postgresql_initdb_flags} -D ${postgresql_data} -U ${postgresql_user}"
|
|
}
|
|
|
|
run_rc_command "$1"
|