From 66b9547716da0d57fe6fe958166255a47807238f Mon Sep 17 00:00:00 2001 From: Jack Ding Date: Wed, 13 Jun 2018 22:03:10 -0400 Subject: [PATCH] Deleting unused directories inside support/ Clean up of lvm2, libxslt, postgresql package patches which are no longer used in build Change-Id: I4cc4210bb86de599c93dd9b61eed9a2e4ce5c8df --- support/libxslt/libxslt/CVE-2015-7995.patch | 26 -- .../Fix-regression-in-for_each_sub_lv.patch | 44 --- .../Sync-filesystem-for-thin-snapshots.patch | 48 ---- .../lvm2/fix_thin_provision_device_name.patch | 37 --- support/lvm2/lvm2/lvm2.sh | 36 --- .../lvm2/move-thin_check_executable-var.patch | 40 --- ...ect-and-report-too-short-crypt-salts.patch | 259 ------------------ ...k-overflow-in-json-related-functions.patch | 44 --- 8 files changed, 534 deletions(-) delete mode 100644 support/libxslt/libxslt/CVE-2015-7995.patch delete mode 100644 support/lvm2/lvm2/Fix-regression-in-for_each_sub_lv.patch delete mode 100644 support/lvm2/lvm2/Sync-filesystem-for-thin-snapshots.patch delete mode 100644 support/lvm2/lvm2/fix_thin_provision_device_name.patch delete mode 100755 support/lvm2/lvm2/lvm2.sh delete mode 100644 support/lvm2/lvm2/move-thin_check_executable-var.patch delete mode 100644 support/postgresql/files/0001-pgcrypto-Detect-and-report-too-short-crypt-salts.patch delete mode 100644 support/postgresql/files/0002-Prevent-stack-overflow-in-json-related-functions.patch diff --git a/support/libxslt/libxslt/CVE-2015-7995.patch b/support/libxslt/libxslt/CVE-2015-7995.patch deleted file mode 100644 index 2cbf8d68b..000000000 --- a/support/libxslt/libxslt/CVE-2015-7995.patch +++ /dev/null @@ -1,26 +0,0 @@ -Fix for type confusion in preprocessing attributes - -CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 -We need to check that the parent node is an element before dereferencing -its namespace - -Upstream-Status: Backport - -https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 - -Signed-off-by: Armin Kuster - -Index: libxslt-1.1.28/libxslt/preproc.c -=================================================================== ---- libxslt-1.1.28.orig/libxslt/preproc.c -+++ libxslt-1.1.28/libxslt/preproc.c -@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st - } else if (IS_XSLT_NAME(inst, "attribute")) { - xmlNodePtr parent = inst->parent; - -- if ((parent == NULL) || (parent->ns == NULL) || -+ if ((parent == NULL) || -+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || - ((parent->ns != inst->ns) && - (!xmlStrEqual(parent->ns->href, inst->ns->href))) || - (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { diff --git a/support/lvm2/lvm2/Fix-regression-in-for_each_sub_lv.patch b/support/lvm2/lvm2/Fix-regression-in-for_each_sub_lv.patch deleted file mode 100644 index bc1ae6840..000000000 --- a/support/lvm2/lvm2/Fix-regression-in-for_each_sub_lv.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d05dd3f20fed08159875b9d4a78ab27ec02cfab6 Mon Sep 17 00:00:00 2001 -From: Zdenek Kabelac -Date: Wed, 9 May 2012 12:12:21 +0000 -Subject: [PATCH 2/3] Fix regression in for_each_sub_lv - -pool_lv is not a sub lv in terms for this function. -It has caused problem with renaming thin_volume, where it has tried to -rename pool LV as well. - -(cherry picked from commit 98f2e3d974bcceaf6dbac9f80f42a0eaf6512059) - -Conflicts: - WHATS_NEW ---- - WHATS_NEW | 4 ++++ - lib/metadata/lv_manip.c | 7 ------- - 2 files changed, 4 insertions(+), 7 deletions(-) - ---- a/WHATS_NEW -+++ b/WHATS_NEW -@@ -1,3 +1,7 @@ -+Version 2.02.95-wrs -+================================ -+ Fix lvrename for thin volumes (regression in for_each_sub_lv() 2.02.89). -+ - Version 2.02.95 - 6th March 2012 - ================================ - If unspecified, adjust thin pool metadata and chunk size to fit into 128MB. ---- a/lib/metadata/lv_manip.c -+++ b/lib/metadata/lv_manip.c -@@ -2814,13 +2814,6 @@ int for_each_sub_lv(struct cmd_context * - return_0; - } - -- if (seg->pool_lv) { -- if (!fn(cmd, seg->pool_lv, data)) -- return_0; -- if (!for_each_sub_lv(cmd, seg->pool_lv, fn, data)) -- return_0; -- } -- - if (seg->metadata_lv) { - if (!fn(cmd, seg->metadata_lv, data)) - return_0; diff --git a/support/lvm2/lvm2/Sync-filesystem-for-thin-snapshots.patch b/support/lvm2/lvm2/Sync-filesystem-for-thin-snapshots.patch deleted file mode 100644 index c640b0b28..000000000 --- a/support/lvm2/lvm2/Sync-filesystem-for-thin-snapshots.patch +++ /dev/null @@ -1,48 +0,0 @@ -From db5a5e67f7715e4087ae2a9685fdf4ff0c4fca17 Mon Sep 17 00:00:00 2001 -From: Zdenek Kabelac -Date: Tue, 5 Jun 2012 11:26:54 +0200 -Subject: [PATCH 3/3] Sync filesystem for thin snapshots - -Add missing lockfs option when suspend origin, before thin volume -snapshot is created - -(cherry picked from commit 2f99e5e35a9918c337e66b74aa6126cca9328c64) - -Conflicts: - WHATS_NEW ---- - WHATS_NEW | 1 + - lib/activate/activate.c | 5 ++++- - 2 files changed, 5 insertions(+), 1 deletion(-) - ---- a/WHATS_NEW -+++ b/WHATS_NEW -@@ -1,6 +1,7 @@ - Version 2.02.95-wrs - ================================ - Fix lvrename for thin volumes (regression in for_each_sub_lv() 2.02.89). -+ Fix missing sync of filesystem when creating thin volume snapshot. - - Version 2.02.95 - 6th March 2012 - ================================ ---- a/lib/activate/activate.c -+++ b/lib/activate/activate.c -@@ -1488,6 +1488,9 @@ static int _lv_suspend(struct cmd_contex - (lv_is_origin(lv_pre) || lv_is_cow(lv_pre))) - lockfs = 1; - -+ if (laopts->origin_only && lv_is_thin_volume(lv) && lv_is_thin_volume(lv_pre)) -+ lockfs = 1; -+ - /* - * Suspending an LV directly above a PVMOVE LV also - * suspends other LVs using that same PVMOVE LV. -@@ -1567,7 +1570,7 @@ static int _lv_resume(struct cmd_context - if (lv_is_thin_pool(lv) && laopts->origin_only) - messages_only = 1; - -- if (!lv_is_origin(lv)) -+ if (!lv_is_origin(lv) && !lv_is_thin_volume(lv)) - laopts->origin_only = 0; - - if (test_mode()) { diff --git a/support/lvm2/lvm2/fix_thin_provision_device_name.patch b/support/lvm2/lvm2/fix_thin_provision_device_name.patch deleted file mode 100644 index b57182790..000000000 --- a/support/lvm2/lvm2/fix_thin_provision_device_name.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- - lib/activate/dev_manager.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - ---- a/lib/activate/dev_manager.c -+++ b/lib/activate/dev_manager.c -@@ -1210,17 +1210,18 @@ static int _thin_pool_callback(struct dm - "global/thin_check_executable", - DEFAULT_THIN_CHECK_EXECUTABLE); - const struct logical_volume *mlv = first_seg(data->pool_lv)->metadata_lv; -- size_t len = strlen(dmdir) + strlen(mlv->vg->name) + strlen(mlv->name) + 3; -+ size_t len = strlen(dmdir) + 2 * strlen(mlv->vg->name) + strlen(mlv->name) + 3; - char meta_path[len]; - int args; - char *argv[19]; /* Max supported 15 args */ -- char *split; -+ char *split, *dm_name; - - if (!thin_check[0]) - return 1; /* Checking disabled */ - -- if (dm_snprintf(meta_path, len, "%s/%s-%s", dmdir, -- mlv->vg->name, mlv->name) < 0) { -+ if (!(dm_name = dm_build_dm_name(data->dm->mem, mlv->vg->name, -+ mlv->name, NULL)) || -+ (dm_snprintf(meta_path, len, "%s/%s", dmdir, dm_name) < 0)) { - log_error("Failed to build thin metadata path."); - return 0; - } -@@ -1263,6 +1264,7 @@ static int _thin_pool_callback(struct dm - } - - dm_pool_free(data->dm->mem, split); -+ dm_pool_free(data->dm->mem, dm_name); - - return ret; - } diff --git a/support/lvm2/lvm2/lvm2.sh b/support/lvm2/lvm2/lvm2.sh deleted file mode 100755 index 1155678a1..000000000 --- a/support/lvm2/lvm2/lvm2.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2013-2014 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -### BEGIN INIT INFO -# Provides: lvm2 -# Required-Start: -# Required-Stop: -# Default-Start: S -# Default-Stop: -# Short-Description: Activate volume groups -### END INIT INFO - -. /etc/init.d/functions - -case "$1" in - start) - /usr/sbin/vgscan --ignorelockingfailure > /dev/null 2> /dev/null && /usr/sbin/vgchange --ignorelockingfailure -a y > /dev/null 2> /dev/null - ;; - stop) - ;; - restart) - /usr/sbin/vgscan ; /usr/sbin/vgchange -a y - ;; - status) - /usr/sbin/vgdisplay - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 -esac - -exit 0 diff --git a/support/lvm2/lvm2/move-thin_check_executable-var.patch b/support/lvm2/lvm2/move-thin_check_executable-var.patch deleted file mode 100644 index 71e34f7a1..000000000 --- a/support/lvm2/lvm2/move-thin_check_executable-var.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- - doc/example.conf.in | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - ---- a/doc/example.conf.in -+++ b/doc/example.conf.in -@@ -463,6 +463,16 @@ global { - # proper udev rules, all changes in block device configuration will be - # *ignored* until a manual 'vgscan' is performed. - use_lvmetad = 0 -+ -+ # Full path of the utility called to check that a thin metadata device -+ # is in a state that allows it to be used. -+ # Each time a thin pool needs to be activated, this utility is executed. -+ # The activation will only proceed if the utility has an exit status of 0. -+ # Set to "" to skip this check. (Not recommended.) -+ # The thin tools are available as part of the device-mapper-persistent-data -+ # package from https://github.com/jthornber/thin-provisioning-tools. -+ # -+ thin_check_executable = "/sbin/thin_check -q" - } - - activation { -@@ -650,16 +660,6 @@ activation { - thin_pool_autoextend_threshold = 100 - thin_pool_autoextend_percent = 20 - -- # Full path of the utility called to check that a thin metadata device -- # is in a state that allows it to be used. -- # Each time a thin pool needs to be activated, this utility is executed. -- # The activation will only proceed if the utility has an exit status of 0. -- # Set to "" to skip this check. (Not recommended.) -- # The thin tools are available as part of the device-mapper-persistent-data -- # package from https://github.com/jthornber/thin-provisioning-tools. -- # -- thin_check_executable = "/sbin/thin_check -q" -- - # While activating devices, I/O to devices being (re)configured is - # suspended, and as a precaution against deadlocks, LVM2 needs to pin - # any memory it is using so it is not paged out. Groups of pages that diff --git a/support/postgresql/files/0001-pgcrypto-Detect-and-report-too-short-crypt-salts.patch b/support/postgresql/files/0001-pgcrypto-Detect-and-report-too-short-crypt-salts.patch deleted file mode 100644 index a7ccf52d5..000000000 --- a/support/postgresql/files/0001-pgcrypto-Detect-and-report-too-short-crypt-salts.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 56232f9879768e961485d8ba218da18c38768413 Mon Sep 17 00:00:00 2001 -From: Noah Misch -Date: Mon, 5 Oct 2015 10:06:29 -0400 -Subject: [PATCH 1/2] pgcrypto: Detect and report too-short crypt() salts. - -Certain short salts crashed the backend or disclosed a few bytes of -backend memory. For existing salt-induced error conditions, emit a -message saying as much. Back-patch to 9.0 (all supported versions). - -Josh Kupershmidt - -Security: CVE-2015-5288 ---- - contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++-- - contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++--- - contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++ - contrib/pgcrypto/expected/crypt-des.out | 4 ++++ - contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++ - contrib/pgcrypto/px-crypt.c | 2 +- - contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++ - contrib/pgcrypto/sql/crypt-des.sql | 4 ++++ - contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++ - 9 files changed, 103 insertions(+), 6 deletions(-) - -diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c -index fbaa3d7..4054e6a 100644 ---- a/contrib/pgcrypto/crypt-blowfish.c -+++ b/contrib/pgcrypto/crypt-blowfish.c -@@ -601,6 +601,17 @@ _crypt_blowfish_rn(const char *key, const char *setting, - if (size < 7 + 22 + 31 + 1) - return NULL; - -+ /* -+ * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a -+ * two digit cost parameter, "$", and 22 digits from the alphabet -+ * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few -+ * more restrictions on the count in the salt as well. -+ */ -+ if (strlen(setting) < 29) -+ ereport(ERROR, -+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), -+ errmsg("invalid salt"))); -+ - if (setting[0] != '$' || - setting[1] != '2' || - (setting[2] != 'a' && setting[2] != 'x') || -@@ -610,14 +621,18 @@ _crypt_blowfish_rn(const char *key, const char *setting, - (setting[4] == '3' && setting[5] > '1') || - setting[6] != '$') - { -- return NULL; -+ ereport(ERROR, -+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), -+ errmsg("invalid salt"))); - } - - count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); - if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) - { - memset(data.binary.salt, 0, sizeof(data.binary.salt)); -- return NULL; -+ ereport(ERROR, -+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), -+ errmsg("invalid salt"))); - } - BF_swap(data.binary.salt, 4); - -diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c -index 4ed44be..2108be8 100644 ---- a/contrib/pgcrypto/crypt-des.c -+++ b/contrib/pgcrypto/crypt-des.c -@@ -681,9 +681,19 @@ px_crypt_des(const char *key, const char *setting) - if (*setting == _PASSWORD_EFMT1) - { - /* -- * "new"-style: setting - underscore, 4 bytes of count, 4 bytes of -- * salt key - unlimited characters -+ * "new"-style: setting must be a 9-character (underscore, then 4 -+ * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under -+ * the "Extended crypt" heading for further details. -+ * -+ * Unlimited characters of the input key are used. This is known as -+ * the "Extended crypt" DES method. -+ * - */ -+ if (strlen(setting) < 9) -+ ereport(ERROR, -+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), -+ errmsg("invalid salt"))); -+ - for (i = 1, count = 0L; i < 5; i++) - count |= ascii_to_bin(setting[i]) << (i - 1) * 6; - -@@ -723,10 +733,16 @@ px_crypt_des(const char *key, const char *setting) - #endif /* !DISABLE_XDES */ - { - /* -- * "old"-style: setting - 2 bytes of salt key - up to 8 characters -+ * "old"-style: setting - 2 bytes of salt key - only up to the first 8 -+ * characters of the input key are used. - */ - count = 25; - -+ if (strlen(setting) < 2) -+ ereport(ERROR, -+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), -+ errmsg("invalid salt"))); -+ - salt = (ascii_to_bin(setting[1]) << 6) - | ascii_to_bin(setting[0]); - -diff --git a/contrib/pgcrypto/expected/crypt-blowfish.out b/contrib/pgcrypto/expected/crypt-blowfish.out -index 329d78f..d79b0c0 100644 ---- a/contrib/pgcrypto/expected/crypt-blowfish.out -+++ b/contrib/pgcrypto/expected/crypt-blowfish.out -@@ -13,6 +13,15 @@ SELECT crypt('foox', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O'); - $2a$06$RQiOJ.3ELirrXwxIZY8q0OR3CVJrAfda1z26CCHPnB6mmVZD8p0/C - (1 row) - -+-- error, salt too short: -+SELECT crypt('foox', '$2a$'); -+ERROR: invalid salt -+-- error, first digit of count in salt invalid -+SELECT crypt('foox', '$2a$40$RQiOJ.3ELirrXwxIZY8q0O'); -+ERROR: invalid salt -+-- error, count in salt too small -+SELECT crypt('foox', '$2a$00$RQiOJ.3ELirrXwxIZY8q0O'); -+ERROR: invalid salt - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - UPDATE ctest SET salt = gen_salt('bf', 8); -diff --git a/contrib/pgcrypto/expected/crypt-des.out b/contrib/pgcrypto/expected/crypt-des.out -index b8b6050..a462dcd 100644 ---- a/contrib/pgcrypto/expected/crypt-des.out -+++ b/contrib/pgcrypto/expected/crypt-des.out -@@ -13,6 +13,10 @@ SELECT crypt('foox', 'NB'); - NB53EGGqrrb5E - (1 row) - -+-- We are supposed to pass in a 2-character salt. -+-- error since salt is too short: -+SELECT crypt('password', 'a'); -+ERROR: invalid salt - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - UPDATE ctest SET salt = gen_salt('des'); -diff --git a/contrib/pgcrypto/expected/crypt-xdes.out b/contrib/pgcrypto/expected/crypt-xdes.out -index cdcdefb..8cf9075 100644 ---- a/contrib/pgcrypto/expected/crypt-xdes.out -+++ b/contrib/pgcrypto/expected/crypt-xdes.out -@@ -13,6 +13,30 @@ SELECT crypt('foox', '_J9..j2zz'); - _J9..j2zzAYKMvO2BYRY - (1 row) - -+-- check XDES handling of keys longer than 8 chars -+SELECT crypt('longlongpassword', '_J9..j2zz'); -+ crypt -+---------------------- -+ _J9..j2zz4BeseiQNwUg -+(1 row) -+ -+-- error, salt too short -+SELECT crypt('foox', '_J9..BWH'); -+ERROR: invalid salt -+-- error, count specified in the second argument is 0 -+SELECT crypt('password', '_........'); -+ERROR: crypt(3) returned NULL -+-- error, count will wind up still being 0 due to invalid encoding -+-- of the count: only chars ``./0-9A-Za-z' are valid -+SELECT crypt('password', '_..!!!!!!'); -+ERROR: crypt(3) returned NULL -+-- count should be non-zero here, will work -+SELECT crypt('password', '_/!!!!!!!'); -+ crypt -+---------------------- -+ _/!!!!!!!zqM49hRzxko -+(1 row) -+ - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - UPDATE ctest SET salt = gen_salt('xdes', 1001); -diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c -index 7b003a7..e3246fc 100644 ---- a/contrib/pgcrypto/px-crypt.c -+++ b/contrib/pgcrypto/px-crypt.c -@@ -42,7 +42,7 @@ run_crypt_des(const char *psw, const char *salt, - char *res; - - res = px_crypt_des(psw, salt); -- if (strlen(res) > len - 1) -+ if (res == NULL || strlen(res) > len - 1) - return NULL; - strcpy(buf, res); - return buf; -diff --git a/contrib/pgcrypto/sql/crypt-blowfish.sql b/contrib/pgcrypto/sql/crypt-blowfish.sql -index 60c1140..3b5a681 100644 ---- a/contrib/pgcrypto/sql/crypt-blowfish.sql -+++ b/contrib/pgcrypto/sql/crypt-blowfish.sql -@@ -6,6 +6,15 @@ SELECT crypt('', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O'); - - SELECT crypt('foox', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O'); - -+-- error, salt too short: -+SELECT crypt('foox', '$2a$'); -+ -+-- error, first digit of count in salt invalid -+SELECT crypt('foox', '$2a$40$RQiOJ.3ELirrXwxIZY8q0O'); -+ -+-- error, count in salt too small -+SELECT crypt('foox', '$2a$00$RQiOJ.3ELirrXwxIZY8q0O'); -+ - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - -diff --git a/contrib/pgcrypto/sql/crypt-des.sql b/contrib/pgcrypto/sql/crypt-des.sql -index fabdc65..a85ec1e 100644 ---- a/contrib/pgcrypto/sql/crypt-des.sql -+++ b/contrib/pgcrypto/sql/crypt-des.sql -@@ -6,6 +6,10 @@ SELECT crypt('', 'NB'); - - SELECT crypt('foox', 'NB'); - -+-- We are supposed to pass in a 2-character salt. -+-- error since salt is too short: -+SELECT crypt('password', 'a'); -+ - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - -diff --git a/contrib/pgcrypto/sql/crypt-xdes.sql b/contrib/pgcrypto/sql/crypt-xdes.sql -index d4a74f7..8171cd8 100644 ---- a/contrib/pgcrypto/sql/crypt-xdes.sql -+++ b/contrib/pgcrypto/sql/crypt-xdes.sql -@@ -6,6 +6,22 @@ SELECT crypt('', '_J9..j2zz'); - - SELECT crypt('foox', '_J9..j2zz'); - -+-- check XDES handling of keys longer than 8 chars -+SELECT crypt('longlongpassword', '_J9..j2zz'); -+ -+-- error, salt too short -+SELECT crypt('foox', '_J9..BWH'); -+ -+-- error, count specified in the second argument is 0 -+SELECT crypt('password', '_........'); -+ -+-- error, count will wind up still being 0 due to invalid encoding -+-- of the count: only chars ``./0-9A-Za-z' are valid -+SELECT crypt('password', '_..!!!!!!'); -+ -+-- count should be non-zero here, will work -+SELECT crypt('password', '_/!!!!!!!'); -+ - CREATE TABLE ctest (data text, res text, salt text); - INSERT INTO ctest VALUES ('password', '', ''); - --- -1.7.9.5 - diff --git a/support/postgresql/files/0002-Prevent-stack-overflow-in-json-related-functions.patch b/support/postgresql/files/0002-Prevent-stack-overflow-in-json-related-functions.patch deleted file mode 100644 index 750988ff3..000000000 --- a/support/postgresql/files/0002-Prevent-stack-overflow-in-json-related-functions.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 8dacb29ca7c92814d69135f40e16a46f8cf9cbaf Mon Sep 17 00:00:00 2001 -From: Noah Misch -Date: Mon, 5 Oct 2015 10:06:29 -0400 -Subject: [PATCH 2/2] Prevent stack overflow in json-related functions. - -Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an -application constructs PostgreSQL json or jsonb values from arbitrary -user input, application users could have exploited this to terminate all -active database connections. That applies to 9.3, where the json parser -adopted recursive descent, and later versions. Only row_to_json() and -array_to_json() were at risk in 9.2, both in a non-security capacity. -Back-patch to 9.2, where the json type was introduced. - -Oskari Saarenmaa, reviewed by Michael Paquier. - -Security: CVE-2015-5289 ---- - src/backend/utils/adt/json.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/backend/utils/adt/json.c b/src/backend/utils/adt/json.c -index f0cbb39..fd1d8fb 100644 ---- a/src/backend/utils/adt/json.c -+++ b/src/backend/utils/adt/json.c -@@ -18,6 +18,7 @@ - #include "lib/stringinfo.h" - #include "libpq/pqformat.h" - #include "mb/pg_wchar.h" -+#include "miscadmin.h" - #include "parser/parse_coerce.h" - #include "utils/array.h" - #include "utils/builtins.h" -@@ -895,6 +896,8 @@ datum_to_json(Datum val, bool is_null, StringInfo result, - bool numeric_error; - JsonLexContext dummy_lex; - -+ check_stack_depth(); -+ - if (is_null) - { - appendStringInfoString(result, "null"); --- -1.7.9.5 -