summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron W. Swenson <titanofold@gentoo.org>2016-03-31 09:58:16 -0400
committerAaron W. Swenson <titanofold@gentoo.org>2016-03-31 09:59:15 -0400
commitb2d0a204703f79a7f320e4cf9be6a09904fe91d6 (patch)
treec054b551425d47d6c6d254ff1c28310f49461ec9 /dev-db/postgresql/postgresql-9.5.2.ebuild
parentapp-crypt/gnupg: apply same compile for to 2.1 as for 2.0, bug #577254 (diff)
downloadgentoo-b2d0a204703f79a7f320e4cf9be6a09904fe91d6.tar.gz
gentoo-b2d0a204703f79a7f320e4cf9be6a09904fe91d6.tar.bz2
gentoo-b2d0a204703f79a7f320e4cf9be6a09904fe91d6.zip
dev-db/postgresql: Security Update
Fixes security bug 578680. See http://www.postgresql.org/about/news/1656/ for complete release announcement. Closes security hole CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. Fixes CVE-2016-3065, a server crash bug triggered by using pageinspect with BRIN index pages. Additionally, support for Python 3.5 was added for PostgreSQL 9.5. Bug: 578680, 574646 Package-Manager: portage-2.2.26
Diffstat (limited to 'dev-db/postgresql/postgresql-9.5.2.ebuild')
-rw-r--r--dev-db/postgresql/postgresql-9.5.2.ebuild433
1 files changed, 433 insertions, 0 deletions
diff --git a/dev-db/postgresql/postgresql-9.5.2.ebuild b/dev-db/postgresql/postgresql-9.5.2.ebuild
new file mode 100644
index 000000000000..8c244db85a92
--- /dev/null
+++ b/dev-db/postgresql/postgresql-9.5.2.ebuild
@@ -0,0 +1,433 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils flag-o-matic linux-info multilib pam prefix python-single-r1 \
+ systemd user versionator
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~ppc-macos ~x86-solaris"
+
+SLOT="$(get_version_component_range 1-2)"
+
+SRC_URI="mirror://postgresql/source/v${PV}/postgresql-${PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="http://www.postgresql.org/"
+
+LINGUAS="af cs de en es fa fr hr hu it ko nb pl pt_BR ro ru sk sl sv tr
+ zh_CN zh_TW"
+IUSE="doc kerberos kernel_linux ldap libressl nls pam perl -pg_legacytimestamp python
+ +readline selinux +server ssl static-libs tcl threads uuid xml zlib"
+
+for lingua in ${LINGUAS}; do
+ IUSE+=" linguas_${lingua}"
+done
+
+wanted_languages() {
+ local enable_langs
+
+ for lingua in ${LINGUAS} ; do
+ use linguas_${lingua} && enable_langs+="${lingua} "
+ done
+
+ echo -n ${enable_langs}
+}
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-1.2.0
+sys-apps/less
+virtual/libintl
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap )
+pam? ( virtual/pam )
+perl? ( >=dev-lang/perl-5.8 )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+ssl? (
+ !libressl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ libressl? ( dev-libs/libressl:= )
+)
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,uclibc,musl} )
+BSD_LIBC=( elibc_{Free,Net,Open}BSD )
+
+nest_usedep() {
+ local front back
+ while [[ ${#} -gt 1 ]]; do
+ front+="${1}? ( "
+ back+=" )"
+ shift
+ done
+ echo "${front}${1}${back}"
+}
+
+IUSE+=" ${UTIL_LINUX_LIBC[@]} ${BSD_LIBC[@]}"
+CDEPEND+="
+uuid? (
+ ${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+ $(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} ${BSD_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+!!<sys-apps/sandbox-2.0
+sys-devel/bison
+sys-devel/flex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+!dev-db/postgresql-docs:${SLOT}
+!dev-db/postgresql-base:${SLOT}
+!dev-db/postgresql-server:${SLOT}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+ use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+ enewgroup postgres 70
+ enewuser postgres 70 /bin/sh /var/lib/postgresql postgres
+
+ use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ # Work around PPC{,64} compilation bug where bool is already defined
+ sed '/#ifndef __cplusplus/a #undef bool' -i src/include/c.h || die
+
+ # Set proper run directory
+ sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+ -i src/include/pg_config_manual.h || die
+
+ # Rely on $PATH being in the proper order so that the correct
+ # install program is used for modules utilizing PGXS in both
+ # hardened and non-hardened environments. (Bug #528786)
+ sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+ use server || epatch "${FILESDIR}/${PN}-${SLOT}-no-server.patch"
+
+ # Fix bug 486556 where the server would crash at start up because of
+ # an infinite loop caused by a self-referencing symlink.
+ epatch "${FILESDIR}/postgresql-9.2-9.4-tz-dir-overflow.patch"
+
+ if use pam ; then
+ sed -e "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+ -i src/backend/libpq/auth.c || \
+ die 'PGSQL_PAM_SERVICE rename failed.'
+ fi
+
+ epatch_user
+}
+
+src_configure() {
+ case ${CHOST} in
+ *-darwin*|*-solaris*)
+ use nls && append-libs intl
+ ;;
+ esac
+
+ export LDFLAGS_SL="${LDFLAGS}"
+ export LDFLAGS_EX="${LDFLAGS}"
+
+ local PO="${EPREFIX%/}"
+
+ local i uuid_config=""
+ if use uuid; then
+ for i in ${UTIL_LINUX_LIBC[@]}; do
+ use ${i} && uuid_config="--with-uuid=e2fs"
+ done
+ for i in ${BSD_LIBC[@]}; do
+ use ${i} && uuid_config="--with-uuid=bsd"
+ done
+ [[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+ fi
+
+ econf \
+ --prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+ --datadir="${PO}/usr/share/postgresql-${SLOT}" \
+ --docdir="${PO}/usr/share/doc/${PF}" \
+ --includedir="${PO}/usr/include/postgresql-${SLOT}" \
+ --mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+ --sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+ --with-system-tzdata="${PO}/usr/share/zoneinfo" \
+ $(use_enable !pg_legacytimestamp integer-datetimes) \
+ $(use_enable threads thread-safety) \
+ $(use_with kerberos gssapi) \
+ $(use_with ldap) \
+ $(use_with pam) \
+ $(use_with perl) \
+ $(use_with python) \
+ $(use_with readline) \
+ $(use_with ssl openssl) \
+ $(use_with tcl) \
+ ${uuid_config} \
+ $(use_with xml libxml) \
+ $(use_with xml libxslt) \
+ $(use_with zlib) \
+ "$(use_enable nls nls "$(wanted_languages)")"
+}
+
+src_compile() {
+ emake
+ emake -C contrib
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ emake DESTDIR="${D}" install -C contrib
+
+ dodoc README HISTORY doc/{TODO,bug.template}
+
+ # man pages are already built, but if we have the target make them,
+ # they'll be generated from source before being installed so we
+ # manually install man pages.
+ # We use ${SLOT} instead of doman for postgresql.eselect
+ insinto /usr/share/postgresql-${SLOT}/man/
+ doins -r doc/src/sgml/man{1,3,7}
+ if ! use server; then
+ # Remove man pages for non-existent binaries
+ for m in {initdb,pg_{controldata,ctl,resetxlog},post{gres,master}}; do
+ rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+ done
+ fi
+ docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+ insinto /etc/postgresql-${SLOT}
+ newins src/bin/psql/psqlrc.sample psqlrc
+
+ dodir /etc/eselect/postgresql/slots/${SLOT}
+ echo "postgres_ebuilds=\"\${postgres_ebuilds} ${PF}\"" > \
+ "${ED}/etc/eselect/postgresql/slots/${SLOT}/base"
+
+ use static-libs || find "${ED}" -name '*.a' -delete
+
+ if use doc ; then
+ docinto html
+ dodoc doc/src/sgml/html/*
+
+ docinto sgml
+ dodoc doc/src/sgml/*.{sgml,dsl}
+ fi
+
+ if use server; then
+ sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+ "${FILESDIR}/${PN}.confd" | newconfd - ${PN}-${SLOT}
+
+ sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+ "${FILESDIR}/${PN}.init-9.3" | newinitd - ${PN}-${SLOT}
+
+ sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+ "${FILESDIR}/${PN}.service" | \
+ systemd_newunit - ${PN}-${SLOT}.service
+
+ newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+
+ use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+ if use prefix ; then
+ keepdir /run/postgresql
+ fperms 0775 /run/postgresql
+ fi
+ fi
+}
+
+pkg_postinst() {
+ postgresql-config update
+
+ elog "If you need a global psqlrc-file, you can place it in:"
+ elog " ${EROOT%/}/etc/postgresql-${SLOT}/"
+
+ if [[ -z ${REPLACING_VERSIONS} ]] ; then
+ elog
+ elog "It looks like this is your first time installing PostgreSQL. Run the"
+ elog "following command in all active shells to pick up changes to the default"
+ elog "environment:"
+ elog " source /etc/profile"
+ fi
+
+ if use server ; then
+ elog
+ elog "Gentoo specific documentation:"
+ elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+ elog
+ elog "Official documentation:"
+ elog "http://www.postgresql.org/docs/${SLOT}/static/index.html"
+ elog
+ elog "The default location of the Unix-domain socket is:"
+ elog " ${EROOT%/}/run/postgresql/"
+ elog
+ elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+ elog "so that it contains your preferred locale in:"
+ elog " ${EROOT%/}/etc/conf.d/postgresql-${SLOT}"
+ elog
+ elog "Then, execute the following command to setup the initial database"
+ elog "environment:"
+ elog " emerge --config =${CATEGORY}/${PF}"
+ fi
+}
+
+pkg_prerm() {
+ if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+ ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+ ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+ ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+ sleep 10
+ eend 0
+ fi
+}
+
+pkg_postrm() {
+ postgresql-config update
+}
+
+pkg_config() {
+ use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+ [[ -f "${EROOT%/}/etc/conf.d/postgresql-${SLOT}" ]] \
+ && source "${EROOT%/}/etc/conf.d/postgresql-${SLOT}"
+ [[ -z "${PGDATA}" ]] && PGDATA="${EROOT%/}/etc/postgresql-${SLOT}/"
+ [[ -z "${DATA_DIR}" ]] \
+ && DATA_DIR="${EROOT%/}/var/lib/postgresql/${SLOT}/data"
+
+ # environment.bz2 may not contain the same locale as the current system
+ # locale. Unset and source from the current system locale.
+ if [ -f "${EROOT%/}/etc/env.d/02locale" ]; then
+ unset LANG
+ unset LC_CTYPE
+ unset LC_NUMERIC
+ unset LC_TIME
+ unset LC_COLLATE
+ unset LC_MONETARY
+ unset LC_MESSAGES
+ unset LC_ALL
+ source "${EROOT%/}/etc/env.d/02locale"
+ [ -n "${LANG}" ] && export LANG
+ [ -n "${LC_CTYPE}" ] && export LC_CTYPE
+ [ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+ [ -n "${LC_TIME}" ] && export LC_TIME
+ [ -n "${LC_COLLATE}" ] && export LC_COLLATE
+ [ -n "${LC_MONETARY}" ] && export LC_MONETARY
+ [ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+ [ -n "${LC_ALL}" ] && export LC_ALL
+ fi
+
+ einfo "You can modify the paths and options passed to initdb by editing:"
+ einfo " ${EROOT%/}/etc/conf.d/postgresql-${SLOT}"
+ einfo
+ einfo "Information on options that can be passed to initdb are found at:"
+ einfo " http://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+ einfo " http://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+ einfo
+ einfo "PG_INITDB_OPTS is currently set to:"
+ if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+ einfo " (none)"
+ else
+ einfo " ${PG_INITDB_OPTS}"
+ fi
+ einfo
+ einfo "Configuration files will be installed to:"
+ einfo " ${PGDATA}"
+ einfo
+ einfo "The database cluster will be created in:"
+ einfo " ${DATA_DIR}"
+ einfo
+ while [ "$correct" != "true" ] ; do
+ einfo "Are you ready to continue? (y/n)"
+ read answer
+ if [[ $answer =~ ^[Yy]([Ee][Ss])?$ ]] ; then
+ correct="true"
+ elif [[ $answer =~ ^[Nn]([Oo])?$ ]] ; then
+ die "Aborting initialization."
+ else
+ echo "Answer not recognized"
+ fi
+ done
+
+ if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+ eerror "The given directory, '${DATA_DIR}', is not empty."
+ eerror "Modify DATA_DIR to point to an empty directory."
+ die "${DATA_DIR} is not empty."
+ fi
+
+ einfo "Creating the data directory ..."
+ if [[ ${EUID} == 0 ]] ; then
+ mkdir -p "${DATA_DIR}"
+ chown -Rf postgres:postgres "${DATA_DIR}"
+ chmod 0700 "${DATA_DIR}"
+ fi
+
+ einfo "Initializing the database ..."
+
+ if [[ ${EUID} == 0 ]] ; then
+ su postgres -c "${EROOT%/}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+ else
+ "${EROOT%/}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+ fi
+
+ if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+ mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+ ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+ fi
+
+ cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+ # This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+ # On the off-chance that you might need to work with UTF-8 encoded
+ # characters in PL/Perl
+ plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+ EOF
+
+ einfo "The autovacuum function, which was in contrib, has been moved to the main"
+ einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+ einfo "by default. You can disable it in the cluster's:"
+ einfo " ${PGDATA%/}/postgresql.conf"
+ einfo
+ einfo "The PostgreSQL server, by default, will log events to:"
+ einfo " ${DATA_DIR%/}/postmaster.log"
+ einfo
+ if use prefix ; then
+ einfo "The location of the configuration files have moved to:"
+ einfo " ${PGDATA}"
+ einfo "To start the server:"
+ einfo " pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+ einfo "To stop:"
+ einfo " pg_ctl stop -D ${DATA_DIR}"
+ einfo
+ einfo "Or move the configuration files back:"
+ einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+ else
+ einfo "You should use the '${EROOT%/}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+ einfo "instead of 'pg_ctl'."
+ fi
+}
+
+src_test() {
+ einfo ">>> Test phase [check]: ${CATEGORY}/${PF}"
+
+ if use server && [[ ${UID} -ne 0 ]] ; then
+ emake check
+
+ einfo "If you think other tests besides the regression tests are necessary, please"
+ einfo "submit a bug including a patch for this ebuild to enable them."
+ else
+ use server || \
+ ewarn 'Tests cannot be run without the "server" use flag enabled.'
+ [[ ${UID} -eq 0 ]] || \
+ ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+ ewarn 'Skipping.'
+ fi
+}