aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-11-15 11:51:03 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-11-16 22:22:49 +0100
commit7395f10bdb46f418f81f26cf7c1b03811bfb70b2 (patch)
treeaa531f11843bea4164619f21abff771523ab1c46
parent4a76009d7393854ad15aae1e94a1049c88b4bce7 (diff)
downloadbuildroot-7395f10bdb46f418f81f26cf7c1b03811bfb70b2.tar.gz
buildroot-7395f10bdb46f418f81f26cf7c1b03811bfb70b2.tar.bz2
package/postgresql: security bump to version 12.5
Fix the following CVEs: - CVE-2020-25695: Multiple features escape "security restricted operation" sandbox - CVE-2020-25694: Reconnection can downgrade connection security settings - CVE-2020-25696: psql's \gset allows overwriting specially treated variables https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8e68f00b91126191b642401d13e2be973ce91e8e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/postgresql/postgresql.hash8
-rw-r--r--package/postgresql/postgresql.mk2
2 files changed, 5 insertions, 5 deletions
diff --git a/package/postgresql/postgresql.hash b/package/postgresql/postgresql.hash
index 4e410d187a..64fa220714 100644
--- a/package/postgresql/postgresql.hash
+++ b/package/postgresql/postgresql.hash
@@ -1,7 +1,7 @@
-# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.md5
-md5 80ebbf0e55193b123760e5f8e48c6cff postgresql-12.4.tar.bz2
-# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.sha256
-sha256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc postgresql-12.4.tar.bz2
+# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.md5
+md5 f19e48090bbd59ea81826b5fd99e7e97 postgresql-12.5.tar.bz2
+# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.sha256
+sha256 bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95 postgresql-12.5.tar.bz2
# License file, Locally calculated
sha256 739e5d454d81d31a482469338b7c856f1f5c6b4cdda1551cea6f0f6d18eef62c COPYRIGHT
diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
index 3630b5a385..4c5f200bdf 100644
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@@ -4,7 +4,7 @@
#
################################################################################
-POSTGRESQL_VERSION = 12.4
+POSTGRESQL_VERSION = 12.5
POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
POSTGRESQL_SITE = https://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
POSTGRESQL_LICENSE = PostgreSQL