2000-06-28 20:30:16 +02:00
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
|
#
|
|
|
|
|
# Makefile for src/interfaces/libpq library
|
|
|
|
|
#
|
2016-01-02 19:33:40 +01:00
|
|
|
# Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
|
2004-10-16 22:10:57 +02:00
|
|
|
# Portions Copyright (c) 1994, Regents of the University of California
|
2000-06-28 20:30:16 +02:00
|
|
|
#
|
2010-09-20 22:08:53 +02:00
|
|
|
# src/interfaces/libpq/Makefile
|
2000-06-28 20:30:16 +02:00
|
|
|
#
|
|
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
subdir = src/interfaces/libpq
|
|
|
|
|
top_builddir = ../../..
|
2000-08-31 18:12:35 +02:00
|
|
|
include $(top_builddir)/src/Makefile.global
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2002-07-18 05:59:49 +02:00
|
|
|
|
2000-06-28 20:30:16 +02:00
|
|
|
# shared library parameters
|
|
|
|
|
NAME= pq
|
2006-04-28 04:53:20 +02:00
|
|
|
SO_MAJOR_VERSION= 5
|
2016-08-15 20:35:55 +02:00
|
|
|
SO_MINOR_VERSION= 10
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2009-01-05 10:27:20 +01:00
|
|
|
override CPPFLAGS := -DFRONTEND -DUNSAFE_STAT_OK -I$(srcdir) $(CPPFLAGS) -I$(top_builddir)/src/port -I$(top_srcdir)/src/port
|
2005-08-29 02:47:35 +02:00
|
|
|
ifneq ($(PORTNAME), win32)
|
2004-05-21 22:56:50 +02:00
|
|
|
override CFLAGS += $(PTHREAD_CFLAGS)
|
2005-08-29 02:47:35 +02:00
|
|
|
endif
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2010-11-26 16:22:09 +01:00
|
|
|
# Need to recompile any external C files because we need
|
|
|
|
|
# all object files to use the same compile flags as libpq; some
|
|
|
|
|
# platforms require special flags.
|
2006-05-07 03:05:11 +02:00
|
|
|
LIBS := $(LIBS:-lpgport=)
|
2004-10-04 22:36:12 +02:00
|
|
|
|
2010-11-26 17:10:26 +01:00
|
|
|
# We can't use Makefile variables here because the MSVC build system scrapes
|
|
|
|
|
# OBJS from this file.
|
2004-05-11 01:09:04 +02:00
|
|
|
OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o \
|
2013-03-17 17:06:42 +01:00
|
|
|
fe-protocol2.o fe-protocol3.o pqexpbuffer.o fe-secure.o \
|
2010-11-27 17:02:44 +01:00
|
|
|
libpq-events.o
|
|
|
|
|
# libpgport C files we always use
|
2013-03-17 20:45:31 +01:00
|
|
|
OBJS += chklocale.o inet_net_ntop.o noblock.o pgstrcasecmp.o pqsignal.o \
|
Revert error-throwing wrappers for the printf family of functions.
This reverts commit 16304a013432931e61e623c8d85e9fe24709d9ba, except
for its changes in src/port/snprintf.c; as well as commit
cac18a76bb6b08f1ecc2a85e46c9d2ab82dd9d23 which is no longer needed.
Fujii Masao reported that the previous commit caused failures in psql on
OS X, since if one exits the pager program early while viewing a query
result, psql sees an EPIPE error from fprintf --- and the wrapper function
thought that was reason to panic. (It's a bit surprising that the same
does not happen on Linux.) Further discussion among the security list
concluded that the risk of other such failures was far too great, and
that the one-size-fits-all approach to error handling embodied in the
previous patch is unlikely to be workable.
This leaves us again exposed to the possibility of the type of failure
envisioned in CVE-2015-3166. However, that failure mode is strictly
hypothetical at this point: there is no concrete reason to believe that
an attacker could trigger information disclosure through the supposed
mechanism. In the first place, the attack surface is fairly limited,
since so much of what the backend does with format strings goes through
stringinfo.c or psprintf(), and those already had adequate defenses.
In the second place, even granting that an unprivileged attacker could
control the occurrence of ENOMEM with some precision, it's a stretch to
believe that he could induce it just where the target buffer contains some
valuable information. So we concluded that the risk of non-hypothetical
problems induced by the patch greatly outweighs the security risks.
We will therefore revert, and instead undertake closer analysis to
identify specific calls that may need hardening, rather than attempt a
universal solution.
We have kept the portion of the previous patch that improved snprintf.c's
handling of errors when it calls the platform's sprintf(). That seems to
be an unalloyed improvement.
Security: CVE-2015-3166
2015-05-20 00:14:52 +02:00
|
|
|
thread.o
|
2010-11-27 17:02:44 +01:00
|
|
|
# libpgport C files that are needed if identified by configure
|
Replace SYSTEMQUOTEs with Windows-specific wrapper functions.
It's easy to forget using SYSTEMQUOTEs when constructing command strings
for system() or popen(). Even if we fix all the places missing it now, it is
bound to be forgotten again in the future. Introduce wrapper functions that
do the the extra quoting for you, and get rid of SYSTEMQUOTEs in all the
callers.
We previosly used SYSTEMQUOTEs in all the hard-coded command strings, and
this doesn't change the behavior of those. But user-supplied commands, like
archive_command, restore_command, COPY TO/FROM PROGRAM calls, as well as
pgbench's \shell, will now gain an extra pair of quotes. That is desirable,
but if you have existing scripts or config files that include an extra
pair of quotes, those might need to be adjusted.
Reviewed by Amit Kapila and Tom Lane
2014-05-05 15:07:40 +02:00
|
|
|
OBJS += $(filter crypt.o getaddrinfo.o getpeereid.o inet_aton.o open.o system.o snprintf.o strerror.o strlcpy.o win32error.o win32setlocale.o, $(LIBOBJS))
|
2010-11-27 17:02:44 +01:00
|
|
|
# backend/libpq
|
|
|
|
|
OBJS += ip.o md5.o
|
|
|
|
|
# utils/mb
|
|
|
|
|
OBJS += encnames.o wchar.o
|
2004-06-19 06:43:18 +02:00
|
|
|
|
Break out OpenSSL-specific code to separate files.
This refactoring is in preparation for adding support for other SSL
implementations, with no user-visible effects. There are now two #defines,
USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
is defined when building with any SSL implementation. Currently, OpenSSL is
the only implementation so the two #defines go together, but USE_SSL is
supposed to be used for implementation-independent code.
The libpq SSL code is changed to use a custom BIO, which does all the raw
I/O, like we've been doing in the backend for a long time. That makes it
possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
a couple of syscall for each send(). Probably doesn't make much performance
difference in practice - the SSL encryption is expensive enough to mask the
effect - but it was a natural result of this refactoring.
Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
Alvaro Herrera, Andreas Karlsson, Jeff Janes.
2014-08-11 10:54:19 +02:00
|
|
|
ifeq ($(with_openssl),yes)
|
|
|
|
|
OBJS += fe-secure-openssl.o
|
|
|
|
|
endif
|
|
|
|
|
|
2004-11-17 18:46:24 +01:00
|
|
|
ifeq ($(PORTNAME), cygwin)
|
|
|
|
|
override shlib = cyg$(NAME)$(DLSUFFIX)
|
|
|
|
|
endif
|
|
|
|
|
|
2003-09-07 05:43:57 +02:00
|
|
|
ifeq ($(PORTNAME), win32)
|
2010-11-26 17:10:26 +01:00
|
|
|
# pgsleep.o is from libpgport
|
|
|
|
|
OBJS += pgsleep.o win32.o libpqrc.o
|
2004-11-20 22:13:06 +01:00
|
|
|
|
|
|
|
|
libpqrc.o: libpq.rc
|
2008-12-07 09:36:22 +01:00
|
|
|
$(WINDRES) -i $< -o $@
|
2004-11-20 22:13:06 +01:00
|
|
|
|
2004-06-19 06:43:18 +02:00
|
|
|
ifeq ($(enable_thread_safety), yes)
|
2004-10-12 03:04:11 +02:00
|
|
|
OBJS += pthread-win32.o
|
2004-06-19 06:43:18 +02:00
|
|
|
endif
|
2003-09-07 05:43:57 +02:00
|
|
|
endif
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2002-07-18 05:59:49 +02:00
|
|
|
|
2000-10-25 18:13:52 +02:00
|
|
|
# Add libraries that libpq depends (or might depend) on into the
|
|
|
|
|
# shared library link. (The order in which you list them here doesn't
|
|
|
|
|
# matter.)
|
2005-08-29 02:47:35 +02:00
|
|
|
ifneq ($(PORTNAME), win32)
|
2008-10-01 17:35:32 +02:00
|
|
|
SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi_krb5 -lgss -lgssapi -lssl -lsocket -lnsl -lresolv -lintl, $(LIBS)) $(LDAP_LIBS_FE) $(PTHREAD_LIBS)
|
2005-08-29 02:47:35 +02:00
|
|
|
else
|
2007-07-10 15:14:22 +02:00
|
|
|
SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi32 -lssl -lsocket -lnsl -lresolv -lintl $(PTHREAD_LIBS), $(LIBS)) $(LDAP_LIBS_FE)
|
2005-08-29 02:47:35 +02:00
|
|
|
endif
|
Briefly,
* configure + Makefile changes
* shared memory attaching in EXEC_BACKEND case (+ minor fix for apparent
cygwin bug under cygwin/EXEC_BACKEND case only)
* PATH env var separator differences
* missing win32 rand functions added
* placeholder replacements for sync etc under port.h
To those who are really interested, and there are a few of you: the attached
patch + file will allow the source base to be compiled (and, for some
definition, "run") under MingW, with the following caveats (I wanted to
first properly fix all but the last of these, but y'all won't quit asking
for a patch :-):
* child death: SIGCHLD not yet sent, so as a minimum, you'll need to
put in some sort of delay after StartupDatabase, and handle setting
StartupPID to 0 etc (ie. the stuff the reaper() signal function is supposed
to do)
* dirmod.c: comment out the elog calls
* dfmgr.c: some hackage required to substitute_libpath_macro
* slru/xact.c: comment out the errno checking after the readdir
(fixed by next version of MingW)
Again, this is only if you *really* want to see postgres compile and start,
and is a nice leg-up for working on the other Win32 TODO list items. Just
don't expect too much else from it at this point...
Claudio Natoli
2004-02-02 01:11:31 +01:00
|
|
|
ifeq ($(PORTNAME), win32)
|
2014-10-22 04:55:43 +02:00
|
|
|
SHLIB_LINK += -lshell32 -lws2_32 -lsecur32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS))
|
Briefly,
* configure + Makefile changes
* shared memory attaching in EXEC_BACKEND case (+ minor fix for apparent
cygwin bug under cygwin/EXEC_BACKEND case only)
* PATH env var separator differences
* missing win32 rand functions added
* placeholder replacements for sync etc under port.h
To those who are really interested, and there are a few of you: the attached
patch + file will allow the source base to be compiled (and, for some
definition, "run") under MingW, with the following caveats (I wanted to
first properly fix all but the last of these, but y'all won't quit asking
for a patch :-):
* child death: SIGCHLD not yet sent, so as a minimum, you'll need to
put in some sort of delay after StartupDatabase, and handle setting
StartupPID to 0 etc (ie. the stuff the reaper() signal function is supposed
to do)
* dirmod.c: comment out the elog calls
* dfmgr.c: some hackage required to substitute_libpath_macro
* slru/xact.c: comment out the errno checking after the readdir
(fixed by next version of MingW)
Again, this is only if you *really* want to see postgres compile and start,
and is a nice leg-up for working on the other Win32 TODO list items. Just
don't expect too much else from it at this point...
Claudio Natoli
2004-02-02 01:11:31 +01:00
|
|
|
endif
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2008-02-26 07:41:24 +01:00
|
|
|
SHLIB_EXPORTS = exports.txt
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2008-02-26 15:26:16 +01:00
|
|
|
all: all-lib
|
2000-06-28 20:30:16 +02:00
|
|
|
|
|
|
|
|
# Shared library stuff
|
|
|
|
|
include $(top_srcdir)/src/Makefile.shlib
|
|
|
|
|
backend_src = $(top_srcdir)/src/backend
|
|
|
|
|
|
2002-07-18 05:59:49 +02:00
|
|
|
|
2013-03-17 20:45:31 +01:00
|
|
|
# We use several libpgport and backend modules verbatim, but since we need
|
|
|
|
|
# to compile with appropriate options to build a shared lib, we can't
|
|
|
|
|
# necessarily use the same object files built for libpgport and the backend.
|
|
|
|
|
# Instead, symlink the source files in here and build our own object files.
|
2012-05-15 21:19:04 +02:00
|
|
|
# For some libpgport modules, this only happens if configure decides
|
2010-11-26 17:10:26 +01:00
|
|
|
# the module is needed (see filter hack in OBJS, above).
|
2003-04-14 23:15:13 +02:00
|
|
|
|
Revert error-throwing wrappers for the printf family of functions.
This reverts commit 16304a013432931e61e623c8d85e9fe24709d9ba, except
for its changes in src/port/snprintf.c; as well as commit
cac18a76bb6b08f1ecc2a85e46c9d2ab82dd9d23 which is no longer needed.
Fujii Masao reported that the previous commit caused failures in psql on
OS X, since if one exits the pager program early while viewing a query
result, psql sees an EPIPE error from fprintf --- and the wrapper function
thought that was reason to panic. (It's a bit surprising that the same
does not happen on Linux.) Further discussion among the security list
concluded that the risk of other such failures was far too great, and
that the one-size-fits-all approach to error handling embodied in the
previous patch is unlikely to be workable.
This leaves us again exposed to the possibility of the type of failure
envisioned in CVE-2015-3166. However, that failure mode is strictly
hypothetical at this point: there is no concrete reason to believe that
an attacker could trigger information disclosure through the supposed
mechanism. In the first place, the attack surface is fairly limited,
since so much of what the backend does with format strings goes through
stringinfo.c or psprintf(), and those already had adequate defenses.
In the second place, even granting that an unprivileged attacker could
control the occurrence of ENOMEM with some precision, it's a stretch to
believe that he could induce it just where the target buffer contains some
valuable information. So we concluded that the risk of non-hypothetical
problems induced by the patch greatly outweighs the security risks.
We will therefore revert, and instead undertake closer analysis to
identify specific calls that may need hardening, rather than attempt a
universal solution.
We have kept the portion of the previous patch that improved snprintf.c's
handling of errors when it calls the platform's sprintf(). That seems to
be an unalloyed improvement.
Security: CVE-2015-3166
2015-05-20 00:14:52 +02:00
|
|
|
chklocale.c crypt.c getaddrinfo.c getpeereid.c inet_aton.c inet_net_ntop.c noblock.c open.c system.c pgsleep.c pgstrcasecmp.c pqsignal.c snprintf.c strerror.c strlcpy.c thread.c win32error.c win32setlocale.c: % : $(top_srcdir)/src/port/%
|
2003-04-14 23:15:13 +02:00
|
|
|
rm -f $@ && $(LN_S) $< .
|
|
|
|
|
|
2010-11-26 17:10:26 +01:00
|
|
|
ip.c md5.c: % : $(backend_src)/libpq/%
|
2001-08-15 20:42:16 +02:00
|
|
|
rm -f $@ && $(LN_S) $< .
|
|
|
|
|
|
2010-11-26 17:10:26 +01:00
|
|
|
encnames.c wchar.c: % : $(backend_src)/utils/mb/%
|
Commit Karel's patch.
-------------------------------------------------------------------
Subject: Re: [PATCHES] encoding names
From: Karel Zak <zakkr@zf.jcu.cz>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: pgsql-patches <pgsql-patches@postgresql.org>
Date: Fri, 31 Aug 2001 17:24:38 +0200
On Thu, Aug 30, 2001 at 01:30:40AM +0200, Peter Eisentraut wrote:
> > - convert encoding 'name' to 'id'
>
> I thought we decided not to add functions returning "new" names until we
> know exactly what the new names should be, and pending schema
Ok, the patch not to add functions.
> better
>
> ...(): encoding name too long
Fixed.
I found new bug in command/variable.c in parse_client_encoding(), nobody
probably never see this error:
if (pg_set_client_encoding(encoding))
{
elog(ERROR, "Conversion between %s and %s is not supported",
value, GetDatabaseEncodingName());
}
because pg_set_client_encoding() returns -1 for error and 0 as true.
It's fixed too.
IMHO it can be apply.
Karel
PS:
* following files are renamed:
src/utils/mb/Unicode/KOI8_to_utf8.map -->
src/utils/mb/Unicode/koi8r_to_utf8.map
src/utils/mb/Unicode/WIN_to_utf8.map -->
src/utils/mb/Unicode/win1251_to_utf8.map
src/utils/mb/Unicode/utf8_to_KOI8.map -->
src/utils/mb/Unicode/utf8_to_koi8r.map
src/utils/mb/Unicode/utf8_to_WIN.map -->
src/utils/mb/Unicode/utf8_to_win1251.map
* new file:
src/utils/mb/encname.c
* removed file:
src/utils/mb/common.c
--
Karel Zak <zakkr@zf.jcu.cz>
http://home.zf.jcu.cz/~zakkr/
C, PostgreSQL, PHP, WWW, http://docs.linux.cz, http://mape.jcu.cz
2001-09-06 06:57:30 +02:00
|
|
|
rm -f $@ && $(LN_S) $< .
|
2000-06-28 20:30:16 +02:00
|
|
|
|
|
|
|
|
|
2009-08-28 22:26:19 +02:00
|
|
|
distprep: libpq-dist.rc
|
2006-04-28 04:53:20 +02:00
|
|
|
|
2009-08-28 22:26:19 +02:00
|
|
|
libpq.rc libpq-dist.rc: libpq.rc.in
|
2008-02-26 14:31:40 +01:00
|
|
|
sed -e 's/\(VERSION.*\),0 *$$/\1,'`date '+%y%j' | sed 's/^0*//'`'/' $< >$@
|
|
|
|
|
|
|
|
|
|
# Depend on Makefile.global to force rebuild on re-run of configure.
|
|
|
|
|
# (But libpq-dist.rc is shipped in the distribution for shell-less
|
|
|
|
|
# installations and is only updated by distprep.)
|
|
|
|
|
libpq.rc: $(top_builddir)/src/Makefile.global
|
2004-10-16 22:10:57 +02:00
|
|
|
|
2004-11-20 22:13:06 +01:00
|
|
|
fe-connect.o: fe-connect.c $(top_builddir)/src/port/pg_config_paths.h
|
2012-02-06 15:50:01 +01:00
|
|
|
fe-misc.o: fe-misc.c $(top_builddir)/src/port/pg_config_paths.h
|
2004-11-20 22:13:06 +01:00
|
|
|
|
|
|
|
|
$(top_builddir)/src/port/pg_config_paths.h:
|
|
|
|
|
$(MAKE) -C $(top_builddir)/src/port pg_config_paths.h
|
2004-10-12 03:04:11 +02:00
|
|
|
|
2001-08-28 16:20:28 +02:00
|
|
|
install: all installdirs install-lib
|
2005-12-09 22:19:36 +01:00
|
|
|
$(INSTALL_DATA) $(srcdir)/libpq-fe.h '$(DESTDIR)$(includedir)'
|
2008-09-17 06:31:08 +02:00
|
|
|
$(INSTALL_DATA) $(srcdir)/libpq-events.h '$(DESTDIR)$(includedir)'
|
2005-12-09 22:19:36 +01:00
|
|
|
$(INSTALL_DATA) $(srcdir)/libpq-int.h '$(DESTDIR)$(includedir_internal)'
|
|
|
|
|
$(INSTALL_DATA) $(srcdir)/pqexpbuffer.h '$(DESTDIR)$(includedir_internal)'
|
|
|
|
|
$(INSTALL_DATA) $(srcdir)/pg_service.conf.sample '$(DESTDIR)$(datadir)/pg_service.conf.sample'
|
2000-06-28 20:30:16 +02:00
|
|
|
|
Accept postgres:// URIs in libpq connection functions
postgres:// URIs are an attempt to "stop the bleeding" in this general
area that has been said to occur due to external projects adopting their
own syntaxes. The syntaxes supported by this patch:
postgres://[user[:pwd]@][unix-socket][:port[/dbname]][?param1=value1&...]
postgres://[user[:pwd]@][net-location][:port][/dbname][?param1=value1&...]
should be enough to cover most interesting cases without having to
resort to "param=value" pairs, but those are provided for the cases that
need them regardless.
libpq documentation has been shuffled around a bit, to avoid stuffing
all the format details into the PQconnectdbParams description, which was
already a bit overwhelming. The list of keywords has moved to its own
subsection, and the details on the URI format live in another subsection.
This includes a simple test program, as requested in discussion, to
ensure that interesting corner cases continue to work appropriately in
the future.
Author: Alexander Shulgin
Some tweaking by Álvaro Herrera, Greg Smith, Daniel Farina, Peter Eisentraut
Reviewed by Robert Haas, Alexey Klyukin (offlist), Heikki Linnakangas,
Marko Kreen, and others
Oh, it also supports postgresql:// but that's probably just an accident.
2012-04-11 08:59:32 +02:00
|
|
|
installcheck:
|
|
|
|
|
$(MAKE) -C test $@
|
|
|
|
|
|
2008-04-07 16:15:58 +02:00
|
|
|
installdirs: installdirs-lib
|
2012-09-18 04:33:26 +02:00
|
|
|
$(MKDIR_P) '$(DESTDIR)$(includedir)' '$(DESTDIR)$(includedir_internal)' '$(DESTDIR)$(datadir)'
|
2000-06-28 20:30:16 +02:00
|
|
|
|
|
|
|
|
uninstall: uninstall-lib
|
2008-09-17 06:31:08 +02:00
|
|
|
rm -f '$(DESTDIR)$(includedir)/libpq-fe.h'
|
|
|
|
|
rm -f '$(DESTDIR)$(includedir)/libpq-events.h'
|
|
|
|
|
rm -f '$(DESTDIR)$(includedir_internal)/libpq-int.h'
|
|
|
|
|
rm -f '$(DESTDIR)$(includedir_internal)/pqexpbuffer.h'
|
|
|
|
|
rm -f '$(DESTDIR)$(datadir)/pg_service.conf.sample'
|
2000-06-28 20:30:16 +02:00
|
|
|
|
2004-10-16 22:10:57 +02:00
|
|
|
clean distclean: clean-lib
|
Accept postgres:// URIs in libpq connection functions
postgres:// URIs are an attempt to "stop the bleeding" in this general
area that has been said to occur due to external projects adopting their
own syntaxes. The syntaxes supported by this patch:
postgres://[user[:pwd]@][unix-socket][:port[/dbname]][?param1=value1&...]
postgres://[user[:pwd]@][net-location][:port][/dbname][?param1=value1&...]
should be enough to cover most interesting cases without having to
resort to "param=value" pairs, but those are provided for the cases that
need them regardless.
libpq documentation has been shuffled around a bit, to avoid stuffing
all the format details into the PQconnectdbParams description, which was
already a bit overwhelming. The list of keywords has moved to its own
subsection, and the details on the URI format live in another subsection.
This includes a simple test program, as requested in discussion, to
ensure that interesting corner cases continue to work appropriately in
the future.
Author: Alexander Shulgin
Some tweaking by Álvaro Herrera, Greg Smith, Daniel Farina, Peter Eisentraut
Reviewed by Robert Haas, Alexey Klyukin (offlist), Heikki Linnakangas,
Marko Kreen, and others
Oh, it also supports postgresql:// but that's probably just an accident.
2012-04-11 08:59:32 +02:00
|
|
|
$(MAKE) -C test $@
|
2010-11-26 17:10:26 +01:00
|
|
|
rm -f $(OBJS) pthread.h libpq.rc
|
2007-01-07 09:49:31 +01:00
|
|
|
# Might be left over from a Win32 client-only build
|
|
|
|
|
rm -f pg_config_paths.h
|
2013-03-17 20:45:31 +01:00
|
|
|
rm -f inet_net_ntop.c noblock.c pgstrcasecmp.c pqsignal.c thread.c
|
Revert error-throwing wrappers for the printf family of functions.
This reverts commit 16304a013432931e61e623c8d85e9fe24709d9ba, except
for its changes in src/port/snprintf.c; as well as commit
cac18a76bb6b08f1ecc2a85e46c9d2ab82dd9d23 which is no longer needed.
Fujii Masao reported that the previous commit caused failures in psql on
OS X, since if one exits the pager program early while viewing a query
result, psql sees an EPIPE error from fprintf --- and the wrapper function
thought that was reason to panic. (It's a bit surprising that the same
does not happen on Linux.) Further discussion among the security list
concluded that the risk of other such failures was far too great, and
that the one-size-fits-all approach to error handling embodied in the
previous patch is unlikely to be workable.
This leaves us again exposed to the possibility of the type of failure
envisioned in CVE-2015-3166. However, that failure mode is strictly
hypothetical at this point: there is no concrete reason to believe that
an attacker could trigger information disclosure through the supposed
mechanism. In the first place, the attack surface is fairly limited,
since so much of what the backend does with format strings goes through
stringinfo.c or psprintf(), and those already had adequate defenses.
In the second place, even granting that an unprivileged attacker could
control the occurrence of ENOMEM with some precision, it's a stretch to
believe that he could induce it just where the target buffer contains some
valuable information. So we concluded that the risk of non-hypothetical
problems induced by the patch greatly outweighs the security risks.
We will therefore revert, and instead undertake closer analysis to
identify specific calls that may need hardening, rather than attempt a
universal solution.
We have kept the portion of the previous patch that improved snprintf.c's
handling of errors when it calls the platform's sprintf(). That seems to
be an unalloyed improvement.
Security: CVE-2015-3166
2015-05-20 00:14:52 +02:00
|
|
|
rm -f chklocale.c crypt.c getaddrinfo.c getpeereid.c inet_aton.c open.c system.c snprintf.c strerror.c strlcpy.c win32error.c win32setlocale.c
|
2012-05-15 21:19:04 +02:00
|
|
|
rm -f pgsleep.c
|
2010-11-26 17:10:26 +01:00
|
|
|
rm -f md5.c ip.c
|
|
|
|
|
rm -f encnames.c wchar.c
|
2004-10-16 22:10:57 +02:00
|
|
|
|
2008-02-26 07:41:24 +01:00
|
|
|
maintainer-clean: distclean maintainer-clean-lib
|
Accept postgres:// URIs in libpq connection functions
postgres:// URIs are an attempt to "stop the bleeding" in this general
area that has been said to occur due to external projects adopting their
own syntaxes. The syntaxes supported by this patch:
postgres://[user[:pwd]@][unix-socket][:port[/dbname]][?param1=value1&...]
postgres://[user[:pwd]@][net-location][:port][/dbname][?param1=value1&...]
should be enough to cover most interesting cases without having to
resort to "param=value" pairs, but those are provided for the cases that
need them regardless.
libpq documentation has been shuffled around a bit, to avoid stuffing
all the format details into the PQconnectdbParams description, which was
already a bit overwhelming. The list of keywords has moved to its own
subsection, and the details on the URI format live in another subsection.
This includes a simple test program, as requested in discussion, to
ensure that interesting corner cases continue to work appropriately in
the future.
Author: Alexander Shulgin
Some tweaking by Álvaro Herrera, Greg Smith, Daniel Farina, Peter Eisentraut
Reviewed by Robert Haas, Alexey Klyukin (offlist), Heikki Linnakangas,
Marko Kreen, and others
Oh, it also supports postgresql:// but that's probably just an accident.
2012-04-11 08:59:32 +02:00
|
|
|
$(MAKE) -C test $@
|
2009-08-28 22:26:19 +02:00
|
|
|
rm -f libpq-dist.rc
|
