Home > mailing lists

Re: Securing "make check" (CVE-2014-0067) - Mailing list pgsql-hackers

From	Noah Misch
Subject	Re: Securing "make check" (CVE-2014-0067)
Date	December 25, 2014 08:27:18
Msg-id	20141225052706.GA1923279@tornado.leadboat.com Whole thread Raw
In response to	Re: Securing "make check" (CVE-2014-0067) (David Rowley <dgrowleyml@gmail.com>)
Responses	Re: Securing "make check" (CVE-2014-0067)
List	pgsql-hackers

Tree view

On Thu, Dec 25, 2014 at 03:55:02PM +1300, David Rowley wrote:
> f6dc6dd seems to have broken vcregress check for me:

> FATAL:  no pg_hba.conf entry for host "::1", user "David", database
> "postgres"
> ...
> FATAL:  no pg_hba.conf entry for host "::1", user "David", database
> "postgres"

Thanks.  I bet this is the reason buildfarm members hamerkop, jacana and
bowerbird have not been reporting in.

> @@ -1085,6 +1085,8 @@ config_sspi_auth(const char *pgdata)
>      CW(fputs("# Configuration written by config_sspi_auth()\n", hba) >= 0);
>      CW(fputs("host all all 127.0.0.1/32  sspi include_realm=1 map=regress\n",
>               hba) >= 0);
> +    CW(fputs("host all all ::1/128  sspi include_realm=1 map=regress\n",
> +             hba) >= 0);

This needs to be conditional on whether the platform supports IPv6, like we do
in setup_config().  The attached patch works on these configurations:

64-bit Windows Server 2003, 32-bit VS2010
64-bit Windows Server 2003, MinGW (always 32-bit)
64-bit Windows Server 2008, 64-bit VS2012
64-bit Windows Server 2008, 64-bit MinGW-w64

If the patch looks reasonable, I will commit it.

Attachment

vcregress_ipv6_fix-v2.diff

pgsql-hackers by date:

From: Michael Paquier
Date: 25 December 2014, 06:32:06
Subject: Re: Securing "make check" (CVE-2014-0067)

From: Abhijit Menon-Sen
Date: 25 December 2014, 09:27:47
Subject: Re: What exactly is our CRC algorithm?

Re: Securing "make check" (CVE-2014-0067) - Mailing list pgsql-hackers

Attachment

Previous

Next