kumquat-buildroot/package/timescaledb/timescaledb.mk
Fabrice Fontaine 3398e8e6d4 package/timescaledb: security bump to version 2.5.2
Fix CVE-2022-24128: Timescale TimescaleDB 1.x and 2.x before 2.5.2 may
allow privilege escalation during extension installation. The
installation process uses commands such as CREATE x IF NOT EXIST that
allow an unprivileged user to precreate objects. These objects will be
used by the installer (which executes as Superuser), leading to
privilege escalation. In order to be able to take advantage of this, an
unprivileged user would need to be able to create objects in a database
and then get a Superuser to install TimescaleDB into their database. (In
the fixed versions, the installation aborts when it finds that an object
already exists.)

"This release contains bug fixes since the 2.5.1 release.
This release is high priority for upgrade. We strongly recommend that
you upgrade as soon as possible."

https://github.com/timescale/timescaledb/releases/tag/2.5.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-03-20 18:06:35 +01:00

39 lines
1.2 KiB
Makefile

################################################################################
#
# timescaledb
#
################################################################################
TIMESCALEDB_VERSION = 2.5.2
TIMESCALEDB_SITE = $(call github,timescale,timescaledb,$(TIMESCALEDB_VERSION))
TIMESCALEDB_LICENSE = Apache-2.0
TIMESCALEDB_LICENSE_FILES = LICENSE
TIMESCALEDB_DEPENDENCIES = postgresql
# The PG_CPPFLAGS, PG_CFLAGS, PG_LDFLAGS and PG_LIBS variables must be
# non-empty, otherwise CMake will call the pg_config script, and our
# pg_config replacement doesn't implement --cppflags --cflags
# --ldflags and --libs.
TIMESCALEDB_CONF_OPTS = \
-DTAP_CHECKS=OFF \
-DREGRESS_CHECKS=OFF \
-DWARNINGS_AS_ERRORS=OFF \
-DPG_PKGLIBDIR=lib/postgresql \
-DPG_SHAREDIR=share/postgresql \
-DPG_BINDIR=bin \
-DPG_CPPFLAGS="$(TARGET_CPPFLAGS) " \
-DPG_CFLAGS="$(TARGET_CFLAGS) " \
-DPG_LDFLAGS="$(TARGET_LDFLAGS) " \
-DPG_LIBS=" "
# There's no dependency on the OpenSSL package, because USE_OPENSSL
# only tells if postgresql was built with OpenSSL support or not.
ifeq ($(BR2_PACKAGE_OPENSSL),y)
TIMESCALEDB_CONF_OPTS += -DUSE_OPENSSL=1
else
TIMESCALEDB_CONF_OPTS += -DUSE_OPENSSL=0
endif
$(eval $(cmake-package))