postgresql: add fix for CVE-2014-0067 Security Advisory

The make check command for the test suites in PostgreSQL 9.3.3 and
earlier does not properly invoke initdb to specify the authentication
requirements for a database cluster to be used for the tests, which
allows local users to gain privileges by leveraging access to this
cluster.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta-oe/recipes-support/postgresql/files/0007-Make-pqsignal-available-to-pg_regress-of-ECPG-and-is.patch

@@ -0,0 +1,75 @@
+From 0ae841a98c21c53901d5bc9a9323a8cc800364f6 Mon Sep 17 00:00:00 2001
+From: Noah Misch <noah@leadboat.com>
+Date: Sat, 14 Jun 2014 10:52:25 -0400
+Subject: [PATCH] Make pqsignal() available to pg_regress of ECPG and
+ isolation suites.
+
+commit 0ae841a98c21c53901d5bc9a9323a8cc800364f6 REL9_2_STABLE
+
+Commit 453a5d91d49e4d35054f92785d830df4067e10c1 made it available to the
+src/test/regress build of pg_regress, but all pg_regress builds need the
+same treatment.  Patch 9.2 through 8.4; in 9.3 and later, pg_regress
+gets pqsignal() via libpgport.
+
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/interfaces/ecpg/test/Makefile |    4 ++--
+ src/test/isolation/Makefile       |   12 +++++++-----
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/interfaces/ecpg/test/Makefile b/src/interfaces/ecpg/test/Makefile
+index e9944c6..4bb9525 100644
+--- a/src/interfaces/ecpg/test/Makefile
++++ b/src/interfaces/ecpg/test/Makefile
+@@ -47,10 +47,10 @@ clean distclean maintainer-clean:
+ 
+ all: pg_regress$(X)
+ 
+-pg_regress$(X): pg_regress_ecpg.o $(top_builddir)/src/test/regress/pg_regress.o
++pg_regress$(X): pg_regress_ecpg.o $(top_builddir)/src/test/regress/pg_regress.o $(top_builddir)/src/test/regress/pqsignal.o
+ 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_EX) $^ $(LIBS) -o $@
+ 
+-$(top_builddir)/src/test/regress/pg_regress.o:
++$(top_builddir)/src/test/regress/pg_regress.o $(top_builddir)/src/test/regress/pqsignal.o:
+ 	$(MAKE) -C $(dir $@) $(notdir $@)
+ 
+ # dependencies ensure that path changes propagate
+diff --git a/src/test/isolation/Makefile b/src/test/isolation/Makefile
+index 46ea6f0..e20ba48 100644
+--- a/src/test/isolation/Makefile
++++ b/src/test/isolation/Makefile
+@@ -15,13 +15,15 @@ OBJS =  specparse.o isolationtester.o
+ 
+ all: isolationtester$(X) pg_isolation_regress$(X)
+ 
+-submake-regress:
++pg_regress.o:
+ 	$(MAKE) -C $(top_builddir)/src/test/regress pg_regress.o
+-
+-pg_regress.o: | submake-regress
+ 	rm -f $@ && $(LN_S) $(top_builddir)/src/test/regress/pg_regress.o .
+ 
+-pg_isolation_regress$(X): isolation_main.o pg_regress.o
++pqsignal.o:
++	$(MAKE) -C $(top_builddir)/src/test/regress pqsignal.o
++	rm -f $@ && $(LN_S) $(top_builddir)/src/test/regress/pqsignal.o .
++
++pg_isolation_regress$(X): isolation_main.o pg_regress.o pqsignal.o
+ 	$(CC) $(CFLAGS) $^ $(LDFLAGS) $(LDFLAGS_EX) $(LIBS) -o $@
+ 
+ isolationtester$(X): $(OBJS) | submake-libpq submake-libpgport
+@@ -59,7 +61,7 @@ endif
+ # so do not clean them here
+ clean distclean:
+ 	rm -f isolationtester$(X) pg_isolation_regress$(X) $(OBJS) isolation_main.o
+-	rm -f pg_regress.o
++	rm -f pg_regress.o pqsignal.o
+ 	rm -rf $(pg_regress_clean_files)
+ 
+ maintainer-clean: distclean
+-- 
+1.7.5.4
+

meta-oe/recipes-support/postgresql/postgresql.inc

@@ -36,6 +36,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
            file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \
            file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \
            file://0006-Fix-handling-of-wide-datetime-input-output.patch \
+           file://0007-Make-pqsignal-available-to-pg_regress-of-ECPG-and-is.patch \
           "
 
 LEAD_SONAME = "libpq.so"