postgresql: add fix for CVE-2014-0064 Security Advisory

Multiple integer overflows in the path_in and other unspecified
functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote
authenticated users to have unspecified impact and attack vectors, which
trigger a buffer overflow. NOTE: this identifier has been SPLIT due to
different affected versions; use CVE-2014-2669 for the hstore vector.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc
index d45f4b5edf..9b242e0476 100644
--- a/meta-oe/recipes-support/postgresql/postgresql.inc
+++ b/meta-oe/recipes-support/postgresql/postgresql.inc
@@ -28,10 +28,11 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
            file://postgresql.init \
            file://postgresql-bashprofile \
            file://postgresql.pam \
-           file://0001-Use-pkg-config-for-libxml2-detection.patch \
            file://postgresql-setup \
            file://postgresql.service \
-"
+           file://0001-Use-pkg-config-for-libxml2-detection.patch \
+           file://0002-Predict-integer-overflow-to-avoid-buffer-overruns.patch \
+          "
 
 LEAD_SONAME = "libpq.so"