Merge tag '181+deb9u1' into jessie-backports

tagging package postgresql-common version 181+deb9u1

debian/changelog

+postgresql-common (181+deb9u1~bpo8+1) jessie-backports; urgency=medium
+
+  * Rebuild for stretch-backports.
+
+ -- Christoph Berg <christoph.berg@credativ.de>  Fri, 15 Dec 2017 09:12:46 +0100
+
+postgresql-common (181+deb9u1) stretch-security; urgency=medium
+
+  * pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead
+    of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806.
+    Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for
+    CVE-2016-1255.)
+
+ -- Christoph Berg <myon@debian.org>  Tue, 07 Nov 2017 20:54:52 +0100
+
 postgresql-common (181~bpo8+1) jessie-backports; urgency=medium
 
   * Rebuild for jessie-backports.

pg_createcluster

@@ -18,7 +18,7 @@
 
 use PgCommon;
 use Getopt::Long;
-use POSIX qw/setlocale LC_ALL LC_CTYPE/;
+use POSIX qw/lchown setlocale LC_ALL LC_CTYPE/;
 
 $ENV{'PATH'} = '/bin:/usr/bin'; # untaint
 
@@ -388,8 +388,9 @@ set_cluster_pg_ctl_conf $version, $cluster, '';
 move_conffile "$datadir/postgresql.conf", $confdir, $owneruid, $ownergid, '644';
 move_conffile "$datadir/pg_hba.conf", $confdir, $owneruid, $ownergid, '640', 'hba_file';
 move_conffile "$datadir/pg_ident.conf", $confdir, $owneruid, $ownergid, '640', 'ident_file';
-chown $owneruid, $ownergid, $datadir, $confdir, "$confdir/start.conf" or die "chown: $!";
-chown $owneruid, $ownergid, $datadir, $confdir, "$confdir/pg_ctl.conf" or die "chown: $!";
+foreach my $f ($datadir, $confdir, "$confdir/start.conf", "$confdir/pg_ctl.conf") {
+    lchown $owneruid, $ownergid, $f or error "lchown $f: $!";
+}
 
 PgCommon::set_conf_value $version, $cluster, 'postgresql.conf', 'data_directory', $datadir;
 
@@ -431,7 +432,7 @@ if (! -d '/var/log/postgresql') {
     mkdir '/var/log/postgresql' or
 	error "could not create log directory; you might need to run this program with root privileges";
     chmod 01775, '/var/log/postgresql';
-    chown 0, $postgres_user[3], '/var/log/postgresql';
+    lchown 0, $postgres_user[3], '/var/log/postgresql';
 }
 $real_logfile = $custom_logfile || "/var/log/postgresql/postgresql-$version-$cluster.log";
 error "logfile $real_logfile is a directory, not a file" if (-d $real_logfile);
@@ -446,11 +447,11 @@ if ($owneruid < 500) {
 } else {
     $g = $ownergid;
 }
-chown $owneruid, $g, $real_logfile;
+lchown $owneruid, $g, $real_logfile;
 # if we are using a non-default log file, create a log symlink
 if ($custom_logfile) {
     symlink $real_logfile, "$confdir/log";
-    chown $owneruid, $ownergid, "$confdir/log";
+    lchown $owneruid, $ownergid, "$confdir/log";
 }
 
 # version specific default configuration tweaking
@@ -565,7 +566,7 @@ open ENV, ">$confdir/environment" or error "could not create environment file $c
 print ENV $defaultenv;
 close ENV;
 chmod 0644, "$confdir/environment";
-chown $owneruid, $ownergid, "$confdir/environment";
+lchown $owneruid, $ownergid, "$confdir/environment";
 
 $cleanup_cruft = 0;
 
@@ -585,7 +586,7 @@ foreach my $guc (sort keys %defaultconf) {
         next if ($version < 9.3);
         if ($val =~ /^[\w.]+$/ and not -e "$confdir/$val") { # create directory relative to new config directory
             mkdir "$confdir/$val", 0755;
-            chown $owneruid, $ownergid, "$confdir/$val";
+            lchown $owneruid, $ownergid, "$confdir/$val";
         }
     }
     PgCommon::set_conf_value $version, $cluster, 'postgresql.conf', $guc, $val;

pg_ctlcluster

@@ -24,6 +24,7 @@ use Getopt::Long;
 use POSIX qw/setsid dup2 :sys_wait_h/;
 use PgCommon;
 use Fcntl qw(SEEK_SET O_RDWR O_CREAT O_EXCL);
+use POSIX qw(lchown);
 
 my ($version, $cluster, $pg_ctl, $force);
 my (@postgres_auxoptions, @pg_ctl_opts_from_cli);
@@ -462,7 +463,7 @@ if ($action ne 'stop' && $info{'logfile'} && ! -e $info{'logfile'}) {
     $( = $) = 0;
     if ($info{'owneruid'} < 500) {
         my $g = (getgrnam 'adm')[2];
-        chown $info{'owneruid'}, $g, $info{'logfile'} if (defined $g);
+        lchown $info{'owneruid'}, $g, $info{'logfile'} if (defined $g);
     }
 }
 

pg_upgradecluster

@@ -20,7 +20,7 @@ use strict;
 use warnings;
 use PgCommon;
 use Getopt::Long;
-use POSIX;
+use POSIX qw(lchown);
 
 # untaint environment
 $ENV{'PATH'} = '/bin:/usr/bin';
@@ -127,7 +127,7 @@ sub adapt_conffiles {
 	}
 	close O;
 	close N;
-	chown $newinfo{'owneruid'}, $newinfo{'ownergid'}, "$hba.new";
+	lchown $newinfo{'owneruid'}, $newinfo{'ownergid'}, "$hba.new";
 	chmod 0640, "$hba.new";
 	rename "$hba.new", $hba or error "rename: $!";
     }
@@ -202,7 +202,7 @@ sub disable_connections {
         error "could not create $hba";
     }
     chmod 0400, $hba;
-    chown $_[3], 0, $hba;
+    lchown $_[3], 0, $hba;
     if ($_[0] >= '8.4') {
 	print F "local all $_[2] ident\n";
     } else {