Back-ported upstream patch for CVE-2012-2143: incorrect password transformation in contrib/pgcrypto's DES crypt(). diff -Naur postgresql-8.1.23.orig/contrib/pgcrypto/crypt-des.c postgresql-8.1.23/contrib/pgcrypto/crypt-des.c --- postgresql-8.1.23.orig/contrib/pgcrypto/crypt-des.c 2010-12-13 22:52:30.000000000 -0500 +++ postgresql-8.1.23/contrib/pgcrypto/crypt-des.c 2012-06-12 19:47:22.306408037 -0400 @@ -666,7 +666,8 @@ q = (uint8 *) keybuf; while (q - (uint8 *) keybuf - 8) { - if ((*q++ = *key << 1)) + *q++ = *key << 1; + if (*key != '\0') key++; } if (des_setkey((char *) keybuf))