FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=13.1-eol 2023-07-05T14:11:39Z 2023-07-05T14:11:39Z Palle Girgensohn girgen@FreeBSD.org 2023-05-25T15:53:31Z urn:sha1:4ee225f90aa3f81a418859086a0bca660f44e7ef URL: https://www.postgresql.org/about/news/postgresql-16-beta-1-released-2643/ Release notes: https://www.postgresql.org/docs/16/release-16.html 2023-05-11T15:42:57Z Palle Girgensohn girgen@FreeBSD.org 2023-05-11T15:21:54Z urn:sha1:3fd6f200dc8c12022515f7c3f662df148941e261 The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 15.3, 14.8, 13.11, 12.15, and 11.20. This release fixes two security vulnerabilities over 80 bugs reported over the last several months. CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2455: Row security policies disregard user ID changes after inlining. While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. Security: fbb5a260-f00f-11ed-bbae-6cc21735f730 Security: 4b636f50-f011-11ed-bbae-6cc21735f730 Release-notes: https://www.postgresql.org/docs/release/ 2023-04-13T00:56:37Z Jan Beich jbeich@FreeBSD.org 2023-03-23T17:56:40Z urn:sha1:f1f1a8be887ee2c5d75bec33cb8f8a89454e606b - Temporarily switch to GitHub auto archive (release artifacts are N/A atm) Changes: https://github.com/unicode-org/icu/releases/tag/release-73-1 Reported by: GitHub (watch releases) PR: 270422 Exp-run by: antoine 2023-02-09T14:52:35Z Palle Girgensohn girgen@FreeBSD.org 2023-02-09T14:48:12Z urn:sha1:8f04ac817353175e8f73e8561d404b81b9d20ce4 The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 15.2, 14.7, 13.10, 12.14, and 11.19. This release closes one security vulnerability and fixes over 60 bugs reported over the last several months. Release notes: https://www.postgresql.org/docs/release/ Security: CVE-2022-41862: Client memory disclosure when connecting, with Kerberos, to modified server. 2022-11-15T15:40:59Z Dmitry Marakasov amdmi3@FreeBSD.org 2022-05-17T10:49:50Z urn:sha1:d512e8cce2abc9375784bc1dc4c91d5353e867a0 PostgreSQL server may use late-mounted filesystems, so require these in rc.d scripts. Real life example is when /tmp is late-mounted tmpfs atop of ZFS, and if posgresql-server starts before mountlate, its socket which resides on /tmp is hidden under tmpfs which is mounted afterwards. PR: 267500 Approved by: maintainer timeout (pgsql, 2 weeks) 2022-11-10T16:23:11Z Palle Girgensohn girgen@FreeBSD.org 2022-11-10T16:21:18Z urn:sha1:792a1db259a1e0b8588727d5a200dc62dac54ae8 PostgreSQL 15.1, 14.6, 13.9, 12.13, 11.18, and 10.23 Released! The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 15.1, 14.6, 13.9, 12.13, 11.18, and 10.23. This release fixes 25 bugs reported over the last several months. This is the final release of PostgreSQL 10. PostgreSQL 10 will no longer receive security and bug fixes. If you are running PostgreSQL 10 in a production environment, we suggest that you make plans to upgrade. Release notes: https://www.postgresql.org/docs/release/ 2022-10-19T08:10:29Z Jan Beich jbeich@FreeBSD.org 2022-09-24T16:35:03Z urn:sha1:dfe25d73e7fdd333c59008a4ec1859c7f93dacd6 Changes: https://github.com/unicode-org/icu/releases/tag/release-72-1 Reported by: GitHub (watch releases) PR: 266582 Exp-run by: antoine 2022-10-03T08:29:02Z Palle Girgensohn girgen@FreeBSD.org 2022-10-03T08:29:02Z urn:sha1:c54eaee9b25b1e5a82d00277e2dca7ccf67c0a81 Noted by: sunpoet@ 2022-09-14T04:10:22Z Alexey Dokuchaev danfe@FreeBSD.org 2022-09-14T04:10:22Z urn:sha1:d06aa00bb41c25880dd99fef34b5c97704af4a33 Convert to ASCII and trim EOL whitespace. The scripts are now identical across all PostgreSQL server versions we have in the ports. Verified by: cksum(1) 2022-09-10T17:41:16Z Tobias Kortkamp tobik@FreeBSD.org 2022-09-10T17:41:16Z urn:sha1:e79fe1aabc5b83364240652d62b99198a9ccfb32 Many of the WWW are overwritten later which means the wrong value is used. This did not happen before where the children were either a) just using the pkg-descr from the parents b) or had their own separate pkg-descr with custom WWW Use WWW?= in parents when the child's WWW is different. Children that use the same WWW as the parent can just inherit it, i.e., the child WWW can be removed. Approved by: portmgr (implicit)