FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=2016Q3 2016-01-13T10:36:22Z 2016-01-13T10:36:22Z Palle Girgensohn girgen@FreeBSD.org 2016-01-13T10:36:22Z urn:sha1:a9c901ec2bd7061cb5a9f38c4aa1b4608c00cf1f pg_upgrade. Other where added in 9.5, but the port failed to install them. Make sure they are properly installed by the correct port (-client or -server) [1] Remove unused and hence confusing OSSP_UUID parameters from Makefile [2] Add options to allow user to be set for the backup script in periodic. Add this option only to 9.5 for now. It will be updated to other servers at next regular patch release. [3] The path to perl in hard coded into pgxs/src/Makefile.global which is then installed. Hence, we must depend on perl when that file is installed. Noticed by: Paul Guyot [1] PR: 192387 [2] PR: 172110 [3] PR: 206046 [4] 2015-10-08T21:25:01Z Palle Girgensohn girgen@FreeBSD.org 2015-10-08T21:25:01Z urn:sha1:0642ae4b77cc7e0c9aa0ffaa0045771924380dc5 Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt( function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. This update will also disable SSL renegotiation by default; previously, it was enabled by default. SSL renegotiation will be removed entirely in PostgreSQL versions 9.5 and later. URL: http://www.postgresql.org/about/news/1615/ Security: CVE-2015-5288 CVE-2015-5289 2015-05-22T23:22:19Z Palle Girgensohn girgen@FreeBSD.org 2015-05-22T23:22:19Z urn:sha1:89f2bb6e59de11ab88f81b6803620c9f86d2a44f Data Corruption Fix For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against "multixact wraparound", resulting in data corruption or loss. Users with a high transaction rate (1 million or more per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days. Users of versions 9.2 and earlier are not affected by this issue. Security: fc38cd83-00b3-11e5-8ebd-0026551a22dc 2015-02-07T17:05:07Z Palle Girgensohn girgen@FreeBSD.org 2015-02-07T17:05:07Z urn:sha1:cbb709bca29aceb9ff29b8250f475ab15a0b98dd PR: ports/197362 2015-02-05T22:54:34Z Palle Girgensohn girgen@FreeBSD.org 2015-02-05T22:54:34Z urn:sha1:262af710e75062789fef1dfdcd828d76841b8ffc This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list of security holes patched below in case they are particularly vulnerable. Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243, CVE-2015-0244,CVE-2014-8161 2014-11-12T09:53:41Z Palle Girgensohn girgen@FreeBSD.org 2014-11-12T09:53:41Z urn:sha1:987b035d6773430b7bf78c56621e233b2b25bf21 We need -pthread in LDFLAGS for threaded extensions like plv8js to work. PR: 175783 Submitted by: Li-Wen Hsu <lwhsu@FreeBSD.org> 2014-08-25T17:53:26Z Chris Rees crees@FreeBSD.org 2014-08-25T17:53:26Z urn:sha1:dab15277f4ab5eef396460d80afc54d1f390a815 Reviewed by: bapt 2014-06-30T23:07:29Z Baptiste Daroussin bapt@FreeBSD.org 2014-06-30T23:07:29Z urn:sha1:562eeefecf551ed9701e476f2a3cddb528fa4575 2014-02-26T17:24:35Z Antoine Brodin antoine@FreeBSD.org 2014-02-26T17:24:35Z urn:sha1:4d4db2684b5537944ba9de1e90179e90a1bc1149 Reviewed by: postgresql@ Tested by: miwi and me 2013-10-15T17:17:05Z Sunpoet Po-Chuan Hsieh sunpoet@FreeBSD.org 2013-10-15T17:17:05Z urn:sha1:1e4b76852c317adec50593421436d9940945eae8 - Convert to new LIB_DEPENDS format for postgresql*-contrib Submitted by: sunpoet (myself) Reviewed by: crees (pgsql) Approved by: jgh (pgsql)