FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=2016Q3 2016-08-24T14:30:47Z 2016-08-24T14:30:47Z Mark Felder feld@FreeBSD.org 2016-08-24T14:30:47Z urn:sha1:29de818549a8b4350d60c0a7176c4129fe47d6f8 The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 9.1.23. This release fixes two security issues. It also patches a number of other bugs reported over the last three months. Users who rely on security isolation between database users should update as soon as possible. Other users should plan to update at the next convenient downtime. If you are using the ICU patch, please consult UPDATING. Improve periodic cleanup, suggested by claudius (at) ambtec.de. [1] PR: 210941 [1] Security: CVE-2016-5423, CVE-2016-5424 Approved by: ports-secteam (with hat) 2016-06-17T23:28:04Z Mathieu Arnold mat@FreeBSD.org 2016-06-17T23:28:04Z urn:sha1:1a8a092d9fefcbd7f960c82c59802c61807867a6 While there, run make makepatch on affected ports, and rename patches accordingly. Sponsored by: Absolight 2016-05-19T11:09:14Z Dmitry Marakasov amdmi3@FreeBSD.org 2016-05-19T11:09:14Z urn:sha1:e87a8bd319cefd3a75d9d061fe9ac6bad980b0db Approved by: portmgr blanket 2016-05-12T22:36:10Z Palle Girgensohn girgen@FreeBSD.org 2016-05-12T22:36:10Z urn:sha1:71b54620678ff776dc658f03ada695403280ce37 URL: http://www.postgresql.org/docs/9.5/static/release-9-5-3.html 2016-03-31T14:49:01Z Palle Girgensohn girgen@FreeBSD.org 2016-03-31T14:49:01Z urn:sha1:1b201272e79fe7d0bb509523405e44a27cb3d7ab URL: http://www.postgresql.org/about/news/1656/ 2016-02-13T22:42:04Z Palle Girgensohn girgen@FreeBSD.org 2016-02-13T22:42:04Z urn:sha1:70a06c4f2e2e669f6795dcec5165c0ea83f94e3b Security Fixes for Regular Expressions, PL/Java This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input. The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser URL: http://www.postgresql.org/about/news/1644/ Security: CVE-2016-0773, CVE-2016-0766 2015-10-08T21:25:01Z Palle Girgensohn girgen@FreeBSD.org 2015-10-08T21:25:01Z urn:sha1:0642ae4b77cc7e0c9aa0ffaa0045771924380dc5 Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt( function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. This update will also disable SSL renegotiation by default; previously, it was enabled by default. SSL renegotiation will be removed entirely in PostgreSQL versions 9.5 and later. URL: http://www.postgresql.org/about/news/1615/ Security: CVE-2015-5288 CVE-2015-5289 2015-10-06T08:47:42Z Palle Girgensohn girgen@FreeBSD.org 2015-10-06T08:47:42Z urn:sha1:7d7b994589cd798ac6b4b95e858ca3a3c67eeff6 PR: ports/202649 2015-07-22T22:45:35Z Baptiste Daroussin bapt@FreeBSD.org 2015-07-22T22:45:35Z urn:sha1:bc460272039a723eb5950cc2fa4ac0e6c717ef17 Use OPTIONS_SUB to automatically PLIST_SUB Use OPTIONS helpers 2015-07-22T21:46:27Z Baptiste Daroussin bapt@FreeBSD.org 2015-07-22T21:46:27Z urn:sha1:ab7ead91d49e59e716af676bed3409e102c0624a