diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2022-05-10 07:27:43 +0000 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2022-05-12 13:41:07 +0000 |
| commit | 6c00f6e30fbd66a5ccc7173c9f4aca3122cd4c63 (patch) | |
| tree | 23180acd0ec83574dee6672725c9a07badfa8db9 /databases/postgresql12-server | |
| parent | 4a835475da61e30632ee58f316429d7352d271a5 (diff) | |
| download | ports-6c00f6e30fbd66a5ccc7173c9f4aca3122cd4c63.tar.gz ports-6c00f6e30fbd66a5ccc7173c9f4aca3122cd4c63.zip | |
databases/postgresql??-server: update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 14.3, 13.7, 12.11, 11.16,
and 10.21. This release fixes over 50 bugs reported over the last three
months. This release closes one security vulnerability and fixes over 50
bugs reported over the last three months.
We encourage you to install this update at your earliest possible
convenience.
If you have any GiST indexes on columns using the ltree data type, you
will need to reindex them after upgrading.
For the full list of changes, please review the release notes.
It also fixes a security issue, CVE-2022-1552:
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox.
Versions Affected: 10 - 14. The security team typically does not test
unsupported versions, but this problem is quite old.
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
and pg_amcheck made incomplete efforts to operate safely when a
privileged user is maintaining another user's objects. Those commands
activated relevant protections too late or not at all. An attacker
having permission to create non-temp objects in at least one schema
could execute arbitrary SQL functions under a superuser identity.
While promptly updating PostgreSQL is the best remediation for most
users, a user unable to do that can work around the vulnerability by
disabling autovacuum, not manually running the above commands, and not
restoring from output of the pg_dump command. Performance may degrade
quickly under this workaround. VACUUM is safe, and all commands are fine
when a trusted user owns the target object.
Security: 157ce083-d145-11ec-ab9b-6cc21735f730
Release notes: https://www.postgresql.org/docs/release/
Diffstat (limited to 'databases/postgresql12-server')
| -rw-r--r-- | databases/postgresql12-server/Makefile | 4 | ||||
| -rw-r--r-- | databases/postgresql12-server/distinfo | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/databases/postgresql12-server/Makefile b/databases/postgresql12-server/Makefile index 2fc4cd3be354..28b400576bfc 100644 --- a/databases/postgresql12-server/Makefile +++ b/databases/postgresql12-server/Makefile @@ -1,9 +1,9 @@ # Created by: Marc G. Fournier <scrappy@FreeBSD.org> -DISTVERSION?= 12.10 +DISTVERSION?= 12.11 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. -PORTREVISION?= 1 +PORTREVISION?= 0 MAINTAINER?= pgsql@FreeBSD.org diff --git a/databases/postgresql12-server/distinfo b/databases/postgresql12-server/distinfo index 486909b0ebd1..af475f84aa88 100644 --- a/databases/postgresql12-server/distinfo +++ b/databases/postgresql12-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1644361279 -SHA256 (postgresql/postgresql-12.10.tar.bz2) = 83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257 -SIZE (postgresql/postgresql-12.10.tar.bz2) = 20990621 +TIMESTAMP = 1652167824 +SHA256 (postgresql/postgresql-12.11.tar.bz2) = 1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302 +SIZE (postgresql/postgresql-12.11.tar.bz2) = 21086745 |