| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
2020-07-24 databases/postgresql94-client: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-contrib: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-docs: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-pgtcl: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-plpython: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-server: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-pltcl: PostgreSQL-9.4 has reached end-of-life
2020-07-24 databases/postgresql94-plperl: PostgreSQL-9.4 has reached end-of-life
Notes:
svn path=/head/; revision=543266
|
| |
|
|
|
|
|
|
|
|
|
| |
Final release was in Fabruary 2020.
WWW: https://www.postgresql.org/support/versioning/
Also, fix build problems with plperl and plpython for 9.4
Notes:
svn path=/head/; revision=536423
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 12.2, 11.7, 10.12,
9.6.17, 9.5.21, and 9.4.26. This release fixes one security issue found
in the PostgreSQL server and over 75 bugs reported over the last three
months.
Users should plan to update as soon as possible.
PostgreSQL 9.4 Now EOL
This is the last release for PostgreSQL 9.4, which will no longer
receive security updates and bug fixes. PostgreSQL 9.4 introduced new
features such as JSONB support, the `ALTER SYSTEM` command, the ability
to stream logical changes to an output plugin, and more:
https://www.postgresql.org/about/news/1557/
https://www.postgresql.org/docs/9.4/release-9-4.html
While we are very proud of this release, these features are also found
in newer versions of PostgreSQL. Many of these features have also
received improvements, and, per our versioning policy, it is time to
retire PostgreSQL 9.4.
To receive continued support, we suggest that you make plans to upgrade
to a newer, supported version of PostgreSQL. Please see the PostgreSQL
versioning policy for more information.
Security Issues
* CVE-2020-1720: `ALTER ... DEPENDS ON EXTENSION` is missing
authorization checks.
Versions Affected: 9.6 - 12
The `ALTER ... DEPENDS ON EXTENSION` sub-commands do not perform
authorization checks, which can allow an unprivileged user to drop any
function, procedure, materialized view, index, or trigger under certain
conditions. This attack is possible if an administrator has installed an
extension and an unprivileged user can `CREATE`, or an extension owner
either executes `DROP EXTENSION` predictably or can be convinced to
execute `DROP EXTENSION`.
Release notes: https://www.postgresql.org/docs/current/release.html
Notes:
svn path=/head/; revision=526063
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.1, 11.6, 10.11,
9.6.16, 9.5.20, and 9.4.25. This release fixes over 50 bugs reported
over the last three months.
PostgreSQL 9.4 will stop receiving fixes on February 13, 2020, which is
the next planned cumulative update release. We suggest that you make
plans to upgrade to a newer, supported version of PostgreSQL. Please see
our versioning policy for more information:
This update also fixes over 50 bugs that were reported in the last
several months. Some of these issues affect only version 12, but may
also affect all supported versions.
Specific change to the FreeBSD port:
Starting now, the default for TZDATA has changed to using the underlying OS'
time zone database instead of the one built in to PostgreSQL. This change is
made since PostgreSQL will not release a patch in the event where the time zone
database changes, whereas FreeBSD will.
Release notes: https://www.postgresql.org/about/news/1994/
URL: https://www.postgresql.org/support/versioning/
Notes:
svn path=/head/; revision=517600
|
| |
|
|
| |
Notes:
svn path=/head/; revision=508835
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 11.5, 10.10,
9.6.15, 9.5.19, and 9.4.24, as well as the third beta of PostgreSQL 12.
This release fixes two security issues in the PostgreSQL server, two
security issues found in one of the PostgreSQL Windows installers, and
over 40 bugs reported since the previous release.
Users should install these updates as soon as possible.
A Note on the PostgreSQL 12 Beta
================================
In the spirit of the open source PostgreSQL community, we strongly
encourage you to test the new features of PostgreSQL 12 in your database
systems to help us eliminate any bugs or other issues that may exist.
While we do not advise you to run PostgreSQL 12 Beta 3 in your
production environments, we encourage you to find ways to run your
typical application workloads against this beta release.
Your testing and feedback will help the community ensure that the
PostgreSQL 12 release upholds our standards of providing a stable,
reliable release of the world's most advanced open source relational
database.
Security Issues
===============
Two security vulnerabilities have been closed by this release:
* CVE-2019-10208: `TYPE` in `pg_temp` executes arbitrary SQL during
`SECURITY DEFINER` execution
Versions Affected: 9.4 - 11
Given a suitable `SECURITY DEFINER` function, an attacker can execute
arbitrary SQL under the identity of the function owner. An attack
requires `EXECUTE` permission on the function, which must itself contain
a function call having inexact argument type match. For example,
`length('foo'::varchar)` and `length('foo')` are inexact, while
`length('foo'::text)` is exact. As part of exploiting this
vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a
`pg_temp` schema. The attack pattern and fix are similar to that for
CVE-2007-2138.
Writing `SECURITY DEFINER` functions continues to require following the
considerations noted in the documentation:
https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY
The PostgreSQL project thanks Tom Lane for reporting this problem.
* CVE-2019-10209: Memory disclosure in cross-type comparison for hashed
subplan
Versions Affected: 11
In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples.
The PostgreSQL project thanks Andreas Seltenreich for reporting this problem.
Notes:
svn path=/head/; revision=508390
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.
PR: 238330
Notes:
svn path=/head/; revision=507372
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 11.4, 10.9, 9.6.14, 9.5.18, and
9.4.23, as well as the second beta of PostgreSQL 12. This release fixes one
security issue and over 25 bugs since the previous cumulative update in May.
This release is made outside of the normal update release schedule as the
security vulnerability was determined to be critical enough to distribute the
fix as quickly as possible. Users who are running PostgreSQL 10, PostgreSQL 11,
or the PostgreSQL 12 beta should upgrade as soon as possible.
All other users should plan to apply this update at the next scheduled
downtime.
Release notes: https://www.postgresql.org/about/news/1949/
Security: 245629d4-991e-11e9-82aa-6cc21735f730
Notes:
svn path=/head/; revision=505245
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 11.3, 10.8, 9.6.13,
9.5.17, and 9.4.22. This release fixes two security issues in the
PostgreSQL server, a security issue found in two of the PostgreSQL
Windows installers, and over 60 bugs reported over the last three months.
Security: CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.
Security: CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read
whatever data had been sampled from that column. If this happened to
include values from rows that the user is forbidden to see by a row
security policy, the user could effectively bypass the policy. This is
fixed by only allowing a non-leakproof operator to use this data if
there are no relevant row security policies for the table.
This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL
project thanks Dean Rasheed for reporting this problem.
Also fix a FreeBSD port problem with LLVM [1] and add promote command
to `service postgresql` [2]
PR: 236100, 234879
Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2]
Notes:
svn path=/head/; revision=501149
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I've had to bump revision for several slaves here, but most will not
be rebuilt, except the -client slaves. Apologies for anyone having
to rebuild -clients unnecessarily, but it's not a heavy task- better safe
than sorry.
PR: ports/236156
Reported by: Andrew Dunstan (PostgreSQL), koobs, Dmitri Goutnik
Notes:
svn path=/head/; revision=500060
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 11.2, 10.7, 9.6.12,
9.5.16, and 9.4.21. This release changes the behavior in how PostgreSQL
interfaces with `fsync()` and includes fixes for partitioning and over
70 other bugs that were reported over the past three months.
Users should plan to apply this update at the next scheduled downtime.
FreeBSD port adds OPTIONS knob to support LLVM JIT. [1]
Highlight: Change in behavior with fsync()
------------------------------------------
When available in an operating system and enabled in the configuration
file (which it is by default), PostgreSQL uses the kernel function
`fsync()` to help ensure that data is written to a disk. In some
operating systems that provide `fsync()`, when the kernel is unable to
write out the data, it returns a failure and flushes the data that was
supposed to be written from its data buffers.
This flushing operation has an unfortunate side-effect for PostgreSQL:
if PostgreSQL tries again to write the data to disk by again calling
`fsync()`, `fsync()` will report back that it succeeded, but the data
that PostgreSQL believed to be saved to the disk would not actually be
written. This presents a possible data corruption scenario.
This update modifies how PostgreSQL handles a `fsync()` failure:
PostgreSQL will no longer retry calling `fsync()` but instead will
panic. In this case, PostgreSQL can then replay the data from the
write-ahead log (WAL) to help ensure the data is written. While this may
appear to be a suboptimal solution, there are presently few alternatives
and, based on reports, the problem case occurs extremely rarely.
A new server parameter `data_sync_retry` has been added to manage this
behavior. If you are certain that your kernel does not discard dirty
data buffers in such scenarios, you can set `data_sync_retry` to `on` to
restore the old behavior.
Release Notes: https://www.postgresql.org/about/news/1920/
PR: 232490 [1]
Notes:
svn path=/head/; revision=492989
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.
PR: 231590
Notes:
svn path=/head/; revision=487272
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Global Development Group has released an update to all supported versions of
our database system, including 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25.
This release fixes one security issue as well as bugs reported over the last
three months.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required if you are using pg_stat_statements in your installation.
This update is also the final release for PostgreSQL 9.3, which is now
end-of-life and will no longer receive any bug or security fixes. If your
environment still uses PostgreSQL 9.3, please make plans to update to a
community supported version as soon as possible. Please see our versioning
policy for more information.
Releasenotes: https://www.postgresql.org/about/news/1905/
Security: 1c27a706-e3aa-11e8-b77a-6cc21735f730
Security: CVE-2018-16850
Notes:
svn path=/head/; revision=484488
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24. This release fixes two security issues as well as bugs reported over
the last three months.
If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.
The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.
This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.
Releasenotes: https://www.postgresql.org/about/news/1878/
PR: 229523, 198588
Security: 96eab874-9c79-11e8-b34b-6cc21735f730
Security: CVE-2018-10915, CVE-2018-10925
Notes:
svn path=/head/; revision=476819
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23.
This release fixes one security issue as well as several bugs reported over the
last three months. Users should plan to update at the next convenient downtime.
Please see the "Updating" section for post-installation steps for the security
fix and the "incorrect volatility and parallel-safety markings" fix.
Releasenotes: https://www.postgresql.org/about/news/1851/
Security: CVE-2018-1115 Too-permissive access control list on function pg_logfile_rotate()
FreeBSD's port of PostgreSQL uses syslog by default, so the above security
problem is only a problem if you changed the logging configuration. Please
visit the releasenotes linked above and take the actions needed.
Notes:
svn path=/head/; revision=469638
|
| |
|
|
|
|
|
| |
Approved by: portmgr (blanket)
Notes:
svn path=/head/; revision=469405
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.
The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.
We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.
After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.
Security: CVE-2018-1058
Notes:
svn path=/head/; revision=463327
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2018-02-08 Security Update Release
==================================
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.2, 9.6.7, 9.5.11, 9.4.16, 9.3.21.
This release fixes two security issues. This release also fixes issues with
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as
well as fixes for using parallel queries and logical replication.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.2 from 10.0 or 10.1 is considered a
minor update.
Security Issues
---------------
Two security vulnerabilities have been fixed by this release:
* CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable
Local fixes to the FreeBSD ports
--------------------------------
Inform users about data checksums [1].
Make sure /usr/bin/su is used regardless of PATH settings [2].
Enable DTRACE by default [3].
PR: 214671 [1], 223157 [2], 215028 [3]
Security: c602c791-0cf4-11e8-a2ec-6cc21735f730
Notes:
svn path=/head/; revision=461251
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20,
and 9.2.24. This release fixes three security issues. This release also fixes
issues found in BRIN indexing, logical replication and other bugs reported over
the past three months.
Please note that the CVE-2017-12172 does not affect the FreeBSD port unless you
decided to not use the contrib/startscript instead of the startscript
distributed with the FreeBSD port/package.
Security: CVE-2017-12172, CVE-2017-15099, CVE-2017-15098
URL: https://www.postgresql.org/about/news/1801/
Notes:
svn path=/head/; revision=453847
|
| |
|
|
|
|
|
| |
Submitted by: Christoph Moench-Tegeder <cmt@burggraben.net>
Notes:
svn path=/head/; revision=452158
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 9.6.5, 9.5.9,
9.4.14, 9.3.19, and 9.2.23.
This release includes fixes that prevent a crash in pg_restore when
using parallel mode. It also patches over a few other bugs reported
since the last releases in August.
Additionally, in 9.4.14 only, there is a fix to an issue with walsenders
preventing primary-server shutdown unless immediate shutdown mode is used.
Users should plan to update at the next convenient downtime.
Bug Fixes and Improvements
This update also fixes a number of bugs reported in the last few weeks.
Some of these issues affect only version 9.6, but many affect all
supported versions:
* Show foreign tables in information_schema.table_privileges view.
This fix applies to new databases, see the release notes for the
procedure to apply the fix to an existing database.
* Correctly identify columns that are of a range type or domain type
over a composite type or domain type being searched for
* Prevent crash when passing fixed-length pass-by-reference data types
to parallel worker processes
* Change ecpg’s parser to allow RETURNING clauses without attached C
variables
* Change ecpg’s parser to recognize backslash continuation of C
preprocessor command lines
* Improve selection of compiler flags for PL/Perl on Windows
Notes:
svn path=/head/; revision=449278
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported versions of our database system, including 9.6.4, 9.5.8,
9.4.13, 9.3.18, and 9.2.22. This release fixes three security issues.
It also patches over 50 other bugs reported over the last three months.
Users who are affected by the below security issues should update as
soon as possible. Users affected by CVE-2017-7547
(https://access.redhat.com/security/cve/CVE-2017-7547) will need to
perform additional steps after upgrading to resolve the issue. Other
users should plan to update at the next convenient downtime.
URL: https://www.postgresql.org/about/news/1772/
Security: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548
Notes:
svn path=/head/; revision=447678
|
| |
|
|
|
|
|
|
|
|
| |
regression tests for postgresql extensions
PR: 217874
Approved by: maintainer timeout (pgsql, 4 months)
Notes:
svn path=/head/; revision=446065
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.
URL: https://www.postgresql.org/about/news/1746/
Security: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.
Notes:
svn path=/head/; revision=440628
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and
9.2.20. This release includes fixes that prevent data corruption issues in
index builds and in certain write-ahead-log replay situations, which are
detailed below. It also patches over 75 other bugs reported over the last three
months.
Users should plan to apply this update at the next scheduled downtime.
Build corruption with CREATE INDEX CONCURRENTLY
There existed a race condition if CREATE INDEX CONCURRENTLY was called on a
column that had not been indexed before, then rows that were updated by
transactions running at the same time as the CREATE INDEX CONCURRENTLY command
could have been indexed incorrectly.
If you suspect this may have happened, the most reliable solution is to rebuild
affected indexes after installing this update.
This issue is present in the 9.2, 9.3, 9.4, 9.5, and 9.6 series of PostgreSQL.
URL https://www.postgresql.org/about/news/1733/
Notes:
svn path=/head/; revision=433738
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add PYTHON_PYOEXTENSION and PYTHON_SUFFIX
- Add PYTHON2 and PYTHON3
- Respect PYTHON_VERSION
- Rename PYOEXTENSION to PYTHON_PYOEXTENSION
This change would help:
- Build databases/postgresql*-plpython with Python 3
(It has PLIST issue since bsd.python.mk to Uses/python.mk transition)
- Simplify Makefile
PR: 205807
Differential Revision: https://reviews.FreeBSD.org/D4758
Exp-run by: antoine
Notes:
svn path=/head/; revision=430839
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15,
9.2.19, and 9.1.24.
This release fixes two issues that can cause data corruption, which are
described in more detail below. It also patches a number of other bugs reported
over the last three months. The project urges users to apply this update at the
next possible downtime.
Notes:
svn path=/head/; revision=424765
|
| |
|
|
|
|
|
|
|
| |
- s/USE_OPENSSL/USES=ssl/
assumed OK for commit ~1h after first notify about wrong sizes in distinfo
Notes:
svn path=/head/; revision=420093
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and
9.1.23. This release fixes two security issues. It also patches a number of
other bugs reported over the last three months. Users who rely on security
isolation between database users should update as soon as possible. Other users
should plan to update at the next convenient downtime.
If you are using the ICU patch, please consult UPDATING.
Improve periodic cleanup, suggested by claudius (at) ambtec.de. [1]
PR: 210941 [1]
Security: CVE-2016-5423, CVE-2016-5424
Notes:
svn path=/head/; revision=420089
|
| |
|
|
|
|
|
|
|
|
| |
While there, run make makepatch on affected ports, and rename patches
accordingly.
Sponsored by: Absolight
Notes:
svn path=/head/; revision=417041
|
| |
|
|
|
|
|
| |
Approved by: portmgr blanket
Notes:
svn path=/head/; revision=415503
|
| |
|
|
|
|
|
| |
URL: http://www.postgresql.org/docs/9.5/static/release-9-5-3.html
Notes:
svn path=/head/; revision=415091
|
| |
|
|
|
|
|
| |
URL: http://www.postgresql.org/about/news/1656/
Notes:
svn path=/head/; revision=412227
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security Fixes for Regular Expressions, PL/Java
This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.
The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser
URL: http://www.postgresql.org/about/news/1644/
Security: CVE-2016-0773, CVE-2016-0766
Notes:
svn path=/head/; revision=408835
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two security issues have been fixed in this release which affect users
of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt( function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
This update will also disable SSL renegotiation by default;
previously, it was enabled by default. SSL renegotiation will be
removed entirely in PostgreSQL versions 9.5 and later.
URL: http://www.postgresql.org/about/news/1615/
Security: CVE-2015-5288 CVE-2015-5289
Notes:
svn path=/head/; revision=398895
|
| |
|
|
|
|
|
| |
PR: ports/202649
Notes:
svn path=/head/; revision=398690
|
| |
|
|
|
|
|
|
| |
Use OPTIONS_SUB to automatically PLIST_SUB
Use OPTIONS helpers
Notes:
svn path=/head/; revision=392699
|
| |
|
|
| |
Notes:
svn path=/head/; revision=392696
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4
with "multixact wraparound", but failed to account for issues doing multixact
cleanup during crash recovery. This could cause servers to be unable to restart
after a crash. As such, all users of 9.3 and 9.4 should apply this update as
soon as possible.
URL: http://www.postgresql.org/about/news/1592/
Notes:
svn path=/head/; revision=389267
|
| |
|
|
|
|
|
|
|
|
| |
The update is mostly to fix the file persmission problem described
in the URL below. You might want to wait until next upgrade, depending
on you local configuration.
URL: http://www.postgresql.org/about/news/1590/
Notes:
svn path=/head/; revision=388585
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Data Corruption Fix
For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where
the database will fail to protect against "multixact wraparound", resulting in
data corruption or loss. Users with a high transaction rate (1 million or more
per hour) in a database with many foreign keys are especially vulnerable. We
strongly urge all users of 9.4 and 9.3 to update their installations in the
next few days.
Users of versions 9.2 and earlier are not affected by this issue.
Security: fc38cd83-00b3-11e5-8ebd-0026551a22dc
Notes:
svn path=/head/; revision=387089
|
| |
|
|
| |
Notes:
svn path=/head/; revision=384223
|
| |
|
|
| |
Notes:
svn path=/head/; revision=383272
|
| |
|
|
|
|
|
|
|
|
| |
- Maintainer's timeout (pgsql@FreeBSD.org)
PR: 197489
Submitted by: Shun <shun.fbsd.pr@dropcut.net>
Notes:
svn path=/head/; revision=383112
|
| |
|
|
|
|
|
|
|
|
| |
"Revert the change from readline to libedit, and instead make libedit optional.",
I failed to get the PORTREVISION set correctly. Fixed now.
PR: ports/197362
Notes:
svn path=/head/; revision=378608
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161
Notes:
svn path=/head/; revision=378500
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Major enhancements in PostgreSQL 9.4 include:
Add jsonb, a more capable and efficient data type for storing JSON data
Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration
file entries
Reduce lock strength for some ALTER TABLE commands
Allow materialized views to be refreshed without blocking concurrent reads
Add support for logical decoding of WAL data, to allow database changes to be
streamed out in a customizable format
Allow background worker processes to be dynamically registered, started and
terminated The above items are explained in more detail in the sections below.
URL: http://www.postgresql.org/docs/9.4/static/release-9-4.html
Notes:
svn path=/head/; revision=374908
|
| |
|
|
| |
Notes:
svn path=/head/; revision=372796
|
| |
|
|
| |
Notes:
svn path=/head/; revision=370540
|
| |
|
|
|
|
|
| |
Reported by: pkg developer mode
Notes:
svn path=/head/; revision=366094
|
