| Commit message (Collapse) | Author | Files | Lines |
|---|
|
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 9.6.4, 9.5.8,
9.4.13, 9.3.18, and 9.2.22. This release fixes three security issues.
It also patches over 50 other bugs reported over the last three months.
Users who are affected by the below security issues should update as
soon as possible. Users affected by CVE-2017-7547
(https://access.redhat.com/security/cve/CVE-2017-7547) will need to
perform additional steps after upgrading to resolve the issue. Other
users should plan to update at the next convenient downtime.
URL: https://www.postgresql.org/about/news/1772/
Security: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548
FTP sites are shut down.
WWW: https://www.postgresql.org/message-id/09fd5ea6-7e09-3101-07ba-2c1d9f2d0aec%40joeconway.com
Approved by: ports-secteam
|
|
- Bump PORTREVISION for shlib change
Changes: https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision: https://reviews.freebsd.org/D11172
PR: 219947
Exp-run by: antoine
|
|
Approved by: portmgr (blanket)
|
|
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.
URL: https://www.postgresql.org/about/news/1746/
Security: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.
|
|
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and
9.2.20. This release includes fixes that prevent data corruption issues in
index builds and in certain write-ahead-log replay situations, which are
detailed below. It also patches over 75 other bugs reported over the last three
months.
Users should plan to apply this update at the next scheduled downtime.
Build corruption with CREATE INDEX CONCURRENTLY
There existed a race condition if CREATE INDEX CONCURRENTLY was called on a
column that had not been indexed before, then rows that were updated by
transactions running at the same time as the CREATE INDEX CONCURRENTLY command
could have been indexed incorrectly.
If you suspect this may have happened, the most reliable solution is to rebuild
affected indexes after installing this update.
This issue is present in the 9.2, 9.3, 9.4, 9.5, and 9.6 series of PostgreSQL.
URL https://www.postgresql.org/about/news/1733/
|
|
- Add PYTHON_PYOEXTENSION and PYTHON_SUFFIX
- Add PYTHON2 and PYTHON3
- Respect PYTHON_VERSION
- Rename PYOEXTENSION to PYTHON_PYOEXTENSION
This change would help:
- Build databases/postgresql*-plpython with Python 3
(It has PLIST issue since bsd.python.mk to Uses/python.mk transition)
- Simplify Makefile
PR: 205807
Differential Revision: https://reviews.FreeBSD.org/D4758
Exp-run by: antoine
|
|
Sponsored by: Absolight
|
|
Changes: http://site.icu-project.org/download/58
PR: 214384
Exp-run by: antoine
Approved by: office (bapt)
|
|
option description. Those ports where it meant something more specific were
left untouched.
|
|
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15,
9.2.19, and 9.1.24.
This release fixes two issues that can cause data corruption, which are
described in more detail below. It also patches a number of other bugs reported
over the last three months. The project urges users to apply this update at the
next possible downtime.
|
|
- Clean up the Makefile.
- Follow some upstream recommendations (--with-data-packaging=archive,
--disable-renaming, -DICU_NO_USER_DATA_OVERRIDE).
- Patch makefiles to install static libraries with INSTALL_DATA so they
aren't stripped.
- Patch config/mh-bsd-gcc to sync with config/mh-linux-gcc.
- Fix endianness detection in ICU. The code wanted to use BYTE_ORDER
defined in machine/endian.h, but this isn't visible because ICU is
compiled with _XOPEN_SOURCE. Patch the code to use _BYTE_ORDER instead.
- Compile ICU with C++11 compiler to enable move constructors.
- Patch ICU to fix a problem with atomics in the case of a C++11 compiler
without C++11 header <atomic> (like Clang on FreeBSD 9).
- Bump all ports that depend on it due to library version change.
- Add USES=compiler:c++0x to some ports that pick up -std=c++0x from ICU
pkgconfig files.
- Add USES=compiler:c++11-lib to graphics/libcdr01 because it also needs
a C++11 runtime library now. Add this to all ports that depend on it
so their executables load the right libstdc++.so on FreeBSD 9.
PR: 205120
Exp-run by: antoine
Approved by: portmgr (antoine)
|
|
Fix spelling while here [2]
Pointed out by: matthew [1], bcr [2]
Pointy hat to: girgen
|
|
Fix bad pkg-plist for postgresql 9.6 server
|
|
Please read the entry from 20160905 in UPDATING:
daemon user has changed to `postgres'
ICU is default on
|
|
- s/USE_OPENSSL/USES=ssl/
assumed OK for commit ~1h after first notify about wrong sizes in distinfo
|
|
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and
9.1.23. This release fixes two security issues. It also patches a number of
other bugs reported over the last three months. Users who rely on security
isolation between database users should update as soon as possible. Other users
should plan to update at the next convenient downtime.
If you are using the ICU patch, please consult UPDATING.
Improve periodic cleanup, suggested by claudius (at) ambtec.de. [1]
PR: 210941 [1]
Security: CVE-2016-5423, CVE-2016-5424
|
|
stripping would destroy some probes and might result in instable
behaviour when trying to access those probes.
PR: 204314
Approved by: rene (mentor), maintainer-timeout
|
|
This time not bumping lang/php70, but devel/php70-intl which is the one
really depending on icu.
PR: 205120
With hat: portmgr
Sponsored by: Absolight
|
|
|
|
While there, run make makepatch on affected ports, and rename patches
accordingly.
Sponsored by: Absolight
|
|
Approved by: portmgr blanket
|
|
URL: http://www.postgresql.org/docs/9.5/static/release-9-5-3.html
|
|
With hat: portmgr
Sponsored by: Absolight
|
|
URL: http://www.postgresql.org/about/news/1656/
|
|
Security Fixes for Regular Expressions, PL/Java
This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.
The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser
URL: http://www.postgresql.org/about/news/1644/
Security: CVE-2016-0773, CVE-2016-0766
|
|
pg_upgrade. Other where added in 9.5, but the port failed to install them.
Make sure they are properly installed by the correct port (-client or -server) [1]
Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]
Add options to allow user to be set for the backup script in periodic.
Add this option only to 9.5 for now. It will be updated to other servers at
next regular patch release. [3]
The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.
Noticed by: Paul Guyot [1]
PR: 192387 [2]
PR: 172110 [3]
PR: 206046 [4]
|
|
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3694
|
|
Two security issues have been fixed in this release which affect users
of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt( function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
This update will also disable SSL renegotiation by default;
previously, it was enabled by default. SSL renegotiation will be
removed entirely in PostgreSQL versions 9.5 and later.
URL: http://www.postgresql.org/about/news/1615/
Security: CVE-2015-5288 CVE-2015-5289
|
|
PR: ports/202649
|
|
|
|
|
|
Remove (server) from the description
|
|
|
|
Use OPTIONS_SUB to automatically PLIST_SUB
Use OPTIONS helpers
|
|
|
|
Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4
with "multixact wraparound", but failed to account for issues doing multixact
cleanup during crash recovery. This could cause servers to be unable to restart
after a crash. As such, all users of 9.3 and 9.4 should apply this update as
soon as possible.
URL: http://www.postgresql.org/about/news/1592/
|
|
The update is mostly to fix the file persmission problem described
in the URL below. You might want to wait until next upgrade, depending
on you local configuration.
URL: http://www.postgresql.org/about/news/1590/
|
|
Data Corruption Fix
For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where
the database will fail to protect against "multixact wraparound", resulting in
data corruption or loss. Users with a high transaction rate (1 million or more
per hour) in a database with many foreign keys are especially vulnerable. We
strongly urge all users of 9.4 and 9.3 to update their installations in the
next few days.
Users of versions 9.2 and earlier are not affected by this issue.
Security: fc38cd83-00b3-11e5-8ebd-0026551a22dc
|
|
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
|
|
|
|
|
|
|
|
Note: virtuoso did not pass check-plist from before, so it was fixed.
approved by: PTHREAD blanket
|
|
- Maintainer's timeout (pgsql@FreeBSD.org)
PR: 197487
Submitted by: Shun <shun.fbsd.pr@dropcut.net>
|
|
PR: ports/197362
|
|
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161
|
|
We need -pthread in LDFLAGS for threaded extensions like plv8js to work.
PR: 175783
Submitted by: Li-Wen Hsu <lwhsu@FreeBSD.org>
|
|
PR: 193451
Submitted by: dmitry2004@yandex.ru
|
|
Reviewed by: bapt
|
|
Exp-run: 192242, 192244
|
