The PostgreSQL Global Development Group has released an update to all

supported versions of our database system, including 11.3, 10.8, 9.6.13,
9.5.17, and 9.4.22. This release fixes two security issues in the
PostgreSQL server, a security issue found in two of the PostgreSQL
Windows installers, and over 60 bugs reported over the last three months.

Security:	CVE-2019-10129: Memory disclosure in partition routing

Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.

Security:	CVE-2019-10130: Selectivity estimators bypass row security policies

PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read
whatever data had been sampled from that column.  If this happened to
include values from rows that the user is forbidden to see by a row
security policy, the user could effectively bypass the policy.  This is
fixed by only allowing a non-leakproof operator to use this data if
there are no relevant row security policies for the table.

This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL
project thanks Dean Rasheed for reporting this problem.

Also fix a FreeBSD port problem with LLVM [1] and add promote command
to `service postgresql` [2]

PR:	236100, 234879
Submitted by:	tomonori.usaka@ubin.jp [1], Trix Farrar [2]

17 files changed, 52 insertions, 28 deletions

diff --git a/databases/postgresql10-server/Makefile b/databases/postgresql10-server/Makefile
index 8c523cb7a61a..b2ff3687aea7 100644
--- a/databases/postgresql10-server/Makefile
+++ b/databases/postgresql10-server/Makefile
@@ -1,8 +1,10 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	10.7
-PORTREVISION?=	2
+DISTVERSION?=	10.8
+# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
+# not their own.  Probably best to keep it at ?=0 when reset here too.
+PORTREVISION?=	0
 PKGNAMESUFFIX?=	${DISTVERSION:R:S/.//}${COMPONENT}
 
 MAINTAINER?=	pgsql@FreeBSD.org
diff --git a/databases/postgresql10-server/distinfo b/databases/postgresql10-server/distinfo
index f4d891ccc7fc..15db182a4fb7 100644
--- a/databases/postgresql10-server/distinfo
+++ b/databases/postgresql10-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1550095318
-SHA256 (postgresql/postgresql-10.7.tar.bz2) = bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede
-SIZE (postgresql/postgresql-10.7.tar.bz2) = 18940030
+TIMESTAMP = 1557217826
+SHA256 (postgresql/postgresql-10.8.tar.bz2) = b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d
+SIZE (postgresql/postgresql-10.8.tar.bz2) = 18958913
diff --git a/databases/postgresql10-server/files/postgresql.in b/databases/postgresql10-server/files/postgresql.in
index df4384e6eba2..ca429d1d5388 100644
--- a/databases/postgresql10-server/files/postgresql.in
+++ b/databases/postgresql10-server/files/postgresql.in
@@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
 restart_cmd="postgresql_command restart"
 reload_cmd="postgresql_command reload"
 status_cmd="postgresql_command status"
+promote_cmd="postgresql_command promote"
 
 initdb_cmd="postgresql_initdb"
 
diff --git a/databases/postgresql10-server/pkg-plist-server b/databases/postgresql10-server/pkg-plist-server
index 5975d09d8903..cb26c2721916 100644
--- a/databases/postgresql10-server/pkg-plist-server
+++ b/databases/postgresql10-server/pkg-plist-server
@@ -95,6 +95,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/es/LC_MESSAGES/pg_rewind-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-10.mo
+%%NLS%%share/locale/es/LC_MESSAGES/pg_upgrade-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/postgres-10.mo
diff --git a/databases/postgresql11-server/Makefile b/databases/postgresql11-server/Makefile
index f81f7f99beb4..76e858004a2a 100644
--- a/databases/postgresql11-server/Makefile
+++ b/databases/postgresql11-server/Makefile
@@ -2,10 +2,10 @@
 # $FreeBSD$
 
 PORTNAME?=	postgresql
-DISTVERSION?=	11.2
-# PORTREVISION must be ?= otherwise, all other port get this PORTREVISION and
+DISTVERSION?=	11.3
+# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
-PORTREVISION?=	2
+PORTREVISION?=	0
 CATEGORIES?=	databases
 MASTER_SITES=	PGSQL/source/v${DISTVERSION}
 PKGNAMESUFFIX?= ${PORTVERSION:R}${COMPONENT}
@@ -175,12 +175,13 @@ USES+=		compiler:gcc-c++11-lib
 
 .if ${DISTVERSION:C/([0-9]*).*/\1/} >= 11
 .  if defined(SERVER_ONLY) && ${PORT_OPTIONS:MLLVM}
-LLVM_VERSION=		60
-BUILD_DEPENDS+=		llvm-config${LLVM_VERSION}:devel/llvm${LLVM_VERSION}
-RUN_DEPENDS+=		llvm-config${LLVM_VERSION}:devel/llvm${LLVM_VERSION}
-CONFIGURE_ENV+=		LLVM_CONFIG=${LOCALBASE}/bin/llvm-config60 CLANG=${LOCALBASE}/bin/clang60
+BUILD_DEPENDS+=		llvm${LLVM_DEFAULT}>0:devel/llvm${LLVM_DEFAULT}
+BUILD_DEPENDS+=		llvm-config${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
+RUN_DEPENDS+=		llvm-config${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
+CONFIGURE_ENV+=		LLVM_CONFIG=${LOCALBASE}/bin/llvm-config${LLVM_DEFAULT}
 CONFIGURE_ARGS+=	--with-llvm
 PLIST_SUB+=		LLVM=""
+INSTALL_DIRS+=		src/backend/jit/llvm
 .  else
 PLIST_SUB+=		LLVM="@comment "
 CONFIGURE_ARGS+=	--without-llvm
diff --git a/databases/postgresql11-server/distinfo b/databases/postgresql11-server/distinfo
index de1680b144fc..81b04d20d3a1 100644
--- a/databases/postgresql11-server/distinfo
+++ b/databases/postgresql11-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1550095269
-SHA256 (postgresql/postgresql-11.2.tar.bz2) = 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405
-SIZE (postgresql/postgresql-11.2.tar.bz2) = 19714229
+TIMESTAMP = 1557217836
+SHA256 (postgresql/postgresql-11.3.tar.bz2) = 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d
+SIZE (postgresql/postgresql-11.3.tar.bz2) = 19718775
diff --git a/databases/postgresql11-server/files/postgresql.in b/databases/postgresql11-server/files/postgresql.in
index 22484930010d..6716757deca0 100644
--- a/databases/postgresql11-server/files/postgresql.in
+++ b/databases/postgresql11-server/files/postgresql.in
@@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
 restart_cmd="postgresql_command restart"
 reload_cmd="postgresql_command reload"
 status_cmd="postgresql_command status"
+promote_cmd="postgresql_command promote"
 
 initdb_cmd="postgresql_initdb"
 
diff --git a/databases/postgresql11-server/pkg-plist-server b/databases/postgresql11-server/pkg-plist-server
index 77a260b54304..7060c7b66838 100644
--- a/databases/postgresql11-server/pkg-plist-server
+++ b/databases/postgresql11-server/pkg-plist-server
@@ -45,6 +45,8 @@ lib/postgresql/utf8_and_sjis.so
 lib/postgresql/utf8_and_sjis2004.so
 lib/postgresql/utf8_and_uhc.so
 lib/postgresql/utf8_and_win.so
+%%LLVM%%lib/postgresql/llvmjit.so
+%%LLVM%%lib/postgresql/llvmjit_types.bc
 %%LLVM%%lib/postgresql/bitcode/postgres.index.bc
 %%LLVM%%lib/postgresql/bitcode/postgres/access/brin/brin.bc
 %%LLVM%%lib/postgresql/bitcode/postgres/access/brin/brin_inclusion.bc
@@ -750,6 +752,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-11.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-11.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-11.mo
+%%NLS%%share/locale/es/LC_MESSAGES/pg_upgrade-11.mo
 %%NLS%%share/locale/es/LC_MESSAGES/plpgsql-11.mo
 %%NLS%%share/locale/es/LC_MESSAGES/postgres-11.mo
 %%NLS%%share/locale/fr/LC_MESSAGES/initdb-11.mo
@@ -865,9 +868,15 @@ lib/libpgcommon.a
 %%NLS%%share/locale/vi/LC_MESSAGES/pg_waldump-11.mo
 %%NLS%%share/locale/vi/LC_MESSAGES/plpgsql-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_archivecleanup-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_basebackup-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_ctl-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_resetwal-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_rewind-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_test_fsync-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_test_timing-11.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_upgrade-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/plpgsql-11.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/postgres-11.mo
 %%DATADIR%%/snowball_create.sql
diff --git a/databases/postgresql94-server/Makefile b/databases/postgresql94-server/Makefile
index a98121420c9d..07c2500bc549 100644
--- a/databases/postgresql94-server/Makefile
+++ b/databases/postgresql94-server/Makefile
@@ -1,7 +1,9 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.4.21
+DISTVERSION?=	9.4.22
+# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
+# not their own.  Probably best to keep it at ?=0 when reset here too.
 PORTREVISION?=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql94-server/distinfo b/databases/postgresql94-server/distinfo
index 17fee840f90a..c53bbaeb40da 100644
--- a/databases/postgresql94-server/distinfo
+++ b/databases/postgresql94-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1550095339
-SHA256 (postgresql/postgresql-9.4.21.tar.bz2) = 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006
-SIZE (postgresql/postgresql-9.4.21.tar.bz2) = 16871522
+TIMESTAMP = 1557217847
+SHA256 (postgresql/postgresql-9.4.22.tar.bz2) = d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b
+SIZE (postgresql/postgresql-9.4.22.tar.bz2) = 16848787
 SHA256 (postgresql/pg-949-icu-2016-10-02.diff.gz) = 34612e685a79874db04bc6b66c700bfc6412042840c532eef0da7832d1f70d43
 SIZE (postgresql/pg-949-icu-2016-10-02.diff.gz) = 5289
diff --git a/databases/postgresql94-server/files/postgresql.in b/databases/postgresql94-server/files/postgresql.in
index f6ea340f7f0f..04dd00996082 100644
--- a/databases/postgresql94-server/files/postgresql.in
+++ b/databases/postgresql94-server/files/postgresql.in
@@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
 restart_cmd="postgresql_command restart"
 reload_cmd="postgresql_command reload"
 status_cmd="postgresql_command status"
+promote_cmd="postgresql_command promote"
 
 initdb_cmd="postgresql_initdb"
 
diff --git a/databases/postgresql95-server/Makefile b/databases/postgresql95-server/Makefile
index 90a554ec4f49..a7587bb3ed41 100644
--- a/databases/postgresql95-server/Makefile
+++ b/databases/postgresql95-server/Makefile
@@ -1,7 +1,9 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.5.16
+DISTVERSION?=	9.5.17
+# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
+# not their own.  Probably best to keep it at ?=0 when reset here too.
 PORTREVISION?=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql95-server/distinfo b/databases/postgresql95-server/distinfo
index f821c7f8937b..88a7a1ebdb75 100644
--- a/databases/postgresql95-server/distinfo
+++ b/databases/postgresql95-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1550095350
-SHA256 (postgresql/postgresql-9.5.16.tar.bz2) = a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131
-SIZE (postgresql/postgresql-9.5.16.tar.bz2) = 17506874
+TIMESTAMP = 1557217857
+SHA256 (postgresql/postgresql-9.5.17.tar.bz2) = 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705
+SIZE (postgresql/postgresql-9.5.17.tar.bz2) = 17563469
 SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365
 SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952
diff --git a/databases/postgresql95-server/files/postgresql.in b/databases/postgresql95-server/files/postgresql.in
index f6ea340f7f0f..04dd00996082 100644
--- a/databases/postgresql95-server/files/postgresql.in
+++ b/databases/postgresql95-server/files/postgresql.in
@@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
 restart_cmd="postgresql_command restart"
 reload_cmd="postgresql_command reload"
 status_cmd="postgresql_command status"
+promote_cmd="postgresql_command promote"
 
 initdb_cmd="postgresql_initdb"
 
diff --git a/databases/postgresql96-server/Makefile b/databases/postgresql96-server/Makefile
index bd547208bef1..36a2f605b3d1 100644
--- a/databases/postgresql96-server/Makefile
+++ b/databases/postgresql96-server/Makefile
@@ -1,8 +1,10 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.6.12
-PORTREVISION?=	1
+DISTVERSION?=	9.6.13
+# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
+# not their own.  Probably best to keep it at ?=0 when reset here too.
+PORTREVISION?=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
 MAINTAINER?=	pgsql@FreeBSD.org
diff --git a/databases/postgresql96-server/distinfo b/databases/postgresql96-server/distinfo
index 9e002a6aa53b..b95dbf73bd32 100644
--- a/databases/postgresql96-server/distinfo
+++ b/databases/postgresql96-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1550094963
-SHA256 (postgresql/postgresql-9.6.12.tar.bz2) = 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84
-SIZE (postgresql/postgresql-9.6.12.tar.bz2) = 18759442
+TIMESTAMP = 1557217617
+SHA256 (postgresql/postgresql-9.6.13.tar.bz2) = ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4
+SIZE (postgresql/postgresql-9.6.13.tar.bz2) = 18767279
 SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e
 SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998
diff --git a/databases/postgresql96-server/files/postgresql.in b/databases/postgresql96-server/files/postgresql.in
index 9a9090b74947..0734770b35a8 100644
--- a/databases/postgresql96-server/files/postgresql.in
+++ b/databases/postgresql96-server/files/postgresql.in
@@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
 restart_cmd="postgresql_command restart"
 reload_cmd="postgresql_command reload"
 status_cmd="postgresql_command status"
+promote_cmd="postgresql_command promote"
 
 initdb_cmd="postgresql_initdb"