summaryrefslogtreecommitdiff
path: root/databases/postgresql12-server/files/pkg-message-server.in
diff options
context:
space:
mode:
authorPalle Girgensohn <girgen@FreeBSD.org>2019-08-08 15:33:02 +0000
committerPalle Girgensohn <girgen@FreeBSD.org>2019-08-08 15:33:02 +0000
commit2ffb94e0780f98b19545cd11a16b7737be2a5d52 (patch)
treefc0ee30cbf842c4eaf667353b27c72633e18ed48 /databases/postgresql12-server/files/pkg-message-server.in
parentAdd security information for PostgreSQL (diff)
iThe PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.5, 10.10, 9.6.15, 9.5.19, and 9.4.24, as well as the third beta of PostgreSQL 12. This release fixes two security issues in the PostgreSQL server, two security issues found in one of the PostgreSQL Windows installers, and over 40 bugs reported since the previous release. Users should install these updates as soon as possible. A Note on the PostgreSQL 12 Beta ================================ In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 12 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise you to run PostgreSQL 12 Beta 3 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release. Your testing and feedback will help the community ensure that the PostgreSQL 12 release upholds our standards of providing a stable, reliable release of the world's most advanced open source relational database. Security Issues =============== Two security vulnerabilities have been closed by this release: * CVE-2019-10208: `TYPE` in `pg_temp` executes arbitrary SQL during `SECURITY DEFINER` execution Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length('foo'::varchar)` and `length('foo')` are inexact, while `length('foo'::text)` is exact. As part of exploiting this vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a `pg_temp` schema. The attack pattern and fix are similar to that for CVE-2007-2138. Writing `SECURITY DEFINER` functions continues to require following the considerations noted in the documentation: https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY The PostgreSQL project thanks Tom Lane for reporting this problem. * CVE-2019-10209: Memory disclosure in cross-type comparison for hashed subplan Versions Affected: 11 In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples. The PostgreSQL project thanks Andreas Seltenreich for reporting this problem.
Notes
Notes: svn path=/head/; revision=508390
Diffstat (limited to 'databases/postgresql12-server/files/pkg-message-server.in')
-rw-r--r--databases/postgresql12-server/files/pkg-message-server.in64
1 files changed, 64 insertions, 0 deletions
diff --git a/databases/postgresql12-server/files/pkg-message-server.in b/databases/postgresql12-server/files/pkg-message-server.in
new file mode 100644
index 000000000000..8df5b8198903
--- /dev/null
+++ b/databases/postgresql12-server/files/pkg-message-server.in
@@ -0,0 +1,64 @@
+For procedural languages and postgresql functions, please note that
+you might have to update them when updating the server.
+
+If you have many tables and many clients running, consider raising
+kern.maxfiles using sysctl(8), or reconfigure your kernel
+appropriately.
+
+The port is set up to use autovacuum for new databases, but you might
+also want to vacuum and perhaps backup your database regularly. There
+is a periodic script, %%PREFIX%%/etc/periodic/daily/502.pgsql, that
+you may find useful. You can use it to backup and perform vacuum on all
+databases nightly. Per default, it performs `vacuum analyze'. See the
+script for instructions. For autovacuum settings, please review
+~pgsql/data/postgresql.conf.
+
+If you plan to access your PostgreSQL server using ODBC, please
+consider running the SQL script %%PREFIX%%/share/postgresql/odbc.sql
+to get the functions required for ODBC compliance.
+
+Please note that if you use the rc script,
+%%PREFIX%%/etc/rc.d/postgresql, to initialize the database, unicode
+(UTF-8) will be used to store character data by default. Set
+postgresql_initdb_flags or use login.conf settings described below to
+alter this behaviour. See the start rc script for more info.
+
+To set limits, environment stuff like locale and collation and other
+things, you can set up a class in /etc/login.conf before initializing
+the database. Add something similar to this to /etc/login.conf:
+---
+postgres:\
+ :lang=en_US.UTF-8:\
+ :setenv=LC_COLLATE=C:\
+ :tc=default:
+---
+and run `cap_mkdb /etc/login.conf'.
+Then add 'postgresql_class="postgres"' to /etc/rc.conf.
+
+======================================================================
+
+To initialize the database, run
+
+ %%PREFIX%%/etc/rc.d/postgresql initdb
+
+You can then start PostgreSQL by running:
+
+ %%PREFIX%%/etc/rc.d/postgresql start
+
+For postmaster settings, see ~pgsql/data/postgresql.conf
+
+NB. FreeBSD's PostgreSQL port logs to syslog by default
+ See ~pgsql/data/postgresql.conf for more info
+
+NB. If you're not using a checksumming filesystem like ZFS, you might
+ wish to enable data checksumming. It can only be enabled during
+ the initdb phase, by adding the "--data-checksums" flag to
+ the postgres_initdb_flags rcvar. Check the initdb(1) manpage
+ for more info and make sure you understand the performance
+ implications.
+
+======================================================================
+
+To run PostgreSQL at startup, add
+'postgresql_enable="YES"' to /etc/rc.conf
+