diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-09 22:13:22 +0200 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-10 00:34:46 +0200 |
| commit | ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373 (patch) | |
| tree | 5a1be2c384a6472f3471f0e27acd58b1552f9465 /databases/postgresql16-server | |
| parent | security/vuxml: Document vulnerability in postgresql. (diff) | |
databases/postgresql??-*: Update to latest versions
PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15,
and 12.19. This release fixes one security vulnerability and over 55
bugs reported over the last several months.
Please note that the fix in this release for CVE-2024-4317 only fixes
fresh PostgreSQL installations, namely those that are created with the
initdb utility after this fix is applied. If you have a current
PostgreSQL installation and are concerned about this issue, please
follow the additional updating instructions provided in the
CVE-2024-4317 description or the release notes for the remediation. [1]
The script is installed as /usr/local/share/postgresql/fix-CVE-2024-4317.sql
PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are
running PostgreSQL 12 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.
[1]: https://www.postgresql.org/support/security/CVE-2024-4317/
Security: d53c30c1-0d7b-11ef-ba02-6cc21735f730
PR: 277428 (remove unneded patch)
PR: 260494 (remove deprecated INTDATE option)
PR: 265860 (correct path for contrib README file in pkg-message)
Diffstat (limited to 'databases/postgresql16-server')
6 files changed, 20 insertions, 39 deletions
diff --git a/databases/postgresql16-server/Makefile b/databases/postgresql16-server/Makefile index bb6e623c3449..2adc5a60ec4a 100644 --- a/databases/postgresql16-server/Makefile +++ b/databases/postgresql16-server/Makefile @@ -1,5 +1,5 @@ PORTNAME?= postgresql -DISTVERSION?= 16.2 +DISTVERSION?= 16.3 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 @@ -81,7 +81,7 @@ CONFIGURE_ENV+= PATH=${PREFIX}/bin:${PATH} .endif .if defined(SERVER_ONLY) -OPTIONS_DEFINE= DTRACE LDAP INTDATE TZDATA XML DOCS +OPTIONS_DEFINE= DTRACE LDAP TZDATA XML DOCS LDAP_DESC= Build with LDAP authentication support TZDATA_DESC= Use internal timezone database XML_DESC= Build with XML data type @@ -114,12 +114,6 @@ LLVM_CONFIGURE_ENV= LLVM_CONFIG=${LLVM_CONFIG} \ CLANG=${LOCALBASE}/bin/clang${LLVM_VERSION} LLVM_USES= llvm:max=15,min=11,lib -# See http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/76999 for more info -# (requires dump/restore if modified.) -OPTIONS_DEFINE+= INTDATE -INTDATE_DESC= Builds with 64-bit date/time type -OPTIONS_DEFAULT+= INTDATE - CONFIGURE_ARGS+= --with-icu LIB_DEPENDS+= libicudata.so:devel/icu USES+= pkgconfig @@ -162,8 +156,6 @@ XML_LIB_DEPENDS= libxml2.so:textproc/libxml2 TZDATA_CONFIGURE_OFF= --with-system-tzdata=/usr/share/zoneinfo -INTDATE_CONFIGURE_OFF= --disable-integer-datetimes - NLS_CONFIGURE_ENABLE= nls NLS_USES= gettext diff --git a/databases/postgresql16-server/distinfo b/databases/postgresql16-server/distinfo index bb2283ecf3ea..a5b9b692f324 100644 --- a/databases/postgresql16-server/distinfo +++ b/databases/postgresql16-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301242 -SHA256 (postgresql/postgresql-16.2.tar.bz2) = 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 -SIZE (postgresql/postgresql-16.2.tar.bz2) = 24711703 +TIMESTAMP = 1715095963 +SHA256 (postgresql/postgresql-16.3.tar.bz2) = 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +SIZE (postgresql/postgresql-16.3.tar.bz2) = 24737644 diff --git a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls deleted file mode 100644 index 02686061ce99..000000000000 --- a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls +++ /dev/null @@ -1,24 +0,0 @@ -Do not inline functions which access TLS in LLVM JIT, as -this leads to crashes with unsupported relocation error - -diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp -index 2617a46..a063edb 100644 ---- src/backend/jit/llvm/llvmjit_inline.cpp -+++ src/backend/jit/llvm/llvmjit_inline.cpp -@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F, - if (rv->materialize()) - elog(FATAL, "failed to materialize metadata"); - -+ /* -+ * Don't inline functions with thread-local variables until -+ * related crashes are investigated (see BUG #16696) -+ */ -+ if (rv->isThreadLocal()) { -+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s", -+ F.getName().data(), rv->getName().data()); -+ return false; -+ } -+ - /* - * Never want to inline externally visible vars, cheap enough to - * reference. diff --git a/databases/postgresql16-server/files/pkg-message-contrib.in b/databases/postgresql16-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql16-server/files/pkg-message-contrib.in +++ b/databases/postgresql16-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql16-server/files/pkg-message-server.in b/databases/postgresql16-server/files/pkg-message-server.in index 6370d4a017cc..1d79c1d88b58 100644 --- a/databases/postgresql16-server/files/pkg-message-server.in +++ b/databases/postgresql16-server/files/pkg-message-server.in @@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgresql_initdb_flags rcvar. Otherwise you can enable it later by - pg_checksums. Check the initdb(1) manpage for more info + using pg_checksums. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== + +SECURITY ADVICE + +If upgradring from a version 16.x < 16.3 +A security vulnerability was found in the system views pg_stats_ext +and pg_stats_ext_exprs, potentially allowing authenticated database +users to see data they shouldn't. If this is of concern in your +installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql +for each of your databases. For details, see +https://www.postgresql.org/support/security/CVE-2024-4317/ + + EOM } ] diff --git a/databases/postgresql16-server/pkg-plist-server b/databases/postgresql16-server/pkg-plist-server index 7e434ac68e7b..898700cf027f 100644 --- a/databases/postgresql16-server/pkg-plist-server +++ b/databases/postgresql16-server/pkg-plist-server @@ -800,6 +800,7 @@ lib/postgresql/utf8_and_win.so %%DATADIR%%/errcodes.txt %%DATADIR%%/extension/plpgsql--1.0.sql %%DATADIR%%/extension/plpgsql.control +%%DATADIR%%/fix-CVE-2024-4317.sql %%DATADIR%%/information_schema.sql %%DATADIR%%/pg_hba.conf.sample %%DATADIR%%/pg_ident.conf.sample |