summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* iThe PostgreSQL Global Development Group has released an update to allPalle Girgensohn2019-08-0881-467/+4214
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | supported versions of our database system, including 11.5, 10.10, 9.6.15, 9.5.19, and 9.4.24, as well as the third beta of PostgreSQL 12. This release fixes two security issues in the PostgreSQL server, two security issues found in one of the PostgreSQL Windows installers, and over 40 bugs reported since the previous release. Users should install these updates as soon as possible. A Note on the PostgreSQL 12 Beta ================================ In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 12 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise you to run PostgreSQL 12 Beta 3 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release. Your testing and feedback will help the community ensure that the PostgreSQL 12 release upholds our standards of providing a stable, reliable release of the world's most advanced open source relational database. Security Issues =============== Two security vulnerabilities have been closed by this release: * CVE-2019-10208: `TYPE` in `pg_temp` executes arbitrary SQL during `SECURITY DEFINER` execution Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length('foo'::varchar)` and `length('foo')` are inexact, while `length('foo'::text)` is exact. As part of exploiting this vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a `pg_temp` schema. The attack pattern and fix are similar to that for CVE-2007-2138. Writing `SECURITY DEFINER` functions continues to require following the considerations noted in the documentation: https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY The PostgreSQL project thanks Tom Lane for reporting this problem. * CVE-2019-10209: Memory disclosure in cross-type comparison for hashed subplan Versions Affected: 11 In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples. The PostgreSQL project thanks Andreas Seltenreich for reporting this problem. Notes: svn path=/head/; revision=508390
* Add security information for PostgreSQLPalle Girgensohn2019-08-081-0/+74
| | | | Notes: svn path=/head/; revision=508389
* - reclaimJason Helfman2019-08-0819-22/+23
| | | | Notes: svn path=/head/; revision=508388
* - Update to 2.1Vsevolod Stakhov2019-08-086-91/+308
| | | | | | | | | | | | | - Use autoreconf - Add pango dependency - Remove obsoleted master site - Add patches to avoid malloc.h include PR: 234081 Submitted by: ManFree <roman_romul at mail.ru> Notes: svn path=/head/; revision=508387
* - Update to 0.004015Ryan Steinmetz2019-08-082-4/+4
| | | | Notes: svn path=/head/; revision=508386
* - Update to 4.7.13Ryan Steinmetz2019-08-082-4/+4
| | | | Notes: svn path=/head/; revision=508385
* - Update to 0.16Ryan Steinmetz2019-08-083-4/+6
| | | | Notes: svn path=/head/; revision=508384
* - Update to 2.3.11Ryan Steinmetz2019-08-082-4/+4
| | | | Notes: svn path=/head/; revision=508383
* - Pass maintainership of this port to ports@Ryan Steinmetz2019-08-081-1/+1
| | | | Notes: svn path=/head/; revision=508382
* - Update to 20190611Ryan Steinmetz2019-08-082-4/+4
| | | | Notes: svn path=/head/; revision=508381
* - Update to 5.55Ryan Steinmetz2019-08-082-4/+4
| | | | Notes: svn path=/head/; revision=508380
* - Update to 1.11.2Ryan Steinmetz2019-08-083-4/+7
| | | | Notes: svn path=/head/; revision=508379
* - Update to 1.16.6Ryan Steinmetz2019-08-083-4/+7
| | | | Notes: svn path=/head/; revision=508378
* lang/crystal: unbreak runtime after r507877Jan Beich2019-08-082-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | $ cat >foo.cr require "http/client" HTTP::Client.get "http://api.icndb.com/jokes/1" $ crystal foo.cr [warn] event_reinit: forked from the event_loop. Unhandled exception in spawn: Error reinitializing libevent (Exception) [warn] event_reinit: forked from the event_loop. Unhandled exception in spawn: Error reinitializing libevent (Exception) [warn] event_reinit: forked from the event_loop. Unhandled exception in spawn: Error reinitializing libevent (Exception) [warn] event_reinit: forked from the event_loop. [warn] event_reinit: forked from the event_loop. [...] PR: 206355 Reported by: Petr Fischer Submitted by: Walter Schwarzenfeld Approved by: Greg V (maintainer) Notes: svn path=/head/; revision=508377
* textproc/re-flex: update to 1.3.4Pietro Cerutti2019-08-082-4/+4
| | | | | | | | | Release notes: https://github.com/Genivia/RE-flex/releases/tag/v1.3.3 https://github.com/Genivia/RE-flex/releases/tag/v1.3.4 Notes: svn path=/head/; revision=508376
* Update xfce4-whiskermenu-plugin to 2.3.3Guido Falsi2019-08-082-5/+4
| | | | Notes: svn path=/head/; revision=508375
* Reset MAINTAINER of Stefan Hagen's portsTobias Kortkamp2019-08-082-2/+2
| | | | | | | | | He no longer has time to maintain them. Submitted by: maintainer (via ports) Notes: svn path=/head/; revision=508374
* security/afl++: Update to latest commitTobias Kortkamp2019-08-082-9/+5
| | | | | | | | | This makes it work with devel/llvm90. PR: 239682 Notes: svn path=/head/; revision=508373
* textproc/nuspell: update to 2.3.0Jan Beich2019-08-083-17/+5
| | | | | | | | | Changes: https://github.com/nuspell/nuspell/releases/tag/v2.3.0 Changes: https://github.com/nuspell/nuspell/compare/v2.2.0...v2.3.0 Reported by: GitHub (watch releases) Notes: svn path=/head/; revision=508372
* update x11/terminator to 1.97 and added slick-greeter in x11/MakefileEric Turgeon2019-08-084-10/+17
| | | | | | | | PR: 239421 Approved by: mentors (implicit) Notes: svn path=/head/; revision=508371
* graphics/jp: Terminal charts, plots, histograms and maps from JSON and CSVMateusz Piotrowski2019-08-085-0/+53
| | | | | | | | | | | | | jp is a dead simple terminal plots from JSON (or CSV) data. Bar charts, line charts, scatter plots, histograms and heatmaps are supported. It reads data on stdin and prints plots to stdout. WWW: https://github.com/sgreben/jp PR: 227271 Notes: svn path=/head/; revision=508370
* - Add TEST_DEPENDS and do-testWen Heping2019-08-081-0/+4
| | | | Notes: svn path=/head/; revision=508369
* security/clamav: upgrade 0.101.2 -> 0.101.3, partial security fixKurt Jaeger2019-08-082-4/+4
| | | | | | | | | | | | | | | | - please note another fix is coming soonish: https://www.openwall.com/lists/oss-security/2019/08/06/3 - see also https://bugzilla.clamav.net/show_bug.cgi?id=12356 PR: 239684 Approved by: delphij (ports-secteam) Relnotes: https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html MFH: 2019Q3 Security: CVE-2019-13232 Notes: svn path=/head/; revision=508368
* - Update WWWDmitry Marakasov2019-08-081-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=508367
* devel/electron4: Update to 4.2.9Luca Pizzamiglio2019-08-084-10/+9
| | | | | | | | | Changes: https://github.com/electron/electron/releases/tag/v4.2.9 Submitted by: maintainer (via github) Notes: svn path=/head/; revision=508366
* New port: mail/astroid: Graphical email client for notmuch, inspired by sup ↵Yuri Victorovich2019-08-086-0/+87
| | | | | | | | | | and others PR: 226829 Submitted by: Mylan Connolly <mylan.connolly@gmail.com> Notes: svn path=/head/; revision=508365
* sysutils/rubygem-tmuxinator: Update to 1.1.1Koichiro Iwao2019-08-082-6/+5
| | | | | | | | | | | | | | | | | This commit is intended to support tmux 2.9 and 2.9a in particular. PR: 239670 Submitted by: myself Reported by: freebsd@rail.eu.org Relnotes: https://github.com/tmuxinator/tmuxinator/releases/tag/v0.15.0 https://github.com/tmuxinator/tmuxinator/releases/tag/v0.16.0 https://github.com/tmuxinator/tmuxinator/releases/tag/v1.0.0 https://github.com/tmuxinator/tmuxinator/releases/tag/v1.1.0 https://github.com/tmuxinator/tmuxinator/releases/tag/v1.1.1 Sponsored by: HAW International, Inc. Notes: svn path=/head/; revision=508364
* graphics/dataplot: replace numberingn to preserve the time/version continuumPedro F. Giffuni2019-08-081-1/+1
| | | | | | | | Pointed out by: mat Approved by: thierry (mentor) Notes: svn path=/head/; revision=508362
* x11/polybar: Update to 3.4.0.Alexandre C. Guimarães2019-08-086-45/+9
| | | | | | | | | - the manual pages were removed because upstream moved to sphinx and require a version considerably newer than we have. Approved by: tcberner (mentor) Notes: svn path=/head/; revision=508361
* science/simbody: Backport the pull request that fixed the pathname handling ↵Yuri Victorovich2019-08-082-4/+7
| | | | | | | on BSDs, and one failing testcase. Notes: svn path=/head/; revision=508360
* science/simbody: Add the option EXAMPLE_PROGRAMS that builds and installs ↵Yuri Victorovich2019-08-082-4/+28
| | | | | | | example programs Notes: svn path=/head/; revision=508359
* dns/dsp: Update to 2.0.1Craig Leres2019-08-082-4/+4
| | | | | | | | | | | | | | - add DESTDIR - autoreconf include fix - configure Perl program check - Update m4 scripts to latest version PR: 239691 Submitted by: Leo Vandewoestijne (maintainer) Approved by: ler (mentor, implicit) Notes: svn path=/head/; revision=508358
* science/simbody: Add VISUALIZER_DESC for the VISUALIZER optionYuri Victorovich2019-08-081-0/+1
| | | | Notes: svn path=/head/; revision=508357
* science/lammps: patch_6Aug2019 -> stable_7Aug2019Yuri Victorovich2019-08-082-4/+4
| | | | | | | Reported by: portscout Notes: svn path=/head/; revision=508356
* audio/calf-lv2: Add SSE options; Strip binaryYuri Victorovich2019-08-081-1/+10
| | | | | | | | PR: 234331 Submitted by: Daniel Shafer <daniel@shafer.cc> Notes: svn path=/head/; revision=508355
* net-p2p/gtk-gnutella: Update to 1.1.15Ben Woods2019-08-072-5/+6
| | | | | | | | | | Also change port to use GitHub as the new upstream repo Changes this release: https://github.com/gtk-gnutella/gtk-gnutella/blob/v1.1.15/ChangeLog Notes: svn path=/head/; revision=508353
* Add devel/s390x-binutils, GNU binutils for s390x cross-developmentLi-Wen Hsu2019-08-074-0/+168
| | | | | | | | PR: 215939 Submitted by: bz Notes: svn path=/head/; revision=508352
* devel/oclgrind: update to tip of repositoryJohannes M Dieterich2019-08-072-6/+5
| | | | | | | Most notably fixes a bunch of memory leaks. Notes: svn path=/head/; revision=508351
* - Update to 2.189Li-Wen Hsu2019-08-072-4/+4
| | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=508350
* Assorted minor improvements:Brooks Davis2019-08-071-16/+23
| | | | | | | | | | | | | | | | | - Add a build conflict for commonmark-cmark-* when DOCS are enabled. This prevents a failure later on in the build. [0] - Add a new option BE_AMDGPU which can be used to enable the AMDGPU backed used by mesa when BE_NATIVE or BE_FREEBSD is set. Enable this option by default to limit later surprises. [1] - Use LLVM_ENABLE_Z3_SOLVER instead of the now removed CLANG_ANALYZER_ENABLE_Z3_SOLVER to disable Z3 discovery and linkage. PR: 239636 [0], 230789 [1] Notes: svn path=/head/; revision=508349
* - remove old documentation as part of optional documentation to installJason Helfman2019-08-073-37/+7
| | | | | | | | | | | | | | | | * docs from 2006 (probably out-of-date) - pet portlint - bump portrevision Old docs are still accessible here: https://people.freebsd.org/~mezz/distfiles/ M fluxbox/Makefile M fluxbox/distinfo M fluxbox/files/patch-util_fbsetbg Notes: svn path=/head/; revision=508348
* net/3proxy: Update to 0.8.13Kai Knoblich2019-08-072-9/+11
| | | | | | | | | | | | | | | | | | | | * Sort variables according the PHB while I'm here. Changelog: * Fixed: Out-of-bound write and few minor bugs on configuration saving in admin * Fixed: $ is not correctly handled in the beginning of quoted line on configuration parsing https://github.com/z3APA3A/3proxy/releases/tag/0.8.13 PR: 239677 Submitted by: timp87@gmail.com (maintainer) MFH: 2019Q3 (bugfix blanket) Notes: svn path=/head/; revision=508346
* devel/gsoap: Update version 2.8.88=>2.8.89Muhammad Moinur Rahman2019-08-072-4/+4
| | | | Notes: svn path=/head/; revision=508345
* Fix:Cy Schubert2019-08-072-1/+12
| | | | | | | | | | | | | | | | | | $ ksh93 $ time ../src/cmd/ksh93/sh/xec.c:2171: failed assertion 'tb.tv_sec' Abort trap (core dumped) $ ksh93 $ times ../src/cmd/ksh93/sh/xec.c:2171: failed assertion 'tb.tv_sec' Abort trap (core dumped) PR: 239701 Suggested by: w.schwarzenfeld@utanet.at MFH: 2019Q3 Notes: svn path=/head/; revision=508344
* databaes/libiodbc: update to 3.52.13Tobias C. Berner2019-08-074-12/+24
| | | | | | | | | | | | | | | | | | | | | | | Release Notes [1] * Added extra validation for SQLAllocHandle (SQL_HANDLE_DESC, ...) * Added GCC __attribute__ for checking format string * Added missing define SQL_CONVERT_GUID * Fixed issue using heap after free in SQLConnect_internal * Fixed issue with global mutex in SQLError, SQLGetDiagRec, and SQLGetDiagField * Fixed SQLSetStmtAttr to cache the correct values for SQL_ATTR_ROW_ARRAY_SIZE and SQL_ATTR_ROW_BIND_TYPE * Fixed format specifiers and some casts to fix trace output * Fixed missing check for section in SQLGetPrivateProfileString * Fixed non-void function needs to return a value * Fixed issue in Mac Cocoa code * Fixed iODBC apps/frameworks CFBundleGetInfoString attribute * Fixes an issue where build fails on Alpine * Fixed package versioning * Fixed small memory leaks [1] http://www.iodbc.org/dataspace/doc/iodbc/wiki/iodbcWiki/ChangeNotes#2019-07-23%20-%20iODBC%20Stable%20Version%203.52.13%20Released Notes: svn path=/head/; revision=508343
* textproc/groonga: Update version 9.0.5=>9.0.6Muhammad Moinur Rahman2019-08-072-5/+4
| | | | Notes: svn path=/head/; revision=508342
* x11-themes/Kvantum: Update to 0.11.2Alexandre C. Guimarães2019-08-075-16/+22
| | | | | | | Approved by: tcberner (mentor) Notes: svn path=/head/; revision=508341
* lang/mujs: Update 1.0.5-35 -> 1.0.6Yuri Victorovich2019-08-072-7/+5
| | | | | | | Reported by: repology Notes: svn path=/head/; revision=508340
* Update to the 201900804 snapshot of GCC 10.0.0.Gerald Pfeifer2019-08-072-4/+4
| | | | Notes: svn path=/head/; revision=508339
* Cleanup LIB_DEPENDSAntoine Brodin2019-08-076-6/+6
| | | | Notes: svn path=/head/; revision=508338
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-28 15:28:20 +0000