A ports freeze means that commits will be few and far between and only by approval.

Number of commits found: 14

Update all PostgreSQL ports to latest versions.

This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.

Security: http://www.postgresql.org/about/news.905

Update PostgreSQL ports to the latest patch releases.

PR: ports/104075

Update PostgreSQL to 7.3.19, 7.4.17, 8.0.13, 8.1.9 and 8.2.4 respectively:

 The PostgreSQL Global Development Group has released updated versions
 for PostgreSQL 8.2 and all back versions to patch a privilege
 escalation exploit in SECURITY DEFINER functions.  All users of this
 feature are urged to update to the latest minor version and follow
 instructions on securing these functions as soon as possible.  This
 minor release also contains other fixes, so all users should plan to
 deploy it.

 Once you have updated, additional steps are required to secure your
 database against the exploit.  Please read the release notes at
 http://www.postgresql.org/docs/8.2/static/release.html and the
 TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how
 to lock down your security definer functions, if you use them.

(Only the first 15 lines of the commit message are shown above )

Update PostgreSQL with, amongst other things, a security fix:

  A vulnerability allows suppressing the normal checks that a SQL
  function returns the data type it's declared to do. These errors can
  easily be exploited to cause a backend crash, and in principle might
  be used to read database content that the user should not be able to
  access. [CVE-2007-0555]

The release includes a set of other fixes as well. Please see the
release information at
http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-18

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555

Update postgresql to 8.2.1, 8.1.6, 8.0.10, 7.4.15 and 7.3.17.

Release notes:
http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-17
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-15
http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-10
http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-6
http://www.postgresql.org/docs/8.2/static/release-8-2-1.html

The server-side utilities of postgresql (initdb, initlocation,
ipcclean, pg_controldata, pg_ctl, pg_id and pg_resetxlog) are now
installed by the respective postgresql*-server port (previously they
where installed with the client). If you update the client, you should
also update the server to make sure you are not left without the
server-side tools. Do something like:

    portupgrade postgresql-client postgresql-server

Update PostgreSQL to latest versions: 8.1.5, 8.0.9, 7.4.14 and 7.3.16.

Release notes:
8.1.5  http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-5
8.0.9  http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-9
7.4.14 http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-14
7.3.16 http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-16

Change name of the rc script from '010.pgsql.sh' to 'postgresql'

Add optional hierachy patch added for 7.4 and 8.1 ports.

Chase heimdal libs update [reported by several]

For 8.1+ the port enables autovacuum in ~pgsql/postgresql.conf when
running initdb

Cleanup the ports, moving pkg-message-* to files/pkg-message-*.in and
files/pgsql.sh.tmpl to files/postgresql.in. [ports/97767]

PR: ports/97767, submitted by delphij@FreeBSD.org

Update all PostgreSQL to fix a security flaw

The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.

Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.

Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.

Also, fix rc_subr startup problems on FreeBSD-7.x.

Security:       http://www.postgresql.org/docs/techdocs.50
PR:             ports/95154

Security patch, update to version 7.3.14.

Security:       http://www.postgresql.org/docs/8.1/static/release-7-3-14.html

Add missing ) around SIZE statements.

Update postgresql with latest patch release.

A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages.  This applies to the 8.1 and
8.0 branches on all platforms.

Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.

Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
    on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto

Update postgresql to 7.3.12

Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>
PR:             90446

Update to version 7.3.11

Migration to version 7.3.11

   A dump/restore is not required for those running 7.3.X. However, if you
   are upgrading from a version earlier than 7.3.10, see the release notes
   for 7.3.10.
     __________________________________________________________________

Changes

     * Fix error that allowed "VACUUM" to remove ctid chains too soon, and
       add more checking in code that follows ctid links
       This fixes a long-standing problem that could cause crashes in very
       rare circumstances.

(Only the first 15 lines of the commit message are shown above )

Update PostgreSQL to latest versions.  For details on the fixes,
please see the HISTORY file included in the Release, but a summary
consists of:

      * Change encoding function signature to prevent misuse
      * Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function
        results
      * Repair race condition between relation extension and VACUUM
        This could theoretically have caused loss of a page's worth of
        freshly-inserted data, although the scenario seems of very low
        probability. There are no known cases of it having caused more than
        an Assert failure.

Security:       http://www.postgresql.org/about/news.315

In order to address a potential security hole recently identified with
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.

Update to 7.3.9, 7.4.7 & 8.0.1.

Take the opportunity to reset PORTREVISION of slave ports.

Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]

The periodic script should of course be executable. [2]

[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>

Number of commits found: 14

14 vulnerabilities affecting 30 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities