10:50 Rene Ladan (rene) 

*/*: Remove expired ports:

2021-06-13 databases/postgresql95-client: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-contrib: PostgreSQL-9.5 has reached
end-of-life
2021-06-13 databases/postgresql95-docs: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pgtcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plperl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plpython: PostgreSQL-9.5 has reached
end-of-life
2021-06-13 databases/postgresql95-pltcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-server: PostgreSQL-9.5 has reached end-of-life
databases/pg_reorg: abandonware only for PostgreSQL 9.5
databases/pgespresso: functionality part of PostgreSQL 9.6 and later

    a3da90c

19:27 girgen 

PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20 and 9.5.24 released!

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20 and
9.5.24.  This release closes three security vulnerabilities and fixes over 65
bugs reported over the last three months.

Due to the nature of CVE-2020-25695, we advise you to update as soon as
possible.

Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.

For the full list of changes, please review the release notes.

Security:	CVE-2020-25695: Multiple features escape "security restricted
				operation" sandbox

Security:	CVE-2020-25694: Reconnection can downgrade connection security
				settings

Security:	CVE-2020-25696: psql's \gset allows overwriting specially
				treated variables

 

09:25 girgen 

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24.  This release fixes two security issues as well as bugs reported over
the last three months.

If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.

Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.

The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.

This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.

Releasenotes:	https://www.postgresql.org/about/news/1878/
PR:		229523, 198588
Security:	96eab874-9c79-11e8-b34b-6cc21735f730
Security:	CVE-2018-10915, CVE-2018-10925

 

15:10 girgen 

2018-03-01 Security Update Release

The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.

The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.

We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.

After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.

Security:	CVE-2018-1058

 

11:15 amdmi3 

- Include pg_regress to all postgresql*-client ports, to allow running
regression tests for postgresql extensions

PR:		217874
Approved by:	maintainer timeout (pgsql, 4 months)

 

14:28 girgen 

PostgreSQL security updates

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.

URL:    https://www.postgresql.org/about/news/1746/
Security:       CVE-2017-7484, CVE-2017-7485, CVE-2017-7486

Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.

 

22:42 girgen 

Update PostgreSQL to latest versions.

Security Fixes for Regular Expressions, PL/Java

This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.

The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java.  Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser

URL:		http://www.postgresql.org/about/news/1644/
Security:	CVE-2016-0773, CVE-2016-0766

 

10:36 girgen 

Some binaries where moved from contrib to base in 9.5, like pgbench and
pg_upgrade. Other where added in 9.5, but the port failed to install them.
Make sure they are properly installed by the correct port (-client or -server)
[1]

Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]

Add options to allow user to be set for the backup script in periodic.
Add this option only to 9.5 for now. It will be updated to other servers at
next regular patch release. [3]

The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.

Noticed by:	Paul Guyot [1]
PR:		192387 [2]
PR:		172110 [3]
PR:		206046 [4]

 

19:58 girgen 

The PostgreSQL Global Development Group announces the
release of PostgreSQL 9.5.

This release adds UPSERT capability, Row Level Security,
and multiple Big Data features, which will broaden the
user base for the world's most advanced database.
With these new capabilities, PostgreSQL will be
the best choice for even more applications for startups,
large corporations, and government agencies.

Release Notes:
http://www.postgresql.org/docs/current/static/release-9-5.html

What's New in 9.5:
https://wiki.postgresql.org/wiki/What%27s_new_in_PostgreSQL_9.5