non port: databases/postgresql12-server/distinfo |
Number of commits found: 24 |
Thursday, 8 Aug 2024
|
13:02 Palle Girgensohn (girgen)
databases/postgresql??-*: Update to latest minor versions
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.4, 15.8, 14.13, 13.16,
and 12.20. This release fixes 1 security vulnerability and over 55 bugs
reported over the last several months.
PR: 279671 - make the rc script service jails aware
PR: 279536 - remove LLVM max version restriction
PR: 278887 - SETENV -> SETENVI for -contrib ports
Release notes: https://www.postgresql.org/docs/release/
b4e71c8 |
Thursday, 9 May 2024
|
22:34 Palle Girgensohn (girgen)
databases/postgresql??-*: Update to latest versions
PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15,
and 12.19. This release fixes one security vulnerability and over 55
bugs reported over the last several months.
Please note that the fix in this release for CVE-2024-4317 only fixes
fresh PostgreSQL installations, namely those that are created with the
initdb utility after this fix is applied. If you have a current
PostgreSQL installation and are concerned about this issue, please
follow the additional updating instructions provided in the
CVE-2024-4317 description or the release notes for the remediation. [1]
The script is installed as /usr/local/share/postgresql/fix-CVE-2024-4317.sql
PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are
running PostgreSQL 12 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.
[1]: https://www.postgresql.org/support/security/CVE-2024-4317/
Security: d53c30c1-0d7b-11ef-ba02-6cc21735f730
PR: 277428 (remove unneded patch)
PR: 260494 (remove deprecated INTDATE option)
PR: 265860 (correct path for contrib README file in pkg-message)
ade1c57 |
Thursday, 8 Feb 2024
|
21:28 Palle Girgensohn (girgen)
databases/postgresql??-*: Update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.2, 15.6, 14.11, 13.14,
and 12.18. This release fixes one security vulnerability and over 65
bugs reported over the last several months.
If you use GIN indexes, you may need to reindex after updating to this
release. Please see the release notes for more information.
URL: https://www.postgresql.org/about/news/postgresql-162-156-1411-1314-and-1218-released-2807/
Release notes: https://www.postgresql.org/docs/release/
Security: 19e6dd1b-c6a5-11ee-9cd0-6cc21735f730
6fa8976 |
Thursday, 9 Nov 2023
|
15:09 Palle Girgensohn (girgen)
databases/postgresql??-*: update to latest version
PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.1, 15.5, 14.10, 13.13,
12.17, and 11.22 This release fixes three security vulnerabilities and
over 55 bugs reported over the last several months.
Release
notes: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
Security: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870
Security: 31f45d06-7f0e-11ee-94b4-6cc21735f730
Security: 0f445859-7f0e-11ee-94b4-6cc21735f730
Security: bbb18fcb-7f0d-11ee-94b4-6cc21735f730
a5d53f4 |
Thursday, 10 Aug 2023
|
14:13 Palle Girgensohn (girgen)
databases/postgresql??-*: Update to latest versions.
PostgreSQL 15.4, 14.9, 13.12, 12.16, 11.21, and PostgreSQL 16 Beta 3
Released.
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 15.4, 14.9, 13.12, 12.16,
and 11.21, as well as the third beta release of PostgreSQL 16. This
release fixes two security vulnerabilities and over 40 bugs reported
over the last several months.
If you use BRIN indexes to look up NULL values, you will need to reindex
them after upgrading to this release. On PostgreSQL 12 and above, you
can use REINDEX CONCURRENTLY to avoid blocking writes to the affected
index and table, for example:
REINDEX INDEX CONCURRENTLY your_index_name;
Also, remove the patch for postgresql.conf.sample suggesting to turn off
update_process_title [1], since it is no longer a problem.
Release
notes: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
[1]: https://commitfest.postgresql.org/19/1715/
3554a40 |
Thursday, 11 May 2023
|
15:42 Palle Girgensohn (girgen)
databases/postgresql??-server: update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 15.3, 14.8, 13.11, 12.15,
and 11.20. This release fixes two security vulnerabilities over 80 bugs
reported over the last several months.
CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path
changes.
This enabled an attacker having database-level CREATE privilege to
execute arbitrary code as the bootstrap superuser. Database owners have
that right by default, and explicit grants may extend it to other users.
CVE-2023-2455: Row security policies disregard user ID changes after inlining.
While CVE-2016-2193 fixed most interaction between row security and user
ID changes, it missed a scenario involving function inlining. This leads
to potentially incorrect policies being applied in cases where
role-specific policies are used and a given query is planned under one
role and then executed under other roles. This scenario can happen under
security definer functions or when a common user and query is planned
initially and then re-used across multiple SET ROLEs. Applying an
incorrect policy may permit a user to complete otherwise-forbidden reads
and modifications. This affects only databases that have used CREATE
POLICY to define a row security policy.
Security: fbb5a260-f00f-11ed-bbae-6cc21735f730
Security: 4b636f50-f011-11ed-bbae-6cc21735f730
Release-notes: https://www.postgresql.org/docs/release/
3fd6f20 |
Thursday, 9 Feb 2023
|
14:52 Palle Girgensohn (girgen)
databases/postgresql??-*: upgrade to latest versions
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 15.2, 14.7, 13.10, 12.14,
and 11.19. This release closes one security vulnerability and fixes over
60 bugs reported over the last several months.
Release notes: https://www.postgresql.org/docs/release/
Security: CVE-2022-41862: Client memory disclosure when
connecting, with Kerberos, to modified server.
8f04ac8 |
Thursday, 10 Nov 2022
|
16:23 Palle Girgensohn (girgen)
databases/postgresq??-*: update to latest version
PostgreSQL 15.1, 14.6, 13.9, 12.13, 11.18, and 10.23 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 15.1, 14.6, 13.9, 12.13,
11.18, and 10.23. This release fixes 25 bugs reported over the last
several months.
This is the final release of PostgreSQL 10. PostgreSQL 10 will no longer
receive security and bug fixes. If you are running PostgreSQL 10 in a
production environment, we suggest that you make plans to upgrade.
Release notes: https://www.postgresql.org/docs/release/
792a1db |
Friday, 12 Aug 2022
|
09:05 Palle Girgensohn (girgen)
databases/postgresql??-*: Update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 14.5, 13.8, 12.12, 11.17,
and 10.22, as well as the third beta release of PostgreSQL 15. This
release closes one security vulnerability and fixes over 40 bugs
reported over the last three months.
PostgreSQL 10 will stop receiving fixes on November 10, 2022. If you are
running PostgreSQL 10 in a production environment, we strongly advise
that you make plans to upgrade to a newer, supported version of
PostgreSQL so you can continue to receive bug and security fixes.
Security: CVE-2022-2625
Release
notes: https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/
2e7e556 |
Thursday, 12 May 2022
|
13:41 Palle Girgensohn (girgen)
databases/postgresql??-server: update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 14.3, 13.7, 12.11, 11.16,
and 10.21. This release fixes over 50 bugs reported over the last three
months. This release closes one security vulnerability and fixes over 50
bugs reported over the last three months.
We encourage you to install this update at your earliest possible
convenience.
If you have any GiST indexes on columns using the ltree data type, you
will need to reindex them after upgrading.
For the full list of changes, please review the release notes.
It also fixes a security issue, CVE-2022-1552:
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox.
Versions Affected: 10 - 14. The security team typically does not test
unsupported versions, but this problem is quite old.
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
and pg_amcheck made incomplete efforts to operate safely when a
privileged user is maintaining another user's objects. Those commands
activated relevant protections too late or not at all. An attacker
having permission to create non-temp objects in at least one schema
could execute arbitrary SQL functions under a superuser identity.
While promptly updating PostgreSQL is the best remediation for most
users, a user unable to do that can work around the vulnerability by
disabling autovacuum, not manually running the above commands, and not
restoring from output of the pg_dump command. Performance may degrade
quickly under this workaround. VACUUM is safe, and all commands are fine
when a trusted user owns the target object.
Security: 157ce083-d145-11ec-ab9b-6cc21735f730
Release notes: https://www.postgresql.org/docs/release/
6c00f6e |
Thursday, 10 Feb 2022
|
14:17 Palle Girgensohn (girgen)
databases/postgresql??-server: Upgrade to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 14.2, 13.6, 12.10, 11.15,
and 10.20. This release fixes over 55 bugs reported over the last three
months.
Announcement: https://www.postgresql.org/about/news/postgresql-142-136-1210-1115-and-1020-released-2402/
Release notes: https://www.postgresql.org/docs/release/
7acb062 |
Thursday, 11 Nov 2021
|
14:37 Palle Girgensohn (girgen)
databases/postgresql??-*: updated to latest version
This release contains a variety of fixes from the previous version.
A dump/restore is not required for those running the same major version.
However, note that installations using physical replication should
update standby servers before the primary server, as explained in the
release notes.
Also, several bugs have been found that may have resulted in corrupted
indexes, as explained in the next several changelog entries. If any of
those cases apply to you, it's recommended to reindex possibly-affected
indexes after updating.
This release also mitigates two possible man-in-the-middle attacks.
Security: 2ccd71bd-426b-11ec-87db-6cc21735f730
Release notes: https://www.postgresql.org/docs/release/14.1/
d3db763 |
Thursday, 12 Aug 2021
|
16:23 Palle Girgensohn (girgen)
databases/postgresql*: update to latest versions
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.4, 12.8, 11.13, 10.18, and
9.6.23, as well as the third beta release of PostgreSQL 14. This release closes
one security vulnerability and fixes over 75 bugs reported over the last three
months.
Turn off parallel builds since we continue to struggle with build problems when
it is activated. [1]
Avoid chasing latest LLVM version. [2]
PR: 256466 [1], 256167 [2]
Release notes: https://www.postgresql.org/docs/release/
Security: b471130b-fb86-11eb-87db-6cc21735f730
a271b9d |
Saturday, 15 May 2021
|
09:12 Palle Girgensohn (girgen)
databases/postgresql??-*: Upgrade to latest version
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.3, 12.7, 11.12, 10.17, and
9.6.22. This release closes three security vulnerabilities and fixes over 45
bugs reported over the last three months.
Security fixes in this release:
CVE-2021-32027: Buffer overrun from integer overflow in array subscripting
calculations
CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING
Also plenty of bug fixes. See the release note for details.
Changes to the port:
Make sure we use the matching version of llvm. This fixes a problem with the
llvm version string not being monotonically increasing with the version
number. [1]
Better pkg message about checksums for postgresql 12+. [2] [4]
Adjust login class parameter to adhere to the documentation in rc.subr(8) [3]:
The rc.conf parameter for the login class of the postgresql daemon has
changed name from postgresql_class to postgresql_login_class, since
rc.subr(8) states that the parameter should be named ${name}_login_class.
Allow parallel builds. [5]
Correct the directory name for the user postgres in pkg message. [6]
PR: 250824 [1], 253558 [2], 236060 [3], 233106 [4], 230656 [5]
PR: 226674 [6]
Submitted by: Michael Zhilin [2], Michael Zhilin [3], Dmitry Chestnykh [4]
Submitted by: Steve Wills [5], knezour [6]
Security: 76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Security: 62da9702-b4cc-11eb-b9c9-6cc21735f730
Release notes: https://www.postgresql.org/docs/release/
ab83f2b |
Thursday, 11 Feb 2021
|
14:34 girgen
PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25 released
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21,
and 9.5.25. This release closes two security vulnerabilities and fixes over 80
bugs reported over the last three months.
Additionally, this is the final release of PostgreSQL 9.5. If you are running
PostgreSQL 9.5 in a production environment, we suggest that you make plans to
upgrade.
Release
notes: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
Security notes: https://www.postgresql.org/support/security/
Security: CVE-2021-3393, CVE-2021-20229
|
Thursday, 12 Nov 2020
|
15:00 girgen
PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20 released!
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15 and 9.6.20.
This release closes three security vulnerabilities and fixes over 65 bugs
reported over the last three months.
Due to the nature of CVE-2020-25695, we advise you to update as soon as
possible.
Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.
For the full list of changes, please review the release notes.
Security: CVE-2020-25695: Multiple features escape "security restricted
operation" sandbox
Security: CVE-2020-25694: Reconnection can downgrade connection security
settings
Security: CVE-2020-25696: psql's \gset allows overwriting specially
treated variables
|
Thursday, 13 Aug 2020
|
13:45 girgen
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.4, 11.9, 10.14,
9.6.19, and 9.5.23.
This release closes two security vulnerabilities and fixes over 50 bugs
reported over the last three months.
Please plan to update at your earliest convenience.
Security Issues
---------------
* CVE-2020-14349: Uncontrolled search path element in logical replication.
Versions Affected: 10 - 12.
The PostgreSQL `search_path` setting determines schemas searched for
tables, functions, operators, etc. The CVE-2018-1058 fix caused most
PostgreSQL-provided client applications to sanitize `search_path`, but
logical replication continued to leave `search_path` unchanged. Users of
a replication publisher or subscriber database can create objects in the
`public` schema and harness them to execute arbitrary SQL functions
under the identity running replication, often a superuser. Installations
having adopted a documented secure schema usage pattern are not vulnerable.
The PostgreSQL project thanks Noah Misch for reporting this problem.
* CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`.
Versions Affected: 9.5 - 12. The security team typically does not test
unsupported versions, but this problem is quite old.
When a superuser runs certain `CREATE EXTENSION` statements, users may
be able to execute arbitrary SQL functions under the identity of that
superuser. The attacker must have permission to create objects in the
new extension's schema or a schema of a prerequisite extension. Not all
extensions are vulnerable.
In addition to correcting the extensions provided with PostgreSQL, the
PostgreSQL Global Development Group is issuing guidance for third-party
extension authors to secure their own work.
The PostgreSQL project thanks Andres Freund for reporting this problem.
Security: CVE-2020-14349, CVE-2020-14350
|
Sunday, 17 May 2020
|
20:37 girgen
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.3, 11.8, 10.13,
9.6.18, and 9.5.22. This release fixes one security issue found in the
PostgreSQL server and over 75 bugs reported over the last three months.
Please plan to update at your earliest convenience.
Update the backup warning text. [1]
Add plpython and plperl libs for hstore, jsonb and ltree for the versions where
they exist. These libs are added to the postgresql??-plpython and -plperl
ports, inspired by [2].
PR: 237910 [1], 245246 [2]
Submitted by: Francesco [1], Loic Bartoletti [2]
|
Thursday, 13 Feb 2020
|
19:14 girgen
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.2, 11.7, 10.12,
9.6.17, 9.5.21, and 9.4.26. This release fixes one security issue found
in the PostgreSQL server and over 75 bugs reported over the last three
months.
Users should plan to update as soon as possible.
PostgreSQL 9.4 Now EOL
This is the last release for PostgreSQL 9.4, which will no longer
receive security updates and bug fixes. PostgreSQL 9.4 introduced new
features such as JSONB support, the `ALTER SYSTEM` command, the ability
to stream logical changes to an output plugin, and more:
https://www.postgresql.org/about/news/1557/
https://www.postgresql.org/docs/9.4/release-9-4.html
While we are very proud of this release, these features are also found
in newer versions of PostgreSQL. Many of these features have also
received improvements, and, per our versioning policy, it is time to
retire PostgreSQL 9.4.
To receive continued support, we suggest that you make plans to upgrade
to a newer, supported version of PostgreSQL. Please see the PostgreSQL
versioning policy for more information.
Security Issues
* CVE-2020-1720: `ALTER ... DEPENDS ON EXTENSION` is missing
authorization checks.
Versions Affected: 9.6 - 12
The `ALTER ... DEPENDS ON EXTENSION` sub-commands do not perform
authorization checks, which can allow an unprivileged user to drop any
function, procedure, materialized view, index, or trigger under certain
conditions. This attack is possible if an administrator has installed an
extension and an unprivileged user can `CREATE`, or an extension owner
either executes `DROP EXTENSION` predictably or can be convinced to
execute `DROP EXTENSION`.
Release notes: https://www.postgresql.org/docs/current/release.html
|
Thursday, 14 Nov 2019
|
16:24 girgen
Upgrade PostgreSQL
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.1, 11.6, 10.11,
9.6.16, 9.5.20, and 9.4.25. This release fixes over 50 bugs reported
over the last three months.
PostgreSQL 9.4 will stop receiving fixes on February 13, 2020, which is
the next planned cumulative update release. We suggest that you make
plans to upgrade to a newer, supported version of PostgreSQL. Please see
our versioning policy for more information:
This update also fixes over 50 bugs that were reported in the last
several months. Some of these issues affect only version 12, but may
also affect all supported versions.
Specific change to the FreeBSD port:
Starting now, the default for TZDATA has changed to using the underlying OS'
time zone database instead of the one built in to PostgreSQL. This change is
made since PostgreSQL will not release a patch in the event where the time zone
database changes, whereas FreeBSD will.
Release notes: https://www.postgresql.org/about/news/1994/
URL: https://www.postgresql.org/support/versioning/
|
Thursday, 3 Oct 2019
|
13:52 girgen
Upgrade to postgresql-12.0
PostgreSQL 12 enhancements include notable improvements to query
performance, particularly over larger data sets, and overall space
utilization. This release provides application developers with new
capabilities such as SQL/JSON path expression support, optimizations for
how common table expression ("WITH") queries are executed, and generated
columns. The PostgreSQL community continues to support the extensibility
and robustness of PostgreSQL, with further additions to
internationalization, authentication, and providing easier ways to
administrate PostgreSQL. This release also introduces the pluggable
table storage interface, which allows developers to create their own
methods for storing data.
"The development community behind PostgreSQL contributed features for
PostgreSQL 12 that offer performance and space management gains that our
users can achieve with minimal effort, as well as improvements in
enterprise authentication, administration functionality, and SQL/JSON
support." said Dave Page, a core team member of the PostgreSQL Global
Development Group. "This release continues the trend of making it easier
to manage database workloads large and small while building on
PostgreSQL's reputation of flexibility, reliability and stability in
production environments."
Release notes: https://www.postgresql.org/about/news/1976/
|
Friday, 27 Sep 2019
|
11:33 girgen
Upgrade PostgreSQL-12 to rc1
There have been many bug fixes for PostgreSQL 12 reported during the Beta 4
period and applied to this release candidate. These include:
Add additional "leakproof" markings to certain string functions to better
support nondeterministic collations. This can positively impact the performance
of some query plans
Removal of the ECPG DECLARE STATEMENT functionality
The ecpglib major version change was reverted
Fix handling of nondeterministic collations with pattern_ops opclasses
Release notes: https://www.postgresql.org/about/news/1975/
|
Friday, 13 Sep 2019
|
14:30 girgen
Update to PostgreSQL-12b4
The PostgreSQL Global Development Group announces that the fourth beta
release of PostgreSQL 12 is now available for download. This release
contains previews of all features that will be available in the final
release of PostgreSQL 12, though some details of the release could
change before then.
This is likely the final beta release of PostgreSQL 12 before a release
candidate is made available.
In the spirit of the open source PostgreSQL community, we strongly
encourage you to test the new features of PostgreSQL 12 in your database
systems to help us eliminate any bugs or other issues that may exist.
Upgrading to PostgreSQL 12 Beta 4
To upgrade to PostgreSQL 12 Beta 4 from Beta 3 or an earlier version of
PostgreSQL 12, you will need to use a strategy similar to upgrading
between major versions of PostgreSQL (e.g. `pg_upgrade` or `pg_dump` /
`pg_restore`). For more information, please visit the documentation
section on upgrading:
https://www.postgresql.org/docs/12/static/upgrading.html
URL: https://wiki.postgresql.org/wiki/PostgreSQL_12_Open_Items#resolved_before_12beta4
|
Thursday, 8 Aug 2019
|
15:33 girgen
iThe PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.5, 10.10,
9.6.15, 9.5.19, and 9.4.24, as well as the third beta of PostgreSQL 12.
This release fixes two security issues in the PostgreSQL server, two
security issues found in one of the PostgreSQL Windows installers, and
over 40 bugs reported since the previous release.
Users should install these updates as soon as possible.
A Note on the PostgreSQL 12 Beta
================================
In the spirit of the open source PostgreSQL community, we strongly
encourage you to test the new features of PostgreSQL 12 in your database
systems to help us eliminate any bugs or other issues that may exist. (Only the first 15 lines of the commit message are shown above )
| Number of commits found: 24 |
|