non port: databases/postgresql95-server/pkg-plist-server |
Number of commits found: 16 |
Sunday, 13 Jun 2021
|
10:50 Rene Ladan (rene)
*/*: Remove expired ports:
2021-06-13 databases/postgresql95-client: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-contrib: PostgreSQL-9.5 has reached
end-of-life
2021-06-13 databases/postgresql95-docs: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pgtcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plperl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plpython: PostgreSQL-9.5 has reached
end-of-life
2021-06-13 databases/postgresql95-pltcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-server: PostgreSQL-9.5 has reached end-of-life
databases/pg_reorg: abandonware only for PostgreSQL 9.5
databases/pgespresso: functionality part of PostgreSQL 9.6 and later
a3da90c |
Friday, 13 Nov 2020
|
19:27 girgen
PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20 and 9.5.24 released!
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20 and
9.5.24. This release closes three security vulnerabilities and fixes over 65
bugs reported over the last three months.
Due to the nature of CVE-2020-25695, we advise you to update as soon as
possible.
Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.
For the full list of changes, please review the release notes.
Security: CVE-2020-25695: Multiple features escape "security restricted
operation" sandbox
Security: CVE-2020-25694: Reconnection can downgrade connection security
settings
Security: CVE-2020-25696: psql's \gset allows overwriting specially
treated variables
|
Sunday, 17 May 2020
|
20:37 girgen
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.3, 11.8, 10.13,
9.6.18, and 9.5.22. This release fixes one security issue found in the
PostgreSQL server and over 75 bugs reported over the last three months.
Please plan to update at your earliest convenience.
Update the backup warning text. [1]
Add plpython and plperl libs for hstore, jsonb and ltree for the versions where
they exist. These libs are added to the postgresql??-plpython and -plperl
ports, inspired by [2].
PR: 237910 [1], 245246 [2]
Submitted by: Francesco [1], Loic Bartoletti [2]
|
Friday, 15 Feb 2019
|
11:02 girgen
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.2, 10.7, 9.6.12,
9.5.16, and 9.4.21. This release changes the behavior in how PostgreSQL
interfaces with `fsync()` and includes fixes for partitioning and over
70 other bugs that were reported over the past three months.
Users should plan to apply this update at the next scheduled downtime.
FreeBSD port adds OPTIONS knob to support LLVM JIT. [1]
Highlight: Change in behavior with fsync()
------------------------------------------
When available in an operating system and enabled in the configuration
file (which it is by default), PostgreSQL uses the kernel function
`fsync()` to help ensure that data is written to a disk. In some
operating systems that provide `fsync()`, when the kernel is unable to
write out the data, it returns a failure and flushes the data that was
supposed to be written from its data buffers.
This flushing operation has an unfortunate side-effect for PostgreSQL:
if PostgreSQL tries again to write the data to disk by again calling
`fsync()`, `fsync()` will report back that it succeeded, but the data
that PostgreSQL believed to be saved to the disk would not actually be
written. This presents a possible data corruption scenario.
This update modifies how PostgreSQL handles a `fsync()` failure:
PostgreSQL will no longer retry calling `fsync()` but instead will
panic. In this case, PostgreSQL can then replay the data from the
write-ahead log (WAL) to help ensure the data is written. While this may
appear to be a suboptimal solution, there are presently few alternatives
and, based on reports, the problem case occurs extremely rarely.
A new server parameter `data_sync_retry` has been added to manage this
behavior. If you are certain that your kernel does not discard dirty
data buffers in such scenarios, you can set `data_sync_retry` to `on` to
restore the old behavior.
Release Notes: https://www.postgresql.org/about/news/1920/
PR: 232490 [1]
|
Friday, 10 Aug 2018
|
09:25 girgen
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24. This release fixes two security issues as well as bugs reported over
the last three months.
If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.
The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.
This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.
Releasenotes: https://www.postgresql.org/about/news/1878/
PR: 229523, 198588
Security: 96eab874-9c79-11e8-b34b-6cc21735f730
Security: CVE-2018-10915, CVE-2018-10925
|
Thursday, 8 Feb 2018
|
17:38 girgen
Update to latest versions of PostgreSQL
2018-02-08 Security Update Release
==================================
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.2, 9.6.7, 9.5.11, 9.4.16, 9.3.21.
This release fixes two security issues. This release also fixes issues with
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as
well as fixes for using parallel queries and logical replication.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.2 from 10.0 or 10.1 is considered a
minor update.
Security Issues
---------------
Two security vulnerabilities have been fixed by this release:
* CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable
Local fixes to the FreeBSD ports
--------------------------------
Inform users about data checksums [1].
Make sure /usr/bin/su is used regardless of PATH settings [2].
Enable DTRACE by default [3].
PR: 214671 [1], 223157 [2], 215028 [3]
Security: c602c791-0cf4-11e8-a2ec-6cc21735f730
|
Thursday, 9 Nov 2017
|
16:11 girgen
Update to latest versions of PostgreSQL
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20,
and 9.2.24. This release fixes three security issues. This release also fixes
issues found in BRIN indexing, logical replication and other bugs reported over
the past three months.
Please note that the CVE-2017-12172 does not affect the FreeBSD port unless you
decided to not use the contrib/startscript instead of the startscript
distributed with the FreeBSD port/package.
Security: CVE-2017-12172, CVE-2017-15099, CVE-2017-15098
URL: https://www.postgresql.org/about/news/1801/
|
Thursday, 11 May 2017
|
14:28 girgen
PostgreSQL security updates
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.
URL: https://www.postgresql.org/about/news/1746/
Security: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.
|
Thursday, 9 Feb 2017
|
15:22 girgen
PostgreSQL 9.6.2, 9.5.6, 9.4.11, 9.3.16 and 9.2.20 released!
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and
9.2.20. This release includes fixes that prevent data corruption issues in
index builds and in certain write-ahead-log replay situations, which are
detailed below. It also patches over 75 other bugs reported over the last three
months.
Users should plan to apply this update at the next scheduled downtime.
Build corruption with CREATE INDEX CONCURRENTLY
There existed a race condition if CREATE INDEX CONCURRENTLY was called on a
column that had not been indexed before, then rows that were updated by
transactions running at the same time as the CREATE INDEX CONCURRENTLY command
could have been indexed incorrectly.
If you suspect this may have happened, the most reliable solution is to rebuild
affected indexes after installing this update.
This issue is present in the 9.2, 9.3, 9.4, 9.5, and 9.6 series of PostgreSQL.
URL https://www.postgresql.org/about/news/1733/
|
Thursday, 27 Oct 2016
|
14:04 girgen
Update PostgreSQL to latest versions.
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15,
9.2.19, and 9.1.24.
This release fixes two issues that can cause data corruption, which are
described in more detail below. It also patches a number of other bugs reported
over the last three months. The project urges users to apply this update at the
next possible downtime.
|
Thursday, 12 May 2016
|
22:36 girgen
Update PostgreSQL to latest versions
URL: http://www.postgresql.org/docs/9.5/static/release-9-5-3.html
|
Thursday, 31 Mar 2016
|
14:46 girgen
Update PostgreSQL 9.5 to latest version
Security Fixes for RLS, BRIN
----------------------------
This release closes security hole CVE-2016-2193
(https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan
might get reused for more than one ROLE in the same session. This could cause
the wrong set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065
(https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug
triggered by using `pageinspect` with BRIN index pages. Since an attacker
might be able to expose a few bytes of server memory, this crash is being
treated as a security issue.
Abbreviated Keys and Corrupt Indexes
------------------------------------
In this release, the PostgreSQL Project has been forced to disable 9.5's
Abbreviated Keys performance feature for many indexes due to reports of index
corruption. This may affect any B-tree indexes on TEXT, VARCHAR, and CHAR
columns which are not in "C" locale. Indexes in other locales will lose the
performance benefits of the feature, and should be REINDEXed in case of
existing index corruption. The feature may be re-enabled in future versions if
the project finds a solution for the problem. See the release notes, and the
wiki page on this issue for more information:
http://wiki.postgresql.org/abbreviatedkeys_issue
URL: http://www.postgresql.org/about/news/1656/
URL: http://wiki.postgresql.org/abbreviatedkeys_issue
Security: CVE-2016-2193
Security: CVE-2016-3065
|
Saturday, 13 Feb 2016
|
22:42 girgen
Update PostgreSQL to latest versions.
Security Fixes for Regular Expressions, PL/Java
This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.
The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser
URL: http://www.postgresql.org/about/news/1644/
Security: CVE-2016-0773, CVE-2016-0766
|
Saturday, 30 Jan 2016
|
10:40 girgen
Add missing pg_rewind
Pointed out by: Nat Howard
PR: 206750
|
Wednesday, 13 Jan 2016
|
10:36 girgen
Some binaries where moved from contrib to base in 9.5, like pgbench and
pg_upgrade. Other where added in 9.5, but the port failed to install them.
Make sure they are properly installed by the correct port (-client or -server)
[1]
Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]
Add options to allow user to be set for the backup script in periodic.
Add this option only to 9.5 for now. It will be updated to other servers at
next regular patch release. [3]
The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.
Noticed by: Paul Guyot [1]
PR: 192387 [2]
PR: 172110 [3]
PR: 206046 [4]
|
Thursday, 7 Jan 2016
|
19:58 girgen
The PostgreSQL Global Development Group announces the
release of PostgreSQL 9.5.
This release adds UPSERT capability, Row Level Security,
and multiple Big Data features, which will broaden the
user base for the world's most advanced database.
With these new capabilities, PostgreSQL will be
the best choice for even more applications for startups,
large corporations, and government agencies.
Release Notes:
http://www.postgresql.org/docs/current/static/release-9-5.html
What's New in 9.5:
https://wiki.postgresql.org/wiki/What%27s_new_in_PostgreSQL_9.5
| Number of commits found: 16 |
|