notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: databases/postgresql10-server/pkg-plist-client

Number of commits found: 10

Tuesday, 7 Mar 2023
21:40 Rene Ladan (rene) search for other commits by this committer
databases/postgresql10-*: Remove expired ports

2023-03-07 databases/postgresql10-client: PostgreSQL 10 has reached end-of-life
2023-03-07 databases/postgresql10-contrib: PostgreSQL 10 has reached end-of-life
2023-03-07 databases/postgresql10-docs: PostgreSQL 10 has reached end-of-life
2023-03-07 databases/postgresql10-pgtcl: PostgreSQL-10 has reached end-of-life
2023-03-07 databases/postgresql10-plperl: PostgreSQL 10 has reached end-of-life
2023-03-07 databases/postgresql10-plpython: PostgreSQL 10 has reached
end-of-life
2023-03-07 databases/postgresql10-pltcl: PostgreSQL 10 has reached end-of-life
2023-03-07 databases/postgresql10-server: PostgreSQL 10 has reached end-of-life
commit hash: 3839b1978750ced6dcb9deb41215b9570319bb93 commit hash: 3839b1978750ced6dcb9deb41215b9570319bb93 commit hash: 3839b1978750ced6dcb9deb41215b9570319bb93 commit hash: 3839b1978750ced6dcb9deb41215b9570319bb93 3839b19
Thursday, 19 May 2022
13:36 Palle Girgensohn (girgen) search for other commits by this committer
databases/postgresql??-*: add postgresql-15 to the ports tree

Introduce PostgreSQL-15 to the ports tree.

Make version 15 the master port, and add plist parameter for the
postgresql version.

Release notes:	https://www.postgresql.org/docs/devel/release.html
commit hash: 5b11f47f0d59c95f6dcf1ff75badede5ec84e72e commit hash: 5b11f47f0d59c95f6dcf1ff75badede5ec84e72e commit hash: 5b11f47f0d59c95f6dcf1ff75badede5ec84e72e commit hash: 5b11f47f0d59c95f6dcf1ff75badede5ec84e72e 5b11f47
Thursday, 13 Aug 2020
13:45 girgen search for other commits by this committer
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.4, 11.9, 10.14,
9.6.19, and 9.5.23.

This release closes two security vulnerabilities and fixes over 50 bugs
reported over the last three months.

Please plan to update at your earliest convenience.

Security Issues
---------------

* CVE-2020-14349: Uncontrolled search path element in logical replication.

Versions Affected: 10 - 12.

The PostgreSQL `search_path` setting determines schemas searched for
tables, functions, operators, etc. The CVE-2018-1058 fix caused most
PostgreSQL-provided client applications to sanitize `search_path`, but
logical replication continued to leave `search_path` unchanged. Users of
a replication publisher or subscriber database can create objects in the
`public` schema and harness them to execute arbitrary SQL functions
under the identity running replication, often a superuser. Installations
having adopted a documented secure schema usage pattern are not vulnerable.

The PostgreSQL project thanks Noah Misch for reporting this problem.

* CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`.

Versions Affected: 9.5 - 12. The security team typically does not test
unsupported versions, but this problem is quite old.

When a superuser runs certain `CREATE EXTENSION` statements, users may
be able to execute arbitrary SQL functions under the identity of that
superuser. The attacker must have permission to create objects in the
new extension's schema or a schema of a prerequisite extension.  Not all
extensions are vulnerable.

In addition to correcting the extensions provided with PostgreSQL, the
PostgreSQL Global Development Group is issuing guidance for third-party
extension authors to secure their own work.

The PostgreSQL project thanks Andres Freund for reporting this problem.

Security:	CVE-2020-14349, CVE-2020-14350
Original commitRevision:544810 
Friday, 15 Feb 2019
11:02 girgen search for other commits by this committer
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.2, 10.7, 9.6.12,
9.5.16, and 9.4.21. This release changes the behavior in how PostgreSQL
interfaces with `fsync()` and includes fixes for partitioning and over
70 other bugs that were reported over the past three months.

Users should plan to apply this update at the next scheduled downtime.

FreeBSD port adds OPTIONS knob to support LLVM JIT. [1]

Highlight: Change in behavior with fsync()
------------------------------------------

When available in an operating system and enabled in the configuration
file (which it is by default), PostgreSQL uses the kernel function
`fsync()` to help ensure that data is written to a disk. In some
operating systems that provide `fsync()`, when the kernel is unable to
write out the data, it returns a failure and flushes the data that was
supposed to be written from its data buffers.

This flushing operation has an unfortunate side-effect for PostgreSQL:
if PostgreSQL tries again to write the data to disk by again calling
`fsync()`, `fsync()` will report back that it succeeded, but the data
that PostgreSQL believed to be saved to the disk would not actually be
written. This presents a possible data corruption scenario.

This update modifies how PostgreSQL handles a `fsync()` failure:
PostgreSQL will no longer retry calling `fsync()` but instead will
panic. In this case, PostgreSQL can then replay the data from the
write-ahead log (WAL) to help ensure the data is written. While this may
appear to be a suboptimal solution, there are presently few alternatives
and, based on reports, the problem case occurs extremely rarely.

A new server parameter `data_sync_retry` has been added to manage this
behavior. If you are certain that your kernel does not discard dirty
data buffers in such scenarios, you can set `data_sync_retry` to `on` to
restore the old behavior.

Release Notes:	https://www.postgresql.org/about/news/1920/
PR:		232490 [1]
Original commitRevision:492989 
Friday, 10 Aug 2018
09:25 girgen search for other commits by this committer
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24.  This release fixes two security issues as well as bugs reported over
the last three months.

If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.

Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.

The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.

This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.

Releasenotes:	https://www.postgresql.org/about/news/1878/
PR:		229523, 198588
Security:	96eab874-9c79-11e8-b34b-6cc21735f730
Security:	CVE-2018-10915, CVE-2018-10925
Original commitRevision:476819 
Friday, 11 May 2018
13:10 girgen search for other commits by this committer
Up

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23.
This release fixes one security issue as well as several bugs reported over the
last three months. Users should plan to update at the next convenient downtime.

Please see the "Updating" section for post-installation steps for the security
fix and the "incorrect volatility and parallel-safety markings" fix.

Releasenotes:	https://www.postgresql.org/about/news/1851/
Security:	CVE-2018-1115 Too-permissive access control list on function
pg_logfile_rotate()

FreeBSD's port of PostgreSQL uses syslog by default, so the above security
problem is only a problem if you changed the logging configuration. Please
visit the releasenotes linked above and take the actions needed.
Original commitRevision:469638 
Thursday, 1 Mar 2018
15:10 girgen search for other commits by this committer
2018-03-01 Security Update Release

The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.

The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.

We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.

After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.

Security:	CVE-2018-1058
Original commitRevision:463327 
Thursday, 8 Feb 2018
17:38 girgen search for other commits by this committer
Update to latest versions of PostgreSQL

2018-02-08 Security Update Release
==================================

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.2, 9.6.7, 9.5.11, 9.4.16, 9.3.21.
This release fixes two security issues. This release also fixes issues with
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as
well as fixes for using parallel queries and logical replication.

All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required.

Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.2 from 10.0 or 10.1 is considered a
minor update.

Security Issues
---------------

Two security vulnerabilities have been fixed by this release:

* CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable

Local fixes to the FreeBSD ports
--------------------------------

Inform users about data checksums [1].
Make sure /usr/bin/su is used regardless of PATH settings [2].
Enable DTRACE by default [3].

PR:		214671 [1], 223157 [2], 215028 [3]
Security:	c602c791-0cf4-11e8-a2ec-6cc21735f730
Original commitRevision:461251 
Thursday, 21 Sep 2017
13:43 girgen search for other commits by this committer
Upgrading to RC 1

PostgreSQL 10 RC 1 requires an upgrade from beta 4, or earlier either
using pg_dump / pg_restore or pg_upgrade.

Any bug fixes applied to 9.6 or earlier that also affected 10 are
included in RC 1, as well issues that were reported with Beta 4.

Changes Since Beta 4

PostgreSQL 10 RC 1 contains fixes for issues discovered by users when
testing Beta 4, including:

* Add psql variables showing server version and psql version.
* Several fixes for partitioning
* Several fixes for logical replication
* Several fixes for transition tables
* Fix for query that could end up in an uninterruptible state

Note that some known issues remain unfixed.  Before reporting a bug in
the release candidate, please check the Open Items page.

URL: https://wiki.postgresql.org/wiki/New_in_postgres_10
URL: https://www.postgresql.org/docs/devel/static/release-10.html
Original commitRevision:450258 
Thursday, 10 Aug 2017
14:23 girgen search for other commits by this committer
Add PostgreSQL-10 to the ports tree

The PostgreSQL Global Development Group announces today that the
third beta release of PostgreSQL 10 is available for download. This
release contains previews of all of the features which will be
available in the final release of version 10, including fixes to many
of the issues found in the second beta.  Users are encouraged to begin
testing their applications against 10 beta3.

URL:	https://www.postgresql.org/about/news/1771/
Original commitRevision:447680 

Number of commits found: 10