13:21 girgen 

The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.

A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center.

Two lesser security fixes are also included in this release:
[CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900),
wherein random numbers generated by contrib/pgcrypto functions may be
easy for another database user to guess (all versions), and
[CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901),
which mistakenly allows an unprivileged user to run commands that
could interfere with in-progress backups (for versions 9.x only).

Approved by:	portmgr (bdrewery)
URL:		http://www.postgresql.org/about/news/1456/
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

 

07:54 girgen 

PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released

This update fixes a denial-of-service (DOS) vulnerability.  All users
should update their PostgreSQL installations as soon as possible.

The security issue fixed in this release, CVE-2013-0255, allows a
previously authenticated user to crash the server by calling
an internal function with invalid arguments.

URL:	http://www.postgresql.org/about/news/1446/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255

 

16:40 girgen 

The PostgreSQL Global Development Group has released an update to all current
versions of the PostgreSQL database system, including versions 9.2.2, 9.1.7,
9.0.11, 8.4.15, and 8.3.22.  Users of PostgreSQL Hot Standby replication
should update at the next possible opportunity. Other users should update
at their next maintenance window.

Deprecate the 8.3.22 version, since it is near end-of-life.

URL:	http://www.postgresql.org/about/news/1430/

Feature safe: yes

 

22:03 girgen 

Update PostgreSQL to 9.2.1, 9.1.6, 9.0.10, 8.4.14 and 8.3.21 respectively.

This update fixes critical issues for major versions 9.1 and 9.2, and
users running those versions should apply it as soon as possible.

URL:	http://www.postgresql.org/about/news/1416/

 

15:24 crees 

Use pre-build instead of pre-everything for backupwarning-- stop making people
wait before fetching etc

Suggested by:	ohauer
Discussed with:	girgen

While here, fix package for postgresql92-server

19:39 jgh 

The PostgreSQL Global Development Group today released security updates for all
active branches
of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and
8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to
those affecting
other open source projects. All users are urged to update their installations at
the first
available opportunity.

This security release fixes a vulnerability in the built-in XML functionality,
and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both
vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT
vulnerability
allows writing files as well. The fixes cause limited backwards compatibility
issues.
These issues correspond to the following two vulnerabilities:

CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of
fixes to older versions, including:

Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby

11:00 girgen 

The PostgreSQL Global Development Group today released security updates for all
active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.

Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30.  All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.

URL:      http://www.postgresql.org/about/news/1398/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
          Fix incorrect password transformation in contrib/pgcrypto’s DES
crypt() function
          This was fixed in a patch release for the FreeBSD ports on May 30.

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
          Ignore SECURITY DEFINER and SET attributes for a procedural
language’s call handle

22:26 jgh 

- Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)

http://www.postgresql.org/about/news/1397/

With hat: pgsql

17:19 crees 

Over to new team, pgsql@FreeBSD.org

16:24 girgen 

The PostgreSQL Global Development Group today released security updates for all
active branches of the PostgreSQL object-relational database system, including
versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18.

Users of pg_dump, users of SSL certificates for validation or users of triggers
using SECURITY DEFINER should upgrade their installations immediately. All
other database administrators are urged to upgrade your version of PostgreSQL
at the next scheduled downtime. More details on the security fixes here:

URL:    http://www.postgresql.org/about/news/1377/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868

13:31 crees 

Update to 8.3.17 and 8.2.23.

Please note that 8.2 is still deprecated, and any users are still strongly
encouraged to move to 8.4 as soon as possible.

21:12 crees 

- To preserve my sanity, slave 82 and 83 to 84, and 90 to 91, resulting in
  three fewer Makefiles to maintain

- Switch patch master site

- Various cleanups

06:59 jgh 

- Add profile support for PostgreSQL servers
- re-assign LOCALBASE to PREFIX
- add PG_GROUP to SUB_PLIST for packaging fix
- fix permissions for package installations

PR:     ports/162776
Submitted by:   jgh, Phil Phillips < pphillips at experts-exchange.com >
Reviewed by: rene (mentor)
Approved by: crees (maintainer, mentor)

19:06 jgh 

fix typo %%PG_GROUP%% in pkg-plist-server

Spotted by: decke
Approved by:    crees, rene (mentors,implicit)

03:35 tabthorpe 

- Reset ports due to maintainer timeouts and lack of response to emails

With hat:       portmgr

21:52 jgh 

Fix plist to create directory with proper ownerships so PostgreSQL database
may start.

PR:     ports/164273 (critical)
Submitted by: Alexander Yerenkow <yerenkow at gmail.com>
Approved by:    maintainer-timeout: girgen (1 day), portmgr (linimon)

16:45 girgen 

The PostgreSQL Global Development Group today released updates for all
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.

This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:

- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
 self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6

Changes marked with ** above require additional, post-update steps in
order to fix all described issues.

URL:    http://www.postgresql.org/docs/current/static/release.html

Also, fix a pthread problem in the FreeBSD port. [1]
PR:     160580 [1]
Feature safe:   yes

20:36 mm 

Make SSL available as an option

PR:             ports/161329
Approved by:    maintainer (timeout)

21:07 crees 

- Fix packaging issue (missed %%PG_USER%% in pkg-plist-server)
- Remove extra bsd.port.pre.mk include from postgresql82-server

PR:             ports/161816 ports/161824 ports/161821
Submitted by:   Jason Helfman (jhelfman@e-e.com)
Approved by:    portmgr (pav)

18:29 crees 

This time remember to bump PORTREVISION

18:21 crees 

Fix SUB_LIST issue by deconditionalising it.

Temporary fix, but will stop the flurry of incoming PRs related.

PR:             ports/161779 ports/161774 ports/161791 ports/161771 ports/161769
Submitted by:   Many people, original fix suggested by Jason Helfman
(jhelfman@e-e.com)
Approved by:    portmgr (pav)

09:03 girgen 

The PostgreSQL Global Development Group today released minor version updates
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.

All users are strongly urged to update their installations at the next
scheduled downtime.

URL:    http://www.postgresql.org/about/news.1355

Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.

22:26 amdmi3 

- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav

14:52 crees 

Revert previous commit -- appears to cause rc problems as I missed some subs

http://www.mail-archive.com/freebsd-ports@freebsd.org/msg35324.html

PR:             ports/157558 ports/157559 ports/157666 ports/157669
Submitted by:   rihad@mail.ru
Approved by:    maintainer (girgen; implicit -- this reverts a commit I did
after maintainer timeout)

09:49 crees 

- Use USERS and GROUPS

PR:             ports/157588
Submitted by:   me
Approved by:    maintainer timeout (girgen, 9 weeks)

23:34 girgen 

Update PostgreSQL to 9.0.4, 8.4.8, 8.3.15 and 8.2.21.

This update contains a critical fix to the pg_upgrade utility
which prevents significant downtime issues. Do not use
pg_upgrade without installing this update first.

The issue with pg_upgrade and the fix are detailed on the PostgreSQL
wiki: http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix
Users who have already used pg_upgrade should run the database repair
script given on that page on their databases as soon as possible.

See the release notes for each version at
http://www.postgresql.org/docs/current/static/release.html for a full
list of changes with details.

Allow the username of the postgresql user to configurable for 8.4 and 9.0.
Largely inspired by the work of Jason Helfman [153668, 153136].

Change PGUSER knob to PG_USER not to clash with PGUSER environment.

PR: 153668, 153136, 155493, 155137

14:48 girgen 

Update to versions 9.0.3, 8.4.7, 8.3.14 and 8.2.20.

This update includes a security fix which prevents a buffer overrun in
the contrib module intarray's input function for the query_int type.
This bug is a security risk since the function's return address could
be overwritten by malicious code.

All supported versions of PostgreSQL are impacted. However, the
affected contrib module is optional. Only users who have installed the
intarray module in their database are affected. See the CVE Advisory
at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015

This release includes 63 bugfixes, including:

- Avoid unexpected conversion overflow in planner for distant date values
- Fix assignment to an array slice that is before the existing range
of subscripts
- Fix pg_restore to do the right thing when escaping large objects
- Avoid failures when EXPLAIN tries to display a simple-form CASE expression
- Improved build support for Windows version
- Fix bug in contrib/seg's GiST picksplit algorithm which caused
performance degredation

The 9.0.3 update also contains several fixes for issues with features
introduced or changed in version 9.0:

- Ensure all the received WAL is fsync'd to disk before exiting walreceiver
- Improve performance of walreceiver by avoiding excess fsync activity
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
- Fix EvalPlanQual for UPDATE of an inheritance tree when the tables
are not all alike

PR:             ports/154436
Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
Feature safe:   yes
Approved by:    portmgr

09:55 mm 

- Update to 8.3.13
- unify ICU handling

PR:             ports/153245
Approved by:    maintainer (timeout)

18:47 bapt 

- Prepare for devel/icu4 deletion
- fix py-icu with icu4.6
- fix portsgresql*server with icu 4.6
- remove now useless icu patch from webkit

16:10 mm 

- Fix build if WITH_ICU or WITH_ICU4 defined (bsd.autotools.mk update)

Approved by:    portmgr (pav)

07:34 ade 

Sync to new bsd.autotools.mk

19:21 sunpoet 

- Use dirrmtry on share/postgresql/tsearch_data for postgresql{83|84|90}-server
- Bump PORTREVISION

PR:             ports/151882
Submitted by:   sunpoet (myself)
Approved by:    girgen (maintainer timeout, 20 days)

23:48 rene 

- Fix optional dependency on security/heimdal
- Bump PORTREVISION
PR:             ports/152029
Submitted by:   Joerg Pulz [Joerg.Pulz frm2.tum.de]
Approved by:    Ryan Steinmetz <rpsfa@rit.edu> (maintainer of net/freeradius*)
                girgen (maintainer of databases/postgresql*-server,
                        14 day timeout)

11:52 ade 

Punt autoconf267->autoconf268

06:58 girgen 

Update all PostgreSQL ports to latest versions.

Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.

PR: ports/132402, ports/145002, ports/146657

18:35 ade 

Autotools update.   Read ports/UPDATING 20100915 for details.

Approved by:    portmgr (for Mk/bsd.port.mk part)
Tested by:      Multiple -exp runs

08:40 erwin 

BROKEN should not be quoted.
No functional change.

02:01 ade 

Bounce PORTREVISION for gettext-related ports.  Have fun, ya'll.

15:43 girgen 

Update all PostgreSQL ports to latest version.

Remove postgresql-contrib in favour for postgresqlNN-contrib.
This way we will get packages built, which is nice.

Security:       CVE-2010-1169
Security:       CVE-2010-1170

The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29. This release
fixes moderate-risk security issues with PL/perl and PL/tcl, as well as
a data corruption issue with standby databases.  Users of any of these
three features should update their PostgreSQL installations immediately.

The PL/perl security fix closes a security hole in PL/perl
procedures which could allow privilege escalation on the host system,
caused by a flaw in Safe.pm; see CVE-2010-1169 and CVE-2010-1447 for
details.  A second patch prevents PL/tcl's pltcl_modules table from
being subverted in order to run arbitrary Tcl scripts; see
CVE-2010-1170.  These issues only affect users who have enabled either
of these two stored procedure languages.

Also corrected is use of the command ALTER TABLE SET TABLESPACE, which
previously could cause data corruption on Warm Standby database slaves.
This issue affects only version 8.4.

There are also 21 other bug fixes in this release, some of which apply
only to version 8.4, and a few of which are specifically for Windows.
While these are generally fixes for minor issues, among the changes are:

     * Fix for a combinational crash condition
     * Prevent normal users from resetting some GUCs in
       their own role definitions
     * Correctly apply constraint exclusion in UPDATE and DELETE queries
     * Minor fixes for WAL archiving
     * Update timezone data for 12 zones

See the release notes for a full list of changes with details.

Releasenotes at http://www.postgresql.org/docs/current/static/release.html

20:37 ale 

PTHREAD_[CFLAGS|LDFLAGS] are already set in CONFIGURE_ENV.

Approved by:    portmgr and maintainer timeout (1 month)

20:29 ale 

Don't link unneeded PTHREAD_LIBS. This fixes php extensions and apache modules.

Approved by:    portmgr and maintainer timeout (1 month)

04:53 delphij 

Forced commit to mention that the previous patchset was:

PR:             ports/141716
Submitted by:   mm

04:32 delphij 

Security update to 8.3.9.

Security:       vid e7bc5600-eaa0-11de-bd9c-00215c6a37bb
Security:       CVE-2009-4034 CVE-2009-4136
With hat:       ports-security

15:13 girgen 

Update PostgreSQL to latest versions.

The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.3.7, 8.2.13, 8.1.17, 8.0.21 and 7.4.25. This release fixes a denial
of service issue with encoding conversion, and all users should update their
installations at the next reasonable opportunity.

There are 12 other minor fixes contained in these update releases, including
fixes for xpath() functions in version 8.3. See the release notes for full
details.

URL: http://www.postgresql.org/docs/8.3/static/release-8-3-7.html
URL: http://www.postgresql.org/docs/8.2/static/release-8-2-13.html
URL: http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-17
URL: http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-21
URL: http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-24

11:59 girgen 

Update PostgreSQL to latest versions.

URL: http://www.postgresql.org/about/news.1055

The PostgreSQL Project today released
updates to all active branches of the
PostgreSQL object-relational database
system, including versions 8.3.6,
8.2.12, 8.1.16, 8.0.20 and 7.4.24. These
updates include two serious fixes, for
autovacuum crashes in version 8.1 and
GiST indexing data loss in 8.3, and
those two versions should be updated as
soon as possible.

These update releases also include
patches for several low-risk security
holes, as well as up to 17 other minor
fixes, depending on your major version
of PostgreSQL. Included as well are
Daylight Savings Time changes for Nepal,
Switzerland and Cuba. See the release
notes for full details.

The first serious issue affects users
who are using version 8.1 with
Autovacuum, which will fail when XID
rollover is required. The second serious
issue can cause data loss when CLUSTER
is used with GiST indexes (such as full
text indexes) on version 8.3. Both
issues are fixed in these releases.

18:07 girgen 

This time, *really* update to *latest* version of PostgreSQL, 8.3.5.

09:49 girgen 

Update PostgreSQL to latest versions.

http://www.postgresql.org/docs/current/static/release-8-3-5.html
http://www.postgresql.org/docs/current/static/release-8-2-11.html
http://www.postgresql.org/docs/current/static/release-8-1-15.html
http://www.postgresql.org/docs/current/static/release-8-0-19.html
http://www.postgresql.org/docs/current/static/release-7-4-23.html

Note that the GiST problem mentioned does not apply to users of
the FreeBSD port, since the previous version of PostgreSQL never
reached the ports tree, due to the freeze of the tree pending the
FreeBSD 7.1 update.

PR:     121848, 124713

11:59 girgen 

Fix missed commit when updating ICU patch to chase update of autoconf 2.61 ->
2.62

00:57 ade 

Conversion from (now defunct) autoconf-2.61 to autoconf-2.62

Tested by:      exp build run (erwin)

23:46 girgen 

Updates of the PostgreSQL ports

Updates for all maintained versions of PostgreSQL are available today:
8.3.3, 8.2.9, 8.1.13, 8.0.17 and 7.4.21.  These releases fix more than
two dozen minor issues reported and patched over the last few months.
All PostgreSQL users should plan to update at their earliest
convenience. People in affected time zones, in particular, should
upgrade as soon as possible.

Release Notes:
        http://www.postgresql.org/docs/8.3/static/release.html

Also, fix umask error in periodic script [1].

PR:             ports/124457 [1]
Submitted by:   Alexandre Perrin

13:17 edwin 

Bump portrevision due to upgrade of devel/gettext.

The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).

PR:             ports/124340
Submitted by:   edwin@
Approved by:    portmgr (pav)

09:37 pav 

- Remove USE_GETOPT_LONG which is a no-op since March 200

22:25 girgen 

Update to 8.3.1

Release notes:
http://developer.postgresql.org/pgdocs/postgres/release-8-3-1.html

19:04 girgen 

The ICU patch <http://people.freebsd.org/~girgen/postgresql-icu/README.html>
is finally ported to postgresql-8.3, thanks to Petr Jelinek and yours truly.

12:55 girgen 

Remove bad "BETA" alert. This is not beta anymore.
Set update_process_title = off, as suggested by kris@ and others.

17:12 girgen 

Today the PostgreSQL Global Development Group releases the
long-awaited version 8.3 of the most advanced open source database,
which cements our place as the best performing open source
database. Among the performance features you'll be excited about in
8.3 are:

    * Heap Only Tuples
    * BGWriter Autotuning
    * Asynchronous Commit
    * Spread Checkpoints
    * Synchronous Scan
    * "Var-Varlena"
    * L2 Cache Protection
    * Lazy XID

8.3 also has a lot of cool features for PostgreSQL DBAs and developers,
including:

    * CSV Logging
    * SQL/XML
    * MS Visual C++ support
    * ENUMs
    * Integrated Tsearch
    * SSPI & GSSAPI
    * Composite Type Arrays
    * pg_standby

14:08 girgen 

Update to RC2.

[1] Fix problem installing from package.

[2] Use DISTVERSION instead of PORTVERSION.
    (the port reports now correct version 8.3.r2)

[2] Enable more 8.3 features:
    - Add OPTION for the new XML data type (default: enabled)
    - Add OPTION for usage of system timezone data (default: included tzdata)

PR:             ports/119770 [1], ports/119561 [2]
Submitted by:   Artis Caune [1], Martin Matuska [2]

09:15 girgen 

Fix MASTER_SITE_SUBDIR

PR:             ports/119477
Submitted by:   Sunpoet Po-Chuan Hsieh

13:51 girgen 

Update all PostgreSQL ports to latest versions.

This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.

Security: http://www.postgresql.org/about/news.905

19:50 pav 

- Mark BROKEN: unfetchable

07:10 girgen 

Update to PostgreSQL 8.3 beta2.

http://www.postgresql.org/developer/beta

This is beta quality, don't use in production.

Approved by:    portmgr (erwin)

15:32 girgen 

Introducing the first beta of PostgreSQL 8.3

Note that this is a BETA VERSION of the PostgreSQL server.
Use it only for testing.

13:17 girgen 

Work in progress