22:36 girgen 

Update PostgreSQL to latest versions

URL:	http://www.postgresql.org/docs/9.5/static/release-9-5-3.html

 

14:49 girgen 

Update PostgreSQL 9.1, 9.2 9.3 and 9.4 to latest versions.

URL:	http://www.postgresql.org/about/news/1656/

 

21:25 girgen 

Update PostgreSQL port to latest version.

Two security issues have been fixed in this release which affect users
of specific PostgreSQL features:

CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.

CVE-2015-5288: The crypt( function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.

This update will also disable SSL renegotiation by default;
previously, it was enabled by default.   SSL renegotiation will be
removed entirely in PostgreSQL versions 9.5 and later.

URL:		http://www.postgresql.org/about/news/1615/
Security:	CVE-2015-5288 CVE-2015-5289

 

22:45 bapt 

Simplify a bit the Makefiles

Use OPTIONS_SUB to automatically PLIST_SUB
Use OPTIONS helpers

 

21:46 bapt 

Cleanup plist and avoid useless @exec

 

22:54 girgen 

Update PostgreSQL-9.x to latests versions.

This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.

Security:	CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
		CVE-2015-0244,CVE-2014-8161

 

18:21 crees 

Update to the latest snapshots.

uuid-ossp patch has been outdated with irrelevant changes (for us),
so massage back in.

In head of postgresql, this is handled properly, so eventually the ossp patches
can go.

 

17:24 antoine 

Stage support

Reviewed by:	postgresql@
Tested by:	miwi and me

 

20:42 girgen 

remove missing tzdata files

 

13:21 girgen 

The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.

A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center.

Two lesser security fixes are also included in this release:
[CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900),
wherein random numbers generated by contrib/pgcrypto functions may be
easy for another database user to guess (all versions), and
[CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901),
which mistakenly allows an unprivileged user to run commands that
could interfere with in-progress backups (for versions 9.x only).

Approved by:	portmgr (bdrewery)
URL:		http://www.postgresql.org/about/news/1456/
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

 

07:54 girgen 

PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released

This update fixes a denial-of-service (DOS) vulnerability.  All users
should update their PostgreSQL installations as soon as possible.

The security issue fixed in this release, CVE-2013-0255, allows a
previously authenticated user to crash the server by calling
an internal function with invalid arguments.

URL:	http://www.postgresql.org/about/news/1446/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255

 

11:00 girgen 

The PostgreSQL Global Development Group today released security updates for all
active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.

Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30.  All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.

URL:      http://www.postgresql.org/about/news/1398/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
          Fix incorrect password transformation in contrib/pgcrypto’s DES
crypt() function
          This was fixed in a patch release for the FreeBSD ports on May 30.

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
          Ignore SECURITY DEFINER and SET attributes for a procedural
language’s call handle

16:24 girgen 

The PostgreSQL Global Development Group today released security updates for all
active branches of the PostgreSQL object-relational database system, including
versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18.

Users of pg_dump, users of SSL certificates for validation or users of triggers
using SECURITY DEFINER should upgrade their installations immediately. All
other database administrators are urged to upgrade your version of PostgreSQL
at the next scheduled downtime. More details on the security fixes here:

URL:    http://www.postgresql.org/about/news/1377/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868

15:32 crees 

Install new pg_basebackup tool by default

Submitted by:   kuriyama

06:59 jgh 

- Add profile support for PostgreSQL servers
- re-assign LOCALBASE to PREFIX
- add PG_GROUP to SUB_PLIST for packaging fix
- fix permissions for package installations

PR:     ports/162776
Submitted by:   jgh, Phil Phillips < pphillips at experts-exchange.com >
Reviewed by: rene (mentor)
Approved by: crees (maintainer, mentor)

19:06 jgh 

fix typo %%PG_GROUP%% in pkg-plist-server

Spotted by: decke
Approved by:    crees, rene (mentors,implicit)

21:35 jgh 

Fix plist to create directory with proper ownerships PostgreSQL database
may start.

PR:     ports/164273 (critical)
Submitted by: Alexander Yerenkow <yerenkow at gmail.com>
Approved by:    maintainer-timeout: girgen (1 day), portmgr (linimon)

16:45 girgen 

The PostgreSQL Global Development Group today released updates for all
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.

This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:

- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
 self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6

Changes marked with ** above require additional, post-update steps in
order to fix all described issues.

URL:    http://www.postgresql.org/docs/current/static/release.html

Also, fix a pthread problem in the FreeBSD port. [1]
PR:     160580 [1]
Feature safe:   yes

21:07 crees 

- Fix packaging issue (missed %%PG_USER%% in pkg-plist-server)
- Remove extra bsd.port.pre.mk include from postgresql82-server

PR:             ports/161816 ports/161824 ports/161821
Submitted by:   Jason Helfman (jhelfman@e-e.com)
Approved by:    portmgr (pav)

09:03 girgen 

The PostgreSQL Global Development Group today released minor version updates
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.

All users are strongly urged to update their installations at the next
scheduled downtime.

URL:    http://www.postgresql.org/about/news.1355

Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.

09:53 girgen 

Update to PostgreSQL version 9.1.0
SITE: http://www.postgresql.org/docs/9.1/static/release-9-1.html

12:09 girgen 

Update to 9.1 beta 3
Fix broken plist for the postgres user's home directory
Release notes at http://www.postgresql.org/about/news.1331

08:31 girgen 

Update to 9.1beta2
Fix proken plists wrt NLS

23:14 girgen 

Add postgresql 9.1 beta1.

See http://www.postgresql.org/about/news.1313 for more info.

Also, use USERS knob instead of explicitally creating the pgsql user
while still accepting alternative names, using [1] with some added
magic.

PR:     157667 [1]

07:46 girgen 

Forced commit to document that repocopy from postgresql90-server was made.
PR:  ports/156485