update to all supported versions of the PostgreSQL database system,
which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20. This update contains fixes for multiple security issues, as
well as several fixes for replication and data integrity issues. All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application.
This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063
CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067
This update fixes a denial-of-service (DOS) vulnerability. All users
should update their PostgreSQL installations as soon as possible.
The security issue fixed in this release, CVE-2013-0255, allows a
previously authenticated user to crash the server by calling
an internal function with invalid arguments.
URL: http://www.postgresql.org/about/news/1446/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
versions of the PostgreSQL database system, including versions 9.2.2, 9.1.7,
9.0.11, 8.4.15, and 8.3.22. Users of PostgreSQL Hot Standby replication
should update at the next possible opportunity. Other users should update
at their next maintenance window.
Deprecate the 8.3.22 version, since it is near end-of-life.
URL: http://www.postgresql.org/about/news/1430/
Feature safe: yes
"PostgreSQL 9.2 will ship with native JSON support,
covering indexes, replication and performance improvements,
and many more features."
Read more at the web site.
URL: http://www.postgresql.org/about/news/1415/
of PostgreSQL 9.2, which will include major increases in performance and
both vertical and horizontal scalability. The PostgreSQL Project asks
all users to download and begin testing 9.2 beta 3 as soon as possible.
9.2 Beta 3 includes multiple bug fixes to earlier beta releases, fixing
almost all known outstanding issues as of last week. Among them are:
* Multiple documentation updates
* Apply translation updates
* Fixes to transaction log and replication issues with SP-GiST
* Replace libpq's "row processor" API with a "single row" mode.
* Fix WITH issue with set operations (UNION/INTERSECT/EXCEPT)
* Improvements to Autovacuum cancellation
* Multiple pg_upgrade fixes
* Fix memory leak in pg_recievexlog
* Restore statistics collection broken by change to bgwriter
* Prevent corner-case coredump with rfree().
If you previously tested 9.2 beta and found one or more bugs, please
test 9.2 beta 3 and make sure that those issues are resolved. If you
haven't yet tested 9.2, please help out the PostgreSQL project by
testing it now!
More information on how to test and report issues:
http://www.postgresql.org/developer/beta
active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.
Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30. All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.
URL: http://www.postgresql.org/about/news/1398/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
Fix incorrect password transformation in contrib/pgcryptoâs DES crypt() function
This was fixed in a patch release for the FreeBSD ports on May 30.
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
Ignore SECURITY DEFINER and SET attributes for a procedural languageâs call handle
PostgreSQL 9.2, which will include major increases in performance and
both vertical and horizontal scalability. The PostgreSQL Project asks
all users to download and begin testing 9.2 Beta as soon as possible.
Major performance and scalability advances in this version include:
* Index-only scans, allowing users to avoid inefficient scans of base
tables
* Enhanced read-only workload scaling to 64 cores and over 300,000
queries per second
* Improvements to data write speeds, including group commit
* Reductions in CPU power consumption
* Cascading replication, supporting geographically distributed standby
databases
PostgreSQL 9.2 will also offer many new features for application
developers, including:
* JSON data support, enabling hybrid document-relational databases
* Range types, supporting new types of calendar, time-series and
* analytic applications
* Multiple improvements to ALTER and other statements, easing runtime
* database updates
For a full listing of the features in version 9.2 Beta, please see the
release notes:
http://www.postgresql.org/docs/devel/static/release-9-2.html
We depend on our community to help test the next version in order to
guarantee that it is high-performance and bug-free. Please install
PostgreSQL 9.2 Beta and try it with your workloads and applications as
soon as you can, and give feedback to the PostgreSQL developers. More
information on how to test and report issues:
http://www.postgresql.org/developer/beta
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.
This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:
- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6
Changes marked with ** above require additional, post-update steps in
order to fix all described issues.
URL: http://www.postgresql.org/docs/current/static/release.html
Also, fix a pthread problem in the FreeBSD port. [1]
PR: 160580 [1]
Feature safe: yes
- Remove extra bsd.port.pre.mk include from postgresql82-server
PR: ports/161816 ports/161824 ports/161821
Submitted by: Jason Helfman (jhelfman@e-e.com)
Approved by: portmgr (pav)
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.
All users are strongly urged to update their installations at the next
scheduled downtime.
URL: http://www.postgresql.org/about/news.1355
Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.
See http://www.postgresql.org/about/news.1313 for more info.
Also, use USERS knob instead of explicitally creating the pgsql user
while still accepting alternative names, using [1] with some added
magic.
PR: 157667 [1]
This update contains a critical fix to the pg_upgrade utility
which prevents significant downtime issues. Do not use
pg_upgrade without installing this update first.
The issue with pg_upgrade and the fix are detailed on the PostgreSQL
wiki: http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix
Users who have already used pg_upgrade should run the database repair
script given on that page on their databases as soon as possible.
See the release notes for each version at
http://www.postgresql.org/docs/current/static/release.html for a full
list of changes with details.
Allow the username of the postgresql user to configurable for 8.4 and 9.0.
Largely inspired by the work of Jason Helfman [153668, 153136].
Change PGUSER knob to PG_USER not to clash with PGUSER environment.
PR: 153668, 153136, 155493, 155137
Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.
PR: ports/132402, ports/145002, ports/146657
announces the availability of our most eagerly awaited release.
PostgreSQL 9.0 includes built-in, binary replication, and over a dozen
other major features which will appeal to everyone from web developers
to database hackers.
9.0 includes more major features than any release before it, including:
* Hot standby
* Streaming replication
* In-place upgrades
* 64-bit Windows builds
* Easy mass permissions management
* Anonymous blocks and named parameter calls for stored procedures
* New windowing functions and ordered aggregates
... and many more. For details on the over 200 additions and
improvements in this version, developed by over a hundred contributors,
please see the release notes.
"These kinds of feature additions continue to make a strong case for why
mission-critical technology tasks can continue to depend on the power,
flexibility and robustness of PostgreSQL,â said Afilias CTO Ram Mohan.
More information on PostgreSQL 9.0:
* Release notes
http://www.postgresql.org/docs/9.0/static/release-9-0
* Presskit
http://www.postgresql.org/about/press/presskit90
* Guide to 9.0:
http://wiki.postgresql.org/wiki/What's_new_in_PostgreSQL_9.0
---
PR: 150430, Add dtrace
- Set INTDATE on as default (this is default by PostgreSQL)
PR: ports/139277
Submitted by: Olli Hauer <ohauer@gmx.de>
Approved by: maintainer timeout (2 months)
After many years of development, PostgreSQL has become feature-complete in many areas.
This release shows a targeted approach to adding features (e.g., authentication,
monitoring, space reuse), and adds capabilities defined in the later SQL standards.
The major areas of enhancement are:
Windowing Functions
Common Table Expressions and Recursive Queries
Default and variadic parameters for functions
Parallel Restore
Column Permissions
Per-database locale settings
Improved hash indexes
Improved join performance for EXISTS and NOT EXISTS queries
Easier-to-use Warm Standby
Automatic sizing of the Free Space Map
Visibility Map (greatly reduces vacuum overhead for slowly-changing tables)
Version-aware psql (backslash commands work against older servers)
Support SSL certificates for user authentication
Per-function runtime statistics
Easy editing of functions in psql
New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin
URL: http://www.postgresql.org/docs/8.4/interactive/release-8-4.html
URL: http://www.postgresql.org/about/news.1055
The PostgreSQL Project today released
updates to all active branches of the
PostgreSQL object-relational database
system, including versions 8.3.6,
8.2.12, 8.1.16, 8.0.20 and 7.4.24. These
updates include two serious fixes, for
autovacuum crashes in version 8.1 and
GiST indexing data loss in 8.3, and
those two versions should be updated as
soon as possible.
These update releases also include
patches for several low-risk security
holes, as well as up to 17 other minor
fixes, depending on your major version
of PostgreSQL. Included as well are
Daylight Savings Time changes for Nepal,
Switzerland and Cuba. See the release
notes for full details.
The first serious issue affects users
who are using version 8.1 with
Autovacuum, which will fail when XID
rollover is required. The second serious
issue can cause data loss when CLUSTER
is used with GiST indexes (such as full
text indexes) on version 8.3. Both
issues are fixed in these releases.
Updates for all maintained versions of PostgreSQL are available today:
8.3.3, 8.2.9, 8.1.13, 8.0.17 and 7.4.21. These releases fix more than
two dozen minor issues reported and patched over the last few months.
All PostgreSQL users should plan to update at their earliest
convenience. People in affected time zones, in particular, should
upgrade as soon as possible.
Release Notes:
http://www.postgresql.org/docs/8.3/static/release.html
Also, fix umask error in periodic script [1].
PR: ports/124457 [1]
Submitted by: Alexandre Perrin
long-awaited version 8.3 of the most advanced open source database,
which cements our place as the best performing open source
database. Among the performance features you'll be excited about in
8.3 are:
* Heap Only Tuples
* BGWriter Autotuning
* Asynchronous Commit
* Spread Checkpoints
* Synchronous Scan
* "Var-Varlena"
* L2 Cache Protection
* Lazy XID
8.3 also has a lot of cool features for PostgreSQL DBAs and developers, including:
* CSV Logging
* SQL/XML
* MS Visual C++ support
* ENUMs
* Integrated Tsearch
* SSPI & GSSAPI
* Composite Type Arrays
* pg_standby
[1] Fix problem installing from package.
[2] Use DISTVERSION instead of PORTVERSION.
(the port reports now correct version 8.3.r2)
[2] Enable more 8.3 features:
- Add OPTION for the new XML data type (default: enabled)
- Add OPTION for usage of system timezone data (default: included tzdata)
PR: ports/119770 [1], ports/119561 [2]
Submitted by: Artis Caune [1], Martin Matuska [2]
This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.
Security: http://www.postgresql.org/about/news.905
The new release includes performance improvements and advanced SQL
features which will support bigger data warehouses, higher-volume
transaction processing, and more complex distributed enterprise
software.
Major new features in this release include:
Roles:
PostgreSQL now supports database roles, which simplify the
management of large numbers of users with complex
overlapping database rights.
IN/OUT Parameters:
PostgreSQL functions now support IN, OUT and INOUT
parameters, which substantially improves support of complex
business logic for J2EE and .NET applications.
Two-Phase Commit (2PC):
Long in demand for WAN applications and heterogeneous data
centers using PostgreSQL, this feature allows
ACID-compliant transactions across widely separated
servers.
Some Performance Enhancements found in this release include:
Improved Multiprocessor (SMP) Performance:
The buffer manager for 8.1 has been enhanced to scale almost
linearly with the number of processors, leading to significant
performance gains on 8-way, 16-way, dual-core, and multi-core
CPU servers.
Bitmap Scan:
Indexes will be dynamically converted to bitmaps in memory when
appropriate, giving up to twenty times faster index performance
on complex queries against very large tables.
Table Partitioning:
The query planner is now able to avoid scanning whole sections
of a large table using a technique known as Constraint
Exclusion.
Shared Row Locking:
PostgreSQL's "better than row-level locking" now supports even
higher levels of concurrency through the addition of shared
row locks for foreign keys.
For a more complete listing of changes in this release, please see the
Release Notes visible at:
http://www.postgresql.org/docs/current/static/release.html#RELEASE-8-1
installed, the patched gram.y file would not be used and the security
patch would be a no-op. Also, I've had reports of compilation errors
related to bison.
Since checking for the correct version of bison is hard and error
prone, I'm doing what the postgresql distribution does - patching the
yacc:ed .c file to get rid of the building dependency.
Bumping portrevision of -server.
Pointy hat to: me
Noticed by: Mike Harding and others
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (implicit)
