This patch is for PostgreSQL 8.2, 8.3, 8.4 and 9.0.
PostgreSQL 9.1 has it already.
PR: ports/158727
Submitted by: sunpoet (myself)
Approved by: girgen (maintainer timeout, 5 weeks)
This update contains a critical fix to the pg_upgrade utility
which prevents significant downtime issues. Do not use
pg_upgrade without installing this update first.
The issue with pg_upgrade and the fix are detailed on the PostgreSQL
wiki: http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix
Users who have already used pg_upgrade should run the database repair
script given on that page on their databases as soon as possible.
See the release notes for each version at
http://www.postgresql.org/docs/current/static/release.html for a full
list of changes with details.
Allow the username of the postgresql user to configurable for 8.4 and 9.0.
Largely inspired by the work of Jason Helfman [153668, 153136].
Change PGUSER knob to PG_USER not to clash with PGUSER environment.
PR: 153668, 153136, 155493, 155137
This update includes a security fix which prevents a buffer overrun in
the contrib module intarray's input function for the query_int type.
This bug is a security risk since the function's return address could
be overwritten by malicious code.
All supported versions of PostgreSQL are impacted. However, the
affected contrib module is optional. Only users who have installed the
intarray module in their database are affected. See the CVE Advisory
at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
This release includes 63 bugfixes, including:
- Avoid unexpected conversion overflow in planner for distant date values
- Fix assignment to an array slice that is before the existing range
of subscripts
- Fix pg_restore to do the right thing when escaping large objects
- Avoid failures when EXPLAIN tries to display a simple-form CASE expression
- Improved build support for Windows version
- Fix bug in contrib/seg's GiST picksplit algorithm which caused
performance degredation
The 9.0.3 update also contains several fixes for issues with features
introduced or changed in version 9.0:
- Ensure all the received WAL is fsync'd to disk before exiting walreceiver
- Improve performance of walreceiver by avoiding excess fsync activity
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
- Fix EvalPlanQual for UPDATE of an inheritance tree when the tables
are not all alike
PR: ports/154436
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
Feature safe: yes
Approved by: portmgr
Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.
PR: ports/132402, ports/145002, ports/146657
Remove postgresql-contrib in favour for postgresqlNN-contrib.
This way we will get packages built, which is nice.
Security: CVE-2010-1169
Security: CVE-2010-1170
The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29. This release
fixes moderate-risk security issues with PL/perl and PL/tcl, as well as
a data corruption issue with standby databases. Users of any of these
three features should update their PostgreSQL installations immediately.
The PL/perl security fix closes a security hole in PL/perl
procedures which could allow privilege escalation on the host system,
caused by a flaw in Safe.pm; see CVE-2010-1169 and CVE-2010-1447 for
details. A second patch prevents PL/tcl's pltcl_modules table from
being subverted in order to run arbitrary Tcl scripts; see
CVE-2010-1170. These issues only affect users who have enabled either
of these two stored procedure languages.
Also corrected is use of the command ALTER TABLE SET TABLESPACE, which
previously could cause data corruption on Warm Standby database slaves.
This issue affects only version 8.4.
There are also 21 other bug fixes in this release, some of which apply
only to version 8.4, and a few of which are specifically for Windows.
While these are generally fixes for minor issues, among the changes are:
* Fix for a combinational crash condition
* Prevent normal users from resetting some GUCs in
their own role definitions
* Correctly apply constraint exclusion in UPDATE and DELETE queries
* Minor fixes for WAL archiving
* Update timezone data for 12 zones
See the release notes for a full list of changes with details.
Releasenotes at http://www.postgresql.org/docs/current/static/release.html
- Set INTDATE on as default (this is default by PostgreSQL)
PR: ports/139277
Submitted by: Olli Hauer <ohauer@gmx.de>
Approved by: maintainer timeout (2 months)
propogated by copy and paste.
1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).
No PORTREVISION bumps because all of these changes are noops.
After many years of development, PostgreSQL has become feature-complete in many areas.
This release shows a targeted approach to adding features (e.g., authentication,
monitoring, space reuse), and adds capabilities defined in the later SQL standards.
The major areas of enhancement are:
Windowing Functions
Common Table Expressions and Recursive Queries
Default and variadic parameters for functions
Parallel Restore
Column Permissions
Per-database locale settings
Improved hash indexes
Improved join performance for EXISTS and NOT EXISTS queries
Easier-to-use Warm Standby
Automatic sizing of the Free Space Map
Visibility Map (greatly reduces vacuum overhead for slowly-changing tables)
Version-aware psql (backslash commands work against older servers)
Support SSL certificates for user authentication
Per-function runtime statistics
Easy editing of functions in psql
New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin
URL: http://www.postgresql.org/docs/8.4/interactive/release-8-4.html
After many years of development, PostgreSQL has become feature-complete in many areas.
This release shows a targeted approach to adding features (e.g., authentication,
monitoring, space reuse), and adds capabilities defined in the later SQL standards.
The major areas of enhancement are:
Windowing Functions
Common Table Expressions and Recursive Queries
Default and variadic parameters for functions
Parallel Restore
Column Permissions
Per-database locale settings
Improved hash indexes
Improved join performance for EXISTS and NOT EXISTS queries
Easier-to-use Warm Standby
Automatic sizing of the Free Space Map
Visibility Map (greatly reduces vacuum overhead for slowly-changing tables)
Version-aware psql (backslash commands work against older servers)
Support SSL certificates for user authentication
Per-function runtime statistics
Easy editing of functions in psql
New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin
URL: http://www.postgresql.org/docs/8.4/interactive/release-8-4.html
URL: http://www.postgresql.org/about/news.1055
The PostgreSQL Project today released
updates to all active branches of the
PostgreSQL object-relational database
system, including versions 8.3.6,
8.2.12, 8.1.16, 8.0.20 and 7.4.24. These
updates include two serious fixes, for
autovacuum crashes in version 8.1 and
GiST indexing data loss in 8.3, and
those two versions should be updated as
soon as possible.
These update releases also include
patches for several low-risk security
holes, as well as up to 17 other minor
fixes, depending on your major version
of PostgreSQL. Included as well are
Daylight Savings Time changes for Nepal,
Switzerland and Cuba. See the release
notes for full details.
The first serious issue affects users
who are using version 8.1 with
Autovacuum, which will fail when XID
rollover is required. The second serious
issue can cause data loss when CLUSTER
is used with GiST indexes (such as full
text indexes) on version 8.3. Both
issues are fixed in these releases.
Updates for all maintained versions of PostgreSQL are available today:
8.3.3, 8.2.9, 8.1.13, 8.0.17 and 7.4.21. These releases fix more than
two dozen minor issues reported and patched over the last few months.
All PostgreSQL users should plan to update at their earliest
convenience. People in affected time zones, in particular, should
upgrade as soon as possible.
Release Notes:
http://www.postgresql.org/docs/8.3/static/release.html
Also, fix umask error in periodic script [1].
PR: ports/124457 [1]
Submitted by: Alexandre Perrin
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)
long-awaited version 8.3 of the most advanced open source database,
which cements our place as the best performing open source
database. Among the performance features you'll be excited about in
8.3 are:
* Heap Only Tuples
* BGWriter Autotuning
* Asynchronous Commit
* Spread Checkpoints
* Synchronous Scan
* "Var-Varlena"
* L2 Cache Protection
* Lazy XID
8.3 also has a lot of cool features for PostgreSQL DBAs and developers, including:
* CSV Logging
* SQL/XML
* MS Visual C++ support
* ENUMs
* Integrated Tsearch
* SSPI & GSSAPI
* Composite Type Arrays
* pg_standby
[1] Fix problem installing from package.
[2] Use DISTVERSION instead of PORTVERSION.
(the port reports now correct version 8.3.r2)
[2] Enable more 8.3 features:
- Add OPTION for the new XML data type (default: enabled)
- Add OPTION for usage of system timezone data (default: included tzdata)
PR: ports/119770 [1], ports/119561 [2]
Submitted by: Artis Caune [1], Martin Matuska [2]
This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.
Security: http://www.postgresql.org/about/news.905
The recent security release (8.0.11, 8.1.7, 8.2.2) has been withdrawn.
It contained an issue which causes error with custom data types, type
constraints and expression indexes. These upgrades fix the problem.
A vulnerability allows suppressing the normal checks that a SQL
function returns the data type it's declared to do. These errors can
easily be exploited to cause a backend crash, and in principle might
be used to read database content that the user should not be able to
access. [CVE-2007-0555]
A vulnerability involving changing the data type of a table column
can easily be exploited to cause a backend crash, and in principle
might be used to read database content that the user should not be
able to access. [CVE-2007-0556]
The release includes a set of other fixes as well. Please see the
release information at
http://www.postgresql.org/docs/8.2/static/release-8-2-2.html
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.
Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.
Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.
Also, fix rc_subr startup problems on FreeBSD-7.x.
Security: http://www.postgresql.org/docs/techdocs.50
PR: ports/95154
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto
"start" when booting, since there's no need waste time checking for
running processes when the OS is starting up.
Bumping portrevision.
PR: 90884
Submitted by: Victor Snezhko <snezhko@indorsoft.ru>
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.
Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.
Preliminary documentation can be found at:
http://people.FreeBSD.org/~ade/autotools.txt
which is in the process of being SGMLized before introduction into the
Porters Handbook.
Light blue touch-paper. Run.
installed from ports. The base heimdal distribution installs libraries
that have no depenency information. While this is quite correct, it
means that each library that links with libpq.so must also know if
libpq.so is linked with libkrb.so et al. Problem is, there's no good
way to get this information (pg_config has a --libs option starting at
version 8.1) and all ports using postgresql must be changed to make it
possible to link with a libpq.so that was configured to use the
Kerberos implementation installed in /usr by default. Hence, we
require one of the ports (heimdal or krb5) if postgresql is to be
linked with Kerberos. At least for now, until we can fix this in some
better way.
Also, if MIT Kerberos (security/krb5) is installed, users should
ideally remove the base heimdal installation so linkers will not pick
it up in preference to the krb5 libs (base heimdal has higher version
numbers than krb5 port).
PR: 80869, 88098, 85178
The new release includes performance improvements and advanced SQL
features which will support bigger data warehouses, higher-volume
transaction processing, and more complex distributed enterprise
software.
Major new features in this release include:
Roles:
PostgreSQL now supports database roles, which simplify the
management of large numbers of users with complex
overlapping database rights.
IN/OUT Parameters:
PostgreSQL functions now support IN, OUT and INOUT
parameters, which substantially improves support of complex
business logic for J2EE and .NET applications.
Two-Phase Commit (2PC):
Long in demand for WAN applications and heterogeneous data
centers using PostgreSQL, this feature allows
ACID-compliant transactions across widely separated
servers.
Some Performance Enhancements found in this release include:
Improved Multiprocessor (SMP) Performance:
The buffer manager for 8.1 has been enhanced to scale almost
linearly with the number of processors, leading to significant
performance gains on 8-way, 16-way, dual-core, and multi-core
CPU servers.
Bitmap Scan:
Indexes will be dynamically converted to bitmaps in memory when
appropriate, giving up to twenty times faster index performance
on complex queries against very large tables.
Table Partitioning:
The query planner is now able to avoid scanning whole sections
of a large table using a technique known as Constraint
Exclusion.
Shared Row Locking:
PostgreSQL's "better than row-level locking" now supports even
higher levels of concurrency through the addition of shared
row locks for foreign keys.
For a more complete listing of changes in this release, please see the
Release Notes visible at:
http://www.postgresql.org/docs/current/static/release.html#RELEASE-8-1
installed, the patched gram.y file would not be used and the security
patch would be a no-op. Also, I've had reports of compilation errors
related to bison.
Since checking for the correct version of bison is hard and error
prone, I'm doing what the postgresql distribution does - patching the
yacc:ed .c file to get rid of the building dependency.
Bumping portrevision of -server.
Pointy hat to: me
Noticed by: Mike Harding and others
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (implicit)
