version of the database system, including versions 9.3.4, 9.2.8, 9.1.13,
9.0.17, and 8.4.21. This minor release fixes a data corruption issue with
replication and crash recovery in version 9.3, as well as several other minor
issues in all versions. All users of version 9.3 are urged to update their
installations at the next possible downtime. Users of older versions should
update at their convenience.
The data corruption issue in PostgreSQL 9.3 affects binary replication
standbys, servers being recovered from point-in-time-recovery backup, and
standalone servers which recover from a system crash. The bug causes
unrecoverable index corruption during recovery due to incorrect replay of row
locking operations. This can then cause query results to be inconsistent
depending on whether or not an index is used, and eventually lead to primary
key violations and similar issues. For this reason, users are encouraged to
replace each of their standby databases with a new base backup after applying
the update.
See release notes for more changes.
URL: http://www.postgresql.org/docs/current/static/release.html
URL: https://wiki.postgresql.org/wiki/20140320UpdateIssues
A change specific to the FreeBSD port:
Modify the contrib/uuid-ossp to actually work (not crashing the backend) by
using the libc implementation of uuid instead of the ossp port. Schemas and
queries will just work. Based on the work of Andrew Gierth. 9.1+ EXTENSION
support added by girgen@.
URL: http://pgfoundry.org/projects/uuid-freebsd
PR: ports/121745, ports/182846
update to all supported versions of the PostgreSQL database system,
which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20. This update contains fixes for multiple security issues, as
well as several fixes for replication and data integrity issues. All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application.
This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063
CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067
to all supported versions of the PostgreSQL database system, which
includes minor versions 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19. This
update fixes three serious data-loss bugs affecting replication and
database maintenance. All users are urged to update their
installations at the earliest opportunity.
URL: http://www.postgresql.org/about/news/1492/
Note that users of the hstore extension on version 9.3 must take an additional,
post upgrade step of running "ALTER EXTENSION hstore UPDATE" in each database
after update.
URL: http://www.postgresql.org/about/news/1487/
This update fixes a denial-of-service (DOS) vulnerability. All users
should update their PostgreSQL installations as soon as possible.
The security issue fixed in this release, CVE-2013-0255, allows a
previously authenticated user to crash the server by calling
an internal function with invalid arguments.
URL: http://www.postgresql.org/about/news/1446/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
versions of the PostgreSQL database system, including versions 9.2.2, 9.1.7,
9.0.11, 8.4.15, and 8.3.22. Users of PostgreSQL Hot Standby replication
should update at the next possible opportunity. Other users should update
at their next maintenance window.
Deprecate the 8.3.22 version, since it is near end-of-life.
URL: http://www.postgresql.org/about/news/1430/
Feature safe: yes
This update fixes critical issues for major versions 9.1 and 9.2, and
users running those versions should apply it as soon as possible.
URL: http://www.postgresql.org/about/news/1416/
of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to those affecting
other open source projects. All users are urged to update their installations at the first
available opportunity.
This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT vulnerability
allows writing files as well. The fixes cause limited backwards compatibility issues.
These issues correspond to the following two vulnerabilities:
CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:
Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby
active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.
Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30. All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.
URL: http://www.postgresql.org/about/news/1398/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
Fix incorrect password transformation in contrib/pgcryptoâs DES crypt() function
This was fixed in a patch release for the FreeBSD ports on May 30.
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
Ignore SECURITY DEFINER and SET attributes for a procedural languageâs call handle
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.
This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:
- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6
Changes marked with ** above require additional, post-update steps in
order to fix all described issues.
URL: http://www.postgresql.org/docs/current/static/release.html
Also, fix a pthread problem in the FreeBSD port. [1]
PR: 160580 [1]
Feature safe: yes
- Remove extra bsd.port.pre.mk include from postgresql82-server
PR: ports/161816 ports/161824 ports/161821
Submitted by: Jason Helfman (jhelfman@e-e.com)
Approved by: portmgr (pav)
Temporary fix, but will stop the flurry of incoming PRs related.
PR: ports/161779 ports/161774 ports/161791 ports/161771 ports/161769
Submitted by: Many people, original fix suggested by Jason Helfman (jhelfman@e-e.com)
Approved by: portmgr (pav)
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.
All users are strongly urged to update their installations at the next
scheduled downtime.
URL: http://www.postgresql.org/about/news.1355
Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.
Sometimes patches for PostgreSQL touch its configure script. And the
logics inside current Makefiles for the documentation makes the manual
pages (and other stuff) to be dependent of the timestamp of the
top-level configure file. This triggers the rebuild of the manual
pages, but since some additional XML-related tools are needed, this
rebuild can fail.
PR: 159844
Approved by: maintainer timeout (1 month)
Feature safe: yes
The problem with GSSAPI without Kerberos is that configure.in has
very funny logics of choosing GSSAPI libraries:
{{{
if test "$with_gssapi" = yes ; then
if test "$PORTNAME" != "win32"; then
AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
[AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
else
LIBS="$LIBS -lgssapi32"
fi
fi
}}}
This makes configure to happily choose -lgssapi_krb5 when the system
has Kerberos support (NO_KERBEROS is absent), but ld's '--as-needed'
will throw this library away when no Kerberos functions are used and
linker won't produce 'postgres' binary whining about unresolved
symbols:
{{{
cc -O2 -pipe -fno-strict-aliasing -Wall -Wmissing-prototypes \
-Wpointer-arith -Wdeclaration-after-statement -Wendif-labels \
-fno-strict-aliasing -fwrapv -L../../src/port -L/usr/local/lib \
-rpath=/usr/lib:/usr/local/lib -L/usr/local/lib -L/usr/local/lib \
-Wl,--as-needed -Wl,-R'/usr/local/lib' -Wl,-export-dynamic \
[... a bunch of *.o files was stripped ...]
../../src/timezone/pgtz.o ../../src/port/libpgport_srv.a -lintl -lssl \
-lcrypto -lgssapi_krb5 -lcrypt -lm -o postgres
libpq/auth.o: In function `pg_GSS_error':
auth.c:(.text+0x6e): undefined reference to `gss_display_status'
auth.c:(.text+0x8e): undefined reference to `gss_release_buffer'
auth.c:(.text+0xc5): undefined reference to `gss_display_status'
auth.c:(.text+0xe5): undefined reference to `gss_release_buffer'
libpq/auth.o: In function `ClientAuthentication':
auth.c:(.text+0x82d): undefined reference to `gss_delete_sec_context'
auth.c:(.text+0x941): undefined reference to `gss_accept_sec_context'
auth.c:(.text+0x9f1): undefined reference to `gss_release_buffer'
auth.c:(.text+0xaf3): undefined reference to `gss_release_cred'
auth.c:(.text+0xb10): undefined reference to `gss_display_name'
auth.c:(.text+0xbc8): undefined reference to `gss_release_buffer'
auth.c:(.text+0x10b0): undefined reference to `gss_release_buffer'
auth.c:(.text+0x111e): undefined reference to `gss_release_buffer'
libpq/pqcomm.o: In function `pq_close':
pqcomm.c:(.text+0x105a): undefined reference to `gss_delete_sec_context'
pqcomm.c:(.text+0x107d): undefined reference to `gss_release_cred'
gmake: *** [postgres] Error 1
}}}
Also, ports for PostgreSQL 8.4 and 9.0 had their <bsd.port.pre.mk>
misplaced: OPTIONS came after it, so WITH_/WITHOUT_ knobs will not
be really activated.
PR: 160050
Feature safe: yes
Approved by: maintainer timeout (1 month)
This patch is for PostgreSQL 8.2, 8.3, 8.4 and 9.0.
PostgreSQL 9.1 has it already.
PR: ports/158727
Submitted by: sunpoet (myself)
Approved by: girgen (maintainer timeout, 5 weeks)
