of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to those affecting
other open source projects. All users are urged to update their installations at the first
available opportunity.
This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT vulnerability
allows writing files as well. The fixes cause limited backwards compatibility issues.
These issues correspond to the following two vulnerabilities:
CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:
Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.
This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:
- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6
Changes marked with ** above require additional, post-update steps in
order to fix all described issues.
URL: http://www.postgresql.org/docs/current/static/release.html
Also, fix a pthread problem in the FreeBSD port. [1]
PR: 160580 [1]
Feature safe: yes
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.
All users are strongly urged to update their installations at the next
scheduled downtime.
URL: http://www.postgresql.org/about/news.1355
Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.
This update contains a critical fix to the pg_upgrade utility
which prevents significant downtime issues. Do not use
pg_upgrade without installing this update first.
The issue with pg_upgrade and the fix are detailed on the PostgreSQL
wiki: http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix
Users who have already used pg_upgrade should run the database repair
script given on that page on their databases as soon as possible.
See the release notes for each version at
http://www.postgresql.org/docs/current/static/release.html for a full
list of changes with details.
Allow the username of the postgresql user to configurable for 8.4 and 9.0.
Largely inspired by the work of Jason Helfman [153668, 153136].
Change PGUSER knob to PG_USER not to clash with PGUSER environment.
PR: 153668, 153136, 155493, 155137
Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.
PR: ports/132402, ports/145002, ports/146657
- Set INTDATE on as default (this is default by PostgreSQL)
PR: ports/139277
Submitted by: Olli Hauer <ohauer@gmx.de>
Approved by: maintainer timeout (2 months)
After many years of development, PostgreSQL has become feature-complete in many areas.
This release shows a targeted approach to adding features (e.g., authentication,
monitoring, space reuse), and adds capabilities defined in the later SQL standards.
The major areas of enhancement are:
Windowing Functions
Common Table Expressions and Recursive Queries
Default and variadic parameters for functions
Parallel Restore
Column Permissions
Per-database locale settings
Improved hash indexes
Improved join performance for EXISTS and NOT EXISTS queries
Easier-to-use Warm Standby
Automatic sizing of the Free Space Map
Visibility Map (greatly reduces vacuum overhead for slowly-changing tables)
Version-aware psql (backslash commands work against older servers)
Support SSL certificates for user authentication
Per-function runtime statistics
Easy editing of functions in psql
New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin
URL: http://www.postgresql.org/docs/8.4/interactive/release-8-4.html
This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.
Security: http://www.postgresql.org/about/news.905
The new release includes performance improvements and advanced SQL
features which will support bigger data warehouses, higher-volume
transaction processing, and more complex distributed enterprise
software.
Major new features in this release include:
Roles:
PostgreSQL now supports database roles, which simplify the
management of large numbers of users with complex
overlapping database rights.
IN/OUT Parameters:
PostgreSQL functions now support IN, OUT and INOUT
parameters, which substantially improves support of complex
business logic for J2EE and .NET applications.
Two-Phase Commit (2PC):
Long in demand for WAN applications and heterogeneous data
centers using PostgreSQL, this feature allows
ACID-compliant transactions across widely separated
servers.
Some Performance Enhancements found in this release include:
Improved Multiprocessor (SMP) Performance:
The buffer manager for 8.1 has been enhanced to scale almost
linearly with the number of processors, leading to significant
performance gains on 8-way, 16-way, dual-core, and multi-core
CPU servers.
Bitmap Scan:
Indexes will be dynamically converted to bitmaps in memory when
appropriate, giving up to twenty times faster index performance
on complex queries against very large tables.
Table Partitioning:
The query planner is now able to avoid scanning whole sections
of a large table using a technique known as Constraint
Exclusion.
Shared Row Locking:
PostgreSQL's "better than row-level locking" now supports even
higher levels of concurrency through the addition of shared
row locks for foreign keys.
For a more complete listing of changes in this release, please see the
Release Notes visible at:
http://www.postgresql.org/docs/current/static/release.html#RELEASE-8-1
installed, the patched gram.y file would not be used and the security
patch would be a no-op. Also, I've had reports of compilation errors
related to bison.
Since checking for the correct version of bison is hard and error
prone, I'm doing what the postgresql distribution does - patching the
yacc:ed .c file to get rid of the building dependency.
Bumping portrevision of -server.
Pointy hat to: me
Noticed by: Mike Harding and others
Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (implicit)
Over the past several weeks, Tom Lane has been working on replacing
our old Cache Management Alorithm (ARC) with a new, patent free one
(2Q).
In order to reduce the number of 8.x deployments out there that are
using the old manager, we have just released 8.0.2, and encourage
adminstrators to upgrade at their earliest convience.
For those already running 8.x on your production servers, please
note that this upgrade does *NOT* require a dump restore, but due to
a bump in the major version number for the client library (libpq),
it *WILL* require all client applications to be recompiled at the
same time.
For full release info, see
http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-2
Apart from the upgrade, three new config options are added:
A patch (experimental) for supporting proper collation
of utf-8 encoded locales, using IBM's ICU package (devel/icu). See
http://people.freebsd.org/~girgen/postgresql-icu/README.html for more
info.
An optional patch written by Evgen Potemkin, which allows
PostgreSQL to make hierarchical queries à la Oracle [1].
An option is added that allows the use of 64 bit ints to
store dates [2].
PR: ports/79165 [1], ports/76999 [2]
Submitted by: Marcos Tischer Vallim [1], Christian Ullrich [2]
Approved by: ade, seanc (implicit)
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.
Update to 7.3.9, 7.4.7 & 8.0.1.
Take the opportunity to reset PORTREVISION of slave ports.
Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]
The periodic script should of course be executable. [2]
[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>
are savepoints (within transactions), point-in-time recovery and
tablespaces. Check out the release notes and the shiny new
PostgreSQL.org website at:
http://www.PostgreSQL.org/docs/8.0/static/release.html#RELEASE-8-0
The port uses the new postgresql ports' layout and is split into a
server and a client part. The following knobs can be used by ports
depending on PostgreSQL:
# USE_PGSQL - Add PostgreSQL client dependency.
# If no version is given (by the maintainer via the port or
# by the user via defined variable), try to find the
# currently installed version. Fall back to default if
# necessary (PostgreSQL-7.4 = 74).
# DEFAULT_PGSQL_VER
# - PostgreSQL default version. Can be overridden within a port.
# Default: 74.
# WANT_PGSQL_VER
# - Maintainer can set an arbitrary version of PostgreSQL by
# using it.
# BROKEN_WITH_PGSQL
# - This variable can be defined if the ports doesn't support
# one or more versions of PostgreSQL.
PR: 75344
Approved by: portmgr@ (kris), ade & sean (mentors)
Note that none of these ports are (yet) hooked into the tree,
and will not compile unless you set a specific environmental
variable. This should be warning enough to leave well alone
for now :)
Submitted by: maintainer
