ports/databases/postgresql83-server, branch main FreeBSD ports tree Remove postgresql83-*; it expired at the beginning of March. 2013-06-04T18:07:01+00:00 Chris Rees crees@FreeBSD.org 2013-06-04T18:07:01+00:00 3a78d13d9a561c034faa3e0444be56a6d1d12e3c While here, fix flo's typo... 
While here, fix flo's typo...
The PostgreSQL Global Development Group has released a security 2013-04-04T13:21:22+00:00 Palle Girgensohn girgen@FreeBSD.org 2013-04-04T13:21:22+00:00 7f4822d46a839d75ff652fa2d124b18fbed4d90e update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update *immediately*. A major security issue (for versions 9.x only) fixed in this release, [CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899), makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center. Two lesser security fixes are also included in this release: [CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900), wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess (all versions), and [CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901), which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups (for versions 9.x only). Approved by: portmgr (bdrewery) URL: http://www.postgresql.org/about/news/1456/ Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899 Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900 Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901 
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.

A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center.

Two lesser security fixes are also included in this release:
[CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900),
wherein random numbers generated by contrib/pgcrypto functions may be
easy for another database user to guess (all versions), and
[CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901),
which mistakenly allows an unprivileged user to run commands that
could interfere with in-progress backups (for versions 9.x only).

Approved by:	portmgr (bdrewery)
URL:		http://www.postgresql.org/about/news/1456/
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
Security:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released 2013-02-08T07:54:09+00:00 Palle Girgensohn girgen@FreeBSD.org 2013-02-08T07:54:09+00:00 687fb3c056fa64ea1f71ae6b94a7ae67ed33e432 This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible. The security issue fixed in this release, CVE-2013-0255, allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. URL: http://www.postgresql.org/about/news/1446/ Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255 
This update fixes a denial-of-service (DOS) vulnerability.  All users
should update their PostgreSQL installations as soon as possible.

The security issue fixed in this release, CVE-2013-0255, allows a
previously authenticated user to crash the server by calling
an internal function with invalid arguments.

URL:	http://www.postgresql.org/about/news/1446/
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
Chase ICU update to 50 2012-12-19T16:03:58+00:00 Palle Girgensohn girgen@FreeBSD.org 2012-12-19T16:03:58+00:00 e55b31351cd0b282a1f344128c0f82eca717abf5 






The PostgreSQL Global Development Group has released an update to all current
2012-12-06T16:40:35+00:00

Palle Girgensohn
girgen@FreeBSD.org

2012-12-06T16:40:35+00:00

9cc899464036b9361e2cba83b99f1bd4922f18f5

versions of the PostgreSQL database system, including versions 9.2.2, 9.1.7,
9.0.11, 8.4.15, and 8.3.22.  Users of PostgreSQL Hot Standby replication
should update at the next possible opportunity. Other users should update
at their next maintenance window.

Deprecate the 8.3.22 version, since it is near end-of-life.

URL:	http://www.postgresql.org/about/news/1430/

Feature safe: yes





versions of the PostgreSQL database system, including versions 9.2.2, 9.1.7,
9.0.11, 8.4.15, and 8.3.22.  Users of PostgreSQL Hot Standby replication
should update at the next possible opportunity. Other users should update
at their next maintenance window.

Deprecate the 8.3.22 version, since it is near end-of-life.

URL:	http://www.postgresql.org/about/news/1430/

Feature safe: yes







Update PostgreSQL to 9.2.1, 9.1.6, 9.0.10, 8.4.14 and 8.3.21 respectively.
2012-09-24T22:03:10+00:00

Palle Girgensohn
girgen@FreeBSD.org

2012-09-24T22:03:10+00:00

1c8d4acc4906e78d4ffadf6070d71b8723194334

This update fixes critical issues for major versions 9.1 and 9.2, and
users running those versions should apply it as soon as possible.

URL:	http://www.postgresql.org/about/news/1416/





This update fixes critical issues for major versions 9.1 and 9.2, and
users running those versions should apply it as soon as possible.

URL:	http://www.postgresql.org/about/news/1416/







Use pre-build instead of pre-everything for backupwarning-- stop making people
2012-08-19T15:24:30+00:00

Chris Rees
crees@FreeBSD.org

2012-08-19T15:24:30+00:00

551dca493f7a25c28861d24cd153f4e4a30c1439

wait before fetching etc

Suggested by:	ohauer
Discussed with:	girgen

While here, fix package for postgresql92-server





wait before fetching etc

Suggested by:	ohauer
Discussed with:	girgen

While here, fix package for postgresql92-server







The PostgreSQL Global Development Group today released security updates for all active branches
2012-08-17T19:39:51+00:00

Jason Helfman
jgh@FreeBSD.org

2012-08-17T19:39:51+00:00

9cf373f5efd4db60af1683e91f2a9e359562622c

of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to those affecting
other open source projects. All users are urged to update their installations at the first
available opportunity.

This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT vulnerability
allows writing files as well. The fixes cause limited backwards compatibility issues.
These issues correspond to the following two vulnerabilities:

CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:

Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby





of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to those affecting
other open source projects. All users are urged to update their installations at the first
available opportunity.

This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT vulnerability
allows writing files as well. The fixes cause limited backwards compatibility issues.
These issues correspond to the following two vulnerabilities:

CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:

Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby







The PostgreSQL Global Development Group today released security updates for all
2012-06-04T11:00:52+00:00

Palle Girgensohn
girgen@FreeBSD.org

2012-06-04T11:00:52+00:00

3d2b0e285a074ae100671923ddf0e98f6a765488

active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.

Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30.  All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.

URL:      http://www.postgresql.org/about/news/1398/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
          Fix incorrect password transformation in contrib/pgcrypto’s DES crypt() function
	  This was fixed in a patch release for the FreeBSD ports on May 30.

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
          Ignore SECURITY DEFINER and SET attributes for a procedural language’s call handle





active branches of the PostgreSQL database system, including versions 9.1.4,
9.0.8, 8.4.12 and 8.3.19.

Users of the crypt(text, text) function with DES encryption in the optional
pg_crypto module should upgrade their installations immediately, if you have'nt
already updated since the port was patched on May 30.  All other database
administrators are urged to upgrade your version of PostgreSQL at the
next scheduled downtime.

URL:      http://www.postgresql.org/about/news/1398/

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
          Fix incorrect password transformation in contrib/pgcrypto’s DES crypt() function
	  This was fixed in a patch release for the FreeBSD ports on May 30.

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
          Ignore SECURITY DEFINER and SET attributes for a procedural language’s call handle







- Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)
2012-05-30T22:26:15+00:00

Jason Helfman
jgh@FreeBSD.org

2012-05-30T22:26:15+00:00

8efd38a2acd90422d224e1fa1d4f626f7860bf65

http://www.postgresql.org/about/news/1397/

With hat: pgsql





http://www.postgresql.org/about/news/1397/

With hat: pgsql