<feed xmlns='http://www.w3.org/2005/Atom'>
<title>ports/databases/postgresql95-server, branch main</title>
<subtitle>FreeBSD ports tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/'/>
<entry>
<title>*/*: Remove expired ports:</title>
<updated>2021-06-13T10:50:22+00:00</updated>
<author>
<name>Rene Ladan</name>
<email>rene@FreeBSD.org</email>
</author>
<published>2021-06-13T10:49:56+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=a3da90c5e4f183d6a61b55ac6da01974ab575ed1'/>
<id>a3da90c5e4f183d6a61b55ac6da01974ab575ed1</id>
<content type='text'>
2021-06-13 databases/postgresql95-client: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-contrib: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-docs: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pgtcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plperl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plpython: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pltcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-server: PostgreSQL-9.5 has reached end-of-life
databases/pg_reorg: abandonware only for PostgreSQL 9.5
databases/pgespresso: functionality part of PostgreSQL 9.6 and later
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
2021-06-13 databases/postgresql95-client: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-contrib: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-docs: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pgtcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plperl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-plpython: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-pltcl: PostgreSQL-9.5 has reached end-of-life
2021-06-13 databases/postgresql95-server: PostgreSQL-9.5 has reached end-of-life
databases/pg_reorg: abandonware only for PostgreSQL 9.5
databases/pgespresso: functionality part of PostgreSQL 9.6 and later
</pre>
</div>
</content>
</entry>
<entry>
<title>databases/postgresql14-*: Add postgresql 14 beta1 the the ports tree.</title>
<updated>2021-05-20T14:38:55+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2021-05-20T08:53:00+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=fccc45e5ff4a8aea150005196c0d4f2cbaeed5db'/>
<id>fccc45e5ff4a8aea150005196c0d4f2cbaeed5db</id>
<content type='text'>
Release notes:	https://www.postgresql.org/docs/devel/release-14.html

Also reintroduce parallel builds. Some components, namely plperl,
plpython, pltcl and contrib, fail to build properly when using parallel
builds. Something with static linking using `ar` that fails.
MAKE_JOBS_UNSAFE is set for these ports.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Release notes:	https://www.postgresql.org/docs/devel/release-14.html

Also reintroduce parallel builds. Some components, namely plperl,
plpython, pltcl and contrib, fail to build properly when using parallel
builds. Something with static linking using `ar` that fails.
MAKE_JOBS_UNSAFE is set for these ports.
</pre>
</div>
</content>
</entry>
<entry>
<title>databases/postgresql??-*: Upgrade to latest version</title>
<updated>2021-05-15T09:12:17+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2021-05-15T09:11:12+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=ab83f2b4bb78a718efa5c43247ba1e1d207f99b6'/>
<id>ab83f2b4bb78a718efa5c43247ba1e1d207f99b6</id>
<content type='text'>
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.3, 12.7, 11.12, 10.17, and
9.6.22. This release closes three security vulnerabilities and fixes over 45
bugs reported over the last three months.

Security fixes in this release:

CVE-2021-32027: Buffer overrun from integer overflow in array subscripting
                calculations

CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

Also plenty of bug fixes. See the release note for details.

Changes to the port:

Make sure we use the matching version of llvm. This fixes a problem with the
llvm version string not being monotonically increasing with the version
number. [1]

Better pkg message about checksums for postgresql 12+. [2] [4]

Adjust login class parameter to adhere to the documentation in rc.subr(8) [3]:
  The rc.conf parameter for the login class of the postgresql daemon has
  changed name from postgresql_class to postgresql_login_class, since
  rc.subr(8) states that the parameter should be named ${name}_login_class.

Allow parallel builds. [5]

Correct the directory name for the user postgres in pkg message. [6]

PR:		250824 [1], 253558 [2], 236060 [3], 233106 [4],  230656 [5]
PR:		226674 [6]
Submitted by:	Michael Zhilin [2], Michael Zhilin [3], Dmitry Chestnykh [4]
Submitted by:	Steve Wills [5], knezour [6]

Security:	76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Security:	62da9702-b4cc-11eb-b9c9-6cc21735f730

Release notes:	https://www.postgresql.org/docs/release/
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.3, 12.7, 11.12, 10.17, and
9.6.22. This release closes three security vulnerabilities and fixes over 45
bugs reported over the last three months.

Security fixes in this release:

CVE-2021-32027: Buffer overrun from integer overflow in array subscripting
                calculations

CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

Also plenty of bug fixes. See the release note for details.

Changes to the port:

Make sure we use the matching version of llvm. This fixes a problem with the
llvm version string not being monotonically increasing with the version
number. [1]

Better pkg message about checksums for postgresql 12+. [2] [4]

Adjust login class parameter to adhere to the documentation in rc.subr(8) [3]:
  The rc.conf parameter for the login class of the postgresql daemon has
  changed name from postgresql_class to postgresql_login_class, since
  rc.subr(8) states that the parameter should be named ${name}_login_class.

Allow parallel builds. [5]

Correct the directory name for the user postgres in pkg message. [6]

PR:		250824 [1], 253558 [2], 236060 [3], 233106 [4],  230656 [5]
PR:		226674 [6]
Submitted by:	Michael Zhilin [2], Michael Zhilin [3], Dmitry Chestnykh [4]
Submitted by:	Steve Wills [5], knezour [6]

Security:	76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Security:	62da9702-b4cc-11eb-b9c9-6cc21735f730

Release notes:	https://www.postgresql.org/docs/release/
</pre>
</div>
</content>
</entry>
<entry>
<title>databases/postgresql95-*: expire this version</title>
<updated>2021-05-15T09:12:15+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2021-05-14T22:07:36+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=35c1aedccf41dcfad42eec0ef3a86f89c8472500'/>
<id>35c1aedccf41dcfad42eec0ef3a86f89c8472500</id>
<content type='text'>
It is end-of-life upstreams. Please update to a later version.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It is end-of-life upstreams. Please update to a later version.
</pre>
</div>
</content>
</entry>
<entry>
<title>all: Remove all other $FreeBSD keywords.</title>
<updated>2021-04-06T14:31:13+00:00</updated>
<author>
<name>Mathieu Arnold</name>
<email>mat@FreeBSD.org</email>
</author>
<published>2021-04-06T14:21:47+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=135fdeebb99c3569e42d8162b265e15d29bd937d'/>
<id>135fdeebb99c3569e42d8162b265e15d29bd937d</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Remove # $FreeBSD$ from Makefiles.</title>
<updated>2021-04-06T14:31:07+00:00</updated>
<author>
<name>Mathieu Arnold</name>
<email>mat@FreeBSD.org</email>
</author>
<published>2021-04-06T11:55:50+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=305f148f482daf30dcf728039d03d019f88344eb'/>
<id>305f148f482daf30dcf728039d03d019f88344eb</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25 released</title>
<updated>2021-02-11T14:34:02+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2021-02-11T14:34:02+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=6d480661d1fea606e0634f5cb4f28e6b983787b9'/>
<id>6d480661d1fea606e0634f5cb4f28e6b983787b9</id>
<content type='text'>
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21,
and 9.5.25. This release closes two security vulnerabilities and fixes over 80
bugs reported over the last three months.

Additionally, this is the final release of PostgreSQL 9.5. If you are running
PostgreSQL 9.5 in a production environment, we suggest that you make plans to
upgrade.

Release notes:	https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
Security notes:	https://www.postgresql.org/support/security/
Security:	CVE-2021-3393, CVE-2021-20229
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21,
and 9.5.25. This release closes two security vulnerabilities and fixes over 80
bugs reported over the last three months.

Additionally, this is the final release of PostgreSQL 9.5. If you are running
PostgreSQL 9.5 in a production environment, we suggest that you make plans to
upgrade.

Release notes:	https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
Security notes:	https://www.postgresql.org/support/security/
Security:	CVE-2021-3393, CVE-2021-20229
</pre>
</div>
</content>
</entry>
<entry>
<title>PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20 and 9.5.24 released!</title>
<updated>2020-11-13T19:27:04+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2020-11-13T19:27:04+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=4ffca4aa7f0b5d0ff4cf542019e230a27beb16a1'/>
<id>4ffca4aa7f0b5d0ff4cf542019e230a27beb16a1</id>
<content type='text'>
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20 and
9.5.24.  This release closes three security vulnerabilities and fixes over 65
bugs reported over the last three months.

Due to the nature of CVE-2020-25695, we advise you to update as soon as possible.

Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.

For the full list of changes, please review the release notes.

Security:	CVE-2020-25695: Multiple features escape "security restricted
				operation" sandbox

Security:	CVE-2020-25694: Reconnection can downgrade connection security
				settings

Security:	CVE-2020-25696: psql's \gset allows overwriting specially
				treated variables
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20 and
9.5.24.  This release closes three security vulnerabilities and fixes over 65
bugs reported over the last three months.

Due to the nature of CVE-2020-25695, we advise you to update as soon as possible.

Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.

For the full list of changes, please review the release notes.

Security:	CVE-2020-25695: Multiple features escape "security restricted
				operation" sandbox

Security:	CVE-2020-25694: Reconnection can downgrade connection security
				settings

Security:	CVE-2020-25696: psql's \gset allows overwriting specially
				treated variables
</pre>
</div>
</content>
</entry>
<entry>
<title>Welcome PostgreSQL 13</title>
<updated>2020-09-24T13:33:10+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2020-09-24T13:33:10+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=aa1ed0e82cb937b6b71eae980dcc2554d675facb'/>
<id>aa1ed0e82cb937b6b71eae980dcc2554d675facb</id>
<content type='text'>
Release notes:	https://www.postgresql.org/about/news/2077/
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Release notes:	https://www.postgresql.org/about/news/2077/
</pre>
</div>
</content>
</entry>
<entry>
<title>The PostgreSQL Global Development Group has released an update to all</title>
<updated>2020-08-13T13:45:02+00:00</updated>
<author>
<name>Palle Girgensohn</name>
<email>girgen@FreeBSD.org</email>
</author>
<published>2020-08-13T13:45:02+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/ports/commit/?id=c181e5cbd7b38d4c01a7bb7360c293e5cd8f2a5b'/>
<id>c181e5cbd7b38d4c01a7bb7360c293e5cd8f2a5b</id>
<content type='text'>
supported versions of our database system, including 12.4, 11.9, 10.14,
9.6.19, and 9.5.23.

This release closes two security vulnerabilities and fixes over 50 bugs
reported over the last three months.

Please plan to update at your earliest convenience.

Security Issues
---------------

* CVE-2020-14349: Uncontrolled search path element in logical replication.

Versions Affected: 10 - 12.

The PostgreSQL `search_path` setting determines schemas searched for
tables, functions, operators, etc. The CVE-2018-1058 fix caused most
PostgreSQL-provided client applications to sanitize `search_path`, but
logical replication continued to leave `search_path` unchanged. Users of
a replication publisher or subscriber database can create objects in the
`public` schema and harness them to execute arbitrary SQL functions
under the identity running replication, often a superuser. Installations
having adopted a documented secure schema usage pattern are not vulnerable.

The PostgreSQL project thanks Noah Misch for reporting this problem.

* CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`.

Versions Affected: 9.5 - 12. The security team typically does not test
unsupported versions, but this problem is quite old.

When a superuser runs certain `CREATE EXTENSION` statements, users may
be able to execute arbitrary SQL functions under the identity of that
superuser. The attacker must have permission to create objects in the
new extension's schema or a schema of a prerequisite extension.  Not all
extensions are vulnerable.

In addition to correcting the extensions provided with PostgreSQL, the
PostgreSQL Global Development Group is issuing guidance for third-party
extension authors to secure their own work.

The PostgreSQL project thanks Andres Freund for reporting this problem.

Security:	CVE-2020-14349, CVE-2020-14350
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
supported versions of our database system, including 12.4, 11.9, 10.14,
9.6.19, and 9.5.23.

This release closes two security vulnerabilities and fixes over 50 bugs
reported over the last three months.

Please plan to update at your earliest convenience.

Security Issues
---------------

* CVE-2020-14349: Uncontrolled search path element in logical replication.

Versions Affected: 10 - 12.

The PostgreSQL `search_path` setting determines schemas searched for
tables, functions, operators, etc. The CVE-2018-1058 fix caused most
PostgreSQL-provided client applications to sanitize `search_path`, but
logical replication continued to leave `search_path` unchanged. Users of
a replication publisher or subscriber database can create objects in the
`public` schema and harness them to execute arbitrary SQL functions
under the identity running replication, often a superuser. Installations
having adopted a documented secure schema usage pattern are not vulnerable.

The PostgreSQL project thanks Noah Misch for reporting this problem.

* CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`.

Versions Affected: 9.5 - 12. The security team typically does not test
unsupported versions, but this problem is quite old.

When a superuser runs certain `CREATE EXTENSION` statements, users may
be able to execute arbitrary SQL functions under the identity of that
superuser. The attacker must have permission to create objects in the
new extension's schema or a schema of a prerequisite extension.  Not all
extensions are vulnerable.

In addition to correcting the extensions provided with PostgreSQL, the
PostgreSQL Global Development Group is issuing guidance for third-party
extension authors to secure their own work.

The PostgreSQL project thanks Andres Freund for reporting this problem.

Security:	CVE-2020-14349, CVE-2020-14350
</pre>
</div>
</content>
</entry>
</feed>
