diff options
author | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-09 20:13:22 +0000 |
---|---|---|
committer | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-09 22:34:46 +0000 |
commit | ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373 (patch) | |
tree | 5a1be2c384a6472f3471f0e27acd58b1552f9465 | |
parent | de67baaee9ffaf88fa80dcda1f89d83df424d0a4 (diff) | |
download | ports-ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373.tar.gz ports-ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373.zip |
databases/postgresql??-*: Update to latest versions
PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15,
and 12.19. This release fixes one security vulnerability and over 55
bugs reported over the last several months.
Please note that the fix in this release for CVE-2024-4317 only fixes
fresh PostgreSQL installations, namely those that are created with the
initdb utility after this fix is applied. If you have a current
PostgreSQL installation and are concerned about this issue, please
follow the additional updating instructions provided in the
CVE-2024-4317 description or the release notes for the remediation. [1]
The script is installed as /usr/local/share/postgresql/fix-CVE-2024-4317.sql
PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are
running PostgreSQL 12 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.
[1]: https://www.postgresql.org/support/security/CVE-2024-4317/
Security: d53c30c1-0d7b-11ef-ba02-6cc21735f730
PR: 277428 (remove unneded patch)
PR: 260494 (remove deprecated INTDATE option)
PR: 265860 (correct path for contrib README file in pkg-message)
25 files changed, 68 insertions, 133 deletions
diff --git a/databases/postgresql12-server/Makefile b/databases/postgresql12-server/Makefile index 9a8fc4370856..6ba84eb2c9c6 100644 --- a/databases/postgresql12-server/Makefile +++ b/databases/postgresql12-server/Makefile @@ -1,4 +1,4 @@ -DISTVERSION?= 12.18 +DISTVERSION?= 12.19 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 diff --git a/databases/postgresql12-server/distinfo b/databases/postgresql12-server/distinfo index 3c9545cf422b..a9c254216026 100644 --- a/databases/postgresql12-server/distinfo +++ b/databases/postgresql12-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301238 -SHA256 (postgresql/postgresql-12.18.tar.bz2) = 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a -SIZE (postgresql/postgresql-12.18.tar.bz2) = 21208935 +TIMESTAMP = 1715095959 +SHA256 (postgresql/postgresql-12.19.tar.bz2) = 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +SIZE (postgresql/postgresql-12.19.tar.bz2) = 21218699 diff --git a/databases/postgresql12-server/files/pkg-message-contrib.in b/databases/postgresql12-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql12-server/files/pkg-message-contrib.in +++ b/databases/postgresql12-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql13-server/Makefile b/databases/postgresql13-server/Makefile index 7270ba17d2b6..1ff3d0035045 100644 --- a/databases/postgresql13-server/Makefile +++ b/databases/postgresql13-server/Makefile @@ -1,4 +1,4 @@ -DISTVERSION?= 13.14 +DISTVERSION?= 13.15 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 diff --git a/databases/postgresql13-server/distinfo b/databases/postgresql13-server/distinfo index 80076e8078ef..7bed84f9d7ba 100644 --- a/databases/postgresql13-server/distinfo +++ b/databases/postgresql13-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301284 -SHA256 (postgresql/postgresql-13.14.tar.bz2) = b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed -SIZE (postgresql/postgresql-13.14.tar.bz2) = 21584146 +TIMESTAMP = 1715095960 +SHA256 (postgresql/postgresql-13.15.tar.bz2) = 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +SIZE (postgresql/postgresql-13.15.tar.bz2) = 21597871 diff --git a/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls deleted file mode 100644 index 02686061ce99..000000000000 --- a/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls +++ /dev/null @@ -1,24 +0,0 @@ -Do not inline functions which access TLS in LLVM JIT, as -this leads to crashes with unsupported relocation error - -diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp -index 2617a46..a063edb 100644 ---- src/backend/jit/llvm/llvmjit_inline.cpp -+++ src/backend/jit/llvm/llvmjit_inline.cpp -@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F, - if (rv->materialize()) - elog(FATAL, "failed to materialize metadata"); - -+ /* -+ * Don't inline functions with thread-local variables until -+ * related crashes are investigated (see BUG #16696) -+ */ -+ if (rv->isThreadLocal()) { -+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s", -+ F.getName().data(), rv->getName().data()); -+ return false; -+ } -+ - /* - * Never want to inline externally visible vars, cheap enough to - * reference. diff --git a/databases/postgresql13-server/files/pkg-message-contrib.in b/databases/postgresql13-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql13-server/files/pkg-message-contrib.in +++ b/databases/postgresql13-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql14-server/Makefile b/databases/postgresql14-server/Makefile index a4599c1bb31c..6dc8a6c17b13 100644 --- a/databases/postgresql14-server/Makefile +++ b/databases/postgresql14-server/Makefile @@ -1,4 +1,4 @@ -DISTVERSION?= 14.11 +DISTVERSION?= 14.12 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 diff --git a/databases/postgresql14-server/distinfo b/databases/postgresql14-server/distinfo index 6d31689b1b7b..97f5e287f4d5 100644 --- a/databases/postgresql14-server/distinfo +++ b/databases/postgresql14-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301184 -SHA256 (postgresql/postgresql-14.11.tar.bz2) = a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 -SIZE (postgresql/postgresql-14.11.tar.bz2) = 22354758 +TIMESTAMP = 1715095961 +SHA256 (postgresql/postgresql-14.12.tar.bz2) = 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +SIZE (postgresql/postgresql-14.12.tar.bz2) = 22390865 diff --git a/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls deleted file mode 100644 index 02686061ce99..000000000000 --- a/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls +++ /dev/null @@ -1,24 +0,0 @@ -Do not inline functions which access TLS in LLVM JIT, as -this leads to crashes with unsupported relocation error - -diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp -index 2617a46..a063edb 100644 ---- src/backend/jit/llvm/llvmjit_inline.cpp -+++ src/backend/jit/llvm/llvmjit_inline.cpp -@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F, - if (rv->materialize()) - elog(FATAL, "failed to materialize metadata"); - -+ /* -+ * Don't inline functions with thread-local variables until -+ * related crashes are investigated (see BUG #16696) -+ */ -+ if (rv->isThreadLocal()) { -+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s", -+ F.getName().data(), rv->getName().data()); -+ return false; -+ } -+ - /* - * Never want to inline externally visible vars, cheap enough to - * reference. diff --git a/databases/postgresql14-server/files/pkg-message-contrib.in b/databases/postgresql14-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql14-server/files/pkg-message-contrib.in +++ b/databases/postgresql14-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql14-server/files/pkg-message-server.in b/databases/postgresql14-server/files/pkg-message-server.in index 6370d4a017cc..8253d3c2541b 100644 --- a/databases/postgresql14-server/files/pkg-message-server.in +++ b/databases/postgresql14-server/files/pkg-message-server.in @@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgresql_initdb_flags rcvar. Otherwise you can enable it later by - pg_checksums. Check the initdb(1) manpage for more info + using pg_checksums. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== + +SECURITY ADVICE + +If upgradring from a version 14.x < 14.12: +A security vulnerability was found in the system views pg_stats_ext +and pg_stats_ext_exprs, potentially allowing authenticated database +users to see data they shouldn't. If this is of concern in your +installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql +for each of your databases. For details, see +https://www.postgresql.org/support/security/CVE-2024-4317/ + + EOM } ] diff --git a/databases/postgresql14-server/pkg-plist-server b/databases/postgresql14-server/pkg-plist-server index 15de69ff20f5..8f00f179a298 100644 --- a/databases/postgresql14-server/pkg-plist-server +++ b/databases/postgresql14-server/pkg-plist-server @@ -750,6 +750,7 @@ lib/postgresql/utf8_and_win.so %%DATADIR%%/errcodes.txt %%DATADIR%%/extension/plpgsql--1.0.sql %%DATADIR%%/extension/plpgsql.control +%%DATADIR%%/fix-CVE-2024-4317.sql %%DATADIR%%/information_schema.sql %%DATADIR%%/pg_hba.conf.sample %%DATADIR%%/pg_ident.conf.sample diff --git a/databases/postgresql15-server/Makefile b/databases/postgresql15-server/Makefile index 73cdb6c2b2da..ad7d23054e86 100644 --- a/databases/postgresql15-server/Makefile +++ b/databases/postgresql15-server/Makefile @@ -1,4 +1,4 @@ -DISTVERSION?= 15.6 +DISTVERSION?= 15.7 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 diff --git a/databases/postgresql15-server/distinfo b/databases/postgresql15-server/distinfo index b23b22c9acc4..845cdd374469 100644 --- a/databases/postgresql15-server/distinfo +++ b/databases/postgresql15-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301241 -SHA256 (postgresql/postgresql-15.6.tar.bz2) = 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb -SIZE (postgresql/postgresql-15.6.tar.bz2) = 23093967 +TIMESTAMP = 1715095962 +SHA256 (postgresql/postgresql-15.7.tar.bz2) = a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +SIZE (postgresql/postgresql-15.7.tar.bz2) = 23112318 diff --git a/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls deleted file mode 100644 index 02686061ce99..000000000000 --- a/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls +++ /dev/null @@ -1,24 +0,0 @@ -Do not inline functions which access TLS in LLVM JIT, as -this leads to crashes with unsupported relocation error - -diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp -index 2617a46..a063edb 100644 ---- src/backend/jit/llvm/llvmjit_inline.cpp -+++ src/backend/jit/llvm/llvmjit_inline.cpp -@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F, - if (rv->materialize()) - elog(FATAL, "failed to materialize metadata"); - -+ /* -+ * Don't inline functions with thread-local variables until -+ * related crashes are investigated (see BUG #16696) -+ */ -+ if (rv->isThreadLocal()) { -+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s", -+ F.getName().data(), rv->getName().data()); -+ return false; -+ } -+ - /* - * Never want to inline externally visible vars, cheap enough to - * reference. diff --git a/databases/postgresql15-server/files/pkg-message-contrib.in b/databases/postgresql15-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql15-server/files/pkg-message-contrib.in +++ b/databases/postgresql15-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql15-server/files/pkg-message-server.in b/databases/postgresql15-server/files/pkg-message-server.in index 6370d4a017cc..946ff1d75b6d 100644 --- a/databases/postgresql15-server/files/pkg-message-server.in +++ b/databases/postgresql15-server/files/pkg-message-server.in @@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgresql_initdb_flags rcvar. Otherwise you can enable it later by - pg_checksums. Check the initdb(1) manpage for more info + using pg_checksums. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== + +SECURITY ADVICE + +If upgradring from a version 15.x < 15.7: +A security vulnerability was found in the system views pg_stats_ext +and pg_stats_ext_exprs, potentially allowing authenticated database +users to see data they shouldn't. If this is of concern in your +installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql +for each of your databases. For details, see +https://www.postgresql.org/support/security/CVE-2024-4317/ + + EOM } ] diff --git a/databases/postgresql15-server/pkg-plist-server b/databases/postgresql15-server/pkg-plist-server index 4399bd1bd895..cea77992a139 100644 --- a/databases/postgresql15-server/pkg-plist-server +++ b/databases/postgresql15-server/pkg-plist-server @@ -786,6 +786,7 @@ lib/postgresql/utf8_and_win.so %%DATADIR%%/errcodes.txt %%DATADIR%%/extension/plpgsql--1.0.sql %%DATADIR%%/extension/plpgsql.control +%%DATADIR%%/fix-CVE-2024-4317.sql %%DATADIR%%/information_schema.sql %%DATADIR%%/pg_hba.conf.sample %%DATADIR%%/pg_ident.conf.sample diff --git a/databases/postgresql16-server/Makefile b/databases/postgresql16-server/Makefile index bb6e623c3449..2adc5a60ec4a 100644 --- a/databases/postgresql16-server/Makefile +++ b/databases/postgresql16-server/Makefile @@ -1,5 +1,5 @@ PORTNAME?= postgresql -DISTVERSION?= 16.2 +DISTVERSION?= 16.3 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 @@ -81,7 +81,7 @@ CONFIGURE_ENV+= PATH=${PREFIX}/bin:${PATH} .endif .if defined(SERVER_ONLY) -OPTIONS_DEFINE= DTRACE LDAP INTDATE TZDATA XML DOCS +OPTIONS_DEFINE= DTRACE LDAP TZDATA XML DOCS LDAP_DESC= Build with LDAP authentication support TZDATA_DESC= Use internal timezone database XML_DESC= Build with XML data type @@ -114,12 +114,6 @@ LLVM_CONFIGURE_ENV= LLVM_CONFIG=${LLVM_CONFIG} \ CLANG=${LOCALBASE}/bin/clang${LLVM_VERSION} LLVM_USES= llvm:max=15,min=11,lib -# See http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/76999 for more info -# (requires dump/restore if modified.) -OPTIONS_DEFINE+= INTDATE -INTDATE_DESC= Builds with 64-bit date/time type -OPTIONS_DEFAULT+= INTDATE - CONFIGURE_ARGS+= --with-icu LIB_DEPENDS+= libicudata.so:devel/icu USES+= pkgconfig @@ -162,8 +156,6 @@ XML_LIB_DEPENDS= libxml2.so:textproc/libxml2 TZDATA_CONFIGURE_OFF= --with-system-tzdata=/usr/share/zoneinfo -INTDATE_CONFIGURE_OFF= --disable-integer-datetimes - NLS_CONFIGURE_ENABLE= nls NLS_USES= gettext diff --git a/databases/postgresql16-server/distinfo b/databases/postgresql16-server/distinfo index bb2283ecf3ea..a5b9b692f324 100644 --- a/databases/postgresql16-server/distinfo +++ b/databases/postgresql16-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707301242 -SHA256 (postgresql/postgresql-16.2.tar.bz2) = 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 -SIZE (postgresql/postgresql-16.2.tar.bz2) = 24711703 +TIMESTAMP = 1715095963 +SHA256 (postgresql/postgresql-16.3.tar.bz2) = 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +SIZE (postgresql/postgresql-16.3.tar.bz2) = 24737644 diff --git a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls deleted file mode 100644 index 02686061ce99..000000000000 --- a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls +++ /dev/null @@ -1,24 +0,0 @@ -Do not inline functions which access TLS in LLVM JIT, as -this leads to crashes with unsupported relocation error - -diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp -index 2617a46..a063edb 100644 ---- src/backend/jit/llvm/llvmjit_inline.cpp -+++ src/backend/jit/llvm/llvmjit_inline.cpp -@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F, - if (rv->materialize()) - elog(FATAL, "failed to materialize metadata"); - -+ /* -+ * Don't inline functions with thread-local variables until -+ * related crashes are investigated (see BUG #16696) -+ */ -+ if (rv->isThreadLocal()) { -+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s", -+ F.getName().data(), rv->getName().data()); -+ return false; -+ } -+ - /* - * Never want to inline externally visible vars, cheap enough to - * reference. diff --git a/databases/postgresql16-server/files/pkg-message-contrib.in b/databases/postgresql16-server/files/pkg-message-contrib.in index 2d9f3d86e71c..006f700a3ae1 100644 --- a/databases/postgresql16-server/files/pkg-message-contrib.in +++ b/databases/postgresql16-server/files/pkg-message-contrib.in @@ -2,7 +2,7 @@ { type: install message: <<EOM The PostgreSQL contrib utilities have been installed. Please see -%%PREFIX%%/share/doc/postgresql/contrib/README +%%DOCSDIR%%/README-contrib for more information. EOM } diff --git a/databases/postgresql16-server/files/pkg-message-server.in b/databases/postgresql16-server/files/pkg-message-server.in index 6370d4a017cc..1d79c1d88b58 100644 --- a/databases/postgresql16-server/files/pkg-message-server.in +++ b/databases/postgresql16-server/files/pkg-message-server.in @@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgresql_initdb_flags rcvar. Otherwise you can enable it later by - pg_checksums. Check the initdb(1) manpage for more info + using pg_checksums. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== + +SECURITY ADVICE + +If upgradring from a version 16.x < 16.3 +A security vulnerability was found in the system views pg_stats_ext +and pg_stats_ext_exprs, potentially allowing authenticated database +users to see data they shouldn't. If this is of concern in your +installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql +for each of your databases. For details, see +https://www.postgresql.org/support/security/CVE-2024-4317/ + + EOM } ] diff --git a/databases/postgresql16-server/pkg-plist-server b/databases/postgresql16-server/pkg-plist-server index 7e434ac68e7b..898700cf027f 100644 --- a/databases/postgresql16-server/pkg-plist-server +++ b/databases/postgresql16-server/pkg-plist-server @@ -800,6 +800,7 @@ lib/postgresql/utf8_and_win.so %%DATADIR%%/errcodes.txt %%DATADIR%%/extension/plpgsql--1.0.sql %%DATADIR%%/extension/plpgsql.control +%%DATADIR%%/fix-CVE-2024-4317.sql %%DATADIR%%/information_schema.sql %%DATADIR%%/pg_hba.conf.sample %%DATADIR%%/pg_ident.conf.sample |