aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPalle Girgensohn <girgen@FreeBSD.org>2024-05-09 20:13:22 +0000
committerPalle Girgensohn <girgen@FreeBSD.org>2024-05-09 22:34:46 +0000
commitade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373 (patch)
tree5a1be2c384a6472f3471f0e27acd58b1552f9465
parentde67baaee9ffaf88fa80dcda1f89d83df424d0a4 (diff)
downloadports-ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373.tar.gz
ports-ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373.zip
databases/postgresql??-*: Update to latest versions
PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released! The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15, and 12.19. This release fixes one security vulnerability and over 55 bugs reported over the last several months. Please note that the fix in this release for CVE-2024-4317 only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after this fix is applied. If you have a current PostgreSQL installation and are concerned about this issue, please follow the additional updating instructions provided in the CVE-2024-4317 description or the release notes for the remediation. [1] The script is installed as /usr/local/share/postgresql/fix-CVE-2024-4317.sql PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are running PostgreSQL 12 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information. [1]: https://www.postgresql.org/support/security/CVE-2024-4317/ Security: d53c30c1-0d7b-11ef-ba02-6cc21735f730 PR: 277428 (remove unneded patch) PR: 260494 (remove deprecated INTDATE option) PR: 265860 (correct path for contrib README file in pkg-message)
-rw-r--r--databases/postgresql12-server/Makefile2
-rw-r--r--databases/postgresql12-server/distinfo6
-rw-r--r--databases/postgresql12-server/files/pkg-message-contrib.in2
-rw-r--r--databases/postgresql13-server/Makefile2
-rw-r--r--databases/postgresql13-server/distinfo6
-rw-r--r--databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls24
-rw-r--r--databases/postgresql13-server/files/pkg-message-contrib.in2
-rw-r--r--databases/postgresql14-server/Makefile2
-rw-r--r--databases/postgresql14-server/distinfo6
-rw-r--r--databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls24
-rw-r--r--databases/postgresql14-server/files/pkg-message-contrib.in2
-rw-r--r--databases/postgresql14-server/files/pkg-message-server.in14
-rw-r--r--databases/postgresql14-server/pkg-plist-server1
-rw-r--r--databases/postgresql15-server/Makefile2
-rw-r--r--databases/postgresql15-server/distinfo6
-rw-r--r--databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls24
-rw-r--r--databases/postgresql15-server/files/pkg-message-contrib.in2
-rw-r--r--databases/postgresql15-server/files/pkg-message-server.in14
-rw-r--r--databases/postgresql15-server/pkg-plist-server1
-rw-r--r--databases/postgresql16-server/Makefile12
-rw-r--r--databases/postgresql16-server/distinfo6
-rw-r--r--databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls24
-rw-r--r--databases/postgresql16-server/files/pkg-message-contrib.in2
-rw-r--r--databases/postgresql16-server/files/pkg-message-server.in14
-rw-r--r--databases/postgresql16-server/pkg-plist-server1
25 files changed, 68 insertions, 133 deletions
diff --git a/databases/postgresql12-server/Makefile b/databases/postgresql12-server/Makefile
index 9a8fc4370856..6ba84eb2c9c6 100644
--- a/databases/postgresql12-server/Makefile
+++ b/databases/postgresql12-server/Makefile
@@ -1,4 +1,4 @@
-DISTVERSION?= 12.18
+DISTVERSION?= 12.19
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
# not their own. Probably best to keep it at ?=0 when reset here too.
PORTREVISION?= 0
diff --git a/databases/postgresql12-server/distinfo b/databases/postgresql12-server/distinfo
index 3c9545cf422b..a9c254216026 100644
--- a/databases/postgresql12-server/distinfo
+++ b/databases/postgresql12-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707301238
-SHA256 (postgresql/postgresql-12.18.tar.bz2) = 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a
-SIZE (postgresql/postgresql-12.18.tar.bz2) = 21208935
+TIMESTAMP = 1715095959
+SHA256 (postgresql/postgresql-12.19.tar.bz2) = 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb
+SIZE (postgresql/postgresql-12.19.tar.bz2) = 21218699
diff --git a/databases/postgresql12-server/files/pkg-message-contrib.in b/databases/postgresql12-server/files/pkg-message-contrib.in
index 2d9f3d86e71c..006f700a3ae1 100644
--- a/databases/postgresql12-server/files/pkg-message-contrib.in
+++ b/databases/postgresql12-server/files/pkg-message-contrib.in
@@ -2,7 +2,7 @@
{ type: install
message: <<EOM
The PostgreSQL contrib utilities have been installed. Please see
-%%PREFIX%%/share/doc/postgresql/contrib/README
+%%DOCSDIR%%/README-contrib
for more information.
EOM
}
diff --git a/databases/postgresql13-server/Makefile b/databases/postgresql13-server/Makefile
index 7270ba17d2b6..1ff3d0035045 100644
--- a/databases/postgresql13-server/Makefile
+++ b/databases/postgresql13-server/Makefile
@@ -1,4 +1,4 @@
-DISTVERSION?= 13.14
+DISTVERSION?= 13.15
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
# not their own. Probably best to keep it at ?=0 when reset here too.
PORTREVISION?= 0
diff --git a/databases/postgresql13-server/distinfo b/databases/postgresql13-server/distinfo
index 80076e8078ef..7bed84f9d7ba 100644
--- a/databases/postgresql13-server/distinfo
+++ b/databases/postgresql13-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707301284
-SHA256 (postgresql/postgresql-13.14.tar.bz2) = b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed
-SIZE (postgresql/postgresql-13.14.tar.bz2) = 21584146
+TIMESTAMP = 1715095960
+SHA256 (postgresql/postgresql-13.15.tar.bz2) = 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925
+SIZE (postgresql/postgresql-13.15.tar.bz2) = 21597871
diff --git a/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls
deleted file mode 100644
index 02686061ce99..000000000000
--- a/databases/postgresql13-server/files/patch-disable-llvm-jit-inlining-with-tls
+++ /dev/null
@@ -1,24 +0,0 @@
-Do not inline functions which access TLS in LLVM JIT, as
-this leads to crashes with unsupported relocation error
-
-diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp
-index 2617a46..a063edb 100644
---- src/backend/jit/llvm/llvmjit_inline.cpp
-+++ src/backend/jit/llvm/llvmjit_inline.cpp
-@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F,
- if (rv->materialize())
- elog(FATAL, "failed to materialize metadata");
-
-+ /*
-+ * Don't inline functions with thread-local variables until
-+ * related crashes are investigated (see BUG #16696)
-+ */
-+ if (rv->isThreadLocal()) {
-+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s",
-+ F.getName().data(), rv->getName().data());
-+ return false;
-+ }
-+
- /*
- * Never want to inline externally visible vars, cheap enough to
- * reference.
diff --git a/databases/postgresql13-server/files/pkg-message-contrib.in b/databases/postgresql13-server/files/pkg-message-contrib.in
index 2d9f3d86e71c..006f700a3ae1 100644
--- a/databases/postgresql13-server/files/pkg-message-contrib.in
+++ b/databases/postgresql13-server/files/pkg-message-contrib.in
@@ -2,7 +2,7 @@
{ type: install
message: <<EOM
The PostgreSQL contrib utilities have been installed. Please see
-%%PREFIX%%/share/doc/postgresql/contrib/README
+%%DOCSDIR%%/README-contrib
for more information.
EOM
}
diff --git a/databases/postgresql14-server/Makefile b/databases/postgresql14-server/Makefile
index a4599c1bb31c..6dc8a6c17b13 100644
--- a/databases/postgresql14-server/Makefile
+++ b/databases/postgresql14-server/Makefile
@@ -1,4 +1,4 @@
-DISTVERSION?= 14.11
+DISTVERSION?= 14.12
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
# not their own. Probably best to keep it at ?=0 when reset here too.
PORTREVISION?= 0
diff --git a/databases/postgresql14-server/distinfo b/databases/postgresql14-server/distinfo
index 6d31689b1b7b..97f5e287f4d5 100644
--- a/databases/postgresql14-server/distinfo
+++ b/databases/postgresql14-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707301184
-SHA256 (postgresql/postgresql-14.11.tar.bz2) = a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8
-SIZE (postgresql/postgresql-14.11.tar.bz2) = 22354758
+TIMESTAMP = 1715095961
+SHA256 (postgresql/postgresql-14.12.tar.bz2) = 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923
+SIZE (postgresql/postgresql-14.12.tar.bz2) = 22390865
diff --git a/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls
deleted file mode 100644
index 02686061ce99..000000000000
--- a/databases/postgresql14-server/files/patch-disable-llvm-jit-inlining-with-tls
+++ /dev/null
@@ -1,24 +0,0 @@
-Do not inline functions which access TLS in LLVM JIT, as
-this leads to crashes with unsupported relocation error
-
-diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp
-index 2617a46..a063edb 100644
---- src/backend/jit/llvm/llvmjit_inline.cpp
-+++ src/backend/jit/llvm/llvmjit_inline.cpp
-@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F,
- if (rv->materialize())
- elog(FATAL, "failed to materialize metadata");
-
-+ /*
-+ * Don't inline functions with thread-local variables until
-+ * related crashes are investigated (see BUG #16696)
-+ */
-+ if (rv->isThreadLocal()) {
-+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s",
-+ F.getName().data(), rv->getName().data());
-+ return false;
-+ }
-+
- /*
- * Never want to inline externally visible vars, cheap enough to
- * reference.
diff --git a/databases/postgresql14-server/files/pkg-message-contrib.in b/databases/postgresql14-server/files/pkg-message-contrib.in
index 2d9f3d86e71c..006f700a3ae1 100644
--- a/databases/postgresql14-server/files/pkg-message-contrib.in
+++ b/databases/postgresql14-server/files/pkg-message-contrib.in
@@ -2,7 +2,7 @@
{ type: install
message: <<EOM
The PostgreSQL contrib utilities have been installed. Please see
-%%PREFIX%%/share/doc/postgresql/contrib/README
+%%DOCSDIR%%/README-contrib
for more information.
EOM
}
diff --git a/databases/postgresql14-server/files/pkg-message-server.in b/databases/postgresql14-server/files/pkg-message-server.in
index 6370d4a017cc..8253d3c2541b 100644
--- a/databases/postgresql14-server/files/pkg-message-server.in
+++ b/databases/postgresql14-server/files/pkg-message-server.in
@@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might
wish to enable data checksumming. It can be enabled during
the initdb phase, by adding the "--data-checksums" flag to
the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
- pg_checksums. Check the initdb(1) manpage for more info
+ using pg_checksums. Check the initdb(1) manpage for more info
and make sure you understand the performance implications.
======================================================================
+
+SECURITY ADVICE
+
+If upgradring from a version 14.x < 14.12:
+A security vulnerability was found in the system views pg_stats_ext
+and pg_stats_ext_exprs, potentially allowing authenticated database
+users to see data they shouldn't. If this is of concern in your
+installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql
+for each of your databases. For details, see
+https://www.postgresql.org/support/security/CVE-2024-4317/
+
+
EOM
}
]
diff --git a/databases/postgresql14-server/pkg-plist-server b/databases/postgresql14-server/pkg-plist-server
index 15de69ff20f5..8f00f179a298 100644
--- a/databases/postgresql14-server/pkg-plist-server
+++ b/databases/postgresql14-server/pkg-plist-server
@@ -750,6 +750,7 @@ lib/postgresql/utf8_and_win.so
%%DATADIR%%/errcodes.txt
%%DATADIR%%/extension/plpgsql--1.0.sql
%%DATADIR%%/extension/plpgsql.control
+%%DATADIR%%/fix-CVE-2024-4317.sql
%%DATADIR%%/information_schema.sql
%%DATADIR%%/pg_hba.conf.sample
%%DATADIR%%/pg_ident.conf.sample
diff --git a/databases/postgresql15-server/Makefile b/databases/postgresql15-server/Makefile
index 73cdb6c2b2da..ad7d23054e86 100644
--- a/databases/postgresql15-server/Makefile
+++ b/databases/postgresql15-server/Makefile
@@ -1,4 +1,4 @@
-DISTVERSION?= 15.6
+DISTVERSION?= 15.7
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
# not their own. Probably best to keep it at ?=0 when reset here too.
PORTREVISION?= 0
diff --git a/databases/postgresql15-server/distinfo b/databases/postgresql15-server/distinfo
index b23b22c9acc4..845cdd374469 100644
--- a/databases/postgresql15-server/distinfo
+++ b/databases/postgresql15-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707301241
-SHA256 (postgresql/postgresql-15.6.tar.bz2) = 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb
-SIZE (postgresql/postgresql-15.6.tar.bz2) = 23093967
+TIMESTAMP = 1715095962
+SHA256 (postgresql/postgresql-15.7.tar.bz2) = a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7
+SIZE (postgresql/postgresql-15.7.tar.bz2) = 23112318
diff --git a/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls
deleted file mode 100644
index 02686061ce99..000000000000
--- a/databases/postgresql15-server/files/patch-disable-llvm-jit-inlining-with-tls
+++ /dev/null
@@ -1,24 +0,0 @@
-Do not inline functions which access TLS in LLVM JIT, as
-this leads to crashes with unsupported relocation error
-
-diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp
-index 2617a46..a063edb 100644
---- src/backend/jit/llvm/llvmjit_inline.cpp
-+++ src/backend/jit/llvm/llvmjit_inline.cpp
-@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F,
- if (rv->materialize())
- elog(FATAL, "failed to materialize metadata");
-
-+ /*
-+ * Don't inline functions with thread-local variables until
-+ * related crashes are investigated (see BUG #16696)
-+ */
-+ if (rv->isThreadLocal()) {
-+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s",
-+ F.getName().data(), rv->getName().data());
-+ return false;
-+ }
-+
- /*
- * Never want to inline externally visible vars, cheap enough to
- * reference.
diff --git a/databases/postgresql15-server/files/pkg-message-contrib.in b/databases/postgresql15-server/files/pkg-message-contrib.in
index 2d9f3d86e71c..006f700a3ae1 100644
--- a/databases/postgresql15-server/files/pkg-message-contrib.in
+++ b/databases/postgresql15-server/files/pkg-message-contrib.in
@@ -2,7 +2,7 @@
{ type: install
message: <<EOM
The PostgreSQL contrib utilities have been installed. Please see
-%%PREFIX%%/share/doc/postgresql/contrib/README
+%%DOCSDIR%%/README-contrib
for more information.
EOM
}
diff --git a/databases/postgresql15-server/files/pkg-message-server.in b/databases/postgresql15-server/files/pkg-message-server.in
index 6370d4a017cc..946ff1d75b6d 100644
--- a/databases/postgresql15-server/files/pkg-message-server.in
+++ b/databases/postgresql15-server/files/pkg-message-server.in
@@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might
wish to enable data checksumming. It can be enabled during
the initdb phase, by adding the "--data-checksums" flag to
the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
- pg_checksums. Check the initdb(1) manpage for more info
+ using pg_checksums. Check the initdb(1) manpage for more info
and make sure you understand the performance implications.
======================================================================
+
+SECURITY ADVICE
+
+If upgradring from a version 15.x < 15.7:
+A security vulnerability was found in the system views pg_stats_ext
+and pg_stats_ext_exprs, potentially allowing authenticated database
+users to see data they shouldn't. If this is of concern in your
+installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql
+for each of your databases. For details, see
+https://www.postgresql.org/support/security/CVE-2024-4317/
+
+
EOM
}
]
diff --git a/databases/postgresql15-server/pkg-plist-server b/databases/postgresql15-server/pkg-plist-server
index 4399bd1bd895..cea77992a139 100644
--- a/databases/postgresql15-server/pkg-plist-server
+++ b/databases/postgresql15-server/pkg-plist-server
@@ -786,6 +786,7 @@ lib/postgresql/utf8_and_win.so
%%DATADIR%%/errcodes.txt
%%DATADIR%%/extension/plpgsql--1.0.sql
%%DATADIR%%/extension/plpgsql.control
+%%DATADIR%%/fix-CVE-2024-4317.sql
%%DATADIR%%/information_schema.sql
%%DATADIR%%/pg_hba.conf.sample
%%DATADIR%%/pg_ident.conf.sample
diff --git a/databases/postgresql16-server/Makefile b/databases/postgresql16-server/Makefile
index bb6e623c3449..2adc5a60ec4a 100644
--- a/databases/postgresql16-server/Makefile
+++ b/databases/postgresql16-server/Makefile
@@ -1,5 +1,5 @@
PORTNAME?= postgresql
-DISTVERSION?= 16.2
+DISTVERSION?= 16.3
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
# not their own. Probably best to keep it at ?=0 when reset here too.
PORTREVISION?= 0
@@ -81,7 +81,7 @@ CONFIGURE_ENV+= PATH=${PREFIX}/bin:${PATH}
.endif
.if defined(SERVER_ONLY)
-OPTIONS_DEFINE= DTRACE LDAP INTDATE TZDATA XML DOCS
+OPTIONS_DEFINE= DTRACE LDAP TZDATA XML DOCS
LDAP_DESC= Build with LDAP authentication support
TZDATA_DESC= Use internal timezone database
XML_DESC= Build with XML data type
@@ -114,12 +114,6 @@ LLVM_CONFIGURE_ENV= LLVM_CONFIG=${LLVM_CONFIG} \
CLANG=${LOCALBASE}/bin/clang${LLVM_VERSION}
LLVM_USES= llvm:max=15,min=11,lib
-# See http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/76999 for more info
-# (requires dump/restore if modified.)
-OPTIONS_DEFINE+= INTDATE
-INTDATE_DESC= Builds with 64-bit date/time type
-OPTIONS_DEFAULT+= INTDATE
-
CONFIGURE_ARGS+= --with-icu
LIB_DEPENDS+= libicudata.so:devel/icu
USES+= pkgconfig
@@ -162,8 +156,6 @@ XML_LIB_DEPENDS= libxml2.so:textproc/libxml2
TZDATA_CONFIGURE_OFF= --with-system-tzdata=/usr/share/zoneinfo
-INTDATE_CONFIGURE_OFF= --disable-integer-datetimes
-
NLS_CONFIGURE_ENABLE= nls
NLS_USES= gettext
diff --git a/databases/postgresql16-server/distinfo b/databases/postgresql16-server/distinfo
index bb2283ecf3ea..a5b9b692f324 100644
--- a/databases/postgresql16-server/distinfo
+++ b/databases/postgresql16-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707301242
-SHA256 (postgresql/postgresql-16.2.tar.bz2) = 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952
-SIZE (postgresql/postgresql-16.2.tar.bz2) = 24711703
+TIMESTAMP = 1715095963
+SHA256 (postgresql/postgresql-16.3.tar.bz2) = 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585
+SIZE (postgresql/postgresql-16.3.tar.bz2) = 24737644
diff --git a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls b/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls
deleted file mode 100644
index 02686061ce99..000000000000
--- a/databases/postgresql16-server/files/patch-disable-llvm-jit-inlining-with-tls
+++ /dev/null
@@ -1,24 +0,0 @@
-Do not inline functions which access TLS in LLVM JIT, as
-this leads to crashes with unsupported relocation error
-
-diff --git src/backend/jit/llvm/llvmjit_inline.cpp src/backend/jit/llvm/llvmjit_inline.cpp
-index 2617a46..a063edb 100644
---- src/backend/jit/llvm/llvmjit_inline.cpp
-+++ src/backend/jit/llvm/llvmjit_inline.cpp
-@@ -608,6 +608,16 @@ function_inlinable(llvm::Function &F,
- if (rv->materialize())
- elog(FATAL, "failed to materialize metadata");
-
-+ /*
-+ * Don't inline functions with thread-local variables until
-+ * related crashes are investigated (see BUG #16696)
-+ */
-+ if (rv->isThreadLocal()) {
-+ ilog(DEBUG1, "cannot inline %s due to thread-local variable %s",
-+ F.getName().data(), rv->getName().data());
-+ return false;
-+ }
-+
- /*
- * Never want to inline externally visible vars, cheap enough to
- * reference.
diff --git a/databases/postgresql16-server/files/pkg-message-contrib.in b/databases/postgresql16-server/files/pkg-message-contrib.in
index 2d9f3d86e71c..006f700a3ae1 100644
--- a/databases/postgresql16-server/files/pkg-message-contrib.in
+++ b/databases/postgresql16-server/files/pkg-message-contrib.in
@@ -2,7 +2,7 @@
{ type: install
message: <<EOM
The PostgreSQL contrib utilities have been installed. Please see
-%%PREFIX%%/share/doc/postgresql/contrib/README
+%%DOCSDIR%%/README-contrib
for more information.
EOM
}
diff --git a/databases/postgresql16-server/files/pkg-message-server.in b/databases/postgresql16-server/files/pkg-message-server.in
index 6370d4a017cc..1d79c1d88b58 100644
--- a/databases/postgresql16-server/files/pkg-message-server.in
+++ b/databases/postgresql16-server/files/pkg-message-server.in
@@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might
wish to enable data checksumming. It can be enabled during
the initdb phase, by adding the "--data-checksums" flag to
the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
- pg_checksums. Check the initdb(1) manpage for more info
+ using pg_checksums. Check the initdb(1) manpage for more info
and make sure you understand the performance implications.
======================================================================
+
+SECURITY ADVICE
+
+If upgradring from a version 16.x < 16.3
+A security vulnerability was found in the system views pg_stats_ext
+and pg_stats_ext_exprs, potentially allowing authenticated database
+users to see data they shouldn't. If this is of concern in your
+installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql
+for each of your databases. For details, see
+https://www.postgresql.org/support/security/CVE-2024-4317/
+
+
EOM
}
]
diff --git a/databases/postgresql16-server/pkg-plist-server b/databases/postgresql16-server/pkg-plist-server
index 7e434ac68e7b..898700cf027f 100644
--- a/databases/postgresql16-server/pkg-plist-server
+++ b/databases/postgresql16-server/pkg-plist-server
@@ -800,6 +800,7 @@ lib/postgresql/utf8_and_win.so
%%DATADIR%%/errcodes.txt
%%DATADIR%%/extension/plpgsql--1.0.sql
%%DATADIR%%/extension/plpgsql.control
+%%DATADIR%%/fix-CVE-2024-4317.sql
%%DATADIR%%/information_schema.sql
%%DATADIR%%/pg_hba.conf.sample
%%DATADIR%%/pg_ident.conf.sample