The PostgreSQL Global Development Group has released an update to all

supported versions of our database system, including 12.4, 11.9, 10.14,
9.6.19, and 9.5.23.

This release closes two security vulnerabilities and fixes over 50 bugs
reported over the last three months.

Please plan to update at your earliest convenience.

Security Issues
---------------

* CVE-2020-14349: Uncontrolled search path element in logical replication.

Versions Affected: 10 - 12.

The PostgreSQL `search_path` setting determines schemas searched for
tables, functions, operators, etc. The CVE-2018-1058 fix caused most
PostgreSQL-provided client applications to sanitize `search_path`, but
logical replication continued to leave `search_path` unchanged. Users of
a replication publisher or subscriber database can create objects in the
`public` schema and harness them to execute arbitrary SQL functions
under the identity running replication, often a superuser. Installations
having adopted a documented secure schema usage pattern are not vulnerable.

The PostgreSQL project thanks Noah Misch for reporting this problem.

* CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`.

Versions Affected: 9.5 - 12. The security team typically does not test
unsupported versions, but this problem is quite old.

When a superuser runs certain `CREATE EXTENSION` statements, users may
be able to execute arbitrary SQL functions under the identity of that
superuser. The attacker must have permission to create objects in the
new extension's schema or a schema of a prerequisite extension.  Not all
extensions are vulnerable.

In addition to correcting the extensions provided with PostgreSQL, the
PostgreSQL Global Development Group is issuing guidance for third-party
extension authors to secure their own work.

The PostgreSQL project thanks Andres Freund for reporting this problem.

Security:	CVE-2020-14349, CVE-2020-14350

14 files changed, 28 insertions, 23 deletions

diff --git a/databases/postgresql10-server/Makefile b/databases/postgresql10-server/Makefile
index ccaf45c91edd..708de7c9a4e4 100644
--- a/databases/postgresql10-server/Makefile
+++ b/databases/postgresql10-server/Makefile
@@ -1,10 +1,10 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	10.13
+DISTVERSION?=	10.14
 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
-PORTREVISION?=	2
+PORTREVISION?=	0
 PKGNAMESUFFIX?=	${DISTVERSION:R:S/.//}${COMPONENT}
 
 MAINTAINER?=	pgsql@FreeBSD.org
diff --git a/databases/postgresql10-server/distinfo b/databases/postgresql10-server/distinfo
index e009b4e65769..1d957809cddb 100644
--- a/databases/postgresql10-server/distinfo
+++ b/databases/postgresql10-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589614618
-SHA256 (postgresql/postgresql-10.13.tar.bz2) = 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1
-SIZE (postgresql/postgresql-10.13.tar.bz2) = 19028339
+TIMESTAMP = 1597309874
+SHA256 (postgresql/postgresql-10.14.tar.bz2) = 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b
+SIZE (postgresql/postgresql-10.14.tar.bz2) = 19042154
diff --git a/databases/postgresql10-server/pkg-plist-client b/databases/postgresql10-server/pkg-plist-client
index add168f5b5f6..ee789e17f8d6 100644
--- a/databases/postgresql10-server/pkg-plist-client
+++ b/databases/postgresql10-server/pkg-plist-client
@@ -237,6 +237,7 @@ include/postgresql/server/commands/variable.h
 include/postgresql/server/commands/view.h
 include/postgresql/server/common/base64.h
 include/postgresql/server/common/config_info.h
+include/postgresql/server/common/connect.h
 include/postgresql/server/common/controldata_utils.h
 include/postgresql/server/common/fe_memutils.h
 include/postgresql/server/common/file_utils.h
diff --git a/databases/postgresql11-server/Makefile b/databases/postgresql11-server/Makefile
index 7d8929ae0323..2993f3b02e6e 100644
--- a/databases/postgresql11-server/Makefile
+++ b/databases/postgresql11-server/Makefile
@@ -1,10 +1,10 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	11.8
+DISTVERSION?=	11.9
 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
-PORTREVISION?=	2
+PORTREVISION?=	0
 PKGNAMESUFFIX?=	${DISTVERSION:R:S/.//}${COMPONENT}
 
 MAINTAINER?=	pgsql@FreeBSD.org
diff --git a/databases/postgresql11-server/distinfo b/databases/postgresql11-server/distinfo
index 6e88088d9d91..396c8298f39d 100644
--- a/databases/postgresql11-server/distinfo
+++ b/databases/postgresql11-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589613918
-SHA256 (postgresql/postgresql-11.8.tar.bz2) = eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2
-SIZE (postgresql/postgresql-11.8.tar.bz2) = 19922770
+TIMESTAMP = 1597309874
+SHA256 (postgresql/postgresql-11.9.tar.bz2) = 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635
+SIZE (postgresql/postgresql-11.9.tar.bz2) = 19959019
diff --git a/databases/postgresql11-server/pkg-plist-client b/databases/postgresql11-server/pkg-plist-client
index cab9929cb355..6fefde4d9f77 100644
--- a/databases/postgresql11-server/pkg-plist-client
+++ b/databases/postgresql11-server/pkg-plist-client
@@ -294,6 +294,7 @@ include/postgresql/server/commands/variable.h
 include/postgresql/server/commands/view.h
 include/postgresql/server/common/base64.h
 include/postgresql/server/common/config_info.h
+include/postgresql/server/common/connect.h
 include/postgresql/server/common/controldata_utils.h
 include/postgresql/server/common/fe_memutils.h
 include/postgresql/server/common/file_perm.h
diff --git a/databases/postgresql12-server/Makefile b/databases/postgresql12-server/Makefile
index 5f968888024e..be1f5f5897d7 100644
--- a/databases/postgresql12-server/Makefile
+++ b/databases/postgresql12-server/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME?=	postgresql
-DISTVERSION?=	12.3
+DISTVERSION?=	12.4
 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
 PORTREVISION?=	0
diff --git a/databases/postgresql12-server/distinfo b/databases/postgresql12-server/distinfo
index 38a554dc813c..1d3c6e4e2462 100644
--- a/databases/postgresql12-server/distinfo
+++ b/databases/postgresql12-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589458709
-SHA256 (postgresql/postgresql-12.3.tar.bz2) = 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41
-SIZE (postgresql/postgresql-12.3.tar.bz2) = 20439892
+TIMESTAMP = 1597309874
+SHA256 (postgresql/postgresql-12.4.tar.bz2) = bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc
+SIZE (postgresql/postgresql-12.4.tar.bz2) = 20669776
diff --git a/databases/postgresql12-server/pkg-plist-client b/databases/postgresql12-server/pkg-plist-client
index 11d5e6227a0d..50e18f349224 100644
--- a/databases/postgresql12-server/pkg-plist-client
+++ b/databases/postgresql12-server/pkg-plist-client
@@ -299,6 +299,7 @@ include/postgresql/server/commands/variable.h
 include/postgresql/server/commands/view.h
 include/postgresql/server/common/base64.h
 include/postgresql/server/common/config_info.h
+include/postgresql/server/common/connect.h
 include/postgresql/server/common/controldata_utils.h
 include/postgresql/server/common/fe_memutils.h
 include/postgresql/server/common/file_perm.h
diff --git a/databases/postgresql12-server/pkg-plist-server b/databases/postgresql12-server/pkg-plist-server
index fb320a38603c..0295b878c699 100644
--- a/databases/postgresql12-server/pkg-plist-server
+++ b/databases/postgresql12-server/pkg-plist-server
@@ -847,6 +847,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_archivecleanup-12.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_basebackup-12.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_checksums-12.mo
+%%DATADIR%%/snowball_create.sql
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_controldata-12.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_ctl-12.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_resetwal-12.mo
@@ -883,6 +884,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/uk/LC_MESSAGES/pg_test_timing-12.mo
 %%NLS%%share/locale/uk/LC_MESSAGES/pg_waldump-12.mo
 %%NLS%%share/locale/uk/LC_MESSAGES/plpgsql-12.mo
+%%NLS%%share/locale/uk/LC_MESSAGES/postgres-12.mo
 %%NLS%%share/locale/vi/LC_MESSAGES/pg_controldata-12.mo
 %%NLS%%share/locale/vi/LC_MESSAGES/pg_test_fsync-12.mo
 %%NLS%%share/locale/vi/LC_MESSAGES/pg_test_timing-12.mo
@@ -890,6 +892,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_archivecleanup-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_basebackup-12.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_checksums-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_ctl-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_resetwal-12.mo
@@ -900,7 +903,6 @@ lib/libpgcommon.a
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_waldump-12.mo 
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/plpgsql-12.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/postgres-12.mo
-%%DATADIR%%/snowball_create.sql
 %%TZDATA%%%%DATADIR%%/timezone/Africa/Abidjan
 %%TZDATA%%%%DATADIR%%/timezone/Africa/Accra
 %%TZDATA%%%%DATADIR%%/timezone/Africa/Addis_Ababa
diff --git a/databases/postgresql95-server/Makefile b/databases/postgresql95-server/Makefile
index ed3e38ab6a8e..3cb68bc8685c 100644
--- a/databases/postgresql95-server/Makefile
+++ b/databases/postgresql95-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.5.22
+DISTVERSION?=	9.5.23
 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
 PORTREVISION?=	0
diff --git a/databases/postgresql95-server/distinfo b/databases/postgresql95-server/distinfo
index e45f9276e8a1..4c7b63047e47 100644
--- a/databases/postgresql95-server/distinfo
+++ b/databases/postgresql95-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1589613852
-SHA256 (postgresql/postgresql-9.5.22.tar.bz2) = 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f
-SIZE (postgresql/postgresql-9.5.22.tar.bz2) = 17667386
+TIMESTAMP = 1597309874
+SHA256 (postgresql/postgresql-9.5.23.tar.bz2) = e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366
+SIZE (postgresql/postgresql-9.5.23.tar.bz2) = 17682366
 SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365
 SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952
diff --git a/databases/postgresql96-server/Makefile b/databases/postgresql96-server/Makefile
index 288be90e0e09..4c7fdb276afa 100644
--- a/databases/postgresql96-server/Makefile
+++ b/databases/postgresql96-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.6.18
+DISTVERSION?=	9.6.19
 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
 # not their own.  Probably best to keep it at ?=0 when reset here too.
 PORTREVISION?=	0
diff --git a/databases/postgresql96-server/distinfo b/databases/postgresql96-server/distinfo
index 99cdd9a1a8b8..54399f8f2ecd 100644
--- a/databases/postgresql96-server/distinfo
+++ b/databases/postgresql96-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1589458681
-SHA256 (postgresql/postgresql-9.6.18.tar.bz2) = 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999
-SIZE (postgresql/postgresql-9.6.18.tar.bz2) = 18836490
+TIMESTAMP = 1597309874
+SHA256 (postgresql/postgresql-9.6.19.tar.bz2) = 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0
+SIZE (postgresql/postgresql-9.6.19.tar.bz2) = 18880036
 SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e
 SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998