Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.
PR: ports/132402, ports/145002, ports/146657
Remove postgresql-contrib in favour for postgresqlNN-contrib.
This way we will get packages built, which is nice.
Security: CVE-2010-1169
Security: CVE-2010-1170
The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29. This release
fixes moderate-risk security issues with PL/perl and PL/tcl, as well as
a data corruption issue with standby databases. Users of any of these
three features should update their PostgreSQL installations immediately.
The PL/perl security fix closes a security hole in PL/perl
procedures which could allow privilege escalation on the host system,
caused by a flaw in Safe.pm; see CVE-2010-1169 and CVE-2010-1447 for
details. A second patch prevents PL/tcl's pltcl_modules table from
being subverted in order to run arbitrary Tcl scripts; see
CVE-2010-1170. These issues only affect users who have enabled either
of these two stored procedure languages.
Also corrected is use of the command ALTER TABLE SET TABLESPACE, which
previously could cause data corruption on Warm Standby database slaves.
This issue affects only version 8.4.
There are also 21 other bug fixes in this release, some of which apply
only to version 8.4, and a few of which are specifically for Windows.
While these are generally fixes for minor issues, among the changes are:
* Fix for a combinational crash condition
* Prevent normal users from resetting some GUCs in
their own role definitions
* Correctly apply constraint exclusion in UPDATE and DELETE queries
* Minor fixes for WAL archiving
* Update timezone data for 12 zones
See the release notes for a full list of changes with details.
Releasenotes at http://www.postgresql.org/docs/current/static/release.html
URL: http://www.postgresql.org/about/news.1055
The PostgreSQL Project today released
updates to all active branches of the
PostgreSQL object-relational database
system, including versions 8.3.6,
8.2.12, 8.1.16, 8.0.20 and 7.4.24. These
updates include two serious fixes, for
autovacuum crashes in version 8.1 and
GiST indexing data loss in 8.3, and
those two versions should be updated as
soon as possible.
These update releases also include
patches for several low-risk security
holes, as well as up to 17 other minor
fixes, depending on your major version
of PostgreSQL. Included as well are
Daylight Savings Time changes for Nepal,
Switzerland and Cuba. See the release
notes for full details.
The first serious issue affects users
who are using version 8.1 with
Autovacuum, which will fail when XID
rollover is required. The second serious
issue can cause data loss when CLUSTER
is used with GiST indexes (such as full
text indexes) on version 8.3. Both
issues are fixed in these releases.
Updates for all maintained versions of PostgreSQL are available today:
8.3.3, 8.2.9, 8.1.13, 8.0.17 and 7.4.21. These releases fix more than
two dozen minor issues reported and patched over the last few months.
All PostgreSQL users should plan to update at their earliest
convenience. People in affected time zones, in particular, should
upgrade as soon as possible.
Release Notes:
http://www.postgresql.org/docs/8.3/static/release.html
Also, fix umask error in periodic script [1].
PR: ports/124457 [1]
Submitted by: Alexandre Perrin
This includes a bunch of security fixes: CVE-2007-6067, CVE-2007-4772,
CVE-2007-6601, CVE-2007-6600 and CVE-2007-4769.
Security: http://www.postgresql.org/about/news.905
A vulnerability allows suppressing the normal checks that a SQL
function returns the data type it's declared to do. These errors can
easily be exploited to cause a backend crash, and in principle might
be used to read database content that the user should not be able to
access. [CVE-2007-0555]
The release includes a set of other fixes as well. Please see the
release information at
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-16
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.
Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.
Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.
Also, fix rc_subr startup problems on FreeBSD-7.x.
Security: http://www.postgresql.org/docs/techdocs.50
PR: ports/95154
A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto
Migration to version 7.4.9
A dump/restore is not required for those running 7.4.X. However, if you
are upgrading from a version earlier than 7.4.8, see the release notes
for 7.4.8.
__________________________________________________________________
Changes
* Fix error that allowed "VACUUM" to remove ctid chains too soon, and
add more checking in code that follows ctid links
This fixes a long-standing problem that could cause crashes in very
rare circumstances.
* Fix CHAR() to properly pad spaces to the specified length when
using a multiple-byte character set (Yoshiyuki Asaba)
In prior releases, the padding of CHAR() was incorrect because it
only padded to the specified number of bytes without considering
how many characters were stored.
* Fix the sense of the test for read-only transaction in "COPY"
The code formerly prohibited "COPY TO", where it should prohibit
"COPY FROM".
* Fix planning problem with outer-join ON clauses that reference only
the inner-side relation
* Further fixes for x FULL JOIN y ON true corner cases
* Make array_in and array_recv more paranoid about validating their
OID parameter
* Fix missing rows in queries like UPDATE a=... WHERE a... with GiST
index on column a
* Improve robustness of datetime parsing
* Improve checking for partially-written WAL pages
* Improve robustness of signal handling when SSL is enabled
* Don't try to open more than max_files_per_process files during
postmaster startup
* Various memory leakage fixes
* Various portability improvements
* Fix PL/PgSQL to handle var := var correctly when the variable is of
pass-by-reference type
* Update "contrib/tsearch2" to use current Snowball code
please see the HISTORY file included in the Release, but a summary
consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function
results
* Repair race condition between relation extension and VACUUM
This could theoretically have caused loss of a page's worth of
freshly-inserted data, although the scenario seems of very low
probability. There are no known cases of it having caused more than
an Assert failure.
Security: http://www.postgresql.org/about/news.315
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.
Update to 7.3.9, 7.4.7 & 8.0.1.
Take the opportunity to reset PORTREVISION of slave ports.
Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]
The periodic script should of course be executable. [2]
[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>
advisories in http://www.postgresql.org/news/234.html
Note that postgresql 7.2.x is NOT being updated here since it is
due for termination real soon now.
Submitted by: maintainer, also referenced in ports/73142 (no patch)
* Prevent possible loss of committed transactions during crash
* Repair possible crash during concurrent btree index insertions
PR: 71176
Submitted by: SUGIMURA Takashi <sugimura@jp.FreeBSD.org>
Reviewed by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
Release notes available at http://www.postgresql.org/news/173.html
NOTICE: unlike most minor versions, this version does require
some updates to the pg_* system tables. Full instructions for
how to do this are included in the full HISTORY file.
DO NOT UPGRADE WITHOUT READING THESE INSTRUCTIONS.
SIZEfy.
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
PR: 64105
regarded as a major release with features with interest to those with
large databases. The updates are extensive and the best source of info
is in the release notes. Enjoy and direct questions to database@!
Release notes:
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4
PR: ports/59403, ports/59404, ports/59393, ports/59394,
ports/59395, ports/59397, ports/59398, ports/59402, &&
ports/59401
Submitted by: maintainer
Approved by: marcus (portmgr@ hat)
"In order to address a potentially serious (although rare)
server startup failure that was recently reported, we have
released PostgreSQL version 7.3.4. This release is critical
for users of PostgreSQL version 7.3.3, and highly recommended
for all other PostgreSQL users."
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
PR: 55354
1. Optionally link with libc_r to get plpython working. [1]
2. Fix kerberos build. [2]
3. There was a duplication of some declarations. [3]
PR: ports/52851
PR: ports/51080 [2]
Submitted by: Mike Meyer <mwm@mired.org> [1]
Submitted by: Gerweck <andy@tacnode.com> [2]
Pointed out by: Mike Harding <mvh@ix.netcom.com> [3]
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
Fixes numerous bugs especially with various interface libraries and
pg_dump. All users are advised to upgrade. This update fixes all known
problems with the postgresql7 port. See release notes for details:
http://developer.postgresql.org/docs/postgres/release-7-3-2.html
A dump/restore is *not* required when upgrading to this version.
PR: ports/47983 [1], ports/47284 [2], ports/47808 [3]
Submitted by: maintainer [1]
Jason C. Wells [2]
Michel Oosterhof <m.oosterhof@xs4all.nl> [3]
A note about how to install languages into a PostgreSQL database is added.
PR: ports/29916
Submitted by: Palle Girgensohn <girgen@partitur.se> (MAINTAINER)
Michal Pasternak <doc@lublin.t1.pl> (the note)
and..
<quote>
This is a really small fix:
- When compiling postgresql-jdbc, the compilation process presents a
bad path to the installed jar-file.
</quote>
PR: 13838
PR: 13865
Submitted by: Palle Girgensohn <girgen@partitur.se>
