- Remove extra bsd.port.pre.mk include from postgresql82-server
PR: ports/161816 ports/161824 ports/161821
Submitted by: Jason Helfman (jhelfman@e-e.com)
Approved by: portmgr (pav)
Temporary fix, but will stop the flurry of incoming PRs related.
PR: ports/161779 ports/161774 ports/161791 ports/161771 ports/161769
Submitted by: Many people, original fix suggested by Jason Helfman (jhelfman@e-e.com)
Approved by: portmgr (pav)
for all active branches of the PostgreSQL object-relational database system,
including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.
All users are strongly urged to update their installations at the next
scheduled downtime.
URL: http://www.postgresql.org/about/news.1355
Cleanup ports. Better handling of the knob PG_USER.
Also add uuid to 9.0 and 9.1 contrib ports.
The problem with GSSAPI without Kerberos is that configure.in has
very funny logics of choosing GSSAPI libraries:
{{{
if test "$with_gssapi" = yes ; then
if test "$PORTNAME" != "win32"; then
AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
[AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
else
LIBS="$LIBS -lgssapi32"
fi
fi
}}}
This makes configure to happily choose -lgssapi_krb5 when the system
has Kerberos support (NO_KERBEROS is absent), but ld's '--as-needed'
will throw this library away when no Kerberos functions are used and
linker won't produce 'postgres' binary whining about unresolved
symbols:
{{{
cc -O2 -pipe -fno-strict-aliasing -Wall -Wmissing-prototypes \
-Wpointer-arith -Wdeclaration-after-statement -Wendif-labels \
-fno-strict-aliasing -fwrapv -L../../src/port -L/usr/local/lib \
-rpath=/usr/lib:/usr/local/lib -L/usr/local/lib -L/usr/local/lib \
-Wl,--as-needed -Wl,-R'/usr/local/lib' -Wl,-export-dynamic \
[... a bunch of *.o files was stripped ...]
../../src/timezone/pgtz.o ../../src/port/libpgport_srv.a -lintl -lssl \
-lcrypto -lgssapi_krb5 -lcrypt -lm -o postgres
libpq/auth.o: In function `pg_GSS_error':
auth.c:(.text+0x6e): undefined reference to `gss_display_status'
auth.c:(.text+0x8e): undefined reference to `gss_release_buffer'
auth.c:(.text+0xc5): undefined reference to `gss_display_status'
auth.c:(.text+0xe5): undefined reference to `gss_release_buffer'
libpq/auth.o: In function `ClientAuthentication':
auth.c:(.text+0x82d): undefined reference to `gss_delete_sec_context'
auth.c:(.text+0x941): undefined reference to `gss_accept_sec_context'
auth.c:(.text+0x9f1): undefined reference to `gss_release_buffer'
auth.c:(.text+0xaf3): undefined reference to `gss_release_cred'
auth.c:(.text+0xb10): undefined reference to `gss_display_name'
auth.c:(.text+0xbc8): undefined reference to `gss_release_buffer'
auth.c:(.text+0x10b0): undefined reference to `gss_release_buffer'
auth.c:(.text+0x111e): undefined reference to `gss_release_buffer'
libpq/pqcomm.o: In function `pq_close':
pqcomm.c:(.text+0x105a): undefined reference to `gss_delete_sec_context'
pqcomm.c:(.text+0x107d): undefined reference to `gss_release_cred'
gmake: *** [postgres] Error 1
}}}
Also, ports for PostgreSQL 8.4 and 9.0 had their <bsd.port.pre.mk>
misplaced: OPTIONS came after it, so WITH_/WITHOUT_ knobs will not
be really activated.
PR: 160050
Feature safe: yes
Approved by: maintainer timeout (1 month)
This patch is for PostgreSQL 8.2, 8.3, 8.4 and 9.0.
PostgreSQL 9.1 has it already.
PR: ports/158727
Submitted by: sunpoet (myself)
Approved by: girgen (maintainer timeout, 5 weeks)
This update contains a critical fix to the pg_upgrade utility
which prevents significant downtime issues. Do not use
pg_upgrade without installing this update first.
The issue with pg_upgrade and the fix are detailed on the PostgreSQL
wiki: http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix
Users who have already used pg_upgrade should run the database repair
script given on that page on their databases as soon as possible.
See the release notes for each version at
http://www.postgresql.org/docs/current/static/release.html for a full
list of changes with details.
Allow the username of the postgresql user to configurable for 8.4 and 9.0.
Largely inspired by the work of Jason Helfman [153668, 153136].
Change PGUSER knob to PG_USER not to clash with PGUSER environment.
PR: 153668, 153136, 155493, 155137
This update includes a security fix which prevents a buffer overrun in
the contrib module intarray's input function for the query_int type.
This bug is a security risk since the function's return address could
be overwritten by malicious code.
All supported versions of PostgreSQL are impacted. However, the
affected contrib module is optional. Only users who have installed the
intarray module in their database are affected. See the CVE Advisory
at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
This release includes 63 bugfixes, including:
- Avoid unexpected conversion overflow in planner for distant date values
- Fix assignment to an array slice that is before the existing range
of subscripts
- Fix pg_restore to do the right thing when escaping large objects
- Avoid failures when EXPLAIN tries to display a simple-form CASE expression
- Improved build support for Windows version
- Fix bug in contrib/seg's GiST picksplit algorithm which caused
performance degredation
The 9.0.3 update also contains several fixes for issues with features
introduced or changed in version 9.0:
- Ensure all the received WAL is fsync'd to disk before exiting walreceiver
- Improve performance of walreceiver by avoiding excess fsync activity
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
- Fix EvalPlanQual for UPDATE of an inheritance tree when the tables
are not all alike
PR: ports/154436
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
Feature safe: yes
Approved by: portmgr
Also, try to break the previous 1:1 relation between FreeBSD system and
PostgreSQL versions installed. Use different PREFIX:es to install
different versions on the same system.
PR: ports/132402, ports/145002, ports/146657
Remove postgresql-contrib in favour for postgresqlNN-contrib.
This way we will get packages built, which is nice.
Security: CVE-2010-1169
Security: CVE-2010-1170
The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29. This release
fixes moderate-risk security issues with PL/perl and PL/tcl, as well as
a data corruption issue with standby databases. Users of any of these
three features should update their PostgreSQL installations immediately.
The PL/perl security fix closes a security hole in PL/perl
procedures which could allow privilege escalation on the host system,
caused by a flaw in Safe.pm; see CVE-2010-1169 and CVE-2010-1447 for
details. A second patch prevents PL/tcl's pltcl_modules table from
being subverted in order to run arbitrary Tcl scripts; see
CVE-2010-1170. These issues only affect users who have enabled either
of these two stored procedure languages.
Also corrected is use of the command ALTER TABLE SET TABLESPACE, which
previously could cause data corruption on Warm Standby database slaves.
This issue affects only version 8.4.
There are also 21 other bug fixes in this release, some of which apply
only to version 8.4, and a few of which are specifically for Windows.
While these are generally fixes for minor issues, among the changes are:
* Fix for a combinational crash condition
* Prevent normal users from resetting some GUCs in
their own role definitions
* Correctly apply constraint exclusion in UPDATE and DELETE queries
* Minor fixes for WAL archiving
* Update timezone data for 12 zones
See the release notes for a full list of changes with details.
Releasenotes at http://www.postgresql.org/docs/current/static/release.html
- Set INTDATE on as default (this is default by PostgreSQL)
PR: ports/139277
Submitted by: Olli Hauer <ohauer@gmx.de>
Approved by: maintainer timeout (2 months)
propogated by copy and paste.
1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).
No PORTREVISION bumps because all of these changes are noops.
