Date: Thu, 13 Aug 2020 13:45:03 +0000 (UTC) From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r544810 - in head/databases: postgresql10-server postgresql11-server postgresql12-server postgresql95-server postgresql96-server Message-ID: <202008131345.07DDj3YE084087@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: girgen Date: Thu Aug 13 13:45:02 2020 New Revision: 544810 URL: https://svnweb.freebsd.org/changeset/ports/544810 Log: The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 12.4, 11.9, 10.14, 9.6.19, and 9.5.23. This release closes two security vulnerabilities and fixes over 50 bugs reported over the last three months. Please plan to update at your earliest convenience. Security Issues --------------- * CVE-2020-14349: Uncontrolled search path element in logical replication. Versions Affected: 10 - 12. The PostgreSQL `search_path` setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize `search_path`, but logical replication continued to leave `search_path` unchanged. Users of a replication publisher or subscriber database can create objects in the `public` schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented secure schema usage pattern are not vulnerable. The PostgreSQL project thanks Noah Misch for reporting this problem. * CVE-2020-14350: Uncontrolled search path element in `CREATE EXTENSION`. Versions Affected: 9.5 - 12. The security team typically does not test unsupported versions, but this problem is quite old. When a superuser runs certain `CREATE EXTENSION` statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema of a prerequisite extension. Not all extensions are vulnerable. In addition to correcting the extensions provided with PostgreSQL, the PostgreSQL Global Development Group is issuing guidance for third-party extension authors to secure their own work. The PostgreSQL project thanks Andres Freund for reporting this problem. Security: CVE-2020-14349, CVE-2020-14350 Modified: head/databases/postgresql10-server/Makefile head/databases/postgresql10-server/distinfo head/databases/postgresql10-server/pkg-plist-client head/databases/postgresql11-server/Makefile head/databases/postgresql11-server/distinfo head/databases/postgresql11-server/pkg-plist-client head/databases/postgresql12-server/Makefile head/databases/postgresql12-server/distinfo head/databases/postgresql12-server/pkg-plist-client head/databases/postgresql12-server/pkg-plist-server head/databases/postgresql95-server/Makefile head/databases/postgresql95-server/distinfo head/databases/postgresql96-server/Makefile head/databases/postgresql96-server/distinfo Modified: head/databases/postgresql10-server/Makefile ============================================================================== --- head/databases/postgresql10-server/Makefile Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql10-server/Makefile Thu Aug 13 13:45:02 2020 (r544810) @@ -1,10 +1,10 @@ # Created by: Marc G. Fournier <scrappy@FreeBSD.org> # $FreeBSD$ -DISTVERSION?= 10.13 +DISTVERSION?= 10.14 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. -PORTREVISION?= 2 +PORTREVISION?= 0 PKGNAMESUFFIX?= ${DISTVERSION:R:S/.//}${COMPONENT} MAINTAINER?= pgsql@FreeBSD.org Modified: head/databases/postgresql10-server/distinfo ============================================================================== --- head/databases/postgresql10-server/distinfo Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql10-server/distinfo Thu Aug 13 13:45:02 2020 (r544810) @@ -1,3 +1,3 @@ -TIMESTAMP = 1589614618 -SHA256 (postgresql/postgresql-10.13.tar.bz2) = 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 -SIZE (postgresql/postgresql-10.13.tar.bz2) = 19028339 +TIMESTAMP = 1597309874 +SHA256 (postgresql/postgresql-10.14.tar.bz2) = 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b +SIZE (postgresql/postgresql-10.14.tar.bz2) = 19042154 Modified: head/databases/postgresql10-server/pkg-plist-client ============================================================================== --- head/databases/postgresql10-server/pkg-plist-client Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql10-server/pkg-plist-client Thu Aug 13 13:45:02 2020 (r544810) @@ -237,6 +237,7 @@ include/postgresql/server/commands/variable.h include/postgresql/server/commands/view.h include/postgresql/server/common/base64.h include/postgresql/server/common/config_info.h +include/postgresql/server/common/connect.h include/postgresql/server/common/controldata_utils.h include/postgresql/server/common/fe_memutils.h include/postgresql/server/common/file_utils.h Modified: head/databases/postgresql11-server/Makefile ============================================================================== --- head/databases/postgresql11-server/Makefile Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql11-server/Makefile Thu Aug 13 13:45:02 2020 (r544810) @@ -1,10 +1,10 @@ # Created by: Marc G. Fournier <scrappy@FreeBSD.org> # $FreeBSD$ -DISTVERSION?= 11.8 +DISTVERSION?= 11.9 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. -PORTREVISION?= 2 +PORTREVISION?= 0 PKGNAMESUFFIX?= ${DISTVERSION:R:S/.//}${COMPONENT} MAINTAINER?= pgsql@FreeBSD.org Modified: head/databases/postgresql11-server/distinfo ============================================================================== --- head/databases/postgresql11-server/distinfo Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql11-server/distinfo Thu Aug 13 13:45:02 2020 (r544810) @@ -1,3 +1,3 @@ -TIMESTAMP = 1589613918 -SHA256 (postgresql/postgresql-11.8.tar.bz2) = eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 -SIZE (postgresql/postgresql-11.8.tar.bz2) = 19922770 +TIMESTAMP = 1597309874 +SHA256 (postgresql/postgresql-11.9.tar.bz2) = 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635 +SIZE (postgresql/postgresql-11.9.tar.bz2) = 19959019 Modified: head/databases/postgresql11-server/pkg-plist-client ============================================================================== --- head/databases/postgresql11-server/pkg-plist-client Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql11-server/pkg-plist-client Thu Aug 13 13:45:02 2020 (r544810) @@ -294,6 +294,7 @@ include/postgresql/server/commands/variable.h include/postgresql/server/commands/view.h include/postgresql/server/common/base64.h include/postgresql/server/common/config_info.h +include/postgresql/server/common/connect.h include/postgresql/server/common/controldata_utils.h include/postgresql/server/common/fe_memutils.h include/postgresql/server/common/file_perm.h Modified: head/databases/postgresql12-server/Makefile ============================================================================== --- head/databases/postgresql12-server/Makefile Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql12-server/Makefile Thu Aug 13 13:45:02 2020 (r544810) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= postgresql -DISTVERSION?= 12.3 +DISTVERSION?= 12.4 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 Modified: head/databases/postgresql12-server/distinfo ============================================================================== --- head/databases/postgresql12-server/distinfo Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql12-server/distinfo Thu Aug 13 13:45:02 2020 (r544810) @@ -1,3 +1,3 @@ -TIMESTAMP = 1589458709 -SHA256 (postgresql/postgresql-12.3.tar.bz2) = 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 -SIZE (postgresql/postgresql-12.3.tar.bz2) = 20439892 +TIMESTAMP = 1597309874 +SHA256 (postgresql/postgresql-12.4.tar.bz2) = bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc +SIZE (postgresql/postgresql-12.4.tar.bz2) = 20669776 Modified: head/databases/postgresql12-server/pkg-plist-client ============================================================================== --- head/databases/postgresql12-server/pkg-plist-client Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql12-server/pkg-plist-client Thu Aug 13 13:45:02 2020 (r544810) @@ -299,6 +299,7 @@ include/postgresql/server/commands/variable.h include/postgresql/server/commands/view.h include/postgresql/server/common/base64.h include/postgresql/server/common/config_info.h +include/postgresql/server/common/connect.h include/postgresql/server/common/controldata_utils.h include/postgresql/server/common/fe_memutils.h include/postgresql/server/common/file_perm.h Modified: head/databases/postgresql12-server/pkg-plist-server ============================================================================== --- head/databases/postgresql12-server/pkg-plist-server Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql12-server/pkg-plist-server Thu Aug 13 13:45:02 2020 (r544810) @@ -847,6 +847,7 @@ lib/libpgcommon.a %%NLS%%share/locale/sv/LC_MESSAGES/pg_archivecleanup-12.mo %%NLS%%share/locale/sv/LC_MESSAGES/pg_basebackup-12.mo %%NLS%%share/locale/sv/LC_MESSAGES/pg_checksums-12.mo +%%DATADIR%%/snowball_create.sql %%NLS%%share/locale/sv/LC_MESSAGES/pg_controldata-12.mo %%NLS%%share/locale/sv/LC_MESSAGES/pg_ctl-12.mo %%NLS%%share/locale/sv/LC_MESSAGES/pg_resetwal-12.mo @@ -883,6 +884,7 @@ lib/libpgcommon.a %%NLS%%share/locale/uk/LC_MESSAGES/pg_test_timing-12.mo %%NLS%%share/locale/uk/LC_MESSAGES/pg_waldump-12.mo %%NLS%%share/locale/uk/LC_MESSAGES/plpgsql-12.mo +%%NLS%%share/locale/uk/LC_MESSAGES/postgres-12.mo %%NLS%%share/locale/vi/LC_MESSAGES/pg_controldata-12.mo %%NLS%%share/locale/vi/LC_MESSAGES/pg_test_fsync-12.mo %%NLS%%share/locale/vi/LC_MESSAGES/pg_test_timing-12.mo @@ -890,6 +892,7 @@ lib/libpgcommon.a %%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_archivecleanup-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_basebackup-12.mo +%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_checksums-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_ctl-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_resetwal-12.mo @@ -900,7 +903,6 @@ lib/libpgcommon.a %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_waldump-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/plpgsql-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/postgres-12.mo -%%DATADIR%%/snowball_create.sql %%TZDATA%%%%DATADIR%%/timezone/Africa/Abidjan %%TZDATA%%%%DATADIR%%/timezone/Africa/Accra %%TZDATA%%%%DATADIR%%/timezone/Africa/Addis_Ababa Modified: head/databases/postgresql95-server/Makefile ============================================================================== --- head/databases/postgresql95-server/Makefile Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql95-server/Makefile Thu Aug 13 13:45:02 2020 (r544810) @@ -1,7 +1,7 @@ # Created by: Marc G. Fournier <scrappy@FreeBSD.org> # $FreeBSD$ -DISTVERSION?= 9.5.22 +DISTVERSION?= 9.5.23 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 Modified: head/databases/postgresql95-server/distinfo ============================================================================== --- head/databases/postgresql95-server/distinfo Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql95-server/distinfo Thu Aug 13 13:45:02 2020 (r544810) @@ -1,5 +1,5 @@ -TIMESTAMP = 1589613852 -SHA256 (postgresql/postgresql-9.5.22.tar.bz2) = 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f -SIZE (postgresql/postgresql-9.5.22.tar.bz2) = 17667386 +TIMESTAMP = 1597309874 +SHA256 (postgresql/postgresql-9.5.23.tar.bz2) = e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366 +SIZE (postgresql/postgresql-9.5.23.tar.bz2) = 17682366 SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365 SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952 Modified: head/databases/postgresql96-server/Makefile ============================================================================== --- head/databases/postgresql96-server/Makefile Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql96-server/Makefile Thu Aug 13 13:45:02 2020 (r544810) @@ -1,7 +1,7 @@ # Created by: Marc G. Fournier <scrappy@FreeBSD.org> # $FreeBSD$ -DISTVERSION?= 9.6.18 +DISTVERSION?= 9.6.19 # PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and # not their own. Probably best to keep it at ?=0 when reset here too. PORTREVISION?= 0 Modified: head/databases/postgresql96-server/distinfo ============================================================================== --- head/databases/postgresql96-server/distinfo Thu Aug 13 12:45:24 2020 (r544809) +++ head/databases/postgresql96-server/distinfo Thu Aug 13 13:45:02 2020 (r544810) @@ -1,5 +1,5 @@ -TIMESTAMP = 1589458681 -SHA256 (postgresql/postgresql-9.6.18.tar.bz2) = 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 -SIZE (postgresql/postgresql-9.6.18.tar.bz2) = 18836490 +TIMESTAMP = 1597309874 +SHA256 (postgresql/postgresql-9.6.19.tar.bz2) = 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 +SIZE (postgresql/postgresql-9.6.19.tar.bz2) = 18880036 SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008131345.07DDj3YE084087>