defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.
PR: 231590
Global Development Group has released an update to all supported versions of
our database system, including 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25.
This release fixes one security issue as well as bugs reported over the last
three months.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required if you are using pg_stat_statements in your installation.
This update is also the final release for PostgreSQL 9.3, which is now
end-of-life and will no longer receive any bug or security fixes. If your
environment still uses PostgreSQL 9.3, please make plans to update to a
community supported version as soon as possible. Please see our versioning
policy for more information.
Releasenotes: https://www.postgresql.org/about/news/1905/
Security: 1c27a706-e3aa-11e8-b77a-6cc21735f730
Security: CVE-2018-16850
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24. This release fixes two security issues as well as bugs reported over
the last three months.
If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.
The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.
This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.
Releasenotes: https://www.postgresql.org/about/news/1878/
PR: 229523, 198588
Security: 96eab874-9c79-11e8-b34b-6cc21735f730
Security: CVE-2018-10915, CVE-2018-10925
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23.
This release fixes one security issue as well as several bugs reported over the
last three months. Users should plan to update at the next convenient downtime.
Please see the "Updating" section for post-installation steps for the security
fix and the "incorrect volatility and parallel-safety markings" fix.
Releasenotes: https://www.postgresql.org/about/news/1851/
Security: CVE-2018-1115 Too-permissive access control list on function pg_logfile_rotate()
FreeBSD's port of PostgreSQL uses syslog by default, so the above security
problem is only a problem if you changed the logging configuration. Please
visit the releasenotes linked above and take the actions needed.
The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.
The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.
We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.
After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.
Security: CVE-2018-1058
2018-02-08 Security Update Release
==================================
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.2, 9.6.7, 9.5.11, 9.4.16, 9.3.21.
This release fixes two security issues. This release also fixes issues with
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as
well as fixes for using parallel queries and logical replication.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.2 from 10.0 or 10.1 is considered a
minor update.
Security Issues
---------------
Two security vulnerabilities have been fixed by this release:
* CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable
Local fixes to the FreeBSD ports
--------------------------------
Inform users about data checksums [1].
Make sure /usr/bin/su is used regardless of PATH settings [2].
Enable DTRACE by default [3].
PR: 214671 [1], 223157 [2], 215028 [3]
Security: c602c791-0cf4-11e8-a2ec-6cc21735f730
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20,
and 9.2.24. This release fixes three security issues. This release also fixes
issues found in BRIN indexing, logical replication and other bugs reported over
the past three months.
Please note that the CVE-2017-12172 does not affect the FreeBSD port unless you
decided to not use the contrib/startscript instead of the startscript
distributed with the FreeBSD port/package.
Security: CVE-2017-12172, CVE-2017-15099, CVE-2017-15098
URL: https://www.postgresql.org/about/news/1801/
This has caused some binaries to change names. Fix the port so they will be
installed again with their new names.
Noticed by: VoidChicken@gmail.com
PR: 222864
Some highlights:
Logical Replication - A publish/subscribe framework for distributing data
Declarative Table Partitioning - Convenience in dividing your data
Improved Query Parallelism - Quickly conquer your analysis
Quorum Commit for Synchronous Replication - Distribute data with confidence
SCRAM-SHA-256 authentication - Secure your data access
URL: https://www.postgresql.org/about/news/1786/
PostgreSQL 10 RC 1 requires an upgrade from beta 4, or earlier either
using pg_dump / pg_restore or pg_upgrade.
Any bug fixes applied to 9.6 or earlier that also affected 10 are
included in RC 1, as well issues that were reported with Beta 4.
Changes Since Beta 4
PostgreSQL 10 RC 1 contains fixes for issues discovered by users when
testing Beta 4, including:
* Add psql variables showing server version and psql version.
* Several fixes for partitioning
* Several fixes for logical replication
* Several fixes for transition tables
* Fix for query that could end up in an uninterruptible state
Note that some known issues remain unfixed. Before reporting a bug in
the release candidate, please check the Open Items page.
URL: https://wiki.postgresql.org/wiki/New_in_postgres_10
URL: https://www.postgresql.org/docs/devel/static/release-10.html
The PostgreSQL Global Development Group announces today that the
third beta release of PostgreSQL 10 is available for download. This
release contains previews of all of the features which will be
available in the final release of version 10, including fixes to many
of the issues found in the second beta. Users are encouraged to begin
testing their applications against 10 beta3.
URL: https://www.postgresql.org/about/news/1771/
