supported versions of our database system, including 9.6.4, 9.5.8,
9.4.13, 9.3.18, and 9.2.22. This release fixes three security issues.
It also patches over 50 other bugs reported over the last three months.
Users who are affected by the below security issues should update as
soon as possible. Users affected by CVE-2017-7547
(https://access.redhat.com/security/cve/CVE-2017-7547) will need to
perform additional steps after upgrading to resolve the issue. Other
users should plan to update at the next convenient downtime.
URL: https://www.postgresql.org/about/news/1772/
Security: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.
URL: https://www.postgresql.org/about/news/1746/
Security: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and
9.2.20. This release includes fixes that prevent data corruption issues in
index builds and in certain write-ahead-log replay situations, which are
detailed below. It also patches over 75 other bugs reported over the last three
months.
Users should plan to apply this update at the next scheduled downtime.
Build corruption with CREATE INDEX CONCURRENTLY
There existed a race condition if CREATE INDEX CONCURRENTLY was called on a
column that had not been indexed before, then rows that were updated by
transactions running at the same time as the CREATE INDEX CONCURRENTLY command
could have been indexed incorrectly.
If you suspect this may have happened, the most reliable solution is to rebuild
affected indexes after installing this update.
This issue is present in the 9.2, 9.3, 9.4, 9.5, and 9.6 series of PostgreSQL.
URL https://www.postgresql.org/about/news/1733/
- Add PYTHON_PYOEXTENSION and PYTHON_SUFFIX
- Add PYTHON2 and PYTHON3
- Respect PYTHON_VERSION
- Rename PYOEXTENSION to PYTHON_PYOEXTENSION
This change would help:
- Build databases/postgresql*-plpython with Python 3
(It has PLIST issue since bsd.python.mk to Uses/python.mk transition)
- Simplify Makefile
PR: 205807
Differential Revision: https://reviews.FreeBSD.org/D4758
Exp-run by: antoine
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15,
9.2.19, and 9.1.24.
This release fixes two issues that can cause data corruption, which are
described in more detail below. It also patches a number of other bugs reported
over the last three months. The project urges users to apply this update at the
next possible downtime.
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and
9.1.23. This release fixes two security issues. It also patches a number of
other bugs reported over the last three months. Users who rely on security
isolation between database users should update as soon as possible. Other users
should plan to update at the next convenient downtime.
If you are using the ICU patch, please consult UPDATING.
Improve periodic cleanup, suggested by claudius (at) ambtec.de. [1]
PR: 210941 [1]
Security: CVE-2016-5423, CVE-2016-5424
Security Fixes for RLS, BRIN
----------------------------
This release closes security hole CVE-2016-2193
(https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan
might get reused for more than one ROLE in the same session. This could cause
the wrong set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065
(https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug
triggered by using `pageinspect` with BRIN index pages. Since an attacker
might be able to expose a few bytes of server memory, this crash is being
treated as a security issue.
Abbreviated Keys and Corrupt Indexes
------------------------------------
In this release, the PostgreSQL Project has been forced to disable 9.5's
Abbreviated Keys performance feature for many indexes due to reports of index
corruption. This may affect any B-tree indexes on TEXT, VARCHAR, and CHAR
columns which are not in "C" locale. Indexes in other locales will lose the
performance benefits of the feature, and should be REINDEXed in case of
existing index corruption. The feature may be re-enabled in future versions if
the project finds a solution for the problem. See the release notes, and the
wiki page on this issue for more information:
http://wiki.postgresql.org/abbreviatedkeys_issue
URL: http://www.postgresql.org/about/news/1656/
URL: http://wiki.postgresql.org/abbreviatedkeys_issue
Security: CVE-2016-2193
Security: CVE-2016-3065
Security Fixes for Regular Expressions, PL/Java
This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.
The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser
URL: http://www.postgresql.org/about/news/1644/
Security: CVE-2016-0773, CVE-2016-0766
pg_upgrade. Other where added in 9.5, but the port failed to install them.
Make sure they are properly installed by the correct port (-client or -server) [1]
Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]
Add options to allow user to be set for the backup script in periodic.
Add this option only to 9.5 for now. It will be updated to other servers at
next regular patch release. [3]
The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.
Noticed by: Paul Guyot [1]
PR: 192387 [2]
PR: 172110 [3]
PR: 206046 [4]
