MFH: r501149
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22. This release fixes two security issues in the PostgreSQL server, a security issue found in two of the PostgreSQL Windows installers, and over 60 bugs reported over the last three months. Security: CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. Security: CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL project thanks Dean Rasheed for reporting this problem. Also fix a FreeBSD port problem with LLVM [1] and add promote command to `service postgresql` [2] PR: 236100, 234879 Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2] Approved by: ports-secteam (joneum)
This commit is contained in:
Palle Girgensohn
parent
0e3aafd92f
commit
19c1a45e18
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2019Q2/; revision=501551
@ -1,8 +1,10 @@
|
||||
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
DISTVERSION?= 10.7
|
||||
PORTREVISION= 2
|
||||
DISTVERSION?= 10.8
|
||||
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
|
||||
# not their own. Probably best to keep it at ?=0 when reset here too.
|
||||
PORTREVISION?= 0
|
||||
PKGNAMESUFFIX?= ${DISTVERSION:R:S/.//}${COMPONENT}
|
||||
|
||||
MAINTAINER?= pgsql@FreeBSD.org
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1550095318
|
||||
SHA256 (postgresql/postgresql-10.7.tar.bz2) = bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede
|
||||
SIZE (postgresql/postgresql-10.7.tar.bz2) = 18940030
|
||||
TIMESTAMP = 1557217826
|
||||
SHA256 (postgresql/postgresql-10.8.tar.bz2) = b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d
|
||||
SIZE (postgresql/postgresql-10.8.tar.bz2) = 18958913
|
||||
|
||||
@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
|
||||
restart_cmd="postgresql_command restart"
|
||||
reload_cmd="postgresql_command reload"
|
||||
status_cmd="postgresql_command status"
|
||||
promote_cmd="postgresql_command promote"
|
||||
|
||||
initdb_cmd="postgresql_initdb"
|
||||
|
||||
|
||||
@ -95,6 +95,7 @@ lib/libpgcommon.a
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_rewind-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_upgrade-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/plpgsql-10.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/postgres-10.mo
|
||||
|
||||
@ -2,10 +2,10 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME?= postgresql
|
||||
DISTVERSION?= 11.2
|
||||
# PORTREVISION must be ?= otherwise, all other port get this PORTREVISION and
|
||||
DISTVERSION?= 11.3
|
||||
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
|
||||
# not their own. Probably best to keep it at ?=0 when reset here too.
|
||||
PORTREVISION?= 1
|
||||
PORTREVISION?= 0
|
||||
CATEGORIES?= databases
|
||||
MASTER_SITES= PGSQL/source/v${DISTVERSION}
|
||||
PKGNAMESUFFIX?= ${PORTVERSION:R}${COMPONENT}
|
||||
@ -175,12 +175,13 @@ USES+= compiler:gcc-c++11-lib
|
||||
|
||||
.if ${DISTVERSION:C/([0-9]*).*/\1/} >= 11
|
||||
. if defined(SERVER_ONLY) && ${PORT_OPTIONS:MLLVM}
|
||||
LLVM_VERSION= 60
|
||||
BUILD_DEPENDS+= llvm-config${LLVM_VERSION}:devel/llvm${LLVM_VERSION}
|
||||
RUN_DEPENDS+= llvm-config${LLVM_VERSION}:devel/llvm${LLVM_VERSION}
|
||||
CONFIGURE_ENV+= LLVM_CONFIG=${LOCALBASE}/bin/llvm-config60 CLANG=${LOCALBASE}/bin/clang60
|
||||
BUILD_DEPENDS+= llvm${LLVM_DEFAULT}>0:devel/llvm${LLVM_DEFAULT}
|
||||
BUILD_DEPENDS+= llvm-config${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
|
||||
RUN_DEPENDS+= llvm-config${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
|
||||
CONFIGURE_ENV+= LLVM_CONFIG=${LOCALBASE}/bin/llvm-config${LLVM_DEFAULT}
|
||||
CONFIGURE_ARGS+= --with-llvm
|
||||
PLIST_SUB+= LLVM=""
|
||||
INSTALL_DIRS+= src/backend/jit/llvm
|
||||
. else
|
||||
PLIST_SUB+= LLVM="@comment "
|
||||
CONFIGURE_ARGS+= --without-llvm
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1550095269
|
||||
SHA256 (postgresql/postgresql-11.2.tar.bz2) = 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405
|
||||
SIZE (postgresql/postgresql-11.2.tar.bz2) = 19714229
|
||||
TIMESTAMP = 1557217836
|
||||
SHA256 (postgresql/postgresql-11.3.tar.bz2) = 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d
|
||||
SIZE (postgresql/postgresql-11.3.tar.bz2) = 19718775
|
||||
|
||||
@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
|
||||
restart_cmd="postgresql_command restart"
|
||||
reload_cmd="postgresql_command reload"
|
||||
status_cmd="postgresql_command status"
|
||||
promote_cmd="postgresql_command promote"
|
||||
|
||||
initdb_cmd="postgresql_initdb"
|
||||
|
||||
|
||||
@ -45,6 +45,8 @@ lib/postgresql/utf8_and_sjis.so
|
||||
lib/postgresql/utf8_and_sjis2004.so
|
||||
lib/postgresql/utf8_and_uhc.so
|
||||
lib/postgresql/utf8_and_win.so
|
||||
%%LLVM%%lib/postgresql/llvmjit.so
|
||||
%%LLVM%%lib/postgresql/llvmjit_types.bc
|
||||
%%LLVM%%lib/postgresql/bitcode/postgres.index.bc
|
||||
%%LLVM%%lib/postgresql/bitcode/postgres/access/brin/brin.bc
|
||||
%%LLVM%%lib/postgresql/bitcode/postgres/access/brin/brin_inclusion.bc
|
||||
@ -750,6 +752,7 @@ lib/libpgcommon.a
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-11.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-11.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-11.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pg_upgrade-11.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/plpgsql-11.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/postgres-11.mo
|
||||
%%NLS%%share/locale/fr/LC_MESSAGES/initdb-11.mo
|
||||
@ -865,9 +868,15 @@ lib/libpgcommon.a
|
||||
%%NLS%%share/locale/vi/LC_MESSAGES/pg_waldump-11.mo
|
||||
%%NLS%%share/locale/vi/LC_MESSAGES/plpgsql-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_archivecleanup-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_basebackup-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_ctl-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_resetwal-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_rewind-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_test_fsync-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_test_timing-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_upgrade-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/plpgsql-11.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/postgres-11.mo
|
||||
%%DATADIR%%/snowball_create.sql
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
DISTVERSION?= 9.4.21
|
||||
DISTVERSION?= 9.4.22
|
||||
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
|
||||
# not their own. Probably best to keep it at ?=0 when reset here too.
|
||||
PORTREVISION= 0
|
||||
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
TIMESTAMP = 1550095339
|
||||
SHA256 (postgresql/postgresql-9.4.21.tar.bz2) = 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006
|
||||
SIZE (postgresql/postgresql-9.4.21.tar.bz2) = 16871522
|
||||
TIMESTAMP = 1557217847
|
||||
SHA256 (postgresql/postgresql-9.4.22.tar.bz2) = d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b
|
||||
SIZE (postgresql/postgresql-9.4.22.tar.bz2) = 16848787
|
||||
SHA256 (postgresql/pg-949-icu-2016-10-02.diff.gz) = 34612e685a79874db04bc6b66c700bfc6412042840c532eef0da7832d1f70d43
|
||||
SIZE (postgresql/pg-949-icu-2016-10-02.diff.gz) = 5289
|
||||
|
||||
@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
|
||||
restart_cmd="postgresql_command restart"
|
||||
reload_cmd="postgresql_command reload"
|
||||
status_cmd="postgresql_command status"
|
||||
promote_cmd="postgresql_command promote"
|
||||
|
||||
initdb_cmd="postgresql_initdb"
|
||||
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
DISTVERSION?= 9.5.16
|
||||
DISTVERSION?= 9.5.17
|
||||
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
|
||||
# not their own. Probably best to keep it at ?=0 when reset here too.
|
||||
PORTREVISION= 0
|
||||
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
TIMESTAMP = 1550095350
|
||||
SHA256 (postgresql/postgresql-9.5.16.tar.bz2) = a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131
|
||||
SIZE (postgresql/postgresql-9.5.16.tar.bz2) = 17506874
|
||||
TIMESTAMP = 1557217857
|
||||
SHA256 (postgresql/postgresql-9.5.17.tar.bz2) = 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705
|
||||
SIZE (postgresql/postgresql-9.5.17.tar.bz2) = 17563469
|
||||
SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365
|
||||
SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952
|
||||
|
||||
@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
|
||||
restart_cmd="postgresql_command restart"
|
||||
reload_cmd="postgresql_command reload"
|
||||
status_cmd="postgresql_command status"
|
||||
promote_cmd="postgresql_command promote"
|
||||
|
||||
initdb_cmd="postgresql_initdb"
|
||||
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
# Created by: Marc G. Fournier <scrappy@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
DISTVERSION?= 9.6.12
|
||||
PORTREVISION= 1
|
||||
DISTVERSION?= 9.6.13
|
||||
# PORTREVISION must be ?= otherwise, all slave ports get this PORTREVISION and
|
||||
# not their own. Probably best to keep it at ?=0 when reset here too.
|
||||
PORTREVISION?= 0
|
||||
PKGNAMESUFFIX?= ${PORTVERSION:R:S/.//}${COMPONENT}
|
||||
|
||||
MAINTAINER?= pgsql@FreeBSD.org
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
TIMESTAMP = 1550094963
|
||||
SHA256 (postgresql/postgresql-9.6.12.tar.bz2) = 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84
|
||||
SIZE (postgresql/postgresql-9.6.12.tar.bz2) = 18759442
|
||||
TIMESTAMP = 1557217617
|
||||
SHA256 (postgresql/postgresql-9.6.13.tar.bz2) = ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4
|
||||
SIZE (postgresql/postgresql-9.6.13.tar.bz2) = 18767279
|
||||
SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e
|
||||
SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998
|
||||
|
||||
@ -47,6 +47,7 @@ stop_cmd="postgresql_command stop"
|
||||
restart_cmd="postgresql_command restart"
|
||||
reload_cmd="postgresql_command reload"
|
||||
status_cmd="postgresql_command status"
|
||||
promote_cmd="postgresql_command promote"
|
||||
|
||||
initdb_cmd="postgresql_initdb"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user