freebsd-ports

mirror of https://git.FreeBSD.org/ports.git synced 2025-01-12 07:27:57 +00:00

History

Palle Girgensohn 2ffb94e078 iThe PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 11.5, 10.10, 9.6.15, 9.5.19, and 9.4.24, as well as the third beta of PostgreSQL 12. This release fixes two security issues in the PostgreSQL server, two security issues found in one of the PostgreSQL Windows installers, and over 40 bugs reported since the previous release. Users should install these updates as soon as possible. A Note on the PostgreSQL 12 Beta ================================ In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 12 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise you to run PostgreSQL 12 Beta 3 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release. Your testing and feedback will help the community ensure that the PostgreSQL 12 release upholds our standards of providing a stable, reliable release of the world's most advanced open source relational database. Security Issues =============== Two security vulnerabilities have been closed by this release: * CVE-2019-10208: `TYPE` in `pg_temp` executes arbitrary SQL during `SECURITY DEFINER` execution Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length('foo'::varchar)` and `length('foo')` are inexact, while `length('foo'::text)` is exact. As part of exploiting this vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a `pg_temp` schema. The attack pattern and fix are similar to that for CVE-2007-2138. Writing `SECURITY DEFINER` functions continues to require following the considerations noted in the documentation: https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY The PostgreSQL project thanks Tom Lane for reporting this problem. * CVE-2019-10209: Memory disclosure in cross-type comparison for hashed subplan Versions Affected: 11 In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples. The PostgreSQL project thanks Andreas Seltenreich for reporting this problem.		2019-08-08 15:33:02 +00:00
..
7z.mk
ada.mk
alias.mk
apache.mk	Rename variable so it does not clash with sanity checks.	2018-09-10 13:41:13 +00:00
autoreconf.mk	Improve autoreconf documentation. Clarify that autopoint and libtoolize	2019-01-14 17:01:23 +00:00
azurepy.mk	Cosmetic change to match its namespace	2019-03-02 18:01:21 +00:00
bdb.mk	Mk/Uses/bdb.mk: Make debug-bdb output {BUILD,LIB}_DEPENDS again	2019-04-18 05:34:33 +00:00
bison.mk
blaslapack.mk
cabal.mk	devel/hs-git-annex: Fix git-annex-shell and git-remote-tor-annex executables.	2019-07-31 18:18:33 +00:00
cargo.mk	Mk/Uses/cargo.mk: Add support for CARGO_USE_GITLAB/GL_TUPLE to cargo-crates	2019-08-06 08:12:39 +00:00
charsetfix.mk
cmake.mk	Change cmake default behaviour to outsource.	2018-12-25 20:25:39 +00:00
compiler.mk	All supported versions of FreeBSD that install clang have version 6.0.0 or	2018-12-23 12:01:32 +00:00
corosync.mk
cpe.mk
cran.mk	cran.mk: Don't include math/R/compiler.mk; it was removed in r500605	2019-05-01 19:43:18 +00:00
desktop-file-utils.mk
desthack.mk
display.mk
dos2unix.mk	Be more strict and let USES=dos2unix accept no arguments	2018-09-14 18:27:20 +00:00
drupal.mk
eigen.mk
elixir.mk
emacs.mk	editors/emacs: Update to version 26.2	2019-04-17 14:36:02 +00:00
erlang.mk
fakeroot.mk
fam.mk
firebird.mk
fonts.mk	x11-fonts/mkfontscale: Update to 1.2.0	2019-03-11 21:25:57 +00:00
fortran.mk	devel/flang doesn't provide a flang binary, but it provides a flang package	2019-04-04 06:54:58 +00:00
fpc.mk
fuse.mk
gem.mk	Update devel/ruby-gems to 3.0.2	2019-02-22 19:56:03 +00:00
gettext-runtime.mk
gettext-tools.mk
gettext.mk
ghostscript.mk
gl.mk	Sort alphabetically	2018-09-11 18:52:07 +00:00
gmake.mk
gnome.mk	Remove esound support from the ports tree, as audio/esound expired.	2019-05-08 12:54:13 +00:00
gnustep.mk	Move Objective-C ports to the v2 GNUstep ABI.	2019-02-03 15:37:58 +00:00
go.mk	Mk/Uses/go.mk: Drop PLIST_SUB for GO_PKGNAME	2019-08-01 06:25:44 +00:00
gperf.mk
grantlee.mk	grantlee.mk: drop support for removed devel/grantlee	2019-03-17 07:26:58 +00:00
groff.mk
gssapi.mk	Remove compatibility code for FreeBSD < 11.2 from all ports.	2018-11-02 13:32:34 +00:00
horde.mk	- Update WWW	2018-12-21 16:26:58 +00:00
iconv.mk
imake.mk
jpeg.mk
kde.mk	KDE Plasma Desktop: update to 5.16.4	2019-07-31 17:07:14 +00:00
kmod.mk
lazarus.mk	editors/lazarus: remove qt4 flavor (Qt4 deprecation)	2019-03-16 22:48:31 +00:00
lha.mk
libarchive.mk
libedit.mk
libtool.mk
linux.mk	On amd64 adding DEFAULT_VERSIONS+=linux=c6 to /etc/make.conf made Linux	2019-07-10 14:40:02 +00:00
localbase.mk
lua.mk
lxqt.mk	Upgrade the LXQt desktop environment to 0.14.0	2019-03-28 17:59:33 +00:00
makeinfo.mk
makeself.mk
mate.mk
meson.mk	Clarify MESON_BUILD_DIR comment	2019-02-26 09:36:29 +00:00
metaport.mk
mono.mk	USES=mono: improve makenupkg	2018-09-12 14:53:21 +00:00
motif.mk
mysql.mk	Update default MySQL version to 5.7.	2019-07-01 07:43:32 +00:00
ncurses.mk
ninja.mk
objc.mk	Move Objective-C ports to the v2 GNUstep ABI.	2019-02-03 15:37:58 +00:00
openal.mk	Mk/Uses/openal.mk: Drop support for the OpenAL Sample Implementation	2019-04-30 16:24:55 +00:00
pathfix.mk
pear.mk	Fix typo	2018-11-10 07:58:52 +00:00
perl5.mk	Welcome Perl 5.30 (now at 5.30.0-RC1)	2019-05-13 07:36:38 +00:00
pgsql.mk	iThe PostgreSQL Global Development Group has released an update to all	2019-08-08 15:33:02 +00:00
php.mk	Update MASTER_SITES	2019-06-26 17:27:21 +00:00
pkgconfig.mk
pure.mk	Return nemysis@'s ports to the pool after 19 months of inactivity.	2018-09-03 12:42:20 +00:00
pyqt.mk	Update pyqt to 5.12.2 (with it sip to 4.19.17)	2019-05-15 20:25:59 +00:00
python.mk	Update PY_TYPING	2019-08-04 16:11:10 +00:00
qmail.mk
qmake.mk	Clean up final leftovers from Qt4.	2019-06-26 11:52:23 +00:00
qt-dist.mk	qt5: fix build on gcc architectures	2019-05-25 20:02:55 +00:00
qt.mk	Clean up final leftovers from Qt4.	2019-06-26 11:52:23 +00:00
readline.mk	Update devel/readline to 8.0	2019-04-09 14:04:49 +00:00
samba.mk	Add Samba 4.10 as a possible value for the DEFAULT_VERSIONS. 4.8 is still the default.	2019-07-06 20:50:34 +00:00
scons.mk
sdl.mk	Convert bsd.sdl.mk to Uses/sdl.mk	2019-02-11 15:21:25 +00:00
shared-mime-info.mk
shebangfix.mk
sqlite.mk
ssl.mk	Move the BROKEN_SSL/IGNORE_SSL at a place where a value of base actually	2018-12-14 09:34:59 +00:00
tar.mk	Add `.tar.lz' suffix support to our framework since BSD tar(1) natively	2019-06-12 09:45:25 +00:00
tcl.mk	IGNORE USES=t(cl\|k):85+ and DEPRECATE USES=t(cl\|k):85	2019-06-12 16:22:05 +00:00
terminfo.mk
tk.mk
uidfix.mk
uniquefiles.mk
varnish.mk	Varnish 5 was EOL and expired	2019-01-14 18:09:46 +00:00
waf.mk
webplugin.mk
xfce.mk	- Simplify XFCE MASTER_SITES usage	2019-06-19 16:14:27 +00:00
zip.mk
zope.mk