head	1.18;
access;
symbols
	pkgsrc-2026Q1:1.17.0.2
	pkgsrc-2026Q1-base:1.17
	pkgsrc-2025Q4:1.14.0.2
	pkgsrc-2025Q4-base:1.14
	pkgsrc-2025Q3:1.13.0.2
	pkgsrc-2025Q3-base:1.13
	pkgsrc-2025Q2:1.12.0.2
	pkgsrc-2025Q2-base:1.12
	pkgsrc-2025Q1:1.6.0.2
	pkgsrc-2025Q1-base:1.6
	pkgsrc-2024Q4:1.3.0.2
	pkgsrc-2024Q4-base:1.3;
locks; strict;
comment	@# @;


1.18
date	2026.05.15.08.34.12;	author adam;	state Exp;
branches;
next	1.17;
commitid	LIa9vpbdxWRj4TFG;

1.17
date	2026.02.26.17.18.53;	author adam;	state Exp;
branches;
next	1.16;
commitid	UQWaj4CctL2MtUvG;

1.16
date	2026.02.13.10.52.24;	author adam;	state Exp;
branches;
next	1.15;
commitid	w0TCHUvGOLf6LcuG;

1.15
date	2026.01.01.12.22.36;	author rillig;	state Exp;
branches;
next	1.14;
commitid	j67lUdSOyUtTDGoG;

1.14
date	2025.11.15.06.39.26;	author adam;	state Exp;
branches;
next	1.13;
commitid	6bSr0VVy6VhDfCiG;

1.13
date	2025.08.15.08.37.42;	author adam;	state Exp;
branches;
next	1.12;
commitid	rrB54QWS4v4yRN6G;

1.12
date	2025.05.23.12.51.41;	author jperkin;	state Exp;
branches;
next	1.11;
commitid	ywlv5gJwcLurX1WF;

1.11
date	2025.05.09.13.46.34;	author adam;	state Exp;
branches;
next	1.10;
commitid	v3jE4Hpi6jkIIeUF;

1.10
date	2025.05.06.12.07.25;	author wiz;	state Exp;
branches;
next	1.9;
commitid	XKZsX38e3wO0hQTF;

1.9
date	2025.04.08.07.28.06;	author adam;	state Exp;
branches;
next	1.8;
commitid	iZUEhdxEr653DdQF;

1.8
date	2025.04.02.12.27.42;	author prlw1;	state Exp;
branches;
next	1.7;
commitid	M68jpBUtoIOpttPF;

1.7
date	2025.03.30.21.10.41;	author wiz;	state Exp;
branches;
next	1.6;
commitid	VYDR1SMauqdts8PF;

1.6
date	2025.02.22.09.08.01;	author nia;	state Exp;
branches;
next	1.5;
commitid	D9diqSBDOL5TCrKF;

1.5
date	2025.02.21.17.29.08;	author adam;	state Exp;
branches;
next	1.4;
commitid	1yBOoAB0O6WJqmKF;

1.4
date	2025.02.16.09.03.16;	author adam;	state Exp;
branches;
next	1.3;
commitid	1y5L8NFatdW8NFJF;

1.3
date	2024.11.25.20.13.26;	author adam;	state Exp;
branches;
next	1.2;
commitid	vo2XULdddDGha4zF;

1.2
date	2024.11.16.10.13.51;	author adam;	state Exp;
branches;
next	1.1;
commitid	yMyTfQxO92xq8RxF;

1.1
date	2024.11.08.13.43.36;	author adam;	state Exp;
branches;
next	;
commitid	5LiFBvjEWBTDyQwF;


desc
@@


1.18
log
@postgresql1*: updated to 18.4, 17.10, 16.14, 15.18, 14.23

PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23

This release fixes 11 security vulnerabilities and over 60 bugs reported over the last several months.

Security Issues

CVE-2026-6472: PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

CVSS v3.1 Base Score: 5.4

Supported, Vulnerable Versions: 14 - 18.

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Jelte Fennema-Nio for reporting this problem.

CVE-2026-6473: PostgreSQL server undersizes allocations, via integer wraparound

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Integer wraparound in multiple PostgreSQL server features allows an application input provider to cause the server to undersize an allocation and write out-of-bounds. This results in a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Anemone, A1ex, Xint Code, Jihe Wang, Jingzhou Fu, Pavel Kohout, Petr Simecek, www.aisle.com, Bruce Dang of Calif.io, and Sven Klemm for reporting this problem.

CVE-2026-6474: PostgreSQL timeofday() can disclose portions of server memory

CVSS v3.1 Base Score: 4.3

Supported, Vulnerable Versions: 14 - 18.

Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Xint Code for reporting this problem.

CVE-2026-6475: PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Valery Gubanov, XlabAI Team of Tencent Xuanwu Lab, Atuin Automated Vulnerability Discovery Engine, Zhanpeng Liu (pkugenuine(at)gmail(dot)com), Guannan Wang (wgnbuaa(at)gmail(dot)com), and Guancheng Li (lgcpku(at)gmail(dot)com) for reporting this problem.

CVE-2026-6476: PostgreSQL pg_createsubscriber allows SQL injection via subscription name

CVSS v3.1 Base Score: 7.2

Supported, Vulnerable Versions: 17 - 18.

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

The PostgreSQL project thanks Yu Kunpeng for reporting this problem.

CVE-2026-6477: PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Yu Kunpeng and Martin Heistermann for reporting this problem.

CVE-2026-6478: PostgreSQL discloses MD5-hashed passwords via covert timing channel

CVSS v3.1 Base Score: 6.5

Supported, Vulnerable Versions: 14 - 18.

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Joe Conway for reporting this problem.

CVE-2026-6479: PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

CVSS v3.1 Base Score: 7.5

Supported, Vulnerable Versions: 14 - 18.

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Calif.io in collaboration with Claude and Anthropic Research for reporting this problem.

CVE-2026-6575: PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

CVSS v3.1 Base Score: 4.3

Supported, Vulnerable Versions: 18.

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

The PostgreSQL project thanks Jeroen Gui for reporting this problem.

CVE-2026-6637: PostgreSQL refint allows stack buffer overflow and SQL injection

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Stack buffer overflow in PostgreSQL module refint allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a refint cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

The PostgreSQL project thanks Nikolay Samokhvalov for reporting this problem.

CVE-2026-6638: PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

CVSS v3.1 Base Score: 3.7

Supported, Vulnerable Versions: 16 - 18.

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.

The PostgreSQL project thanks Pavel Kohout, Aisle Research for reporting this problem.

Bug Fixes and Improvements

This update fixes over 60 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

Fix queries that could return incorrect results when using a nondeterministic collation over a unique index.
Fix loss of deferrability of foreign-key triggers. Previously, a foreign key defined as DEFERRABLE INITIALLY DEFERRED would behave as NOT DEFERRABLE after being set to NOT ENFORCED status and then back to ENFORCED. If you have a foreign key with this problem, after installing this update you can fix it by setting it to NOT ENFORCED and then back to ENFORCED.
Improve the planner's ability to apply partition pruning to more cases.
Fix self-join removal to handle join clauses that are only boolean columns, for example, ON t1.boolcol.
Several fixes around virtual generated columns, including ensuring INSERT ... ON CONFLICT works when EXCLUDED references a virtual generated column.
Report a serialization failure when MERGE encounters a concurrently-updated tuple in "repeatable read" or "serializable" isolation modes.
Fix CREATE TABLE ... LIKE ... INCLUDING STATISTICS for cases where the source table had one or more dropped columns.
Fix WITHOUT OVERLAPS to allow domains.
Disallow making a composite type be a member of itself via a multirange.
Fix sometimes-incorrect results when array_agg(anyarray) executes in parallel.
Prevent bloating during restore of an incremental backup.
Prevent stuck logical replication slot synchronization worker processes from blocking promotion of a standby server.
Make the pg_aios system view pid column show NULL instead of 0 when an entry has no owning process.
Fix cases where pg_stat_replication shows NULL lag even while replication is active.
Correctly display JOIN alias variables that are used in GROUP BY.
If the startup process fails, properly shut down other child processes before exiting the postmaster.
Fix race condition that could cause a standby server following WAL from a primary of an older minor version to get into a crash-and-restart loop.
Prevent indefinite wait in shutdown of a walsender process when logical replication is actively publishing data.
Ensure that free space map changes are persisted during recovery. This could have performance ramifications on a standby server after promotion.
Fix assorted bugs in backup decompression and tar-parsing code used in pg_basebackup and pg_verifybackup.
Ensure pg_dumpall doesn't skip role grants with dangling grantor OIDs, restoring the behavior before PostgreSQL 16. Emits a warning about missing grantor if the source server is PostgreSQL 16 or later.
Fix pg_upgrade to use the correct protocol version when connecting to older source servers.
Fix output in pg_overexplain when using the RANGE_TABLE option.
Fix postgres_fdw crash due to premature cleanup of a failed connection.
@
text
@# $NetBSD: Makefile.common,v 1.17 2026/02/26 17:18:53 adam Exp $
#
# This Makefile fragment is included by all PostgreSQL packages built from
# the main sources of the PostgreSQL distribution except jdbc-postgresql.
#
# The PostgreSQL package naming scheme, aside from the obvious piecewise
# packages, is as follows:
#	<lang>-postgresql	client-side interface to PostgreSQL
#	postgresql-<lang>	server-side module for PostgreSQL backend
#
# used by databases/postgresql17-client/Makefile
# used by databases/postgresql17-contrib/Makefile
# used by databases/postgresql17-docs/Makefile
# used by databases/postgresql17-plperl/Makefile
# used by databases/postgresql17-plpython/Makefile
# used by databases/postgresql17-pltcl/Makefile
# used by databases/postgresql17-server/Makefile

DISTNAME=	postgresql-17.10
CATEGORIES=	databases
MASTER_SITES=	${MASTER_SITE_PGSQL:=source/v${PKGVERSION_NOREV}/}
EXTRACT_SUFX=	.tar.bz2

MAINTAINER?=	adam@@NetBSD.org
HOMEPAGE=	https://www.postgresql.org/
LICENSE=	postgresql-license

CONFLICTS+=	postgresql-[0-9]*
CONFLICTS+=	postgresql1[0-689]-[0-9]*
CONFLICTS+=	postgresql[2-9][0-9]-[0-9]*

.if !empty(PKGNAME:M*-*-*)
module=		${PKGNAME:C/-[0-9].*$//:C/^.*-//}
CONFLICTS+=	postgresql1[0-689]-${module}-[0-9]*
CONFLICTS+=	postgresql[2-9][0-9]-${module}-[0-9]*
.endif

DISTINFO_FILE?=		${.CURDIR}/../../databases/postgresql17/distinfo
PATCHDIR?=		${.CURDIR}/../../databases/postgresql17/patches

USE_PKGLOCALEDIR=	yes
USE_TOOLS+=		bison gmake lex
PKG_SYSCONFSUBDIR=	postgresql

.include "../../mk/bsd.prefs.mk"

PG_TEMPLATE.SunOS=	solaris
PG_TEMPLATE.IRIX=	irix5
PG_TEMPLATE.DragonFly=	freebsd
.if !defined(PG_TEMPLATE.${OPSYS})
PG_TEMPLATE.${OPSYS}=	${LOWER_OPSYS}
.endif

PG_DATA_DIR=		${PREFIX}/share/postgresql
PG_DOC_DIR=		${PREFIX}/share/doc/postgresql
PG_LOCALE_DIR=		${PREFIX}/${PKGLOCALEDIR}/locale
PG_ETC_DIR=		${PKG_SYSCONFDIR}

GNU_CONFIGURE=		yes
GNU_CONFIGURE_ICONV=	no
CONFIGURE_ARGS+=	--sysconfdir=${PG_ETC_DIR}
CONFIGURE_ARGS+=	--datadir=${PG_DATA_DIR}
CONFIGURE_ARGS+=	--docdir=${PG_DOC_DIR}
CONFIGURE_ARGS+=	--localedir=${PG_LOCALE_DIR}
CONFIGURE_ARGS+=	--with-template=${PG_TEMPLATE.${OPSYS}}

CONFIGURE_ARGS+=	--with-libxml
CONFIGURE_ARGS+=	--with-readline
CONFIGURE_ARGS+=	--without-perl
CONFIGURE_ARGS+=	--without-python
CONFIGURE_ARGS+=	--without-tcl

# Work around a bug in autoconf, that thinks almost all mkdir
# implementations are deficient, and a bug someplace between postgis
# and pgxs, that causes topology/Makefile.in to run pgxs's install-sh
# but without a path.
CONFIGURE_ENV+=		ac_cv_path_mkdir="mkdir"

# avoid pointing to a wrapper
CONFIGURE_ENV+=		MSGFMT=${TOOLS_PATH.msgfmt}

# Avoid picking up a random zstd in PATH.  zstd support is currently disabled.
CONFIGURE_ENV+=		ac_cv_path_ZSTD=

# sys/ucred.h shouldn't be included on Solaris, causes conflicts between
# procfs and largefile.
CONFIGURE_ENV.SunOS+=	ac_cv_header_sys_ucred_h=no

# pkgsrc silently filters the --as-needed linker arg, but that makes
# it leak into the pgxs Makefiles and compromises manual building
# against PostgreSQL files installed. Disable it here to prevent
# that from happening.
.if ${OPSYS} == "SunOS" || ${OPSYS} == "Darwin"
CONFIGURE_ENV+=		pgac_cv_prog_cc_ldflags__Wl___as_needed=no
.endif

# Don't be to strict. Fixes build at least on macOS 15.4.
CONFIGURE_ENV+=		pgac_cv_prog_CC_cflags__Werror_unguarded_availability_new=no

# Postgres on Alpha has no spinlock or memory barrier implementation
# and is "unlikely to work correctly".
# https://www.postgresql.org/message-id/E1X0yaj-000753-N6%40gemulon.postgresql.org
BROKEN_ON_PLATFORM+=	*-*-alpha

# Sporadic failures with a _high_ number of MAKE_JOBS.
# Please override this locally if you can't reproduce it rather
# than removing MAKE_JOBS_SAFE, since this is necessary for
# bulk build stability.
#MAKE_JOBS_SAFE=		no

.if ${MACHINE_ARCH} == "sparc"
CFLAGS.NetBSD+=		-D__sparc_v8__
.endif

# configure fails on OpenBSD if thread safety is enabled.
CONFIGURE_ARGS.OpenBSD+=	--disable-thread-safety

# PGSQL_BLCKSZ is the size in bytes of a PostgreSQL disk page or block.
# This also limits the size of a tuple.  The valid values are powers
# of 2 up to 32768, and the default size is 8196.  Please don't change
# this value unless you know what you are doing.
BUILD_DEFS+=		PGSQL_BLCKSZ
.if defined(PGSQL_BLCKSZ)
CONFIGURE_ARGS+=	--with-blocksize=${PGSQL_BLCKSZ}
.endif

# UUID support for contrib/uuid-ossp
# It has to be defined here, because it affects Makefile.global
.if ${OPSYS:M*BSD}
CONFIGURE_ARGS+=	--with-uuid=bsd
.elif ${OPSYS} == "Darwin" || ${OPSYS} == "Linux"
CONFIGURE_ARGS+=	--with-uuid=e2fs
.include "../../devel/libuuid/buildlink3.mk"
.elif ${OPSYS} == "SunOS"
CONFIGURE_ARGS+=	--with-uuid=ossp
.include "../../devel/ossp-uuid/buildlink3.mk"
.endif

# PostgreSQL explicitly forbids any use of -ffast-math
BUILDLINK_TRANSFORM+=	rm:-ffast-math

.include "../../devel/zlib/buildlink3.mk"
.include "../../textproc/libxml2/buildlink3.mk"

.include "../../mk/readline.buildlink3.mk"
.if ${READLINE_TYPE} == "editline"
CONFIGURE_ARGS+=	--with-libedit-preferred
.endif

.if !defined(META_PACKAGE)
post-extract:
	${TOUCH} ${WRKSRC}/src/template/dragonfly
	${CP} ${WRKSRC}/src/makefiles/Makefile.freebsd \
		${WRKSRC}/src/makefiles/Makefile.dragonfly
.endif

.include "../../databases/postgresql17/options.mk"
@


1.17
log
@postgresql1[4-8]: updated to 18.3, 17.9, 16.13, 15.17, 14.22

PostgreSQL 18.3, 17.9, 16.13, 15.17, and 14.22

Bug Fixes and Improvements

This update fixes several bugs that were reported since the previous release. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

Fix issue where a standby would halt and return an error "could not access status of transaction".
Fix error where the substring() function would raise an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. This was due to a change introduced for the fix to CVE-2026-2006.
Fix for the strict_word_similarity function in pg_trgm that could lead to incorrect output or crashes. This was due to an oversight in the fix for CVE-2026-2007.
Fix function volatility for json_strip_nulls() and jsonb_strip_nulls() to be immutable, like previous releases, allowing for them to be used in indexes. If you previously upgraded to PostgreSQL 18.0 through 18.2, see the additional steps in the "Updating" section.
Fix for NOT NULL tests in LATERAL UNION ALL subquery that could lead to wrong query output.
Avoid NOT NULL constraints from generating name conflicts with user-written constraints.
Fix pg_stat_get_backend_wait_event() and pg_stat_get_backend_wait_event_type() to report values for auxiliary processes, similar to pg_stat_activity.
Fix casting a composite-type variable to a domain type when returning its value from a PL/pgSQL function.
Fix the hstore binary input function to avoid crashes on input with duplicate keys.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.16 2026/02/13 10:52:24 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.9
@


1.16
log
@postgresql1[4-8]*: updated to 18.2, 17.8, 16.12, 15.16, and 14.21

PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21

Security Issues

CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory

CVSS v3.1 Base Score: 4.3

Supported, Vulnerable Versions: 14 - 18.

Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Altan Birler for reporting this problem.

CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem.

CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem.

CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem.

CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

CVSS v3.1 Base Score: 8.2

Supported, Vulnerable Versions: 18.

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.

Bug Fixes and Improvements

This update fixes over 65 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

Fix inconsistent case-insensitive text matching in the ltree extension. If you use an index on an ltree column, in some cases you may need perform a reindex. See the "Updating" section for additional instructions.
Executing ALTER TABLE ... ADD CONSTRAINT to add a NOT NULL constraint on a column that already is marked as NOT NULL now requires the constraint name to match the existing constraint name.
Fix trigger behavior when MERGE is executed from a WITH query to include rows affected by the MERGE.
Several query planner fixes.
Fix for text substring search for non-deterministic collations.
Several fixes for NOTIFY error handling and reporting.
Use the correct ordering function in GIN index parallel builds.
Fix incorrect handling of incremental backups with tables larger than 1GB.
Fail recovery if WAL does not exist back to the redo point indicated by the checkpoint record.
Fix for ALTER PUBLICATION to ensure event triggers contain all set options.
Several fixes around replication slot initialization.
Don't advance replication slot after a logical replication parallel worker apply failure to prevent transaction loss on the subscriber.
Fix error reporting for SQL/JSON path type mismatches.
Fix JIT compilation function inlining when using LLVM 17 or later.
Add new server parameter file_extend_method to control use of posix_fallocate().
Fix psql tab completion for the VACUUM command options.
Fix pg_dump to handle concurrent sequence drops gracefully and to fail if the calling user explicitly lacks privileges to read the sequence.
Several fixes for amcheck around btree inspection.
Avoid crash in pg_stat_statements when an IN list contains both constants and non-constant expressions.
This release also updates time zone data files to tzdata release 2025c, which only has a historical data change for pre-1976 timestamps in Baja California.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.15 2026/01/01 12:22:36 rillig Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.8
@


1.15
log
@databases/postgresql: remove unknown configure options
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.14 2025/11/15 06:39:26 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.7
d109 1
a109 1
MAKE_JOBS_SAFE=		no
@


1.14
log
@postgresql: updated to 18.1, 17.7, 16.11, 15.15, 14.20, 13.23

PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23

Security Issues
- CVE-2025-12817: PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
- CVE-2025-12818: PostgreSQL libpq undersizes allocations, via integer wraparound

Bug Fixes and Improvements

This update fixes over 50 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

Avoid returning duplicate rows from hash right semi-joins.
Avoid possible out-of-memory failures during parallel GIN index build.
Several fixes for BRIN indexes.
Fixes for crashes related to partitioned tables, including one occurring during a recheck.
Avoid duplicating hash partition constraints during DETACH CONCURRENTLY, which previously caused issues during dump/restore or if a parent table is dropped after the DETACH.
Disallow generated columns in partition keys and in COPY ... FROM ... WHERE clauses.
Fix incorrect reporting of replication lag in pg_stat_replication view.
Avoid failures when synchronized_standby_slots references nonexistent replication slots.
Avoid unwanted WAL receiver shutdown when switching from streaming to archive WAL source.
Avoid unnecessary invalidation of logical replication slots.
Correctly handle GROUP BY DISTINCT in PL/pgSQL assignment statements.
Avoid leaking memory when handling a SQL error within PL/Python.
Fix how libpq handles socket-related errors on Windows within its GSSAPI logic.
Fix dumping of non-inherited NOT NULL constraints on inherited table columns.
Ensure consistent ordering of foreign key constraints in the output of pg_dump.
Several fixes for pgbench error handling and reporting.
Fix memory leak in pg_combinebackup.
Allow nonsuperusers with SELECT privileges on a table to use pg_prewarm to prewarm indexes on that table.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.13 2025/08/15 08:37:42 adam Exp $
d60 1
@


1.13
log
@postgresql1[3-7]: updated to 17.6, 16.10, 15.14, 14.19, 13.22

PostgreSQL 17.6, 16.10, 15.14, 14.19, 13.22

Security Issues

CVE-2025-8713: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
CVE-2025-8714: PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
CVE-2025-8715: PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server

Bug Fixes and Improvements

This update fixes over 55 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Fix for BRIN indexes using the numeric_minmax_multi_ops operator class that could cause them to become bloated and inefficient. Please see the "Updating" section for instructions on how to fix these indexes.
Several fixes for logical replication, including fixes for memory allocation failure, duplicate transaction replay, infinite wait, unexpected shutdown, and a standby unable to shutdown.
Fix premature removal of old WAL during a checkpoint, which could impact recovery when using replication slots.
Revert a change that could reject XML documents over 10MB in size.
Fix how nested character classes (e.g. [[:alpha:]%_]) are handled in SIMILAR TO expressions.
Restore the ability for PL/pgSQL expressions to use parallel execution.
Avoid a rare scenario where a B-tree index could modify the wrong entry.
Several fixes for MERGE, including incorrect query results with concurrency and when targeting a table that is a parent in an inheritance hierarchy.
Fix LZ4 decompression failure that could occur on data that is not very compressible.
Prevent an infinite loop in checkpoints on systems with very large shared_buffers settings.
Fix issues with GSSAPI authentication when using Active Directory accounts with many group memberships. This release also fixes timing-dependent connection failures when using SSL or GSSAPI encryption in non-blocking mode.
Fix a crash in libpq function PQcancelCreate().
Fix several resource leaks.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.12 2025/05/23 12:51:41 jperkin Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.6
@


1.12
log
@postgresql*: Add missing CONFLICTS patterns.

For some reason the version-specific patterns were dropped since the
postgresql10 import and cargo-culted around since then.  With this, the
latest pkgin is able to correctly upgrade php??-extensions from 2023Q4.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.11 2025/05/09 13:46:34 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.5
@


1.11
log
@postgresql: updated to 17.5, 16.9, 15.13, 14.18, 13.21

PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21

CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Bug Fixes and Improvements

This update fixes over 60 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Handle self-referential foreign keys on partitioned tables correctly. Creating or attaching partitions failed to make the required catalog entries for a foreign-key constraint if the table referenced by the constraint was the same partitioned table. This resulted in failure to enforce the constraint fully. To fix this, please see the instructions in the "Updating" section.
Fix for potential data loss issue when using BRIN bloom indexes (e.g. using the date_bloom_ops operator class).
Fix MERGE into a partitioned table with DO NOTHING actions.
Prevent failure in INSERT commands when the table has a GENERATED column of a domain type and the domain's constraints disallow NULL values.
Fix ALTER TABLE .. ADD COLUMN to correctly handle the case of a domain type that has its own default value and the DEFAULT for the column is not set.
Fix issues when performing casts within the keys of JSON constructor expressions.
Fix XMLSERIALIZE() so that the INDENT option is correctly dumped out when it's present in views or rules. This was noticeable on restores.
Several query planner fixes, including avoiding a premature evaluation of arguments in an aggregate function that has both FILTER and either ORDER BY or DISTINCT clauses that could lead to unnecessary failures.
Fix for potentially returning incorrect results when a bitmap scan without output columns is executed while vacuum is also running on the same table.
Fix performance issues in GIN index search startup when there are many search keys, for example, jsonbcol ?| array[...] with tens of thousands of array elements.
Ensure that I/O statistics of active WAL senders are reported within at most one second.
Fix race condition in handling of synchronous_standby_names immediately after startup, where a backend might fail to wait for a synchronous commit.
Avoid infinite loop if scram_iterations is set to INT_MAX.
Several fixes for logical replication, including handling of vacuum around deleted rows that are still required for logical decoding.
Prevent potential data loss when schema modification operations (DDL) that don't take a strong lock affect tables that are being logically replicated.
Prevent issues in logical replication that could allow duplicate data to be applied due to apply worker error handling.
Improve how reindexdb handles scheduling parallel reindex operations to achieve the expected amount of parallelism.

This release also updates time zone data files to tzdata release 2025b for DST law changes in Chile, plus historical corrections for Iran. Additionally, there is a new time zone America/Coyhaique for Chile's Aysén Region, to account for it changing to UTC-03 year-round, which diverges from America/Santiago.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.10 2025/05/06 12:07:25 wiz Exp $
d29 1
d34 1
@


1.10
log
@*: SOEXT -> SHLIB_EXT
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.9 2025/04/08 07:28:06 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.4
@


1.9
log
@postgresql17: avoid -Werror-unguarded-availability-new; apply some pkglint suggestions
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.8 2025/04/02 12:27:42 prlw1 Exp $
a146 5
OPSYSVARS+=	SOEXT
SOEXT.Darwin=	dylib
SOEXT.*=	so
PLIST_SUBST+=	SOEXT=${SOEXT}

@


1.8
log
@Render postgresql17 CONFLICTS as harmless as those of postgresql16
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.7 2025/03/30 21:10:41 wiz Exp $
d94 3
@


1.7
log
@*: remove MirBSD support
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.6 2025/02/22 09:08:01 nia Exp $
d33 1
a33 1
CONFLICTS+=	postgresql[1-9][0-9]-${module}-[0-9]*
@


1.6
log
@postgres: many MAKE_JOBS issues remain, for example

fatal error: 'catalog/pg_type_d.h' file not found
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.5 2025/02/21 17:29:08 adam Exp $
a46 1
PG_TEMPLATE.MirBSD=	openbsd
d109 1
a109 2
# configure fails on OpenBSD and MirBSD if thread safety is enabled.
CONFIGURE_ARGS.MirBSD+=		--disable-thread-safety
@


1.5
log
@postgresql: updated to 17.4, 16.8, 15.12, 14.17, 13.20

PostgreSQL 17.4, 16.8, 15.12, 14.17, and 13.20

The issues listed below affect PostgreSQL 17. Some of these issues may also
affect other supported versions of PostgreSQL.

Improve behavior of quoting functions in libpq. The fix for CVE-2025-1094
caused the quoting functions to not honor their string length parameters and,
in some cases, cause crashes. This problem could be noticeable from a
PostgreSQL client library, based on how it is integrated with libpq.
Fix small memory leak in pg_createsubscriber.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.4 2025/02/16 09:03:16 adam Exp $
d100 6
@


1.4
log
@postgresql: updated to 17.3, 16.7, 15.11, 14.16, 13.19

PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19

Security Issues

CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Bug Fixes and Improvements

This update fixes over 70 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Restore pre-v17 truncation behavior for >63-byte database names and usernames in connection requests.
Don't perform connection privilege checks and limits on parallel workers, and instead inherit these from the leader process.
Remove Lock suffix from LWLock wait event names.
Fix possible re-use of stale results in window aggregates, which could lead to incorrect results.
Several race condition fixes for vacuum that in the worst case could cause corruption to a system catalog.
Several fixes for truncating tables and indexes that prevent potential corruption.
Fix for detaching a partition where its own foreign-key constraint references a partitioned table.
Fix for the FFn (e.g., FF1) format codes for to_timestamp, where an integer format code before the FFn would consume all available digits.
Fixes for SQL/JSON and XMLTABLE() to double-quote specific entries when necessary.
Include the ldapscheme option in pg_hba_file_rules().
Several fixes for UNION, including not merging columns with non-compatible collations.
Several fixes that could impact availability or speed of starting a connection to PostgreSQL.
Fix multiple memory leaks in logical decoding output.
Fix several memory leaks in PL/Python.
Add psql tab completion for COPY (MERGE INTO).
Make pg_controldata more resilient when displaying info from corruptedpg_control files.
Fix for a memory leak in pg_restore with zstd-compressed data.
Fix pg_basebackup to correctly handle pg_wal.tar files exceeding 2GB on Windows.
Modify earthdistance to use SQL-standard function bodies, which fixes possible issues with major version upgrades to v17 when databases use this extension.
Fix crash in pageinspect in instances where the brin_page_items() function definition is not updated to the latest version.
Fix race condition when trying to cancel a postgres_fdw remote query.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.3 2024/11/25 20:13:26 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.3
@


1.3
log
@postgresql1*: updated to 17.2, 16.6, 15.10, 14.15, 13.18, 12.22

PostgreSQL 17.2, 16.6, 15.10, 14.15, 13.18, and 12.22

The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Restore functionality of ALTER ROLE .. SET ROLE and ALTER DATABASE .. SET ROLE. The fix for CVE-2024-10978 accidentally caused settings for role to not be applied if they came from non-interactive sources, including previous ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
Restore compatibility for the timescaledb and other PostgreSQL extensions built using PostgreSQL prior to the 2024-11-14 release (17.0, 16.4, 15.8, 14.13, 13.16, 12.20, and earlier). This fix restores struct ResultRelInfo to its previous size, so that affected extensions don't need to be rebuilt.
Fix cases where a logical replication slot's restart_lsn could go backwards.
Avoid deleting still-needed WAL files during pg_rewind.
Fix race conditions associated with dropping shared statistics entries, which could lead to loss of statistics data.
Fix crash with ALTER TABLE when checking to see if an index's opclass options have changed if the table has an index with a non-default operator class.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.2 2024/11/16 10:13:51 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.2
@


1.2
log
@postgresql: updated to 17.1, 16.5, 15.9, 14.14, 13.17

PostgreSQL 12 is now end-of-life.

Security Issues
* CVE-2024-10976: PostgreSQL row security below e.g. subqueries disregards user ID changes
* CVE-2024-10977: PostgreSQL libpq retains an error message from man-in-the-middle
* CVE-2024-10978: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
* CVE-2024-10979: PostgreSQL PL/Perl environment variable changes execute arbitrary code

Bug Fixes and Improvements

This update fixes over 35 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Fix when attaching or detaching table partitions with foreign key constraints. After upgrade, users impacted by this issue will need to perform manual steps to finish fixing it. Please see the "Upgrading" section and the release notes for more information.
Fix when using libc as the default collation provider when LC_CTYPE is C while LC_COLLATE is a different locale. This could lead to incorrect query results. If you have these settings in your database, please reindex any affected indexes after updating to this release. This issue impacted 17.0 only.
Several query planner fixes, including disallowing joining partitions (partitionwise join) if the collations of the partitions don't match.
Fix possible wrong answers or wrong varnullingrels planner errors for MERGE ... WHEN NOT MATCHED BY SOURCE actions.
Fix validation of the COPY FORCE_NOT_NULL and FORCE_NULL.
Fix server crash when a json_objectagg() call contains a volatile function.
Ensure there's a registered dependency between a partitioned table and a non-built-in access method specified in CREATE TABLE ... USING. This fix only prevents problems for partitioned tables created after this update.
Fix race condition in committing a serializable transaction.
Fix race condition in COMMIT PREPARED that could require manual file removal after a crash-and-recovery.
Fix for pg_cursors view to prevent errors by excluding cursors that aren't completely set up.
Reduce logical decoding memory consumption.
Fix to prevent stable functions from receiving stale row values when they're called from a CALL statement's argument list and the CALL is within a PL/pgSQL EXCEPTION block.
Fix for JIT crashes on ARM (aarch64) systems.
The psql \watch now treats values that are less than 1ms to be 0 (no wait between executions).
Fix failure to use credentials for a replication user in the password file (pgpass)
pg_combinebackup now throws an error if an incremental backup file is present in a directory that should contain a full backup.
Fix to avoid reindexing temporary tables and indexes in vacuumdb and parallel reindexdb
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.1 2024/11/08 13:43:36 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.1
@


1.1
log
@postgresql17: added version 17.0

PostgreSQL 17 builds on decades of open source development, improving its
performance and scalability while adapting to emergent data access and storage
patterns. This release of PostgreSQL adds significant overall performance
gains, including an overhauled memory management implementation for vacuum,
optimizations to storage access and improvements for high concurrency
workloads, speedups in bulk loading and exports, and query execution
improvements for indexes. PostgreSQL 17 has features that benefit brand new
workloads and critical systems alike, such as additions to the developer
experience with the SQL/JSON JSON_TABLE command, and enhancements to logical
replication that simplify management of high availability workloads and major
version upgrades.
@
text
@d1 1
a1 1
# $NetBSD: Makefile.common,v 1.7 2024/08/09 21:55:49 adam Exp $
d19 1
a19 1
DISTNAME=	postgresql-17.0
@