head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.2 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.1.0.2 pkgsrc-2025Q4-base:1.1; locks; strict; comment @# @; 1.4 date 2026.02.13.10.52.25; author adam; state Exp; branches; next 1.3; commitid w0TCHUvGOLf6LcuG; 1.3 date 2026.01.07.08.46.19; author wiz; state Exp; branches; next 1.2; commitid 1wQ3ICD8eebefrpG; 1.2 date 2026.01.01.12.22.37; author rillig; state Exp; branches; next 1.1; commitid j67lUdSOyUtTDGoG; 1.1 date 2025.10.06.13.30.22; author adam; state Exp; branches; next ; commitid LuTSXVGAcgrvOvdG; desc @@ 1.4 log @postgresql1[4-8]*: updated to 18.2, 17.8, 16.12, 15.16, and 14.21 PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 Security Issues CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory CVSS v3.1 Base Score: 4.3 Supported, Vulnerable Versions: 14 - 18. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. The PostgreSQL project thanks Altan Birler for reporting this problem. CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code CVSS v3.1 Base Score: 8.8 Supported, Vulnerable Versions: 14 - 18. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CVSS v3.1 Base Score: 8.8 Supported, Vulnerable Versions: 14 - 18. Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code CVSS v3.1 Base Score: 8.8 Supported, Vulnerable Versions: 14 - 18. Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory CVSS v3.1 Base Score: 8.2 Supported, Vulnerable Versions: 18. Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected. The PostgreSQL project thanks Heikki Linnakangas for reporting this problem. Bug Fixes and Improvements This update fixes over 65 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL. Fix inconsistent case-insensitive text matching in the ltree extension. If you use an index on an ltree column, in some cases you may need perform a reindex. See the "Updating" section for additional instructions. Executing ALTER TABLE ... ADD CONSTRAINT to add a NOT NULL constraint on a column that already is marked as NOT NULL now requires the constraint name to match the existing constraint name. Fix trigger behavior when MERGE is executed from a WITH query to include rows affected by the MERGE. Several query planner fixes. Fix for text substring search for non-deterministic collations. Several fixes for NOTIFY error handling and reporting. Use the correct ordering function in GIN index parallel builds. Fix incorrect handling of incremental backups with tables larger than 1GB. Fail recovery if WAL does not exist back to the redo point indicated by the checkpoint record. Fix for ALTER PUBLICATION to ensure event triggers contain all set options. Several fixes around replication slot initialization. Don't advance replication slot after a logical replication parallel worker apply failure to prevent transaction loss on the subscriber. Fix error reporting for SQL/JSON path type mismatches. Fix JIT compilation function inlining when using LLVM 17 or later. Add new server parameter file_extend_method to control use of posix_fallocate(). Fix psql tab completion for the VACUUM command options. Fix pg_dump to handle concurrent sequence drops gracefully and to fail if the calling user explicitly lacks privileges to read the sequence. Several fixes for amcheck around btree inspection. Avoid crash in pg_stat_statements when an IN list contains both constants and non-constant expressions. This release also updates time zone data files to tzdata release 2025c, which only has a historical data change for pre-1976 timestamps in Baja California. @ text @# $NetBSD: Makefile,v 1.3 2026/01/07 08:46:19 wiz Exp $ PKGNAME= ${DISTNAME:S/-/18-client-/} COMMENT= PostgreSQL database client programs .include "../../databases/postgresql18/Makefile.common" USE_TOOLS+= gzip msgfmt perl tar CONFIGURE_ARGS+= --with-openssl CONFIGURE_ARGS+= --with-zlib # Override INSTALL script to avoid unprivileged user/group # leaking into the binary package CONFIGURE_ARGS+= INSTALL=${INSTALL:Q}\ -c .include "../../mk/bsd.prefs.mk" .if ${OPSYS} == "Cygwin" INSTALLATION_DIRS+= bin .endif # The thread-safety test in ${WRSRC}/src/tools/thread does not pass on # NetBSD earlier than 4.0 or DragonFly. .if (${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 040000) || \ ${OPSYS} == "DragonFly" || ${OPSYS} == "OpenBSD" PGSQL_THREAD_SAFETY?= no .endif PGSQL_THREAD_SAFETY?= yes BUILD_DEFS+= PGSQL_THREAD_SAFETY .if ${PGSQL_THREAD_SAFETY:tl} == yes . include "../../mk/pthread.buildlink3.mk" .endif BUILD_DIRS+= src/include/catalog BUILD_DIRS+= src/fe_utils INSTALL_DIRS= src/include INSTALL_DIRS+= src/common INSTALL_DIRS+= src/port INSTALL_DIRS+= src/interfaces INSTALL_DIRS+= src/bin BUILD_DIRS+= ${INSTALL_DIRS} # Without this, the Darwin build fails (related to -bundle_loader). BUILD_DIRS+= src/backend .for f in pg_service.conf psqlrc CONF_FILES+= share/postgresql/${f}.sample ${PKG_SYSCONFDIR}/${f} .endfor .include "../../devel/zlib/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" SUBST_CLASSES+= pgxs SUBST_STAGE.pgxs= post-build SUBST_MESSAGE.pgxs= Fixing workdir tools references in pgxs Makefile SUBST_FILES.pgxs= src/Makefile.global SUBST_SED.pgxs= -e 's,${TOOLS_CMD.bison},${TOOLS_PATH.bison},' SUBST_SED.pgxs+= -e 's,${TOOLS_CMD.lex},${TOOLS_PATH.lex},' SUBST_SED.pgxs+= -e 's,${TOOLS_CMD.mkdir},${TOOLS_PATH.mkdir},' SUBST_SED.pgxs+= -e 's,${WRKDIR}/.wrapper/bin/ld,${LD},' SUBST_SED.pgxs+= -e 's,${WRKDIR}/.wrapper,${PREFIX},' SUBST_SED.pgxs+= -e 's,${WRKSRC},/dev/null,' INSTALLATION_DIRS+= lib/postgresql/pgxs INSTALLATION_DIRS+= lib/postgresql/pgxs/config INSTALLATION_DIRS+= lib/postgresql/pgxs/src INSTALLATION_DIRS+= lib/postgresql/pgxs/src/makefiles DEST_PGXS= ${DESTDIR}${PREFIX}/lib/postgresql/pgxs PGXS_FILES= config/install-sh PGXS_FILES+= src/makefiles/pgxs.mk src/Makefile.global PGXS_FILES+= src/Makefile.port src/Makefile.shlib PGXS_FILES+= src/nls-global.mk # On Solaris, avoid conflicts between "${SSLBASE}/include/openssl/des.h" # and "/usr/include/crypt.h" -- we want the definitions in the former. .if ${OPSYS} == "SunOS" post-wrapper: touch ${BUILDLINK_DIR}/include/crypt.h .endif post-install: .for file in ${PGXS_FILES} ${INSTALL_DATA} ${WRKSRC}/${file} ${DEST_PGXS}/${file} .endfor .include "../../mk/bsd.pkg.mk" @ 1.3 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2026/01/01 12:22:37 rillig Exp $ a3 1 PKGREVISION= 1 @ 1.2 log @databases/postgresql: remove unknown configure options @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2025/10/06 13:30:22 adam Exp $ d4 1 @ 1.1 log @postgresql18: added version 18.0 PostgreSQL 18 improves performance for workloads of all sizes through a new I/O subsystem that has demonstrated up to 3× performance improvements when reading from storage, and also increases the number of queries that can use indexes. This release makes major-version upgrades less disruptive, accelerating upgrade times and reducing the time required to reach expected performance after an upgrade completes. Developers also benefit from PostgreSQL 18 features, including virtual generated columns that compute values at query time, and the database-friendly uuidv7() function that provides better indexing and read performance for UUIDs. PostgreSQL 18 makes it easier to integrate with single-sign on (SSO) systems with support for OAuth 2.0 authentication. @ text @d1 1 a1 1 # $NetBSD$ d22 1 a22 1 # 1. The thread-safety test in ${WRSRC}/src/tools/thread does not pass on a23 1 # 2. configure with --enable-thread-safety fails on OpenBSD. a32 5 . if (${PTHREAD_TYPE} == "native") CONFIGURE_ARGS+= --enable-thread-safety . endif .else CONFIGURE_ARGS+= --disable-thread-safety @