• https://ftp.postgresql.org/pub/source/v12.2/ (Download)
• ftp://ftp.postgresql.org/pub/source/v12.2/ (Download)

• (2020-02-18) Updated to version: postgresql-12.2
• (2020-02-06) Updated to version: postgresql-12.1
• (2019-11-15) Updated to version: postgresql-11.6
• (2019-08-13) Updated to version: postgresql-11.5
• (2019-06-22) Updated to version: postgresql-11.4
• (2019-05-11) Updated to version: postgresql-11.3
• (2019-02-19) Updated to version: postgresql-11.2
• (2019-02-19) Updated to version: postgresql-11.1
• (2018-12-02) Updated to version: postgresql-10.6
• (2018-08-09) Updated to version: postgresql-10.5

Log message:
Security update to 11.7
ok jeremy@

Log message:
Update to 12.2
Diff from jeremy@ with small change from me.
ok jeremy@

Log message:
show people how to diff their old postgresql.conf against something that
will be reasonably close to the one it was based off, making it easier to
id local changes. ok kmos@ kn@ jeremy@ and pea@ (maintainer)

Log message:
Add "cd /var/postgresql" to upgrade instructions so that pg_dumpall
and initdb work even if the current working directory is not
accessible by the _postgresql user.
OK kn, jeremy, pea

Log message:
Major to PostgreSQL 12.1, dump/restore or pg_upgrade needed
Most of the work from pea@

Log message:
Create postgres (super)user by default after creating test DB cluster.
This was in my tree for ages, triggered again by thread on ports@.
Since this port module is used only for tests, bulk builds won't be affected.
@afresh1 agress this is a nice thing to have by default.

Log message:
Update to 11.6
ok sthen@

Log message:
Update to 11.6
ok sthen@

Log message:
Add datadir to default databases/postgresql flags
While here, stop trying to remove postmaster.pid in rc_start as
pg_ctl already handles that.
OK sthen@, pea@

Log message:
Security update to 11.5
ok jeremy@

Log message:
Update to 11.5
ok jeremy@

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

Log message:
Security update to 11.4
ok jeremy@

Log message:
Upgrade to 11.4.
ok jeremy@

Log message:
Bugfix update to 11.3
ok jeremy@

Log message:
Update to 11.3
ok jeremy@

Log message:
Fix command lines in postgresql pkg-readme dealing with major version upgrades
(6.4->6.5 includes such an upgrade). From Alex Holst, ok naddy@

Log message:
simplify copy-and-pasting for the postgresql README:
- chunk each block together so it can be done in one go rather than
line by line
- remove some unnecessary su(1)'s to reduce the number of multiline
copies
Also, mention about how UTF-8 is used by default if you're running the
commands from a UTF-8 terminal (the "obvious" method of just changing
-E doesn't work in that case).
ok jeremy@, maintainer timeout

Log message:
Update to 11.2
ok ajacoutot@ jeremy@

Log message:
Update to PostgreSQL 11.1
From pea@ (maintainer)
Bulk testing and OK ajacoutot@

Log message:
Use gcc to build postgresql on i386 to unbreak. In 10.6, an explicit
check was added to prevent building on clang/i386 unless either -msse2
is used (restricting cpu support which we don't want), or the compiler
gains support for -fexcess-precision=standard.
Discussion leading up to the added check:
https://www.postgresql.org/message-id/flat/20180904161624.57e68b3a%40fafnir.local.vm
Upstream commit:
https://github.com/postgres/postgres/commit/bd1463e348fcf
ok pea@

Log message:
- Remove mismerged patch (fix was already committed upstream but the
patch wasn't removed, so duplicated some Makefile lines).
- Set SONAME correctly for the libraries. A symlink (libpq.so -> libpq.so.N.M)
is present during build. Internal programs linking with "-lpq" on arches using
LLD get "NEEDED libpq.so" from the symlink instead of the correct "libpq.so.N.M".
Override this by setting -soname (similar to what upstream are doing, but the
library minor was missing in their version).

Log message:
fix dependencies
spotted by aja@
ok sthen@

Log message:
Update to 10.6
ok jeremy@

Log message:
Backport fix for server crash when using foreign tables with SCRAM
authentication. As this changes linking for shared libraries, bump
all subpackages except -docs to be safe.
OK pea@

Log message:
enable spinlocks for arm; from Brad, build + regress testing by jsg@,
ok jca@ pea@

Log message:
Tweak README-server
Use UTF-8 encoding by default (requested by Chris Bennett) and use
scram-sha-256 as the auth method.
ok pea@ (maintainer) ok sthen@ (at least for the UTF-8 part)

Log message:
Remove unneeded LIBRESSL_VERSION_NUMBER patches. We have the relevant
BIO_meth_* interfaces for some time now.
looks good to jca, bumping help from sthen
ok jsing

Log message:
convert to PKGSTEM

Log message:
Security update to 10.5
ok jeremy@

Log message:
Bugfix update to 10.5
ok jeremy@

Log message:
Update to 10.4
ok jeremy@

Log message:
Update to 10.4
ok jeremy@

Log message:
remove empty file

Log message:
Security update to 9.6.8
ok jeremy@

Log message:
Bugfix update to 10.3
ok jeremy@

Log message:
we have BIO_meth_new (which pgsql checks for) but not some of the other
functions that it also needs, neuter for now to unbreak. from jsing

Log message:
regen patch, no other change

Log message:
Security update to 9.6.7
ok jeremy@

Log message:
Update to 10.2
ok jeremy@

Log message:
Now that arm has switched to clang the base compiler has atomic builtins
and accepts -mfpu=neon.
ok jca@ sthen@

Log message:
compile time fix for arm

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
Security update to 9.6.4
ok pirofti@

Log message:
Security update to 9.5.8
ok pirofti@

Log message:
Security update to 9.6.4

Log message:
The manual manual pages (of the usual poor DocBook quality) now
look better with mandoc than with groff, so drop USE_GROFF and bump
those four of the six subpackages that contain manual pages.

Log message:
Backport postgresql security update 9.6.3.
Fixes CVE-2017-7484, CVE-2017-7485, CVE-2017-7486.
OK pea@

Log message:
switch README to using rcctl, ok pea@

Log message:
Security update to 9.6.3 ( CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)

Log message:
Fix bug with create extension plperl
( Util.c: loadable library and perl binaries are mismatched )
Spotted and fix by Markus Hennecke, Thanks !

Log message:
Reliability update to 9.5.6

Log message:
Update to 9.6.2
ok jeremy@

Log message:
Adjust pg_upgrade docs. Written by jeremy@ based on my notes, with small
tweaks by me to avoid hardcoding versions (both in this README and in the
@ask-update in PLIST).  OK jeremy@ pea@

Log message:
Bugfix update to 9.5.5
ok jeremy@

Log message:
Base gcc does not have atomic builtins on arm.  Instead of disabling
spinlocks build with ports gcc for now to get the atomic builtins.
ok sthen@

Log message:
disable spinlocks on arm, so we can have a postgresql package

Log message:
Update to PostgreSQL 9.6.1
This moves pg_upgrade to a subpackage, and has that
subpackage depend on postgresql-previous.
pthread is removed from WANTLIB, as it is no longer
needed for suppoting threaded extensions.
This adds support for PostgreSQL 9.6's new BSD
authentication.
OK pea@ landry@

Log message:
Security update to 9.4.9 ( CVE-2016-5423, CVE-2016-5424)
ok robert@

Log message:
First pass at pre-entively fixing ports that would break once guenther's header
pollution diff is in.
lang/squeak/vm does not build but it's due to the recent audio changes
games/xbattle: also fixes some conflicting implicit decl
print/hplip: also fixes some conflicting implicit decl

Log message:
retire sparc

Log message:
Security update to 9.4.8
ok robert@

Log message:
Security update to 9.5.4
ok robert@

Log message:
remove obsolete README, pthread preload no longer needed, and it didn't even
make it into the PLIST anyway

Log message:
Add alpha to the 'need --disable-spinlocks' boat
http://build-failures.rhaalovely.net/alpha/2016-05-26/databases/postgresql.log
error: #error PostgreSQL does not have native spinlock support on this
platform. To continue the compilation, rerun configure using
--disable-spinlocks. However, performance will be poor. Please report
this to pgsql-bugs@postgresql.org.

Log message:
Update ton 9.5.3
ok jeremy@

Log message:
Update to 9.5.2
Tested in a bulk by ajacoutot@
ok jeremy@

Log message:
update to postgresql-9.4.7

Log message:
garbage-collect comment that was associated with the (removed) SHARED_ONLY
line. ok pea@

Log message:
Security update to 9.4.7
ok sthen@

Log message:
Security update to 9.4.7
ok sthen@

Log message:
drop SHARED_ONLY from python and ruby ports

Log message:
SECURITY update to PostgreSQL 9.4.6: various fixes including one for
CVE-2016-0773, an issue with regular expression parsing. Various other fixes.
Note: ..."if you are upgrading an installation that contains any GIN
indexes that use the (non-default) jsonb_path_ops operator class, see
the first changelog entry"...
http://www.postgresql.org/docs/current/static/release-9-4-6.html

Log message:
SECURITY update to PostgreSQL 9.4.6: various fixes including one for
CVE-2016-0773, an issue with regular expression parsing. Various other fixes.
Note: ..."if you are upgrading an installation that contains any GIN
indexes that use the (non-default) jsonb_path_ops operator class, see
the first changelog entry"...
http://www.postgresql.org/docs/current/static/release-9-4-6.html
OK pea@

Log message:
Security update to 9.4.5
"go ahead" sthen@

Log message:
Security update to 9.4.5

Log message:
Security update to 9.4.5

Log message:
Initialize test database clusters with UTF-8 encoding.
Initial idea from Patrick Keshishian on ports@, okay landry@.

Log message:
- remove trailing white spaces
- add RSC id and header to README-plpython
OK jasper@

Log message:
Run test commands in a subshell to avoid potential clutter of variables
coming from those modules.

Log message:
Don't use same directory for both mariadb.port.mk and postgresql.port.mk:
they could be used at the same time, and each of them wipes the database
directory before running server.

Log message:
sudo(8) -> su(1)

Log message:
Kill dead mirrors, and add a http mirror.
ok pea@ (maintainer)

Log message:
Reliability upgrade to 9.4.4
ok ajacoutot@

Log message:
Upgrade to 9.4.4
ok ajacoutot@

Log message:
sync distinfo

Log message:
Security / reliability update to 9.4.2
go ahead ajacoutot@

Log message:
Security / reliability update to 9.4.2
go ahead ajacoutot@

Log message:
"/usr/local/lib/pkgconfig/" is part of mtree(8).
Packages should not own this dir to prevent its deletion or a warning that it
cannot be removed because it's not empty at pkg_delete(1) time.

Log message:
these expect that "sparc" is sparc64, not 32bit.

Log message:
Fix hba "samehost"/"samenet" support.
On OpenBSD, the sa_family field in netmask sockaddrs can be zero and
thus different from the sa_family of the address sockaddr.
Until this glitch gets corrected, fix postgresql.
ok sthen@ pea@ (MAINTAINER)

Log message:
Fix hba with IPv6 connections.
The incorrect code was generating memcpy calls with src and dest
overlapping, which raises SIGABRT, making the server unreachable
using IPv6.  The fix consists in passing the right parameters to
memcpy, including sizeof(struct sockaddr_in) as len, since
sizeof(struct sockaddr_storage) would be too much, and sa_len
is unusable in netmask sockaddrs.  Debugged with sthen@ and lteo@
Problem reported by Hugo Osvaldo Barrera.
ok sthen@

Log message:
regen

Log message:
Security / bugfixes update to 9.3.6 ( 5 CVE )
ok jasper@, sthen@

Log message:
Security / bugfixes update to 9.4.1 (5 CVE)
ok sthen@

Log message:
Add --nosync to initdb(1) invocation to speed up test framework startup,
as suggested in private mail.

Log message:
Unbreak on alpha by using the correct memory barrier instruction, courtesy of miod@

Log message:
regen patches

Log message:
That had to happen... postgresql fails to build on alpha:
{standard input}:1354: Error: unknown opcode `rmb'
Mark as BROKEN accordingly, until a proper fix is devised.

Log message:
Add infrastructure for testing PostgreSQL-based apps. It sets up database
cluster, creates a database (optionally), starts server and then starts
actual test code. The server gets correctly shut down after testing.
Also, only Unix sockets are used for connections, minimizing side effects
on running system.
Man page to follow.
okay espie@

Log message:
Update to 9.4.0
Tested in a bulk build by landry@
help and ok jeremy@, sthen@

Log message:
Allow installation of PostgreSQL extensions outside of the ports system.
Remove FAKE_AS_ROOT = always-wrap, since it is no longer necessary.
espie@ in favor
OK pea@

Log message:
- only suggest cap_mkdb if login.conf.db exists, ok aja@ landry pea@
- show people how to setup ssl and tweak headings, ok pea@

Log message:
Add a consistent header that substitutes FULLPKGNAME for the READMEs.
ok jasper@ sthen@

Log message:
Sync comment with reality.

Log message:
Bugfixes update to 8.4.8
ok ajacoutot@, jasper@

Log message:
Bugfixes update to 9.0.4
ok ajacoutot@, jasper@

Log message:
Update to 9.0.4.
Changelog: http://www.postgresql.org/docs/9.0/static/release-9-0-4.html
ok ajacoutot@, jasper@

Log message:
Add an explanation about cluster's encoding.
Spotted by ajacoutot@
ok ajacoutot@

Log message:
Allow PostgreSQL to run on Loongson.
With help of miod@ (thx !)
ok jasper@

Log message:
Remove all redirections -- rc.subr(8) now takes care of it.

Log message:
Remove now uneeded redirection.

Log message:
Add a small upgrade howto.
idea from sthen@
ok sthen@, landry@
looks good espie@

Log message:
Bugfix update to 8.4.7
Security fix for CVE-2010-4015
ok sthen@, ajacoutot@, jasper@

Log message:
Update to 9.0.3.
+ CVE fix (CVE-2010-4015)
+ fix nasty behavior:
- Before exiting walreceiver, ensure all the received WAL is fsync'd to disk.
Otherwise the standby server could replay some un-synced WAL, conceivably leading
to data corruption if the system crashes just at that point.
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
Tested in a bulk by landry@
ok ajacoutot@, landry@, sthen@

Log message:
Make use of rcexec.
While here, force postgresql to quit in rc_stop, ok pea@

Log message:
Cope with recent class handling in rc.subr.

Log message:
Simplify after recent rc.subr change.
The framework is now stable and we will start documenting it (at last).

Log message:
Cope with recent rc.subr changes.

Log message:
- bump after uuid rename, reminded by aja@

Log message:
- advised update of postgresql to 8.4.6
from pea@ (MAINTAINER)
'yes please' aja@

Log message:
Bugfixes update to 9.0.2
Changelog: http://www.postgresql.org/docs/9.0/static/release-9-0-2.html
ok ajacoutot@

Log message:
Fix variable names in rc script. Breakage spotted by pea@
While here, deal with the pidfile in pre, not post.
ok pea@ (maintainer)

Log message:
Move to using daemon_user.
ok pea@ (maintainer)

Log message:
newer depends with >=

Log message:
a few depends I missed

Log message:
convert to new style depends
zap default spec that are not needed
convert libspecs as well
convert p* to REVISION.
No package changes

Log message:
pkg-readme filename comes from ${FULLPKGNAME}, fixes packaging.

Log message:
Add missing RCS id.

Log message:
* MAJOR UPGRADE *
+ upgrade to 9.0.1
+ move readme to new location
+ add a rc script
A dump / restore is needed for this upgrade.
See http://openbsd.raveland.org/ports/postgresql/UPGRADE_HOWTO.txt
if you need help for this.
ok jasper@, eric@

Log message:
bye bye old LIB_DEPENDS

Log message:
SECURITY UPDATE to postgresql-8.4.5
Changelog:
http://www.postgresql.org/docs/8.4/static/release-8-4-5.html
from pea@, thanks!
ok jasper

Log message:
SECURITY UPDATE to postgresql-8.4.5
Changelog:
http://www.postgresql.org/docs/8.4/static/release-8-4-5.html
from pea@, thanks!
ok jasper

Log message:
USE_GROFF=Yes

Log message:
Update to 8.4.5
Changelog here: http://www.postgresql.org/docs/8.4/static/release-8-4-5.html
ok jasper@
note: i will update it to 9.0.1 in a few days

Log message:
SECURITY UPDATE to postgresql-8.4.4
http://www.postgresql.org/docs/8.4/static/release-8-4-4.html
from pea@
ok pea@ jasper@

Log message:
- SECURITY update of postgresql to 8.4.4
fixes CVE-2010-1169 CVE-2010-1447 and CVE-2010-1170.
ok pea@ (MAINTAINER)

Log message:
SECURITY FIX
postgresql-8.3.10
NOTE:  pg_standby has moved from the -server package to -contrib
from pea@, thanks!
ok sthen@ ajacoutot@ jasper@

Log message:
Update to 8.4.3
Please note that pg_standby is now in the -contrib package
ok jasper@, sthen@

Log message:
Update to 8.4.2
Please note:
if you have any hash indexes, you should REINDEX them after updating to 8.4.2,
to repair possible damage.
Changelog:
http://www.postgresql.org/docs/current/static/release-8-4-2.html
ok sthen@

Log message:
SECURITY FIX
Update to PostgreSQL-8.3.9
http://www.postgresql.org/docs/8.3/static/release-8-3-9.html
Resolves CVE-2009-4034, CVE-2009-4136, reject SSL certificates
containing an embedded null byte in the common name (CN) field, crash fixes
from pea@
ok sthen@ jasper@

Log message:
SECURITY update to 8.3.8
A dump/restore is not required for those running 8.3.X. However, if you have
any hash indexes on interval columns, you must REINDEX them after updating
to 8.3.8.
from pea@, thanks!
ok jasper@

Log message:
Take maintainership
discussed with many.
please commit jasper@

Log message:
SECURITY update to 8.3.8
from pea@, ok mbalmer@, reads ok to ajacoutot@
ok jasper@

Log message:
remove marc balmer as maintainer of all of his ports, to take away the
illusion marc still maintains them. as requested by himself.

Log message:
Update to 8.4.1.
Changelog: http://www.postgresql.org/docs/8.4/static/release-8-4-1.html
Security fixes: http://www.postgresql.org/support/security
"fine by me" mbalmer@, ok sthen@

Log message:
Upgrade PostgreSQL to the latest version 8.4.0.
Initial diff (for rc and beta) from simon@
ok mbalmer@, simon@
commitski jasper@
BE CAREFULL: it's a major upgrade !
You MUST dump/restore all your data for this upgrade.

Log message:
Update to 8.3.7
See http://www.postgresql.org/docs/8.3/static/release-8-3-7.html
ok mbalmer@

Log message:
Upgrade to 8.3.6.
See http://www.postgresql.org/docs/8.3/static/release-8-3-6.html
ok mbalmer@ ajacoutot@

Log message:
Upgrade to PostgreSQL 8.3.5: bug fix release.
OK mbalmer@, ajacoutot@

Log message:
Upgrade to PostgreSQL 8.3.4; bug fix release.
ok mbalmer@

Log message:
Upgrade to PostgreSQL 8.3.3; bug fix release.
ok mbalmer@

Log message:
Major update to version 8.3.1 - be sure to dump your databases before
you apply this and restore afterwards!
Additionally, implicit typecasts are history and not supported anymore.
Versions prior to 8.3 had the feature (some say bug) that functions,
expecting an argument to be of a certain type, have casted a variable of
any other type to the expected type, if possible.
This has changed now.  Tests surfaced rare occurrences of regressions,
which were then fixed in about ten minutes - and that code was not even
in the ports tree;  no issues found there.
A few more things have changed, namely tsearch2 went from contrib to the
core and native uuid type support was added;  for details read the
release announcement at
http://www.postgresql.org/docs/8.3/static/release-8-3.html.
tests & ok mbalmer@ (maintainer)

Log message:
Cumulative security update to PostgreSQL 8.2.6 that fixes five security
vulnerabilities.
See http://www.postgresql.org/about/news.905 for details.

Log message:
Update PostgreSQL to version 8.2.5.
Release date: 2007-09-17
This release contains a variety of fixes from 8.2.4.
A dump/restore is not required for those running 8.2.X.
See http://www.postgresql.org/docs/8.2/static/release-8-2-5.html for a list
of all changes.

Log message:
remove surrounding quotes from COMMENT/BROKEN/PERMIT_*

Log message:
forgot to bump pkgnames after PFRAG.shared removal, sorry..
noticed by naddy@

Log message:
-NOT_FOR_ARCHS=	${NO_SHARED_ARCHS}
+SHARED_ONLY=	Yes
ok ajacoutot@, simon@, mbalmer@ (for the postgresql bits)

Log message:
Fix a typo in the server README.OpenBSD file.
Noticed by Ingo Schwarze <schwarze@usta.de>.

Log message:
Give better advice on what to put in /etc/rc.local, unclutters output
at system startup time.

Log message:
MFC:
Security update to PostgreSQL 8.2.4.
This fixes several bugs and one vulnerability (CVE-2007-2138).

Log message:
Fix a typo.

Log message:
Security update to PostgreSQL 8.1.9.
This fixes several bugs and one vulnerability (CVE-2007-2138).

Log message:
Security update to PostgreSQL 8.1.9.
This fixes several bugs and one vulnerability (CVE-2007-2138).

Log message:
Security update to PostgreSQL 8.2.4.
This fixes several bugs and one vulnerability (CVE-2007-2138).

Log message:
you can't have inter-packages WANTLIB, you've got to go through LIB_DEPENDS
so that build proceeds correctly.
noticed by naddy@, kili@, bug by sturm@
bump PKGNAME for people who managed to build the broken version.

Log message:
WANTLIB

Log message:
base64 distinfo with SHA256

Log message:
add the postgresql contributions from the contrib/ directory
as a subpackage, bump as required.
ok mbalmer@, go ahead robert@, kili@

Log message:
Move some manpages that sneaked into the -docs subpackage to the -main
subpackage.  spotted by nikolay.

Log message:
Security update to PostgreSQL 8.1.8.
This update fixes the following problems:
CVE-2007-0555 and CVE-2007-0556.  Both of these issues
allow an authenticated attacker with the permissions to run arbitrary SQL to
launch a denial-of-service attack or possibly read out random chunks of
memory.  Since attacks to require authenticated access, the security hole is
only considered medium risk.  You can read more about the issues on Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Log message:
Security update to PostgreSQL 8.1.8.
This update fixes the following problems:
CVE-2007-0555 and CVE-2007-0556.  Both of these issues
allow an authenticated attacker with the permissions to run arbitrary SQL to
launch a denial-of-service attack or possibly read out random chunks of
memory.  Since attacks to require authenticated access, the security hole is
only considered medium risk.  You can read more about the issues on Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Log message:
The PostgreSQL 8.2.2 security update introduced a bug that has been fixed
by the PostgreSQL team in 8.2.3.

Log message:
Security update to PostgreSQL 8.2.2.
This update fixes the following problems:
CVE-2007-0555 and CVE-2007-0556.  Both of these issues
allow an authenticated attacker with the permissions to run arbitrary SQL to
launch a denial-of-service attack or possibly read out random chunks of
memory.  Since attacks to require authenticated access, the security hole is
only considered medium risk.  You can read more about the issues on Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Log message:
Security update to PostgreSQL 8.2.2.
This update fixes the following problems:
CVE-2007-0555 and CVE-2007-0556.  Both of these issues
allow an authenticated attacker with the permissions to run arbitrary SQL to
launch a denial-of-service attack or possibly read out random chunks of
memory.  Since attacks to require authenticated access, the security hole is
only considered medium risk.  You can read more about the issues on Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Log message:
Update to PostgreSQL 8.2.1
Please note that a database dump/restore is required to upgrade to this
version.  See the full details at the following URL:
http://www.postgresql.org/docs/current/static/release-8-2.html
requested, tested and ok by robert, simon

Log message:
MFC:
Maintenance update to PostreSQL 8.1.6, bugfixes and changes in DST rules
for canade.  No API changes.

Log message:
MFC:
Maintenance update to PostreSQL 8.1.6, bugfixes and changes in DST rules
for canade.  No API changes.

Log message:
Maintenance update to PostreSQL 8.1.6, bugfixes and changes in DST rules
for canade.  No API changes.

Log message:
new MULTI_PACKAGES

Log message:
MFC:
update to postgresql  8.1.5, turns out this fixes several bugs that
could cause DoS

Log message:
Give slightly better advice on KerberosV usage.
From Bioern Sandell, <biorn@chalmers.se>, thanks.

Log message:
update to postgresql  8.0.9, turns out this fixes several bugs that
could cause DoS

Log message:
update to postgresql  8.1.5, turns out this fixes several bugs that
could cause DoS

Log message:
Add a section on KerberosV support to the README.OpenBSD file.
From Tom McLaughlin <tmclaugh@sdf.lonestar.org>, thanks!

Log message:
Add a section in the README file about the accounts involved in a PostgreSQL
database and point to two administrative user interfaces (phppgadmin and
pgadmin3).

Log message:
Typo in the MESSAGE-server file.  Found by bernd, gracias!

Log message:
Do not install a default database when installing the -server subpackage,
instead give advice on how to install a dabase with proper protection.
ok pvalchev, bernd, krw

Log message:
Update to PostgreSQL 8.1.5.   As the file sizes of the libraries are not the
same in most cases, I bumped the minor version just to be on the safe side.

Log message:
put back "nohup", I should have read also this history. PostgreSQL runs
fine without it but we are not sure if the signal race has been fixed or
not, sorry.
spotted by bernd@

Log message:
- remove "nohup" from the suggested rc script.
- get ride of INSTALL-server and move database init to PLIST-server.
- bump PKGNAME.
ok mbalmer@

Log message:
more new libspecs.

Log message:
remove defunct master site and add a few more mirrors

Log message:
MFC:
Security update to postgresql-8.1.4.
Fixes SQL-injection attacks. (CVE-2006-2313, CVE-2006-2314)
For detailed information please see:
http://developer.postgresql.org/docs/postgres/release-8-1-4.html
http://secunia.com/advisories/20231/

Log message:
Security update to postgresql-8.0.8
Fixes SQL-injection attacks. (CVE-2006-2313, CVE-2006-2314)

Log message:
Security update to postgresql-8.1.4.
Fixes SQL-injection attacks. (CVE-2006-2313, CVE-2006-2314)
For detailed information please see:
http://developer.postgresql.org/docs/postgres/release-8-1-4.html
http://secunia.com/advisories/20231/
ok mbalmer@ (MAINTAINER)

Log message:
fix packaging, noticed by brad

Log message:
fix packaging, noticed by brad@

Log message:
Security update to PostgreSQL 8.0.7
fixes CVE-2006-0678

Log message:
Security update to PostgreSQL version 7.4.12
this fixes CVE-2006-0678

Log message:
Security update to PostgreSQL version 8.1.3.
Vulnerabilities in PostgreSQL SET ROLE/SET SESSION AUTHORIZATION
By issuing SET ROLE with a specially crafted argument, it is possible
for any logged-in database user to acquire the privileges of any other
database user, including superusers.  Database superuser status allows
access to the machine's filesystem and hence might be used to mount
remote attacks against the rest of the server's operating system.
This error exists in PostgreSQL releases 8.1.0 - 8.1.2 and is fixed in 8.1.3.
The same underlying bug exists in SET SESSION AUTHORIZATION in all
releases back to 7.3.  This variant cannot be exploited for privilege
escalation, because one must already be superuser to use SET SESSION
AUTHORIZATION.  However, if the server has been compiled with Asserts
enabled (which is not the default), then it is possible to trigger an
Assert failure before the privilege check is reached.  This would cause
a momentary denial of service to other database users.  This is repaired
in PostgreSQL releases 8.1.3, 8.0.7, 7.4.12, and 7.3.14.

Log message:
update to porstgresql 7.4.11, fixing several bugs and security issues
CVE-2005-{0977,0227,0244,0245,0246,0247,1409,1410}

Log message:
Update PostgreSQL to version 8.1.2 and move the README.OpenBSD file to the
server package, so that the informationis always available and not only
when the docs package is installed.  This was requested by many people.
SECURITY:
Version 8.1.2 fixes security and other problems that were present in 8.1.0.
See http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php for
details.

Log message:
SHARED_LIBS
ok bernd

Log message:
Forgot to bump the package name of the -docs subpackage after a change
to the PLIST.
"gentle" reminder by nikolay...

Log message:
Fix a typo, from jk <dhv@scurvy.org>.

Log message:
Bump package name.

Log message:
Rearrange the PLIST's to make sure the subpackages can be individually
installed and deinstalled.
problem found by msf@, thanks!

Log message:
Update to PostgreSQL 8.1.0
Detailed information can be found at http://www.postgresql.org/docs/whatsnew

Log message:
Update to PostgreSQL 8.0.4.

Log message:
conflicts from the past: history since 3.7.
As noted on ports@ recently, pkg_add -r relies on conflicts, and the
sheer existence of updates means we MUST take the past into account in
conflicts now.
Note the renaming of hugs98 to valid package names where versions are
concerned.
This commit shows clearly the renaming of the xfce4 plugin packages, the
ditching of eclipse flavors, the splitting of nessus into subpackages,
the splitting of various other software documentations, some packaging bugs
in kdeedu, and a lot of files moving around...
okay pvalchev@

Log message:
MFC:
fix kerberos support (from Jesse Kempf <kempf at rpi.edu> and mention
to start the server with nohup to prevent a signal race (from mpf@)
same diff as for 3.7

Log message:
MFC:
fix kerberos support (from Jesse Kempf <kempf at rpi.edu> and mention
to start the server with nohup to prevent a signal race (from mpf@)
ok brad@

Log message:
Remove unused patch file.
Spotted by naddy@

Log message:
Security update to version 8.0.3
ok robert@

Log message:
WANTLIB tweaks
ok alek@

Log message:
Update to PostgreSQL 8.0.2 and take maintainerhsip with the old maintainers
consent.
ok nikolay@, todd@

Log message:
remove Peter Galbavy as maintainer per his request

Log message:
fix kerberos support (from Jesse Kempf <kempf at rpi.edu>) and
mention to start the server with nohup to prevent a signal race (from mpf@)

Log message:
Oh my^W^WMore no longer needed WWW:... lines

Log message:
MFC:
SECURITY fix
This patch fixes a problem where low privileged users can invoke the
LOAD extension to load arbitrary libraries into the postgres process
space.
ok brad@

Log message:
MFC:
SECURITY fix
This patch fixes a problem where low privileged users can invoke the
LOAD extension to load arbitrary libraries into the postgres process
space.
ok brad@

Log message:
SECURITY fix
This patch fixes a problem where low privileged users can invoke the
LOAD extension to load arbitrary libraries into the postgres process
space.
ok peter.galbavy at knowtion.net

Log message:
SIZE

Log message:
- Fix libpq soname
- Rework WANTLIB as this port has SUBPACKAGES
- Replace RUN_DEPENDS with LIB_DEPENDS
- Add PKG_ARCH
- Bump PKGNAME
ok sturm@, Brandon Palmer (MAINTAINER)

Log message:
WANTLIB markers

Log message:
trim down INSTALL script, move stuff into PLIST and MESSAGE.

Log message:
new-style conflicts.

Log message:
new style PLISTs

Log message:
new plist

Log message:
Update to PostgreSQL 7.4.3
Changes in the package layout means that there is now a -client and
-server subpackage, and users no longer need to decide which, as
the -server depends on the -client, just like the sane cases in
mysql and openldap.
Other changes include:
* Removal of the tcl FLAVOR until someone with more tcl/tk knowledge
can make it work correctly.
* The INSTALL-server script now created a _postgresql user and group
if they don't already exist, and also a default database in
/var/postgresql if that directory also doesn't exist.
* The port is marked for NO_SHARED_ARCHS as the -server subpackage
needs shared lib support to build.
* The port will build with spinlocks disabled on hppa until someone
can check and test this problem more closely.
Built and checked on i386, sparc64, amd64, macppc (waiting for regress
test feedback).
Dependent packages will be updated after this commit, shortly.

Log message:
mark some subpackages arch independent
ok naddy@

Log message:
upgrade to PostgreSQL 7.3.5
--
ok MAINTAINER (Peter Galbavy)

Log message:
remove WWW lines

Log message:
Bump package (forgot in last commit..)

Log message:
Forgot to bump one package.. sigh

Log message:
Security fix:
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
in the abstract data type (ADT) to ASCII conversion functions.
It is believed that, under the right circumstances, an attacker may use
this vulnerability to execute arbitrary instructions on the PostgreSQL
server.

Log message:
Security fix:
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
in the abstract data type (ADT) to ASCII conversion functions.
It is believed that, under the right circumstances, an attacker may use
this vulnerability to execute arbitrary instructions on the PostgreSQL
server.

Log message:
Security fix:
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
in the abstract data type (ADT) to ASCII conversion functions.
It is believed that, under the right circumstances, an attacker may use
this vulnerability to execute arbitrary instructions on the PostgreSQL
server.
ok Brandon Palmer (maintainer)

Log message:
new user naming schema
bump PKGNAME where necessary
rohee@ ok leafnode
"you don't have to wait for oks" pval@

Log message:
PERMIT_*_CDROM can't be Yes:
The license says:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose, without fee, and without a written agreement
is hereby granted, provided that the above copyright notice and this
paragraph and the following two paragraphs appear in all copies.
noticed by markus@

Log message:
Update to 7.3.2.  Change flavor no_tcl -> tcl.
From: Peter Galbavy <peter.galbavy@knowtion.net>

Log message:
add no_tcl flavor, for those not building all of ports,
not wanting to install x to have a database; from brad@,
prodded by Ben Lindstrom

Log message:
PKGNAME-tcl= .. from naddy@ .. thanks!

Log message:
build depends on tcl too

Log message:
add tcl multi-package to postgresql

Log message:
sloppy update. this port used to install ALL the headers for a good reason.

Log message:
Update to 7.3.
From: Peter Galbavy <peter.galbavy@knowtion.net>