diff options
| author | adam <adam@pkgsrc.org> | 2021-11-16 10:14:36 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2021-11-16 10:14:36 +0000 |
| commit | e30e7b72bd275dd4ad3fef65f063f31354855f48 (patch) | |
| tree | 0f10a30f384a2f48cb2d7cd5b32dba0ae17f79d6 /databases/postgresql11 | |
| parent | 5e3bcf45e47dadb2ef899d8c4b5420da1d34e9c2 (diff) | |
| download | pkgsrc-e30e7b72bd275dd4ad3fef65f063f31354855f48.tar.gz | |
postgresql: updated to 14.1, 13.5, 12.9, 11.14, 10.19, 9.6.24
PostgreSQL 14.1, 13.5, 12.9, 11.14, 10.19, and 9.6.24
Security Issues
CVE-2021-23214: Server processes unencrypted bytes from man-in-the-middle
Versions Affected: 9.6 - 14. The security team typically does not test unsupported versions, but this problem is quite old.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
The PostgreSQL project thanks Jacob Champion for reporting this problem.
CVE-2021-23222: libpq processes unencrypted bytes from man-in-the-middle
Versions Affected: 9.6 - 14. The security team typically does not test unsupported versions, but this problem is quite old.
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
If more preconditions hold, the attacker can exfiltrate the client's password or other confidential data that might be transmitted early in a session. The attacker must have a way to trick the client's intended server into making the confidential data accessible to the attacker. A known implementation having that property is a PostgreSQL configuration vulnerable to CVE-2021-23214.
As with any exploitation of CVE-2021-23214, the server must be using trust authentication with a clientcert requirement or using cert authentication. To disclose a password, the client must be in possession of a password, which is atypical when using an authentication configuration vulnerable to CVE-2021-23214. The attacker must have some other way to access the server to retrieve the exfiltrated data (a valid, unprivileged login account would be sufficient).
The PostgreSQL project thanks Jacob Champion for reporting this problem.
Bug Fixes and Improvements
This update fixes over 40 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 14. Some of these issues may also affect other supported versions of PostgreSQL.
Some of these fixes include:
Fix physical replication for cases where the primary crashes after shipping a WAL segment that ends with a partial WAL record. When applying this update, update your standby servers before the primary so that they will be ready to handle the fix if the primary happens to crash.
Fix parallel VACUUM so that it will process indexes below the min_parallel_index_scan_size threshold if the table has at least two indexes that are above that size. This problem does not affect autovacuum. If you are affected by this issue, you should reindex any manually-vacuumed tables.
Fix causes of CREATE INDEX CONCURRENTLY and REINDEX CONCURRENTLY writing corrupt indexes. You should reindex any concurrently-built indexes.
Fix for attaching/detaching a partition that could allow certain INSERT/UPDATE queries to misbehave in active sessions.
Fix for creating a new range type with CREATE TYPE that could cause problems for later event triggers or subsequent executions of the CREATE TYPE command.
Fix updates of element fields in arrays of a domain that is a part of a composite.
Disallow the combination of FETCH FIRST WITH TIES and FOR UPDATE SKIP LOCKED.
Fix corner-case loss of precision in the numeric power() function.
Fix restoration of a Portal's snapshot inside a subtransaction, which could lead to a crash. For example, this could occur in PL/pgSQL when a COMMIT is immediately followed by a BEGIN ... EXCEPTION block that performs a query.
Clean up correctly if a transaction fails after exporting its snapshot. This could occur if a replication slot was created then rolled back, and then another replication slot was created in the same session.
Fix for "overflowed-subtransaction" wraparound tracking on standby servers that could lead to performance degradation.
Ensure that prepared transactions are properly accounted for during promotion of a standby server.
Ensure that the correct lock level is used when renaming a table.
Avoid crash when dropping a role that owns objects being dropped concurrently.
Disallow setting huge_pages to on when shared_memory_type is sysv
Fix query type checking in the PL/pgSQL RETURN QUERY.
Several fixes for pg_dump, including the ability to dump non-global default privileges correctly.
Use the CLDR project's data to map Windows time zone names to IANA time zones.
This update also contains tzdata release 2021e for DST law changes in Fiji, Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook Islands, Guyana, Niue, Portugal, and Tonga.
Also, the Pacific/Enderbury zone has been renamed to Pacific/Kanton. Also, the following zones have been merged into nearby, more-populous zones whose clocks have agreed with them since 1970: Africa/Accra, America/Atikokan, America/Blanc-Sablon, America/Creston, America/Curacao, America/Nassau, America/Port_of_Spain, Antarctica/DumontDUrville, and Antarctica/Syowa. In all these cases, the previous zone name remains as an alias.
Diffstat (limited to 'databases/postgresql11')
| -rw-r--r-- | databases/postgresql11/Makefile.common | 4 | ||||
| -rw-r--r-- | databases/postgresql11/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/databases/postgresql11/Makefile.common b/databases/postgresql11/Makefile.common index bfe934f0598..15f31025953 100644 --- a/databases/postgresql11/Makefile.common +++ b/databases/postgresql11/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.23 2021/08/13 11:54:44 adam Exp $ +# $NetBSD: Makefile.common,v 1.24 2021/11/16 10:14:37 adam Exp $ # # This Makefile fragment is included by all PostgreSQL packages built from # the main sources of the PostgreSQL distribution except jdbc-postgresql. @@ -16,7 +16,7 @@ # used by databases/postgresql11-pltcl/Makefile # used by databases/postgresql11-server/Makefile -DISTNAME= postgresql-11.13 +DISTNAME= postgresql-11.14 CATEGORIES= databases MASTER_SITES= ${MASTER_SITE_PGSQL:=source/v${PKGVERSION_NOREV}/} EXTRACT_SUFX= .tar.bz2 diff --git a/databases/postgresql11/distinfo b/databases/postgresql11/distinfo index ba1004e46b4..8893dd8d92c 100644 --- a/databases/postgresql11/distinfo +++ b/databases/postgresql11/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.19 2021/10/26 10:09:47 nia Exp $ +$NetBSD: distinfo,v 1.20 2021/11/16 10:14:37 adam Exp $ -BLAKE2s (postgresql-11.13.tar.bz2) = 255c94b9c1e51cc16f6c6fe4439aebc13cef0bd7d899d9b0059b9cb49b07ca3b -SHA512 (postgresql-11.13.tar.bz2) = 1b2061d505a7460e0aaae53818e77fc99fa7b73eea119033a98a3d7dd3d70d00403998654990b03bbf6eb2df383e2f44791137c8922ea4015715f8bf49c5837f -Size (postgresql-11.13.tar.bz2) = 20123787 bytes +BLAKE2s (postgresql-11.14.tar.bz2) = 54eff3d77ba619e5c132e4617d16f9a3e2016306e5b8083e017deec1a26f7820 +SHA512 (postgresql-11.14.tar.bz2) = ab71461ee6fb4cdc5b4240f7ecd8af2497ce6780283fde2abf5951ffdb616bd0c8ed22b26fdfca402a346e663ff77c4d17f3284c9d700e6fd6795b2aec97c9be +Size (postgresql-11.14.tar.bz2) = 20172910 bytes SHA1 (patch-config_missing) = c2d7d742922ba6861e7660c75b7b53f09e564813 SHA1 (patch-config_perl.m4) = b3393d0f28e97f89ae20297d85553c508b3896bb SHA1 (patch-configure) = b0a758023b3b263ff51b154d0da32cf02520c6cd |