The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 9.1.23. This release fixes two security issues. It also patches a number of other bugs reported over the last three months. Users who rely on security isolation between database users should update as soon as possible. Other users should plan to update at the next convenient downtime.

Security Issues
---------------
Two security holes have been closed by this release:

CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \connect command. pg_dumpall will also refuse to handle database and role names containing line breaks after the update. For more information on these issues and how they affect backwards-compatibility, see the Release Notes.

Bug Fixes and Improvements
--------------------------
This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 9.5, but many affect all supported versions:

Fix misbehaviors of IS NULL/IS NOT NULL with composite values
Fix three areas where INSERT ... ON CONFLICT failed to work properly with other SQL features.
Make INET and CIDR data types properly reject bad IPv6 values
Prevent crash in "point ## lseg" operator for NaN input
Avoid possible crash in pg_get_expr()
Fix several one-byte buffer over-reads in to_number()
Don't needlessly plan query if WITH NO DATA is specified
Avoid crash-unsafe state in expensive heap_update() paths
Fix hint bit update during WAL replay of row locking operations
Avoid unnecessary "could not serialize access" with FOR KEY SHARE
Avoid crash in postgres -C when the specified variable is a null string
Fix two issues with logical decoding and subtransactions
Ensure that backends see up-to-date statistics for shared catalogs
Prevent possible failure when vacuuming multixact IDs in an upgraded database
When a manual ANALYZE specifies columns, don't reset changes_since_analyze
Fix ANALYZE's overestimation of n_distinct for columns with nulls
Fix bug in b-tree mark/restore processing
Fix building of large (bigger than shared_buffers) hash indexes
Prevent infinite loop in GiST index build with NaN values
Fix possible crash during a nearest-neighbor indexscan
Fix "PANIC: failed to add BRIN tuple" error
Prevent possible crash during background worker shutdown
Many fixes for issues in parallel pg_dump and pg_restore
Make pg_basebackup accept -Z 0 as no compression
Make regression tests safe for Danish and Welsh locales

7 files changed, 8 insertions, 150 deletions

diff --git a/databases/postgresql93/Makefile b/databases/postgresql93/Makefile
index 39e4f849efd..f774a682a40 100644
--- a/databases/postgresql93/Makefile
+++ b/databases/postgresql93/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.10 2016/07/09 06:38:02 wiz Exp $
+# $NetBSD: Makefile,v 1.11 2016/08/23 06:28:15 adam Exp $
 
 PKGNAME=	${DISTNAME:C/-/93-/}
-PKGREVISION=	1
 COMMENT=	Robust, next generation, object-relational DBMS
 
 DEPENDS+=	postgresql93-client>=${PKGVERSION_NOREV}:../../databases/postgresql93-client
diff --git a/databases/postgresql93/Makefile.common b/databases/postgresql93/Makefile.common
index 4f02af7559b..d5f1ae558bc 100644
--- a/databases/postgresql93/Makefile.common
+++ b/databases/postgresql93/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.20 2016/06/19 21:09:56 fhajny Exp $
+# $NetBSD: Makefile.common,v 1.21 2016/08/23 06:28:15 adam Exp $
 #
 # This Makefile fragment is included by all PostgreSQL packages built from
 # the main sources of the PostgreSQL distribution except jdbc-postgresql.
@@ -16,7 +16,7 @@
 # used by databases/postgresql93-pltcl/Makefile
 # used by databases/postgresql93-server/Makefile
 
-DISTNAME=	postgresql-9.3.13
+DISTNAME=	postgresql-9.3.14
 CATEGORIES=	databases
 MASTER_SITES=	${MASTER_SITE_PGSQL:=source/v${PKGVERSION_NOREV}/}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/databases/postgresql93/distinfo b/databases/postgresql93/distinfo
index 267000b3ce8..899d2fc0293 100644
--- a/databases/postgresql93/distinfo
+++ b/databases/postgresql93/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.19 2016/06/19 20:40:10 fhajny Exp $
+$NetBSD: distinfo,v 1.20 2016/08/23 06:28:15 adam Exp $
 
-SHA1 (postgresql-9.3.13.tar.bz2) = 5ee33e9b31c3686bd6c6fa0659f8766f5f70b53c
-RMD160 (postgresql-9.3.13.tar.bz2) = a4269b8eb9c818e5884acbe88c02551551fbbb33
-SHA512 (postgresql-9.3.13.tar.bz2) = 04658f95d723563c08249faf674f2119358059808c42045e05adaa28264b9ae054d4e81ae2bb6639995e007caa65d21d935ff988d5b0473dc517107ddd8c6ca3
-Size (postgresql-9.3.13.tar.bz2) = 17061824 bytes
+SHA1 (postgresql-9.3.14.tar.bz2) = a07cc4d1fd0fdd5ced85b75d821e1eec8eb9cb55
+RMD160 (postgresql-9.3.14.tar.bz2) = e7b6899874901d27f227524039c63823b0d23924
+SHA512 (postgresql-9.3.14.tar.bz2) = 97bd92ffdd661f7428c47a8bc87fde88a2b150e7d08bd577a7159ac65aec319d358495b883b95dff2069d24a8d15d1e7c10c3fae81fc76186bfef0127f257ac4
+Size (postgresql-9.3.14.tar.bz2) = 17042199 bytes
 SHA1 (patch-config_missing) = c2d7d742922ba6861e7660c75b7b53f09e564813
 SHA1 (patch-config_perl.m4) = e035132b1c281a75752d570ac5e29a11176c25c5
 SHA1 (patch-configure) = 3de7635fe18532a05a619941fecad7bcda6c51b9
@@ -19,7 +19,3 @@ SHA1 (patch-src_interfaces_libpq_Makefile) = 0066301bc8b31b9e26c79153427537bc386
 SHA1 (patch-src_makefiles_Makefile.solaris) = 0168f5bc105ffc89d5db40907a08966d8465f5a0
 SHA1 (patch-src_pl_plperl_GNUmakefile) = 6ee3e431f46ce5c2a94df499504b2b8bd458bbef
 SHA1 (patch-src_pl_plperl_plperl.h) = bd663fa80a47f7b82ce689060750fa6e631fbc61
-SHA1 (patch-src_timezone_localtime.c) = 622f57bc1d10f07ab73f86765cbf587eece57085
-SHA1 (patch-src_timezone_private.h) = 85dac95e40efc16270885087f868aeb76e1b9214
-SHA1 (patch-src_timezone_strftime.c) = 25102dce1b9b22385353af23500636fb18e3bf64
-SHA1 (patch-src_timezone_zic.c) = ed04d781845239ce5dc7c6fca406ce62c10a9605
diff --git a/databases/postgresql93/patches/patch-src_timezone_localtime.c b/databases/postgresql93/patches/patch-src_timezone_localtime.c
deleted file mode 100644
index afbb792ed70..00000000000
--- a/databases/postgresql93/patches/patch-src_timezone_localtime.c
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-src_timezone_localtime.c,v 1.1 2013/09/10 15:32:32 adam Exp $
-
---- src/timezone/localtime.c.orig	2009-06-11 16:49:15.000000000 +0200
-+++ src/timezone/localtime.c
-@@ -81,20 +81,20 @@ static pg_time_t detzcode64(const char *
- static int	differ_by_repeat(pg_time_t t1, pg_time_t t0);
- static const char *getzname(const char *strp);
- static const char *getqzname(const char *strp, int delim);
--static const char *getnum(const char *strp, int *nump, int min, int max);
-+static const char *getnum(const char *strp, int *nump, const int min, const int max);
- static const char *getsecs(const char *strp, long *secsp);
- static const char *getoffset(const char *strp, long *offsetp);
- static const char *getrule(const char *strp, struct rule * rulep);
- static void gmtload(struct state * sp);
--static struct pg_tm *gmtsub(const pg_time_t *timep, long offset,
-+static struct pg_tm *gmtsub(const pg_time_t *timep, const long offset,
- 	   struct pg_tm * tmp);
--static struct pg_tm *localsub(const pg_time_t *timep, long offset,
-+static struct pg_tm *localsub(const pg_time_t *timep, const long offset,
- 		 struct pg_tm * tmp, const pg_tz *tz);
- static int	increment_overflow(int *number, int delta);
--static pg_time_t transtime(pg_time_t janfirst, int year,
--		  const struct rule * rulep, long offset);
-+static pg_time_t transtime(pg_time_t janfirst, const int year,
-+		  const struct rule * rulep, const long offset);
- static int	typesequiv(const struct state * sp, int a, int b);
--static struct pg_tm *timesub(const pg_time_t *timep, long offset,
-+static struct pg_tm *timesub(const pg_time_t *timep, const long offset,
- 		const struct state * sp, struct pg_tm * tmp);
- 
- /* GMT timezone */
diff --git a/databases/postgresql93/patches/patch-src_timezone_private.h b/databases/postgresql93/patches/patch-src_timezone_private.h
deleted file mode 100644
index 6bd3af86530..00000000000
--- a/databases/postgresql93/patches/patch-src_timezone_private.h
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-src_timezone_private.h,v 1.1 2013/09/10 15:32:32 adam Exp $
-
---- src/timezone/private.h.orig	2009-06-11 16:49:15.000000000 +0200
-+++ src/timezone/private.h
-@@ -51,8 +51,8 @@ extern int	unlink(const char *filename);
- extern char *icalloc(int nelem, int elsize);
- extern char *icatalloc(char *old, const char *new);
- extern char *icpyalloc(const char *string);
--extern char *imalloc(int n);
--extern void *irealloc(void *pointer, int size);
-+extern char *imalloc(const int n);
-+extern void *irealloc(void *pointer, const int size);
- extern void icfree(char *pointer);
- extern void ifree(char *pointer);
- extern const char *scheck(const char *string, const char *format);
diff --git a/databases/postgresql93/patches/patch-src_timezone_strftime.c b/databases/postgresql93/patches/patch-src_timezone_strftime.c
deleted file mode 100644
index 9189254ef0e..00000000000
--- a/databases/postgresql93/patches/patch-src_timezone_strftime.c
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-src_timezone_strftime.c,v 1.1 2013/09/10 15:32:32 adam Exp $
-
---- src/timezone/strftime.c.orig	2009-06-11 16:49:15.000000000 +0200
-+++ src/timezone/strftime.c
-@@ -89,7 +89,7 @@ static const struct lc_time_T C_time_loc
- };
- 
- static char *_add(const char *, char *, const char *);
--static char *_conv(int, const char *, char *, const char *);
-+static char *_conv(const int, const char *, char *, const char *);
- static char *_fmt(const char *, const struct pg_tm *, char *,
- 	 const char *, int *);
- static char *_yconv(const int, const int, const int, const int,
diff --git a/databases/postgresql93/patches/patch-src_timezone_zic.c b/databases/postgresql93/patches/patch-src_timezone_zic.c
deleted file mode 100644
index 1ad4e609aec..00000000000
--- a/databases/postgresql93/patches/patch-src_timezone_zic.c
+++ /dev/null
@@ -1,78 +0,0 @@
-$NetBSD: patch-src_timezone_zic.c,v 1.1 2013/09/10 15:32:32 adam Exp $
-
---- src/timezone/zic.c.orig	2010-03-16 07:17:04.000000000 +0000
-+++ src/timezone/zic.c
-@@ -121,51 +121,51 @@ struct zone
- 
- extern int	link(const char *fromname, const char *toname);
- static void addtt(const pg_time_t starttime, int type);
--static int addtype(long gmtoff, const char *abbr, int isdst,
--		int ttisstd, int ttisgmt);
--static void leapadd(const pg_time_t t, int positive, int rolling, int count);
-+static int addtype(const long gmtoff, const char *abbr, const int isdst,
-+		const int ttisstd, const int ttisgmt);
-+static void leapadd(const pg_time_t t, const int positive, const int rolling, int count);
- static void adjleap(void);
- static void associate(void);
- static int	ciequal(const char *ap, const char *bp);
--static void convert(long val, char *buf);
-+static void convert(const long val, char *buf);
- static void dolink(const char *fromfile, const char *tofile);
- static void doabbr(char *abbr, const char *format,
--	   const char *letters, int isdst, int doquotes);
--static void eat(const char *name, int num);
--static void eats(const char *name, int num,
--	 const char *rname, int rnum);
--static long eitol(int i);
-+	   const char *letters, const int isdst, int doquotes);
-+static void eat(const char *name, const int num);
-+static void eats(const char *name, const int num,
-+	 const char *rname, const int rnum);
-+static long eitol(const int i);
- static void error(const char *message);
- static char **getfields(char *buf);
- static long gethms(const char *string, const char *errstrng,
--	   int signable);
-+	   const int signable);
- static void infile(const char *filename);
--static void inleap(char **fields, int nfields);
--static void inlink(char **fields, int nfields);
--static void inrule(char **fields, int nfields);
--static int	inzcont(char **fields, int nfields);
--static int	inzone(char **fields, int nfields);
--static int	inzsub(char **fields, int nfields, int iscont);
-+static void inleap(char **fields, const int nfields);
-+static void inlink(char **fields, const int nfields);
-+static void inrule(char **fields, const int nfields);
-+static int	inzcont(char **fields, const int nfields);
-+static int	inzone(char **fields, const int nfields);
-+static int	inzsub(char **fields, const int nfields, const int iscont);
- static int	itsabbr(const char *abbr, const char *word);
- static int	itsdir(const char *name);
- static int	lowerit(int c);
- static char *memcheck(char *tocheck);
- static int	mkdirs(char *filename);
- static void newabbr(const char *abbr);
--static long oadd(long t1, long t2);
--static void outzone(const struct zone * zp, int ntzones);
--static void puttzcode(long code, FILE *fp);
-+static long oadd(const long t1, const long t2);
-+static void outzone(const struct zone * zp, const int ntzones);
-+static void puttzcode(const long code, FILE *fp);
- static int	rcomp(const void *leftp, const void *rightp);
--static pg_time_t rpytime(const struct rule * rp, int wantedy);
-+static pg_time_t rpytime(const struct rule * rp, const int wantedy);
- static void rulesub(struct rule * rp,
- 		const char *loyearp, const char *hiyearp,
- 		const char *typep, const char *monthp,
- 		const char *dayp, const char *timep);
- static void setboundaries(void);
--static pg_time_t tadd(const pg_time_t t1, long t2);
-+static pg_time_t tadd(const pg_time_t t1, const long t2);
- static void usage(FILE *stream, int status);
- static void writezone(const char *name, const char *string);
--static int	yearistype(int year, const char *type);
-+static int	yearistype(const int year, const char *type);
- 
- static int	charcnt;
- static int	errors;