Index | Thread | Search

From:
Jeremy Evans <jeremy@openbsd.org>
Subject:
Update: PostgreSQL 16.4
To:
OpenBSD ports <ports@openbsd.org>
Date:
Thu, 08 Aug 2024 14:40:42 +0000

Download raw body.

Thread 
This updates PostgreSQL to the latest release.  Release announcement at:
https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/

Fixes CVE-2024-7348: PostgreSQL relation replacement during pg_dump
executes arbitrary SQL

Tested briefly on amd64.  I'll be doing some additional testing, and
will be committing in a couple days unless I hear objections.

As this fixes a CVE, I will be backporting this to -stable.

Thanks,
Jeremy

Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/postgresql/Makefile,v
diff -u -p -u -p -r1.304 Makefile
--- Makefile	1 Jun 2024 05:36:58 -0000	1.304
+++ Makefile	8 Aug 2024 14:10:58 -0000
@@ -5,11 +5,10 @@ COMMENT-contrib=PostgreSQL RDBMS contrib
 COMMENT-plpython=Python procedural language for PostgreSQL
 COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
 
-VERSION=	16.3
+VERSION=	16.4
 PREV_MAJOR=	15
 DISTNAME=	postgresql-${VERSION}
 PKGNAME-main=	postgresql-client-${VERSION}
-REVISION=	0
 
 DPB_PROPERTIES=	parallel
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/databases/postgresql/distinfo,v
diff -u -p -u -p -r1.101 distinfo
--- distinfo	20 May 2024 19:14:05 -0000	1.101
+++ distinfo	8 Aug 2024 14:11:28 -0000
@@ -1,2 +1,2 @@
-SHA256 (postgresql-16.3.tar.gz) = vTeYw5m8G20IuUNA+d16daMKf6B2eI7y9ISL4r5qX8U=
-SIZE (postgresql-16.3.tar.gz) = 32616059
+SHA256 (postgresql-16.4.tar.gz) = LhepAGJAPhXWVASA/exQyLAF60hympHLSYn/6wTfGTw=
+SIZE (postgresql-16.4.tar.gz) = 32660355
Index: patches/patch-src_bin_initdb_initdb_c
===================================================================
RCS file: /cvs/ports/databases/postgresql/patches/patch-src_bin_initdb_initdb_c,v
diff -u -p -u -p -r1.2 patch-src_bin_initdb_initdb_c
--- patches/patch-src_bin_initdb_initdb_c	10 Feb 2024 19:18:10 -0000	1.2
+++ patches/patch-src_bin_initdb_initdb_c	8 Aug 2024 14:11:58 -0000
@@ -4,7 +4,7 @@ script handles.
 Index: src/bin/initdb/initdb.c
 --- src/bin/initdb/initdb.c.orig
 +++ src/bin/initdb/initdb.c
-@@ -3411,6 +3411,16 @@ main(int argc, char *argv[])
+@@ -3416,6 +3416,16 @@ main(int argc, char *argv[])
  
  	if (!noinstructions)
  	{
@@ -21,7 +21,7 @@ Index: src/bin/initdb/initdb.c
  		/*
  		 * Build up a shell command to tell the user how to start the server
  		 */
-@@ -3442,6 +3452,7 @@ main(int argc, char *argv[])
+@@ -3447,6 +3457,7 @@ main(int argc, char *argv[])
  			   start_db_cmd->data);
  
  		destroyPQExpBuffer(start_db_cmd);
Index: pkg/PLIST-docs
===================================================================
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
diff -u -p -u -p -r1.114 PLIST-docs
--- pkg/PLIST-docs	20 May 2024 19:14:05 -0000	1.114
+++ pkg/PLIST-docs	8 Aug 2024 14:21:30 -0000
@@ -718,6 +718,7 @@ share/doc/postgresql/html/regress.html
 share/doc/postgresql/html/release-16-1.html
 share/doc/postgresql/html/release-16-2.html
 share/doc/postgresql/html/release-16-3.html
+share/doc/postgresql/html/release-16-4.html
 share/doc/postgresql/html/release-16.html
 share/doc/postgresql/html/release-prior.html
 share/doc/postgresql/html/release.html