Download raw body.
databases/timescaledb 2.25.2 (CVE #2026-29089)
On Thu, Mar 05 2026, Mark Patruck wrote:
> Update databases/timescaledb to 2.25.2 (+ extras) released
> two days ago. Besides performance improvements, 2.25.2 fixes
> also a security issue, see here for more info:
>
> https://github.com/timescale/timescaledb/security/advisories/GHSA-vgp2-jj5c-828m
>
> Changes since in-ports 2.23.1:
>
> https://github.com/timescale/timescaledb/releases/tag/2.24.0
> https://github.com/timescale/timescaledb/releases/tag/2.25.0
> https://github.com/timescale/timescaledb/releases/tag/2.25.1
> https://github.com/timescale/timescaledb/releases/tag/2.25.2
>
> As the only direct consumer i know (net/zabbix) works with 2.25.2
> and our in-ports version is months old, we should get this in asap.
>
> Thanks,
>
> -Mark
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/databases/timescaledb/Makefile,v
> retrieving revision 1.35
> diff -u -p -r1.35 Makefile
> --- Makefile 23 Nov 2025 03:08:24 -0000 1.35
> +++ Makefile 5 Mar 2026 19:30:14 -0000
> @@ -4,10 +4,10 @@ ONLY_FOR_ARCHS = ${LP64_ARCHS}
>
> GH_ACCOUNT = timescale
> GH_PROJECT = timescaledb
> -GH_TAGNAME = 2.23.1
> +GH_TAGNAME = 2.25.2
>
> # -extras is only used for 2.15.X-fix_hypertable_foreign_keys.sql
> -EXTRAS_COMMIT = ba47f5dff02e8d75268cb09dd3c30101cf12dd6f
> +EXTRAS_COMMIT = a9a9b9967a3bd37c5495f2f68f10084ad17ec05f
> DIST_TUPLE += github timescale timescaledb-extras ${EXTRAS_COMMIT} _extras
>
> CATEGORIES = databases
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/databases/timescaledb/distinfo,v
> retrieving revision 1.29
> diff -u -p -r1.29 distinfo
> --- distinfo 23 Nov 2025 03:08:24 -0000 1.29
> +++ distinfo 5 Mar 2026 19:30:14 -0000
> @@ -1,4 +1,4 @@
> -SHA256 (timescale-timescaledb-extras-ba47f5dff02e8d75268cb09dd3c30101cf12dd6f.tar.gz) = MFKGKubWrbok/Gqg6qo3sBn/5J9H1uHK2C9O682MCAw=
> -SHA256 (timescaledb-2.23.1.tar.gz) = JldfqeKHphB6a/Fiusq0kysN8ZvuONKMEy+aLWWR1kc=
> -SIZE (timescale-timescaledb-extras-ba47f5dff02e8d75268cb09dd3c30101cf12dd6f.tar.gz) = 17811
> -SIZE (timescaledb-2.23.1.tar.gz) = 8276671
> +SHA256 (timescale-timescaledb-extras-a9a9b9967a3bd37c5495f2f68f10084ad17ec05f.tar.gz) = ynoVAALGNMSoM9Mi6ZnRZTliWBoiyL8kmslLC3GWMM8=
> +SHA256 (timescaledb-2.25.2.tar.gz) = F50oGkl3zbKa1EFq/9wAAV0he7eUUOBz6n6OFE+dqbQ=
> +SIZE (timescale-timescaledb-extras-a9a9b9967a3bd37c5495f2f68f10084ad17ec05f.tar.gz) = 24216
> +SIZE (timescaledb-2.25.2.tar.gz) = 8308761
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/databases/timescaledb/pkg/PLIST,v
> retrieving revision 1.30
> diff -u -p -r1.30 PLIST
> --- pkg/PLIST 23 Nov 2025 03:08:25 -0000 1.30
> +++ pkg/PLIST 5 Mar 2026 19:30:14 -0000
> @@ -1,5 +1,4 @@
> @so lib/postgresql/timescaledb-${GH_TAGNAME}.so
> -@so lib/postgresql/timescaledb-invalidations-${GH_TAGNAME}.so
> @so lib/postgresql/timescaledb-tsl-${GH_TAGNAME}.so
> @so lib/postgresql/timescaledb.so
> share/doc/pkg-readmes/${PKGSTEM}
> @@ -46,6 +45,10 @@ share/postgresql/extension/timescaledb--
> share/postgresql/extension/timescaledb--2.22.0--${GH_TAGNAME}.sql
> share/postgresql/extension/timescaledb--2.22.1--${GH_TAGNAME}.sql
> share/postgresql/extension/timescaledb--2.23.0--${GH_TAGNAME}.sql
> +share/postgresql/extension/timescaledb--2.23.1--${GH_TAGNAME}.sql
> +share/postgresql/extension/timescaledb--2.24.0--${GH_TAGNAME}.sql
> +share/postgresql/extension/timescaledb--2.25.0--${GH_TAGNAME}.sql
> +share/postgresql/extension/timescaledb--2.25.1--${GH_TAGNAME}.sql
> share/postgresql/extension/timescaledb--${GH_TAGNAME}.sql
> share/postgresql/extension/timescaledb--2.9.0--${GH_TAGNAME}.sql
> share/postgresql/extension/timescaledb--2.9.1--${GH_TAGNAME}.sql
Diff looks good to me.
databases/timescaledb 2.25.2 (CVE #2026-29089)