From: Jeremy Evans Subject: Update: PostgreSQL 18.2 To: OpenBSD ports Date: Thu, 12 Feb 2026 17:54:01 -0800 This updates to the latest release of PostgreSQL. In addition to the usual bug fixes, there are some security fixes: CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory Tested locally on amd64. OKs? The first 4 CVEs affect PostgresSQL 17, so if someone could handle updating -stable to 17.8, I would appreciate it. Jeremy Index: Makefile =================================================================== RCS file: /cvs/ports/databases/postgresql/Makefile,v retrieving revision 1.316 diff -u -p -u -p -r1.316 Makefile --- Makefile 22 Jan 2026 01:24:20 -0000 1.316 +++ Makefile 13 Feb 2026 01:49:40 -0000 @@ -5,11 +5,10 @@ COMMENT-contrib=PostgreSQL RDBMS contrib COMMENT-plpython=Python procedural language for PostgreSQL COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version -VERSION= 18.1 +VERSION= 18.2 PREV_MAJOR= 17 DISTNAME= postgresql-${VERSION} PKGNAME-main= postgresql-client-${VERSION} -REVISION-server=1 DPB_PROPERTIES= parallel Index: distinfo =================================================================== RCS file: /cvs/ports/databases/postgresql/distinfo,v retrieving revision 1.108 diff -u -p -u -p -r1.108 distinfo --- distinfo 23 Nov 2025 03:05:13 -0000 1.108 +++ distinfo 13 Feb 2026 01:49:40 -0000 @@ -1,2 +1,2 @@ -SHA256 (postgresql-18.1.tar.gz) = sPGMLWlz0qoCPPx3/tp4fXu+nDGjl30PBKwpiF+5jsQ= -SIZE (postgresql-18.1.tar.gz) = 29294939 +SHA256 (postgresql-18.2.tar.gz) = hSaOxwe3JmXsyI2vVDjoQIHcB9nRYybr8++aX+yc4eA= +SIZE (postgresql-18.2.tar.gz) = 29406805 Index: pkg/PLIST-docs =================================================================== RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v retrieving revision 1.121 diff -u -p -u -p -r1.121 PLIST-docs --- pkg/PLIST-docs 23 Nov 2025 03:05:13 -0000 1.121 +++ pkg/PLIST-docs 13 Feb 2026 01:49:40 -0000 @@ -705,6 +705,7 @@ share/doc/postgresql/html/regress-tap.ht share/doc/postgresql/html/regress-variant.html share/doc/postgresql/html/regress.html share/doc/postgresql/html/release-18-1.html +share/doc/postgresql/html/release-18-2.html share/doc/postgresql/html/release-18.html share/doc/postgresql/html/release-prior.html share/doc/postgresql/html/release.html