From: Mark Patruck <mark@wrapped.cx>
Subject: Re: databases/timescaledb 2.25.2 (CVE #2026-29089)
To: Stuart Henderson <stu@spacehopper.org>
Cc: Renato Aguiar <renato@renatoaguiar.net>, ports@openbsd.org
Date: Fri, 6 Mar 2026 08:58:43 +0100

On 05.03.2026 23:03, Stuart Henderson wrote:
>On 2026/03/05 20:40, Mark Patruck wrote:
>> Update databases/timescaledb to 2.25.2 (+ extras) released
>> two days ago. Besides performance improvements, 2.25.2 fixes
>> also a security issue, see here for more info:
>>
>> https://github.com/timescale/timescaledb/security/advisories/GHSA-vgp2-jj5c-828m
>>
>> Changes since in-ports 2.23.1:
>>
>> https://github.com/timescale/timescaledb/releases/tag/2.24.0
>> https://github.com/timescale/timescaledb/releases/tag/2.25.0
>> https://github.com/timescale/timescaledb/releases/tag/2.25.1
>> https://github.com/timescale/timescaledb/releases/tag/2.25.2
>>
>> As the only direct consumer i know (net/zabbix) works with 2.25.2
>> and our in-ports version is months old, we should get this in asap.
>
>committed to -current.
>
>it looks like 7.8-stable would need a zabbix update before we can commit
>it there, is that right?

Yes, support for timescaledb >=2.25 was added just two weeks ago
to -current. 

On Monday/Tuesday, net/zabbix 7.0.24 will arrive and with that upstream
support for timescaledb >=2.25, so perhaps we can directly push that to
7.8-stable?


--
Mark Patruck ( mark at wrapped.cx )
GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74  F644 0D3C F66F F286 5E51
  
https://www.wrapped.cx