From: Jeremy Evans Subject: Re: databases/postgresql 18.4 - fixing multiple CVEs To: Mark Patruck Cc: ports@openbsd.org Date: Sat, 23 May 2026 13:43:38 -0700 On 05/23 11:29, Mark Patruck wrote: > Update to databases/postgresql 18.4 released 9 days ago fixing > multiple high scored CVEs. > > Changelog: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/ > > No issues spotted after updating, although i'm only using plain > postgresql so perhaps also work is needed for databases/postgresql > - pllua > - plr > - odbc > - ... Thank you for the reminder. I used to get notified about PostgreSQL releases via Twitter, but they've stopped that, so I signed up for email notifications. This passes all my tests, so I'll commit it tomorrow unless there are objections. If someone could take care of a -stable update, I would appreciate it. > I've also sent a diff for databases/postgresql-previous 17.10 to > ports@ In general, we only update postgresql-previous for issues affecting pg_upgrade's use of the programs. postgresql-previous is not designed or supported for direct use, it only exists because pg_upgrade depends on it. There is a pg_upgrade fix in the release notes: "Fix pg_upgrade to use the correct protocol version when connecting to older source servers." However, I believe this affects pg_upgrade itself (which is in the postgresql port), and not how pg_upgrade would use the programs in postgresql-previous. So I don't think we should update postgresql-previous, unless you believe one of the fixes is needed for pg_upgrade to succeed. Best, Jeremy > Index: Makefile > =================================================================== > RCS file: /cvs/ports/databases/postgresql/Makefile,v > retrieving revision 1.318 > diff -u -p -r1.318 Makefile > --- Makefile 27 Feb 2026 06:38:52 -0000 1.318 > +++ Makefile 18 May 2026 19:55:33 -0000 > @@ -5,7 +5,7 @@ COMMENT-contrib=PostgreSQL RDBMS contrib > COMMENT-plpython=Python procedural language for PostgreSQL > COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version > -VERSION= 18.3 > +VERSION= 18.4 > PREV_MAJOR= 17 > DISTNAME= postgresql-${VERSION} > PKGNAME-main= postgresql-client-${VERSION} > Index: distinfo > =================================================================== > RCS file: /cvs/ports/databases/postgresql/distinfo,v > retrieving revision 1.109 > diff -u -p -r1.109 distinfo > --- distinfo 27 Feb 2026 06:38:52 -0000 1.109 > +++ distinfo 18 May 2026 19:55:33 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (postgresql-18.3.tar.gz) = ngVP/W4BPaLCyaG/1uBiyYh100DfCAUWVRyWubCSalk= > -SIZE (postgresql-18.3.tar.gz) = 29416481 > +SHA256 (postgresql-18.4.tar.gz) = RQqo8toGxG+CIZFugq4GsE+xBA+PAGQ9v4t9ZjyqwLk= > +SIZE (postgresql-18.4.tar.gz) = 29477735 > Index: pkg/PLIST-docs > =================================================================== > RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v > retrieving revision 1.122 > diff -u -p -r1.122 PLIST-docs > --- pkg/PLIST-docs 27 Feb 2026 06:38:52 -0000 1.122 > +++ pkg/PLIST-docs 18 May 2026 19:55:34 -0000 > @@ -707,6 +707,7 @@ share/doc/postgresql/html/regress.html > share/doc/postgresql/html/release-18-1.html > share/doc/postgresql/html/release-18-2.html > share/doc/postgresql/html/release-18-3.html > +share/doc/postgresql/html/release-18-4.html > share/doc/postgresql/html/release-18.html > share/doc/postgresql/html/release-prior.html > share/doc/postgresql/html/release.html > > > -- > Mark Patruck ( mark at wrapped.cx ) > GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51 > https://www.wrapped.cx