This updates PostgreSQL to the latest release. Release announcement at:
https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
Fixes CVE-2024-7348: PostgreSQL relation replacement during pg_dump
executes arbitrary SQL
Tested briefly on amd64. I'll be doing some additional testing, and
will be committing in a couple days unless I hear objections.
As this fixes a CVE, I will be backporting this to -stable.
Thanks,
Jeremy
Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/postgresql/Makefile,v
diff -u -p -u -p -r1.304 Makefile
--- Makefile 1 Jun 2024 05:36:58 -0000 1.304
+++ Makefile 8 Aug 2024 14:10:58 -0000
@@ -5,11 +5,10 @@ COMMENT-contrib=PostgreSQL RDBMS contrib
COMMENT-plpython=Python procedural language for PostgreSQL
COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
-VERSION= 16.3
+VERSION= 16.4
PREV_MAJOR= 15
DISTNAME= postgresql-${VERSION}
PKGNAME-main= postgresql-client-${VERSION}
-REVISION= 0
DPB_PROPERTIES= parallel
Index: distinfo
===================================================================
RCS file: /cvs/ports/databases/postgresql/distinfo,v
diff -u -p -u -p -r1.101 distinfo
--- distinfo 20 May 2024 19:14:05 -0000 1.101
+++ distinfo 8 Aug 2024 14:11:28 -0000
@@ -1,2 +1,2 @@
-SHA256 (postgresql-16.3.tar.gz) = vTeYw5m8G20IuUNA+d16daMKf6B2eI7y9ISL4r5qX8U=
-SIZE (postgresql-16.3.tar.gz) = 32616059
+SHA256 (postgresql-16.4.tar.gz) = LhepAGJAPhXWVASA/exQyLAF60hympHLSYn/6wTfGTw=
+SIZE (postgresql-16.4.tar.gz) = 32660355
Index: patches/patch-src_bin_initdb_initdb_c
===================================================================
RCS file:
/cvs/ports/databases/postgresql/patches/patch-src_bin_initdb_initdb_c,v
diff -u -p -u -p -r1.2 patch-src_bin_initdb_initdb_c
--- patches/patch-src_bin_initdb_initdb_c 10 Feb 2024 19:18:10 -0000
1.2
+++ patches/patch-src_bin_initdb_initdb_c 8 Aug 2024 14:11:58 -0000
@@ -4,7 +4,7 @@ script handles.
Index: src/bin/initdb/initdb.c
--- src/bin/initdb/initdb.c.orig
+++ src/bin/initdb/initdb.c
-@@ -3411,6 +3411,16 @@ main(int argc, char *argv[])
+@@ -3416,6 +3416,16 @@ main(int argc, char *argv[])
if (!noinstructions)
{
@@ -21,7 +21,7 @@ Index: src/bin/initdb/initdb.c
/*
* Build up a shell command to tell the user how to start the
server
*/
-@@ -3442,6 +3452,7 @@ main(int argc, char *argv[])
+@@ -3447,6 +3457,7 @@ main(int argc, char *argv[])
start_db_cmd->data);
destroyPQExpBuffer(start_db_cmd);
Index: pkg/PLIST-docs
===================================================================
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
diff -u -p -u -p -r1.114 PLIST-docs
--- pkg/PLIST-docs 20 May 2024 19:14:05 -0000 1.114
+++ pkg/PLIST-docs 8 Aug 2024 14:21:30 -0000
@@ -718,6 +718,7 @@ share/doc/postgresql/html/regress.html
share/doc/postgresql/html/release-16-1.html
share/doc/postgresql/html/release-16-2.html
share/doc/postgresql/html/release-16-3.html
+share/doc/postgresql/html/release-16-4.html
share/doc/postgresql/html/release-16.html
share/doc/postgresql/html/release-prior.html
share/doc/postgresql/html/release.html
