Log message:
retire postgresql96 (EOL)

Log message:
revbump for textproc/icu update

Log message:
revbump for icu and libffi

Log message:
postgresqlNN: reset revision

Log message:
postgresql: updated to 14.1, 13.5, 12.9, 11.14, 10.19, 9.6.24

PostgreSQL 14.1, 13.5, 12.9, 11.14, 10.19, and 9.6.24

Security Issues

CVE-2021-23214: Server processes unencrypted bytes from man-in-the-middle

Versions Affected: 9.6 - 14. The security team typically does not test \ 
unsupported versions, but this problem is quite old.

When the server is configured to use trust authentication with a clientcert \ 
requirement or to use cert authentication, a man-in-the-middle attacker can \ 
inject arbitrary SQL queries when a connection is first established, despite the \ 
use of SSL certificate verification and encryption.

The PostgreSQL project thanks Jacob Champion for reporting this problem.

CVE-2021-23222: libpq processes unencrypted bytes from man-in-the-middle

Versions Affected: 9.6 - 14. The security team typically does not test \ 
unsupported versions, but this problem is quite old.

A man-in-the-middle attacker can inject false responses to the client's first \ 
few queries, despite the use of SSL certificate verification and encryption.

If more preconditions hold, the attacker can exfiltrate the client's password or \ 
other confidential data that might be transmitted early in a session. The \ 
attacker must have a way to trick the client's intended server into making the \ 
confidential data accessible to the attacker. A known implementation having that \ 
property is a PostgreSQL configuration vulnerable to CVE-2021-23214.

As with any exploitation of CVE-2021-23214, the server must be using trust \ 
authentication with a clientcert requirement or using cert authentication. To \ 
disclose a password, the client must be in possession of a password, which is \ 
atypical when using an authentication configuration vulnerable to \ 
CVE-2021-23214. The attacker must have some other way to access the server to \ 
retrieve the exfiltrated data (a valid, unprivileged login account would be \ 
sufficient).

The PostgreSQL project thanks Jacob Champion for reporting this problem.

Bug Fixes and Improvements

This update fixes over 40 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 14. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Some of these fixes include:

Fix physical replication for cases where the primary crashes after shipping a \ 
WAL segment that ends with a partial WAL record. When applying this update, \ 
update your standby servers before the primary so that they will be ready to \ 
handle the fix if the primary happens to crash.
Fix parallel VACUUM so that it will process indexes below the \ 
min_parallel_index_scan_size threshold if the table has at least two indexes \ 
that are above that size. This problem does not affect autovacuum. If you are \ 
affected by this issue, you should reindex any manually-vacuumed tables.
Fix causes of CREATE INDEX CONCURRENTLY and REINDEX CONCURRENTLY writing corrupt \ 
indexes. You should reindex any concurrently-built indexes.
Fix for attaching/detaching a partition that could allow certain INSERT/UPDATE \ 
queries to misbehave in active sessions.
Fix for creating a new range type with CREATE TYPE that could cause problems for \ 
later event triggers or subsequent executions of the CREATE TYPE command.
Fix updates of element fields in arrays of a domain that is a part of a composite.
Disallow the combination of FETCH FIRST WITH TIES and FOR UPDATE SKIP LOCKED.
Fix corner-case loss of precision in the numeric power() function.
Fix restoration of a Portal's snapshot inside a subtransaction, which could lead \ 
to a crash. For example, this could occur in PL/pgSQL when a COMMIT is \ 
immediately followed by a BEGIN ... EXCEPTION block that performs a query.
Clean up correctly if a transaction fails after exporting its snapshot. This \ 
could occur if a replication slot was created then rolled back, and then another \ 
replication slot was created in the same session.
Fix for "overflowed-subtransaction" wraparound tracking on standby \ 
servers that could lead to performance degradation.
Ensure that prepared transactions are properly accounted for during promotion of \ 
a standby server.
Ensure that the correct lock level is used when renaming a table.
Avoid crash when dropping a role that owns objects being dropped concurrently.
Disallow setting huge_pages to on when shared_memory_type is sysv
Fix query type checking in the PL/pgSQL RETURN QUERY.
Several fixes for pg_dump, including the ability to dump non-global default \ 
privileges correctly.
Use the CLDR project's data to map Windows time zone names to IANA time zones.
This update also contains tzdata release 2021e for DST law changes in Fiji, \ 
Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook \ 
Islands, Guyana, Niue, Portugal, and Tonga.

Also, the Pacific/Enderbury zone has been renamed to Pacific/Kanton. Also, the \ 
following zones have been merged into nearby, more-populous zones whose clocks \ 
have agreed with them since 1970: Africa/Accra, America/Atikokan, \ 
America/Blanc-Sablon, America/Creston, America/Curacao, America/Nassau, \ 
America/Port_of_Spain, Antarctica/DumontDUrville, and Antarctica/Syowa. In all \ 
these cases, the previous zone name remains as an alias.

Log message:
databases: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (some may be only fetched
conditionally):

./databases/cstore/distinfo D6.data.ros.gz
./databases/cstore/distinfo cstore0.2.tar.gz
./databases/cstore/distinfo data4.tar.gz

Log message:
*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk

Log message:
databases: Remove SHA1 distfile hashes

Log message:
postgresql: updated to 13.4, 12.8, 11.13, 10.18, 9.6.23

PostgreSQL 13.4, 12.8, 11.13, 10.18, 9.6.23

Security Issues

CVE-2021-3677: Memory disclosure in certain queries

Versions Affected: 11 - 13.

A purpose-crafted query can read arbitrary bytes of server memory. In the \ 
default configuration, any authenticated database user can complete this attack \ 
at will. The attack does not require the ability to create objects. If server \ 
settings include max_worker_processes=0, the known versions of this attack are \ 
infeasible. However, undiscovered variants of the attack may be independent of \ 
that setting.

Bug Fixes and Improvements

This update also fixes over 75 bugs that were reported in the last several \ 
months. Some of these issues affect only version 13, but many affect all \ 
supported versions.

Some of these fixes include:

Completely disable TLS/SSL renegotiation. This was previously disabled, but the \ 
server would still execute a client-initiated renegotiation request.
Restore the Portal-level snapshot after COMMIT or ROLLBACK within a procedure. \ 
This change fixes cases where an attempt to fetch a toasted value immediately \ 
after COMMIT/ROLLBACK would fail with errors like "no known snapshots" \ 
or "missing chunk number 0 for toast value".
Avoid misbehavior when persisting the output of a cursor that's reading a \ 
volatile query.
Reject cases where a query in WITH rewrites to just NOTIFY, which would cause a \ 
crash.
Several corner-case fixes for numeric types.
ALTER EXTENSION now locks the extension when adding or removing a member object.
The "enabled" status is now copied when a partitioned table's triggers \ 
are cloned to a new partition.
Avoid alias conflicts in queries generated for REFRESH MATERIALIZED VIEW \ 
CONCURRENTLY. This command failed on materialized views containing columns with \ 
certain names, notably mv and newdata.
Disallow whole-row variables in GENERATED expressions.
Several fixes for DROP OWNED BY behavior in relation to row-level security (RLS) \ 
policies.
Re-allow old-style Windows locale names in CREATE COLLATION commands.
walsenders now show their latest replication command in pg_stat_activity, \ 
instead of just showing the latest SQL command.
pg_settings.pending_restart now shows as true when a pertinent entry in \ 
postgresql.conf is removed.
On 64-bit Windows, allow the effective value of work_mem * hash_mem_multiplier \ 
to exceed 2GB.
Update minimum recovery point when WAL replay of a transaction abort record \ 
causes file truncation.
Advance oldest-required-WAL-segment horizon properly after a replication slot is \ 
invalidated. This fixes an issue where the server's WAL storage could run out of \ 
space.
Improve progress reporting for the sort phase of a parallel B-tree index build.
Fix assorted crash cases in logical replication of partitioned-table updates and \ 
when firing AFTER triggers of partitioned tables.
Prevent infinite loops in SP-GiST index insertion.
Ensure that SP-GiST index insertion can be terminated by a query cancel request.
In psql and other client programs, avoid overrunning the ends of strings when \ 
dealing with invalidly-encoded data.
Fix pg_dump to correctly handle triggers on partitioned tables whose enabled \ 
status is different from their parent triggers' status.
Avoid "invalid creation date in header" warnings when running \ 
pg_restore on a file created in a different time zone.
pg_upgrade now carries forward the old installation's oldestXID value and no \ 
longer forces an anti-wraparound VACUUM."
Extend pg_upgrade to detect and warn about extensions that should be upgraded.
Fix contrib/postgres_fdw to better work with generated columns, so long as a \ 
generated column in a foreign table represents a generated column in the remote \ 
table.

Log message:
postgres*: detect NetBSD/sparc correctly