./databases/postgresql12-plperl, PL/Perl procedural language for the PostgreSQL backend

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 12.11nb1, Package name: postgresql12-plperl-12.11nb1, Maintainer: adam

PL/Perl allows you to write functions in the Perl programming language
that may be used in SQL queries as if they were built into Postgres.
The PL/Perl intepreter is a full Perl interpreter. However, certain
operations have been disabled in order to maintain the security of the
system.


Required to run:
[textproc/libxml2] [lang/perl5] [security/heimdal] [databases/postgresql12-client] [databases/postgresql12-server]

Required to build:
[pkgtools/cwrappers]

Package options: gssapi, nls

Master sites:

Filesize: 20592.524 KB

Version history: (Expand)


CVS history: (Expand)


   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-05-12 21:02:47 by Adam Ciarcinski | Files touched by this commit (55) | Package updated
Log message:
postgresqlNN: updated to 14.3, 13.7, 12.11, 11.16, and 10.21

The PostgreSQL Global Development Group has released an update to all supported \ 
versions of PostgreSQL, including 14.3, 13.7, 12.11, 11.16, and 10.21. This \ 
release closes one security vulnerability and fixes over 50 bugs reported over \ 
the last three months.

CVE-2022-1552: Autovacuum, REINDEX, and others omit "security restricted \ 
operation" sandbox.

Versions Affected: 10 - 14. The security team typically does not test \ 
unsupported versions, but this problem is quite old.

Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and \ 
pg_amcheck made incomplete efforts to operate safely when a privileged user is \ 
maintaining another user's objects. Those commands activated relevant \ 
protections too late or not at all. An attacker having permission to create \ 
non-temp objects in at least one schema could execute arbitrary SQL functions \ 
under a superuser identity.

While promptly updating PostgreSQL is the best remediation for most users, a \ 
user unable to do that can work around the vulnerability by disabling \ 
autovacuum, not manually running the above commands, and not restoring from \ 
output of the pg_dump command. Performance may degrade quickly under this \ 
workaround. VACUUM is safe, and all commands are fine when a trusted user owns \ 
the target object.

Bug Fixes and Improvements

This update fixes over 50 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 14. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Included in this release:

Fix issue that could lead to corruption of GiST indexes on ltree columns. After \ 
upgrading, you will need to reindex any GiST indexes on ltree columns.
Column names in tuples produced by a whole-row variable (e.g. tbl.*) outside of \ 
a top-level of a SELECT list are now always associated with those of the \ 
associated named composite type, if there is one. The release notes detail a \ 
workaround if you depend on the previous behavior.
Fix incorrect rounding when extracting epoch values from interval types.
Prevent issues with calling pg_stat_get_replication_slot(NULL).
Fix incorrect output for types timestamptz and timetz in table_to_xmlschema().
Fix errors related to a planner issue that affected asynchronous remote queries.
Fix planner failure if a query using SEARCH or CYCLE features contains a \ 
duplicate common-table expression (WITH) name.
Fix ALTER FUNCTION to support changing a function's parallelism property and its \ 
SET-variable list in the same command.
Fix incorrect sorting of table rows when using CLUSTER on an index whose leading \ 
key is an expression.
Prevent data loss if a system crash occurs shortly after a sorted GiST index build.
Fix risk of deadlock failures while dropping a partitioned index.
Fix race condition between DROP TABLESPACE and checkpointing that could fail to \ 
remove all dead files from the tablespace directory.
Fix potential issue in crash recovery after a TRUNCATE command that overlaps \ 
with a checkpoint.
Re-allow _ as the first character in a custom configuration parameter name.
Fix PANIC: xlog flush request is not satisfied failure during standby promotion \ 
when there is a missing WAL continuation record.
Fix possibility of self-deadlock in hot standby conflict handling.
Ensure that logical replication apply workers can be restarted when the server \ 
is near the max_sync_workers_per_subscription limit.
Disallow execution of SPI functions during PL/Perl function compilation.
libpq now accepts root-owned SSL private key files, which matches the rules the \ 
server has used since the 9.6 release.
Re-allow database.schema.table patterns in psql, pg_dump, and pg_amcheck.
Several fixes for pageinspect to improve overall stability.
Disable batch insertion in postgres_fdw when BEFORE INSERT ... FOR EACH ROW \ 
triggers exist on the foreign table.
Update JIT code to work with LLVM 14.
   2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | Package updated
Log message:
revbump for textproc/icu update
   2022-02-11 09:31:25 by Adam Ciarcinski | Files touched by this commit (56) | Package updated
Log message:
postgresql1N: updated to 14.2, 13.6, 12.10, 11.15, and 10.20

PostgreSQL 14.2, 13.6, 12.10, 11.15, and 10.20 Released!

This update fixes over 55 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 14. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Included in this release:

Fix for a low probability scenario of index corruption when a HOT (heap-only \ 
tuple) chain changes state during VACUUM. Encountering this issue is unlikely, \ 
but if you are concerned, please consider reindexing.
Fix for using REINDEX CONCURRENTLY on TOAST table indexes to prevent corruption. \ 
You can fix any TOAST indexes by reindexing them again.
The psql \password command now defaults to setting the password for the role \ 
defined by CURRENT_USER. Additionally, the role name is now included in the \ 
password prompt.
Build extended statistics for partitioned tables. If you previously added \ 
extended statistics to a partitioned table, you should run ANALYZE on those \ 
tables. As autovacuum currently does not process partitioned tables, you must \ 
periodically run ANALYZE on any partitioned tables to update their statistics.
Fix crash with ALTER STATISTICS when the statistics object is dropped concurrently.
Fix crash with multiranges when extracting variable-length data types.
Several fixes to the query planner that lead to incorrect query results.
Several fixes for query plan memoization.
Fix startup of a physical replica to tolerate transaction ID wraparound.
When using logical replication, avoid duplicate transmission of a partitioned \ 
table's data when the publication includes both the child and parent tables.
Disallow altering data type of a partitioned table's columns when the \ 
partitioned table's row type is used as a composite type elsewhere.
Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica \ 
identity index.
Several fixes for caching that correct logical replication behavior and improve \ 
performance.
Fix memory leak when updating expression indexes.
Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership \ 
of many objects.
Fix display of whole-row variables appearing in INSERT ... VALUES rules.
Fix race condition that could lead to failure to localize error messages that \ 
are reported early in multi-threaded use of libpq or ecpglib.
Fix psql \d command for identifying parent triggers.
Fix failures on Windows when using the terminal as data source or destination. \ 
This affected the psql \copy command and using pg_recvlogical with -f -.
Fix the pg_dump --inserts and --column-inserts modes to handle tables that \ 
contain both generated and dropped columns.
Fix edge cases in how postgres_fdw handles asynchronous queries. These errors \ 
could lead to crashes or incorrect results when attempting to run parallel scans \ 
of foreign tables.
For the full list of changes available, please review the release notes.
   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2021-08-13 13:54:48 by Adam Ciarcinski | Files touched by this commit (55) | Package updated
Log message:
postgresql: updated to 13.4, 12.8, 11.13, 10.18, 9.6.23

PostgreSQL 13.4, 12.8, 11.13, 10.18, 9.6.23

Security Issues

CVE-2021-3677: Memory disclosure in certain queries

Versions Affected: 11 - 13.

A purpose-crafted query can read arbitrary bytes of server memory. In the \ 
default configuration, any authenticated database user can complete this attack \ 
at will. The attack does not require the ability to create objects. If server \ 
settings include max_worker_processes=0, the known versions of this attack are \ 
infeasible. However, undiscovered variants of the attack may be independent of \ 
that setting.

Bug Fixes and Improvements

This update also fixes over 75 bugs that were reported in the last several \ 
months. Some of these issues affect only version 13, but many affect all \ 
supported versions.

Some of these fixes include:

Completely disable TLS/SSL renegotiation. This was previously disabled, but the \ 
server would still execute a client-initiated renegotiation request.
Restore the Portal-level snapshot after COMMIT or ROLLBACK within a procedure. \ 
This change fixes cases where an attempt to fetch a toasted value immediately \ 
after COMMIT/ROLLBACK would fail with errors like "no known snapshots" \ 
or "missing chunk number 0 for toast value".
Avoid misbehavior when persisting the output of a cursor that's reading a \ 
volatile query.
Reject cases where a query in WITH rewrites to just NOTIFY, which would cause a \ 
crash.
Several corner-case fixes for numeric types.
ALTER EXTENSION now locks the extension when adding or removing a member object.
The "enabled" status is now copied when a partitioned table's triggers \ 
are cloned to a new partition.
Avoid alias conflicts in queries generated for REFRESH MATERIALIZED VIEW \ 
CONCURRENTLY. This command failed on materialized views containing columns with \ 
certain names, notably mv and newdata.
Disallow whole-row variables in GENERATED expressions.
Several fixes for DROP OWNED BY behavior in relation to row-level security (RLS) \ 
policies.
Re-allow old-style Windows locale names in CREATE COLLATION commands.
walsenders now show their latest replication command in pg_stat_activity, \ 
instead of just showing the latest SQL command.
pg_settings.pending_restart now shows as true when a pertinent entry in \ 
postgresql.conf is removed.
On 64-bit Windows, allow the effective value of work_mem * hash_mem_multiplier \ 
to exceed 2GB.
Update minimum recovery point when WAL replay of a transaction abort record \ 
causes file truncation.
Advance oldest-required-WAL-segment horizon properly after a replication slot is \ 
invalidated. This fixes an issue where the server's WAL storage could run out of \ 
space.
Improve progress reporting for the sort phase of a parallel B-tree index build.
Fix assorted crash cases in logical replication of partitioned-table updates and \ 
when firing AFTER triggers of partitioned tables.
Prevent infinite loops in SP-GiST index insertion.
Ensure that SP-GiST index insertion can be terminated by a query cancel request.
In psql and other client programs, avoid overrunning the ends of strings when \ 
dealing with invalidly-encoded data.
Fix pg_dump to correctly handle triggers on partitioned tables whose enabled \ 
status is different from their parent triggers' status.
Avoid "invalid creation date in header" warnings when running \ 
pg_restore on a file created in a different time zone.
pg_upgrade now carries forward the old installation's oldestXID value and no \ 
longer forces an anti-wraparound VACUUM."
Extend pg_upgrade to detect and warn about extensions that should be upgraded.
Fix contrib/postgres_fdw to better work with generated columns, so long as a \ 
generated column in a foreign table represents a generated column in the remote \ 
table.
   2021-06-07 17:07:17 by Greg Troxel | Files touched by this commit (15)
Log message:
postgresql-pl*: Drop MESSAGE

These are merely suggestions to read the documentation.
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34