Created attachment 202436 [details] postgresql11-server-llvm.patch The following two files required to enable LLVM JIT are not installed even though enabling LLVM option. * /usr/local/lib/postgresql/llvmjit.so * /usr/local/lib/postgresql/llvmjit_types.bc See the patch.
Committed. Thanks!
A commit references this bug: Author: girgen Date: Thu May 9 22:32:14 UTC 2019 New revision: 501149 URL: https://svnweb.freebsd.org/changeset/ports/501149 Log: The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22. This release fixes two security issues in the PostgreSQL server, a security issue found in two of the PostgreSQL Windows installers, and over 60 bugs reported over the last three months. Security: CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. Security: CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL project thanks Dean Rasheed for reporting this problem. Also fix a FreeBSD port problem with LLVM [1] and add promote command to `service postgresql` [2] PR: 236100, 234879 Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2] Changes: head/databases/postgresql10-server/Makefile head/databases/postgresql10-server/distinfo head/databases/postgresql10-server/files/postgresql.in head/databases/postgresql10-server/pkg-plist-server head/databases/postgresql11-server/Makefile head/databases/postgresql11-server/distinfo head/databases/postgresql11-server/files/postgresql.in head/databases/postgresql11-server/pkg-plist-server head/databases/postgresql94-server/Makefile head/databases/postgresql94-server/distinfo head/databases/postgresql94-server/files/postgresql.in head/databases/postgresql95-server/Makefile head/databases/postgresql95-server/distinfo head/databases/postgresql95-server/files/postgresql.in head/databases/postgresql96-server/Makefile head/databases/postgresql96-server/distinfo head/databases/postgresql96-server/files/postgresql.in
A commit references this bug: Author: girgen Date: Mon May 13 10:57:32 UTC 2019 New revision: 501551 URL: https://svnweb.freebsd.org/changeset/ports/501551 Log: MFH: r501149 The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22. This release fixes two security issues in the PostgreSQL server, a security issue found in two of the PostgreSQL Windows installers, and over 60 bugs reported over the last three months. Security: CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. Security: CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL project thanks Dean Rasheed for reporting this problem. Also fix a FreeBSD port problem with LLVM [1] and add promote command to `service postgresql` [2] PR: 236100, 234879 Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2] Approved by: ports-secteam (joneum) Changes: _U branches/2019Q2/ branches/2019Q2/databases/postgresql10-server/Makefile branches/2019Q2/databases/postgresql10-server/distinfo branches/2019Q2/databases/postgresql10-server/files/postgresql.in branches/2019Q2/databases/postgresql10-server/pkg-plist-server branches/2019Q2/databases/postgresql11-server/Makefile branches/2019Q2/databases/postgresql11-server/distinfo branches/2019Q2/databases/postgresql11-server/files/postgresql.in branches/2019Q2/databases/postgresql11-server/pkg-plist-server branches/2019Q2/databases/postgresql94-server/Makefile branches/2019Q2/databases/postgresql94-server/distinfo branches/2019Q2/databases/postgresql94-server/files/postgresql.in branches/2019Q2/databases/postgresql95-server/Makefile branches/2019Q2/databases/postgresql95-server/distinfo branches/2019Q2/databases/postgresql95-server/files/postgresql.in branches/2019Q2/databases/postgresql96-server/Makefile branches/2019Q2/databases/postgresql96-server/distinfo branches/2019Q2/databases/postgresql96-server/files/postgresql.in