2018-03-01 Security Update Release

The PostgreSQL Global Development Group has released an update to all supported
versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12,
9.4.17, and 9.3.22.

The purpose of this release is to address CVE-2018-1058, which describes how a
user can create like-named objects in different schemas that can change the
behavior of other users' queries and cause unexpected or malicious behavior,
also known as a "trojan-horse" attack. Most of this release centers around added
documentation that describes the issue and how to take steps to mitigate the
impact on PostgreSQL databases.

We strongly encourage all of our users to please visit
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL
installations.

After evaluating the documentation for CVE-2018-1058, a database administrator
may need to take follow up steps on their PostgreSQL installations to ensure
they are protected from exploitation.

Security:	CVE-2018-1058

16 files changed, 41 insertions, 20 deletions

diff --git a/databases/postgresql10-server/Makefile b/databases/postgresql10-server/Makefile
index 2f0d2b79f882..c3e057537a04 100644
--- a/databases/postgresql10-server/Makefile
+++ b/databases/postgresql10-server/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME?=	postgresql
-DISTVERSION?=	10.2
+DISTVERSION?=	10.3
 PORTREVISION?=	0
 CATEGORIES?=	databases
 MASTER_SITES=	PGSQL/source/v${DISTVERSION}
diff --git a/databases/postgresql10-server/distinfo b/databases/postgresql10-server/distinfo
index fac6cf7215da..cb3f2db9121f 100644
--- a/databases/postgresql10-server/distinfo
+++ b/databases/postgresql10-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1518110073
-SHA256 (postgresql/postgresql-10.2.tar.bz2) = fe32009b62ddb97f7f014307ce9d0edb6972f5a698e63cb531088e147d145bad
-SIZE (postgresql/postgresql-10.2.tar.bz2) = 19901836
+TIMESTAMP = 1519720433
+SHA256 (postgresql/postgresql-10.3.tar.bz2) = 6ea268780ee35e88c65cdb0af7955ad90b7d0ef34573867f223f14e43467931a
+SIZE (postgresql/postgresql-10.3.tar.bz2) = 19959653
diff --git a/databases/postgresql10-server/pkg-plist-client b/databases/postgresql10-server/pkg-plist-client
index 80bebac22052..21a53cc8f467 100644
--- a/databases/postgresql10-server/pkg-plist-client
+++ b/databases/postgresql10-server/pkg-plist-client
@@ -309,6 +309,7 @@ include/postgresql/server/executor/tablefunc.h
 include/postgresql/server/executor/tqueue.h
 include/postgresql/server/executor/tstoreReceiver.h
 include/postgresql/server/executor/tuptable.h
+include/postgresql/server/fe_utils/connect.h
 include/postgresql/server/fe_utils/mbprint.h
 include/postgresql/server/fe_utils/print.h
 include/postgresql/server/fe_utils/psqlscan.h
@@ -1048,6 +1049,7 @@ man/man7/WITH.7.gz
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_config-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_dump-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pgscripts-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/psql-10.mo
 %%NLS%%share/locale/ko/LC_MESSAGES/ecpg-10.mo
 %%NLS%%share/locale/ko/LC_MESSAGES/ecpglib6-10.mo
 %%NLS%%share/locale/ko/LC_MESSAGES/libpq5-10.mo
@@ -1091,6 +1093,7 @@ man/man7/WITH.7.gz
 %%NLS%%share/locale/tr/LC_MESSAGES/libpq5-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_config-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_dump-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pgscripts-10.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/ecpg-10.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/ecpglib6-10.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/libpq5-10.mo
diff --git a/databases/postgresql10-server/pkg-plist-server b/databases/postgresql10-server/pkg-plist-server
index a125d0bf0fa5..62f8a27e1cdd 100644
--- a/databases/postgresql10-server/pkg-plist-server
+++ b/databases/postgresql10-server/pkg-plist-server
@@ -87,6 +87,7 @@ lib/libpgcommon.a
 %%NLS%%share/locale/es/LC_MESSAGES/pg_rewind-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_fsync-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/pg_test_timing-10.mo
+%%NLS%%share/locale/es/LC_MESSAGES/pg_waldump-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/es/LC_MESSAGES/postgres-10.mo
 %%NLS%%share/locale/fr/LC_MESSAGES/initdb-10.mo
@@ -113,10 +114,16 @@ lib/libpgcommon.a
 %%NLS%%share/locale/it/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/it/LC_MESSAGES/postgres-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/initdb-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_archivecleanup-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_basebackup-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_controldata-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_ctl-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_resetwal-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/pg_rewind-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_test_fsync-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_test_timing-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_upgrade-10.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/pg_waldump-10.mo
 %%NLS%%share/locale/ja/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/ko/LC_MESSAGES/initdb-10.mo
 %%NLS%%share/locale/ko/LC_MESSAGES/pg_archivecleanup-10.mo
@@ -175,11 +182,18 @@ lib/libpgcommon.a
 %%NLS%%share/locale/sv/LC_MESSAGES/pg_waldump-10.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/sv/LC_MESSAGES/postgres-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/initdb-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_archivecleanup-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_basebackup-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pg_controldata-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pg_ctl-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pg_resetwal-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pg_rewind-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_test_fsync-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/pg_test_timing-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_upgrade-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/pg_waldump-10.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/plpgsql-10.mo
 %%NLS%%share/locale/tr/LC_MESSAGES/postgres-10.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/initdb-10.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/pg_controldata-10.mo
diff --git a/databases/postgresql93-server/Makefile b/databases/postgresql93-server/Makefile
index 3f44456fa9ca..d8286958aaed 100644
--- a/databases/postgresql93-server/Makefile
+++ b/databases/postgresql93-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.3.21
+DISTVERSION?=	9.3.22
 PORTREVISION=	0
 PKGNAMESUFFIX?=	${DISTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql93-server/distinfo b/databases/postgresql93-server/distinfo
index 72361e89dea2..d15fb6f2f30b 100644
--- a/databases/postgresql93-server/distinfo
+++ b/databases/postgresql93-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1517868536
-SHA256 (postgresql/postgresql-9.3.21.tar.bz2) = b9babc5148188a410e023d7178a5678e989ec2e276498de6cd0028bc331a40e0
-SIZE (postgresql/postgresql-9.3.21.tar.bz2) = 17014472
+TIMESTAMP = 1519745501
+SHA256 (postgresql/postgresql-9.3.22.tar.bz2) = 1b18ed4aa59bab6283a0d8f3a00b9d896f4588bb2ba88ceef2816cb5c4cce91a
+SIZE (postgresql/postgresql-9.3.22.tar.bz2) = 17022938
 SHA256 (postgresql/pg-9314-icu-2016-08-10.diff.gz) = 4be31ad9899d5caf9f57ad7ebfc0d14f0fcf58ad539c82fb353b016fb76c0c30
 SIZE (postgresql/pg-9314-icu-2016-08-10.diff.gz) = 5583
diff --git a/databases/postgresql93-server/pkg-plist-client b/databases/postgresql93-server/pkg-plist-client
index 94d3f012bac3..78586d0acb6d 100644
--- a/databases/postgresql93-server/pkg-plist-client
+++ b/databases/postgresql93-server/pkg-plist-client
@@ -238,6 +238,7 @@ include/postgresql/server/executor/spi.h
 include/postgresql/server/executor/spi_priv.h
 include/postgresql/server/executor/tstoreReceiver.h
 include/postgresql/server/executor/tuptable.h
+include/postgresql/server/fe_utils/connect.h
 include/postgresql/server/fmgr.h
 include/postgresql/server/foreign/fdwapi.h
 include/postgresql/server/foreign/foreign.h
diff --git a/databases/postgresql94-server/Makefile b/databases/postgresql94-server/Makefile
index fcf80ada35fe..b74c95b8c191 100644
--- a/databases/postgresql94-server/Makefile
+++ b/databases/postgresql94-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.4.16
+DISTVERSION?=	9.4.17
 PORTREVISION=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql94-server/distinfo b/databases/postgresql94-server/distinfo
index db1c428b6108..6ce8ebe47d5b 100644
--- a/databases/postgresql94-server/distinfo
+++ b/databases/postgresql94-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1517868536
-SHA256 (postgresql/postgresql-9.4.16.tar.bz2) = dcbc62b621e4d8a445c2f33750f7d96257c38103cccebeb934e6913a3c135e81
-SIZE (postgresql/postgresql-9.4.16.tar.bz2) = 17778763
+TIMESTAMP = 1519745501
+SHA256 (postgresql/postgresql-9.4.17.tar.bz2) = 7a320cd335052b840d209dc9688f09965763351c590e3cc7bf577591179fd7c6
+SIZE (postgresql/postgresql-9.4.17.tar.bz2) = 17807762
 SHA256 (postgresql/pg-949-icu-2016-10-02.diff.gz) = 34612e685a79874db04bc6b66c700bfc6412042840c532eef0da7832d1f70d43
 SIZE (postgresql/pg-949-icu-2016-10-02.diff.gz) = 5289
diff --git a/databases/postgresql94-server/pkg-plist-client b/databases/postgresql94-server/pkg-plist-client
index e756d1dcdf8a..47428471c54d 100644
--- a/databases/postgresql94-server/pkg-plist-client
+++ b/databases/postgresql94-server/pkg-plist-client
@@ -241,6 +241,7 @@ include/postgresql/server/executor/spi.h
 include/postgresql/server/executor/spi_priv.h
 include/postgresql/server/executor/tstoreReceiver.h
 include/postgresql/server/executor/tuptable.h
+include/postgresql/server/fe_utils/connect.h
 include/postgresql/server/fmgr.h
 include/postgresql/server/foreign/fdwapi.h
 include/postgresql/server/foreign/foreign.h
diff --git a/databases/postgresql95-server/Makefile b/databases/postgresql95-server/Makefile
index 06ce296829e7..19396ee663e0 100644
--- a/databases/postgresql95-server/Makefile
+++ b/databases/postgresql95-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.5.11
+DISTVERSION?=	9.5.12
 PORTREVISION=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql95-server/distinfo b/databases/postgresql95-server/distinfo
index 18f0e80dc7a4..c146ae6b6e7a 100644
--- a/databases/postgresql95-server/distinfo
+++ b/databases/postgresql95-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1517868536
-SHA256 (postgresql/postgresql-9.5.11.tar.bz2) = 8182cd74e27a75ae39166b2603b5014f4272855b4101b40819761b853a77c8dd
-SIZE (postgresql/postgresql-9.5.11.tar.bz2) = 18572811
+TIMESTAMP = 1519745501
+SHA256 (postgresql/postgresql-9.5.12.tar.bz2) = 02e86f5c66467731bbec18fde96e0daf38c13c9141d8e7d41be663ab6fa6f698
+SIZE (postgresql/postgresql-9.5.12.tar.bz2) = 18589538
 SHA256 (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5fa083ec38087d6a0961642208f012e902221270708b919b92e9eedaa755e365
 SIZE (postgresql/pg-954-icu-2016-08-10.diff.gz) = 5952
diff --git a/databases/postgresql95-server/pkg-plist-client b/databases/postgresql95-server/pkg-plist-client
index 7850ab86b07f..4015b0f92241 100644
--- a/databases/postgresql95-server/pkg-plist-client
+++ b/databases/postgresql95-server/pkg-plist-client
@@ -266,6 +266,7 @@ include/postgresql/server/executor/spi.h
 include/postgresql/server/executor/spi_priv.h
 include/postgresql/server/executor/tstoreReceiver.h
 include/postgresql/server/executor/tuptable.h
+include/postgresql/server/fe_utils/connect.h
 include/postgresql/server/fmgr.h
 include/postgresql/server/foreign/fdwapi.h
 include/postgresql/server/foreign/foreign.h
diff --git a/databases/postgresql96-server/Makefile b/databases/postgresql96-server/Makefile
index 5b4228029885..eb966b4bd246 100644
--- a/databases/postgresql96-server/Makefile
+++ b/databases/postgresql96-server/Makefile
@@ -1,7 +1,7 @@
 # Created by: Marc G. Fournier <scrappy@FreeBSD.org>
 # $FreeBSD$
 
-DISTVERSION?=	9.6.7
+DISTVERSION?=	9.6.8
 PORTREVISION?=	0
 PKGNAMESUFFIX?=	${PORTVERSION:R:S/.//}${COMPONENT}
 
diff --git a/databases/postgresql96-server/distinfo b/databases/postgresql96-server/distinfo
index b9156bf12016..5edad11a294b 100644
--- a/databases/postgresql96-server/distinfo
+++ b/databases/postgresql96-server/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1517868545
-SHA256 (postgresql/postgresql-9.6.7.tar.bz2) = 2ebe3df3c1d1eab78023bdc3ffa55a154aa84300416b075ef996598d78a624c6
-SIZE (postgresql/postgresql-9.6.7.tar.bz2) = 19504886
+TIMESTAMP = 1519720435
+SHA256 (postgresql/postgresql-9.6.8.tar.bz2) = eafdb3b912e9ec34bdd28b651d00226a6253ba65036cb9a41cad2d9e82e3eb70
+SIZE (postgresql/postgresql-9.6.8.tar.bz2) = 19528927
 SHA256 (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 85f81baa0fc8f692bcf802c8645196d9e3afdef4f760cef712d940b87655486e
 SIZE (postgresql/pg-96b4-icu-2016-10-02.diff.gz) = 5998
diff --git a/databases/postgresql96-server/pkg-plist-client b/databases/postgresql96-server/pkg-plist-client
index f2c98913f3f7..1b67b43b9ad0 100644
--- a/databases/postgresql96-server/pkg-plist-client
+++ b/databases/postgresql96-server/pkg-plist-client
@@ -279,6 +279,7 @@ include/postgresql/server/executor/spi_priv.h
 include/postgresql/server/executor/tqueue.h
 include/postgresql/server/executor/tstoreReceiver.h
 include/postgresql/server/executor/tuptable.h
+include/postgresql/server/fe_utils/connect.h
 include/postgresql/server/fe_utils/mbprint.h
 include/postgresql/server/fe_utils/print.h
 include/postgresql/server/fe_utils/psqlscan.h