This updates to the latest release of PostgreSQL. In addition to the
usual bug fixes, there are some security fixes:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input
to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character
length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
onto server memory
Tested locally on amd64. OKs?
The first 4 CVEs affect PostgresSQL 17, so if someone could handle
updating -stable to 17.8, I would appreciate it.
Jeremy
Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.316
diff -u -p -u -p -r1.316 Makefile
--- Makefile 22 Jan 2026 01:24:20 -0000 1.316
+++ Makefile 13 Feb 2026 01:49:40 -0000
@@ -5,11 +5,10 @@ COMMENT-contrib=PostgreSQL RDBMS contrib
COMMENT-plpython=Python procedural language for PostgreSQL
COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
-VERSION= 18.1
+VERSION= 18.2
PREV_MAJOR= 17
DISTNAME= postgresql-${VERSION}
PKGNAME-main= postgresql-client-${VERSION}
-REVISION-server=1
DPB_PROPERTIES= parallel
Index: distinfo
===================================================================
RCS file: /cvs/ports/databases/postgresql/distinfo,v
retrieving revision 1.108
diff -u -p -u -p -r1.108 distinfo
--- distinfo 23 Nov 2025 03:05:13 -0000 1.108
+++ distinfo 13 Feb 2026 01:49:40 -0000
@@ -1,2 +1,2 @@
-SHA256 (postgresql-18.1.tar.gz) = sPGMLWlz0qoCPPx3/tp4fXu+nDGjl30PBKwpiF+5jsQ=
-SIZE (postgresql-18.1.tar.gz) = 29294939
+SHA256 (postgresql-18.2.tar.gz) = hSaOxwe3JmXsyI2vVDjoQIHcB9nRYybr8++aX+yc4eA=
+SIZE (postgresql-18.2.tar.gz) = 29406805
Index: pkg/PLIST-docs
===================================================================
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
retrieving revision 1.121
diff -u -p -u -p -r1.121 PLIST-docs
--- pkg/PLIST-docs 23 Nov 2025 03:05:13 -0000 1.121
+++ pkg/PLIST-docs 13 Feb 2026 01:49:40 -0000
@@ -705,6 +705,7 @@ share/doc/postgresql/html/regress-tap.ht
share/doc/postgresql/html/regress-variant.html
share/doc/postgresql/html/regress.html
share/doc/postgresql/html/release-18-1.html
+share/doc/postgresql/html/release-18-2.html
share/doc/postgresql/html/release-18.html
share/doc/postgresql/html/release-prior.html
share/doc/postgresql/html/release.html
