Skip to content

P
Postgres FD Implementation
Commit 019fac77 authored by Tom Lane's avatar Tom Lane
Browse files
Options

Update release notes for security releases. 

Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
parent 919c9f6c
Show whitespace changes
Inline Side-by-side
Showing with 1093 additions and 79 deletions
doc/src/sgml/release.sgml
View file @ 019fac77
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.574 2008/01/01 19:41:14 momjian Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.575 2008/01/03 21:35:25 tgl Exp $ -->
<!--
Typical markup:
......@@ -35,23 +35,22 @@ do it for earlier branch release files.
<appendix id="release">
<title>Release Notes</title>
<sect1 id="release-introduction">
<title>Introduction</title>
<para>
The release notes contain the significant changes in each PostgreSQL
release, with major features and migration issues often listed at the
top. The release notes do not contain changes that affect only a few
users or changes that are internal and therefore not user-visible. For
example, the optimizer is improved in almost every release, but the
improvements are usually observed by users as simply faster queries.
The release notes contain the significant changes in each
<productname>PostgreSQL</> release, with major features and migration
issues listed at the top. The release notes do not contain changes
that affect only a few users or changes that are internal and therefore not
user-visible. For example, the optimizer is improved in almost every
release, but the improvements are usually observed by users as simply
faster queries.
</para>
<para>
A complete list of changes for each release can be obtained by
viewing the <link linkend="cvs">CVS</link> logs for each release. The <ulink
url="http://archives.postgresql.org/pgsql-committers/">committers email
list</ulink> contains all source code changes as well. There is also
viewing the <link linkend="cvs">CVS</link> logs for each release.
The <ulink
url="http://archives.postgresql.org/pgsql-committers/">pgsql-committers
email list</ulink> contains all source code changes as well. There is also
a <ulink url="http://developer.postgresql.org/cvsweb.cgi/pgsql/">web
interface</ulink> that shows changes to specific files.
<!-- we need a file containing the CVS logs for each release, and something
......@@ -61,11 +60,9 @@ do it for earlier branch release files.
<para>
The name appearing next to each item represents the major developer for
that item. Of course all changes involve community discussion and patch
review so each item is truly a community effort.
review, so each item is truly a community effort.
</para>
</sect1>
<sect1 id="release-8-3">
<title>Release 8.3</title>
......@@ -2070,7 +2067,7 @@ current_date &lt; 2017-11-17
<listitem>
<para>
Remove <literal>-u</> option (this option has long been depricated)
Remove <literal>-u</> option (this option has long been deprecated)
(Tom)
</para>
</listitem>
......@@ -2125,7 +2122,7 @@ current_date &lt; 2017-11-17
<listitem>
<para>
Remove <literal>-u</> option (this option has long been depricated)
Remove <literal>-u</> option (this option has long been deprecated)
(Tom)
</para>
</listitem>
......@@ -2542,7 +2539,7 @@ current_date &lt; 2017-11-17
<listitem>
<para>
Add documentation about preventing database server spoofing when
the server is down (Bruce
the server is down (Bruce)
</para>
</listitem>
......@@ -2672,6 +2669,295 @@ current_date &lt; 2017-11-17
</sect2>
</sect1>
<sect1 id="release-8-2-6">
<title>Release 8.2.6</title>
<note>
<title>Release date</title>
<simpara>2008-01-07</simpara>
</note>
<para>
This release contains a variety of fixes from 8.2.5,
including fixes for significant security issues.
</para>
<sect2>
<title>Migration to Version 8.2.6</title>
<para>
A dump/restore is not required for those running 8.2.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
<para>
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
</para>
<para>
Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory consumption,
all of which pose denial-of-service hazards for applications that
accept regex search patterns from untrustworthy sources.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
The fix that appeared for this in 8.2.5 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Fix bugs in WAL replay for GIN indexes (Teodor)
</para>
</listitem>
<listitem>
<para>
Fix GIN index build to work properly when
<varname>maintenance_work_mem</> is 4GB or more (Tom)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2007k
(in particular, recent Argentina changes) (Tom)
</para>
</listitem>
<listitem>
<para>
Improve planner's handling of LIKE/regex estimation in non-C locales
(Tom)
</para>
</listitem>
<listitem>
<para>
Fix planning-speed problem for deep outer-join nests, as well as
possible poor choice of join order (Tom)
</para>
</listitem>
<listitem>
<para>
Fix planner failure in some cases of <literal>WHERE false AND var IN
(SELECT ...)</> (Tom)
</para>
</listitem>
<listitem>
<para>
Make <command>CREATE TABLE ... SERIAL</> and
<command>ALTER SEQUENCE ... OWNED BY</> not change the
<function>currval()</> state of the sequence (Tom)
</para>
</listitem>
<listitem>
<para>
Preserve the tablespace and storage parameters of indexes that are
rebuilt by <command>ALTER TABLE ... ALTER COLUMN TYPE</> (Tom)
</para>
</listitem>
<listitem>
<para>
Make archive recovery always start a new WAL timeline, rather than only
when a recovery stop time was used (Simon)
</para>
<para>
This avoids a corner-case risk of trying to overwrite an existing
archived copy of the last WAL segment, and seems simpler and cleaner
than the original definition.
</para>
</listitem>
<listitem>
<para>
Make <command>VACUUM</> not use all of <varname>maintenance_work_mem</>
when the table is too small for it to be useful (Alvaro)
</para>
</listitem>
<listitem>
<para>
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Make <function>corr()</> return the correct result for negative
correlation values (Neil)
</para>
</listitem>
<listitem>
<para>
Fix overflow in <literal>extract(epoch from interval)</> for intervals
exceeding 68 years (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PL/Perl to not fail when a UTF-8 regular expression is used
in a trusted function (Andrew)
</para>
</listitem>
<listitem>
<para>
Fix PL/Perl to cope when platform's Perl defines type <literal>bool</>
as <literal>int</> rather than <literal>char</> (Tom)
</para>
<para>
While this could theoretically happen anywhere, no standard build of
Perl did things this way ... until <productname>Mac OS X</> 10.5.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
(Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to not crash on long exception messages (Alvaro)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to correctly handle inheritance child tables
that have default expressions different from their parent's (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</> crash when <varname>PGPASSFILE</> refers
to a file that is not a plain file (Martin Pitt)
</para>
</listitem>
<listitem>
<para>
<application>ecpg</> parser fixes (Michael)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pgcrypto</> defend against
<application>OpenSSL</> libraries that fail on keys longer than 128
bits; which is the case at least on some Solaris versions (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Fix <type>tsvector</> and <type>tsquery</> output routines to
escape backslashes correctly (Teodor, Bruce)
</para>
</listitem>
<listitem>
<para>
Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
</para>
</listitem>
<listitem>
<para>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
<listitem>
<para>
Update <function>gettimeofday</> configuration check so that
<productname>PostgreSQL</> can be built on newer versions of
<productname>MinGW</> (Magnus)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-2-5">
<title>Release 8.2.5</title>
......@@ -5880,20 +6166,30 @@ current_date &lt; 2017-11-17
</sect2>
</sect1>
<sect1 id="release-8-1-10">
<title>Release 8.1.10</title>
<sect1 id="release-8-1-11">
<title>Release 8.1.11</title>
<note>
<title>Release date</title>
<simpara>2007-09-17</simpara>
<simpara>2008-01-07</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.9.
This release contains a variety of fixes from 8.1.10,
including fixes for significant security issues.
</para>
<para>
This is the last 8.1.X release for which the <productname>PostgreSQL</>
community will produce binary packages for <productname>Windows</>.
Windows users are encouraged to move to 8.2.X or later,
since there are Windows-specific fixes in 8.2.X that
are impractical to back-port. 8.1.X will continue to
be supported on other platforms.
</para>
<sect2>
<title>Migration to Version 8.1.10</title>
<title>Migration to Version 8.1.11</title>
<para>
A dump/restore is not required for those running 8.1.X.
......@@ -5910,106 +6206,346 @@ current_date &lt; 2017-11-17
<listitem>
<para>
Prevent index corruption when a transaction inserts rows and
then aborts close to the end of a concurrent <command>VACUUM</>
on the same table (Tom)
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
</listitem>
<listitem>
<para>
Make <command>CREATE DOMAIN ... DEFAULT NULL</> work properly (Tom)
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Allow the <type>interval</> data type to accept input consisting only of
milliseconds or microseconds (Neil)
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
</para>
<para>
Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory consumption,
all of which pose denial-of-service hazards for applications that
accept regex search patterns from untrustworthy sources.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
</para>
</listitem>
<listitem>
<para>
Speed up rtree index insertion (Teodor)
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
The fix that appeared for this in 8.1.10 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Fix excessive logging of <acronym>SSL</> error messages (Tom)
Update time zone data files to <application>tzdata</> release 2007k
(in particular, recent Argentina changes) (Tom)
</para>
</listitem>
<listitem>
<para>
Fix logging so that log messages are never interleaved when using
the syslogger process (Andrew)
Improve planner's handling of LIKE/regex estimation in non-C locales
(Tom)
</para>
</listitem>
<listitem>
<para>
Fix crash when <varname>log_min_error_statement</> logging runs out
of memory (Tom)
Fix planner failure in some cases of <literal>WHERE false AND var IN
(SELECT ...)</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix incorrect handling of some foreign-key corner cases (Tom)
Preserve the tablespace of indexes that are
rebuilt by <command>ALTER TABLE ... ALTER COLUMN TYPE</> (Tom)
</para>
</listitem>
<listitem>
<para>
Prevent <command>REINDEX</> and <command>CLUSTER</> from failing
due to attempting to process temporary tables of other sessions (Alvaro)
Make archive recovery always start a new WAL timeline, rather than only
when a recovery stop time was used (Simon)
</para>
<para>
This avoids a corner-case risk of trying to overwrite an existing
archived copy of the last WAL segment, and seems simpler and cleaner
than the original definition.
</para>
</listitem>
<listitem>
<para>
Update the time zone database rules, particularly New Zealand's upcoming changes (Tom)
Make <command>VACUUM</> not use all of <varname>maintenance_work_mem</>
when the table is too small for it to be useful (Alvaro)
</para>
</listitem>
<listitem>
<para>
Windows socket improvements (Magnus)
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Suppress timezone name (<literal>%Z</>) in log timestamps on Windows
because of possible encoding mismatches (Tom)
Fix overflow in <literal>extract(epoch from interval)</> for intervals
exceeding 68 years (Tom)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
Fix PL/Perl to not fail when a UTF-8 regular expression is used
in a trusted function (Andrew)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-9">
<title>Release 8.1.9</title>
<note>
<title>Release date</title>
<simpara>2007-04-23</simpara>
</note>
<listitem>
<para>
Fix PL/Perl to cope when platform's Perl defines type <literal>bool</>
as <literal>int</> rather than <literal>char</> (Tom)
</para>
<para>
This release contains a variety of fixes from 8.1.8,
including a security fix.
While this could theoretically happen anywhere, no standard build of
Perl did things this way ... until <productname>Mac OS X</> 10.5.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to not crash on long exception messages (Alvaro)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to correctly handle inheritance child tables
that have default expressions different from their parent's (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</> crash when <varname>PGPASSFILE</> refers
to a file that is not a plain file (Martin Pitt)
</para>
</listitem>
<listitem>
<para>
<application>ecpg</> parser fixes (Michael)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pgcrypto</> defend against
<application>OpenSSL</> libraries that fail on keys longer than 128
bits; which is the case at least on some Solaris versions (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Fix <type>tsvector</> and <type>tsquery</> output routines to
escape backslashes correctly (Teodor, Bruce)
</para>
</listitem>
<listitem>
<para>
Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
</para>
</listitem>
<listitem>
<para>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-10">
<title>Release 8.1.10</title>
<note>
<title>Release date</title>
<simpara>2007-09-17</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.9.
</para>
<sect2>
<title>Migration to Version 8.1.10</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent index corruption when a transaction inserts rows and
then aborts close to the end of a concurrent <command>VACUUM</>
on the same table (Tom)
</para>
</listitem>
<listitem>
<para>
Make <command>CREATE DOMAIN ... DEFAULT NULL</> work properly (Tom)
</para>
</listitem>
<listitem>
<para>
Allow the <type>interval</> data type to accept input consisting only of
milliseconds or microseconds (Neil)
</para>
</listitem>
<listitem>
<para>
Speed up rtree index insertion (Teodor)
</para>
</listitem>
<listitem>
<para>
Fix excessive logging of <acronym>SSL</> error messages (Tom)
</para>
</listitem>
<listitem>
<para>
Fix logging so that log messages are never interleaved when using
the syslogger process (Andrew)
</para>
</listitem>
<listitem>
<para>
Fix crash when <varname>log_min_error_statement</> logging runs out
of memory (Tom)
</para>
</listitem>
<listitem>
<para>
Fix incorrect handling of some foreign-key corner cases (Tom)
</para>
</listitem>
<listitem>
<para>
Prevent <command>REINDEX</> and <command>CLUSTER</> from failing
due to attempting to process temporary tables of other sessions (Alvaro)
</para>
</listitem>
<listitem>
<para>
Update the time zone database rules, particularly New Zealand's upcoming changes (Tom)
</para>
</listitem>
<listitem>
<para>
Windows socket improvements (Magnus)
</para>
</listitem>
<listitem>
<para>
Suppress timezone name (<literal>%Z</>) in log timestamps on Windows
because of possible encoding mismatches (Tom)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-9">
<title>Release 8.1.9</title>
<note>
<title>Release date</title>
<simpara>2007-04-23</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.8,
including a security fix.
</para>
<sect2>
......@@ -8870,168 +9406,382 @@ psql -t -f fixseq.sql db1 | psql -e db1
</para>
</listitem>
<listitem>
<listitem>
<para>
Allow <application>libpq</application> to be built thread-safe
on Windows (Dave Page)
</para>
</listitem>
<listitem>
<para>
Allow IPv6 connections to be used on Windows (Andrew)
</para>
</listitem>
<listitem>
<para>
Add Server Administration documentation about I/O subsystem
reliability (Bruce)
</para>
</listitem>
<listitem>
<para>
Move private declarations from <filename>gist.h</filename> to
<filename>gist_private.h</filename> (Neil)
</para>
<para>
In previous releases, <filename>gist.h</> contained both the
public GiST API (intended for use by authors of GiST index
implementations) as well as some private declarations used by
the implementation of GiST itself. The latter have been moved
to a separate file, <filename>gist_private.h</>. Most GiST
index implementations should be unaffected.
</para>
</listitem>
<listitem>
<para>
Overhaul GiST memory management (Neil)
</para>
<para>
GiST methods are now always invoked in a short-lived memory
context. Therefore, memory allocated via <function>palloc()</>
will be reclaimed automatically, so GiST index implementations
do not need to manually release allocated memory via
<function>pfree()</>.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Contrib Changes</title>
<itemizedlist>
<listitem>
<para>
Add <filename>/contrib/pg_buffercache</> contrib module (Mark
Kirkwood)
</para>
<para>
This displays the contents of the buffer cache, for debugging and
performance tuning purposes.
</para>
</listitem>
<listitem>
<para>
Remove <filename>/contrib/array</> because it is obsolete (Tom)
</para>
</listitem>
<listitem>
<para>
Clean up the <filename>/contrib/lo</> module (Tom)
</para>
</listitem>
<listitem>
<para>
Move <filename>/contrib/findoidjoins</> to
<filename>/src/tools</> (Tom)
</para>
</listitem>
<listitem>
<para>
Remove the <literal>&lt;&lt;</>, <literal>&gt;&gt;</>,
<literal>&amp;&lt;</>, and <literal>&amp;&gt;</> operators from
<filename>/contrib/cube</>
</para>
<para>
These operators were not useful.
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/btree_gist</> (Janko Richter)
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/pgbench</> (Tomoaki Sato, Tatsuo)
</para>
<para>
There is now a facility for testing with SQL command scripts given
by the user, instead of only a hard-wired command sequence.
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/pgcrypto</> (Marko Kreen)
</para>
<itemizedlist>
<listitem>
<para>
Implementation of OpenPGP symmetric-key and public-key encryption
</para>
<para>
Both RSA and Elgamal public-key algorithms are supported.
</para>
</listitem>
<listitem>
<para>
Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG
</para>
</listitem>
<listitem>
<para>
OpenSSL build: support 3DES, use internal AES with OpenSSL &lt; 0.9.7
</para>
</listitem>
<listitem>
<para>
Take build parameters (OpenSSL, zlib) from <filename>configure</> result
</para>
<para>
There is no need to edit the <filename>Makefile</> anymore.
</para>
</listitem>
<listitem>
<para>
Remove support for <filename>libmhash</> and <filename>libmcrypt</>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</sect3>
</sect2>
</sect1>
<sect1 id="release-8-0-15">
<title>Release 8.0.15</title>
<note>
<title>Release date</title>
<simpara>2008-01-07</simpara>
</note>
<para>
Allow <application>libpq</application> to be built thread-safe
on Windows (Dave Page)
This release contains a variety of fixes from 8.0.14,
including fixes for significant security issues.
</para>
</listitem>
<listitem>
<para>
Allow IPv6 connections to be used on Windows (Andrew)
This is the last 8.0.X release for which the <productname>PostgreSQL</>
community will produce binary packages for <productname>Windows</>.
Windows users are encouraged to move to 8.2.X or later,
since there are Windows-specific fixes in 8.2.X that
are impractical to back-port. 8.0.X will continue to
be supported on other platforms.
</para>
</listitem>
<listitem>
<sect2>
<title>Migration to Version 8.0.15</title>
<para>
Add Server Administration documentation about I/O subsystem
reliability (Bruce)
A dump/restore is not required for those running 8.0.X. However,
if you are upgrading from a version earlier than 8.0.6, see the release
notes for 8.0.6.
</para>
</listitem>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Move private declarations from <filename>gist.h</filename> to
<filename>gist_private.h</filename> (Neil)
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
<para>
In previous releases, <filename>gist.h</> contained both the
public GiST API (intended for use by authors of GiST index
implementations) as well as some private declarations used by
the implementation of GiST itself. The latter have been moved
to a separate file, <filename>gist_private.h</>. Most GiST
index implementations should be unaffected.
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Overhaul GiST memory management (Neil)
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
</para>
<para>
GiST methods are now always invoked in a short-lived memory
context. Therefore, memory allocated via <function>palloc()</>
will be reclaimed automatically, so GiST index implementations
do not need to manually release allocated memory via
<function>pfree()</>.
Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory consumption,
all of which pose denial-of-service hazards for applications that
accept regex search patterns from untrustworthy sources.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Contrib Changes</title>
<itemizedlist>
<listitem>
<para>
Add <filename>/contrib/pg_buffercache</> contrib module (Mark
Kirkwood)
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
This displays the contents of the buffer cache, for debugging and
performance tuning purposes.
The fix that appeared for this in 8.0.14 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Remove <filename>/contrib/array</> because it is obsolete (Tom)
Update time zone data files to <application>tzdata</> release 2007k
(in particular, recent Argentina changes) (Tom)
</para>
</listitem>
<listitem>
<para>
Clean up the <filename>/contrib/lo</> module (Tom)
Fix planner failure in some cases of <literal>WHERE false AND var IN
(SELECT ...)</> (Tom)
</para>
</listitem>
<listitem>
<para>
Move <filename>/contrib/findoidjoins</> to
<filename>/src/tools</> (Tom)
Preserve the tablespace of indexes that are
rebuilt by <command>ALTER TABLE ... ALTER COLUMN TYPE</> (Tom)
</para>
</listitem>
<listitem>
<para>
Remove the <literal>&lt;&lt;</>, <literal>&gt;&gt;</>,
<literal>&amp;&lt;</>, and <literal>&amp;&gt;</> operators from
<filename>/contrib/cube</>
Make archive recovery always start a new WAL timeline, rather than only
when a recovery stop time was used (Simon)
</para>
<para>
These operators were not useful.
This avoids a corner-case risk of trying to overwrite an existing
archived copy of the last WAL segment, and seems simpler and cleaner
than the original definition.
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/btree_gist</> (Janko Richter)
Make <command>VACUUM</> not use all of <varname>maintenance_work_mem</>
when the table is too small for it to be useful (Alvaro)
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/pgbench</> (Tomoaki Sato, Tatsuo)
</para>
<para>
There is now a facility for testing with SQL command scripts given
by the user, instead of only a hard-wired command sequence.
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Improve <filename>/contrib/pgcrypto</> (Marko Kreen)
Fix PL/Perl to cope when platform's Perl defines type <literal>bool</>
as <literal>int</> rather than <literal>char</> (Tom)
</para>
<itemizedlist>
<para>
While this could theoretically happen anywhere, no standard build of
Perl did things this way ... until <productname>Mac OS X</> 10.5.
</para>
</listitem>
<listitem>
<para>
Implementation of OpenPGP symmetric-key and public-key encryption
Fix PL/Python to not crash on long exception messages (Alvaro)
</para>
</listitem>
<listitem>
<para>
Both RSA and Elgamal public-key algorithms are supported.
Fix <application>pg_dump</> to correctly handle inheritance child tables
that have default expressions different from their parent's (Tom)
</para>
</listitem>
<listitem>
<para>
Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG
<application>ecpg</> parser fixes (Michael)
</para>
</listitem>
<listitem>
<para>
OpenSSL build: support 3DES, use internal AES with OpenSSL &lt; 0.9.7
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Take build parameters (OpenSSL, zlib) from <filename>configure</> result
Fix <type>tsvector</> and <type>tsquery</> output routines to
escape backslashes correctly (Teodor, Bruce)
</para>
</listitem>
<listitem>
<para>
There is no need to edit the <filename>Makefile</> anymore.
Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
</para>
</listitem>
<listitem>
<para>
Remove support for <filename>libmhash</> and <filename>libmcrypt</>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
</listitem>
</itemizedlist>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
</sect1>
......@@ -12649,6 +13399,158 @@ typedefs (Michael)</para></listitem>
</sect2>
</sect1>
<sect1 id="release-7-4-19">
<title>Release 7.4.19</title>
<note>
<title>Release date</title>
<simpara>2008-01-07</simpara>
</note>
<para>
This release contains a variety of fixes from 7.4.18,
including fixes for significant security issues.
</para>
<sect2>
<title>Migration to Version 7.4.19</title>
<para>
A dump/restore is not required for those running 7.4.X. However,
if you are upgrading from a version earlier than 7.4.11, see the release
notes for 7.4.11.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
<para>
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
</para>
<para>
Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory consumption,
all of which pose denial-of-service hazards for applications that
accept regex search patterns from untrustworthy sources.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
The fix that appeared for this in 7.4.18 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Fix planner failure in some cases of <literal>WHERE false AND var IN
(SELECT ...)</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to not crash on long exception messages (Alvaro)
</para>
</listitem>
<listitem>
<para>
<application>ecpg</> parser fixes (Michael)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Fix <type>tsvector</> and <type>tsquery</> output routines to
escape backslashes correctly (Teodor, Bruce)
</para>
</listitem>
<listitem>
<para>
Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
</para>
</listitem>
<listitem>
<para>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-7-4-18">
<title>Release 7.4.18</title>
......@@ -15907,6 +16809,118 @@ DROP SCHEMA information_schema CASCADE;
</sect2>
</sect1>
<sect1 id="release-7-3-21">
<title>Release 7.3.21</title>
<note>
<title>Release date</title>
<simpara>2008-01-07</simpara>
</note>
<para>
This release contains a variety of fixes from 7.3.20,
including fixes for significant security issues.
</para>
<para>
This is expected to be the last <productname>PostgreSQL</> release
in the 7.3.X series. Users are encouraged to update to a newer
release branch soon.
</para>
<sect2>
<title>Migration to Version 7.3.21</title>
<para>
A dump/restore is not required for those running 7.3.X. However,
if you are upgrading from a version earlier than 7.3.13, see the release
notes for 7.3.13.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
<para>
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
The fix that appeared for this in 7.3.20 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-7-3-20">
<title>Release 7.3.20</title>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment