Update release notes for security-related releases in all active branches.

Security: CVE-2007-0555, CVE-2007-0556

doc/src/sgml/release.sgml

-<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.496 2007/02/01 19:10:24 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.497 2007/02/02 00:10:23 tgl Exp $ -->
 <!--
 
 Typical markup:
@@ -35,6 +35,159 @@ do it for earlier branch release files.
 <appendix id="release">
  <title>Release Notes</title>
 
+  <sect1 id="release-8-2-2">
+   <title>Release 8.2.2</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.2.1, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.2.2</title>
+
+    <para>
+     A dump/restore is not required for those running 8.2.X.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix not-so-rare-anymore bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix Borland C compile scripts (L Bayuk)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Properly handle <function>to_char('CC')</> for years ending in
+      <literal>00</> (Tom)
+     </para>
+     <para>
+      Year 2000 is in the twentieth century, not the twenty-first.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      <filename>/contrib/tsearch2</> localization improvements (Tatsuo, Teodor)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix incorrect permission check in
+      <literal>information_schema.key_column_usage</> view (Tom)
+     </para>
+     <para>
+      The symptom is <quote>relation with OID nnnnn does not exist</> errors.
+      To get this fix without using <command>initdb</>, use <command>CREATE OR
+      REPLACE VIEW</> to install the corrected definition found in
+      <filename>share/information_schema.sql</>.  Note you will need to do
+      this in each database.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve <command>VACUUM</> performance for databases with many tables (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix potentially incorrect results from index searches using
+      <literal>ROW</> inequality conditions (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bogus <quote>permission denied</> failures occurring on Windows
+      due to attempts to fsync already-deleted files (Magnus, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bug that could cause the statistics collector
+      to hang on Windows (Magnus)
+     </para>
+
+     <para>
+      This would in turn lead to autovacuum not working.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible crashes when an already-in-use PL/pgSQL function is
+      updated (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible errors in processing PL/pgSQL exception blocks (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-2-1">
    <title>Release 8.2.1</title>
 
@@ -2727,6 +2880,106 @@ do it for earlier branch release files.
    </sect2>
   </sect1>
 
+  <sect1 id="release-8-1-7">
+   <title>Release 8.1.7</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.1.6, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.1.7</title>
+
+    <para>
+     A dump/restore is not required for those running 8.1.X.
+     However, if you are upgrading from a version earlier than 8.1.2,
+     see the release notes for 8.1.2.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve <command>VACUUM</> performance for databases with many tables (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix autovacuum to avoid leaving non-permanent transaction IDs in
+      non-connectable databases (Alvaro)
+     </para>
+
+     <para>
+      This bug affects the 8.1 branch only.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bogus <quote>permission denied</> failures occurring on Windows
+      due to attempts to fsync already-deleted files (Magnus, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible crashes when an already-in-use PL/pgSQL function is
+      updated (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-1-6">
    <title>Release 8.1.6</title>
 
@@ -5537,6 +5790,75 @@ psql -t -f fixseq.sql db1 | psql -e db1
    </sect2>
   </sect1>
 
+  <sect1 id="release-8-0-11">
+   <title>Release 8.0.11</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.0.10, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.0.11</title>
+
+    <para>
+     A dump/restore is not required for those running 8.0.X.  However,
+     if you are upgrading from a version earlier than 8.0.6, see the release
+     notes for 8.0.6.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-0-10">
    <title>Release 8.0.10</title>
 
@@ -8862,6 +9184,75 @@ typedefs (Michael)</para></listitem>
    </sect2>
   </sect1>
 
+  <sect1 id="release-7-4-16">
+   <title>Release 7.4.16</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.4.15, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.4.16</title>
+
+    <para>
+     A dump/restore is not required for those running 7.4.X.  However,
+     if you are upgrading from a version earlier than 7.4.11, see the release
+     notes for 7.4.11.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves suppressing the normal check that a SQL
+      function returns the data type it's declared to, or changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-7-4-15">
    <title>Release 7.4.15</title>
 
@@ -11910,6 +12301,68 @@ DROP SCHEMA information_schema CASCADE;
   </sect2>
  </sect1>
 
+  <sect1 id="release-7-3-18">
+   <title>Release 7.3.18</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.3.17, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.3.18</title>
+
+    <para>
+     A dump/restore is not required for those running 7.3.X.  However,
+     if you are upgrading from a version earlier than 7.3.13, see the release
+     notes for 7.3.13.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-7-3-17">
    <title>Release 7.3.17</title>