1. 18 Feb, 2006 4 commits
    • Peter Eisentraut's avatar
    • Neil Conway's avatar
      Patch from Marko Kreen: · ce9b75db
      Neil Conway authored
      pgcrypto crypt()/md5 and hmac() leak memory when compiled against
      OpenSSL as openssl.c digest ->reset will do two DigestInit calls
      against a context.  This happened to work with OpenSSL 0.9.6
      but not with 0.9.7+.
      
      Reason for the messy code was that I tried to avoid creating
      wrapper structure to transport algorithm info and tried to use
      OpenSSL context for it.  The fix is to create wrapper structure.
      
      It also uses newer digest API to avoid memory allocations
      on reset with newer OpenSSLs.
      
      Thanks to Daniel Blaisdell for reporting it.
      ce9b75db
    • Peter Eisentraut's avatar
      Add support for Windows codepages 1253, 1254, 1255, and 1257 and clean · 1b658473
      Peter Eisentraut authored
      up a bunch of the support utilities.
      
      In src/backend/utils/mb/Unicode remove nearly duplicate copies of the
      UCS_to_XXX perl script and replace with one version to handle all generic
      files.  Update the Makefile so that it knows about all the map files.
      This produces a slight difference in some of the map files, using a
      uniform naming convention and not mapping the null character.
      
      In src/backend/utils/mb/conversion_procs create a master utf8<->win
      codepage function like the ISO 8859 versions instead of having a separate
      handler for each conversion.
      
      There is an externally visible change in the name of the win1258 to utf8
      conversion.  According to the documentation notes, it was named
      incorrectly and this changes it to a standard name.
      
      Running the Unicode mapping perl scripts has shown some additional mapping
      changes in koi8r and iso8859-7.
      1b658473
    • Neil Conway's avatar
      Mark unescape_single_char() "static": as far as I can see this function · a6d3b5b9
      Neil Conway authored
      is only used by scan.l/scan.c
      a6d3b5b9
  2. 17 Feb, 2006 1 commit
  3. 16 Feb, 2006 2 commits
  4. 15 Feb, 2006 1 commit
  5. 14 Feb, 2006 7 commits
  6. 13 Feb, 2006 7 commits
  7. 12 Feb, 2006 18 commits
    • Bruce Momjian's avatar
      Revert because C locale uses "" for thousands_sep, meaning "n/a", while · 8325be22
      Bruce Momjian authored
      French uses "" for "don't want".  Seems we have to keep the existing
      behavior.
      8325be22
    • Tom Lane's avatar
      Update release notes. · 47a048f3
      Tom Lane authored
      47a048f3
    • Tom Lane's avatar
      Fix bug that allowed any logged-in user to SET ROLE to any other database user · 226a980b
      Tom Lane authored
      id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
      allows unprivileged users to crash the server, if it has been compiled with
      Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
      However, the Assert-crash risk exists in all releases back to 7.3.
      Thanks to Akio Ishida for reporting this problem.
      226a980b
    • Bruce Momjian's avatar
      Throw a warning rather than an error on invalid character from UTF8 to · 2a5180c2
      Bruce Momjian authored
      Latin1, like we do for other Latin encodings.
      2a5180c2
    • Tom Lane's avatar
      Fix broken markup. · 1ac1526e
      Tom Lane authored
      1ac1526e
    • Bruce Momjian's avatar
      · 6e51bcef
      Bruce Momjian authored
      Back out patch pending review.
      
      ---------------------------------------------------------------------------
      
      >   I've now tested this patch at home w/ 8.2HEAD and it seems to fix the
      >   bug.  I plan on testing it under 8.1.2 at work tommorow with
      >   mod_auth_krb5, etc, and expect it'll work there.  Assuming all goes
      >   well and unless someone objects I'll forward the patch to -patches.
      >   It'd be great to have this fixed as it'll allow us to use Kerberos to
      >   authenticate to phppgadmin and other web-based tools which use
      >   Postgres.
      
        While playing with this patch under 8.1.2 at home I discovered a
        mistake in how I manually applied one of the hunks to fe-auth.c.
        Basically, the base code had changed and so the patch needed to be
        modified slightly.  This is because the code no longer either has a
        freeable pointer under 'name' or has 'name' as NULL.
      
        The attached patch correctly frees the string from pg_krb5_authname
        (where it had been strdup'd) if and only if pg_krb5_authname returned
        a string (as opposed to falling through and having name be set using
        name = pw->name;).  Also added a comment to this effect.
        Please review.
      
      Stephen Frost (sfrost@snowman.net) wrote:
      6e51bcef
    • Bruce Momjian's avatar
      > I've now tested this patch at home w/ 8.2HEAD and it seems to fix the · 3e682635
      Bruce Momjian authored
      >   bug.  I plan on testing it under 8.1.2 at work tommorow with
      >   mod_auth_krb5, etc, and expect it'll work there.  Assuming all goes
      >   well and unless someone objects I'll forward the patch to -patches.
      >   It'd be great to have this fixed as it'll allow us to use Kerberos to
      >   authenticate to phppgadmin and other web-based tools which use
      >   Postgres.
      
        While playing with this patch under 8.1.2 at home I discovered a
        mistake in how I manually applied one of the hunks to fe-auth.c.
        Basically, the base code had changed and so the patch needed to be
        modified slightly.  This is because the code no longer either has a
        freeable pointer under 'name' or has 'name' as NULL.
      
        The attached patch correctly frees the string from pg_krb5_authname
        (where it had been strdup'd) if and only if pg_krb5_authname returned
        a string (as opposed to falling through and having name be set using
        name = pw->name;).  Also added a comment to this effect.
        Please review.
      
      Stephen Frost (sfrost@snowman.net) wrote:
      3e682635
    • Bruce Momjian's avatar
      Support "" for thousands separator and plus sign in to_char(), per · 2cb61220
      Bruce Momjian authored
      report from French Debian user.  psql already handles "" fine.
      2cb61220
    • Bruce Momjian's avatar
      Remove LEFT part of JOIN to pg_roles because of optimizer limitation: · 05e27a9c
      Bruce Momjian authored
      > True, but they're not being used where you'd expect. This seems to be
      > something to do with the fact that it's not pg_authid which is being
      > accessed, but rather the view pg_roles.
      
      I looked into this and it seems the problem is that the view doesn't
      get flattened into the main query because of the has_nullable_targetlist
      limitation in prepjointree.c.  That's triggered because pg_roles has
              '********'::text AS rolpassword
      which isn't nullable, meaning it would produce wrong behavior if
      referenced above the outer join.
      
      Ultimately, the reason this is a problem is that the planner deals only
      in simple Vars while processing joins; it doesn't want to think about
      expressions.  I'm starting to think that it may be time to fix this,
      because I've run into several related restrictions lately, but it seems
      like a nontrivial project.
      
      In the meantime, reducing the LEFT JOIN to pg_roles to a JOIN as per
      Peter's suggestion seems like the best short-term workaround.
      05e27a9c
    • Bruce Momjian's avatar
      Update README file. · 7d57a182
      Bruce Momjian authored
      Joshua D. Drake
      7d57a182
    • Bruce Momjian's avatar
      Not done: · 3694e706
      Bruce Momjian authored
      > 	o %Allow ALTER TABLE ... ALTER CONSTRAINT ... RENAME
      3694e706
    • Bruce Momjian's avatar
      Revert patch becaues of locking concerns: · 04a2b54c
      Bruce Momjian authored
      Allow ALTER TABLE ... ALTER CONSTRAINT ... RENAME
      
      Joachim Wieland
      04a2b54c
    • Bruce Momjian's avatar
      > Actually, if you submit a patch that says either "SCROLL is the · 92a26489
      Bruce Momjian authored
      default"
      > or "NO SCROLL is the default", it will be rejected as incorrect.  The
      > reason is that the default behavior is different from either of these,
      > as is explained in the NOTES section.
      
      Ok, so *that's* where the bit about the query plan being simple enough.
      Based on that, ISTM that it should be premissable for us to decide that
      a cursor requiring a sort isn't "simple enough" to support SCROLL.
      
      In any case, here's a patch that makes the non-standard behavior easier
      for people to find.
      
      Jim C. Nasby
      92a26489
    • Bruce Momjian's avatar
      Fix release item ordering. · 0bbd4704
      Bruce Momjian authored
      0bbd4704
    • Bruce Momjian's avatar
      Update back branch release notes. · 6df2da06
      Bruce Momjian authored
      6df2da06
    • Bruce Momjian's avatar
      Fix release markup. · a321d675
      Bruce Momjian authored
      a321d675
    • Bruce Momjian's avatar
      Update release checlist. · 10d78c76
      Bruce Momjian authored
      10d78c76
    • Bruce Momjian's avatar
      Update for 8.1.3. · cffed790
      Bruce Momjian authored
      cffed790