1. 19 May, 2010 3 commits
  2. 18 May, 2010 6 commits
  3. 17 May, 2010 3 commits
  4. 16 May, 2010 2 commits
  5. 15 May, 2010 9 commits
  6. 14 May, 2010 8 commits
  7. 13 May, 2010 9 commits
    • Bruce Momjian's avatar
      Remove all mentions of EnterpriseDB Advanced Server from pg_upgrade; · 36d3afd2
      Bruce Momjian authored
      EDB must maintain their own patch set for this.
      36d3afd2
    • Tom Lane's avatar
      Fix up lame idea of not using autoconf to determine if platform has scandir(). · 382ff212
      Tom Lane authored
      Should fix buildfarm failures.
      382ff212
    • Andrew Dunstan's avatar
      Fix MSVC builds for recent plperl changes. Go back to version 8.2, which is · 2a73ee59
      Andrew Dunstan authored
      where we started supporting MSVC builds.
      
      Security: CVE-2010-1169
      2a73ee59
    • Tom Lane's avatar
      Update release notes with security issues. · 20db9591
      Tom Lane authored
      Security: CVE-2010-1169, CVE-2010-1170
      20db9591
    • Tom Lane's avatar
      4b8c969c
    • Tom Lane's avatar
      Use "TOAST table" in place of the vague, not-used-elsewhere phrase · a4bbfb1a
      Tom Lane authored
      "supplementary storage table".
      a4bbfb1a
    • Tom Lane's avatar
      Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless · 9ead05b7
      Tom Lane authored
      that is a regular table or view owned by a superuser.  This prevents a
      trojan horse attack whereby any unprivileged SQL user could create such a
      table and insert code into it that would then get executed in other users'
      sessions whenever they call pltcl functions.
      
      Worse yet, because the code was automatically loaded into both the "normal"
      and "safe" interpreters at first use, the attacker could execute unrestricted
      Tcl code in the "normal" interpreter without there being any pltclu functions
      anywhere, or indeed anyone else using pltcl at all: installing pltcl is
      sufficient to open the hole.  Change the initialization logic so that the
      "unknown" code is only loaded into an interpreter when the interpreter is
      first really used.  (That doesn't add any additional security in this
      particular context, but it seems a prudent change, and anyway the former
      behavior violated the principle of least astonishment.)
      
      Security: CVE-2010-1170
      9ead05b7
    • Andrew Dunstan's avatar
      Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is · 1f474d29
      Andrew Dunstan authored
      fundamentally insecure. Instead apply an opmask to the whole interpreter that
      imposes restrictions on unsafe operations. These restrictions are much harder
      to subvert than is Safe.pm, since there is no container to be broken out of.
      Backported to release 7.4.
      
      In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
      the two interpreters model for plperl and plperlu adopted in release 8.2.
      
      In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
      mangling on Windows has become insecure with these changes, so it is
      replaced by our own routine, which is also faster.
      
      Nice side effects of the changes include that it is now possible to use perl's
      "strict" pragma in a natural way in plperl, and that perl's $a and
      $b variables now work as expected in sort routines, and that function
      compilation is significantly faster.
      
      Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
      Alexey Klyukin.
      
      Security: CVE-2010-1169
      1f474d29
    • Magnus Hagander's avatar
      Assorted fixes to make pg_upgrade build on MSVC. · 2b61b3e5
      Magnus Hagander authored
      * There is no chmod() on Windows.
      * Must always use the 3-parameter version of open()
      * There is no dynloader.h - but it also appears unnecessary on all platforms
      * Don't include shlobj.h because it causes compile errors, and from what I can
        see it's not actually used. This may need to be added back for mingw
        and/or cygwin in the worst case.
      2b61b3e5