diff --git a/postgresql-8.4.3.tar.bz2 b/postgresql-8.4.3.tar.bz2 deleted file mode 100644 index f2337dd..0000000 --- a/postgresql-8.4.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:050c3e8324b453715e819456638fc1561351b33c8011b7cb63db98bbc2061564 -size 13645257 diff --git a/postgresql-8.4.4.tar.bz2 b/postgresql-8.4.4.tar.bz2 new file mode 100644 index 0000000..ea370f7 --- /dev/null +++ b/postgresql-8.4.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e66b398d565f7fb16d8ae58ae72881dcd3dbb1b88f532bbe1c2d1284812be37e +size 13853838 diff --git a/postgresql-pl.spec b/postgresql-pl.spec index e34f00e..46b1fb6 100644 --- a/postgresql-pl.spec +++ b/postgresql-pl.spec @@ -1,5 +1,5 @@ # -# spec file for package postgresql-pl (Version 8.4.3) +# spec file for package postgresql-pl (Version 8.4.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,8 +26,8 @@ BuildRequires: krb5-devel libxslt-devel %endif BuildRequires: python-devel tcl-devel Summary: The PL/Tcl, PL/Perl, and PL/Python Procedural Languages for PostgreSQL -Version: 8.4.3 -Release: 2 +Version: 8.4.4 +Release: 1 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD3c(or similar) Group: Productivity/Databases/Servers diff --git a/postgresql.changes b/postgresql.changes index dfe705f..a8776af 100644 --- a/postgresql.changes +++ b/postgresql.changes @@ -1,3 +1,118 @@ +------------------------------------------------------------------- +Thu May 27 10:52:05 CEST 2010 - max@suse.de + +- Security and bugfix release 8.4.4: + + * Enforce restrictions in plperl using an opmask applied to the + whole interpreter, instead of using Safe.pm. Recent + developments have convinced us that Safe.pm is too insecure to + rely on for making plperl trustable. This change removes use of + Safe.pm altogether, in favor of using a separate interpreter + with an opcode mask that is always applied. Pleasant side + effects of the change include that it is now possible to use + Perl's strict pragma in a natural way in plperl, and that + Perl's $a and $b variables work as expected in sort routines, + and that function compilation is significantly + faster. (CVE-2010-1169) + + * Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules. PL/Tcl's feature for autoloading Tcl code from + a database table could be exploited for trojan-horse attacks, + because there was no restriction on who could create or insert + into that table. This change disables the feature unless + pltcl_modules is owned by a superuser. (However, the + permissions on the table are not checked, so installations that + really need a less-than-secure modules table can still grant + suitable privileges to trusted non-superusers.) Also, prevent + loading code into the unrestricted "normal" Tcl interpreter + unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + * Fix data corruption during WAL replay of ALTER ... SET + TABLESPACE. When archive_mode is on, ALTER ... SET TABLESPACE + generates a WAL record whose replay logic was incorrect. It + could write the data to the wrong place, leading to + possibly-unrecoverable data corruption. Data corruption would + be observed on standby slaves, and could occur on the master as + well if a database crash and recovery occurred after committing + the ALTER and before the next checkpoint. + + * Fix possible crash if a cache reset message is received during + rebuild of a relcache entry. This error was introduced in 8.4.3 + while fixing a related failure. + + * Apply per-function GUC settings while running the language + validator for the function. + + * This avoids failures if the function's code is invalid without + the setting; an example is that SQL functions may not parse if + the search_path is not correct. + + * Do constraint exclusion for inherited UPDATE and DELETE target + tables when constraint_exclusion = partition. Due to an + oversight, this setting previously only caused constraint + exclusion to be checked in SELECT commands. + + * Do not allow an unprivileged user to reset superuser-only + parameter settings. Previously, if an unprivileged user ran + ALTER USER ... RESET ALL for himself, or ALTER DATABASE + ... RESET ALL for a database he owns, this would remove all + special parameter settings for the user or database, even ones + that are only supposed to be changeable by a superuser. Now, + the ALTER will only remove the parameters that the user has + permission to change. + + * Avoid possible crash during backend shutdown if shutdown occurs + when a CONTEXT addition would be made to log entries. In some + cases the context-printing function would fail because the + current transaction had already been rolled back when it came + time to print a log message. + + * Fix erroneous handling of %r parameter in recovery_end_command. + The value always came out zero. + + * Ensure the archiver process responds to changes in + archive_command as soon as possible. + + * Fix pl/pgsql's CASE statement to not fail when the case + expression is a query that returns no rows. + + * Update pl/perl's ppport.h for modern Perl versions. + + * Fix assorted memory leaks in pl/python. + + * Handle empty-string connect parameters properly in ecpg. + + * Prevent infinite recursion in psql when expanding a variable + that refers to itself. + + * Fix psql's \copy to not add spaces around a dot within \copy + (select ...). Addition of spaces around the decimal point in a + numeric literal would result in a syntax error. + + * Avoid formatting failure in psql when running in a locale + context that doesn't match the client_encoding. + + * Fix unnecessary "GIN indexes do not support whole-index scans" + errors for unsatisfiable queries using contrib/intarray + operators. + + * Ensure that contrib/pgstattuple functions respond to cancel + interrupts promptly. + + * Make server startup deal properly with the case that shmget() + returns EINVAL for an existing shared memory segment. + + This behavior has been observed on BSD-derived kernels + including OS X. It resulted in an entirely-misleading startup + failure complaining that the shared memory request size was too + large. + +------------------------------------------------------------------- +Thu Apr 29 11:56:05 CEST 2010 - max@suse.de + +- Use %configure to pick up the default directories (bnc#600616). + ------------------------------------------------------------------- Tue Mar 16 15:27:42 CET 2010 - max@suse.de diff --git a/postgresql.spec b/postgresql.spec index 7b60fd0..62c34aa 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -1,5 +1,5 @@ # -# spec file for package postgresql (Version 8.4.3) +# spec file for package postgresql (Version 8.4.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -25,8 +25,8 @@ BuildRequires: ncurses-devel BuildRequires: krb5-devel libxslt-devel %endif Summary: Basic Clients and Utilities for PostgreSQL -Version: 8.4.3 -Release: 2 +Version: 8.4.4 +Release: 1 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD3c(or similar) Group: Productivity/Databases/Tools @@ -174,13 +174,9 @@ which will interact with a PostgreSQL server. export CFLAGS="%optflags $SP" # uncomment the following line to enable the stack protector # CFLAGS="$CFLAGS -fstack-protector" -./configure \ - --prefix=%_prefix \ - --libdir=%_libdir \ - --bindir=%_bindir \ +%configure \ --includedir=%_includedir/pgsql \ --datadir=%_datadir/postgresql \ - --mandir=%_mandir \ --docdir=%_docdir \ --disable-rpath \ --enable-nls \