From 9d4f3acc655b07277b07e1819c31d195f9619656fd9bb3304f234e2892d0e4ba Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 27 May 2010 09:28:58 +0000 Subject: [PATCH] Version 8.4.4 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql?expand=0&rev=36 --- postgresql-8.4.4.tar.bz2 | 3 ++ postgresql-pl.spec | 2 +- postgresql.changes | 110 +++++++++++++++++++++++++++++++++++++++ postgresql.spec | 2 +- 4 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 postgresql-8.4.4.tar.bz2 diff --git a/postgresql-8.4.4.tar.bz2 b/postgresql-8.4.4.tar.bz2 new file mode 100644 index 0000000..ea370f7 --- /dev/null +++ b/postgresql-8.4.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e66b398d565f7fb16d8ae58ae72881dcd3dbb1b88f532bbe1c2d1284812be37e +size 13853838 diff --git a/postgresql-pl.spec b/postgresql-pl.spec index e34f00e..bc50dde 100644 --- a/postgresql-pl.spec +++ b/postgresql-pl.spec @@ -26,7 +26,7 @@ BuildRequires: krb5-devel libxslt-devel %endif BuildRequires: python-devel tcl-devel Summary: The PL/Tcl, PL/Perl, and PL/Python Procedural Languages for PostgreSQL -Version: 8.4.3 +Version: 8.4.4 Release: 2 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD3c(or similar) diff --git a/postgresql.changes b/postgresql.changes index e14c147..a8776af 100644 --- a/postgresql.changes +++ b/postgresql.changes @@ -1,3 +1,113 @@ +------------------------------------------------------------------- +Thu May 27 10:52:05 CEST 2010 - max@suse.de + +- Security and bugfix release 8.4.4: + + * Enforce restrictions in plperl using an opmask applied to the + whole interpreter, instead of using Safe.pm. Recent + developments have convinced us that Safe.pm is too insecure to + rely on for making plperl trustable. This change removes use of + Safe.pm altogether, in favor of using a separate interpreter + with an opcode mask that is always applied. Pleasant side + effects of the change include that it is now possible to use + Perl's strict pragma in a natural way in plperl, and that + Perl's $a and $b variables work as expected in sort routines, + and that function compilation is significantly + faster. (CVE-2010-1169) + + * Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules. PL/Tcl's feature for autoloading Tcl code from + a database table could be exploited for trojan-horse attacks, + because there was no restriction on who could create or insert + into that table. This change disables the feature unless + pltcl_modules is owned by a superuser. (However, the + permissions on the table are not checked, so installations that + really need a less-than-secure modules table can still grant + suitable privileges to trusted non-superusers.) Also, prevent + loading code into the unrestricted "normal" Tcl interpreter + unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + * Fix data corruption during WAL replay of ALTER ... SET + TABLESPACE. When archive_mode is on, ALTER ... SET TABLESPACE + generates a WAL record whose replay logic was incorrect. It + could write the data to the wrong place, leading to + possibly-unrecoverable data corruption. Data corruption would + be observed on standby slaves, and could occur on the master as + well if a database crash and recovery occurred after committing + the ALTER and before the next checkpoint. + + * Fix possible crash if a cache reset message is received during + rebuild of a relcache entry. This error was introduced in 8.4.3 + while fixing a related failure. + + * Apply per-function GUC settings while running the language + validator for the function. + + * This avoids failures if the function's code is invalid without + the setting; an example is that SQL functions may not parse if + the search_path is not correct. + + * Do constraint exclusion for inherited UPDATE and DELETE target + tables when constraint_exclusion = partition. Due to an + oversight, this setting previously only caused constraint + exclusion to be checked in SELECT commands. + + * Do not allow an unprivileged user to reset superuser-only + parameter settings. Previously, if an unprivileged user ran + ALTER USER ... RESET ALL for himself, or ALTER DATABASE + ... RESET ALL for a database he owns, this would remove all + special parameter settings for the user or database, even ones + that are only supposed to be changeable by a superuser. Now, + the ALTER will only remove the parameters that the user has + permission to change. + + * Avoid possible crash during backend shutdown if shutdown occurs + when a CONTEXT addition would be made to log entries. In some + cases the context-printing function would fail because the + current transaction had already been rolled back when it came + time to print a log message. + + * Fix erroneous handling of %r parameter in recovery_end_command. + The value always came out zero. + + * Ensure the archiver process responds to changes in + archive_command as soon as possible. + + * Fix pl/pgsql's CASE statement to not fail when the case + expression is a query that returns no rows. + + * Update pl/perl's ppport.h for modern Perl versions. + + * Fix assorted memory leaks in pl/python. + + * Handle empty-string connect parameters properly in ecpg. + + * Prevent infinite recursion in psql when expanding a variable + that refers to itself. + + * Fix psql's \copy to not add spaces around a dot within \copy + (select ...). Addition of spaces around the decimal point in a + numeric literal would result in a syntax error. + + * Avoid formatting failure in psql when running in a locale + context that doesn't match the client_encoding. + + * Fix unnecessary "GIN indexes do not support whole-index scans" + errors for unsatisfiable queries using contrib/intarray + operators. + + * Ensure that contrib/pgstattuple functions respond to cancel + interrupts promptly. + + * Make server startup deal properly with the case that shmget() + returns EINVAL for an existing shared memory segment. + + This behavior has been observed on BSD-derived kernels + including OS X. It resulted in an entirely-misleading startup + failure complaining that the shared memory request size was too + large. + ------------------------------------------------------------------- Thu Apr 29 11:56:05 CEST 2010 - max@suse.de diff --git a/postgresql.spec b/postgresql.spec index 6ba98de..eac9f92 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -25,7 +25,7 @@ BuildRequires: ncurses-devel BuildRequires: krb5-devel libxslt-devel %endif Summary: Basic Clients and Utilities for PostgreSQL -Version: 8.4.3 +Version: 8.4.4 Release: 2 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD3c(or similar)