Version 8.4.4

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql?expand=0&rev=36

postgresql-8.4.4.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e66b398d565f7fb16d8ae58ae72881dcd3dbb1b88f532bbe1c2d1284812be37e
+size 13853838

postgresql-pl.spec

@@ -26,7 +26,7 @@ BuildRequires:  krb5-devel libxslt-devel
 %endif
 BuildRequires:  python-devel tcl-devel
 Summary:        The PL/Tcl, PL/Perl, and PL/Python Procedural Languages for PostgreSQL
-Version:        8.4.3
+Version:        8.4.4
 Release:        2
 %define pg_minor_version %(echo %version | cut -f1-2 -d.)
 License:        BSD3c(or similar)

postgresql.changes

@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Thu May 27 10:52:05 CEST 2010 - max@suse.de
+
+- Security and bugfix release 8.4.4:
+
+  * Enforce restrictions in plperl using an opmask applied to the
+    whole interpreter, instead of using Safe.pm. Recent
+    developments have convinced us that Safe.pm is too insecure to
+    rely on for making plperl trustable. This change removes use of
+    Safe.pm altogether, in favor of using a separate interpreter
+    with an opcode mask that is always applied. Pleasant side
+    effects of the change include that it is now possible to use
+    Perl's strict pragma in a natural way in plperl, and that
+    Perl's $a and $b variables work as expected in sort routines,
+    and that function compilation is significantly
+    faster. (CVE-2010-1169)
+
+  * Prevent PL/Tcl from executing untrustworthy code from
+    pltcl_modules.  PL/Tcl's feature for autoloading Tcl code from
+    a database table could be exploited for trojan-horse attacks,
+    because there was no restriction on who could create or insert
+    into that table. This change disables the feature unless
+    pltcl_modules is owned by a superuser. (However, the
+    permissions on the table are not checked, so installations that
+    really need a less-than-secure modules table can still grant
+    suitable privileges to trusted non-superusers.) Also, prevent
+    loading code into the unrestricted "normal" Tcl interpreter
+    unless we are really going to execute a pltclu
+    function. (CVE-2010-1170)
+
+  * Fix data corruption during WAL replay of ALTER ... SET
+    TABLESPACE.  When archive_mode is on, ALTER ... SET TABLESPACE
+    generates a WAL record whose replay logic was incorrect. It
+    could write the data to the wrong place, leading to
+    possibly-unrecoverable data corruption. Data corruption would
+    be observed on standby slaves, and could occur on the master as
+    well if a database crash and recovery occurred after committing
+    the ALTER and before the next checkpoint.
+
+  * Fix possible crash if a cache reset message is received during
+    rebuild of a relcache entry. This error was introduced in 8.4.3
+    while fixing a related failure.
+
+  * Apply per-function GUC settings while running the language
+    validator for the function.
+
+  * This avoids failures if the function's code is invalid without
+    the setting; an example is that SQL functions may not parse if
+    the search_path is not correct.
+
+  * Do constraint exclusion for inherited UPDATE and DELETE target
+    tables when constraint_exclusion = partition. Due to an
+    oversight, this setting previously only caused constraint
+    exclusion to be checked in SELECT commands.
+
+  * Do not allow an unprivileged user to reset superuser-only
+    parameter settings.  Previously, if an unprivileged user ran
+    ALTER USER ... RESET ALL for himself, or ALTER DATABASE
+    ... RESET ALL for a database he owns, this would remove all
+    special parameter settings for the user or database, even ones
+    that are only supposed to be changeable by a superuser. Now,
+    the ALTER will only remove the parameters that the user has
+    permission to change.
+
+  * Avoid possible crash during backend shutdown if shutdown occurs
+    when a CONTEXT addition would be made to log entries.  In some
+    cases the context-printing function would fail because the
+    current transaction had already been rolled back when it came
+    time to print a log message.
+
+  * Fix erroneous handling of %r parameter in recovery_end_command.
+    The value always came out zero.
+
+  * Ensure the archiver process responds to changes in
+    archive_command as soon as possible.
+
+  * Fix pl/pgsql's CASE statement to not fail when the case
+    expression is a query that returns no rows.
+
+  * Update pl/perl's ppport.h for modern Perl versions.
+
+  * Fix assorted memory leaks in pl/python.
+
+  * Handle empty-string connect parameters properly in ecpg.
+
+  * Prevent infinite recursion in psql when expanding a variable
+    that refers to itself.
+
+  * Fix psql's \copy to not add spaces around a dot within \copy
+    (select ...). Addition of spaces around the decimal point in a
+    numeric literal would result in a syntax error.
+
+  * Avoid formatting failure in psql when running in a locale
+    context that doesn't match the client_encoding.
+
+  * Fix unnecessary "GIN indexes do not support whole-index scans"
+    errors for unsatisfiable queries using contrib/intarray
+    operators.
+
+  * Ensure that contrib/pgstattuple functions respond to cancel
+    interrupts promptly.
+
+  * Make server startup deal properly with the case that shmget()
+    returns EINVAL for an existing shared memory segment.
+
+    This behavior has been observed on BSD-derived kernels
+    including OS X. It resulted in an entirely-misleading startup
+    failure complaining that the shared memory request size was too
+    large.
+
 -------------------------------------------------------------------
 Thu Apr 29 11:56:05 CEST 2010 - max@suse.de
 

postgresql.spec

@@ -25,7 +25,7 @@ BuildRequires:  ncurses-devel
 BuildRequires:  krb5-devel libxslt-devel
 %endif
 Summary:        Basic Clients and Utilities for PostgreSQL
-Version:        8.4.3
+Version:        8.4.4
 Release:        2
 %define pg_minor_version %(echo %version | cut -f1-2 -d.)
 License:        BSD3c(or similar)