pool/postgresql
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 8.4.4

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql?expand=0&rev=36
This commit is contained in:
Reinhard Max 2010-05-27 09:28:58 +00:00 committed by Git OBS Bridge
parent 0dbfd6d11d
commit 9d4f3acc65
4 changed files with 115 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postgresql-8.4.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e66b398d565f7fb16d8ae58ae72881dcd3dbb1b88f532bbe1c2d1284812be37e
size 13853838

2
postgresql-pl.spec
View File

@ -26,7 +26,7 @@ BuildRequires: krb5-devel libxslt-devel
%endif
BuildRequires: python-devel tcl-devel
Summary: The PL/Tcl, PL/Perl, and PL/Python Procedural Languages for PostgreSQL
Version: 8.4.3
Version: 8.4.4
Release: 2
%define pg_minor_version %(echo %version | cut -f1-2 -d.)
License: BSD3c(or similar)

110
postgresql.changes
View File

@ -1,3 +1,113 @@
-------------------------------------------------------------------
Thu May 27 10:52:05 CEST 2010 - max@suse.de
- Security and bugfix release 8.4.4:
* Enforce restrictions in plperl using an opmask applied to the
whole interpreter, instead of using Safe.pm. Recent
developments have convinced us that Safe.pm is too insecure to
rely on for making plperl trustable. This change removes use of
Safe.pm altogether, in favor of using a separate interpreter
with an opcode mask that is always applied. Pleasant side
effects of the change include that it is now possible to use
Perl's strict pragma in a natural way in plperl, and that
Perl's $a and $b variables work as expected in sort routines,
and that function compilation is significantly
faster. (CVE-2010-1169)
* Prevent PL/Tcl from executing untrustworthy code from
pltcl_modules. PL/Tcl's feature for autoloading Tcl code from
a database table could be exploited for trojan-horse attacks,
because there was no restriction on who could create or insert
into that table. This change disables the feature unless
pltcl_modules is owned by a superuser. (However, the
permissions on the table are not checked, so installations that
really need a less-than-secure modules table can still grant
suitable privileges to trusted non-superusers.) Also, prevent
loading code into the unrestricted "normal" Tcl interpreter
unless we are really going to execute a pltclu
function. (CVE-2010-1170)
* Fix data corruption during WAL replay of ALTER ... SET
TABLESPACE. When archive_mode is on, ALTER ... SET TABLESPACE
generates a WAL record whose replay logic was incorrect. It
could write the data to the wrong place, leading to
possibly-unrecoverable data corruption. Data corruption would
be observed on standby slaves, and could occur on the master as
well if a database crash and recovery occurred after committing
the ALTER and before the next checkpoint.
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry. This error was introduced in 8.4.3
while fixing a related failure.
* Apply per-function GUC settings while running the language
validator for the function.
* This avoids failures if the function's code is invalid without
the setting; an example is that SQL functions may not parse if
the search_path is not correct.
* Do constraint exclusion for inherited UPDATE and DELETE target
tables when constraint_exclusion = partition. Due to an
oversight, this setting previously only caused constraint
exclusion to be checked in SELECT commands.
* Do not allow an unprivileged user to reset superuser-only
parameter settings. Previously, if an unprivileged user ran
ALTER USER ... RESET ALL for himself, or ALTER DATABASE
... RESET ALL for a database he owns, this would remove all
special parameter settings for the user or database, even ones
that are only supposed to be changeable by a superuser. Now,
the ALTER will only remove the parameters that the user has
permission to change.
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries. In some
cases the context-printing function would fail because the
current transaction had already been rolled back when it came
time to print a log message.
* Fix erroneous handling of %r parameter in recovery_end_command.
The value always came out zero.
* Ensure the archiver process responds to changes in
archive_command as soon as possible.
* Fix pl/pgsql's CASE statement to not fail when the case
expression is a query that returns no rows.
* Update pl/perl's ppport.h for modern Perl versions.
* Fix assorted memory leaks in pl/python.
* Handle empty-string connect parameters properly in ecpg.
* Prevent infinite recursion in psql when expanding a variable
that refers to itself.
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...). Addition of spaces around the decimal point in a
numeric literal would result in a syntax error.
* Avoid formatting failure in psql when running in a locale
context that doesn't match the client_encoding.
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using contrib/intarray
operators.
* Ensure that contrib/pgstattuple functions respond to cancel
interrupts promptly.
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment.
This behavior has been observed on BSD-derived kernels
including OS X. It resulted in an entirely-misleading startup
failure complaining that the shared memory request size was too
large.
-------------------------------------------------------------------
Thu Apr 29 11:56:05 CEST 2010 - max@suse.de

2
postgresql.spec
View File

@ -25,7 +25,7 @@ BuildRequires: ncurses-devel
BuildRequires: krb5-devel libxslt-devel
%endif
Summary: Basic Clients and Utilities for PostgreSQL
Version: 8.4.3
Version: 8.4.4
Release: 2
%define pg_minor_version %(echo %version | cut -f1-2 -d.)
License: BSD3c(or similar)