diff options
| -rwxr-xr-x | configure | 18 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | doc/bug.template | 2 | ||||
| -rw-r--r-- | doc/src/sgml/release.sgml | 328 | ||||
| -rw-r--r-- | src/include/pg_config.h.win32 | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq.rc | 8 |
6 files changed, 345 insertions, 19 deletions
diff --git a/configure b/configure index 43a8b4013e7..66a047eaf10 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.7. +# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.8. # # Report bugs to <pgsql-bugs@postgresql.org>. # @@ -258,8 +258,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='PostgreSQL' PACKAGE_TARNAME='postgresql' -PACKAGE_VERSION='7.4.7' -PACKAGE_STRING='PostgreSQL 7.4.7' +PACKAGE_VERSION='7.4.8' +PACKAGE_STRING='PostgreSQL 7.4.8' PACKAGE_BUGREPORT='pgsql-bugs@postgresql.org' ac_unique_file="src/backend/access/common/heaptuple.c" @@ -769,7 +769,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures PostgreSQL 7.4.7 to adapt to many kinds of systems. +\`configure' configures PostgreSQL 7.4.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -830,7 +830,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of PostgreSQL 7.4.7:";; + short | recursive ) echo "Configuration of PostgreSQL 7.4.8:";; esac cat <<\_ACEOF @@ -950,7 +950,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -PostgreSQL configure 7.4.7 +PostgreSQL configure 7.4.8 generated by GNU Autoconf 2.53 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -967,7 +967,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by PostgreSQL $as_me 7.4.7, which was +It was created by PostgreSQL $as_me 7.4.8, which was generated by GNU Autoconf 2.53. Invocation command line was $ $0 $@ @@ -18050,7 +18050,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by PostgreSQL $as_me 7.4.7, which was +This file was extended by PostgreSQL $as_me 7.4.8, which was generated by GNU Autoconf 2.53. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18112,7 +18112,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -PostgreSQL config.status 7.4.7 +PostgreSQL config.status 7.4.8 configured by $0, generated by GNU Autoconf 2.53, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.in b/configure.in index ea745450308..1639c0f393c 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Header: /cvsroot/pgsql/configure.in,v 1.301.2.13 2005/01/30 19:32:20 tgl Exp $ +dnl $Header: /cvsroot/pgsql/configure.in,v 1.301.2.14 2005/05/05 20:08:33 tgl Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -21,7 +21,7 @@ dnl The GNU folks apparently haven't heard that some people don't use dnl Texinfo. Use this sorcery to use "docdir" instead of "infodir". m4_define([info], [doc]) m4_define([infodir], [docdir]) -AC_INIT([PostgreSQL], [7.4.7], [pgsql-bugs@postgresql.org]) +AC_INIT([PostgreSQL], [7.4.8], [pgsql-bugs@postgresql.org]) m4_undefine([infodir]) m4_undefine([info]) AC_SUBST(docdir) diff --git a/doc/bug.template b/doc/bug.template index 551bb9f9569..f5dddd5e9d0 100644 --- a/doc/bug.template +++ b/doc/bug.template @@ -31,7 +31,7 @@ System Configuration: Operating System (example: Linux 2.4.18) : - PostgreSQL version (example: PostgreSQL 7.4.7): PostgreSQL 7.4.7 + PostgreSQL version (example: PostgreSQL 7.4.8): PostgreSQL 7.4.8 Compiler used (example: gcc 3.3.5) : diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index b79089a7de2..a3f1b3e63e0 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,10 +1,181 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.29 2005/01/30 19:32:21 tgl Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.30 2005/05/05 20:08:34 tgl Exp $ --> <appendix id="release"> <title>Release Notes</title> + <sect1 id="release-7-4-8"> + <title>Release 7.4.8</title> + + <note> + <title>Release date</title> + <simpara>2005-05-05</simpara> + </note> + + <para> + This release contains a variety of fixes from 7.4.7, including several + security-related issues. + </para> + + <sect2> + <title>Migration to version 7.4.8</title> + + <para> + A dump/restore is not required for those running 7.4.X. However, + it is one possible way of handling two significant security problems + that have been found in the initial contents of 7.4.X system + catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will + automatically correct these problems. + </para> + + <para> + The larger security problem is that the built-in character set encoding + conversion functions can be invoked from SQL commands by unprivileged + users, but the functions were not designed for such use and are not + secure against malicious choices of arguments. The fix involves changing + the declared parameter list of these functions so that they can no longer + be invoked from SQL commands. (This does not affect their normal use + by the encoding conversion machinery.) + </para> + + <para> + The lesser problem is that the <filename>contrib/tsearch2</> module + creates several functions that are misdeclared to return + <type>internal</> when they do not accept <type>internal</> arguments. + This breaks type safety for all functions using <type>internal</> + arguments. + </para> + + <para> + It is strongly recommended that all installations repair these errors, + either by initdb or by following the manual repair procedures given + below. The errors at least allow unprivileged database users to crash + their server process, and may allow unprivileged users to gain the + privileges of a database superuser. + </para> + + <para> + If you wish not to do an initdb, perform the following procedures instead. + As the database superuser, do: + +<programlisting> +BEGIN; +UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype +WHERE pronamespace = 11 AND pronargs = 5 + AND proargtypes[2] = 'cstring'::regtype; +-- The command should report having updated 90 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; +</programlisting> + + Next, if you have installed <filename>contrib/tsearch2</>, do + +<programlisting> +BEGIN; +UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype +WHERE oid IN ( + 'dex_init(text)'::regprocedure, + 'snb_en_init(text)'::regprocedure, + 'snb_ru_init(text)'::regprocedure, + 'spell_init(text)'::regprocedure, + 'syn_init(text)'::regprocedure +); +-- The command should report having updated 5 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; +</programlisting> + + If this command fails with a message like <quote>function + "dex_init(text)" does not exist</>, then either <filename>tsearch2</> + is not installed in this database, or you already did the update. + </para> + + <para> + The above procedures must be carried out in <emphasis>each</> database + of an installation, including <literal>template1</>, and ideally + including <literal>template0</> as well. If you do not fix the + template databases then any subsequently created databases will contain + the same errors. <literal>template1</> can be fixed in the same way + as any other database, but fixing <literal>template0</> requires + additional steps. First, from any database issue +<programlisting> +UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; +</programlisting> + Next connect to <literal>template0</> and perform the above repair + procedures. Finally, do +<programlisting> +-- re-freeze template0: +VACUUM FREEZE; +-- and protect it against future alterations: +UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; +</programlisting> + </para> + </sect2> + + <sect2> + <title>Changes</title> + +<itemizedlist> +<listitem><para>Change encoding function signature to prevent +misuse</para></listitem> +<listitem><para>Change <filename>contrib/tsearch2</> to avoid unsafe use of +<type>INTERNAL</> function results</para></listitem> +<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para> +<para> +The comparison code was wrong in the case where the +<literal>--enable-integer-datetimes</> configuration switch had been used. +NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column, +it will need to be <command>REINDEX</>ed after installing this update, because +the fix corrects the sort order of column values. +</para></listitem> +<listitem><para>Fix <function>EXTRACT(EPOCH)</> for +<type>TIME WITH TIME ZONE</> values</para></listitem> +<listitem><para>Fix mis-display of negative fractional seconds in +<type>INTERVAL</> values</para> +<para> +This error only occurred when the +<literal>--enable-integer-datetimes</> configuration switch had been used. +</para></listitem> +<listitem><para>Ensure operations done during backend shutdown are counted by +statistics collector</para> +<para> + This is expected to resolve reports of <application>pg_autovacuum</> + not vacuuming the system catalogs often enough — it was not being + told about catalog deletions caused by temporary table removal during + backend exit. +</para></listitem> +<listitem><para>Additional buffer overrun checks in plpgsql +(Neil)</para></listitem> +<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</> +correctly (Neil)</para></listitem> +<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds +(Marko Kreen)</para></listitem> +<listitem><para>Still more 64-bit fixes for +<filename>contrib/intagg</></para></listitem> +<listitem><para>Prevent incorrect optimization of functions returning +<type>RECORD</></para></listitem> +<listitem><para>Prevent <function>to_char(interval)</> from dumping core for +month-related formats</para></listitem> +<listitem><para>Prevent crash on <literal>COALESCE(NULL,NULL)</></para></listitem> +<listitem><para>Fix <function>array_map</> to call PL functions correctly</para></listitem> +<listitem><para>Fix permission checking in <command>ALTER DATABASE RENAME</></para></listitem> +<listitem><para>Fix <command>ALTER LANGUAGE RENAME</></para></listitem> +<listitem><para>Make <function>RemoveFromWaitQueue</> clean up after itself</para> +<para> +This fixes a lock management error that would only be visible if a transaction +was kicked out of a wait for a lock (typically by query cancel) and then the +holder of the lock released it within a very narrow window. +</para></listitem> +<listitem><para>Fix problem with untyped parameter appearing in +<command>INSERT ... SELECT</></para></listitem> +<listitem><para>Fix <command>CLUSTER</> failure after +<command>ALTER TABLE SET WITHOUT OIDS</></para></listitem> +</itemizedlist> + + </sect2> + </sect1> + <sect1 id="release-7-4-7"> <title>Release 7.4.7</title> @@ -2386,6 +2557,121 @@ DROP SCHEMA information_schema CASCADE; </sect2> </sect1> + <sect1 id="release-7-3-10"> + <title>Release 7.3.10</title> + + <note> + <title>Release date</title> + <simpara>2005-05-05</simpara> + </note> + + <para> + This release contains a variety of fixes from 7.3.9, including several + security-related issues. + </para> + + <sect2> + <title>Migration to version 7.3.10</title> + + <para> + A dump/restore is not required for those running 7.3.X. However, + it is one possible way of handling a significant security problem + that has been found in the initial contents of 7.3.X system + catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will + automatically correct this problem. + </para> + + <para> + The security problem is that the built-in character set encoding + conversion functions can be invoked from SQL commands by unprivileged + users, but the functions were not designed for such use and are not + secure against malicious choices of arguments. The fix involves changing + the declared parameter list of these functions so that they can no longer + be invoked from SQL commands. (This does not affect their normal use + by the encoding conversion machinery.) + It is strongly recommended that all installations repair this error, + either by initdb or by following the manual repair procedure given + below. The error at least allows unprivileged database users to crash + their server process, and may allow unprivileged users to gain the + privileges of a database superuser. + </para> + + <para> + If you wish not to do an initdb, perform the following procedure instead. + As the database superuser, do: + +<programlisting> +BEGIN; +UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype +WHERE pronamespace = 11 AND pronargs = 5 + AND proargtypes[2] = 'cstring'::regtype; +-- The command should report having updated 90 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; +</programlisting> + </para> + + <para> + The above procedure must be carried out in <emphasis>each</> database + of an installation, including <literal>template1</>, and ideally + including <literal>template0</> as well. If you do not fix the + template databases then any subsequently created databases will contain + the same error. <literal>template1</> can be fixed in the same way + as any other database, but fixing <literal>template0</> requires + additional steps. First, from any database issue +<programlisting> +UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; +</programlisting> + Next connect to <literal>template0</> and perform the above repair + procedure. Finally, do +<programlisting> +-- re-freeze template0: +VACUUM FREEZE; +-- and protect it against future alterations: +UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; +</programlisting> + </para> + </sect2> + + <sect2> + <title>Changes</title> + +<itemizedlist> +<listitem><para>Change encoding function signature to prevent +misuse</para></listitem> +<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para> +<para> +The comparison code was wrong in the case where the +<literal>--enable-integer-datetimes</> configuration switch had been used. +NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column, +it will need to be <command>REINDEX</>ed after installing this update, because +the fix corrects the sort order of column values. +</para></listitem> +<listitem><para>Fix <function>EXTRACT(EPOCH)</> for +<type>TIME WITH TIME ZONE</> values</para></listitem> +<listitem><para>Fix mis-display of negative fractional seconds in +<type>INTERVAL</> values</para> +<para> +This error only occurred when the +<literal>--enable-integer-datetimes</> configuration switch had been used. +</para></listitem> +<listitem><para>Additional buffer overrun checks in plpgsql +(Neil)</para></listitem> +<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</> +correctly (Neil)</para></listitem> +<listitem><para>Prevent <function>to_char(interval)</> from dumping core for +month-related formats</para></listitem> +<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds +(Marko Kreen)</para></listitem> +<listitem><para>Still more 64-bit fixes for +<filename>contrib/intagg</></para></listitem> +<listitem><para>Prevent incorrect optimization of functions returning +<type>RECORD</></para></listitem> +</itemizedlist> + + </sect2> + </sect1> + <sect1 id="release-7-3-9"> <title>Release 7.3.9</title> @@ -3547,6 +3833,46 @@ operations on bytea columns (Joe)</para></listitem> </sect2> </sect1> + <sect1 id="release-7-2-8"> + <title>Release 7.2.8</title> + + <note> + <title>Release date</title> + <simpara>2005-05-05</simpara> + </note> + + <para> + This release contains a variety of fixes from 7.2.7, including one + security-related issue. + </para> + + <sect2> + <title>Migration to version 7.2.8</title> + + <para> + A dump/restore is not required for those running 7.2.X. + </para> + </sect2> + + <sect2> + <title>Changes</title> + +<itemizedlist> +<listitem><para>Fix <function>EXTRACT(EPOCH)</> for +<type>TIME WITH TIME ZONE</> values</para></listitem> +<listitem><para>Additional buffer overrun checks in plpgsql +(Neil)</para></listitem> +<listitem><para>Fix pg_dump to dump index names and trigger names containing +<literal>%</> correctly (Neil)</para></listitem> +<listitem><para>Prevent <function>to_char(interval)</> from dumping core for +month-related formats</para></listitem> +<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds +(Marko Kreen)</para></listitem> +</itemizedlist> + + </sect2> + </sect1> + <sect1 id="release-7-2-7"> <title>Release 7.2.7</title> diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index dab3b7942f5..2c1c1fda49f 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -3,8 +3,8 @@ /* * Parts of pg_config.h that you get with autoconf on other systems */ -#define PG_VERSION "7.4.7" -#define PG_VERSION_STR "7.4.7 (win32)" +#define PG_VERSION "7.4.8" +#define PG_VERSION_STR "7.4.8 (win32)" #define SYSCONFDIR "" diff --git a/src/interfaces/libpq/libpq.rc b/src/interfaces/libpq/libpq.rc index e46519ce5e5..a1cbc80dae7 100644 --- a/src/interfaces/libpq/libpq.rc +++ b/src/interfaces/libpq/libpq.rc @@ -1,8 +1,8 @@ #include <winver.h> VS_VERSION_INFO VERSIONINFO - FILEVERSION 7,4,7,0 - PRODUCTVERSION 7,4,7,0 + FILEVERSION 7,4,8,0 + PRODUCTVERSION 7,4,8,0 FILEFLAGSMASK 0x3fL FILEFLAGS 0 FILEOS VOS__WINDOWS32 @@ -15,13 +15,13 @@ BEGIN BEGIN VALUE "CompanyName", "\0" VALUE "FileDescription", "PostgreSQL Access Library\0" - VALUE "FileVersion", "7, 4, 7, 0\0" + VALUE "FileVersion", "7, 4, 8, 0\0" VALUE "InternalName", "libpq\0" VALUE "LegalCopyright", "Copyright (C) 2003\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libpq.dll\0" VALUE "ProductName", "PostgreSQL\0" - VALUE "ProductVersion", "7, 4, 7, 0\0" + VALUE "ProductVersion", "7, 4, 8, 0\0" END END BLOCK "VarFileInfo" |