From 9c1bb683565820e24fd981506cc7c1dd3cdedbd2 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 30 Jan 2005 19:32:22 +0000 Subject: Stamp release 7.4.7. --- doc/src/sgml/release.sgml | 254 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 208 insertions(+), 46 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index aa68e90fd74..b79089a7de2 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,10 +1,68 @@ Release Notes + + Release 7.4.7 + + + Release date + 2005-01-31 + + + + This release contains a variety of fixes from 7.4.6, including several + security-related issues. + + + + Migration to version 7.4.7 + + + A dump/restore is not required for those running 7.4.X. + + + + + Changes + + +Disallow LOAD to non-superusers + +On platforms that will automatically execute initialization functions of a +shared library (this includes at least Windows and ELF-based Unixen), +LOAD can be used to make the server execute arbitrary code. +Thanks to NGS Software for reporting this. +Check that creator of an aggregate function has the right to +execute the specified transition functions + +This oversight made it possible to bypass denial of EXECUTE +permission on a function. +Fix security and 64-bit issues in +contrib/intagg +Add needed STRICT marking to some contrib functions (Kris +Jurka) +Avoid buffer overrun when plpgsql cursor declaration has too +many parameters (Neil) +Fix planning error for FULL and RIGHT outer joins + +The result of the join was mistakenly supposed to be sorted the same as the +left input. This could not only deliver mis-sorted output to the user, but +in case of nested merge joins could give outright wrong answers. + +Fix plperl for quote marks in tuple fields +Fix display of negative intervals in SQL and GERMAN +datestyles +Make age(timestamptz) do calculation in local timezone not +GMT + + + + + Release 7.4.6 @@ -41,11 +99,11 @@ it as a potential-data-loss bug. Very large left joins using a hash join plan could fail to output unmatched left-side rows given just the right data distribution. -Disallow running pg_ctl as root +Disallow running pg_ctl as root This is to guard against any possible security issues. -Avoid using temp files in /tmp in make_oidjoins_check +Avoid using temp files in /tmp in make_oidjoins_check This has been reported as a security issue, though it's hardly worthy of concern since there is no reason for non-developers to use this script anyway. @@ -56,7 +114,7 @@ result In rare cases, a client might think that its last command had succeeded when it really had been aborted by forced database shutdown. -Repair bug in pg_stat_get_backend_idset() +Repair bug in pg_stat_get_backend_idset This could lead to misbehavior in some of the system-statistics views. @@ -100,9 +158,9 @@ ECPG prepare statement Changes -Repair possible crash during concurrent btree index insertions +Repair possible crash during concurrent B-tree index insertions -This patch fixes a rare case in which concurrent insertions into a btree index +This patch fixes a rare case in which concurrent insertions into a B-tree index could result in a server panic. No permanent damage would result, but it's still worth a re-release. The bug does not exist in pre-7.4 releases. @@ -146,12 +204,12 @@ since PostgreSQL 7.1. Check HAVING restriction before evaluating result list of an aggregate plan -Avoid crash when session's current userID is deleted +Avoid crash when session's current user ID is deleted Fix hashed crosstab for zero-rows case (Joe) Force cache update after renaming a column in a foreign key Pretty-print UNION queries correctly Make psql handle \r\n newlines properly in COPY IN -pg_dump handled ACLs with grant options incorrectly +pg_dump handled ACLs with grant options incorrectly Fix thread support for OS X and Solaris Updated JDBC driver (build 215) with various fixes ECPG fixes @@ -439,7 +497,7 @@ DROP SCHEMA information_schema CASCADE; Force zero_damaged_pages to be on during recovery from WAL Prevent some obscure cases of variable not in subplan target lists Make PQescapeBytea and byteaout consistent with each other (Joe) -Escape bytea output for bytes > 0x7e(Joe) +Escape bytea output for bytes > 0x7e(Joe) If different client encodings are used for bytea output and input, it is possible for bytea values to be corrupted by the differing @@ -1417,7 +1475,7 @@ DROP SCHEMA information_schema CASCADE; - Make CREATE SEQUENCE grammar more conforming to SQL 2003 (Neil) + Make CREATE SEQUENCE grammar more conforming to SQL:2003 (Neil) @@ -1492,7 +1550,7 @@ DROP SCHEMA information_schema CASCADE; Allow copying table schema using LIKE - subtable, also SQL 2003 + subtable, also SQL:2003 feature INCLUDING DEFAULTS (Rod) @@ -2272,7 +2330,7 @@ DROP SCHEMA information_schema CASCADE; Allow libpq to compile with Borland C++ compiler (Lester Godwin, Karl Waclawek) Use our own version of getopt_long() if needed (Peter) Convert administration scripts to C (Peter) - Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS + Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS Merge documentation into one book (Peter) Add Windows compatibility functions (Bruce) Allow client interfaces to compile under MinGW (Bruce) @@ -2328,6 +2386,62 @@ DROP SCHEMA information_schema CASCADE; + + Release 7.3.9 + + + Release date + 2005-01-31 + + + + This release contains a variety of fixes from 7.3.8, including several + security-related issues. + + + + Migration to version 7.3.9 + + + A dump/restore is not required for those running 7.3.X. + + + + + Changes + + +Disallow LOAD to non-superusers + +On platforms that will automatically execute initialization functions of a +shared library (this includes at least Windows and ELF-based Unixen), +LOAD can be used to make the server execute arbitrary code. +Thanks to NGS Software for reporting this. +Check that creator of an aggregate function has the right to +execute the specified transition functions + +This oversight made it possible to bypass denial of EXECUTE +permission on a function. +Fix security and 64-bit issues in +contrib/intagg +Add needed STRICT marking to some contrib functions (Kris +Jurka) +Avoid buffer overrun when plpgsql cursor declaration has too +many parameters (Neil) +Fix planning error for FULL and RIGHT outer joins + +The result of the join was mistakenly supposed to be sorted the same as the +left input. This could not only deliver mis-sorted output to the user, but +in case of nested merge joins could give outright wrong answers. + +Fix plperl for quote marks in tuple fields +Fix display of negative intervals in SQL and GERMAN +datestyles + + + + + Release 7.3.8 @@ -3113,7 +3227,7 @@ operations on bytea columns (Joe) Make cursors insensitive, meaning their contents do not change (Tom) Disable LIMIT #,# syntax; now only LIMIT # OFFSET # supported (Bruce) Increase identifier length to 63 (Neil, Bruce) -UNION fixes for merging >= 3 columns of different lengths (Tom) +UNION fixes for merging >= 3 columns of different lengths (Tom) Add DEFAULT key word to INSERT, e.g., INSERT ... (..., DEFAULT, ...) (Rod) Allow views to have default values using ALTER COLUMN ... SET DEFAULT (Neil) Fail on INSERTs with column lists that don't supply all column values, e.g., INSERT INTO tab (col1, col2) VALUES ('val1'); (Rod) @@ -3196,7 +3310,7 @@ operations on bytea columns (Joe) New pg_settings table to view/modify GUC settings (Joe) Add smart quoting, portability improvements to pg_dump output (Peter) Dump serial columns out as SERIAL (Tom) -Enable large file support, >2G for pg_dump (Peter, Philip Warner, Bruce) +Enable large file support, >2G for pg_dump (Peter, Philip Warner, Bruce) Disallow TRUNCATE on tables that are involved in referential constraints (Rod) Have TRUNCATE also auto-truncate the toast table of the relation (Tom) Add clusterdb utility that will auto-cluster an entire database based on previous CLUSTER operations (Alvaro Herrera) @@ -3260,7 +3374,7 @@ operations on bytea columns (Joe) Add additional encodings: Korean (JOHAB), Thai (WIN874), Vietnamese (TCVN), Arabic (WIN1256), Simplified Chinese (GBK), Korean (UHC) (Eiji Tokuya) Enable locale support by default (Peter) Add locale variables (Peter) -Escape byes >= 0x7f for multibyte in PQescapeBytea/PQunescapeBytea (Tatsuo) +Escape byes >= 0x7f for multibyte in PQescapeBytea/PQunescapeBytea (Tatsuo) Add locale awareness to regular expression character classes Enable multibyte support by default (Tatsuo) Add GB18030 multibyte support (Bill Huang) @@ -3305,7 +3419,7 @@ operations on bytea columns (Joe) libpq -Add $HOME/.pgpass to store host/user password combinations (Alvaro Herrera) +Add ~/.pgpass to store host/user password combinations (Alvaro Herrera) Add PQunescapeBytea() function to libpq (Patrick Welche) Fix for sending large queries over non-blocking connections (Bernhard Herzog) Fix for libpq using timers on Win9X (David Ford) @@ -3433,6 +3547,54 @@ operations on bytea columns (Joe) + + Release 7.2.7 + + + Release date + 2005-01-31 + + + + This release contains a variety of fixes from 7.2.6, including several + security-related issues. + + + + Migration to version 7.2.7 + + + A dump/restore is not required for those running 7.2.X. + + + + + Changes + + +Disallow LOAD to non-superusers + +On platforms that will automatically execute initialization functions of a +shared library (this includes at least Windows and ELF-based Unixen), +LOAD can be used to make the server execute arbitrary code. +Thanks to NGS Software for reporting this. +Add needed STRICT marking to some contrib functions (Kris +Jurka) +Avoid buffer overrun when plpgsql cursor declaration has too +many parameters (Neil) +Fix planning error for FULL and RIGHT outer joins + +The result of the join was mistakenly supposed to be sorted the same as the +left input. This could not only deliver mis-sorted output to the user, but +in case of nested merge joins could give outright wrong answers. + +Fix display of negative intervals in SQL and GERMAN +datestyles + + + + + Release 7.2.6 @@ -3630,7 +3792,7 @@ since PostgreSQL 7.1. Allow EXECUTE of "CREATE TABLE AS ... SELECT" in PL/pgSQL (Tom) Fix for compressed transaction log id wraparound (Tom) -Fix PQescapeBytea/PQunescapeBytea so that they handle bytes > 0x7f (Tatsuo) +Fix PQescapeBytea/PQunescapeBytea so that they handle bytes > 0x7f (Tatsuo) Fix for psql and pg_dump crashing when invoked with non-existent long options (Tatsuo) Fix crash when invoking geometric operators (Tom) Allow OPEN cursor(args) (Tom) @@ -4801,7 +4963,7 @@ Added documentation to tarball. Fix many CLUSTER failures (Tom) Allow ALTER TABLE RENAME works on indexes (Tom) -Fix plpgsql to handle datetime->timestamp and timespan->interval (Bruce) +Fix plpgsql to handle datetime->timestamp and timespan->interval (Bruce) New configure --with-setproctitle switch to use setproctitle() (Marc, Bruce) Fix the off by one errors in ResultSet from 6.5.3, and more. jdbc ResultSet fixes (Joseph Shraibman) @@ -5049,7 +5211,7 @@ Fix mismatched types in CREATE TABLE ... DEFAULT Fix SELECT * FROM pg_class where oid in (0,-1) Fix SELECT COUNT('asdf') FROM pg_class WHERE oid=12 Prevent user who can create databases can modifying pg_database table (Peter E) -Fix btree to give a useful elog when key > 1/2 (page - overhead) (Tom) +Fix btree to give a useful elog when key > 1/2 (page - overhead) (Tom) Fix INSERT of 0.0 into DECIMAL(4,4) field (Tom) Enhancements @@ -5258,7 +5420,7 @@ Fewer fsync writes when fsync is not disabled (Tom) Improved LIKE optimizer estimates (Tom) Prevent fsync in SELECT-only queries (Vadim) Make index creation use psort code, because it is now faster (Tom) -Allow creation of sort temp tables > 1 Gig +Allow creation of sort temp tables > 1 Gig Source Tree Changes ------------------- @@ -5680,7 +5842,7 @@ Add Win1250 (Czech) support (Pavel Behal) Bug Fixes --------- -Fix text<->float8 and text<->float4 conversion functions(Thomas) +Fix text<->float8 and text<->float4 conversion functions(Thomas) Fix for creating tables with mixed-case constraints(Billy) Change exp()/pow() behavior to generate error on underflow/overflow(Jan) Fix bug in pg_dump -z @@ -6888,7 +7050,7 @@ Check explicitly for points and polygons contained within polygons using an axis-crossing algorithm(Thomas) Add routine to convert circle-box(Thomas) Merge conflicting operators for different geometric data types(Thomas) -Replace distance operator "<===>" with "<->"(Thomas) +Replace distance operator "<===>" with "<->"(Thomas) Replace "above" operator "!^" with ">^" and "below" operator "!|" with "<^"(Thomas) Add routines for text trimming on both ends, substring, and string position(Thomas) Added conversion routines circle(box) and poly(circle)(Thomas) @@ -7440,31 +7602,31 @@ New Ports @@ -7756,9 +7918,9 @@ more compliant to the SQL-92 standard): char(N), varchar(N), date and time. The following are aliases to existing postgres types: - smallint -> int2 - integer, int -> int4 - float, real -> float4 + smallint -> int2 + integer, int -> int4 + float, real -> float4 char(N) and varchar(N) are implemented as truncated text types. In addition, char(N) does blank-padding. * single-quote (') is used for quoting string literals; '' (in addition to -- cgit v1.2.3