| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Posted on 2005-05-12:
In order to address several security issues identified over the past two
weeks, as well as one "low probability" race condition, we are releasing new
version of PostgreSQL as far back as the 7.2.x branch.
Please note that the security issues were those already reported by Tom Lane,
as well as a manual fix for them. These releases are mainly to ensure that
those installing and/or upgrading existing installations have those fixes
automatically.
For details on the fixes, please see the HISTORY file included in the Release,
but a summary consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function results
* Repair race condition between relation extension and VACUUM This could
theoretically have caused loss of a page's worth of freshly-inserted data,
although the scenario seems of very low probability. There are no known
cases of it having caused more than an Assert failure.
|
|
PKGSRC_USE_TOOLS go away. There is now only a single USE_TOOLS variable
that specifies all of the tools we need to build/run the package.
|
|
|
|
Bump PKGREVISION of postgresql73-lib as plpgsql.so has changed (now
loads successfully).
|
|
|
|
dependencies needed when linking PostgreSQL clients with -lpq. Define
a BUILDLINK_LDADD.${PGSQL_TYPE} variable that lists the full set
libraries that would be needed to link with -lpq.
|
|
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1&r2=1.64.4.2
to fix CAN-2005-0247 for postgresql73
Bump PKGREVISION on postgresql73-lib
|
|
from 7.3.8, including several security-related issues. A dump/restore
is not required for those running 7.3.X.
Changes
* Disallow "LOAD" to non-superusers
On platforms that will automatically execute initialization
functions of a shared library (this includes at least Windows and
ELF-based Unixen), "LOAD" can be used to make the server execute
arbitrary code. Thanks to NGS Software for reporting this.
* Check that creator of an aggregate function has the right to
execute the specified transition functions
This oversight made it possible to bypass denial of EXECUTE
permission on a function.
* Fix security and 64-bit issues in contrib/intagg
* Add needed STRICT marking to some contrib functions (Kris Jurka)
* Avoid buffer overrun when plpgsql cursor declaration has too many
parameters (Neil)
* Fix planning error for FULL and RIGHT outer joins
The result of the join was mistakenly supposed to be sorted the
same as the left input. This could not only deliver mis-sorted
output to the user, but in case of nested merge joins could give
outright wrong answers.
* Fix plperl for quote marks in tuple fields
* Fix display of negative intervals in SQL and GERMAN datestyles
|
|
only pass only the -L* LDFLAGS to the linker. This is correct for
pkgsrc since the wrapper scripts take care of correctly passing the
rpath info to the linker, so we don't need to filter those out. This
allows plpgsql.so to find libintl.so if we are using the pkgsrc version
of it. Bump the PKGREVISION of postgresql*-lib to 7.3.8nb1 and
7.4.6nb2.
Link the postgres binary with the necessary flags to allow it to
dlopen() modules that use pthreads[*]. This should allow postgres to
open a plperl.so module built on a system with perl+threads. Bump
the PKGREVISION of postgresql*-server to 7.3.8nb2 and 7.4.6nb2.
[*] Note that this behavior can be tweaked globally by setting
DLOPEN_REQUIRE_PTHREADS to "yes" or "no" in /etc/mk.conf.
|
|
for pkgsrc-2004Q4. The "buildlink" phase was removed for the last branch,
and this is the final cleanup. "post-buildlink" is now "post-wrapper".
|
|
Changes:
* Prevent possible loss of committed transactions during crash
Due to insufficient interlocking between transaction commit and
checkpointing, it was possible for transactions committed just
before the most recent checkpoint to be lost, in whole or in part,
following a database crash and restart. This is a serious bug that
has existed since PostgreSQL 7.1.
* Remove asymmetrical word processing in tsearch (Teodor)
* Properly schema-qualify function names when pg_dump'ing a CAST
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
PostgreSQL is a robust, next-generation, Object-Relational DBMS (ORDBMS),
derived from the Berkeley Postgres database management system. While
PostgreSQL retains the powerful object-relational data model, rich data types
and easy extensibility of Postgres, it replaces the PostQuel query language
with an extended subset of SQL.
PostgreSQL is free and the complete source is available.
This package contains the database headers and libraries.
|
