| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
|
|
* Avoid failures when "EXPLAIN" tries to display a simple-form CASE
expression.
* Fix assignment to an array slice that is before the existing range
of subscripts.
* Avoid unexpected conversion overflow in planner for very distant
date values.
* Fix pg_restore's text output for large objects (BLOBs) when
standard_conforming_strings is on.
* Fix erroneous parsing of tsquery values containing ... &
!(subexpression) | ...
* Fix buffer overrun in "contrib/intarray"'s input function for the
query_int type.
* Fix bug in "contrib/seg"'s GiST picksplit algorithm.
|
|
* Force the default wal_sync_method to be fdatasync on Linux
* Fix assorted bugs in WAL replay logic for GIN indexes
* Fix recovery from base backup when the starting checkpoint WAL
record is not in the same WAL segment as its redo point
* Fix persistent slowdown of autovacuum workers when multiple workers
remain active for a long time
* Add support for detecting register-stack overrun on IA64
* Add a check for stack overflow in copyObject()
* Fix detection of page splits in temporary GiST indexes
* Avoid memory leakage while "ANALYZE"'ing complex index expressions
* Ensure an index that uses a whole-row Var still depends on its
table
* Do not "inline" a SQL function with multiple OUT parameters
* Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
attached to the VALUES part of INSERT ... VALUES
* Fix constant-folding of COALESCE() expressions
* Fix postmaster crash when connection acceptance (accept() or one of
the calls made immediately after it) fails, and the postmaster was
compiled with GSSAPI support
* Fix missed unlink of temporary files when log_temp_files is active
* Add print functionality for InhRelation nodes
* Fix incorrect calculation of distance from a point to a horizontal
line segment
* Fix PL/pgSQL's handling of "simple" expressions to not fail in
recursion or error-recovery cases
* Fix PL/Python's handling of set-returning functions
* Fix bug in "contrib/cube"'s GiST picksplit algorithm
* Don't emit "identifier will be truncated" notices in
"contrib/dblink" except when creating new connections
* Fix potential coredump on missing public key in "contrib/pgcrypto"
* Fix memory leak in "contrib/xml2"'s XPath query functions
* Update time zone data files to tzdata release 2010o for DST law
changes in Fiji and Samoa; also historical corrections for Hong
Kong.
|
|
With significant new functionality and performance enhancements, this
release represents a major leap forward for PostgreSQL. This was made
possible by a growing community that has dramatically accelerated the
pace of development. This release adds the following major features:
* Full text search is integrated into the core database system
* Support for the SQL/XML standard, including new operators and an
XML data type
* Enumerated data types (ENUM)
* Arrays of composite types
* Universally Unique Identifier (UUID) data type
* Add control over whether NULLs sort first or last
* Updatable cursors
* Server configuration parameters can now be set on a per-function
basis
* User-defined types can now have type modifiers
* Automatically re-plan cached queries when table definitions change
or statistics are updated
* Numerous improvements in logging and statistics collection
* Support Security Service Provider Interface (SSPI) for
authentication on Windows
* Support multiple concurrent autovacuum processes, and other
autovacuum improvements
* Allow the whole PostgreSQL distribution to be compiled with
Microsoft Visual C++
|
