mirror of
https://github.com/postgres/postgres.git
synced 2025-08-08 06:02:22 +03:00
Stamp release 7.3.10.
This commit is contained in:
Tom Lane
@@ -31,7 +31,7 @@ System Configuration:
|
||||
|
||||
Operating System (example: Linux 2.4.18) :
|
||||
|
||||
PostgreSQL version (example: PostgreSQL 7.3.9): PostgreSQL 7.3.9
|
||||
PostgreSQL version (example: PostgreSQL 7.3.10): PostgreSQL 7.3.10
|
||||
|
||||
Compiler used (example: gcc 3.3.5) :
|
||||
|
||||
|
||||
@@ -1,10 +1,125 @@
|
||||
<!--
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.163.2.20 2005/01/30 20:08:14 tgl Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.163.2.21 2005/05/05 20:09:11 tgl Exp $
|
||||
-->
|
||||
|
||||
<appendix id="release">
|
||||
<title>Release Notes</title>
|
||||
|
||||
<sect1 id="release-7-3-10">
|
||||
<title>Release 7.3.10</title>
|
||||
|
||||
<note>
|
||||
<title>Release date</title>
|
||||
<simpara>2005-05-05</simpara>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
This release contains a variety of fixes from 7.3.9, including several
|
||||
security-related issues.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Migration to version 7.3.10</title>
|
||||
|
||||
<para>
|
||||
A dump/restore is not required for those running 7.3.X. However,
|
||||
it is one possible way of handling a significant security problem
|
||||
that has been found in the initial contents of 7.3.X system
|
||||
catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will
|
||||
automatically correct this problem.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The security problem is that the built-in character set encoding
|
||||
conversion functions can be invoked from SQL commands by unprivileged
|
||||
users, but the functions were not designed for such use and are not
|
||||
secure against malicious choices of arguments. The fix involves changing
|
||||
the declared parameter list of these functions so that they can no longer
|
||||
be invoked from SQL commands. (This does not affect their normal use
|
||||
by the encoding conversion machinery.)
|
||||
It is strongly recommended that all installations repair this error,
|
||||
either by initdb or by following the manual repair procedure given
|
||||
below. The error at least allows unprivileged database users to crash
|
||||
their server process, and may allow unprivileged users to gain the
|
||||
privileges of a database superuser.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you wish not to do an initdb, perform the following procedure instead.
|
||||
As the database superuser, do:
|
||||
|
||||
<programlisting>
|
||||
BEGIN;
|
||||
UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype
|
||||
WHERE pronamespace = 11 AND pronargs = 5
|
||||
AND proargtypes[2] = 'cstring'::regtype;
|
||||
-- The command should report having updated 90 rows;
|
||||
-- if not, rollback and investigate instead of committing!
|
||||
COMMIT;
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The above procedure must be carried out in <emphasis>each</> database
|
||||
of an installation, including <literal>template1</>, and ideally
|
||||
including <literal>template0</> as well. If you do not fix the
|
||||
template databases then any subsequently created databases will contain
|
||||
the same error. <literal>template1</> can be fixed in the same way
|
||||
as any other database, but fixing <literal>template0</> requires
|
||||
additional steps. First, from any database issue
|
||||
<programlisting>
|
||||
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
|
||||
</programlisting>
|
||||
Next connect to <literal>template0</> and perform the above repair
|
||||
procedure. Finally, do
|
||||
<programlisting>
|
||||
-- re-freeze template0:
|
||||
VACUUM FREEZE;
|
||||
-- and protect it against future alterations:
|
||||
UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
|
||||
</programlisting>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Changes</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Change encoding function signature to prevent
|
||||
misuse</para></listitem>
|
||||
<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para>
|
||||
<para>
|
||||
The comparison code was wrong in the case where the
|
||||
<literal>--enable-integer-datetimes</> configuration switch had been used.
|
||||
NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column,
|
||||
it will need to be <command>REINDEX</>ed after installing this update, because
|
||||
the fix corrects the sort order of column values.
|
||||
</para></listitem>
|
||||
<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
|
||||
<type>TIME WITH TIME ZONE</> values</para></listitem>
|
||||
<listitem><para>Fix mis-display of negative fractional seconds in
|
||||
<type>INTERVAL</> values</para>
|
||||
<para>
|
||||
This error only occurred when the
|
||||
<literal>--enable-integer-datetimes</> configuration switch had been used.
|
||||
</para></listitem>
|
||||
<listitem><para>Additional buffer overrun checks in plpgsql
|
||||
(Neil)</para></listitem>
|
||||
<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</>
|
||||
correctly (Neil)</para></listitem>
|
||||
<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
|
||||
month-related formats</para></listitem>
|
||||
<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
|
||||
(Marko Kreen)</para></listitem>
|
||||
<listitem><para>Still more 64-bit fixes for
|
||||
<filename>contrib/intagg</></para></listitem>
|
||||
<listitem><para>Prevent incorrect optimization of functions returning
|
||||
<type>RECORD</></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="release-7-3-9">
|
||||
<title>Release 7.3.9</title>
|
||||
|
||||
@@ -1166,6 +1281,46 @@ operations on bytea columns (Joe)</para></listitem>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="release-7-2-8">
|
||||
<title>Release 7.2.8</title>
|
||||
|
||||
<note>
|
||||
<title>Release date</title>
|
||||
<simpara>2005-05-05</simpara>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
This release contains a variety of fixes from 7.2.7, including one
|
||||
security-related issue.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Migration to version 7.2.8</title>
|
||||
|
||||
<para>
|
||||
A dump/restore is not required for those running 7.2.X.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Changes</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
|
||||
<type>TIME WITH TIME ZONE</> values</para></listitem>
|
||||
<listitem><para>Additional buffer overrun checks in plpgsql
|
||||
(Neil)</para></listitem>
|
||||
<listitem><para>Fix pg_dump to dump index names and trigger names containing
|
||||
<literal>%</> correctly (Neil)</para></listitem>
|
||||
<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
|
||||
month-related formats</para></listitem>
|
||||
<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
|
||||
(Marko Kreen)</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="release-7-2-7">
|
||||
<title>Release 7.2.7</title>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user