From 26f64e4c7a3b18d2244270f72f2277ab2ab86a7e Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 5 May 2005 20:08:35 +0000 Subject: [PATCH] Stamp release 7.4.8. --- configure | 18 +- configure.in | 4 +- doc/bug.template | 2 +- doc/src/sgml/release.sgml | 328 +++++++++++++++++++++++++++++++++- src/include/pg_config.h.win32 | 4 +- src/interfaces/libpq/libpq.rc | 8 +- 6 files changed, 345 insertions(+), 19 deletions(-) diff --git a/configure b/configure index 43a8b4013e7..66a047eaf10 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.7. +# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.8. # # Report bugs to . # @@ -258,8 +258,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='PostgreSQL' PACKAGE_TARNAME='postgresql' -PACKAGE_VERSION='7.4.7' -PACKAGE_STRING='PostgreSQL 7.4.7' +PACKAGE_VERSION='7.4.8' +PACKAGE_STRING='PostgreSQL 7.4.8' PACKAGE_BUGREPORT='pgsql-bugs@postgresql.org' ac_unique_file="src/backend/access/common/heaptuple.c" @@ -769,7 +769,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures PostgreSQL 7.4.7 to adapt to many kinds of systems. +\`configure' configures PostgreSQL 7.4.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -830,7 +830,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of PostgreSQL 7.4.7:";; + short | recursive ) echo "Configuration of PostgreSQL 7.4.8:";; esac cat <<\_ACEOF @@ -950,7 +950,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -PostgreSQL configure 7.4.7 +PostgreSQL configure 7.4.8 generated by GNU Autoconf 2.53 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -967,7 +967,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by PostgreSQL $as_me 7.4.7, which was +It was created by PostgreSQL $as_me 7.4.8, which was generated by GNU Autoconf 2.53. Invocation command line was $ $0 $@ @@ -18050,7 +18050,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by PostgreSQL $as_me 7.4.7, which was +This file was extended by PostgreSQL $as_me 7.4.8, which was generated by GNU Autoconf 2.53. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18112,7 +18112,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -PostgreSQL config.status 7.4.7 +PostgreSQL config.status 7.4.8 configured by $0, generated by GNU Autoconf 2.53, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.in b/configure.in index ea745450308..1639c0f393c 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Header: /cvsroot/pgsql/configure.in,v 1.301.2.13 2005/01/30 19:32:20 tgl Exp $ +dnl $Header: /cvsroot/pgsql/configure.in,v 1.301.2.14 2005/05/05 20:08:33 tgl Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -21,7 +21,7 @@ dnl The GNU folks apparently haven't heard that some people don't use dnl Texinfo. Use this sorcery to use "docdir" instead of "infodir". m4_define([info], [doc]) m4_define([infodir], [docdir]) -AC_INIT([PostgreSQL], [7.4.7], [pgsql-bugs@postgresql.org]) +AC_INIT([PostgreSQL], [7.4.8], [pgsql-bugs@postgresql.org]) m4_undefine([infodir]) m4_undefine([info]) AC_SUBST(docdir) diff --git a/doc/bug.template b/doc/bug.template index 551bb9f9569..f5dddd5e9d0 100644 --- a/doc/bug.template +++ b/doc/bug.template @@ -31,7 +31,7 @@ System Configuration: Operating System (example: Linux 2.4.18) : - PostgreSQL version (example: PostgreSQL 7.4.7): PostgreSQL 7.4.7 + PostgreSQL version (example: PostgreSQL 7.4.8): PostgreSQL 7.4.8 Compiler used (example: gcc 3.3.5) : diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index b79089a7de2..a3f1b3e63e0 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,10 +1,181 @@ Release Notes + + Release 7.4.8 + + + Release date + 2005-05-05 + + + + This release contains a variety of fixes from 7.4.7, including several + security-related issues. + + + + Migration to version 7.4.8 + + + A dump/restore is not required for those running 7.4.X. However, + it is one possible way of handling two significant security problems + that have been found in the initial contents of 7.4.X system + catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will + automatically correct these problems. + + + + The larger security problem is that the built-in character set encoding + conversion functions can be invoked from SQL commands by unprivileged + users, but the functions were not designed for such use and are not + secure against malicious choices of arguments. The fix involves changing + the declared parameter list of these functions so that they can no longer + be invoked from SQL commands. (This does not affect their normal use + by the encoding conversion machinery.) + + + + The lesser problem is that the contrib/tsearch2 module + creates several functions that are misdeclared to return + internal when they do not accept internal arguments. + This breaks type safety for all functions using internal + arguments. + + + + It is strongly recommended that all installations repair these errors, + either by initdb or by following the manual repair procedures given + below. The errors at least allow unprivileged database users to crash + their server process, and may allow unprivileged users to gain the + privileges of a database superuser. + + + + If you wish not to do an initdb, perform the following procedures instead. + As the database superuser, do: + + +BEGIN; +UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype +WHERE pronamespace = 11 AND pronargs = 5 + AND proargtypes[2] = 'cstring'::regtype; +-- The command should report having updated 90 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; + + + Next, if you have installed contrib/tsearch2, do + + +BEGIN; +UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype +WHERE oid IN ( + 'dex_init(text)'::regprocedure, + 'snb_en_init(text)'::regprocedure, + 'snb_ru_init(text)'::regprocedure, + 'spell_init(text)'::regprocedure, + 'syn_init(text)'::regprocedure +); +-- The command should report having updated 5 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; + + + If this command fails with a message like function + "dex_init(text)" does not exist, then either tsearch2 + is not installed in this database, or you already did the update. + + + + The above procedures must be carried out in each database + of an installation, including template1, and ideally + including template0 as well. If you do not fix the + template databases then any subsequently created databases will contain + the same errors. template1 can be fixed in the same way + as any other database, but fixing template0 requires + additional steps. First, from any database issue + +UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; + + Next connect to template0 and perform the above repair + procedures. Finally, do + +-- re-freeze template0: +VACUUM FREEZE; +-- and protect it against future alterations: +UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; + + + + + + Changes + + +Change encoding function signature to prevent +misuse +Change contrib/tsearch2 to avoid unsafe use of +INTERNAL function results +Fix comparisons of TIME WITH TIME ZONE values + +The comparison code was wrong in the case where the +--enable-integer-datetimes configuration switch had been used. +NOTE: if you have an index on a TIME WITH TIME ZONE column, +it will need to be REINDEXed after installing this update, because +the fix corrects the sort order of column values. + +Fix EXTRACT(EPOCH) for +TIME WITH TIME ZONE values +Fix mis-display of negative fractional seconds in +INTERVAL values + +This error only occurred when the +--enable-integer-datetimes configuration switch had been used. + +Ensure operations done during backend shutdown are counted by +statistics collector + + This is expected to resolve reports of pg_autovacuum + not vacuuming the system catalogs often enough — it was not being + told about catalog deletions caused by temporary table removal during + backend exit. + +Additional buffer overrun checks in plpgsql +(Neil) +Fix pg_dump to dump trigger names containing % +correctly (Neil) +Fix contrib/pgcrypto for newer OpenSSL builds +(Marko Kreen) +Still more 64-bit fixes for +contrib/intagg +Prevent incorrect optimization of functions returning +RECORD +Prevent to_char(interval) from dumping core for +month-related formats +Prevent crash on COALESCE(NULL,NULL) +Fix array_map to call PL functions correctly +Fix permission checking in ALTER DATABASE RENAME +Fix ALTER LANGUAGE RENAME +Make RemoveFromWaitQueue clean up after itself + +This fixes a lock management error that would only be visible if a transaction +was kicked out of a wait for a lock (typically by query cancel) and then the +holder of the lock released it within a very narrow window. + +Fix problem with untyped parameter appearing in +INSERT ... SELECT +Fix CLUSTER failure after +ALTER TABLE SET WITHOUT OIDS + + + + + Release 7.4.7 @@ -2386,6 +2557,121 @@ DROP SCHEMA information_schema CASCADE; + + Release 7.3.10 + + + Release date + 2005-05-05 + + + + This release contains a variety of fixes from 7.3.9, including several + security-related issues. + + + + Migration to version 7.3.10 + + + A dump/restore is not required for those running 7.3.X. However, + it is one possible way of handling a significant security problem + that has been found in the initial contents of 7.3.X system + catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will + automatically correct this problem. + + + + The security problem is that the built-in character set encoding + conversion functions can be invoked from SQL commands by unprivileged + users, but the functions were not designed for such use and are not + secure against malicious choices of arguments. The fix involves changing + the declared parameter list of these functions so that they can no longer + be invoked from SQL commands. (This does not affect their normal use + by the encoding conversion machinery.) + It is strongly recommended that all installations repair this error, + either by initdb or by following the manual repair procedure given + below. The error at least allows unprivileged database users to crash + their server process, and may allow unprivileged users to gain the + privileges of a database superuser. + + + + If you wish not to do an initdb, perform the following procedure instead. + As the database superuser, do: + + +BEGIN; +UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype +WHERE pronamespace = 11 AND pronargs = 5 + AND proargtypes[2] = 'cstring'::regtype; +-- The command should report having updated 90 rows; +-- if not, rollback and investigate instead of committing! +COMMIT; + + + + + The above procedure must be carried out in each database + of an installation, including template1, and ideally + including template0 as well. If you do not fix the + template databases then any subsequently created databases will contain + the same error. template1 can be fixed in the same way + as any other database, but fixing template0 requires + additional steps. First, from any database issue + +UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; + + Next connect to template0 and perform the above repair + procedure. Finally, do + +-- re-freeze template0: +VACUUM FREEZE; +-- and protect it against future alterations: +UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; + + + + + + Changes + + +Change encoding function signature to prevent +misuse +Fix comparisons of TIME WITH TIME ZONE values + +The comparison code was wrong in the case where the +--enable-integer-datetimes configuration switch had been used. +NOTE: if you have an index on a TIME WITH TIME ZONE column, +it will need to be REINDEXed after installing this update, because +the fix corrects the sort order of column values. + +Fix EXTRACT(EPOCH) for +TIME WITH TIME ZONE values +Fix mis-display of negative fractional seconds in +INTERVAL values + +This error only occurred when the +--enable-integer-datetimes configuration switch had been used. + +Additional buffer overrun checks in plpgsql +(Neil) +Fix pg_dump to dump trigger names containing % +correctly (Neil) +Prevent to_char(interval) from dumping core for +month-related formats +Fix contrib/pgcrypto for newer OpenSSL builds +(Marko Kreen) +Still more 64-bit fixes for +contrib/intagg +Prevent incorrect optimization of functions returning +RECORD + + + + + Release 7.3.9 @@ -3547,6 +3833,46 @@ operations on bytea columns (Joe) + + Release 7.2.8 + + + Release date + 2005-05-05 + + + + This release contains a variety of fixes from 7.2.7, including one + security-related issue. + + + + Migration to version 7.2.8 + + + A dump/restore is not required for those running 7.2.X. + + + + + Changes + + +Fix EXTRACT(EPOCH) for +TIME WITH TIME ZONE values +Additional buffer overrun checks in plpgsql +(Neil) +Fix pg_dump to dump index names and trigger names containing +% correctly (Neil) +Prevent to_char(interval) from dumping core for +month-related formats +Fix contrib/pgcrypto for newer OpenSSL builds +(Marko Kreen) + + + + + Release 7.2.7 diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index dab3b7942f5..2c1c1fda49f 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -3,8 +3,8 @@ /* * Parts of pg_config.h that you get with autoconf on other systems */ -#define PG_VERSION "7.4.7" -#define PG_VERSION_STR "7.4.7 (win32)" +#define PG_VERSION "7.4.8" +#define PG_VERSION_STR "7.4.8 (win32)" #define SYSCONFDIR "" diff --git a/src/interfaces/libpq/libpq.rc b/src/interfaces/libpq/libpq.rc index e46519ce5e5..a1cbc80dae7 100644 --- a/src/interfaces/libpq/libpq.rc +++ b/src/interfaces/libpq/libpq.rc @@ -1,8 +1,8 @@ #include VS_VERSION_INFO VERSIONINFO - FILEVERSION 7,4,7,0 - PRODUCTVERSION 7,4,7,0 + FILEVERSION 7,4,8,0 + PRODUCTVERSION 7,4,8,0 FILEFLAGSMASK 0x3fL FILEFLAGS 0 FILEOS VOS__WINDOWS32 @@ -15,13 +15,13 @@ BEGIN BEGIN VALUE "CompanyName", "\0" VALUE "FileDescription", "PostgreSQL Access Library\0" - VALUE "FileVersion", "7, 4, 7, 0\0" + VALUE "FileVersion", "7, 4, 8, 0\0" VALUE "InternalName", "libpq\0" VALUE "LegalCopyright", "Copyright (C) 2003\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libpq.dll\0" VALUE "ProductName", "PostgreSQL\0" - VALUE "ProductVersion", "7, 4, 7, 0\0" + VALUE "ProductVersion", "7, 4, 8, 0\0" END END BLOCK "VarFileInfo"