From 40cf433eb6e98f64cc508fabdb3a745062e22786 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 2 Feb 2007 00:10:33 +0000 Subject: [PATCH] Update release notes for security-related releases in all active branches. Security: CVE-2007-0555, CVE-2007-0556 --- doc/src/sgml/release.sgml | 1461 ++++++++++++++++++++++++------------- 1 file changed, 957 insertions(+), 504 deletions(-) diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index 6fa9bc66766..1774fe73c97 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,4 +1,4 @@ - + Release Notes + + Release 8.2.2 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 8.2.1, including + a security fix. + + + + Migration to version 8.2.2 + + + A dump/restore is not required for those running 8.2.X. + + + + + + Changes + + + + + + Remove security vulnerabilities that allowed connected users + to read backend memory (Tom) + + + The vulnerabilities involve suppressing the normal check that a SQL + function returns the data type it's declared to, and changing the + data type of a table column (CVE-2007-0555, CVE-2007-0556). These + errors can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix not-so-rare-anymore bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Fix Borland C compile scripts (L Bayuk) + + + + + + Properly handle to_char('CC') for years ending in + 00 (Tom) + + + Year 2000 is in the twentieth century, not the twenty-first. + + + + + + /contrib/tsearch2 localization improvements (Tatsuo, Teodor) + + + + + + Fix incorrect permission check in + information_schema.key_column_usage view (Tom) + + + The symptom is relation with OID nnnnn does not exist errors. + To get this fix without using initdb, use CREATE OR + REPLACE VIEW to install the corrected definition found in + share/information_schema.sql. Note you will need to do + this in each database. + + + + + + Improve VACUUM performance for databases with many tables (Tom) + + + + + + Fix for rare Assert() crash triggered by UNION (Tom) + + + + + + Fix potentially incorrect results from index searches using + ROW inequality conditions (Tom) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + + Fix bogus permission denied failures occurring on Windows + due to attempts to fsync already-deleted files (Magnus, Tom) + + + + + + Fix bug that could cause the statistics collector + to hang on Windows (Magnus) + + + + This would in turn lead to autovacuum not working. + + + + + + Fix possible crashes when an already-in-use PL/pgSQL function is + updated (Tom) + + + + + + Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom) + + + + + + Fix possible errors in processing PL/pgSQL exception blocks (Tom) + + + + + + + + Release 8.2.1 @@ -166,7 +320,7 @@ links to the main documentation. - + Release 8.2 @@ -503,7 +657,7 @@ links to the main documentation. - This may eliminate the need to set unrealistically small + This might eliminate the need to set unrealistically small values of random_page_cost. If you have been using a very small random_page_cost, @@ -998,7 +1152,7 @@ links to the main documentation. On platforms where it is expensive to update the ps - display, it may be worthwhile to turn this off and rely solely on + display, it might be worthwhile to turn this off and rely solely on pg_stat_activity for status information. @@ -1279,7 +1433,7 @@ links to the main documentation. This prevents surprising behavior due to multiple evaluation of a volatile function (such as random() - or nextval()). It may cause performance + or nextval()). It might cause performance degradation in the presence of functions that are unnecessarily marked as volatile. @@ -2726,6 +2880,106 @@ links to the main documentation. + + Release 8.1.7 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 8.1.6, including + a security fix. + + + + Migration to version 8.1.7 + + + A dump/restore is not required for those running 8.1.X. + However, if you are upgrading from a version earlier than 8.1.2, + see the release notes for 8.1.2. + + + + + + Changes + + + + + + Remove security vulnerabilities that allowed connected users + to read backend memory (Tom) + + + The vulnerabilities involve suppressing the normal check that a SQL + function returns the data type it's declared to, and changing the + data type of a table column (CVE-2007-0555, CVE-2007-0556). These + errors can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Improve VACUUM performance for databases with many tables (Tom) + + + + + + Fix autovacuum to avoid leaving non-permanent transaction IDs in + non-connectable databases (Alvaro) + + + + This bug affects the 8.1 branch only. + + + + + + Fix for rare Assert() crash triggered by UNION (Tom) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + + Fix bogus permission denied failures occurring on Windows + due to attempts to fsync already-deleted files (Magnus, Tom) + + + + + + Fix possible crashes when an already-in-use PL/pgSQL function is + updated (Tom) + + + + + + + + Release 8.1.6 @@ -2875,7 +3129,7 @@ links to the main documentation. - + Release 8.1.5 @@ -2950,7 +3204,7 @@ compilers (Hiroshi Saito) - + Release 8.1.4 @@ -2975,7 +3229,7 @@ compilers (Hiroshi Saito) Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 may require changes in application + CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In @@ -3007,7 +3261,7 @@ literals. By default, \' is rejected only when GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against -CVE-2006-2314 may require client-side changes; the purpose of +CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. @@ -3102,7 +3356,7 @@ documented (Tom) - + Release 8.1.3 @@ -3121,7 +3375,7 @@ documented (Tom) A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, + However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. @@ -3170,7 +3424,7 @@ constraints in the proper order (Nakano Yoshihisa) references to custom operators or operator classes (Tom) Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining +COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash @@ -3222,7 +3476,7 @@ creation (Tom) - + Release 8.1.2 @@ -3274,7 +3528,7 @@ to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You may need +plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. @@ -3323,7 +3577,7 @@ what's actually returned by the query (Joe) - + Release 8.1.1 @@ -3390,7 +3644,7 @@ on Windows depending on which version of libintl was used. (to_char(interval) should probably use HH24.) (Bruce) -AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi +AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi Saito) Optimizer improvements (Tom) @@ -3413,7 +3667,7 @@ DISTINCT query - + Release 8.1 @@ -3424,7 +3678,7 @@ DISTINCT query Overview - + Major changes in this release: @@ -3479,7 +3733,7 @@ DISTINCT query Add two-phase commit (Heikki Linnakangas, Alvaro, Tom) - + Two-phase commit allows transactions to be "prepared" on several @@ -3496,7 +3750,7 @@ DISTINCT query - Create a new role system that replaces users and groups + Create a new role system that replaces users and groups (Stephen Frost) @@ -3509,7 +3763,7 @@ DISTINCT query - + Have login capability (optionally) @@ -3541,8 +3795,8 @@ DISTINCT query SET ROLE to switch to other roles she is a member of. This feature is a generalization of the SQL standard's concept of roles. - This change also replaces pg_shadow and - pg_group by new role-capable catalogs + This change also replaces pg_shadow and + pg_group by new role-capable catalogs pg_authid and pg_auth_members. The old tables are redefined as read-only views on the new role tables. @@ -3554,14 +3808,14 @@ DISTINCT query Automatically use indexes for MIN() and MAX() (Tom) - + In previous releases, the only way to use an index for MIN() or MAX() was to rewrite the query as SELECT col FROM tab ORDER BY col LIMIT 1. Index usage now happens automatically. - + @@ -3639,15 +3893,15 @@ DISTINCT query - + Migration to version 8.1 - + A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. - + The 8.0 release announced that the to_char() function for intervals would be removed in 8.1. However, since no better API @@ -3672,7 +3926,7 @@ DISTINCT query - It may be necessary to set add_missing_from to true + It might be necessary to set add_missing_from to true in order to load an existing dump file, if the dump contains any views or rules created using the implicit-FROM syntax. This should be a one-time annoyance, because @@ -3741,7 +3995,7 @@ DISTINCT query treat backslashes literally in ordinary strings? - + escape_string_warning — warn about backslashes in @@ -3894,7 +4148,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - CREATE LANGUAGE may ignore the provided arguments + CREATE LANGUAGE can ignore the provided arguments in favor of information from pg_pltemplate (Tom) @@ -3939,16 +4193,16 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + Additional Changes - + Below you will find a detailed account of the additional changes between PostgreSQL 8.1 and the previous major release. - + Performance Improvements @@ -4094,7 +4348,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 objects after the OID counter has wrapped around (Tom) - + Add warning about the need to increase @@ -4228,15 +4482,15 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Query Changes - + - Add temporary views (Koju Iijima, Neil) + Add temporary views (Koju Iijima, Neil) @@ -4303,12 +4557,12 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Object Manipulation Changes - + Track dependencies of shared objects (Alvaro) @@ -4326,7 +4580,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - Allow limited ALTER OWNER commands to be performed + Allow limited ALTER OWNER commands to be performed by the object owner (Stephen Frost) @@ -4348,7 +4602,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 This allows objects to be moved to different schemas. - + Add ALTER TABLE ENABLE/DISABLE TRIGGER to @@ -4358,12 +4612,12 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Utility Command Changes - + Allow TRUNCATE to truncate multiple tables in a @@ -4474,12 +4728,12 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Data Type and Function Changes - + Add MAX() and MIN() aggregates for @@ -4672,7 +4926,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + pg_tablespace_size() @@ -4702,7 +4956,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 pg_size_pretty() - + @@ -4718,7 +4972,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + pg_stat_file() @@ -4740,7 +4994,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + Add pg_reload_conf() to force reloading of the @@ -4763,12 +5017,12 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Encoding and Locale Changes - + Rename some encodings to be more consistent and to follow @@ -4776,7 +5030,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + UNICODE is now UTF8 @@ -4839,19 +5093,19 @@ psql -t -f fixseq.sql db1 | psql -e db1 Allow the UTF8 encoding to work on Windows (Magnus) - This is done by mapping UTF8 to the Windows-native UTF16 + This is done by mapping UTF8 to the Windows-native UTF16 implementation. - - + + General Server-Side Language Changes - + Fix ALTER LANGUAGE RENAME (Sergey Yatskevich) @@ -4906,11 +5160,11 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + PL/PgSQL Server-Side Language Changes - + Overhaul the memory management of PL/PgSQL functions (Neil) @@ -4998,8 +5252,8 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + PL/Perl Server-Side Language Changes @@ -5074,7 +5328,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 <application>psql</> Changes - + Add \set ON_ERROR_ROLLBACK to allow statements in @@ -5178,15 +5432,15 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + <application>pg_dump</> Changes - + - Add @@ -5196,7 +5450,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - Allow pg_dump to dump large objects even in + Allow pg_dump to dump large objects even in text mode (Tom) @@ -5207,7 +5461,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - Allow pg_dump to dump a consistent snapshot of + Allow pg_dump to dump a consistent snapshot of large objects (Tom) @@ -5220,7 +5474,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - Add @@ -5246,12 +5500,12 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + <application>libpq</application> Changes - + Add a PGPASSFILE environment variable to specify the @@ -5276,19 +5530,19 @@ psql -t -f fixseq.sql db1 | psql -e db1 - - + + Source Code Changes - + Fix pgxs to support building against a relocated installation - + Add spinlock support for the Itanium processor using Intel @@ -5426,7 +5680,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 Contrib Changes - + Add /contrib/pg_buffercache contrib module (Mark @@ -5490,7 +5744,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + Implementation of OpenPGP symmetric-key and public-key encryption @@ -5532,7 +5786,76 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + + + + + + Release 8.0.11 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 8.0.10, including + a security fix. + + + + Migration to version 8.0.11 + + + A dump/restore is not required for those running 8.0.X. However, + if you are upgrading from a version earlier than 8.0.6, see the release + notes for 8.0.6. + + + + + + Changes + + + + + + Remove security vulnerabilities that allowed connected users + to read backend memory (Tom) + + + The vulnerabilities involve suppressing the normal check that a SQL + function returns the data type it's declared to, and changing the + data type of a table column (CVE-2007-0555, CVE-2007-0556). These + errors can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Fix for rare Assert() crash triggered by UNION (Tom) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + @@ -5654,7 +5977,7 @@ psql -t -f fixseq.sql db1 | psql -e db1 - + Release 8.0.9 @@ -5708,7 +6031,7 @@ Wieland) - + Release 8.0.8 @@ -5733,7 +6056,7 @@ Wieland) Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 may require changes in application + CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In @@ -5765,7 +6088,7 @@ literals. By default, \' is rejected only when GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against -CVE-2006-2314 may require client-side changes; the purpose of +CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. @@ -5820,7 +6143,7 @@ Fuhr) - + Release 8.0.7 @@ -5845,7 +6168,7 @@ Fuhr) Changes - + Fix potential crash in SET @@ -5882,7 +6205,7 @@ constraints in the proper order (Nakano Yoshihisa) references to custom operators or operator classes (Tom) Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining +COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash @@ -5917,7 +6240,7 @@ and isinf during configure (Tom) - + Release 8.0.6 @@ -5945,7 +6268,7 @@ and isinf during configure (Tom) Changes - + Fix Windows code so that postmaster will continue rather @@ -5971,7 +6294,7 @@ to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You may need +plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. @@ -6000,7 +6323,7 @@ what's actually returned by the query (Joe) - + Release 8.0.5 @@ -6025,7 +6348,7 @@ what's actually returned by the query (Joe) Changes - + Fix race condition in transaction log management @@ -6080,7 +6403,7 @@ to subquery results - + Release 8.0.4 @@ -6175,7 +6498,7 @@ code - + Release 8.0.3 @@ -6222,7 +6545,7 @@ code It is strongly recommended that all installations repair these errors, either by initdb or by following the manual repair procedure given below. The errors at least allow unprivileged database users to crash - their server process, and may allow unprivileged users to gain the + their server process, and might allow unprivileged users to gain the privileges of a database superuser. @@ -6322,12 +6645,12 @@ data types Changes -Increment the major version number of all interface +Increment the major version number of all interface libraries (Bruce) - This should have been done in 8.0.0. It is required so 7.4.X versions + This should have been done in 8.0.0. It is required so 7.4.X versions of PostgreSQL client applications, like psql, - can be used on the same machine as 8.0.X applications. This might require + can be used on the same machine as 8.0.X applications. This might require re-linking user applications that use these libraries. Add Windows-only wal_sync_method setting of @@ -6341,21 +6664,21 @@ data types Enable the wal_sync_method setting of - Because the default is no longer -New cache management algorithm 2Q replaces +New cache management algorithm 2Q replaces ARC (Tom) - This was done to avoid a pending US patent on ARC. The - 2Q code might be a few percentage points slower than + This was done to avoid a pending US patent on ARC. The + 2Q code might be a few percentage points slower than ARC for some work loads. A better cache management algorithm will appear in 8.1. @@ -6379,9 +6702,9 @@ in plpython function bodies (Michael Fuhr) Allow SPI cursors to handle utility commands that return rows, such as EXPLAIN (Tom) -Fix CLUSTER failure after ALTER TABLE +Fix CLUSTER failure after ALTER TABLE SET WITHOUT OIDS (Tom) -Reduce memory usage of ALTER TABLE ADD COLUMN +Reduce memory usage of ALTER TABLE ADD COLUMN (Neil) Fix ALTER LANGUAGE RENAME (Tom) Document the Windows-only register and @@ -6401,7 +6724,7 @@ statistics collector Windows event logger rather than standard error. Make Kerberos authentication work on Windows (Magnus) -Allow ALTER DATABASE RENAME by superusers +Allow ALTER DATABASE RENAME by superusers who aren't flagged as having CREATEDB privilege (Tom) Modify WAL log entries for CREATE and DROP DATABASE to not specify absolute paths (Tom) @@ -6409,22 +6732,22 @@ statistics collector different database location. Note that CREATE TABLESPACE still poses a hazard in such situations. -Fix crash from a backend exiting with an open transaction +Fix crash from a backend exiting with an open transaction that created a table and opened a cursor on it (Tom) -Fix array_map() so it can call PL functions +Fix array_map() so it can call PL functions (Tom) Several contrib/tsearch2 and contrib/btree_gist fixes (Teodor) -Fix crash of some contrib/pgcrypto +Fix crash of some contrib/pgcrypto functions on some platforms (Marko Kreen) -Fix contrib/intagg for 64-bit platforms +Fix contrib/intagg for 64-bit platforms (Tom) -Fix ecpg bugs in parsing of CREATE statement +Fix ecpg bugs in parsing of CREATE statement (Michael) -Work around gcc bug on powerpc and amd64 causing problems in +Work around gcc bug on powerpc and amd64 causing problems in ecpg (Christof Petig) -Do not use locale-aware versions of upper(), +Do not use locale-aware versions of upper(), lower(), and initcap() when the locale is C (Bruce) @@ -6432,9 +6755,9 @@ statistics collector for non-7-bit data when the locale is C. Fix quote_ident() to quote names that match keywords (Tom) -Fix to_date() to behave reasonably when +Fix to_date() to behave reasonably when CC and YY fields are both used (Karel) -Prevent to_char(interval) from failing +Prevent to_char(interval) from failing when given a zero-month interval (Tom) Fix wrong week returned by date_trunc('week') (Bruce) @@ -6523,10 +6846,10 @@ typedefs (Michael) Release date 2005-01-19 - + Overview - + Major changes in this release: @@ -6680,20 +7003,20 @@ typedefs (Michael) - + Migration to version 8.0 - + A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. - + Observe the following incompatibilities: - + @@ -6891,8 +7214,7 @@ typedefs (Michael) behavior across all platforms. In most cases, there should be little noticeable difference in time zone behavior, except that the time zone names used by SET/SHOW - TimeZone may - be different from what your platform provides. + TimeZone might be different from what your platform provides. @@ -6933,7 +7255,7 @@ typedefs (Michael) considered deprecated and will be removed in the next major release. - + @@ -6941,7 +7263,7 @@ typedefs (Michael) for intervals. - + The server now warns of empty strings passed to @@ -6951,7 +7273,7 @@ typedefs (Michael) invalid input for these data types. - + By default, tables in PostgreSQL 8.0 @@ -6968,19 +7290,19 @@ typedefs (Michael) - + Changes - + Below you will find a detailed account of the changes between release 8.0 and the previous major release. - + Performance Improvements - + Support cross-data-type index usage (Tom) @@ -6991,7 +7313,7 @@ typedefs (Michael) intuitive and consistent. - + New buffer replacement strategy that improves caching (Jan) @@ -7002,14 +7324,14 @@ typedefs (Michael) did not consider the number of times a specific cache entry was accessed, so large table scans could force out useful cache pages. The new cache algorithm uses four separate lists to track most - recently used and most frequently used cache pages and dynamically + recently used and most frequently used cache pages and dynamically optimize their replacement based on the work load. This should lead to much more efficient use of the shared buffer cache. Administrators who have tested shared buffer sizes in the past should retest with this new cache replacement policy. - + Add subprocess to write dirty buffers periodically to reduce @@ -7028,7 +7350,7 @@ typedefs (Michael) performance and minimize degradation during checkpoints. - + Add ability to prolong vacuum to reduce performance impact (Jan) @@ -7041,7 +7363,7 @@ typedefs (Michael) total duration of VACUUM. - + Improve B-tree index performance for duplicate keys (Dmitry Tkach, Tom) @@ -7051,7 +7373,7 @@ typedefs (Michael) values exist in the index. - + Use dynamically-generated table size estimates while planning (Tom) @@ -7068,7 +7390,7 @@ typedefs (Michael) changed significantly since the last housekeeping command. - + Improved index usage with OR clauses (Tom) @@ -7080,7 +7402,7 @@ typedefs (Michael) column is part of an OR clause. - + Improve matching of partial index clauses (Tom) @@ -7090,7 +7412,7 @@ typedefs (Michael) involving complex - - + + Server Changes - + Add WAL file archiving and point-in-time recovery (Simon Riggs) - + Add tablespaces so admins can control disk layout (Gavin) - + Add a built-in log rotation program (Andreas Pflug) @@ -7200,7 +7522,7 @@ typedefs (Michael) rotation program. - + Add new read-only server configuration parameters to show server @@ -7209,7 +7531,7 @@ typedefs (Michael) max_identifier_length, max_index_keys (Joe) - + Make quoting of sameuser, samegroup, and @@ -7217,20 +7539,20 @@ typedefs (Michael) pg_hba.conf (Andrew) - + Use clearer IPv6 name ::1/128 for localhost in default pg_hba.conf (Andrew) - + Use CIDR format in pg_hba.conf examples (Andrew) - + Rename server configuration parameters SortMem and @@ -7243,14 +7565,14 @@ typedefs (Michael) work_mem is for workspaces used during query execution. - + Allow logging of session disconnections using server configuration log_disconnections (Andrew) - + Add new server configuration parameter log_line_prefix to @@ -7261,7 +7583,7 @@ typedefs (Michael) address, and session start time. - + Remove server configuration parameters log_pid, @@ -7269,7 +7591,7 @@ typedefs (Michael) superseded by log_line_prefix (Andrew) - + Replace the virtual_host and tcpip_socket @@ -7282,7 +7604,7 @@ typedefs (Michael) to be specified. - + Listen on localhost by default, which eliminates the need for the @@ -7295,7 +7617,7 @@ typedefs (Michael) adjustments. - + Remove syslog server configuration parameter, and add more @@ -7303,7 +7625,7 @@ typedefs (Michael) location (Magnus) - + Change server configuration parameter log_statement to take @@ -7315,19 +7637,19 @@ typedefs (Michael) only data modification statements. - + Some logging-related configuration parameters could formerly be adjusted by ordinary users, but only in the more verbose direction. They are now treated more strictly: only superusers can set them. - However, a superuser may use ALTER USER to provide per-user + However, a superuser can use ALTER USER to provide per-user settings of these values for non-superusers. Also, it is now possible for superusers to set values of superuser-only configuration parameters via PGOPTIONS. - + Allow configuration files to be placed outside the data directory (mlw) @@ -7338,7 +7660,7 @@ typedefs (Michael) data directory, easing administration. - + Plan prepared queries only when first executed so constants can be @@ -7355,7 +7677,7 @@ typedefs (Michael) without incurring a performance penalty. - + Allow DECLARE CURSOR to take parameters @@ -7368,7 +7690,7 @@ typedefs (Michael) execution of the cursor's query. - + Fix hash joins and aggregates of inet and @@ -7381,28 +7703,28 @@ typedefs (Michael) data type.) - + Make log_duration print only when log_statement prints the query (Ed L.) - + - - + + Query Changes - + Add savepoints (nested transactions) (Alvaro) - + Unsupported isolation levels are now accepted and promoted to the @@ -7414,7 +7736,7 @@ typedefs (Michael) This change complies with that recommendation. - + Allow BEGIN WORK to specify transaction @@ -7422,17 +7744,17 @@ typedefs (Michael) (Bruce) - + Fix table permission checking for cases in which rules generate a query type different from the originally submitted query (Tom) - + - Implement dollar quoting to simplify single-quote usage (Andrew, Tom, + Implement dollar quoting to simplify single-quote usage (Andrew, Tom, David Fetter) @@ -7446,7 +7768,7 @@ typedefs (Michael) Dollar quoting can be used anywhere quoted text is needed. - + Make CASE val WHEN compval1 THEN ... evaluate val only once (Tom) @@ -7457,7 +7779,7 @@ typedefs (Michael) volatile. - + Test could fail with divide-by-zero. - + Replace max_expr_depth parameter with @@ -7477,12 +7799,12 @@ typedefs (Michael) size (Tom) - This gives us a fairly bulletproof defense against crashing due to + This gives us a fairly bulletproof defense against crashing due to runaway recursive functions. Instead of measuring the depth of expression nesting, we now directly measure the size of the execution stack. - + Allow arbitrary row expressions (Tom) @@ -7493,14 +7815,14 @@ typedefs (Michael) take rows as arguments and return row values. - + Allow - + Avoid locale-specific case conversion of basic ASCII letters in @@ -7512,7 +7834,7 @@ typedefs (Michael) outside the 7-bit-ASCII set is still locale-aware. - + Improve syntax error reporting (Fabien, Tom) @@ -7521,7 +7843,7 @@ typedefs (Michael) Syntax error reports are more useful than before. - + Change EXECUTE to return a completion tag @@ -7533,7 +7855,7 @@ typedefs (Michael) returned will reflect the command executed. - + Avoid emitting decompiler formerly produced this syntax. - + - - + + Object Manipulation Changes - + Add COMMENT ON for casts, conversions, languages, operator classes, and large objects (Christopher) - + Add new server configuration parameter default_with_oids to @@ -7572,14 +7894,14 @@ typedefs (Michael) will become FALSE in future releases.) - + Add - + Allow ALTER TABLE DROP COLUMN to drop an OID @@ -7587,13 +7909,13 @@ typedefs (Michael) (Tom) - + Allow composite types as table columns (Tom) - + Allow ALTER ... ADD COLUMN with defaults and @@ -7605,7 +7927,7 @@ typedefs (Michael) default value. - + Add ALTER COLUMN TYPE to change column's type (Rod) @@ -7615,7 +7937,7 @@ typedefs (Michael) and re-adding the column. - + Allow multiple ALTER actions in a single ALTER @@ -7629,7 +7951,7 @@ typedefs (Michael) only once. - + Allow ALTER TABLE to add SERIAL @@ -7640,7 +7962,7 @@ typedefs (Michael) columns. - + Allow changing the owners of aggregates, conversions, databases, @@ -7651,14 +7973,14 @@ typedefs (Michael) Previously this required modifying the system tables directly. - + Allow temporary object creation to be limited to - + Add specification except to modify the system tables. - + Constraint/Index/SERIAL names are now @@ -7681,7 +8003,7 @@ typedefs (Michael) within a schema. - + Add pg_get_serial_sequence() to return a @@ -7692,43 +8014,43 @@ typedefs (Michael) sequence name. - + Warn when primary/foreign key data type mismatch requires costly lookup - + New ALTER INDEX command to allow moving of indexes between tablespaces (Gavin) - + Make ALTER TABLE OWNER change dependent sequence ownership too (Alvaro) - - + + - - + + Utility Command Changes - + Allow CREATE SCHEMA to create triggers, indexes, and sequences (Neil) - + Add - - + + Data Type and Function Changes - + More complete support for composite types (row types) (Tom) @@ -7879,7 +8201,7 @@ typedefs (Michael) worked before. - + Reject nonrectangular array values as erroneous (Joe) @@ -7889,13 +8211,13 @@ typedefs (Michael) surprising result. - + Overflow in integer arithmetic operations is now detected (Tom) - + The arithmetic operators associated with the single-byte @@ -7909,7 +8231,7 @@ typedefs (Michael) integer explicitly. - + Syntax checking of array input values considerably tightened up (Joe) @@ -7920,7 +8242,7 @@ typedefs (Michael) after the closing right brace. - + Empty-string array element values must now be written as @@ -7933,7 +8255,7 @@ typedefs (Michael) element value in some future release. - + Array element trailing whitespace is now ignored (Joe) @@ -7944,27 +8266,27 @@ typedefs (Michael) significant. Now trailing whitespace is also ignored. - + Emit array values with explicit array bounds when lower bound is not one (Joe) - + Accept YYYY-monthname-DD as a date string (Tom) - + Make netmask and hostmask functions return maximum-length mask length (Tom) - + Change factorial function to return numeric (Gavin) @@ -7974,14 +8296,14 @@ typedefs (Michael) work for a wider range of input values. - + to_char/to_date() date conversion improvements (Kurt Roeckx, Fabien Coelho) - + Make length() disregard trailing spaces in @@ -7993,7 +8315,7 @@ typedefs (Michael) should not be counted by length(). - + Warn about empty string being passed to @@ -8003,7 +8325,7 @@ typedefs (Michael) 8.1 will throw an error instead. - + Allow leading or trailing whitespace in @@ -8012,7 +8334,7 @@ typedefs (Michael) (Neil) - + Better support for IEEE Infinity and NaN @@ -8023,27 +8345,27 @@ typedefs (Michael) floating point arithmetic. - + Add - + Fix to_char for 1 BC (previously it returned 1 AD) (Bruce) - + Fix date_part(year) for BC dates (previously it returned one less than the correct year) (Bruce) - + Fix date_part() to return the proper millennium and @@ -8055,7 +8377,7 @@ typedefs (Michael) reckoning of such things. - + Add ceiling() as an alias for ceil(), @@ -8063,7 +8385,7 @@ typedefs (Michael) standards compliance (Neil) - + Change ln(), log(), @@ -8072,53 +8394,53 @@ typedefs (Michael) specified by SQL:2003 (Neil) - + Add width_bucket() function as defined by SQL:2003 (Neil) - + Add generate_series() functions to simplify working with numeric sets (Joe) - + Fix upper/lower/initcap() functions to work with multibyte encodings (Tom) - + Add boolean and bitwise integer - + New session information functions to return network addresses for client and server (Sean Chittenden) - + Add function to determine the area of a closed path (Sean Chittenden) - + Add function to send cancel request to other backends (Magnus) - + Add interval plus datetime operators (Tom) @@ -8128,7 +8450,7 @@ typedefs (Michael) was already supported, but both are required by the SQL standard. - + Casting an integer to BIT(N) selects the rightmost N bits @@ -8141,22 +8463,22 @@ typedefs (Michael) to int. - + Require CIDR values to have all nonmasked bits be zero (Kevin Brintnall) - + - - + + Server-Side Language Changes - + In READ COMMITTED serialization mode, volatile functions @@ -8165,7 +8487,7 @@ typedefs (Michael) beginning of the interactive command that called the function. - + Functions declared STABLE or IMMUTABLE always @@ -8178,7 +8500,7 @@ typedefs (Michael) rather than VOLATILE. - + Nondeferred function. - + Allow function parameters to be declared with names (Dennis Björklund) @@ -8202,7 +8524,7 @@ typedefs (Michael) being used. - + Allow PL/pgSQL parameter names to be referenced in the function (Dennis Björklund) @@ -8211,7 +8533,7 @@ typedefs (Michael) This basically creates an automatic alias for each named parameter. - + Do minimal syntax checking of PL/pgSQL functions at creation time (Tom) @@ -8220,7 +8542,7 @@ typedefs (Michael) This allows us to catch simple syntax errors sooner. - + More support for composite types (row and record variables) in PL/pgSQL @@ -8230,14 +8552,14 @@ typedefs (Michael) as a single variable. - + Default values for PL/pgSQL variables can now reference previously declared variables - + Improve parsing of PL/pgSQL FOR loops (Tom) @@ -8249,13 +8571,13 @@ typedefs (Michael) messages when a mistake is made. - + Major overhaul of PL/Perl server-side language (Command Prompt, Andrew Dunstan) - + In PL/Tcl, SPI commands are now run in subtransactions. If an error @@ -8264,7 +8586,7 @@ typedefs (Michael) Formerly, it was not possible to catch such errors. - + Accept ELSEIF in PL/pgSQL (Neil) @@ -8274,63 +8596,63 @@ typedefs (Michael) are accustomed to spelling this keyword ELSEIF. - + - - + + <application>psql</> Changes - + Improve psql information display about database objects (Christopher) - + Allow psql to display group membership in \du and \dg (Markus Bertheau) - + Prevent psql \dn from showing temporary schemas (Bruce) - + Allow psql to handle tilde user expansion for file names (Zach Irmen) - + Allow psql to display fancy prompts, including color, via readline (Reece Hart, Chet Ramey) - + Make psql \copy match COPY command syntax fully (Tom) - + Show the location of syntax errors (Fabien Coelho, Tom) - + Add CLUSTER information to psql @@ -8338,14 +8660,14 @@ typedefs (Michael) (Bruce) - + Change psql \copy stdin/stdout to read from command input/output (Bruce) - + Add Feit) - + Add global psql configuration file, psqlrc.sample @@ -8364,48 +8686,48 @@ typedefs (Michael) be stored. - + Have psql \d+ indicate if the table has an OID column (Neil) - + On Windows, use binary mode in psql when reading files so control-Z is not seen as end-of-file - + Have \dn+ show permissions and description for schemas (Dennis Björklund) - + Improve tab completion support (Stefan Kaltenbrunn, Greg Sabino Mullane) - + Allow boolean settings to be set using upper or lower case (Michael Paesold) - + - - + + <application>pg_dump</> Changes - + Use dependency information to improve the reliability of @@ -8416,7 +8738,7 @@ typedefs (Michael) sometimes being dumped in the wrong order. - + Have pg_dump output objects in alphabetical order if possible (Tom) @@ -8426,7 +8748,7 @@ typedefs (Michael) dump files. - + Allow pg_restore to ignore some SQL errors (Fabien Coelho) @@ -8439,20 +8761,20 @@ typedefs (Michael) option to give the old behavior of exiting on an error. - + pg_restore - + New begin/end markers in pg_dump text output (Bruce) - + Add start/stop times for @@ -8460,14 +8782,14 @@ typedefs (Michael) (Bruce) - + Allow most pg_dump options in pg_dumpall (Christopher) - + Have pg_dump use ALTER OWNER rather @@ -8475,35 +8797,35 @@ typedefs (Michael) (Christopher) - + - - + + libpq Changes - + Make libpq's - + Add PQmbdsplen() which returns the display length of a character (Tatsuo) - + Add thread locking to SSL and Kerberos connections (Manfred Spraul) - + Allow PQoidValue(), PQcmdTuples(), and @@ -8511,14 +8833,14 @@ typedefs (Michael) commands (Neil) - + Add PQserverVersion() to provide more convenient access to the server version number (Greg Sabino Mullane) - + Add PQprepare/PQsendPrepared() functions to support @@ -8526,33 +8848,33 @@ typedefs (Michael) of their parameters (Abhijit Menon-Sen) - + Many ECPG improvements, including SET DESCRIPTOR (Michael) - + - - + + Source Code Changes - + Allow the database server to run natively on Windows (Claudio, Magnus, Andrew) - + Shell script commands converted to C versions for Windows support (Andrew) - + Create an extension makefile framework (Fabien Coelho, Peter) @@ -8562,7 +8884,7 @@ typedefs (Michael) source tree. - + Support relocatable installations (Bruce) @@ -8575,26 +8897,26 @@ typedefs (Michael) rebuilding. - + Use - + Add - + Upgrade to DocBook V4.2 SGML (Peter) - + New PostgreSQL CVS tag (Marc) @@ -8607,116 +8929,116 @@ typedefs (Michael) repository. - + Clarify locking code (Manfred Koizar) - + Buffer manager cleanup (Neil) - + Decouple platform tests from CPU spinlock code (Bruce, Tom) - + Add inlined test-and-set code on PA-RISC for gcc (ViSolve, Tom) - + Improve i386 spinlock code (Manfred Spraul) - + Clean up spinlock assembly code to avoid warnings from newer gcc releases (Tom) - + Remove JDBC from source tree; now a separate project - + Remove the libpgtcl client interface; now a separate project - + More accurately estimate memory and file descriptor usage (Tom) - + Improvements to the Mac OS X startup scripts (Ray A.) - + New fsync() test program (Bruce) - + Major documentation improvements (Neil, Peter) - + Remove pg_encoding; not needed anymore - + Remove pg_id; not needed anymore - + Remove initlocation; not needed anymore - + Auto-detect thread flags (no more manual testing) (Bruce) - + Use Olson's public domain timezone library (Magnus) - + - With threading enabled, use thread flags on Unixware for + With threading enabled, use thread flags on Unixware for backend executables too (Bruce) @@ -8724,14 +9046,14 @@ typedefs (Michael) same executable, so everything must be compiled as threaded. - + psql now uses a flex-generated lexical analyzer to process command strings - + Reimplement the linked list data structure used throughout the @@ -8742,123 +9064,192 @@ typedefs (Michael) operations to be more efficient. - + Allow dynamically loaded modules to create their own server configuration parameters (Thomas Hallgren) - + New Brazilian version of FAQ (Euler Taveira de Oliveira) - + Add French FAQ (Guillaume Lelarge) - + New pgevent for Windows logging - + Make libpq and ECPG build as proper shared libraries on OS X (Tom) - + - - + + Contrib Changes - + Overhaul of contrib/dblink (Joe) - + contrib/dbmirror improvements (Steven Singer) - + New contrib/xml2 (John Gray, Torchbox) - + Updated contrib/mysql - + New version of contrib/btree_gist (Teodor) - + New contrib/trgm, trigram matching for PostgreSQL (Teodor) - + Many contrib/tsearch2 improvements (Teodor) - + Add double metaphone to contrib/fuzzystrmatch (Andrew) - + Allow contrib/pg_autovacuum to run as a Windows service (Dave Page) - + Add functions to contrib/dbsize (Andreas Pflug) - + Removed contrib/pg_logger: obsoleted by integrated logging subprocess - + Removed contrib/rserv: obsoleted by various separate projects - + - + + + + + + Release 7.4.16 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 7.4.15, including + a security fix. + + + + Migration to version 7.4.16 + + + A dump/restore is not required for those running 7.4.X. However, + if you are upgrading from a version earlier than 7.4.11, see the release + notes for 7.4.11. + + + + + + Changes + + + + + + Remove security vulnerability that allowed connected users + to read backend memory (Tom) + + + The vulnerability involves suppressing the normal check that a SQL + function returns the data type it's declared to, or changing the + data type of a table column used in a SQL function (CVE-2007-0555). + This error can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Fix for rare Assert() crash triggered by UNION (Tom) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + @@ -8950,7 +9341,7 @@ typedefs (Michael) - + Release 7.4.14 @@ -8995,7 +9386,7 @@ ANYARRAY - + Release 7.4.13 @@ -9020,7 +9411,7 @@ ANYARRAY Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 may require changes in application + CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In @@ -9052,7 +9443,7 @@ literals. By default, \' is rejected only when GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against -CVE-2006-2314 may require client-side changes; the purpose of +CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. @@ -9100,7 +9491,7 @@ Fuhr) - + Release 7.4.12 @@ -9125,7 +9516,7 @@ Fuhr) Changes - + Fix potential crash in SET @@ -9161,7 +9552,7 @@ and isinf during configure (Tom) - + Release 7.4.11 @@ -9189,7 +9580,7 @@ and isinf during configure (Tom) Changes - + Fix for protocol-level Describe messages issued @@ -9205,7 +9596,7 @@ to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You may need +plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. @@ -9226,7 +9617,7 @@ what's actually returned by the query (Joe) - + Release 7.4.10 @@ -9251,7 +9642,7 @@ what's actually returned by the query (Joe) Changes - + Fix race condition in transaction log management @@ -9277,7 +9668,7 @@ table has been dropped - + Release 7.4.9 @@ -9344,7 +9735,7 @@ code - + Release 7.4.8 @@ -9391,7 +9782,7 @@ code It is strongly recommended that all installations repair these errors, either by initdb or by following the manual repair procedures given below. The errors at least allow unprivileged database users to crash - their server process, and may allow unprivileged users to gain the + their server process, and might allow unprivileged users to gain the privileges of a database superuser. @@ -9409,7 +9800,7 @@ WHERE pronamespace = 11 AND pronargs = 5 COMMIT; - Next, if you have installed contrib/tsearch2, do + Next, if you have installed contrib/tsearch2, do: BEGIN; @@ -9438,12 +9829,12 @@ COMMIT; template databases then any subsequently created databases will contain the same errors. template1 can be fixed in the same way as any other database, but fixing template0 requires - additional steps. First, from any database issue + additional steps. First, from any database issue: UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; Next connect to template0 and perform the above repair - procedures. Finally, do + procedures. Finally, do: -- re-freeze template0: VACUUM FREEZE; @@ -9612,7 +10003,7 @@ GMT Repair possible failure to update hint bits on disk -Under rare circumstances this oversight could lead to +Under rare circumstances this oversight could lead to could not access transaction status failures, which qualifies it as a potential-data-loss bug. @@ -9772,7 +10163,7 @@ aggregate plan Fix error in COPY IN termination when using the old network protocol (ljb) Several important fixes in pg_autovacuum, including fixes for large tables, unsigned oids, stability, temp tables, and debug mode -(Matthew T. O'Connor) +(Matthew T. O'Connor) Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce) Several JDBC fixes Fix ALTER SEQUENCE RESTART where last_value equals the restart value (Tom) @@ -9815,7 +10206,7 @@ names from outer query levels. A dump/restore is not required for those running 7.4.X. However, - it may be advisable as the easiest method of incorporating fixes for + it might be advisable as the easiest method of incorporating fixes for two errors that have been found in the initial contents of 7.4.X system catalogs. A dump/initdb/reload sequence using 7.4.2's initdb will automatically correct these problems. @@ -9855,7 +10246,7 @@ VACUUM pg_statistic; UPDATE pg_type SET typalign = 'd' WHERE oid = 2277; -- this should update 6 rows: UPDATE pg_attribute SET attalign = 'd' WHERE atttypid = 2277; --- +-- -- At this point you MUST start a fresh backend to avoid a crash! -- -- repopulate pg_statistic: @@ -9881,12 +10272,12 @@ GRANT SELECT, UPDATE ON pg_settings TO PUBLIC; template databases then any subsequently created databases will contain the same errors. template1 can be fixed in the same way as any other database, but fixing template0 requires - additional steps. First, from any database issue + additional steps. First, from any database issue: UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; Next connect to template0 and perform the above repair - procedures. Finally, do + procedures. Finally, do: -- re-freeze template0: VACUUM FREEZE; @@ -9926,7 +10317,7 @@ inconveniences associated with the i/I problem. Other minor pg_dump fixes Allow ecpg to again use C keywords as column names (Michael) Added ecpg WHENEVER NOT_FOUND to -SELECT/INSERT/UPDATE/DELETE (Michael) +SELECT/INSERT/UPDATE/DELETE (Michael) Fix ecpg crash for queries calling set-returning functions (Michael) Various other ecpg fixes (Michael) Fixes for Borland compiler @@ -10333,13 +10724,13 @@ DROP SCHEMA information_schema CASCADE; Migration to version 7.4 - + A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. - + Observe the following incompatibilities: @@ -10369,7 +10760,7 @@ DROP SCHEMA information_schema CASCADE; Inner joins using the explicit JOIN syntax - may behave differently because they are now better + might behave differently because they are now better optimized. @@ -11336,7 +11727,7 @@ DROP SCHEMA information_schema CASCADE; - Arrays may now be specified as ARRAY[1,2,3], + Arrays can now be specified as ARRAY[1,2,3], ARRAY[['a','b'],['c','d']], or ARRAY[ARRAY[ARRAY[2]]] (Joe) @@ -11910,6 +12301,68 @@ DROP SCHEMA information_schema CASCADE; + + Release 7.3.18 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 7.3.17, including + a security fix. + + + + Migration to version 7.3.18 + + + A dump/restore is not required for those running 7.3.X. However, + if you are upgrading from a version earlier than 7.3.13, see the release + notes for 7.3.13. + + + + + + Changes + + + + + + Remove security vulnerability that allowed connected users + to read backend memory (Tom) + + + The vulnerability involves changing the + data type of a table column used in a SQL function (CVE-2007-0555). + This error can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + + + + Release 7.3.17 @@ -11967,7 +12420,7 @@ DROP SCHEMA information_schema CASCADE; - + Release 7.3.16 @@ -11994,7 +12447,7 @@ DROP SCHEMA information_schema CASCADE; Changes - + Fix corner cases in pattern matching for psql's \d commands Fix index-corrupting bugs in /contrib/ltree @@ -12009,7 +12462,7 @@ DROP SCHEMA information_schema CASCADE; - + Release 7.3.15 @@ -12034,7 +12487,7 @@ DROP SCHEMA information_schema CASCADE; Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 may require changes in application + CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In @@ -12066,7 +12519,7 @@ literals. By default, \' is rejected only when GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against -CVE-2006-2314 may require client-side changes; the purpose of +CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. @@ -12101,7 +12554,7 @@ Fuhr) - + Release 7.3.14 @@ -12126,7 +12579,7 @@ Fuhr) Changes - + Fix potential crash in SET @@ -12158,7 +12611,7 @@ and isinf during configure (Tom) - + Release 7.3.13 @@ -12186,7 +12639,7 @@ and isinf during configure (Tom) Changes - + Fix character string comparison for locales that consider @@ -12199,7 +12652,7 @@ to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You may need +plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. @@ -12220,7 +12673,7 @@ what's actually returned by the query (Joe) - + Release 7.3.12 @@ -12245,7 +12698,7 @@ what's actually returned by the query (Joe) Changes - + Fix race condition in transaction log management @@ -12267,7 +12720,7 @@ table has been dropped - + Release 7.3.11 @@ -12354,7 +12807,7 @@ the variable is of pass-by-reference type It is strongly recommended that all installations repair this error, either by initdb or by following the manual repair procedure given below. The error at least allows unprivileged database users to crash - their server process, and may allow unprivileged users to gain the + their server process, and might allow unprivileged users to gain the privileges of a database superuser. @@ -12380,12 +12833,12 @@ COMMIT; template databases then any subsequently created databases will contain the same error. template1 can be fixed in the same way as any other database, but fixing template0 requires - additional steps. First, from any database issue + additional steps. First, from any database issue: UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; Next connect to template0 and perform the above repair - procedure. Finally, do + procedure. Finally, do: -- re-freeze template0: VACUUM FREEZE; @@ -12528,7 +12981,7 @@ datestyles Repair possible failure to update hint bits on disk -Under rare circumstances this oversight could lead to +Under rare circumstances this oversight could lead to could not access transaction status failures, which qualifies it as a potential-data-loss bug. @@ -12938,7 +13391,7 @@ operations on bytea columns (Joe) A dump/restore is not required for those running version 7.3. However, it should be noted that the main PostgreSQL interface library, libpq, - has a new major version number for this release, which may require + has a new major version number for this release, which might require recompilation of client code in certain cases. @@ -12966,8 +13419,8 @@ operations on bytea columns (Joe) - - + + Release 7.3 @@ -13174,7 +13627,7 @@ operations on bytea columns (Joe) COPY no longer considers missing trailing columns to be null. All columns need to be specified. - (However, one may achieve a similar effect by specifying a + (However, one can achieve a similar effect by specifying a column list in the COPY command.) @@ -13730,7 +14183,7 @@ datestyles Repair possible failure to update hint bits on disk -Under rare circumstances this oversight could lead to +Under rare circumstances this oversight could lead to could not access transaction status failures, which qualifies it as a potential-data-loss bug. @@ -13871,8 +14324,8 @@ since PostgreSQL 7.1. - - + + Release 7.2.2 @@ -13914,8 +14367,8 @@ since PostgreSQL 7.1. - - + + Release 7.2.1 @@ -14075,7 +14528,7 @@ since PostgreSQL 7.1. The semantics of the VACUUM command have - changed in this release. You may wish to update your + changed in this release. You might wish to update your maintenance procedures accordingly. @@ -14115,7 +14568,7 @@ since PostgreSQL 7.1. The timestamp(), time(), and interval() functions are no longer - available. Instead of timestamp(), use + available. Instead of timestamp(), use timestamp 'string' or CAST. @@ -14587,7 +15040,7 @@ Fix PL/pgSQL SELECTs when returning no rows Fix for psql backslash core dump Referential integrity privilege fix Optimizer fixes -pg_dump cleanups +pg_dump cleanups @@ -14670,7 +15123,7 @@ previous releases of PostgreSQL have forced all data modifications to disk before each transaction commit. With WAL, only one log file must be flushed to disk, greatly improving performance. If you have been using -F in previous releases to -disable disk flushes, you may want to consider discontinuing its use. +disable disk flushes, you might want to consider discontinuing its use. @@ -14711,7 +15164,7 @@ outer join syntax. The previous C function manager did not handle null values properly, nor did it support 64-bit CPU's (Alpha). The new function manager does. You can continue using your old custom -functions, but you may want to rewrite them in the future to use the new +functions, but you might want to rewrite them in the future to use the new function manager call interface. @@ -14726,7 +15179,7 @@ function manager call interface. A large number of complex queries that were unsupported in previous releases now work. Many combinations of views, aggregates, UNION, LIMIT, cursors, subqueries, and inherited tables -now work properly. Inherited tables are now accessed by default. +now work properly. Inherited tables are now accessed by default. Subqueries in FROM are now supported. @@ -14756,7 +15209,7 @@ Kerberos V fixes (David Wragg) Fix for INSERT INTO...SELECT where targetlist has subqueries (Tom) Prompt username/password on standard error (Bruce) Large objects inv_read/inv_write fixes (Tom) -Fixes for to_char(), to_date(), to_ascii(), and to_timestamp() (Karel, +Fixes for to_char(), to_date(), to_ascii(), and to_timestamp() (Karel, Daniel Baldoni) Prevent query expressions from leaking memory (Tom) Allow UPDATE of arrays elements (Tom) @@ -14772,7 +15225,7 @@ Disallow DROP RULE, CREATE INDEX, TRUNCATE on views (Mark Hollomon) Allow PL/pgSQL accept non-ASCII identifiers (Tatsuo) Allow views to proper handle GROUP BY, aggregates, DISTINCT (Tom) Fix rare failure with TRUNCATE command (Tom) -Allow UNION/INTERSECT/EXCEPT to be used with ALL, subqueries, views, +Allow UNION/INTERSECT/EXCEPT to be used with ALL, subqueries, views, DISTINCT, ORDER BY, SELECT...INTO (Tom) Fix parser failures during aborted transactions (Tom) Allow temporary relations to properly clean up indexes (Bruce) @@ -14808,14 +15261,14 @@ Improve ps status display for more platforms (Peter E, Marc) Improve CREATE FUNCTION failure message (Ross) JDBC improvements (Peter, Travis Bauer, Christopher Cain, William Webber, Gunnar) -Grand Unified Configuration scheme/GUC. Many options can now be set in +Grand Unified Configuration scheme/GUC. Many options can now be set in data/postgresql.conf, postmaster/postgres flags, or SET commands (Peter E) Improved handling of file descriptor cache (Tom) New warning code about auto-created table alias entries (Bruce) Overhaul initdb process (Tom, Peter E) Overhaul of inherited tables; inherited tables now accessed by default; new ONLY key word prevents it (Chris Bitmead, Tom) -ODBC cleanups/improvements (Nick Gorham, Stephan Szabo, Zoltan Kovacs, +ODBC cleanups/improvements (Nick Gorham, Stephan Szabo, Zoltan Kovacs, Michael Fork) Allow renaming of temp tables (Tom) Overhaul memory manager contexts (Tom) @@ -14886,7 +15339,7 @@ New CIDR abbrev() function (Tom) Performance ----------- -Write-Ahead Log (WAL) to provide crash recovery with less performance +Write-Ahead Log (WAL) to provide crash recovery with less performance overhead (Vadim) ANALYZE stage of VACUUM no longer exclusively locks table (Bruce) Reduced file seeks (Denis Perchine) @@ -15108,7 +15561,7 @@ ecpg changes (Michael) 2000-05-08 - + This release contains improvements in many areas, demonstrating the continued growth of PostgreSQL. There are more improvements and fixes in 7.0 than in any previous @@ -15184,7 +15637,7 @@ ecpg changes (Michael) A dump/restore using pg_dump is required for those wishing to migrate data from any previous release of PostgreSQL. - For those upgrading from 6.5.*, you may instead use + For those upgrading from 6.5.*, you can instead use pg_upgrade to upgrade to this release; however, a full dump/reload installation is always the most robust method for upgrades. @@ -15205,7 +15658,7 @@ ecpg changes (Michael) ease the transition by allowing PostgreSQL to recognize the deprecated type names and translate them to the new type - names, this mechanism may not be completely transparent to + names, this mechanism cannot be completely transparent to your existing application. @@ -15217,8 +15670,8 @@ ecpg changes (Michael) decreased query times as the optimizer makes a better choice for the preferred plan. However, in a small number of cases, usually involving pathological distributions of data, your - query times may go up. If you are dealing with large amounts - of data, you may want to check your queries to verify + query times might go up. If you are dealing with large amounts + of data, you might want to check your queries to verify performance. @@ -15361,8 +15814,8 @@ Force permissions on PGDATA directory to be secure, even if it exists (Tom) Added psql LASTOID variable to return last inserted oid (Peter E) Allow concurrent vacuum and remove pg_vlock vacuum lock file (Tom) Add privilege check for vacuum (Peter E) -New libpq functions to allow asynchronous connections: PQconnectStart(), - PQconnectPoll(), PQresetStart(), PQresetPoll(), PQsetenvStart(), +New libpq functions to allow asynchronous connections: PQconnectStart(), + PQconnectPoll(), PQresetStart(), PQresetPoll(), PQsetenvStart(), PQsetenvPoll(), PQsetenvAbort (Ewan Mellor) New libpq PQsetenv() function (Ewan Mellor) create/alter user extension (Peter E) @@ -15380,7 +15833,7 @@ Add CREATE/ALTER/DROP GROUP (Peter E) All administration scripts now support --long options (Peter E, Karel) Vacuumdb script now supports --all option (Peter E) ecpg new portable FETCH syntax -Add ecpg EXEC SQL IFDEF, EXEC SQL IFNDEF, EXEC SQL ELSE, EXEC SQL ELIF +Add ecpg EXEC SQL IFDEF, EXEC SQL IFNDEF, EXEC SQL ELSE, EXEC SQL ELIF and EXEC SQL ENDIF directives Add pg_ctl script to control backend start-up (Tatsuo) Add postmaster.opts.default file to store start-up flags (Tatsuo) @@ -15455,7 +15908,7 @@ Cleanups for int8 inputs, range checking, and type conversion (Tom) Fix for SELECT timespan('21:11:26'::time) (Tom) netmask('x.x.x.x/0') is 255.255.255.255 instead of 0.0.0.0 (Oleg Sharoiko) Add btree index on NUMERIC (Jan) -Perl fix for large objects containing NUL characters (Douglas Thomson) +Perl fix for large objects containing NUL characters (Douglas Thomson) ODBC fix for for large objects (free) Fix indexing of cidr data type Fix for Ethernet MAC addresses (macaddr type) comparisons @@ -15864,10 +16317,10 @@ Add Win1250 (Czech) support (Pavel Behal) The Administrator's Guide has a new chapter on troubleshooting from Tom Lane. And the Programmer's Guide has a - description of query processing, also from Stefan, and details + description of query processing, also from Stefan, and details on obtaining the PostgreSQL source tree via anonymous CVS and - CVSup. + CVSup. @@ -15889,7 +16342,7 @@ Add Win1250 (Czech) support (Pavel Behal) The new Multiversion Concurrency Control (MVCC) features can give somewhat different behaviors in multiuser - environments. Read and understand the following section + environments. Read and understand the following section to ensure that your existing applications will give you the behavior you need. @@ -16069,7 +16522,7 @@ JDBC fixes/features, see src/interfaces/jdbc/CHANGELOG(Peter) Make % operator have precedence like /(Bruce) Add new postgres -O option to allow system table structure changes(Bruce) Update contrib/pginterface/findoidjoins script(Tom) -Major speedup in vacuum of deleted rows with indexes(Vadim) +Major speedup in vacuum of deleted rows with indexes(Vadim) Allow non-SQL functions to run different versions based on arguments(Tom) Add -E option that shows actual queries sent by \dt and friends(Masaaki Sakaida) Add version number in start-up banners for psql(Masaaki Sakaida) @@ -16233,7 +16686,7 @@ Here is a brief, incomplete summary: -Views and rules are now functional thanks to extensive new code in the +Views and rules are now functional thanks to extensive new code in the rewrite rules system from Jan Wieck. He also wrote a chapter on it for the Programmer's Guide. @@ -16272,7 +16725,7 @@ which covers this topic. -Three new data types have been added. +Three new data types have been added. Two types, inet and cidr, support various forms of IP network, subnet, and machine addressing. There is now an 8-byte integer type available on some platforms. See the chapter on data types @@ -16304,7 +16757,7 @@ been. Migration to version 6.4 -A dump/restore using pg_dump +A dump/restore using pg_dump or pg_dumpall is required for those wishing to migrate data from any previous release of PostgreSQL. @@ -16374,7 +16827,7 @@ Readline cleanups(Tom) Allow psql \f \ to make spaces as delimiter(Bruce) Pass pg_attribute.atttypmod to the frontend for column field lengths(Tom,Bruce) Msql compatibility library in /contrib(Aldrin) -Remove the requirement that ORDER/GROUP BY clause identifiers be +Remove the requirement that ORDER/GROUP BY clause identifiers be included in the target list(David) Convert columns to match columns in UNION clauses(Thomas) Remove fork()/exec() and only do fork()(Bruce) @@ -16382,7 +16835,7 @@ Jdbc cleanups(Peter) Show backend status on ps command line(only works on some platforms)(Bruce) Pg_hba.conf now has a sameuser option in the database field Make lo_unlink take oid param, not int4 -New DISABLE_COMPLEX_MACRO for compilers that can't handle our macros(Bruce) +New DISABLE_COMPLEX_MACRO for compilers that cannot handle our macros(Bruce) Libpgtcl now handles NOTIFY as a Tcl event, need not send dummy queries(Tom) libpgtcl cleanups(Tom) Add -error option to libpgtcl's pg_result command(Tom) @@ -16545,7 +16998,7 @@ Correctly handles function calls on the left side of BETWEEN and LIKE clauses. -A dump/restore is NOT required for those running 6.3 or 6.3.1. A +A dump/restore is NOT required for those running 6.3 or 6.3.1. A make distclean, make, and make install is all that is required. This last step should be performed while the postmaster is not running. You should re-link any custom applications that use PostgreSQL libraries. @@ -16622,7 +17075,7 @@ Improvements to the configuration autodetection for installation. -A dump/restore is NOT required for those running 6.3. A +A dump/restore is NOT required for those running 6.3. A make distclean, make, and make install is all that is required. This last step should be performed while the postmaster is not running. You should re-link any custom applications that use PostgreSQL libraries. @@ -16699,7 +17152,7 @@ Better identify tcl and tk libs and includes(Bruce) Socket interface for client/server connection. This is the default now - so you may need to start postmaster with the + so you might need to start postmaster with the flag. @@ -16735,9 +17188,9 @@ Better identify tcl and tk libs and includes(Bruce) mention that without subselects, SQL is a very limited language. Subselects are a major feature, and you should review your code for places where subselects provide a better solution for your queries. I - think you will find that there are more uses for subselects than you may + think you will find that there are more uses for subselects than you might think. Vadim has put us on the big SQL map with subselects, and fully - functional ones too. The only thing you can't do with subselects is to + functional ones too. The only thing you cannot do with subselects is to use them in the target list. @@ -16750,7 +17203,7 @@ Better identify tcl and tk libs and includes(Bruce) Third, char() fields will now allow faster access than varchar() or text. Specifically, the text and varchar() have a penalty for access to any columns after the first column of this type. char() used to also - have this access penalty, but it no longer does. This may suggest that + have this access penalty, but it no longer does. This might suggest that you redesign some of your tables, especially if you have short character columns that you have defined as varchar() or text. This and other changes make 6.3 even faster than earlier releases. @@ -16768,7 +17221,7 @@ Better identify tcl and tk libs and includes(Bruce) User-created tables now no longer have SELECT privilege to PUBLIC by default. This was done because the ANSI standard requires it. You can - of course GRANT any privileges you want after the table is created. + of course GRANT any privileges you want after the table is created. System tables continue to be SELECT-able by PUBLIC. @@ -16800,7 +17253,7 @@ Better identify tcl and tk libs and includes(Bruce) Migration to version 6.3 - A dump/restore using pg_dump + A dump/restore using pg_dump or pg_dumpall is required for those wishing to migrate data from any previous release of PostgreSQL. @@ -16854,7 +17307,7 @@ Subselects with EXISTS, IN, ALL, ANY key words (Vadim, Bruce, Thomas) New User Manual(Thomas, others) Speedup by inlining some frequently-called functions Real deadlock detection, no more timeouts(Bruce) -Add SQL92 "constants" CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP, +Add SQL92 "constants" CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP, CURRENT_USER(Thomas) Modify constraint syntax to be SQL92-compliant(Thomas) Implement SQL92 PRIMARY KEY and UNIQUE clauses using indexes(Thomas) @@ -16934,7 +17387,7 @@ Reduce system column overhead(Vadmin) Remove pg_time table(Vadim) Add pg_type attribute to identify types that need length (bpchar, varchar) Add report of offending line when COPY command fails -Allow VIEW privileges to be set separately from the underlying tables. +Allow VIEW privileges to be set separately from the underlying tables. For security, use GRANT/REVOKE on views as appropriate(Jan) Tables now have no default GRANT SELECT TO PUBLIC. You must explicitly grant such privileges. @@ -17011,8 +17464,8 @@ Include example trigger function for inserting user names on table updates. -This is a minor bug-fix release on 6.2. -For upgrades from pre-6.2 systems, a full dump/reload is required. +This is a minor bug-fix release on 6.2. +For upgrades from pre-6.2 systems, a full dump/reload is required. Refer to the 6.2 release notes for instructions. @@ -17114,14 +17567,14 @@ Catch non-functional delete attempts(Vadim) Change time function names to be more consistent(Michael Reifenberg) Check for zero divides(Michael Reifenberg) Fix very old bug which made rows changed/inserted by a command - visible to the command itself (so we had multiple update of + visible to the command itself (so we had multiple update of updated rows, etc.)(Vadim) Fix for SELECT null, 'fail' FROM pg_am (Patrick) SELECT NULL as EMPTY_FIELD now allowed(Patrick) Remove un-needed signal stuff from contrib/pginterface Fix OR (where x != 1 or x isnull didn't return rows with x NULL) (Vadim) Fix time_cmp function (Vadim) -Fix handling of functions with non-attribute first argument in +Fix handling of functions with non-attribute first argument in WHERE clauses (Vadim) Fix GROUP BY when order of entries is different from order in target list (Vadim) @@ -17135,7 +17588,7 @@ Added JDBC driver as an interface(Adrian & Peter) pg_password utility Return number of rows inserted/affected by INSERT/UPDATE/DELETE etc.(Vadim) Triggers implemented with CREATE TRIGGER (SQL3)(Vadim) -SPI (Server Programming Interface) allows execution of queries inside +SPI (Server Programming Interface) allows execution of queries inside C-functions (Vadim) NOT NULL implemented (SQL92)(Robson Paniago de Miranda) Include reserved words for string handling, outer joins, and unions(Thomas) @@ -17299,7 +17752,7 @@ optimizer which uses genetic The interpretation of array specifiers (the curly braces around atomic values) appears to have changed sometime after the original regression tests were generated. The current ./expected/*.out files reflect this - new interpretation, which may not be correct! + new interpretation, which might not be correct! @@ -17368,7 +17821,7 @@ Enhancements ------------ attribute optimization statistics(Bruce) much faster new btree bulk load code(Paul) -BTREE UNIQUE added to bulk load code(Vadim) +BTREE UNIQUE added to bulk load code(Vadim) new lock debug code(Massimo) massive changes to libpg++(Leo) new GEQO optimizer speeds table multitable optimization(Martin) @@ -17712,7 +18165,7 @@ New Ports