SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for postgresql-contrib-8.3.9-1.1.x86_64.rpm :
Thu Dec 17 13:00:00 2009 maxAATTsuse.de
- security and bugfix release 8.3.9:

* Protect against indirect security threats caused by index
functions changing session-local state. This change prevents
allegedly-immutable index functions from possibly subverting a
superuser\'s session (CVE-2009-4136).

* Reject SSL certificates containing an embedded null byte in
the common name (CN) field. This prevents unintended matching
of a certificate to a server or client name during SSL
validation (CVE-2009-4034).

* Fix possible crash during backend-startup-time cache
initialization.

* Avoid crash on empty thesaurus dictionary.

* Prevent signals from interrupting VACUUM at unsafe times. This
fix prevents a PANIC if a VACUUM FULL is cancelled after it\'s
already committed its tuple movements, as well as transient
errors if a plain VACUUM is interrupted after having truncated
the table.

* Fix possible crash due to integer overflow in hash table size
calculation. This could occur with extremely large planner
estimates for the size of a hashjoin\'s result.

* Fix very rare crash in inet/cidr comparisons.

* Ensure that shared tuple-level locks held by prepared
transactions are not ignored.

* Fix premature drop of temporary files used for a cursor that
is accessed within a subtransaction.

* Fix memory leak in syslogger process when rotating to a new
CSV logfile.

* Fix incorrect logic for GiST index page splits, when the split
depends on a non-first column of the index.

* Don\'t error out if recycling or removing an old WAL file fails
at the end of checkpoint. It\'s better to treat the problem as
non-fatal and allow the checkpoint to complete. Future
checkpoints will retry the removal. Such problems are not
expected in normal operation, but have been seen to be caused
by misdesigned Windows anti-virus and backup software.

* Ensure WAL files aren\'t repeatedly archived on Windows. This
is another symptom that could happen if some other process
interfered with deletion of a no-longer-needed file.

* Fix PAM password processing to be more robust. The previous
code is known to fail with the combination of the Linux
pam_krb5 PAM module with Microsoft Active Directory as the
domain controller. It might have problems elsewhere too, since
it was making unjustified assumptions about what arguments the
PAM stack would pass to it.

* Raise the maximum authentication token (Kerberos ticket) size
in GSSAPI and SSPI authentication methods. While the old
2000-byte limit was more than enough for Unix Kerberos
implementations, tickets issued by Windows Domain Controllers
can be much larger.

* Re-enable collection of access statistics for sequences. This
used to work but was broken in 8.3.

* Fix processing of ownership dependencies during CREATE OR
REPLACE FUNCTION.

* Fix incorrect handling of WHERE \"x\"=\"x\" conditions. In some
cases these could get ignored as redundant, but they aren\'t --
they\'re equivalent to \"x\" IS NOT NULL.

* Make text search parser accept underscores in XML attributes.

* Fix encoding handling in xml binary input. If the XML header
doesn\'t specify an encoding, we now assume UTF-8 by default;
the previous handling was inconsistent.

* Fix bug with calling plperl from plperlu or vice versa. An
error exit from the inner function could result in crashes due
to failure to re-select the correct Perl interpreter for the
outer function.

* Fix session-lifespan memory leak when a PL/Perl function is
redefined.

* Ensure that Perl arrays are properly converted to PostgreSQL
arrays when returned by a set-returning PL/Perl function.
This worked correctly already for non-set-returning functions.

* Fix rare crash in exception processing in PL/Python.

* Ensure psql\'s flex module is compiled with the correct system
header definitions. This fixes build failures on platforms
where --enable-largefile causes incompatible changes in the
generated code.

* Make the postmaster ignore any application_name parameter in
connection request packets, to improve compatibility with
future libpq versions.

* Update the timezone abbreviation files to match current
reality. This includes adding IDT and SGT to the default
timezone abbreviation set.

Tue Sep 15 14:00:00 2009 maxAATTsuse.de
- New patchlevel: 8.3.8
- Security fixes (bnc#537706):

* Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside
security-definer functions. This covers a case that was missed
in the previous patch that disallowed SET ROLE and SET SESSION
AUTHORIZATION inside security-definer functions. (See
CVE-2007-6600)

* Make LOAD of an already-loaded loadable module into a no-op.
Formerly, LOAD would attempt to unload and re-load the module,
but this is unsafe and not all that useful.

* Disallow empty passwords during LDAP authentication.
- For the other bug fixes, see the release notes at
http://www.postgresql.org/docs/current/static/release-8-3-8.html

Mon Mar 23 13:00:00 2009 maxAATTsuse.de
- Security release 8.3.7

* Fixes a vulnerability that allowed remote authenticated
users to cause a denial of service (stack consumption)
via mismatched encoding conversion requests.

* Details of the other bugfixes contained in this and
previous releases can be found here:
http://www.postgresql.org/docs/8.3/static/release.html
/usr/share/doc/packages/postgresql/HISTORY
- Users of GiST indexes should \"REINDEX\" them after installing
this update.
- Re-added libpgport.a to the devel package, as some apps require
it, although it is meant to be internal to the PostgreSQL
backend.
- Fix removal of leftover files on database startup (bnc#473644).

Wed Jan 7 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Wed Nov 5 13:00:00 2008 maxAATTsuse.de
- Bugfix release: 8.3.5

* Fix GiST index corruption due to marking the wrong index
entry \"dead\" after a deletion. This would result in index
searches failing to find rows they should have found.

* Fix backend crash when the client encoding cannot represent a
localized error message.

* Fix possible crash in bytea-to-XML mapping.

* Fix possible crash when deeply nested functions are invoked
from a trigger.

* Improve optimization of \"expression\" IN (\"expression-list\")
queries.

* Fix mis-expansion of rule queries when a sub-SELECT appears
in a function call in FROM, a multi-row VALUES list, or a
RETURNING list.

* Fix Assert failure during rescan of an IS NULL search of
a GiST index.

* Fix memory leak during rescan of a hashed aggregation plan.

* Ensure an error is reported when a newly-defined PL/pgSQL
trigger function is invoked as a normal function.

* Force a checkpoint before \"CREATE DATABASE\" starts to copy
files This prevents a possible failure if files had recently
been deleted in the source database.

* Prevent possible collision of relfilenode numbers when moving
a table to another tablespace with \"ALTER SET TABLESPACE\".

* Fix incorrect text search headline generation when single
query item matches first word of text.

* Fix improper display of fractional seconds in interval
values when using a non-ISO datestyle in an
\"--enable-integer-datetimes\" build.

* Make ILIKE compare characters case-insensitively even when
they\'re escaped.

* Ensure \"DISCARD\" is handled properly by statement logging.

* Fix incorrect logging of last-completed-transaction time
during PITR recovery.

* Ensure SPI_getvalue and SPI_getbinval behave correctly when
the passed tuple and tuple descriptor have different numbers
of columns.

* Fix small memory leak when using libpq\'s gsslib parameter.

* Ensure libgssapi is linked into libpq if needed.

* Fix ecpg\'s parsing of \"CREATE ROLE\".

* Fix recent breakage of pg_ctl restart.

Thu Sep 25 14:00:00 2008 maxAATTsuse.de
- Bugfix release: 8.3.4
- Issues fixed include autovacuum crashes reported by several
users, two Heap Only Tuple bugs, a foreign key failure
condition, a too-small lock address space, two Write Ahead Log
bugs, several planner mistakes, and numerous \"corner condition\"
bugs.

Fri Sep 5 14:00:00 2008 maxAATTsuse.de
- New version: 8.3.3 with countless bug fixes over 8.3.1.
- For details, see
http://www.postgresql.org/docs/8.3/static/release-8-3-2.html ,
http://www.postgresql.org/docs/8.3/static/release-8-3-3.html ,
or /usr/share/doc/packages/postgresql/HISTORY .

Thu Aug 28 14:00:00 2008 cthielAATTsuse.de
- fix init script

Mon May 19 14:00:00 2008 schwabAATTsuse.de
- Fix broken configure check.

Fri May 9 14:00:00 2008 ajAATTsuse.de
- Add baselibs.conf.

Fri Apr 18 14:00:00 2008 maxAATTsuse.de
- Removed static libs from postgresql-devel.
- Removed more old Obsoletes: tags.
- Fixed path to pid file in init script.
- Moved \"make check\" to %check section
- Silence some bogus rpmlint warnings

Thu Apr 10 14:00:00 2008 maxAATTsuse.de
- Adopt the 8.3.1 package from Peter Eisentraut\'s OBS project.
- New features in PostgreSQL 8.3 include:

* Full text search is integrated into the core database system

* Support for the SQL/XML standard, including new operators and
an XML data type

* Enumerated data types (ENUM)

* Arrays of composite types

* Universally Unique Identifier (UUID) data type

* Add control over whether NULLs sort first or last

* Updatable cursors

* Server configuration parameters can now be set on a
per-function basis

* User-defined types can now have type modifiers

* Automatically re-plan cached queries when table definitions
change or statistics are updated

* Numerous improvements in logging and statistics collection

* Support multiple concurrent autovacuum processes, and other
autovacuum improvements
- Remove old provides/obsoletes tags for way-back package renames.

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Jan 10 13:00:00 2008 maxAATTsuse.de
- Update to 8.2.6 to fix five security issues:
- Index Functions Privilege Escalation: CVE-2007-6600
- Regular Expression Denial-of-Service: CVE-2007-4772,
CVE-2007-6067, CVE-2007-4769, #329282
- DBLink Privilege Escalation: CVE-2007-6601, #328403

Wed Jun 6 14:00:00 2007 maxAATTsuse.de
- New version: 8.2.4
- The list of changes between the 8.1 and 8.2 series is too long
to reproduce here. It can be found under
/usr/share/doc/packages/postgresql/HISTORY when the postgresql
package is installed or online at http://www.postgresql.org.
- Splited the postgresql-pl package into individual packages for
PL/Perl, PL/Python and PL/Tcl.
- Added a config file for SuSEfirewall2 (#247370).

Thu Mar 29 14:00:00 2007 rguentherAATTsuse.de
- Add bison, flex and zlib-devel BuildRequires.

Tue Oct 17 14:00:00 2006 maxAATTsuse.de
- New patchlevel release: 8.1.5
- Disallow aggregate functions in \"UPDATE\" commands, except within
sub-SELECTs. The behavior of such an aggregate was unpredictable,
and in 8.1.X could cause a crash, so it has been disabled.
- Fix core dump when an untyped literal is taken as ANYARRAY.
- Fix core dump in duration logging for extended query protocol when
a \"COMMIT\" or \"ROLLBACK\" is executed.
- Fix mishandling of AFTER triggers when query contains a SQL function
returning multiple rows.
- Fix \"ALTER TABLE ... TYPE\" to recheck NOT NULL for USING clause.
- Fix string_to_array() to handle overlapping matches for the
separator string.
- Fix to_timestamp() for AM/PM formats.
- Fix autovacuum\'s calculation that decides whether \"ANALYZE\" is
needed.
- Fix corner cases in pattern matching for psql\'s \\d commands.
- Fix index-corrupting bugs in /contrib/ltree.
- Numerous robustness fixes in ecpg.
- Fix backslash escaping in /contrib/dbmirror.
- Minor fixes in /contrib/dblink and /contrib/tsearch2.
- Efficiency improvements in hash tables and bitmap index scans.


  
ICM