2007-02-05 12:58:42 by Adam Ciarcinski | Files touched by this commit (3) |
Log message:
Changes 8.0.11:
* Remove security vulnerabilities that allowed connected users to
read backend memory
* Fix rare bug wherein btree index page splits could fail due to
choosing an infeasible split point
* Fix for rare Assert() crash triggered by UNION
* Tighten security of multi-byte character processing for UTF8
sequences over three bytes long
|
2007-01-08 21:30:42 by Adam Ciarcinski | Files touched by this commit (10) |
Log message:
Changes 8.0.10:
* Improve handling of getaddrinfo() on AIX
This fixes a problem with starting the statistics collector, among
other things.
* Fix "failed to re-find parent key" errors in "VACUUM"
* Fix race condition for truncation of a large relation across a
gigabyte boundary by "VACUUM"
* Fix bugs affecting multi-gigabyte hash indexes
* Fix possible deadlock in Windows signal handling
* Fix error when constructing an ARRAY[] made up of multiple empty
elements
* Fix ecpg memory leak during connection
* to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for
new initdb installs
This is because lc_numeric can potentially change the output of
these functions.
* Improve index usage of regular expressions that use parentheses
This improves psql \d performance also.
* Update timezone database
This affects Australian and Canadian daylight-savings rules in
particular.
|
2006-10-18 20:38:57 by Adam Ciarcinski | Files touched by this commit (3) |
Log message:
Changes 8.0.9:
* Fix crash when referencing NEW row values in rule WHERE expressions
(Tom)
* Fix core dump when an untyped literal is taken as ANYARRAY
* Fix mishandling of AFTER triggers when query contains a SQL
function returning multiple rows (Tom)
* Fix "ALTER TABLE ... TYPE" to recheck NOT NULL for USING clause
(Tom)
* Fix string_to_array() to handle overlapping matches for the
separator string
For example, string_to_array('123xx456xxx789', 'xx').
* Fix corner cases in pattern matching for psql's \d commands
* Fix index-corrupting bugs in /contrib/ltree (Teodor)
* Numerous robustness fixes in ecpg (Joachim Wieland)
* Fix backslash escaping in /contrib/dbmirror
* Fix instability of statistics collection on Win32 (Tom, Andrew)
* Fixes for AIX and Intel compilers (Tom)
|
2006-06-07 10:33:44 by Adam Ciarcinski | Files touched by this commit (1) |
Log message:
Fix build on Darwin/MacOSX
|
2006-05-26 19:47:58 by Joerg Sonnenberger | Files touched by this commit (6) |
Log message:
Update PostgreSQL to 7.3.15, 7.4.13, 8.0.8 and 8.1.4 respectively.
Common to all versions:
* Change the server to reject invalidly-encoded multibyte characters
in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this
direction for some time, the checks are now applied uniformly to
all encodings and all textual input, and are now always errors not
merely warnings. This change defends against SQL-injection attacks
of the type described in CVE-2006-2313.
* Reject unsafe uses of \' in string literals As a server-side
defense against SQL-injection attacks of the type described in
CVE-2006-2314, the server now only accepts '' and not \' as a
representation of ASCII single quote in SQL string literals. By
default, \' is rejected only when client_encoding is set to a
client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is
the scenario in which SQL injection is possible. A new
configuration parameter backslash_quote is available to adjust
this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
backslash_quote is in part to make it obvious that insecure clients
are insecure.
* Modify libpq's string-escaping routines to be aware of encoding
considerations This fixes libpq-using applications for the
security issues described in CVE-2006-2313 and CVE-2006-2314.
Applications that use multiple PostgreSQL connections concurrently
should migrate to PQescapeStringConn() and PQescapeByteaConn() to
ensure that escaping is done correctly for the settings in use in
each database connection. Applications that do string escaping
"by hand" should be modified to rely on library routines instead.
* Fix some incorrect encoding conversion functions win1251_to_iso,
alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all
broken to varying extents.
* Clean up stray remaining uses of \' in strings (Bruce, Jan)
* Fix server to use custom DH SSL parameters correctly (Michael Fuhr)
* Fix various minor memory leaks
Additionally for 7.4.13 and later:
* Fix bug that sometimes caused OR'd index scans to miss rows they
should have returned
* Fix WAL replay for case where a btree index has been truncated
* Fix SIMILAR TO for patterns involving | (Tom)
* Fix for Bonjour on Intel Macs (Ashley Clark)
Additionally for 8.0.8 and 8.1.4:
* Fix SELECT INTO and CREATE TABLE AS to create tables in the
default tablespace, not the base directory (Kris Jurka)
* Fix problem with password prompting on some Win32 systems (Robert
Kinberg)
Additionally for 8.1.4:
* Fix weak key selection in pgcrypto (Marko Kreen)
Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by pgp_sym_encrypt() in some cases.
This only affects non-OpenSSL-using builds.
* Make autovacuum visible in pg_stat_activity (Alvaro)
* Disable full_page_writes (Tom)
In certain cases, having full_page_writes off would cause crash
recovery to fail. A proper fix will appear in 8.2; for now it's
just disabled.
* Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)
* Fix incorrect optimization in merge join (Tom)
Outer joins could sometimes emit multiple copies of unmatched
rows.
* Fix crash from using and modifying a plpgsql function in the same
transaction
* Improve qsort performance (Dann Corbit)
Currently this code is only used on Solaris.
* Improve pg_dump's handling of default values for domains
* Fix pg_dumpall to handle identically-named users and groups
reasonably (only possible when dumping from a pre-8.1 server) (Tom)
The user and group will be merged into a single role with LOGIN
permission. Formerly the merged role wouldn't have LOGIN
permission, making it unusable as a user.
* Fix pg_restore -n to work as documented (Tom)
|
2006-04-13 20:23:45 by Johnny C. Lam | Files touched by this commit (292) |
Log message:
BUILD_USE_MSGFMT and USE_MSGFMT_PLURALS are obsolete. Replace with
USE_TOOLS+=msgfmt.
|
2006-04-08 21:08:25 by Jaromir Dolecek | Files touched by this commit (2) |
Log message:
use MASTER_SITE_PGSQL and replace PGSQL_MIRRORS_SORT with MASTER_SORT
|
2006-04-06 08:23:06 by Jeremy C. Reed | Files touched by this commit (1147) |
Log message:
Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
2006-03-14 17:23:46 by Joerg Sonnenberger | Files touched by this commit (3) |
Log message:
Take maintainership.
|
2006-03-14 17:00:54 by Johnny C. Lam | Files touched by this commit (33) |
Log message:
Drop maintainership for packages that I no longer have time to maintain.
|