2017-11-13 10:33:33 by Adam Ciarcinski | Files touched by this commit (38) | |
Log message:
postgresql: updated to the latest
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, \
and 9.2.24. This release fixes three security issues. This release also fixes \
issues found in BRIN indexing, logical replication and other bugs reported over \
the past three months.
All users using the affected versions of PostgreSQL should update as soon as \
possible. If you use BRIN indexes or contrib/start-scripts, please see the \
release notes for additional post-upgrade steps.
Security Issues
Three security vulnerabilities have been fixed by this release:
CVE-2017-12172: Start scripts permit database administrator to modify root-owned \
files
CVE-2017-15098: Memory disclosure in JSON functions
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
Bug Fixes and Improvements
This update also fixes a number of bugs reported in the last few months. Some of \
these issues affect only version 10, but many affect all supported versions:
Fix a race condition in BRIN indexing that could cause some rows to not be \
included in the indexing.
Fix crash when logical decoding is invoked from a PL language function.
Several fixes for logical replication.
Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to \
pre-version 10.
Prevent low-probability crash in processing of nested trigger firings.
Do not evaluate an aggregate function's argument expressions when the conditions \
in the FILTER clause evaluate to FALSE. This complies with SQL-standard \
behavior.
Fix incorrect query results when multiple GROUPING SETS columns contain the same \
simple variable.
Fix memory leak over the lifespan of a query when evaluating a set-returning \
function from the target list in a SELECT.
Several fixes for parallel query execution, including fixing a crash in the \
parallel execution of certain queries that contain a certain type of bitmap \
scan.
Fix json_build_array(), json_build_object(), jsonb_build_array(), and \
jsonb_build_object() to handle explicit VARIADIC arguments correctly.
Prevent infinite float values from being casted to the numeric type.
Fix autovacuum's “work item” logic to prevent possible crashes and silent \
loss of work items.
Several fixes for VIEWs around adding columns to the end of a view.
Fix for hashability detection of range data types that are created by a user.
Improvements on using extended statistics on columns for the purposes of query \
planning.
Prevent idle_in_transaction_session_timeout from being ignored when a \
statement_timeout occurred earlier.
Fix low-probability loss of NOTIFY messages due more than 2 billion transactions \
processing before any queries are executed in the session.
Several file system interaction fixes.
Correctly restore the umask setting when file creation fails in COPY or lo_export().
Fix pg_dump to ensure that it emits GRANT commands in a valid order.
Fix pg_basebackup's matching of tablespace paths to canonicalize both paths \
before comparing to help improve Windows compatibility.
Fix libpq to not require user's home directory to exist when trying to read the \
"~/.pgpass" file.
Several fixes for ecpg.
|
2017-11-10 15:47:42 by Filip Hajny | Files touched by this commit (12) |
Log message:
Make sure the --as-needed linker arg does not leak into the pgxs Makefiles
on Darwin and SunOS where it's not supported. Bump PKGREVISION on *-client.
|
2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165) |
Log message:
Follow some redirects.
|
2017-08-13 21:25:18 by Adam Ciarcinski | Files touched by this commit (23) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.4, 9.5.8, 9.4.13, 9.3.18, and \
9.2.22. This release fixes three security issues. It also patches over 50 other \
bugs reported over the last three months. Users who are affected by the below \
security issues should update as soon as possible. Users affected by \
CVE-2017-7547 will need to perform additional steps after upgrading to resolve \
the issue. Other users should plan to update at the next convenient downtime.
Three security vulnerabilities have been closed by this release:
* CVE-2017-7546: Empty password accepted in some authentication methods
* CVE-2017-7547: The "pg_user_mappings" catalog view discloses \
passwords to users lacking server privileges
* CVE-2017-7548: lo_put() function ignores ACLs
|
2017-05-12 21:37:55 by Adam Ciarcinski | Files touched by this commit (23) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and \
9.2.21. This release fixes three security issues. It also patches a number of \
other bugs reported over the last three months. Users who use the PGREQUIRESSL \
environment variable to control connections, and users who rely on security \
isolation between database users when using foreign servers, should update as \
soon as possible. Other users should plan to update at the next convenient \
downtime.
|
2017-02-11 11:18:53 by Adam Ciarcinski | Files touched by this commit (23) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and \
9.2.20. This release includes fixes that prevent data corruption issues in index \
builds and in certain write-ahead-log replay situations, which are detailed \
below. It also patches over 75 other bugs reported over the last three months.
|
2016-10-29 21:41:55 by Adam Ciarcinski | Files touched by this commit (20) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19, \
and 9.1.24. This is also the last update for the PostgreSQL 9.1 series as it is \
now end-of-life. This release fixes two issues that can cause data corruption, \
which are described in more detail below. It also patches a number of other bugs \
reported over the last three months. The project urges users to apply this \
update at the next possible downtime.
|
2016-08-23 08:28:16 by Adam Ciarcinski | Files touched by this commit (42) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and \
9.1.23. This release fixes two security issues. It also patches a number of \
other bugs reported over the last three months. Users who rely on security \
isolation between database users should update as soon as possible. Other users \
should plan to update at the next convenient downtime.
Security Issues
---------------
Two security holes have been closed by this release:
CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can \
allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \
\connect command. pg_dumpall will also refuse to handle database and role names \
containing line breaks after the update. For more information on these issues \
and how they affect backwards-compatibility, see the Release Notes.
Bug Fixes and Improvements
--------------------------
This update also fixes a number of bugs reported in the last few months. Some of \
these issues affect only version 9.5, but many affect all supported versions:
Fix misbehaviors of IS NULL/IS NOT NULL with composite values
Fix three areas where INSERT ... ON CONFLICT failed to work properly with other \
SQL features.
Make INET and CIDR data types properly reject bad IPv6 values
Prevent crash in "point ## lseg" operator for NaN input
Avoid possible crash in pg_get_expr()
Fix several one-byte buffer over-reads in to_number()
Don't needlessly plan query if WITH NO DATA is specified
Avoid crash-unsafe state in expensive heap_update() paths
Fix hint bit update during WAL replay of row locking operations
Avoid unnecessary "could not serialize access" with FOR KEY SHARE
Avoid crash in postgres -C when the specified variable is a null string
Fix two issues with logical decoding and subtransactions
Ensure that backends see up-to-date statistics for shared catalogs
Prevent possible failure when vacuuming multixact IDs in an upgraded database
When a manual ANALYZE specifies columns, don't reset changes_since_analyze
Fix ANALYZE's overestimation of n_distinct for columns with nulls
Fix bug in b-tree mark/restore processing
Fix building of large (bigger than shared_buffers) hash indexes
Prevent infinite loop in GiST index build with NaN values
Fix possible crash during a nearest-neighbor indexscan
Fix "PANIC: failed to add BRIN tuple" error
Prevent possible crash during background worker shutdown
Many fixes for issues in parallel pg_dump and pg_restore
Make pg_basebackup accept -Z 0 as no compression
Make regression tests safe for Danish and Welsh locales
|
2016-08-14 18:56:30 by Ignatios Souvatzis | Files touched by this commit (11) |
Log message:
Update postgresql94 & related to PostGreSQL 9.4.9
|
2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
|