Next | Query returned 33 messages, browsing 21 to 30 | Previous

History of commit frequency

CVS Commit History:


   2018-05-13 10:13:47 by Adam Ciarcinski | Files touched by this commit (17) | Package updated
Log message:
postgresql: updated to 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23

SECURITY ISSUES
One security vulnerability has been closed by this release:

CVE-2018-1115: Too-permissive access control list on function pg_logfile_rotate()
Please see the "Updating" section below for post-update steps.

BUG FIXES AND IMPROVEMENTS
This update also fixes over 50 bugs reported in the last several months. Some of \ 
these issues affect only version 10, but many affect all supported versions.

These fixes include:
Fix incorrect volatility and parallel-safety markings on several built-in \ 
functions to ensure correct query planning optimizations
Several fixes for partitioning, including potential crashes as well as allowing \ 
TRUE and FALSE to be used as partition bounds
Fix where a new TOAST value could be assigned to a dead-but-not-yet-vacuumed \ 
TOAST OID, which would result in an error similar to "unexpected chunk \ 
number 0 (expected 1) for toast value nnnnn"
Fix "CREATE TABLE ... LIKE" with bigint identity columns on 32-bit \ 
platforms
Fix memory leak within the runtime of a query that repeatedly executes hash joins
Several crash fixes around queries using GROUPING SET
Avoid failure if a query-cancel or session-termination interrupt occurs while \ 
committing a prepared transaction
Reduce locking during autovacuum worker scheduling, which prevents loss of \ 
potential worker concurrency
Fix possible slow execution of REFRESH MATERIALIZED VIEW CONCURRENTLY
Several fixes around query plans that use "index-only" scans
Avoid deadlocks in concurrent CREATE INDEX CONCURRENTLY commands that are run \ 
under SERIALIZABLE or REPEATABLE READ transaction isolation
Several fixes for SP-GiST indexes, including one collation-aware searches on \ 
text columns
Fixes related to counting the number of tuples in partial GiST, SP-GiST, and \ 
Bloom indexes
Several fixes for logical decoding and replication
Fix misquoting of values for list-valued GUC variables (e.g. \ 
local_preload_libraries, session_preload_libraries, shared_preload_libraries, \ 
temp_tablespaces) in dumps
Several fixes for pg_stat_activity
Several fixes for ecpg
Fix for pg_recvlogical to ensure compatibility with PostgreSQL versions released \ 
before 10
Several fixes for pg_rewind
   2018-03-02 18:11:12 by Adam Ciarcinski | Files touched by this commit (24) | Package updated
Log message:
postgresqlNN: updated to 10.3, 9.6.8, 9.5.12, 9.4.17, 9.3.22

PostgreSQL 10.3, 9.6.8, 9.5.12, 9.4.17, and 9.3.22:
The purpose of this release is to address CVE-2018-1058, which describes how a \ 
user can create like-named objects in different schemas that can change the \ 
behavior of other users' queries and cause unexpected or malicious behavior, \ 
also known as a "trojan-horse" attack. Most of this release centers \ 
around added documentation that describes the issue and how to take steps to \ 
mitigate the impact on PostgreSQL databases.
   2018-02-08 21:53:58 by Adam Ciarcinski | Files touched by this commit (43) | Package updated
Log message:
postgresql: updated to 10.2, 9.6.7, 9.5.11, 9.4.16, and 9.3.21

This release fixes two security issues. This release also fixes issues with \ 
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as \ 
well as fixes for using parallel queries and logical replication.

Security Issues
* CVE-2018-1052: Fix the processing of partition keys containing multiple expressions
* CVE-2018-1053: Ensure that all temporary files made with \ 
"pg_upgrade" are non-world-readable

Bug Fixes and Improvements
* Fix crash and potential disclosure of backend memory when processing partition \ 
keys containing multiple expressions
* Fix potential disclosure of temporary files containing database passwords \ 
created by pg_upgrade by not allowing these files to be world-accessible
* Fix cases where VACUUM would not remove dead rows if they were updated while \ 
"key-share" locked, leading to potential data corruption
* Fix for GIN indexes to prevent bloat by ensuring the pending-insertions list \ 
is cleaned up by VACUUM
* Fix potential index corruption with hash indexes due to failure to mark \ 
metapages as dirty
* Fix several potential crash scenarios for parallel queries, including when a \ 
bitmap heap scan cannot allocate memory
* Fix several potential hang-ups in parallel queries, including when a parallel \ 
worker fails to start
* Fix collection of EXPLAIN statistics from parallel workers
* Prevent fake deadlock failures when multiple sessions are running CREATE INDEX \ 
CONCURRENTLY
* Fix for trigger behavior when using logical replication
* Several fixes for "walsender" functionality to improve stability as \ 
well as visibility into the replication process
* Fix logical decoding to correctly clean up disk files for crashed transactions
* Several fixes for identity columns, including disallowing identity columns on \ 
tables derived from composite types and partitions
* Fix handling of list partitioning constraints for partition keys of boolean \ 
and array types
* Fix incorrectly generated plans for UPDATE and DELETE queries when a table has \ 
a mix of inherited regular and foreign child tables
* Fix incorrect query results from cases involving GROUPING SETS when used with \ 
flattened subqueries
* Fix UNION/INTERSECT/EXCEPT over zero columns, e.g. "SELECT UNION SELECT;"
* Several fixes for subqueries within a LATERAL subquery
* Several improvements for query planning estimation
* Allow a client that supports SCRAM channel binding, such as a future version \ 
of PostgreSQL or libpq, to connect to a PostgreSQL 10 server
* Fix sample INSTR() functions used to help transition from Oracle(r) PL/SQL to \ 
PostgreSQL PL/pgSQL to correctly match Oracle functional behavior
* Fix pg_dump to make permissions (ACL), security label, and comment entries \ 
reliably identifiable in archive outputs
* Modify behavior for contrib/cube's "cube ~> int" operator to make \ 
it compatible with KNN search. This is a backwards incompatible change and any \ 
expression indexes or materialized views using this operator will need to be \ 
reindexed and refreshed, respectively.
* Several fixes in contrib/postgres_fdw to prevent query planner errors
* Added modern examples of auto-start scripts for PostgreSQL on macOS in the \ 
contrib/start-scripts/macos directory
* Several fixes for Windows, including postmaster startup and compatibility with \ 
libperl
* Spinlock fixes and support for Motorola 68K and 88K architectures
   2017-11-13 10:33:33 by Adam Ciarcinski | Files touched by this commit (38) | Package updated
Log message:
postgresql: updated to the latest

The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, \ 
and 9.2.24. This release fixes three security issues. This release also fixes \ 
issues found in BRIN indexing, logical replication and other bugs reported over \ 
the past three months.

All users using the affected versions of PostgreSQL should update as soon as \ 
possible. If you use BRIN indexes or contrib/start-scripts, please see the \ 
release notes for additional post-upgrade steps.

Security Issues

Three security vulnerabilities have been fixed by this release:

CVE-2017-12172: Start scripts permit database administrator to modify root-owned \ 
files
CVE-2017-15098: Memory disclosure in JSON functions
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

Bug Fixes and Improvements

This update also fixes a number of bugs reported in the last few months. Some of \ 
these issues affect only version 10, but many affect all supported versions:

Fix a race condition in BRIN indexing that could cause some rows to not be \ 
included in the indexing.
Fix crash when logical decoding is invoked from a PL language function.
Several fixes for logical replication.
Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to \ 
pre-version 10.
Prevent low-probability crash in processing of nested trigger firings.
Do not evaluate an aggregate function's argument expressions when the conditions \ 
in the FILTER clause evaluate to FALSE. This complies with SQL-standard \ 
behavior.
Fix incorrect query results when multiple GROUPING SETS columns contain the same \ 
simple variable.
Fix memory leak over the lifespan of a query when evaluating a set-returning \ 
function from the target list in a SELECT.
Several fixes for parallel query execution, including fixing a crash in the \ 
parallel execution of certain queries that contain a certain type of bitmap \ 
scan.
Fix json_build_array(), json_build_object(), jsonb_build_array(), and \ 
jsonb_build_object() to handle explicit VARIADIC arguments correctly.
Prevent infinite float values from being casted to the numeric type.
Fix autovacuum's “work item” logic to prevent possible crashes and silent \ 
loss of work items.
Several fixes for VIEWs around adding columns to the end of a view.
Fix for hashability detection of range data types that are created by a user.
Improvements on using extended statistics on columns for the purposes of query \ 
planning.
Prevent idle_in_transaction_session_timeout from being ignored when a \ 
statement_timeout occurred earlier.
Fix low-probability loss of NOTIFY messages due more than 2 billion transactions \ 
processing before any queries are executed in the session.
Several file system interaction fixes.
Correctly restore the umask setting when file creation fails in COPY or lo_export().
Fix pg_dump to ensure that it emits GRANT commands in a valid order.
Fix pg_basebackup's matching of tablespace paths to canonicalize both paths \ 
before comparing to help improve Windows compatibility.
Fix libpq to not require user's home directory to exist when trying to read the \ 
"~/.pgpass" file.
Several fixes for ecpg.
   2017-08-13 21:25:18 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.4, 9.5.8, 9.4.13, 9.3.18, and \ 
9.2.22. This release fixes three security issues. It also patches over 50 other \ 
bugs reported over the last three months. Users who are affected by the below \ 
security issues should update as soon as possible. Users affected by \ 
CVE-2017-7547 will need to perform additional steps after upgrading to resolve \ 
the issue. Other users should plan to update at the next convenient downtime.

Three security vulnerabilities have been closed by this release:
* CVE-2017-7546: Empty password accepted in some authentication methods
* CVE-2017-7547: The "pg_user_mappings" catalog view discloses \ 
passwords to users lacking server privileges
* CVE-2017-7548: lo_put() function ignores ACLs
   2017-05-12 21:37:55 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and \ 
9.2.21. This release fixes three security issues. It also patches a number of \ 
other bugs reported over the last three months. Users who use the PGREQUIRESSL \ 
environment variable to control connections, and users who rely on security \ 
isolation between database users when using foreign servers, should update as \ 
soon as possible. Other users should plan to update at the next convenient \ 
downtime.
   2017-02-11 11:18:53 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and \ 
9.2.20. This release includes fixes that prevent data corruption issues in index \ 
builds and in certain write-ahead-log replay situations, which are detailed \ 
below. It also patches over 75 other bugs reported over the last three months.
   2016-10-29 21:41:55 by Adam Ciarcinski | Files touched by this commit (20) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19, \ 
and 9.1.24. This is also the last update for the PostgreSQL 9.1 series as it is \ 
now end-of-life. This release fixes two issues that can cause data corruption, \ 
which are described in more detail below. It also patches a number of other bugs \ 
reported over the last three months. The project urges users to apply this \ 
update at the next possible downtime.
   2016-08-23 08:28:16 by Adam Ciarcinski | Files touched by this commit (42) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and \ 
9.1.23. This release fixes two security issues. It also patches a number of \ 
other bugs reported over the last three months. Users who rely on security \ 
isolation between database users should update as soon as possible. Other users \ 
should plan to update at the next convenient downtime.

Security Issues
---------------
Two security holes have been closed by this release:

CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can \ 
allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \ 
\connect command. pg_dumpall will also refuse to handle database and role names \ 
containing line breaks after the update. For more information on these issues \ 
and how they affect backwards-compatibility, see the Release Notes.

Bug Fixes and Improvements
--------------------------
This update also fixes a number of bugs reported in the last few months. Some of \ 
these issues affect only version 9.5, but many affect all supported versions:

Fix misbehaviors of IS NULL/IS NOT NULL with composite values
Fix three areas where INSERT ... ON CONFLICT failed to work properly with other \ 
SQL features.
Make INET and CIDR data types properly reject bad IPv6 values
Prevent crash in "point ## lseg" operator for NaN input
Avoid possible crash in pg_get_expr()
Fix several one-byte buffer over-reads in to_number()
Don't needlessly plan query if WITH NO DATA is specified
Avoid crash-unsafe state in expensive heap_update() paths
Fix hint bit update during WAL replay of row locking operations
Avoid unnecessary "could not serialize access" with FOR KEY SHARE
Avoid crash in postgres -C when the specified variable is a null string
Fix two issues with logical decoding and subtransactions
Ensure that backends see up-to-date statistics for shared catalogs
Prevent possible failure when vacuuming multixact IDs in an upgraded database
When a manual ANALYZE specifies columns, don't reset changes_since_analyze
Fix ANALYZE's overestimation of n_distinct for columns with nulls
Fix bug in b-tree mark/restore processing
Fix building of large (bigger than shared_buffers) hash indexes
Prevent infinite loop in GiST index build with NaN values
Fix possible crash during a nearest-neighbor indexscan
Fix "PANIC: failed to add BRIN tuple" error
Prevent possible crash during background worker shutdown
Many fixes for issues in parallel pg_dump and pg_restore
Make pg_basebackup accept -Z 0 as no compression
Make regression tests safe for Danish and Welsh locales
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068)
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Next | Query returned 33 messages, browsing 21 to 30 | Previous