A vulnerability allows suppressing the normal checks that a SQL
function returns the data type it's declared to do. These errors can
easily be exploited to cause a backend crash, and in principle might
be used to read database content that the user should not be able to
access. [CVE-2007-0555]
The release includes a set of other fixes as well. Please see the
release information at
http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-18
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.
Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.
Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.
Also, fix rc_subr startup problems on FreeBSD-7.x.
Security: http://www.postgresql.org/docs/techdocs.50
PR: ports/95154
A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto
Migration to version 7.3.11
A dump/restore is not required for those running 7.3.X. However, if you
are upgrading from a version earlier than 7.3.10, see the release notes
for 7.3.10.
__________________________________________________________________
Changes
* Fix error that allowed "VACUUM" to remove ctid chains too soon, and
add more checking in code that follows ctid links
This fixes a long-standing problem that could cause crashes in very
rare circumstances.
* Fix CHAR() to properly pad spaces to the specified length when
using a multiple-byte character set (Yoshiyuki Asaba)
In prior releases, the padding of CHAR() was incorrect because it
only padded to the specified number of bytes without considering
how many characters were stored.
* Fix missing rows in queries like UPDATE a=... WHERE a... with GiST
index on column a
* Improve checking for partially-written WAL pages
* Improve robustness of signal handling when SSL is enabled
* Various memory leakage fixes
* Various portability improvements
* Fix PL/PgSQL to handle var := var correctly when the variable is of
pass-by-reference type
please see the HISTORY file included in the Release, but a summary
consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function
results
* Repair race condition between relation extension and VACUUM
This could theoretically have caused loss of a page's worth of
freshly-inserted data, although the scenario seems of very low
probability. There are no known cases of it having caused more than
an Assert failure.
Security: http://www.postgresql.org/about/news.315
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.
Update to 7.3.9, 7.4.7 & 8.0.1.
Take the opportunity to reset PORTREVISION of slave ports.
Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]
The periodic script should of course be executable. [2]
[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>
advisories in http://www.postgresql.org/news/234.html
Note that postgresql 7.2.x is NOT being updated here since it is
due for termination real soon now.
Submitted by: maintainer, also referenced in ports/73142 (no patch)
* Revert erroneous changes in rule permissions checking
* Repair incorrect order of operations in GetNewTransactionId()
* Ensure configure selects -fno-strict-aliasing even when an
external value for CFLAGS is supplied
* Make pg_restore handle 64-bit off_t correctly
* Make contrib/dblink not assume that local and remote type OIDs
match (Joe)
* Quote connectby()'s start_with argument properly (Joe)
* Don't crash when a rowtype argument to a plpgsql function is NULL
* Avoid generating invalid character encoding sequences in corner
cases when planning LIKE operations
* Ensure text_position() cannot scan past end of source string in
multibyte cases (Korea PostgreSQL Users' Group)
* Fix index optimization and selectivity estimates for LIKE
operations on bytea columns (Joe)
This version, as with most minor versions, does not require
a dump/reload to put into place.
PR: ports/63698
Submitted by: Palle Girgensohn <girgen@pingpong.net>
Just realized that after the repo-copy, the MD5_FILE pointer for
subports was never updated.
PR: ports/61193
Submitted by: Palle Girgensohn <girgen@pingpong.net>
"In order to address a potentially serious (although rare)
server startup failure that was recently reported, we have
released PostgreSQL version 7.3.4. This release is critical
for users of PostgreSQL version 7.3.3, and highly recommended
for all other PostgreSQL users."
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
PR: 55354
1. Optionally link with libc_r to get plpython working. [1]
2. Fix kerberos build. [2]
3. There was a duplication of some declarations. [3]
PR: ports/52851
PR: ports/51080 [2]
Submitted by: Mike Meyer <mwm@mired.org> [1]
Submitted by: Gerweck <andy@tacnode.com> [2]
Pointed out by: Mike Harding <mvh@ix.netcom.com> [3]
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
Fixes numerous bugs especially with various interface libraries and
pg_dump. All users are advised to upgrade. This update fixes all known
problems with the postgresql7 port. See release notes for details:
http://developer.postgresql.org/docs/postgres/release-7-3-2.html
A dump/restore is *not* required when upgrading to this version.
PR: ports/47983 [1], ports/47284 [2], ports/47808 [3]
Submitted by: maintainer [1]
Jason C. Wells [2]
Michel Oosterhof <m.oosterhof@xs4all.nl> [3]
A note about how to install languages into a PostgreSQL database is added.
PR: ports/29916
Submitted by: Palle Girgensohn <girgen@partitur.se> (MAINTAINER)
Michal Pasternak <doc@lublin.t1.pl> (the note)
and..
<quote>
This is a really small fix:
- When compiling postgresql-jdbc, the compilation process presents a
bad path to the installed jar-file.
</quote>
PR: 13838
PR: 13865
Submitted by: Palle Girgensohn <girgen@partitur.se>
Many bugfixes and cosmetic changes
Changes by Scrappy and me
My additional changes:
- had to link libpgtcl.so with the crypt library to get rid of the
pgaccess error message, that crypt is missing
- had to add -i option in the startup script, so that pgaccess is
able to connect to the postmaster process
- removed all unnecessary patches
- updated PLIST
Thanks to the postgresql developement team, who did a great job to
simplify the postgresql port, by applying the patches and making
the autoconf mechanism more consistent.
Submitted by: The Hermit Hacker <scrappy@hub.org>
Please note: when performing a migration to 6.2 and you have an existing db,
then you have to use the *new* pg_dumpall script that comes with this new
postgresql release. The INSTALL file points this out explicitely !!!
Changes:
- startup script resides in FILESDIR
- renamed it to be in sync with INSTALL file from sources
- always install this startup script over an existing, because
of the nature of the rc.d directory I can't install it
to pgsql.sh-dist, if a pgsql.sh is already presend ...
- portlint detected trailing whitespace, usage of perl with absolute
path, usage of echo instead of ECHO and plenty things of this kind
- post installation notes updated, mentioned the mailing list
- copies the html pages as well to the share/doc directory (new manual dir)
- had to update PLIST
- shortened DESCR file, to match the 24 lines
- added post build target, that reminds the admin how to proceed when
already having a database -> INSTALL file describes migration
- updated manpages
