The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.
Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.
Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.
Also, fix rc_subr startup problems on FreeBSD-7.x.
Security: http://www.postgresql.org/docs/techdocs.50
PR: ports/95154
A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto
Migration to version 7.4.9
A dump/restore is not required for those running 7.4.X. However, if you
are upgrading from a version earlier than 7.4.8, see the release notes
for 7.4.8.
__________________________________________________________________
Changes
* Fix error that allowed "VACUUM" to remove ctid chains too soon, and
add more checking in code that follows ctid links
This fixes a long-standing problem that could cause crashes in very
rare circumstances.
* Fix CHAR() to properly pad spaces to the specified length when
using a multiple-byte character set (Yoshiyuki Asaba)
In prior releases, the padding of CHAR() was incorrect because it
only padded to the specified number of bytes without considering
how many characters were stored.
* Fix the sense of the test for read-only transaction in "COPY"
The code formerly prohibited "COPY TO", where it should prohibit
"COPY FROM".
* Fix planning problem with outer-join ON clauses that reference only
the inner-side relation
* Further fixes for x FULL JOIN y ON true corner cases
* Make array_in and array_recv more paranoid about validating their
OID parameter
* Fix missing rows in queries like UPDATE a=... WHERE a... with GiST
index on column a
* Improve robustness of datetime parsing
* Improve checking for partially-written WAL pages
* Improve robustness of signal handling when SSL is enabled
* Don't try to open more than max_files_per_process files during
postmaster startup
* Various memory leakage fixes
* Various portability improvements
* Fix PL/PgSQL to handle var := var correctly when the variable is of
pass-by-reference type
* Update "contrib/tsearch2" to use current Snowball code
please see the HISTORY file included in the Release, but a summary
consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function
results
* Repair race condition between relation extension and VACUUM
This could theoretically have caused loss of a page's worth of
freshly-inserted data, although the scenario seems of very low
probability. There are no known cases of it having caused more than
an Assert failure.
Security: http://www.postgresql.org/about/news.315
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.
Update to 7.3.9, 7.4.7 & 8.0.1.
Take the opportunity to reset PORTREVISION of slave ports.
Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]
The periodic script should of course be executable. [2]
[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>
advisories in http://www.postgresql.org/news/234.html
Note that postgresql 7.2.x is NOT being updated here since it is
due for termination real soon now.
Submitted by: maintainer, also referenced in ports/73142 (no patch)
* Prevent possible loss of committed transactions during crash
* Repair possible crash during concurrent btree index insertions
PR: 71176
Submitted by: SUGIMURA Takashi <sugimura@jp.FreeBSD.org>
Reviewed by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
Release notes available at http://www.postgresql.org/news/173.html
NOTICE: unlike most minor versions, this version does require
some updates to the pg_* system tables. Full instructions for
how to do this are included in the full HISTORY file.
DO NOT UPGRADE WITHOUT READING THESE INSTRUCTIONS.
SIZEfy.
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
PR: 64105
regarded as a major release with features with interest to those with
large databases. The updates are extensive and the best source of info
is in the release notes. Enjoy and direct questions to database@!
Release notes:
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4
PR: ports/59403, ports/59404, ports/59393, ports/59394,
ports/59395, ports/59397, ports/59398, ports/59402, &&
ports/59401
Submitted by: maintainer
Approved by: marcus (portmgr@ hat)
"In order to address a potentially serious (although rare)
server startup failure that was recently reported, we have
released PostgreSQL version 7.3.4. This release is critical
for users of PostgreSQL version 7.3.3, and highly recommended
for all other PostgreSQL users."
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
PR: 55354
1. Optionally link with libc_r to get plpython working. [1]
2. Fix kerberos build. [2]
3. There was a duplication of some declarations. [3]
PR: ports/52851
PR: ports/51080 [2]
Submitted by: Mike Meyer <mwm@mired.org> [1]
Submitted by: Gerweck <andy@tacnode.com> [2]
Pointed out by: Mike Harding <mvh@ix.netcom.com> [3]
Submitted by: Palle Girgensohn <girgen@pingpong.net> (maintainer)
Fixes numerous bugs especially with various interface libraries and
pg_dump. All users are advised to upgrade. This update fixes all known
problems with the postgresql7 port. See release notes for details:
http://developer.postgresql.org/docs/postgres/release-7-3-2.html
A dump/restore is *not* required when upgrading to this version.
PR: ports/47983 [1], ports/47284 [2], ports/47808 [3]
Submitted by: maintainer [1]
Jason C. Wells [2]
Michel Oosterhof <m.oosterhof@xs4all.nl> [3]
A note about how to install languages into a PostgreSQL database is added.
PR: ports/29916
Submitted by: Palle Girgensohn <girgen@partitur.se> (MAINTAINER)
Michal Pasternak <doc@lublin.t1.pl> (the note)
and..
<quote>
This is a really small fix:
- When compiling postgresql-jdbc, the compilation process presents a
bad path to the installed jar-file.
</quote>
PR: 13838
PR: 13865
Submitted by: Palle Girgensohn <girgen@partitur.se>
Many bugfixes and cosmetic changes
Changes by Scrappy and me
My additional changes:
- had to link libpgtcl.so with the crypt library to get rid of the
pgaccess error message, that crypt is missing
- had to add -i option in the startup script, so that pgaccess is
able to connect to the postmaster process
- removed all unnecessary patches
- updated PLIST
Thanks to the postgresql developement team, who did a great job to
simplify the postgresql port, by applying the patches and making
the autoconf mechanism more consistent.
Submitted by: The Hermit Hacker <scrappy@hub.org>
Please note: when performing a migration to 6.2 and you have an existing db,
then you have to use the *new* pg_dumpall script that comes with this new
postgresql release. The INSTALL file points this out explicitely !!!
Changes:
- startup script resides in FILESDIR
- renamed it to be in sync with INSTALL file from sources
- always install this startup script over an existing, because
of the nature of the rc.d directory I can't install it
to pgsql.sh-dist, if a pgsql.sh is already presend ...
- portlint detected trailing whitespace, usage of perl with absolute
path, usage of echo instead of ECHO and plenty things of this kind
- post installation notes updated, mentioned the mailing list
- copies the html pages as well to the share/doc directory (new manual dir)
- had to update PLIST
- shortened DESCR file, to match the 24 lines
- added post build target, that reminds the admin how to proceed when
already having a database -> INSTALL file describes migration
- updated manpages
