Changes:
* Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer)
* If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143)
* Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane)
* Applying such attributes to a call handler could crash the server. (CVE-2012-2655)
* Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC (Tom Lane)
* Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload.
* Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone (Tom Lane)
* This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions.
* Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings (Karl Schnaitter)
* Fix memory copying bug in to_tsquery() (Heikki Linnakangas)
* Fix slow session startup when pg_attribute is very large (Tom Lane)
* If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once.
* Ensure sequential scans check for query cancel reasonably often (Merlin Moncure)
* A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile.
* Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning (Tom Lane)
* This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences.
* Show whole-row variables safely when printing views or rules (Abbas Butt, Tom Lane)
* Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast.
* Ensure autovacuum worker processes perform stack depth checking properly (Heikki Linnakangas)
* Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes.
* Fix logging collector to not lose log coherency under high load (Andrew Dunstan)
* The collector previously could fail to reassemble large messages if it got too busy.
* Fix logging collector to ensure it will restart file rotation after receiving SIGHUP (Tom Lane)
* Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable (Tom Lane)
* Fix several performance problems in pg_dump when the database contains many objects (Jeff Janes, Tom Lane)
* pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences.
* Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error (Tom Lane)
* Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada.
Mysql2
Mysql2 is a modern, simple and very fast Mysql library for Ruby - binding to
libmysql.
The Mysql2 gem is meant to serve the extremely common use-case of connecting,
querying and iterating on results. Some database libraries out there serve as
direct 1:1 mappings of the already complex C API's available. This one is
not.
It also forces the use of UTF-8 (or binary) for the connection (and all
strings in 1.9, unless Encoding.default_internal is set then it'll convert
from UTF-8 to that encoding) and uses encoding-aware MySQL API calls where it
can.
pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.
## Rails 3.1.6 (Jun 12, 2012)
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.
## Rails 3.0.14 (Jun 12, 2012)
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
## Rails 3.2.6 (Jun 12, 2012) ##
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
* Revert earlier 'perf fix' (see 3.2.4 changelog / GH #6289). This
change introduced a regression (GH #6609). assoc.clear and
assoc.delete_all have loaded the association before doing the delete
since at least Rails 2.3. Doing the delete without loading the
records means that the `before_remove` and `after_remove` callbacks do
not get invoked. Therefore, this change was less a fix a more an
optimisation, which should only have gone into master.
*Jon Leighton*
* In-memory databases that are specified using URI filenames are allowed to use
shared cache, so that the same in-memory database can be accessed from
multiple database connections.
* Recognize and use the mode=memory query parameter in URI filenames.
* Avoid resetting the schema of shared cache connections when any one
connection closes. Instead, wait for the last connection to close before
reseting the schema.
* In the RTREE extension, when rounding 64-bit floating point numbers to 32-bit
for storage, always round in a direction that causes the bounding box to get
larger.
* Adjust the unix driver to avoid unnecessary calls to fchown().
* Add interfaces sqlite3_quota_ferror() and sqlite3_quota_file_available() to
the test_quota.c module.
* The sqlite3_create_module() and sqlite3_create_module_v2() interfaces return
SQLITE_MISUSE on any attempt to overload or replace a virtual table module.
The destructor is always called in this case, in accordance with historical
and current documentation.
PR 46534 by Wen Heping.
While here, set LICENSE=php.
Changes since 1.7.13:
All drivers:
* Made the definition of DB_common::raiseError() compatible with
PEAR::raiseError() by adding dummy parameters. Request 11581.
* Fixed SKIP block in the 20locale.phpt test.
* Fixed non-persistent connections to really be non-persistent when unserialising.
Bug 15115.
ibase:
* Changed the order of regular expressions applied when mapping errors so that
constraint violations in PHP 4.4 are actually reported as constraint
violations and not table not found errors.
* Fixed a test that should have been skipped in PHP 4.4.
ifx:
* Use PCRE rather than ereg. Bug 17722, patch by Olle Jonsson.
mssql:
* Fix escaping of string values with lines ending in a backslash character.
Bug 16117.
oci8:
* Fix for last_query reconstruction with lots of placeholders. Bug 12418, patch
by Nicholas Evans.
* Fix replacement of values in last_query for :bind's numbered over 10.
Bug 14603.
* Unset $_prepared_queries in freePrepared(). Bug 14271.
pgsql:
* Added special-case to handle SAVEPOINT queries as manip queries. Bug 12260.
* Implement rudimentary support for WITH...SELECT queries. Bug 17136.
sqlite:
* Added support for another error message in the SQLite driver. Bug 12105, patch
by Adam Ashley.
* Implement auto_increment support in tableInfo(). Request 13193.
* The --safe-mode server option now is deprecated and will be removed in MySQL
5.6.
* Performance: InnoDB: Improved the algorithm related to adaptive flushing.
This fix increases the rate of flushing in cases where compression is used
and the data set is larger than the buffer pool, leading to eviction.
* InnoDB: In a transaction using the REPEATABLE READ isolation level, an UPDATE
or DELETE statement for an InnoDB table could sometimes overlook rows
recently committed by other transactions. As explained in Section 14.3.9.2,
“Consistent Nonlocking Reads”, DML statements within a REPEATABLE READ
transaction apply to rows committed by other transactions, even if a query
could not see those rows.
* InnoDB: The Innodb_buffer_pool_pages_flushed status variable was incorrectly
set to twice the value it should be. Its value should never exceed the value
of Innodb_pages_written.
* InnoDB: The error handling and message was improved for attempting to create
a foreign key with a column referencing itself. The message suggested
a potential problem with the data dictionary, when no such problem existed.
* InnoDB: The CHECK TABLE statement could fail for a large InnoDB table due to
a timeout value of 2 hours. For typical storage devices, the issue could
occur for tables that exceeded approximately 200 or 350 GB, depending on I/O
speed. The fix relaxes the locking performed on the table being checked,
which makes the timeout less likely. It also makes InnoDB recognize the
syntax CHECK TABLE QUICK, which avoids the possibility of the timeout
entirely.
* Replication: It was theoretically possible for concurrent execution of more
than one instance of SHOW BINLOG EVENTS to crash the MySQL Server.
* Replication: Statements using AUTO_INCREMENT, LAST_INSERT_ID(), RAND(), or
user variables could be applied in the wrong context on the slave when using
statement-based replication and replication filtering server options (see
Section 16.2.3, “How Servers Evaluate Replication Filtering Rules”).
* Replication: An INSERT into a table that has a composite primary key that
includes an AUTO_INCREMENT column that is not the first column of this
composite key is not safe for statement-based binary logging or replication.
Such statements are now marked as unsafe and fail with an error when using
the STATEMENT binary logging format. For more information, see Section
16.1.2.3, “Determination of Safe and Unsafe Statements in Binary Logging”, as
well as Section 16.4.1.1, “Replication and AUTO_INCREMENT”.
3.2.4 had some regression related problem.
## Rails 3.2.4 (May 31, 2012) ##
* Perf fix: Don't load the records when doing assoc.delete_all.
GH #6289. *Jon Leighton*
* Association preloading shouldn't be affected by the current scoping.
This could cause infinite recursion and potentially other problems.
See GH #5667. *Jon Leighton*
* Datetime attributes are forced to be changed. GH #3965
* Fix attribute casting. GH #5549
* Fix#5667. Preloading should ignore scoping.
* Predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this! CVE-2012-2661
## Rails 3.1.5 (May 31, 2012) ##
* Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931.
* only log an error if there is a logger. fixes#5226
* fix activerecord query_method regression with offset into Fixnum
* predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this! CVE-2012-2661
* Rails 3.0.13 (May 31, 2012)
* Bugfix circular reference while saving has_one relationship
* Test for circular reference while saving has_one relationship
* Fixed typo in composed_of example with Money#<=>
* predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this! CVE-2012-2661
=== 3.36.0 (2012-06-01)
* Use Bignum generic type when dumping unsigned integer types that could potentially overflow 32-bit signed integer values (stu314)
* Support :transform option in the nested_attributes plugin, for automatically preprocessing input hashes (chanks)
* Support :unmatched_pk option in the nested_attributes plugin, can be set to :create for associated objects with natural keys (chanks)
* Support composite primary keys in the nested_attributes plugin (chanks)
* Allow Model#from_json in the json_serializer plugin to use set_fields if a :fields option is given (jeremyevans)
* Support :using option to set_column_type on PostgreSQL, to force a specific conversion from the old value to the new value (jeremyevans)
* Drop indexes in the reverse order that they were added in the schema dumper (jeremyevans)
* Add :index_names option to schema dumper method, can be set to false or :namespace (stu314, jeremyevans)
* Add Database#global_index_namespace? for checking if index namespace is global or per table (jeremyevans)
* Fix typecasting of time columns on jdbc/postgres, before could be off by a millisecond (jeremyevans)
* Add document explaining Sequel's object model (jeremyevans)
* Attempt to detect more disconnect errors in the mysql2 adapter (jeremyevans)
* Add is_current? and check_current to the migrators, for checking/raising if there are unapplied migrations (pvh, jeremyevans) (#487)
* Add a jdbc subadapter for the Progress database (Michael Gliwinski, jeremyevans)
* Add pg_inet extension, for working with PostgreSQL inet and cidr types (jeremyevans)
* Fix bug in model column setters when passing an object that raises an exception for ==('') (jeremyevans)
* Add eager_each plugin, which makes each on an eagerly loaded dataset do eager loading (jeremyevans)
* Fix bugs when parsing foreign keys for tables with explicit schema on PostgreSQL (jeremyevans)
* Remove Database#case_sensitive_like on SQLite (jeremyevans)
* Remove Database#single_value in the native sqlite adapter (jeremyevans)
* Make Dataset#get work with nil and false arguments (jeremyevans)
* Make json_serializer plugin respect :root=>:collection and :root=>:instance options (jeremyevans)
* Support savepoints in prepared transactions on MySQL 5.5.23+ (jeremyevans)
* Add pg_json extension, for working with PostgreSQL 9.2's new json type (jeremyevans)
* In the optimistic locking plugin, make refresh and save after a failed save work correctly (jeremyevans)
* Support partial indexes on Microsoft SQL Server 2008 (jeremyevans)
* Make Database#call pass blocks (jeremyevans)
* Support :each when preparing statements, useful for iterating over large datasets (jeremyevans)
* Support :if_exists and :cascade options when dropping indexes on PostgreSQL (jeremyevans)
* Support :concurrently option when adding and dropping indexes on PostgreSQL (jeremyevans)
* Make Database#transaction on PostgreSQL recognize :synchronous, :read_only, and :deferrable options (jeremyevans)
* Support :sql_mode option when connecting to MySQL (jeremyevans)
* Apply :timeout MySQL connection setting on do, jdbc, and swift adapters (jeremyevans)
* Don't set Sequel::Model.db automatically when creating an anonymous class with an associated database object (jeremyevans)
* Add :connection_handling=>:queue option to the threaded connection pools, may reduce chance of stale connections (jeremyevans) (#481)
* Handle JRuby 1.7 exception handling changes when connecting in the jdbc adapter (jeremyevans) (#477)
* Make *_to_one association setters be noops if you pass a value that is the same as the cached value (jeremyevans)
* Make Model#refresh return self when using dirty plugin (jeremyevans)
=== 3.35.0 (2012-05-01)
* Correctly handle parsing schema for tables in other databases on MySQL (jeremyevans)
* Add DSL support for the modulus operator (%), similar to the bitwise operators (jeremyevans)
* Fix possible thread-safety issues on non-GVL ruby implementations (jeremyevans)
* Allow truncation of multiple tables at the same time on PostgreSQL (jeremyevans)
* Allow truncate to take a :cascade, :only, and :restart options on PostgreSQL (hgimenez, jeremyevans)
* Allow json and xml serializers to support :array option in class to_json method to serialize existing array of model instances (jeremyevans)
* Add dirty plugin, which saves the initial value of the column when the value is changed (jeremyevans)
* create_table now supports an :as option to create a table directly from the results of a query (jeremyevans)
* The :index option when creating columns in the schema generator can now be a hash of options passed to index (jeremyevans)
* Parsing the default column values in the oracle adapter no longer requires superuser privileges (Jason Hines)
* Add Database#cache_schema to allow schema caching to be turned of, useful for development modes where models are reloaded (jeremyevans)
* Correctly handle errors that occur when rolling back transactions (jeremyevans)
* Recognize identity type in the schema dumper (jeremyevans) (#468)
* Don't assign instance variables to Java objects, for future JRuby 2.0 support (jeremyevans) (#466)
* Use date and timestamp formats that are multilanguage and not DATEFORMAT dependent on Microsoft SQL Server (jeremyevans)
* Add Database#log_exception, which logs when a query raises an exception, for easier overriding (jeremyevans) (#465)
* Make the migrators only use transactions by default if the database supports transactional DDL (jeremyevans)
* Add Database#supports_transactional_ddl? for checking if DDL statements can be rolled back in transactions (jeremyevans)
* Don't use auto parameterization when using cursors in the pg_auto_parameterize extension (jeremyevans) (#463)
* No longer escape backslashes in strings by default, fixes doubled backslashes on some adapters (jeremyevans)
* Escape blackslash-carriage return-line feed in strings on Microsoft SQL Server (mluu, jeremyevans) (#462, #461)
* Remove Array#all_two_pairs? (jeremyevans)
* Remove Dataset#disable_insert_returning on PostgreSQL (jeremyevans)
* Remove support for PostgreSQL <8.2 (jeremyevans)
* Remove support for Ruby <1.8.7 (jeremyevans)
* Fixed incompatibility problems of Java DPL with JDK7, so DPL will now work
with JDK7.
* Added a flag to allow database locking to be disabled from the SQL API.
* Fixed a bug that could allocate a heap data page in a region after the region
creation has been undone.
* Redundant whitespaces are now ignored in DB_CONFIG lines pertaining to
directories, e.g. set_data_dir.
* Fixed a bug that caused DB_ENV->backup to stop early if DB_BACKUP_FILES was
not set and a non-DB file was in the data directory.
* Fixed a rare race condition that could cause a crash if two processes opened
the same database at the same time.
* Fixed missing cross compiling capability for the JDBC driver.
* Allow the same system/machine to host both a master and a replica database
through the use of relative pathnames.
* Fixed a bug in the Java API where EnvironmentConfig.setCreateDir would fail
to configure the environment.
* Fixed an assert failure in btreeCompare when allocating memory in the wrong
thread was causing a memory leak.
* Fixed a bug in the Java API where concurrent operations that change the
database schema could lead to a hang.
* Added JDBC code to the code base and updated the windows build files to
include the JDBC solution.
* Fixed a bug where the heap's region size was not getting swapped correctly in
mixed-endian environments.
* Fixed a bug in the db_sql_jdbc project file for vs2010 that was preventing it
from building correctly.
0.52 2012-05-29T18:32:42Z
- The DBI params are now encapsulated in a code reference, rather than
stored as the passed array, so that the password is less likely to be
displayed in a dump. Idea borrowed from Rose::DB. Patch from Brad
Bowman.
- Eliminated warning about the non-portability of a v-string on older
Perls. Thanks to Mark Lawrence for the report (Issue #17).
- Removed a couple of leftover examples of the `catch` feature removed
in v0.50. Thanks to Randy Stauner for the patch!
- Eliminated more "Use of qw(...) as parentheses" syntax errors in tests
when running on Perl 5.17.
- Add mention of DBI Callbacks parameter to the docs, as folks often ask
for this functionality, not realizing that the DBI already provides
it. Randy Stauner.
0.51 2012-02-18T00:14:48Z
- Fixed internal exception handling on Perls less than 5.14, where some
exceptions woult not be propagated to the caller.
0.50 2012-02-14T18:25:07Z
- The `catch` functionality has been completely removed. Any `catch`
block passed to `run()`, `txn()`, or `svp()` will be ignored. Errors
will trigger fatal exceptions.
- Removed the `with` method, which was deprecated in 0.34. Use `mode()`
instead.
- Fixed bad method call attempted when an `svp()` block failed. Thanks
to Ricardo SIGNES for the regression test and the fix.
- Fixed creation of the SQLite driver savepoint methods so that they
exist and work even if the driver is loaded before DBD::SQLite. Thanks
to Ricardo SIGNES for the regression test and the fix.
SQLAlchemy 0.6.9, a maintenance release of the 0.6 branch, is now
available.
The 0.6 series has not seen a release since 0.6.8 was released
nearly a year ago. During that time, the 0.7 series has gone through
over six releases, gaining many new features and bug fixes. A
portion of these fixes have been backported to 0.6 since 0.6.8,
including twelve ORM fixes, so 0.6.9 is an effort to make these
fixes widely available to those installations who have not yet
upgraded to 0.7. The release coincides at the same time as release
0.7.7, which is also fast approaching maintenance-only mode with
0.8 now well underway and close to initial beta releases.
Care has been taken in 0.6.9 to minimize as much as possible the
potential for backwards-incompatibilities with existing code, which
sometimes can occur if an application is unknowingly relying upon
a buggy behavior that is then fixed. So while 0.6.9 is a very
conservative release, it does still represent changes over a year's
time; users are strongly urged to carefully review the CHANGES file
to see exactly what's been adjusted, and to test it fully in their
existing 0.6 applications before promoting it to production.
* Fix a bug in the 3.7.12 release that can cause a segfault for certain obscure
nested aggregate queries.
* Fix various other minor test script problems.
Version 2.19.2 Released March 12, 2012
- Fix errors when multiple same-named placeholders are used. [GSM]
(CPAN bug #75713)
Version 2.19.1 Released March 10, 2012 (git commit db6f6da00467c7ea28d32c4df97e93ccc4d38f2b)
- Fix crash when passing in an array with undefined elements. [GSM]
Version 2.19.0 Released March 9, 2012 (git commit 05ab092905ce6891ed83e173412ee70d6cdb8cb5)
- Use proper formatting for warn() and croak() (CPAN bug #75642)
[Niko Tyni]
- Fix localized regex in test (CPAN bug #70759)
- Fix for named placeholders (CPAN bug #70953) [Jan Pazdziora]
- Various fixes to the array-marshalling code [Noah Misch, Mark
Stosberg, and David Christensen] (CPAN bug #58552)
- Allow hi-bit chars in dollar-quoted identifiers
[David Christensen] (CPAN bug #73832)
- Have do() return count for things such as CREATE TABLE .. AS SELECT
Will only work on 9.0 or better. (CPAN bug #71073) [Pavel Stehule]
- Better error message when trying to do things post-disconnect [GSM]
- Always respect pg_server_prepare=0 by using PQexec not PQexecParams. [GSM]
- Fix error in async docs (CPAN bug #72812)
- Switch from subversion to git.
git clone git://bucardo.org/dbdpg.git [GSM]
* Add the SQLITE_DBSTATUS_CACHE_WRITE option for sqlite3_db_status().
* Optimize the typeof() and length() SQL functions so that they avoid unnecessary reading of database content from disk.
* Add the FTS4 "merge" command, the FTS4 "automerge" command, and the FTS4 "integrity-check" command.
* Report the name of specific CHECK constraints that fail.
* In the command-line shell, use popen() instead of fopen() if the first character of the argument to the ".output" command is "|".
* Make use of OVERLAPPED in the windows VFS to avoid some system calls and thereby obtain a performance improvement.
* More aggressive optimization of the AND operator when one side or the other is always false.
* Improved performance of queries with many OR-connected terms in the WHERE clause that can all be indexed.
* Add the SQLITE_RTREE_INT_ONLY compile-time option to force the R*Tree Extension Module to use integer instead of floating point values for both storage and computation.
* Enhance the PRAGMA integrity_check command to use much less memory when processing multi-gigabyte databases.
* New interfaces added to the test_quota.c add-on module.
* Added the ".trace" dot-command to the command-line shell.
* Allow virtual table constructors to be invoked recursively.
* Improved optimization of ORDER BY clauses on compound queries.
* Improved optimization of aggregate subqueries contained within an aggregate query.
* Bug fix: Fix the RELEASE command so that it does not cancel pending queries. This repairs a problem introduced in 3.7.11.
* Bug fix: Do not discard the DISTINCT as superfluous unless a subset of the result set is subject to a UNIQUE constraint and it none of the columns in that subset can be NULL.
* Bug fix: Do not optimize away an ORDER BY clause that has the same terms as a UNIQUE index unless those terms are also NOT NULL.
