Common to all versions:
* Change the server to reject invalidly-encoded multibyte characters
in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this
direction for some time, the checks are now applied uniformly to
all encodings and all textual input, and are now always errors not
merely warnings. This change defends against SQL-injection attacks
of the type described in CVE-2006-2313.
* Reject unsafe uses of \' in string literals As a server-side
defense against SQL-injection attacks of the type described in
CVE-2006-2314, the server now only accepts '' and not \' as a
representation of ASCII single quote in SQL string literals. By
default, \' is rejected only when client_encoding is set to a
client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is
the scenario in which SQL injection is possible. A new
configuration parameter backslash_quote is available to adjust
this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
backslash_quote is in part to make it obvious that insecure clients
are insecure.
* Modify libpq's string-escaping routines to be aware of encoding
considerations This fixes libpq-using applications for the
security issues described in CVE-2006-2313 and CVE-2006-2314.
Applications that use multiple PostgreSQL connections concurrently
should migrate to PQescapeStringConn() and PQescapeByteaConn() to
ensure that escaping is done correctly for the settings in use in
each database connection. Applications that do string escaping
"by hand" should be modified to rely on library routines instead.
* Fix some incorrect encoding conversion functions win1251_to_iso,
alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all
broken to varying extents.
* Clean up stray remaining uses of \' in strings (Bruce, Jan)
* Fix server to use custom DH SSL parameters correctly (Michael Fuhr)
* Fix various minor memory leaks
Additionally for 7.4.13 and later:
* Fix bug that sometimes caused OR'd index scans to miss rows they
should have returned
* Fix WAL replay for case where a btree index has been truncated
* Fix SIMILAR TO for patterns involving | (Tom)
* Fix for Bonjour on Intel Macs (Ashley Clark)
Additionally for 8.0.8 and 8.1.4:
* Fix SELECT INTO and CREATE TABLE AS to create tables in the
default tablespace, not the base directory (Kris Jurka)
* Fix problem with password prompting on some Win32 systems (Robert
Kinberg)
Additionally for 8.1.4:
* Fix weak key selection in pgcrypto (Marko Kreen)
Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by pgp_sym_encrypt() in some cases.
This only affects non-OpenSSL-using builds.
* Make autovacuum visible in pg_stat_activity (Alvaro)
* Disable full_page_writes (Tom)
In certain cases, having full_page_writes off would cause crash
recovery to fail. A proper fix will appear in 8.2; for now it's
just disabled.
* Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)
* Fix incorrect optimization in merge join (Tom)
Outer joins could sometimes emit multiple copies of unmatched
rows.
* Fix crash from using and modifying a plpgsql function in the same
transaction
* Improve qsort performance (Dann Corbit)
Currently this code is only used on Solaris.
* Improve pg_dump's handling of default values for domains
* Fix pg_dumpall to handle identically-named users and groups
reasonably (only possible when dumping from a pre-8.1 server) (Tom)
The user and group will be merged into a single role with LOGIN
permission. Formerly the merged role wouldn't have LOGIN
permission, making it unusable as a user.
* Fix pg_restore -n to work as documented (Tom)
The fix for locales and plperl in 7.4.11 might make an REINDEX necessary.
Changes from 7.4.8 to 7.4.9:
- Fix error that allowed VACUUM to remove ctid chains too soon, and add
more checking in code that follows ctid links
- Fix CHAR() to properly pad spaces to the specified length when using a
multiple-byte character set (Yoshiyuki Asaba)
- Fix the sense of the test for read-only transaction in COPY
- Fix planning problem with outer-join ON clauses that reference only
the inner-side relation
- Further fixes for x FULL JOIN y ON true corner cases
- Make array_in and array_recv more paranoid about validating their OID
parameter
- Fix missing rows in queries like UPDATE a=... WHERE a... with GiST
index on column a
- Improve robustness of datetime parsing
- Improve checking for partially-written WAL pages
- Improve robustness of signal handling when SSL is enabled
- Don't try to open more than max_files_per_process files during
postmaster startup
- Various memory leakage fixes
- Various portability improvements
- Fix PL/PgSQL to handle var := var correctly when the variable is of
pass-by-reference type
- Update contrib/tsearch2 to use current Snowball code
Changes from 7.4.9 to 7.4.10:
- Fix race condition in transaction log management
- Prevent failure if client sends Bind protocol message when current
transaction is already aborted
- /contrib/ltree fixes (Teodor)
- AIX and HPUX compile fixes (Tom)
- Fix longstanding planning error for outer joins
- Prevent core dump in pg_autovacuum when a table has been dropped
Changes from 7.4.10 to 7.4.11:
- Fix for protocol-level Describe messages issued outside a transaction
or in a failed transaction (Tom)
- Fix character string comparison for locales that consider different
character combinations as equal, such as Hungarian (Tom)
- Set locale environment variables during postmaster startup to ensure
that plperl won't change the locale later
- Fix longstanding bug in strpos() and regular expression handling in
certain rarely used Asian multi-byte character sets (Tatsuo)
- Fix bug in /contrib/pgcrypto gen_salt, which caused it not to use all
available salt space for MD5 and XDES algorithms (Marko Kreen, Solar
Designer)
- Fix /contrib/dblink to throw an error, rather than crashing, when the
number of columns specified is different from what's actually returned
by the query (Joe)
Changes from 7.4.11 to 7.4.12:
- Fix potential crash in SET SESSION AUTHORIZATION (CVE-2006-0553)
- Fix bug with row visibility logic in self-inserted rows (Tom)
- Fix race condition that could lead to "file already exists" errors
during pg_clog file creation (Tom)
- Properly check DOMAIN constraints for UNKNOWN parameters in prepared
statements (Neil)
- Fix to allow restoring dumps that have cross-schema references to
custom operators (Tom)
- Portability fix for testing presence of finite and isinf during
configure (Tom)
Release Notes
Release 7.4.8
Release date: 2005-05-09
This release contains a variety of fixes from 7.4.7, including several
security-related issues.
__________________________________________________________________
Migration to version 7.4.8
A dump/restore is not required for those running 7.4.X. However, it is
one possible way of handling two significant security problems that
have been found in the initial contents of 7.4.X system catalogs. A
dump/initdb/reload sequence using 7.4.8's initdb will automatically
correct these problems.
The larger security problem is that the built-in character set encoding
conversion functions can be invoked from SQL commands by unprivileged
users, but the functions were not designed for such use and are not
secure against malicious choices of arguments. The fix involves
changing the declared parameter list of these functions so that they
can no longer be invoked from SQL commands. (This does not affect their
normal use by the encoding conversion machinery.)
The lesser problem is that the "contrib/tsearch2" module creates
several functions that are misdeclared to return internal when they do
not accept internal arguments. This breaks type safety for all
functions using internal arguments.
It is strongly recommended that all installations repair these errors,
either by initdb or by following the manual repair procedures given
below. The errors at least allow unprivileged database users to crash
their server process, and may allow unprivileged users to gain the
privileges of a database superuser.
While here, fix postgresql74-client package installation on 2.0
(broken -X), and avoid the need for gtar in tcl-postgresql74.
changes:
* Fix temporary memory leak when using non-hashed aggregates (Tom)
* ECPG fixes, including some for Informix compatibility (Michael)
* Fixes for compiling with thread-safety, particularly Solaris (Bruce)
* Fix error in COPY IN termination when using the old network
protocol (ljb)
* Several important fixes in pg_autovacuum (Matthew T. O'Connor)
* Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce)
* Several JDBC fixes
* Fix ALTER SEQUENCE RESTART where last_value equals the restart
value (Tom)
* Repair failure to recalculate nested sub-selects (Tom)
* Fix problems with non-constant expressions in LIMIT/OFFSET
* Support FULL JOIN with no join clause, such as X FULL JOIN Y ON
TRUE (Tom)
* Fix another zero-column table bug (Tom)
* Improve handling of non-qualified identifiers in GROUP BY clauses
in sub-selects (Tom)
* Do not generate "NATURAL CROSS JOIN" when decompiling rules (Tom)
* Add checks for invalid field length in binary COPY (Tom)
* Avoid locking conflict between ANALYZE and LISTEN/NOTIFY
* Numerous translation updates (various contributors)
Documentation.
PostgreSQL is a robust, next-generation, Object-Relational DBMS (ORDBMS),
derived from the Berkeley Postgres database management system. While
PostgreSQL retains the powerful object-relational data model, rich data types
and easy extensibility of Postgres, it replaces the PostQuel query language
with an extended subset of SQL.
PostgreSQL is free and the complete source is available.
This package contains the database documentation.
