from 7.3.8, including several security-related issues. A dump/restore
is not required for those running 7.3.X.
Changes
* Disallow "LOAD" to non-superusers
On platforms that will automatically execute initialization
functions of a shared library (this includes at least Windows and
ELF-based Unixen), "LOAD" can be used to make the server execute
arbitrary code. Thanks to NGS Software for reporting this.
* Check that creator of an aggregate function has the right to
execute the specified transition functions
This oversight made it possible to bypass denial of EXECUTE
permission on a function.
* Fix security and 64-bit issues in contrib/intagg
* Add needed STRICT marking to some contrib functions (Kris Jurka)
* Avoid buffer overrun when plpgsql cursor declaration has too many
parameters (Neil)
* Fix planning error for FULL and RIGHT outer joins
The result of the join was mistakenly supposed to be sorted the
same as the left input. This could not only deliver mis-sorted
output to the user, but in case of nested merge joins could give
outright wrong answers.
* Fix plperl for quote marks in tuple fields
* Fix display of negative intervals in SQL and GERMAN datestyles
* A vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access
transaction status" failures, which qualifies it as a potential-data-loss bug.
Changes:
* Prevent possible loss of committed transactions during crash
Due to insufficient interlocking between transaction commit and
checkpointing, it was possible for transactions committed just
before the most recent checkpoint to be lost, in whole or in part,
following a database crash and restart. This is a serious bug that
has existed since PostgreSQL 7.1.
* Remove asymmetrical word processing in tsearch (Teodor)
* Properly schema-qualify function names when pg_dump'ing a CAST
archs. This fixes support for dynamic loading on mips and also improves
error reporting.
Fixes PR pkg/25473 by Byron Servies.
PKGREVISION not bumped, will ride update to 7.3.7
'-*' instead of '-[0-9]*'. Otherwise postsgreql74-lib-whatever can be
incorrectly installed alongside postgresql73-lib-whatever because the latter
does not match 'postgresql73-[0-9]*'.
PostgreSQL is a robust, next-generation, Object-Relational DBMS (ORDBMS),
derived from the Berkeley Postgres database management system. While
PostgreSQL retains the powerful object-relational data model, rich data types
and easy extensibility of Postgres, it replaces the PostQuel query language
with an extended subset of SQL.
PostgreSQL is free and the complete source is available.
This is the meta-package for the PostgreSQL database system.
