Up to [cvs.NetBSD.org] / pkgsrc / databases / postgresql83
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.9, Thu Apr 4 21:08:26 2013 UTC (9 years, 9 months ago) by adam
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, HEAD
Changes since 1.8: +1 -1 lines
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately. A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Revision 188.8.131.52 / (download) - annotate - [select for diffs], Mon Jul 2 23:06:56 2012 UTC (10 years, 7 months ago) by tron
Changes since 1.7: +1 -2 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Pullup ticket #3842 - requested by morr databases/postgresql83-adminpack: security update databases/postgresql83-client: security update databases/postgresql83-plperl: security update databases/postgresql83-pltcl: security update databases/postgresql83-server: security update databases/postgresql83-uuid: security update databases/postgresql83: security update Revisions pulled up: - databases/postgresql83-adminpack/Makefile 1.10 - databases/postgresql83-client/Makefile 1.27 - databases/postgresql83-client/PLIST 1.21 - databases/postgresql83-plperl/Makefile 1.16 - databases/postgresql83-plpython/Makefile 1.14 - databases/postgresql83-pltcl/Makefile 1.10 - databases/postgresql83-server/Makefile 1.19 - databases/postgresql83-server/PLIST 1.18 - databases/postgresql83-uuid/Makefile 1.3 - databases/postgresql83/Makefile 1.8 - databases/postgresql83/Makefile.common 1.24 - databases/postgresql83/distinfo 1.22 --- Module Name: pkgsrc Committed By: morr Date: Sun Jul 1 19:19:42 UTC 2012 Modified Files: pkgsrc/databases/postgresql83: Makefile.common distinfo pkgsrc/databases/postgresql83-client: PLIST pkgsrc/databases/postgresql83-plpython: Makefile pkgsrc/databases/postgresql83-server: PLIST Log Message: Security update to version 8.3.19. Changes: * Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer) * If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143) * Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane) * Applying such attributes to a call handler could crash the server. (CVE-2012-2655) * Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC (Tom Lane) * Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload. * Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone (Tom Lane) * This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions. * Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings (Karl Schnaitter) * Fix memory copying bug in to_tsquery() (Heikki Linnakangas) * Fix slow session startup when pg_attribute is very large (Tom Lane) * If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once. * Ensure sequential scans check for query cancel reasonably often (Merlin Moncure) * A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile. * Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning (Tom Lane) * This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences. * Show whole-row variables safely when printing views or rules (Abbas Butt, Tom Lane) * Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast. * Ensure autovacuum worker processes perform stack depth checking properly (Heikki Linnakangas) * Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes. * Fix logging collector to not lose log coherency under high load (Andrew Dunstan) * The collector previously could fail to reassemble large messages if it got too busy. * Fix logging collector to ensure it will restart file rotation after receiving SIGHUP (Tom Lane) * Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable (Tom Lane) * Fix several performance problems in pg_dump when the database contains many objects (Jeff Janes, Tom Lane) * pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences. * Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error (Tom Lane) * Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada. --- Module Name: pkgsrc Committed By: morr Date: Sun Jul 1 19:21:14 UTC 2012 Modified Files: pkgsrc/databases/postgresql83: Makefile pkgsrc/databases/postgresql83-adminpack: Makefile pkgsrc/databases/postgresql83-client: Makefile pkgsrc/databases/postgresql83-plperl: Makefile pkgsrc/databases/postgresql83-pltcl: Makefile pkgsrc/databases/postgresql83-server: Makefile pkgsrc/databases/postgresql83-uuid: Makefile Log Message: Remove PKGREVISION
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jul 1 19:21:13 2012 UTC (10 years, 7 months ago) by morr
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.7: +1 -2 lines
Diff to previous 1.7 (colored)
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 14 07:45:38 2012 UTC (10 years, 7 months ago) by sbd
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
Recursive PKGREVISION bump for libxml2 buildlink addition.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Sep 27 11:03:59 2011 UTC (11 years, 4 months ago) by adam
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.5: +1 -2 lines
Diff to previous 1.5 (colored)
Changes 8.3.16: * Fix bugs in indexing of in-doubt HOT-updated tuples * Fix multiple bugs in GiST index page split processing * Fix possible buffer overrun in tsvector_concat() * Fix crash in xml_recv when processing a "standalone" parameter * Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion * Fix race condition in relcache init file invalidation * Fix memory leak at end of a GiST index scan * Fix performance problem when constructing a large, lossy bitmap * Fix array- and path-creating functions to ensure padding bytes are zeroes * Work around gcc 4.6.0 bug that breaks WAL replay * Fix dump bug for VALUES in a view * Disallow SELECT FOR UPDATE/SHARE on sequences This operation doesn't work as expected and can lead to failures. * Defend against integer overflow when computing size of a hash table * Fix cases where "CLUSTER" might attempt to access already-removed TOAST data * Fix portability bugs in use of credentials control messages for "peer" authentication * Fix SSPI login when multiple roundtrips are required * Fix typo in pg_srand48 seed initialization * Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63 * Add overflow checks to int4 and int8 versions of generate_series() * Fix trailing-zero removal in to_char() * Fix pg_size_pretty() to avoid overflow for inputs close to 2^63 * In pg_ctl, support silent mode for service registrations on Windows * Fix psql's counting of script file line numbers during COPY from a different file * more...
Revision 1.5 / (download) - annotate - [select for diffs], Fri Apr 22 13:43:14 2011 UTC (11 years, 9 months ago) by obache
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
recursive bump from gettext-lib shlib bump.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Dec 19 09:53:52 2010 UTC (12 years, 1 month ago) by adam
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)
Changes 8.3.13: * Force the default wal_sync_method to be fdatasync on Linux * Fix assorted bugs in WAL replay logic for GIN indexes * Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point * Fix persistent slowdown of autovacuum workers when multiple workers remain active for a long time * Add support for detecting register-stack overrun on IA64 * Add a check for stack overflow in copyObject() * Fix detection of page splits in temporary GiST indexes * Avoid memory leakage while "ANALYZE"'ing complex index expressions * Ensure an index that uses a whole-row Var still depends on its table * Do not "inline" a SQL function with multiple OUT parameters * Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is attached to the VALUES part of INSERT ... VALUES * Fix constant-folding of COALESCE() expressions * Fix postmaster crash when connection acceptance (accept() or one of the calls made immediately after it) fails, and the postmaster was compiled with GSSAPI support * Fix missed unlink of temporary files when log_temp_files is active * Add print functionality for InhRelation nodes * Fix incorrect calculation of distance from a point to a horizontal line segment * Fix PL/pgSQL's handling of "simple" expressions to not fail in recursion or error-recovery cases * Fix PL/Python's handling of set-returning functions * Fix bug in "contrib/cube"'s GiST picksplit algorithm * Don't emit "identifier will be truncated" notices in "contrib/dblink" except when creating new connections * Fix potential coredump on missing public key in "contrib/pgcrypto" * Fix memory leak in "contrib/xml2"'s XPath query functions * Update time zone data files to tzdata release 2010o for DST law changes in Fiji and Samoa; also historical corrections for Hong Kong.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jun 12 02:14:20 2008 UTC (14 years, 7 months ago) by joerg
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
Add DESTDIR support.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Mar 13 16:47:37 2008 UTC (14 years, 10 months ago) by joerg
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Changes since 1.1: +2 -9 lines
Diff to previous 1.1 (colored)
Mark the main postgresql8[0-3] packages as meta packages. This avoids the problems in PR 34914.
Revision 184.108.40.206 / (download) - annotate - [select for diffs] (vendor branch), Tue Mar 4 12:41:36 2008 UTC (14 years, 10 months ago) by adam
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
PostgreSQL 8.3 With significant new functionality and performance enhancements, this release represents a major leap forward for PostgreSQL. This was made possible by a growing community that has dramatically accelerated the pace of development. This release adds the following major features: * Full text search is integrated into the core database system * Support for the SQL/XML standard, including new operators and an XML data type * Enumerated data types (ENUM) * Arrays of composite types * Universally Unique Identifier (UUID) data type * Add control over whether NULLs sort first or last * Updatable cursors * Server configuration parameters can now be set on a per-function basis * User-defined types can now have type modifiers * Automatically re-plan cached queries when table definitions change or statistics are updated * Numerous improvements in logging and statistics collection * Support Security Service Provider Interface (SSPI) for authentication on Windows * Support multiple concurrent autovacuum processes, and other autovacuum improvements * Allow the whole PostgreSQL distribution to be compiled with Microsoft Visual C++
Revision 1.1 / (download) - annotate - [select for diffs], Tue Mar 4 12:41:36 2008 UTC (14 years, 10 months ago) by adam
This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.