2009年3月18日

[installer 1861] postgresql-8.3.7, 8.2.13, 8.1.17, 7.4.25

postgresql-8.3.7, 8.2.13, 8.1.17, 7.4.25 出ています。

セキュリティホールの修正を含んでいます。
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0922
参照のこと。

☆ postgresql-8.3.7
http://www.postgresql.org/

ftp://ftp.postgresql.org/pub/source/v8.3.7/postgresql-8.3.7.tar.gz

Release 8.3.7

Release date: 2009-03-16

This release contains a variety of fixes from 8.3.6. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________

Migration to Version 8.3.7

A dump/restore is not required for those running 8.3.X. However, if you
are upgrading from a version earlier than 8.3.5, see the release notes
for 8.3.5.
__________________________________________________________________

Changes

* Prevent error recursion crashes when encoding conversion fails
(Tom)
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
* Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion
failure. The previous change is a backstop to guard against other
kinds of failures in the same area.
* Fix xpath() to not modify the path expression unless necessary, and
to make a saner attempt at it when necessary (Andrew)
The SQL standard suggests that xpath should work on data that is a
document fragment, but libxml doesn't support that, and indeed it's
not clear that this is sensible according to the XPath standard.
xpath attempted to work around this mismatch by modifying both the
data and the path expression, but the modification was buggy and
could cause valid searches to fail. Now, xpath checks whether the
data is in fact a well-formed document, and if so invokes libxml
with no change to the data or path expression. Otherwise, a
different modification method that is somewhat less likely to fail
is used.

Note: The new modification method is still not 100% satisfactory,
and it seems likely that no real solution is possible. This patch
should therefore be viewed as a band-aid to keep from breaking
existing applications unnecessarily. It is likely that PostgreSQL
8.4 will simply reject use of xpath on data that is not a
well-formed document.
* Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument (Tom)
* Fix possible failure in text search when C locale is used with a
multi-byte encoding (Teodor)
Crashes were possible on platforms where wchar_t is narrower than
int; Windows in particular.
* Fix extreme inefficiency in text search parser's handling of an
email-like string containing multiple @ characters (Heikki)
* Fix planner problem with sub-"SELECT" in the output list of a
larger subquery (Tom)
The known symptom of this bug is a "failed to locate grouping
columns" error that is dependent on the datatype involved; but
there could be other issues as well.
* Fix decompilation of CASE WHEN with an implicit coercion (Tom)
This mistake could lead to Assert failures in an Assert-enabled
build, or an "unexpected CASE WHEN clause" error message in other
cases, when trying to examine or dump a view.
* Fix possible misassignment of the owner of a TOAST table's rowtype
(Tom)
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
* Change "UNLISTEN" to exit quickly if the current session has never
executed any "LISTEN" command (Tom)
Most of the time this is not a particularly useful optimization,
but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
caused a substantial performance problem for applications that made
heavy use of "DISCARD ALL".
* Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
clause anywhere in the string, not only at the start; in
particular, don't fail for "INSERT INTO" within "CREATE RULE" (Tom)
* Clean up PL/pgSQL error status variables fully at block exit
(Ashesh Vashi and Dave Page)
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
* Retry failed calls to CallNamedPipe() on Windows (Steve Marshall,
Magnus)
It appears that this function can sometimes fail transiently; we
previously treated any failure as a hard error, which could confuse
"LISTEN"/"NOTIFY" as well as other operations.
* Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)


☆ postgresql-8.2.13
http://www.postgresql.org/
ftp://ftp.postgresql.org/pub/source/v8.2.13/postgresql-8.2.13.tar.gz

Release 8.2.13

Release date: 2009-03-16

This release contains a variety of fixes from 8.2.12. For information
about new features in the 8.2 major release, see the Section called
Release 8.2.
__________________________________________________________________

Migration to Version 8.2.13

A dump/restore is not required for those running 8.2.X. However, if you
are upgrading from a version earlier than 8.2.11, see the release notes
for 8.2.11.
__________________________________________________________________

Changes

* Prevent error recursion crashes when encoding conversion fails
(Tom)
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
* Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion
failure. The previous change is a backstop to guard against other
kinds of failures in the same area.
* Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument (Tom)
* Fix possible failure in "contrib/tsearch2" when C locale is used
with a multi-byte encoding (Teodor)
Crashes were possible on platforms where wchar_t is narrower than
int; Windows in particular.
* Fix extreme inefficiency in "contrib/tsearch2" parser's handling of
an email-like string containing multiple @ characters (Heikki)
* Fix decompilation of CASE WHEN with an implicit coercion (Tom)
This mistake could lead to Assert failures in an Assert-enabled
build, or an "unexpected CASE WHEN clause" error message in other
cases, when trying to examine or dump a view.
* Fix possible misassignment of the owner of a TOAST table's rowtype
(Tom)
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
* Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
clause anywhere in the string, not only at the start; in
particular, don't fail for "INSERT INTO" within "CREATE RULE" (Tom)
* Clean up PL/pgSQL error status variables fully at block exit
(Ashesh Vashi and Dave Page)
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
* Retry failed calls to CallNamedPipe() on Windows (Steve Marshall,
Magnus)
It appears that this function can sometimes fail transiently; we
previously treated any failure as a hard error, which could confuse
"LISTEN"/"NOTIFY" as well as other operations.
* Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)


☆ postgresql-8.1.17
http://www.postgresql.org/
ftp://ftp.postgresql.org/pub/source/v8.1.17/postgresql-8.1.17.tar.gz

Release 8.1.17

Release date: 2009-03-16

This release contains a variety of fixes from 8.1.16. For information
about new features in the 8.1 major release, see the Section called
Release 8.1.
__________________________________________________________________

Migration to Version 8.1.17

A dump/restore is not required for those running 8.1.X. However, if you
are upgrading from a version earlier than 8.1.15, see the release notes
for 8.1.15.
__________________________________________________________________

Changes

* Prevent error recursion crashes when encoding conversion fails
(Tom)
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
* Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion
failure. The previous change is a backstop to guard against other
kinds of failures in the same area.
* Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument (Tom)
* Fix decompilation of CASE WHEN with an implicit coercion (Tom)
This mistake could lead to Assert failures in an Assert-enabled
build, or an "unexpected CASE WHEN clause" error message in other
cases, when trying to examine or dump a view.
* Fix possible misassignment of the owner of a TOAST table's rowtype
(Tom)
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
* Clean up PL/pgSQL error status variables fully at block exit
(Ashesh Vashi and Dave Page)
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
* Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)


☆ postgresql-8.0.21
http://www.postgresql.org/
ftp://ftp.postgresql.org/pub/source/v8.0.21/postgresql-8.0.21.tar.gz

Release 8.0.21

Release date: 2009-03-16

This release contains a variety of fixes from 8.0.20. For information
about new features in the 8.0 major release, see the Section called
Release 8.0.
__________________________________________________________________

Migration to Version 8.0.21

A dump/restore is not required for those running 8.0.X. However, if you
are upgrading from a version earlier than 8.0.6, see the release notes
for 8.0.6.
__________________________________________________________________

Changes

* Prevent error recursion crashes when encoding conversion fails
(Tom)
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
* Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion
failure. The previous change is a backstop to guard against other
kinds of failures in the same area.
* Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument (Tom)
* Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)


☆ postgresql-7.4.25
http://www.postgresql.org/
ftp://ftp.postgresql.org/pub/source/v7.4.25/postgresql-7.4.25.tar.gz

Release 7.4.25

Release date: 2009-03-16

This release contains a variety of fixes from 7.4.24. For information
about new features in the 7.4 major release, see the Section called
Release 7.4.
__________________________________________________________________

Migration to Version 7.4.25

A dump/restore is not required for those running 7.4.X. However, if you
are upgrading from a version earlier than 7.4.11, see the release notes
for 7.4.11.
__________________________________________________________________

Changes

* Prevent error recursion crashes when encoding conversion fails
(Tom)
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
* Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion
failure. The previous change is a backstop to guard against other
kinds of failures in the same area.
* Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument (Tom)
* Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)

----
こがよういちろう


投稿者 xml-rpc : 2009年3月18日 12:27
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/83374
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。