From: Tom Lane Date: Sun, 12 Feb 2006 22:35:36 +0000 (+0000) Subject: Update release notes. X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=9f41b61bdb07939db16de9de6f931c73389d3a10;p=users%2Fbernd%2Fpostgres.git Update release notes. --- diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index 1bba7ab816..0eaed5784e 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -28,7 +28,8 @@ For new features, add links to the documentation sections. - This release contains a variety of fixes from 8.1.2. + This release contains a variety of fixes from 8.1.2, + including one very serious security issue. @@ -46,26 +47,47 @@ For new features, add links to the documentation sections. -Fix rare bug with row visibility logic in self-inserted -rows (Tom) +Fix bug that allowed any logged-in user to SET +ROLE to any other database user id (CVE-2006-0553) +Due to inadequate validity checking, a user could exploit the special +case that SET ROLE normally uses to restore the previous role +setting after an error. This allowed ordinary users to acquire superuser +status, for example. +The escalation-of-privilege risk exists only in 8.1.0-8.1.2. +However, in all releases back to 7.3 there is a related bug in SET +SESSION AUTHORIZATION that allows unprivileged users to crash the server, +if it has been compiled with Asserts enabled (which is not the default). +Thanks to Akio Ishida for reporting this problem. + + +Fix bug with row visibility logic in self-inserted +rows (Tom) +Under rare circumstances a row inserted by the current command +could be seen as already valid, when it should not be. Repairs bug +created in 8.0.4, 7.4.9, and 7.3.11 releases. + -Fixes for relation cache management and WAL file creation +Fix race condition that could lead to file already +exists errors during pg_clog and pg_subtrans file creation (Tom) +Fix cases that could lead to crashes if a cache-invalidation +message arrives at just the wrong time (Tom) + Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) -Change ALTER COLUMN TYPE to drop -FOREIGN KEY constraints before UNIQUE or -PRIMARY KEY constraints (Nakano Yoshihisa) +Ensure ALTER COLUMN TYPE will process +FOREIGN KEY, UNIQUE, and PRIMARY KEY +constraints in the proper order (Nakano Yoshihisa) -Fix CREATE OPERATOR dumps that have -cross-schema definitions (Tom) +Fixes to allow restoring dumps that have cross-schema +references to custom operators or operator classes (Tom) -Allow pg_restore to continue after a -COPY failure, rather than treating the remaining statements -as COPY data (Stephen Frost) +Allow pg_restore to continue properly after a +COPY failure; formerly it tried to treat the remaining +COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash when the data directory is not specified (Magnus) @@ -76,29 +98,38 @@ when the data directory is not specified (Magnus) Fix ecpg crash on AMD64 and PPC (Neil) -Fix problem with argument passing with error reporting +Allow SETOF and %TYPE to be used +together in function result type declarations + +Recover properly if error occurs during argument passing in PL/python (Neil) -Fix memory leak in PL/perl's row -returning code (Neil) +Fix memory leak in plperl_return_next +(Neil) Fix PL/perl's handling of locales on Win32 to match the backend (Andrew) -Various optimizer improvements (Tom) +Various optimizer fixes (Tom) -Fix crash when log_min_messages is set in -postgresql.conf to DEBUG5 on Win32 +Fix crash when log_min_messages is set to +DEBUG3 or above in postgresql.conf on Win32 (Bruce) Fix pgxs -L library path -specification for Win32 and Cygwin (Bruce) +specification for Win32, Cygwin, OS X, AIX (Bruce) Check that SID is enabled while checking for Win32 admin privileges (Magnus) -Portability fix for finite and -isinf (Tom) +Properly reject out-of-range date inputs (Kris +Jurka) + +Portability fix for testing presence of finite +and isinf during configure (Tom) + +Improve speed of COPY IN via libpq, by +avoiding a kernel call per data line (Alon Goldshuv) Improve speed of /contrib/tsearch2 index creation (Teodor) @@ -2437,7 +2468,9 @@ psql -t -f fixseq.sql db1 | psql -e db1 Migration to version 8.0.7 - A dump/restore is not required for those running 8.0.X. + A dump/restore is not required for those running 8.0.X. However, + if you are upgrading from a version earlier than 8.0.6, see the release + notes for 8.0.6. @@ -2446,23 +2479,42 @@ psql -t -f fixseq.sql db1 | psql -e db1 -Fixes for relation cache management and WAL file creation +Fix potential crash in SET +SESSION AUTHORIZATION (CVE-2006-0553) +An unprivileged user could crash the server process, resulting in +momentary denial of service to other users, if the server has been compiled +with Asserts enabled (which is not the default). +Thanks to Akio Ishida for reporting this problem. + + +Fix bug with row visibility logic in self-inserted +rows (Tom) +Under rare circumstances a row inserted by the current command +could be seen as already valid, when it should not be. Repairs bug +created in 8.0.4, 7.4.9, and 7.3.11 releases. + + +Fix race condition that could lead to file already +exists errors during pg_clog and pg_subtrans file creation (Tom) +Fix cases that could lead to crashes if a cache-invalidation +message arrives at just the wrong time (Tom) + Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) -Change ALTER COLUMN TYPE to drop -FOREIGN KEY constraints before UNIQUE or -PRIMARY KEY constraints (Nakano Yoshihisa) +Ensure ALTER COLUMN TYPE will process +FOREIGN KEY, UNIQUE, and PRIMARY KEY +constraints in the proper order (Nakano Yoshihisa) -Fix CREATE OPERATOR dumps that have -cross-schema definitions (Tom) +Fixes to allow restoring dumps that have cross-schema +references to custom operators or operator classes (Tom) -Allow pg_restore to continue after a -COPY failure, rather than treating the remaining statements -as COPY data (Stephen Frost) +Allow pg_restore to continue properly after a +COPY failure; formerly it tried to treat the remaining +COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash when the data directory is not specified (Magnus) @@ -2470,24 +2522,27 @@ when the data directory is not specified (Magnus) Fix ecpg crash on AMD64 and PPC (Neil) -Fix problem with argument passing with error reporting +Recover properly if error occurs during argument passing in PL/python (Neil) Fix PL/perl's handling of locales on Win32 to match the backend (Andrew) -Fix crash when log_min_messages is set in -postgresql.conf to DEBUG5 on Win32 +Fix crash when log_min_messages is set to +DEBUG3 or above in postgresql.conf on Win32 (Bruce) Fix pgxs -L library path -specification for Win32 and Cygwin (Bruce) +specification for Win32, Cygwin, OS X, AIX (Bruce) Check that SID is enabled while checking for Win32 admin privileges (Magnus) -Portability fix for finite and -isinf (Tom) +Properly reject out-of-range date inputs (Kris +Jurka) + +Portability fix for testing presence of finite +and isinf during configure (Tom) @@ -5454,7 +5509,9 @@ typedefs (Michael) Migration to version 7.4.12 - A dump/restore is not required for those running 7.4.X. + A dump/restore is not required for those running 7.4.X. However, + if you are upgrading from a version earlier than 7.4.11, see the release + notes for 7.4.11. @@ -5463,21 +5520,34 @@ typedefs (Michael) -Fixes for relation cache management and WAL file creation -(Tom) +Fix potential crash in SET +SESSION AUTHORIZATION (CVE-2006-0553) +An unprivileged user could crash the server process, resulting in +momentary denial of service to other users, if the server has been compiled +with Asserts enabled (which is not the default). +Thanks to Akio Ishida for reporting this problem. + -Fix rare bug with row visibility logic in self-inserted -rows (Tom) +Fix bug with row visibility logic in self-inserted +rows (Tom) +Under rare circumstances a row inserted by the current command +could be seen as already valid, when it should not be. Repairs bug +created in 7.4.9 and 7.3.11 releases. + + +Fix race condition that could lead to file already +exists errors during pg_clog file creation +(Tom) Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) -Fix CREATE OPERATOR dumps that have -cross-schema definitions (Tom) +Fix to allow restoring dumps that have cross-schema +references to custom operators (Tom) -Portability fix for finite and -isinf (Tom) +Portability fix for testing presence of finite +and isinf during configure (Tom) @@ -8248,7 +8318,9 @@ DROP SCHEMA information_schema CASCADE; Migration to version 7.3.14 - A dump/restore is not required for those running 7.3.X. + A dump/restore is not required for those running 7.3.X. However, + if you are upgrading from a version earlier than 7.3.13, see the release + notes for 7.3.13. @@ -8257,7 +8329,30 @@ DROP SCHEMA information_schema CASCADE; -PLACE HOLDER +Fix potential crash in SET +SESSION AUTHORIZATION (CVE-2006-0553) +An unprivileged user could crash the server process, resulting in +momentary denial of service to other users, if the server has been compiled +with Asserts enabled (which is not the default). +Thanks to Akio Ishida for reporting this problem. + + +Fix bug with row visibility logic in self-inserted +rows (Tom) +Under rare circumstances a row inserted by the current command +could be seen as already valid, when it should not be. Repairs bug +created in 7.3.11 release. + + +Fix race condition that could lead to file already +exists errors during pg_clog file creation +(Tom) + +Fix to allow restoring dumps that have cross-schema +references to custom operators (Tom) + +Portability fix for testing presence of finite +and isinf during configure (Tom)