[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PostgreSQL Security Update: 7.4.3 -> 7.4.6



A security update for the PostgreSQL-Port.
The maintainers didn't answered so I post now the Portupdate.


Changelog: 7.4.3 -> 7.4.6



Release Notes: Release 7.4.6
Release date: 2004-10-22

This release contains a variety of fixes from 7.4.5.
__________________________________________________________________
Migration to version 7.4.6
A dump/restore is not required for those running 7.4.X.
__________________________________________________________________

Changes

     * Repair possible failure to update hint bits on disk
       Under rare circumstances this oversight could lead to "could not
       access transaction status" failures, which qualifies it as a
       potential-data-loss bug.
     * Ensure that hashed outer join does not miss tuples
       Very large left joins using a hash join plan could fail to output
       unmatched left-side rows given just the right data distribution.
     * Disallow running pg_ctl as root
       This is to guard against any possible security issues.
     * Avoid using temp files in /tmp in make_oidjoins_check
       This has been reported as a security issue, though it's hardly
       worthy of concern since there is no reason for non-developers to
       use this script anyway.
     * Prevent forced backend shutdown from re-emitting prior command
       result
       In rare cases, a client might think that its last command had
       succeeded when it really had been aborted by forced database
       shutdown.
     * Repair bug in pg_stat_get_backend_idset()
       This could lead to misbehavior in some of the system-statistics
       views.
     * Fix small memory leak in postmaster
     * Fix "expected both swapped tables to have TOAST tables" bug
       This could arise in cases such as CLUSTER after ALTER TABLE DROP
       COLUMN.
     * Prevent pg_ctl restart from adding -D multiple times
     * Fix problem with NULL values in GiST indexes
     * :: is no longer interpreted as a variable in an ECPG prepare
       statement
__________________________________________________________________


Release 7.4.5

Release date: 2004-08-18

This release contains one serious bug fix over 7.4.4.
__________________________________________________________________

Migration to version 7.4.5

A dump/restore is not required for those running 7.4.X.
__________________________________________________________________

Changes

     * Repair possible crash during concurrent btree index insertions
       This patch fixes a rare case in which concurrent insertions into
a
       btree index could result in a server panic. No permanent damage
       would result, but it's still worth a re-release. The bug does not
       exist in pre-7.4 releases.
     __________________________________________________________________


Release 7.4.4

Release date: 2004-08-16

This release contains a variety of fixes from 7.4.3.
__________________________________________________________________

Migration to version 7.4.4

A dump/restore is not required for those running 7.4.X.
__________________________________________________________________

Changes

     * Prevent possible loss of committed transactions during crash
       Due to insufficient interlocking between transaction commit and
       checkpointing, it was possible for transactions committed just
       before the most recent checkpoint to be lost, in whole or in
part,
       following a database crash and restart. This is a serious bug
that
       has existed since PostgreSQL 7.1.
     * Check HAVING restriction before evaluating result list of an
       aggregate plan
     * Avoid crash when session's current userID is deleted
     * Fix hashed crosstab for zero-rows case (Joe)
     * Force cache update after renaming a column in a foreign key
     * Pretty-print UNION queries correctly
     * Make psql handle \r\n newlines properly in COPY IN
     * pg_dump handled ACLs with grant options incorrectly
     * Fix thread support for OS X and Solaris
     * Updated JDBC driver (build 215) with various fixes
     * ECPG fixes
     * Translation updates (various contributors)
 __________________________________________________________________


Please update the port for Postgre-SQL because in my oppinion is
dataloss a security risk for a databse.
The port I submitted works fine for me on x86/amd64 OpenBSD 3.6+patches.

vH

Attachment: postgresql.tar.gz
Description: Binary data

Attachment: pgposbthACFnM.pgp
Description: PGP signature