#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.7.
+# Generated by GNU Autoconf 2.53 for PostgreSQL 7.4.8.
#
# Report bugs to <pgsql-bugs@postgresql.org>.
#
# Identity of this package.
PACKAGE_NAME='PostgreSQL'
PACKAGE_TARNAME='postgresql'
-PACKAGE_VERSION='7.4.7'
-PACKAGE_STRING='PostgreSQL 7.4.7'
+PACKAGE_VERSION='7.4.8'
+PACKAGE_STRING='PostgreSQL 7.4.8'
PACKAGE_BUGREPORT='pgsql-bugs@postgresql.org'
ac_unique_file="src/backend/access/common/heaptuple.c"
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures PostgreSQL 7.4.7 to adapt to many kinds of systems.
+\`configure' configures PostgreSQL 7.4.8 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of PostgreSQL 7.4.7:";;
+ short | recursive ) echo "Configuration of PostgreSQL 7.4.8:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
-PostgreSQL configure 7.4.7
+PostgreSQL configure 7.4.8
generated by GNU Autoconf 2.53
Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by PostgreSQL $as_me 7.4.7, which was
+It was created by PostgreSQL $as_me 7.4.8, which was
generated by GNU Autoconf 2.53. Invocation command line was
$ $0 $@
} >&5
cat >&5 <<_CSEOF
-This file was extended by PostgreSQL $as_me 7.4.7, which was
+This file was extended by PostgreSQL $as_me 7.4.8, which was
generated by GNU Autoconf 2.53. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-PostgreSQL config.status 7.4.7
+PostgreSQL config.status 7.4.8
configured by $0, generated by GNU Autoconf 2.53,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.29 2005/01/30 19:32:21 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.30 2005/05/05 20:08:34 tgl Exp $
-->
<appendix id="release">
<title>Release Notes</title>
+ <sect1 id="release-7-4-8">
+ <title>Release 7.4.8</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2005-05-05</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.4.7, including several
+ security-related issues.
+ </para>
+
+ <sect2>
+ <title>Migration to version 7.4.8</title>
+
+ <para>
+ A dump/restore is not required for those running 7.4.X. However,
+ it is one possible way of handling two significant security problems
+ that have been found in the initial contents of 7.4.X system
+ catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will
+ automatically correct these problems.
+ </para>
+
+ <para>
+ The larger security problem is that the built-in character set encoding
+ conversion functions can be invoked from SQL commands by unprivileged
+ users, but the functions were not designed for such use and are not
+ secure against malicious choices of arguments. The fix involves changing
+ the declared parameter list of these functions so that they can no longer
+ be invoked from SQL commands. (This does not affect their normal use
+ by the encoding conversion machinery.)
+ </para>
+
+ <para>
+ The lesser problem is that the <filename>contrib/tsearch2</> module
+ creates several functions that are misdeclared to return
+ <type>internal</> when they do not accept <type>internal</> arguments.
+ This breaks type safety for all functions using <type>internal</>
+ arguments.
+ </para>
+
+ <para>
+ It is strongly recommended that all installations repair these errors,
+ either by initdb or by following the manual repair procedures given
+ below. The errors at least allow unprivileged database users to crash
+ their server process, and may allow unprivileged users to gain the
+ privileges of a database superuser.
+ </para>
+
+ <para>
+ If you wish not to do an initdb, perform the following procedures instead.
+ As the database superuser, do:
+
+<programlisting>
+BEGIN;
+UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype
+WHERE pronamespace = 11 AND pronargs = 5
+ AND proargtypes[2] = 'cstring'::regtype;
+-- The command should report having updated 90 rows;
+-- if not, rollback and investigate instead of committing!
+COMMIT;
+</programlisting>
+
+ Next, if you have installed <filename>contrib/tsearch2</>, do
+
+<programlisting>
+BEGIN;
+UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype
+WHERE oid IN (
+ 'dex_init(text)'::regprocedure,
+ 'snb_en_init(text)'::regprocedure,
+ 'snb_ru_init(text)'::regprocedure,
+ 'spell_init(text)'::regprocedure,
+ 'syn_init(text)'::regprocedure
+);
+-- The command should report having updated 5 rows;
+-- if not, rollback and investigate instead of committing!
+COMMIT;
+</programlisting>
+
+ If this command fails with a message like <quote>function
+ "dex_init(text)" does not exist</>, then either <filename>tsearch2</>
+ is not installed in this database, or you already did the update.
+ </para>
+
+ <para>
+ The above procedures must be carried out in <emphasis>each</> database
+ of an installation, including <literal>template1</>, and ideally
+ including <literal>template0</> as well. If you do not fix the
+ template databases then any subsequently created databases will contain
+ the same errors. <literal>template1</> can be fixed in the same way
+ as any other database, but fixing <literal>template0</> requires
+ additional steps. First, from any database issue
+<programlisting>
+UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
+</programlisting>
+ Next connect to <literal>template0</> and perform the above repair
+ procedures. Finally, do
+<programlisting>
+-- re-freeze template0:
+VACUUM FREEZE;
+-- and protect it against future alterations:
+UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
+</programlisting>
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+<itemizedlist>
+<listitem><para>Change encoding function signature to prevent
+misuse</para></listitem>
+<listitem><para>Change <filename>contrib/tsearch2</> to avoid unsafe use of
+<type>INTERNAL</> function results</para></listitem>
+<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para>
+<para>
+The comparison code was wrong in the case where the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column,
+it will need to be <command>REINDEX</>ed after installing this update, because
+the fix corrects the sort order of column values.
+</para></listitem>
+<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
+<type>TIME WITH TIME ZONE</> values</para></listitem>
+<listitem><para>Fix mis-display of negative fractional seconds in
+<type>INTERVAL</> values</para>
+<para>
+This error only occurred when the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+</para></listitem>
+<listitem><para>Ensure operations done during backend shutdown are counted by
+statistics collector</para>
+<para>
+ This is expected to resolve reports of <application>pg_autovacuum</>
+ not vacuuming the system catalogs often enough — it was not being
+ told about catalog deletions caused by temporary table removal during
+ backend exit.
+</para></listitem>
+<listitem><para>Additional buffer overrun checks in plpgsql
+(Neil)</para></listitem>
+<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</>
+correctly (Neil)</para></listitem>
+<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
+(Marko Kreen)</para></listitem>
+<listitem><para>Still more 64-bit fixes for
+<filename>contrib/intagg</></para></listitem>
+<listitem><para>Prevent incorrect optimization of functions returning
+<type>RECORD</></para></listitem>
+<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
+month-related formats</para></listitem>
+<listitem><para>Prevent crash on <literal>COALESCE(NULL,NULL)</></para></listitem>
+<listitem><para>Fix <function>array_map</> to call PL functions correctly</para></listitem>
+<listitem><para>Fix permission checking in <command>ALTER DATABASE RENAME</></para></listitem>
+<listitem><para>Fix <command>ALTER LANGUAGE RENAME</></para></listitem>
+<listitem><para>Make <function>RemoveFromWaitQueue</> clean up after itself</para>
+<para>
+This fixes a lock management error that would only be visible if a transaction
+was kicked out of a wait for a lock (typically by query cancel) and then the
+holder of the lock released it within a very narrow window.
+</para></listitem>
+<listitem><para>Fix problem with untyped parameter appearing in
+<command>INSERT ... SELECT</></para></listitem>
+<listitem><para>Fix <command>CLUSTER</> failure after
+<command>ALTER TABLE SET WITHOUT OIDS</></para></listitem>
+</itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-4-7">
<title>Release 7.4.7</title>
</sect2>
</sect1>
+ <sect1 id="release-7-3-10">
+ <title>Release 7.3.10</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2005-05-05</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.3.9, including several
+ security-related issues.
+ </para>
+
+ <sect2>
+ <title>Migration to version 7.3.10</title>
+
+ <para>
+ A dump/restore is not required for those running 7.3.X. However,
+ it is one possible way of handling a significant security problem
+ that has been found in the initial contents of 7.3.X system
+ catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will
+ automatically correct this problem.
+ </para>
+
+ <para>
+ The security problem is that the built-in character set encoding
+ conversion functions can be invoked from SQL commands by unprivileged
+ users, but the functions were not designed for such use and are not
+ secure against malicious choices of arguments. The fix involves changing
+ the declared parameter list of these functions so that they can no longer
+ be invoked from SQL commands. (This does not affect their normal use
+ by the encoding conversion machinery.)
+ It is strongly recommended that all installations repair this error,
+ either by initdb or by following the manual repair procedure given
+ below. The error at least allows unprivileged database users to crash
+ their server process, and may allow unprivileged users to gain the
+ privileges of a database superuser.
+ </para>
+
+ <para>
+ If you wish not to do an initdb, perform the following procedure instead.
+ As the database superuser, do:
+
+<programlisting>
+BEGIN;
+UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype
+WHERE pronamespace = 11 AND pronargs = 5
+ AND proargtypes[2] = 'cstring'::regtype;
+-- The command should report having updated 90 rows;
+-- if not, rollback and investigate instead of committing!
+COMMIT;
+</programlisting>
+ </para>
+
+ <para>
+ The above procedure must be carried out in <emphasis>each</> database
+ of an installation, including <literal>template1</>, and ideally
+ including <literal>template0</> as well. If you do not fix the
+ template databases then any subsequently created databases will contain
+ the same error. <literal>template1</> can be fixed in the same way
+ as any other database, but fixing <literal>template0</> requires
+ additional steps. First, from any database issue
+<programlisting>
+UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
+</programlisting>
+ Next connect to <literal>template0</> and perform the above repair
+ procedure. Finally, do
+<programlisting>
+-- re-freeze template0:
+VACUUM FREEZE;
+-- and protect it against future alterations:
+UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
+</programlisting>
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+<itemizedlist>
+<listitem><para>Change encoding function signature to prevent
+misuse</para></listitem>
+<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para>
+<para>
+The comparison code was wrong in the case where the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column,
+it will need to be <command>REINDEX</>ed after installing this update, because
+the fix corrects the sort order of column values.
+</para></listitem>
+<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
+<type>TIME WITH TIME ZONE</> values</para></listitem>
+<listitem><para>Fix mis-display of negative fractional seconds in
+<type>INTERVAL</> values</para>
+<para>
+This error only occurred when the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+</para></listitem>
+<listitem><para>Additional buffer overrun checks in plpgsql
+(Neil)</para></listitem>
+<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</>
+correctly (Neil)</para></listitem>
+<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
+month-related formats</para></listitem>
+<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
+(Marko Kreen)</para></listitem>
+<listitem><para>Still more 64-bit fixes for
+<filename>contrib/intagg</></para></listitem>
+<listitem><para>Prevent incorrect optimization of functions returning
+<type>RECORD</></para></listitem>
+</itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-3-9">
<title>Release 7.3.9</title>
</sect2>
</sect1>
+ <sect1 id="release-7-2-8">
+ <title>Release 7.2.8</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2005-05-05</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.2.7, including one
+ security-related issue.
+ </para>
+
+ <sect2>
+ <title>Migration to version 7.2.8</title>
+
+ <para>
+ A dump/restore is not required for those running 7.2.X.
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+<itemizedlist>
+<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
+<type>TIME WITH TIME ZONE</> values</para></listitem>
+<listitem><para>Additional buffer overrun checks in plpgsql
+(Neil)</para></listitem>
+<listitem><para>Fix pg_dump to dump index names and trigger names containing
+<literal>%</> correctly (Neil)</para></listitem>
+<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
+month-related formats</para></listitem>
+<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
+(Marko Kreen)</para></listitem>
+</itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-2-7">
<title>Release 7.2.7</title>
projects / thirdparty / postgresql.git / commitdiff
