- 14 5月, 2010 5 次提交
-
-
由 Andrew Dunstan 提交于
where we started supporting MSVC builds. Security: CVE-2010-1169
-
由 Tom Lane 提交于
Security: CVE-2010-1169, CVE-2010-1170
-
由 Tom Lane 提交于
-
由 Tom Lane 提交于
that is a regular table or view owned by a superuser. This prevents a trojan horse attack whereby any unprivileged SQL user could create such a table and insert code into it that would then get executed in other users' sessions whenever they call pltcl functions. Worse yet, because the code was automatically loaded into both the "normal" and "safe" interpreters at first use, the attacker could execute unrestricted Tcl code in the "normal" interpreter without there being any pltclu functions anywhere, or indeed anyone else using pltcl at all: installing pltcl is sufficient to open the hole. Change the initialization logic so that the "unknown" code is only loaded into an interpreter when the interpreter is first really used. (That doesn't add any additional security in this particular context, but it seems a prudent change, and anyway the former behavior violated the principle of least astonishment.) Security: CVE-2010-1170
-
由 Andrew Dunstan 提交于
fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169
-
- 13 5月, 2010 3 次提交
-
-
由 Magnus Hagander 提交于
Thom Brown
-
由 Peter Eisentraut 提交于
-
由 Tom Lane 提交于
7.4.29.
-
- 12 5月, 2010 3 次提交
-
-
由 Tom Lane 提交于
Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan.
-
由 Tom Lane 提交于
Per discussion, if we have PKT in there then PKST should be too. Also, fix mistaken claim that these abbrevs are not known to zic.
-
由 Tom Lane 提交于
archive_command) as soon as possible, namely just before issuing a new call of archive_command, even when there is a backlog of files to be archived. The original coding would only absorb new settings after clearing the backlog and returning to the outer loop. Per discussion. Back-patch to 8.3. The logic in prior versions is a bit different and it doesn't seem worth taking any risks of breaking it.
-
- 11 5月, 2010 1 次提交
-
-
由 Itagaki Takahiro 提交于
Now validators work properly even when the settings contain parameters that affect behavior of the function, like search_path. Reported by Erwin Brandstetter.
-
- 09 5月, 2010 1 次提交
-
-
由 Tom Lane 提交于
Depending on which spec you read, field widths and precisions in %s may be counted either in bytes or characters. Our code was assuming bytes, which is wrong at least for glibc's implementation, and in any case libc might have a different idea of the prevailing encoding than we do. Hence, for portable results we must avoid using anything more complex than just "%s" unless the string to be printed is known to be all-ASCII. This patch fixes the cases I could find, including the psql formatting failure reported by Hernan Gonzalez. In HEAD only, I also added comments to some places where it appears safe to continue using "%.*s".
-
- 06 5月, 2010 1 次提交
-
-
由 Tom Lane 提交于
refers to itself (directly or indirectly). Instead, print a message when recursion is detected, and don't expand the repeated reference. Per bug #5448 from Francis Markham. Back-patch to 8.0. Although the issue exists in 7.4 as well, it seems impractical to fix there because of the lack of any state stack that could be used to track active expansions.
-
- 05 5月, 2010 1 次提交
-
-
由 Heikki Linnakangas 提交于
-
- 02 5月, 2010 1 次提交
-
-
由 Tom Lane 提交于
returns EINVAL for an existing shared memory segment. Although it's not terribly sensible, that behavior does meet the POSIX spec because EINVAL is the appropriate error code when the existing segment is smaller than the requested size, and the spec explicitly disclaims any particular ordering of error checks. Moreover, it does in fact happen on OS X and probably other BSD-derived kernels. (We were able to talk NetBSD into changing their code, but purging that behavior from the wild completely seems unlikely to happen.) We need to distinguish collision with a pre-existing segment from invalid size request in order to behave sensibly, so it's worth some extra code here to get it right. Per report from Gavin Kistner and subsequent investigation. Back-patch to all supported versions, since any of them could get used with a kernel having the debatable behavior.
-
- 01 5月, 2010 1 次提交
-
-
由 Tom Lane 提交于
memory if the result had zero rows, and also if there was any sort of error while converting the result tuples into Python data. Reported and partially fixed by Andres Freund. Back-patch to all supported versions. Note: I haven't tested the 7.4 fix. 7.4's configure check for python is so obsolete it doesn't work on my current machines :-(. The logic change is pretty straightforward though.
-
- 19 4月, 2010 1 次提交
-
-
由 Robert Haas 提交于
This change was previously committed to HEAD, but the consensus seems to be in favor of back-patching it. I'm only backpatching as far as 8.3.X, however, because it's not clear to me to what degree this advice applies to older branches, and in any case our first advice to anyone attempting to tune those versions is likely to be "upgrade".
-
- 16 4月, 2010 3 次提交
-
-
由 Heikki Linnakangas 提交于
reload and rotation signals, and a helper thread reads messages from the pipe and writes them to the log file. However, server code isn't generally thread-safe, so if both try to do e.g palloc()/pfree() at the same time, bad things will happen. To fix that, use a critical section (which is like a mutex) to enforce that only one the threads are active at a time.
-
由 Tom Lane 提交于
the SELECT query in \copy (SELECT ...) commands. This is unnecessary and breaks numeric literals, as seen in bug #5411 from Vitalii Tymchyshyn. This change has already been made in passing in HEAD; backpatch to 8.2 through 8.4 (earlier releases don't have COPY (SELECT ...) at all).
-
由 Peter Eisentraut 提交于
backpatched to 8.1, where this first appeared
-
- 15 4月, 2010 1 次提交
-
-
由 Tom Lane 提交于
relcache reload works. In the patched code, a relcache entry in process of being rebuilt doesn't get unhooked from the relcache hash table; which means that if a cache flush occurs due to sinval queue overrun while we're rebuilding it, the entry could get blown away by RelationCacheInvalidate, resulting in crash or misbehavior. Fix by ensuring that an entry being rebuilt has positive refcount, so it won't be seen as a target for removal if a cache flush occurs. (This will mean that the entry gets rebuilt twice in such a scenario, but that's okay.) It appears that the problem can only arise within a transaction that has previously reassigned the relfilenode of a pre-existing table, via TRUNCATE or a similar operation. Per bug #5412 from Rusty Conover. Back-patch to 8.2, same as the patch that introduced the problem. I think that the failure can't actually occur in 8.2, since it lacks the rd_newRelfilenodeSubid optimization, but let's make it work like the later branches anyway. Patch by Heikki, slightly editorialized on by me.
-
- 09 4月, 2010 2 次提交
-
-
由 Magnus Hagander 提交于
-
由 Magnus Hagander 提交于
to one that's up to date with Windows 2003R2.
-
- 08 4月, 2010 1 次提交
-
-
由 Magnus Hagander 提交于
Windows timezone name where the information in the registry is incomplete, instead of aborting. This fixes cases when the registry information is incomplete for a timezone that is alphabetically before the one that is in use. Per report from Alexander Forschner
-
- 07 4月, 2010 1 次提交
-
-
由 Magnus Hagander 提交于
case the registry data doesn't follow the format we expect, to facilitate debugging.
-
- 04 4月, 2010 1 次提交
-
-
由 Andrew Dunstan 提交于
Sync perl's ppport.h on all branches back to 7.4 with recent update on HEAD, ensuring we can build older branches with modern Perl installations.
-
- 03 4月, 2010 1 次提交
-
-
由 Tom Lane 提交于
reasonably promptly, by adding CHECK_FOR_INTERRUPTS in the per-page loops. Tatsuhito Kasahara
-
- 02 4月, 2010 1 次提交
-
-
由 Heikki Linnakangas 提交于
Windows, thanks to a feature in CRT called Parameter Validation. Backpatch to 8.2, which is the oldest version supported on Windows. In 8.2 and 8.3 also backpatch the earlier change to use DEVNULL instead of NULL_DEV #define for a /dev/null-like device. NULL_DEV was hard-coded to "/dev/null" regardless of platform, which didn't work on Windows, while DEVNULL works on all platforms. Restarting syslogger didn't work on Windows on versions 8.3 and below because of that.
-
- 25 3月, 2010 2 次提交
-
-
由 Tom Lane 提交于
unsatisfiable query, such as indexcol && empty_array. It should return -1 to tell GIN no scan is required; but silly typo disabled the logic for that, resulting in unnecessary "GIN indexes do not support whole-index scans" error. Per bug report from Jeff Trout. Back-patch to 8.3 where the logic was introduced.
-
由 Alvaro Herrera 提交于
by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser.
-
- 20 3月, 2010 1 次提交
-
-
由 Tom Lane 提交于
so that we won't try to attach any context printouts to messages that get emitted while exiting. Per report from Dennis Koegel, the context functions won't necessarily work after we've started shutting down the backend, and it seems possible that debug_query_string could be pointing at freed storage as well. The context information doesn't seem particularly relevant to such messages anyway, so there's little lost by suppressing it. Back-patch to all supported branches. I can only demonstrate a crash with log_disconnections messages back to 8.1, but the risk seems real in 8.0 and before anyway.
-
- 18 3月, 2010 1 次提交
-
-
由 Magnus Hagander 提交于
Fujii Masao
-
- 12 3月, 2010 1 次提交
-
-
由 Marc G. Fournier 提交于
tag 8.3.10
-
- 10 3月, 2010 2 次提交
- 09 3月, 2010 2 次提交
-
-
由 Alvaro Herrera 提交于
Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh.
-
由 Bruce Momjian 提交于
--single-transaction are both used and the failure happens in commit, e.g. failed deferred trigger. Also properly free BEGIN/COMMIT result structures from --single-transaction. Per report from Dominic Bevacqua
-
- 08 3月, 2010 2 次提交
-
-
由 Michael Meskes 提交于
-
由 Magnus Hagander 提交于
Tim Landscheidt
-