From: Tom Lane Date: Tue, 14 Aug 2012 22:24:00 +0000 (-0400) Subject: Update release notes for 9.1.5, 9.0.9, 8.4.13, 8.3.20. X-Git-Tag: REL9_3_BETA1~1097 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e45ae401811e4fe07d2fc6ca8e44e9e38e0b3ba2;p=postgresql Update release notes for 9.1.5, 9.0.9, 8.4.13, 8.3.20. --- diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml index b28e6dfecc..dda418fa55 100644 --- a/doc/src/sgml/release-8.3.sgml +++ b/doc/src/sgml/release-8.3.sgml @@ -1,6 +1,229 @@ + + Release 8.3.20 + + + Release Date + 2012-08-17 + + + + This release contains a variety of fixes from 8.3.19. + For information about new features in the 8.3 major release, see + . + + + + The PostgreSQL community will stop releasing updates + for the 8.3.X release series in February 2013. + Users are encouraged to update to a newer release branch soon. + + + + Migration to Version 8.3.20 + + + A dump/restore is not required for those running 8.3.X. + + + + However, if you are upgrading from a version earlier than 8.3.17, + see the release notes for 8.3.17. + + + + + + Changes + + + + + + Prevent access to external files/URLs via XML entity references + (Noah Misch, Tom Lane) + + + + xml_parse() would attempt to fetch external files or + URLs as needed to resolve DTD and entity references in an XML value, + thus allowing unprivileged database users to attempt to fetch data + with the privileges of the database server. While the external data + wouldn't get returned directly to the user, portions of it could be + exposed in error messages if the data didn't parse as valid XML; and + in any case the mere ability to check existence of a file might be + useful to an attacker. (CVE-2012-3489) + + + + + + Prevent access to external files/URLs via contrib/xml2's + xslt_process() (Peter Eisentraut) + + + + libxslt offers the ability to read and write both + files and URLs through stylesheet commands, thus allowing + unprivileged database users to both read and write data with the + privileges of the database server. Disable that through proper use + of libxslt's security options. (CVE-2012-3488) + + + + Also, remove xslt_process()'s ability to fetch documents + and stylesheets from external files/URLs. While this was a + documented feature, it was long regarded as a bad idea. + The fix for CVE-2012-3489 broke that capability, and rather than + expend effort on trying to fix it, we're just going to summarily + remove it. + + + + + + Prevent too-early recycling of btree index pages (Noah Misch) + + + + When we allowed read-only transactions to skip assigning XIDs, we + introduced the possibility that a deleted btree page could be + recycled while a read-only transaction was still in flight to it. + This would result in incorrect index search results. The probability + of such an error occurring in the field seems very low because of the + timing requirements, but nonetheless it should be fixed. + + + + + + Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) + + + + If ALTER SEQUENCE was executed on a freshly created or + reset sequence, and then precisely one nextval() call + was made on it, and then the server crashed, WAL replay would restore + the sequence to a state in which it appeared that no + nextval() had been done, thus allowing the first + sequence value to be returned again by the next + nextval() call. In particular this could manifest for + serial columns, since creation of a serial column's sequence + includes an ALTER SEQUENCE OWNED BY step. + + + + + + Ensure the backup_label file is fsync'd after + pg_start_backup() (Dave Kerr) + + + + + + Back-patch 9.1 improvement to compress the fsync request queue + (Robert Haas) + + + + This improves performance during checkpoints. The 9.1 change + has now seen enough field testing to seem safe to back-patch. + + + + + + Only allow autovacuum to be auto-canceled by a directly blocked + process (Tom Lane) + + + + The original coding could allow inconsistent behavior in some cases; + in particular, an autovacuum could get canceled after less than + deadlock_timeout grace period. + + + + + + Improve logging of autovacuum cancels (Robert Haas) + + + + + + Fix log collector so that log_truncate_on_rotation works + during the very first log rotation after server start (Tom Lane) + + + + + + Ensure that a whole-row reference to a subquery doesn't include any + extra GROUP BY or ORDER BY columns (Tom Lane) + + + + + + Disallow copying whole-row references in CHECK + constraints and index definitions during CREATE TABLE + (Tom Lane) + + + + This situation can arise in CREATE TABLE with + LIKE or INHERITS. The copied whole-row + variable was incorrectly labeled with the row type of the original + table not the new one. Rejecting the case seems reasonable for + LIKE, since the row types might well diverge later. For + INHERITS we should ideally allow it, with an implicit + coercion to the parent table's row type; but that will require more + work than seems safe to back-patch. + + + + + + Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki + Linnakangas, Tom Lane) + + + + + + Fix extraction of common prefixes from regular expressions (Tom Lane) + + + + The code could get confused by quantified parenthesized + subexpressions, such as ^(foo)?bar. This would lead to + incorrect index optimization of searches for such patterns. + + + + + + Report errors properly in contrib/xml2's + xslt_process() (Tom Lane) + + + + + + Update time zone data files to tzdata release 2012e + for DST law changes in Morocco and Tokelau + + + + + + + + Release 8.3.19 diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index 213c52e61c..5c89fb699a 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,6 +1,240 @@ + + Release 8.4.13 + + + Release Date + 2012-08-17 + + + + This release contains a variety of fixes from 8.4.12. + For information about new features in the 8.4 major release, see + . + + + + Migration to Version 8.4.13 + + + A dump/restore is not required for those running 8.4.X. + + + + However, if you are upgrading from a version earlier than 8.4.10, + see the release notes for 8.4.10. + + + + + + Changes + + + + + + Prevent access to external files/URLs via XML entity references + (Noah Misch, Tom Lane) + + + + xml_parse() would attempt to fetch external files or + URLs as needed to resolve DTD and entity references in an XML value, + thus allowing unprivileged database users to attempt to fetch data + with the privileges of the database server. While the external data + wouldn't get returned directly to the user, portions of it could be + exposed in error messages if the data didn't parse as valid XML; and + in any case the mere ability to check existence of a file might be + useful to an attacker. (CVE-2012-3489) + + + + + + Prevent access to external files/URLs via contrib/xml2's + xslt_process() (Peter Eisentraut) + + + + libxslt offers the ability to read and write both + files and URLs through stylesheet commands, thus allowing + unprivileged database users to both read and write data with the + privileges of the database server. Disable that through proper use + of libxslt's security options. (CVE-2012-3488) + + + + Also, remove xslt_process()'s ability to fetch documents + and stylesheets from external files/URLs. While this was a + documented feature, it was long regarded as a bad idea. + The fix for CVE-2012-3489 broke that capability, and rather than + expend effort on trying to fix it, we're just going to summarily + remove it. + + + + + + Prevent too-early recycling of btree index pages (Noah Misch) + + + + When we allowed read-only transactions to skip assigning XIDs, we + introduced the possibility that a deleted btree page could be + recycled while a read-only transaction was still in flight to it. + This would result in incorrect index search results. The probability + of such an error occurring in the field seems very low because of the + timing requirements, but nonetheless it should be fixed. + + + + + + Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) + + + + If ALTER SEQUENCE was executed on a freshly created or + reset sequence, and then precisely one nextval() call + was made on it, and then the server crashed, WAL replay would restore + the sequence to a state in which it appeared that no + nextval() had been done, thus allowing the first + sequence value to be returned again by the next + nextval() call. In particular this could manifest for + serial columns, since creation of a serial column's sequence + includes an ALTER SEQUENCE OWNED BY step. + + + + + + Ensure the backup_label file is fsync'd after + pg_start_backup() (Dave Kerr) + + + + + + Back-patch 9.1 improvement to compress the fsync request queue + (Robert Haas) + + + + This improves performance during checkpoints. The 9.1 change + has now seen enough field testing to seem safe to back-patch. + + + + + + Only allow autovacuum to be auto-canceled by a directly blocked + process (Tom Lane) + + + + The original coding could allow inconsistent behavior in some cases; + in particular, an autovacuum could get canceled after less than + deadlock_timeout grace period. + + + + + + Improve logging of autovacuum cancels (Robert Haas) + + + + + + Fix log collector so that log_truncate_on_rotation works + during the very first log rotation after server start (Tom Lane) + + + + + + Fix WITH attached to a nested set operation + (UNION/INTERSECT/EXCEPT) + (Tom Lane) + + + + + + Ensure that a whole-row reference to a subquery doesn't include any + extra GROUP BY or ORDER BY columns (Tom Lane) + + + + + + Disallow copying whole-row references in CHECK + constraints and index definitions during CREATE TABLE + (Tom Lane) + + + + This situation can arise in CREATE TABLE with + LIKE or INHERITS. The copied whole-row + variable was incorrectly labeled with the row type of the original + table not the new one. Rejecting the case seems reasonable for + LIKE, since the row types might well diverge later. For + INHERITS we should ideally allow it, with an implicit + coercion to the parent table's row type; but that will require more + work than seems safe to back-patch. + + + + + + Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki + Linnakangas, Tom Lane) + + + + + + Fix extraction of common prefixes from regular expressions (Tom Lane) + + + + The code could get confused by quantified parenthesized + subexpressions, such as ^(foo)?bar. This would lead to + incorrect index optimization of searches for such patterns. + + + + + + Fix bugs with parsing signed + hh:mm and + hh:mm:ss + fields in interval constants (Amit Kapila, Tom Lane) + + + + + + Report errors properly in contrib/xml2's + xslt_process() (Tom Lane) + + + + + + Update time zone data files to tzdata release 2012e + for DST law changes in Morocco and Tokelau + + + + + + + + Release 8.4.12 diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index c5f7d81909..398a365919 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -1,6 +1,312 @@ + + Release 9.0.9 + + + Release Date + 2012-08-17 + + + + This release contains a variety of fixes from 9.0.8. + For information about new features in the 9.0 major release, see + . + + + + Migration to Version 9.0.9 + + + A dump/restore is not required for those running 9.0.X. + + + + However, if you are upgrading from a version earlier than 9.0.6, + see the release notes for 9.0.6. + + + + + + Changes + + + + + + Prevent access to external files/URLs via XML entity references + (Noah Misch, Tom Lane) + + + + xml_parse() would attempt to fetch external files or + URLs as needed to resolve DTD and entity references in an XML value, + thus allowing unprivileged database users to attempt to fetch data + with the privileges of the database server. While the external data + wouldn't get returned directly to the user, portions of it could be + exposed in error messages if the data didn't parse as valid XML; and + in any case the mere ability to check existence of a file might be + useful to an attacker. (CVE-2012-3489) + + + + + + Prevent access to external files/URLs via contrib/xml2's + xslt_process() (Peter Eisentraut) + + + + libxslt offers the ability to read and write both + files and URLs through stylesheet commands, thus allowing + unprivileged database users to both read and write data with the + privileges of the database server. Disable that through proper use + of libxslt's security options. (CVE-2012-3488) + + + + Also, remove xslt_process()'s ability to fetch documents + and stylesheets from external files/URLs. While this was a + documented feature, it was long regarded as a bad idea. + The fix for CVE-2012-3489 broke that capability, and rather than + expend effort on trying to fix it, we're just going to summarily + remove it. + + + + + + Prevent too-early recycling of btree index pages (Noah Misch) + + + + When we allowed read-only transactions to skip assigning XIDs, we + introduced the possibility that a deleted btree page could be + recycled while a read-only transaction was still in flight to it. + This would result in incorrect index search results. The probability + of such an error occurring in the field seems very low because of the + timing requirements, but nonetheless it should be fixed. + + + + + + Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) + + + + If ALTER SEQUENCE was executed on a freshly created or + reset sequence, and then precisely one nextval() call + was made on it, and then the server crashed, WAL replay would restore + the sequence to a state in which it appeared that no + nextval() had been done, thus allowing the first + sequence value to be returned again by the next + nextval() call. In particular this could manifest for + serial columns, since creation of a serial column's sequence + includes an ALTER SEQUENCE OWNED BY step. + + + + + + Fix txid_current() to report the correct epoch when not + in hot standby (Heikki Linnakangas) + + + + This fixes a regression introduced in the previous minor release. + + + + + + Fix bug in startup of Hot Standby when a master transaction has many + subtransactions (Andres Freund) + + + + This mistake led to failures reported as out-of-order XID + insertion in KnownAssignedXids. + + + + + + Ensure the backup_label file is fsync'd after + pg_start_backup() (Dave Kerr) + + + + + + Fix timeout handling in walsender processes (Tom Lane) + + + + WAL sender background processes neglected to establish a + SIGALRM handler, meaning they would wait forever in + some corner cases where a timeout ought to happen. + + + + + + Back-patch 9.1 improvement to compress the fsync request queue + (Robert Haas) + + + + This improves performance during checkpoints. The 9.1 change + has now seen enough field testing to seem safe to back-patch. + + + + + + Fix LISTEN/NOTIFY to cope better with I/O + problems, such as out of disk space (Tom Lane) + + + + After a write failure, all subsequent attempts to send more + NOTIFY messages would fail with messages like + Could not read from file "pg_notify/nnnn" at + offset nnnnn: Success. + + + + + + Only allow autovacuum to be auto-canceled by a directly blocked + process (Tom Lane) + + + + The original coding could allow inconsistent behavior in some cases; + in particular, an autovacuum could get canceled after less than + deadlock_timeout grace period. + + + + + + Improve logging of autovacuum cancels (Robert Haas) + + + + + + Fix log collector so that log_truncate_on_rotation works + during the very first log rotation after server start (Tom Lane) + + + + + + Fix WITH attached to a nested set operation + (UNION/INTERSECT/EXCEPT) + (Tom Lane) + + + + + + Ensure that a whole-row reference to a subquery doesn't include any + extra GROUP BY or ORDER BY columns (Tom Lane) + + + + + + Disallow copying whole-row references in CHECK + constraints and index definitions during CREATE TABLE + (Tom Lane) + + + + This situation can arise in CREATE TABLE with + LIKE or INHERITS. The copied whole-row + variable was incorrectly labeled with the row type of the original + table not the new one. Rejecting the case seems reasonable for + LIKE, since the row types might well diverge later. For + INHERITS we should ideally allow it, with an implicit + coercion to the parent table's row type; but that will require more + work than seems safe to back-patch. + + + + + + Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki + Linnakangas, Tom Lane) + + + + + + Fix extraction of common prefixes from regular expressions (Tom Lane) + + + + The code could get confused by quantified parenthesized + subexpressions, such as ^(foo)?bar. This would lead to + incorrect index optimization of searches for such patterns. + + + + + + Fix bugs with parsing signed + hh:mm and + hh:mm:ss + fields in interval constants (Amit Kapila, Tom Lane) + + + + + + Use Postgres' encoding conversion functions, not Python's, when + converting a Python Unicode string to the server encoding in + PL/Python (Jan Urbanski) + + + + This avoids some corner-case problems, notably that Python doesn't + support all the encodings Postgres does. A notable functional change + is that if the server encoding is SQL_ASCII, you will get the UTF-8 + representation of the string; formerly, any non-ASCII characters in + the string would result in an error. + + + + + + Fix mapping of PostgreSQL encodings to Python encodings in PL/Python + (Jan Urbanski) + + + + + + Report errors properly in contrib/xml2's + xslt_process() (Tom Lane) + + + + + + Update time zone data files to tzdata release 2012e + for DST law changes in Morocco and Tokelau + + + + + + + + Release 9.0.8 diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index b65e8daa13..a65d7fb635 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -1,6 +1,393 @@ + + Release 9.1.5 + + + Release Date + 2012-08-17 + + + + This release contains a variety of fixes from 9.1.4. + For information about new features in the 9.1 major release, see + . + + + + Migration to Version 9.1.5 + + + A dump/restore is not required for those running 9.1.X. + + + + However, if you are upgrading from a version earlier than 9.1.4, + see the release notes for 9.1.4. + + + + + + Changes + + + + + + Prevent access to external files/URLs via XML entity references + (Noah Misch, Tom Lane) + + + + xml_parse() would attempt to fetch external files or + URLs as needed to resolve DTD and entity references in an XML value, + thus allowing unprivileged database users to attempt to fetch data + with the privileges of the database server. While the external data + wouldn't get returned directly to the user, portions of it could be + exposed in error messages if the data didn't parse as valid XML; and + in any case the mere ability to check existence of a file might be + useful to an attacker. (CVE-2012-3489) + + + + + + Prevent access to external files/URLs via contrib/xml2's + xslt_process() (Peter Eisentraut) + + + + libxslt offers the ability to read and write both + files and URLs through stylesheet commands, thus allowing + unprivileged database users to both read and write data with the + privileges of the database server. Disable that through proper use + of libxslt's security options. (CVE-2012-3488) + + + + Also, remove xslt_process()'s ability to fetch documents + and stylesheets from external files/URLs. While this was a + documented feature, it was long regarded as a bad idea. + The fix for CVE-2012-3489 broke that capability, and rather than + expend effort on trying to fix it, we're just going to summarily + remove it. + + + + + + Prevent too-early recycling of btree index pages (Noah Misch) + + + + When we allowed read-only transactions to skip assigning XIDs, we + introduced the possibility that a deleted btree page could be + recycled while a read-only transaction was still in flight to it. + This would result in incorrect index search results. The probability + of such an error occurring in the field seems very low because of the + timing requirements, but nonetheless it should be fixed. + + + + + + Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) + + + + If ALTER SEQUENCE was executed on a freshly created or + reset sequence, and then precisely one nextval() call + was made on it, and then the server crashed, WAL replay would restore + the sequence to a state in which it appeared that no + nextval() had been done, thus allowing the first + sequence value to be returned again by the next + nextval() call. In particular this could manifest for + serial columns, since creation of a serial column's sequence + includes an ALTER SEQUENCE OWNED BY step. + + + + + + Fix race condition in enum-type value comparisons (Robert + Haas, Tom Lane) + + + + Comparisons could fail when encountering an enum value added since + the current query started. + + + + + + Fix txid_current() to report the correct epoch when not + in hot standby (Heikki Linnakangas) + + + + This fixes a regression introduced in the previous minor release. + + + + + + Prevent selection of unsuitable replication connections as + the synchronous standby (Fujii Masao) + + + + The master might improperly choose pseudo-servers such as + pg_receivexlog or pg_basebackup + as the synchronous standby, and then wait indefinitely for them. + + + + + + Fix bug in startup of Hot Standby when a master transaction has many + subtransactions (Andres Freund) + + + + This mistake led to failures reported as out-of-order XID + insertion in KnownAssignedXids. + + + + + + Ensure the backup_label file is fsync'd after + pg_start_backup() (Dave Kerr) + + + + + + Fix timeout handling in walsender processes (Tom Lane) + + + + WAL sender background processes neglected to establish a + SIGALRM handler, meaning they would wait forever in + some corner cases where a timeout ought to happen. + + + + + + Wake walsenders after each background flush by walwriter (Andres + Freund, Simon Riggs) + + + + This greatly reduces replication delay when the workload contains + only asynchronously-committed transactions. + + + + + + Fix LISTEN/NOTIFY to cope better with I/O + problems, such as out of disk space (Tom Lane) + + + + After a write failure, all subsequent attempts to send more + NOTIFY messages would fail with messages like + Could not read from file "pg_notify/nnnn" at + offset nnnnn: Success. + + + + + + Only allow autovacuum to be auto-canceled by a directly blocked + process (Tom Lane) + + + + The original coding could allow inconsistent behavior in some cases; + in particular, an autovacuum could get canceled after less than + deadlock_timeout grace period. + + + + + + Improve logging of autovacuum cancels (Robert Haas) + + + + + + Fix log collector so that log_truncate_on_rotation works + during the very first log rotation after server start (Tom Lane) + + + + + + Fix WITH attached to a nested set operation + (UNION/INTERSECT/EXCEPT) + (Tom Lane) + + + + + + Ensure that a whole-row reference to a subquery doesn't include any + extra GROUP BY or ORDER BY columns (Tom Lane) + + + + + + Fix dependencies generated during ALTER TABLE ... ADD + CONSTRAINT USING INDEX (Tom Lane) + + + + This command left behind a redundant pg_depend entry + for the index, which could confuse later operations, notably + ALTER TABLE ... ALTER COLUMN TYPE on one of the indexed + columns. + + + + + + Fix REASSIGN OWNED to work on extensions (Alvaro Herrera) + + + + + + Disallow copying whole-row references in CHECK + constraints and index definitions during CREATE TABLE + (Tom Lane) + + + + This situation can arise in CREATE TABLE with + LIKE or INHERITS. The copied whole-row + variable was incorrectly labeled with the row type of the original + table not the new one. Rejecting the case seems reasonable for + LIKE, since the row types might well diverge later. For + INHERITS we should ideally allow it, with an implicit + coercion to the parent table's row type; but that will require more + work than seems safe to back-patch. + + + + + + Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki + Linnakangas, Tom Lane) + + + + + + Fix planner to pass correct collation to operator selectivity + estimators (Tom Lane) + + + + This was not previously required by any core selectivity estimation + function, but third-party code might need it. + + + + + + Fix extraction of common prefixes from regular expressions (Tom Lane) + + + + The code could get confused by quantified parenthesized + subexpressions, such as ^(foo)?bar. This would lead to + incorrect index optimization of searches for such patterns. + + + + + + Fix bugs with parsing signed + hh:mm and + hh:mm:ss + fields in interval constants (Amit Kapila, Tom Lane) + + + + + + Fix pg_dump to better handle views containing partial + GROUP BY lists (Tom Lane) + + + + A view that lists only a primary key column in GROUP BY, + but uses other table columns as if they were grouped, gets marked as + depending on the primary key. Improper handling of such primary key + dependencies in pg_dump resulted in poorly-ordered + dumps, which at best would be inefficient to restore and at worst + could result in outright failure of a parallel + pg_restore run. + + + + + + In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding + (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera) + + + + + + Use Postgres' encoding conversion functions, not Python's, when + converting a Python Unicode string to the server encoding in + PL/Python (Jan Urbanski) + + + + This avoids some corner-case problems, notably that Python doesn't + support all the encodings Postgres does. A notable functional change + is that if the server encoding is SQL_ASCII, you will get the UTF-8 + representation of the string; formerly, any non-ASCII characters in + the string would result in an error. + + + + + + Fix mapping of PostgreSQL encodings to Python encodings in PL/Python + (Jan Urbanski) + + + + + + Report errors properly in contrib/xml2's + xslt_process() (Tom Lane) + + + + + + Update time zone data files to tzdata release 2012e + for DST law changes in Morocco and Tokelau + + + + + + + + Release 9.1.4