1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
8
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10
HREF="mailto:pgsql-docs@postgresql.org"><LINK
12
TITLE="PostgreSQL 9.1beta1 Documentation"
13
HREF="index.html"><LINK
16
HREF="release.html"><LINK
19
HREF="release-8-0-4.html"><LINK
22
HREF="release-8-0-2.html"><LINK
25
HREF="stylesheet.css"><META
26
HTTP-EQUIV="Content-Type"
27
CONTENT="text/html; charset=ISO-8859-1"><META
29
CONTENT="2011-04-27T21:20:33"></HEAD
35
SUMMARY="Header navigation table"
47
>PostgreSQL 9.1beta1 Documentation</A
57
HREF="release-8-0-4.html"
74
>Appendix E. Release Notes</TD
90
HREF="release-8-0-2.html"
105
>E.101. Release 8.0.3</A
118
> This release contains a variety of fixes from 8.0.2, including several
119
security-related issues.
120
For information about new features in the 8.0 major release, see
122
HREF="release-8-0.html"
132
>E.101.1. Migration to Version 8.0.3</A
135
> A dump/restore is not required for those running 8.0.X. However,
136
it is one possible way of handling two significant security problems
137
that have been found in the initial contents of 8.0.X system
138
catalogs. A dump/initdb/reload sequence using 8.0.3's initdb will
139
automatically correct these problems.
142
> The larger security problem is that the built-in character set encoding
143
conversion functions can be invoked from SQL commands by unprivileged
144
users, but the functions were not designed for such use and are not
145
secure against malicious choices of arguments. The fix involves changing
146
the declared parameter list of these functions so that they can no longer
147
be invoked from SQL commands. (This does not affect their normal use
148
by the encoding conversion machinery.)
151
> The lesser problem is that the <TT
153
>contrib/tsearch2</TT
155
creates several functions that are improperly declared to return
159
> when they do not accept <TT
163
This breaks type safety for all functions using <TT
170
> It is strongly recommended that all installations repair these errors,
171
either by initdb or by following the manual repair procedure given
172
below. The errors at least allow unprivileged database users to crash
173
their server process, and might allow unprivileged users to gain the
174
privileges of a database superuser.
177
> If you wish not to do an initdb, perform the same manual repair
178
procedures shown in the <A
179
HREF="release-7-4-8.html"
198
>Change encoding function signature to prevent
205
>contrib/tsearch2</TT
206
> to avoid unsafe use of
210
> function results</P
214
>Guard against incorrect second parameter to
222
>Repair ancient race condition that allowed a transaction to be
223
seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner
224
than for other purposes</P
226
>This is an extremely serious bug since it could lead to apparent
227
data inconsistencies being briefly visible to applications.</P
231
>Repair race condition between relation extension and
234
>This could theoretically have caused loss of a page's worth of
235
freshly-inserted data, although the scenario seems of very low probability.
236
There are no known cases of it having caused more than an Assert failure.</P
240
>Fix comparisons of <TT
242
>TIME WITH TIME ZONE</TT
245
>The comparison code was wrong in the case where the
248
>--enable-integer-datetimes</TT
249
> configuration switch had been used.
250
NOTE: if you have an index on a <TT
252
>TIME WITH TIME ZONE</TT
254
it will need to be <TT
257
>ed after installing this update, because
258
the fix corrects the sort order of column values.</P
264
>EXTRACT(EPOCH)</CODE
268
>TIME WITH TIME ZONE</TT
273
>Fix mis-display of negative fractional seconds in
279
>This error only occurred when the
282
>--enable-integer-datetimes</TT
283
> configuration switch had been used.</P
287
>Fix pg_dump to dump trigger names containing <TT
295
>Still more 64-bit fixes for
303
>Prevent incorrect optimization of functions returning
311
>Prevent crash on <TT
313
>COALESCE(NULL,NULL)</TT
318
>Fix Borland makefile for libpq</P
324
>contrib/btree_gist</TT
336
> check the PID found in
340
> to see if it is still a live
352
by addition of dump timestamps</P
356
>Fix interaction between materializing holdable cursors and
357
firing deferred triggers during transaction commit</P
361
>Fix memory leak in SQL functions returning pass-by-reference
372
SUMMARY="Footer navigation table"
383
HREF="release-8-0-4.html"
401
HREF="release-8-0-2.html"
b'\\ No newline at end of file'