~ubuntu-branches/ubuntu/trusty/postgresql-9.3/trusty-proposed : contents of doc/src/sgml/html/release-8-0-3.html at revision 22

~ubuntu-branches/ubuntu/trusty/postgresql-9.3/trusty-proposed : (revision 22)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Release 8.0.3</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.3.12 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Release Notes"
HREF="release.html"><LINK
REL="PREVIOUS"
TITLE="Release 8.0.4"
HREF="release-8-0-4.html"><LINK
REL="NEXT"
TITLE="Release 8.0.2"
HREF="release-8-0-2.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2016-03-28T20:28:06"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.3.12 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="Release 8.0.4"
HREF="release-8-0-4.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="release.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Appendix E. Release Notes</TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="Release 8.0.2"
HREF="release-8-0-2.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RELEASE-8-0-3"
>E.195. Release 8.0.3</A
></H1
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Release Date: </B
>2005-05-09</P
></BLOCKQUOTE
></DIV
><P
>   This release contains a variety of fixes from 8.0.2, including several
   security-related issues.
   For information about new features in the 8.0 major release, see
   <A
HREF="release-8-0.html"
>Section E.198</A
>.
  </P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN144986"
>E.195.1. Migration to Version 8.0.3</A
></H2
><P
>    A dump/restore is not required for those running 8.0.X.  However,
    it is one possible way of handling two significant security problems
    that have been found in the initial contents of 8.0.X system
    catalogs.  A dump/initdb/reload sequence using 8.0.3's initdb will
    automatically correct these problems.
   </P
><P
>    The larger security problem is that the built-in character set encoding
    conversion functions can be invoked from SQL commands by unprivileged
    users, but the functions were not designed for such use and are not
    secure against malicious choices of arguments.  The fix involves changing
    the declared parameter list of these functions so that they can no longer
    be invoked from SQL commands.  (This does not affect their normal use
    by the encoding conversion machinery.)
   </P
><P
>    The lesser problem is that the <TT
CLASS="FILENAME"
>contrib/tsearch2</TT
> module
    creates several functions that are improperly declared to return
    <TT
CLASS="TYPE"
>internal</TT
> when they do not accept <TT
CLASS="TYPE"
>internal</TT
> arguments.
    This breaks type safety for all functions using <TT
CLASS="TYPE"
>internal</TT
>
    arguments.
   </P
><P
>    It is strongly recommended that all installations repair these errors,
    either by initdb or by following the manual repair procedure given
    below.  The errors at least allow unprivileged database users to crash
    their server process, and might allow unprivileged users to gain the
    privileges of a database superuser.
   </P
><P
>    If you wish not to do an initdb, perform the same manual repair
    procedures shown in the <A
HREF="release-7-4-8.html"
>7.4.8 release
    notes</A
>.
   </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN144998"
>E.195.2. Changes</A
></H2
><P
></P
><UL
><LI
><P
>Change encoding function signature to prevent
misuse</P
></LI
><LI
><P
>Change <TT
CLASS="FILENAME"
>contrib/tsearch2</TT
> to avoid unsafe use of
<TT
CLASS="TYPE"
>INTERNAL</TT
> function results</P
></LI
><LI
><P
>Guard against incorrect second parameter to
<CODE
CLASS="FUNCTION"
>record_out</CODE
></P
></LI
><LI
><P
>Repair ancient race condition that allowed a transaction to be
seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner
than for other purposes</P
><P
>This is an extremely serious bug since it could lead to apparent
data inconsistencies being briefly visible to applications.</P
></LI
><LI
><P
>Repair race condition between relation extension and
VACUUM</P
><P
>This could theoretically have caused loss of a page's worth of
freshly-inserted data, although the scenario seems of very low probability.
There are no known cases of it having caused more than an Assert failure.</P
></LI
><LI
><P
>Fix comparisons of <TT
CLASS="TYPE"
>TIME WITH TIME ZONE</TT
> values</P
><P
>The comparison code was wrong in the case where the
<TT
CLASS="LITERAL"
>--enable-integer-datetimes</TT
> configuration switch had been used.
NOTE: if you have an index on a <TT
CLASS="TYPE"
>TIME WITH TIME ZONE</TT
> column,
it will need to be <TT
CLASS="COMMAND"
>REINDEX</TT
>ed after installing this update, because
the fix corrects the sort order of column values.</P
></LI
><LI
><P
>Fix <CODE
CLASS="FUNCTION"
>EXTRACT(EPOCH)</CODE
> for
<TT
CLASS="TYPE"
>TIME WITH TIME ZONE</TT
> values</P
></LI
><LI
><P
>Fix mis-display of negative fractional seconds in
<TT
CLASS="TYPE"
>INTERVAL</TT
> values</P
><P
>This error only occurred when the
<TT
CLASS="LITERAL"
>--enable-integer-datetimes</TT
> configuration switch had been used.</P
></LI
><LI
><P
>Fix pg_dump to dump trigger names containing <TT
CLASS="LITERAL"
>%</TT
>
correctly (Neil)</P
></LI
><LI
><P
>Still more 64-bit fixes for
<TT
CLASS="FILENAME"
>contrib/intagg</TT
></P
></LI
><LI
><P
>Prevent incorrect optimization of functions returning
<TT
CLASS="TYPE"
>RECORD</TT
></P
></LI
><LI
><P
>Prevent crash on <TT
CLASS="LITERAL"
>COALESCE(NULL,NULL)</TT
></P
></LI
><LI
><P
>Fix Borland makefile for libpq</P
></LI
><LI
><P
>Fix <TT
CLASS="FILENAME"
>contrib/btree_gist</TT
> for <TT
CLASS="TYPE"
>timetz</TT
> type
(Teodor)</P
></LI
><LI
><P
>Make <TT
CLASS="COMMAND"
>pg_ctl</TT
> check the PID found in
<TT
CLASS="FILENAME"
>postmaster.pid</TT
> to see if it is still a live
process</P
></LI
><LI
><P
>Fix <TT
CLASS="COMMAND"
>pg_dump</TT
>/<TT
CLASS="COMMAND"
>pg_restore</TT
> problems caused
by addition of dump timestamps</P
></LI
><LI
><P
>Fix interaction between materializing holdable cursors and
firing deferred triggers during transaction commit</P
></LI
><LI
><P
>Fix memory leak in SQL functions returning pass-by-reference
data types</P
></LI
></UL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="release-8-0-4.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="release-8-0-2.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Release 8.0.4</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="release.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Release 8.0.2</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

1 by Martin Pitt Import upstream version 9.3~beta1	1	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	2	<HTML
	3	><HEAD
	4	><TITLE
	5	>Release 8.0.3</TITLE
	6	><META
	7	NAME="GENERATOR"
	8	CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
	9	REV="MADE"
	10	HREF="mailto:pgsql-docs@postgresql.org"><LINK
	11	REL="HOME"
1.1.11 by Martin Pitt Import upstream version 9.3.12	12	TITLE="PostgreSQL 9.3.12 Documentation"
1 by Martin Pitt Import upstream version 9.3~beta1	13	HREF="index.html"><LINK
	14	REL="UP"
	15	TITLE="Release Notes"
	16	HREF="release.html"><LINK
	17	REL="PREVIOUS"
	18	TITLE="Release 8.0.4"
	19	HREF="release-8-0-4.html"><LINK
	20	REL="NEXT"
	21	TITLE="Release 8.0.2"
	22	HREF="release-8-0-2.html"><LINK
	23	REL="STYLESHEET"
	24	TYPE="text/css"
	25	HREF="stylesheet.css"><META
	26	HTTP-EQUIV="Content-Type"
	27	CONTENT="text/html; charset=ISO-8859-1"><META
	28	NAME="creation"
1.1.11 by Martin Pitt Import upstream version 9.3.12	29	CONTENT="2016-03-28T20:28:06"></HEAD
1 by Martin Pitt Import upstream version 9.3~beta1	30	><BODY
	31	CLASS="SECT1"
	32	><DIV
	33	CLASS="NAVHEADER"
	34	><TABLE
	35	SUMMARY="Header navigation table"
	36	WIDTH="100%"
	37	BORDER="0"
	38	CELLPADDING="0"
	39	CELLSPACING="0"
	40	><TR
	41	><TH
	42	COLSPAN="5"
	43	ALIGN="center"
	44	VALIGN="bottom"
	45	><A
	46	HREF="index.html"
1.1.11 by Martin Pitt Import upstream version 9.3.12	47	>PostgreSQL 9.3.12 Documentation</A
1 by Martin Pitt Import upstream version 9.3~beta1	48	></TH
	49	></TR
	50	><TR
	51	><TD
	52	WIDTH="10%"
	53	ALIGN="left"
	54	VALIGN="top"
	55	><A
	56	TITLE="Release 8.0.4"
	57	HREF="release-8-0-4.html"
	58	ACCESSKEY="P"
	59	>Prev</A
	60	></TD
	61	><TD
	62	WIDTH="10%"
	63	ALIGN="left"
	64	VALIGN="top"
	65	><A
	66	HREF="release.html"
	67	ACCESSKEY="U"
	68	>Up</A
	69	></TD
	70	><TD
	71	WIDTH="60%"
	72	ALIGN="center"
	73	VALIGN="bottom"
	74	>Appendix E. Release Notes</TD
	75	><TD
	76	WIDTH="20%"
	77	ALIGN="right"
	78	VALIGN="top"
	79	><A
	80	TITLE="Release 8.0.2"
	81	HREF="release-8-0-2.html"
	82	ACCESSKEY="N"
	83	>Next</A
	84	></TD
	85	></TR
	86	></TABLE
	87	><HR
	88	ALIGN="LEFT"
	89	WIDTH="100%"></DIV
	90	><DIV
	91	CLASS="SECT1"
	92	><H1
	93	CLASS="SECT1"
	94	><A
	95	NAME="RELEASE-8-0-3"
1.1.11 by Martin Pitt Import upstream version 9.3.12	96	>E.195. Release 8.0.3</A
1 by Martin Pitt Import upstream version 9.3~beta1	97	></H1
	98	><DIV
	99	CLASS="NOTE"
	100	><BLOCKQUOTE
	101	CLASS="NOTE"
	102	><P
	103	><B
	104	>Release Date: </B
	105	>2005-05-09</P
	106	></BLOCKQUOTE
	107	></DIV
	108	><P
	109	> This release contains a variety of fixes from 8.0.2, including several
	110	security-related issues.
	111	For information about new features in the 8.0 major release, see
	112	<A
	113	HREF="release-8-0.html"
1.1.11 by Martin Pitt Import upstream version 9.3.12	114	>Section E.198</A
1 by Martin Pitt Import upstream version 9.3~beta1	115	>.
	116	</P
	117	><DIV
	118	CLASS="SECT2"
	119	><H2
	120	CLASS="SECT2"
	121	><A
1.1.11 by Martin Pitt Import upstream version 9.3.12	122	NAME="AEN144986"
1.1.11 by Martin Pitt Import upstream version 9.3.12	123	>E.195.1. Migration to Version 8.0.3</A
1 by Martin Pitt Import upstream version 9.3~beta1	124	></H2
	125	><P
	126	> A dump/restore is not required for those running 8.0.X. However,
	127	it is one possible way of handling two significant security problems
	128	that have been found in the initial contents of 8.0.X system
	129	catalogs. A dump/initdb/reload sequence using 8.0.3's initdb will
	130	automatically correct these problems.
	131	</P
	132	><P
	133	> The larger security problem is that the built-in character set encoding
	134	conversion functions can be invoked from SQL commands by unprivileged
	135	users, but the functions were not designed for such use and are not
	136	secure against malicious choices of arguments. The fix involves changing
	137	the declared parameter list of these functions so that they can no longer
	138	be invoked from SQL commands. (This does not affect their normal use
	139	by the encoding conversion machinery.)
	140	</P
	141	><P
	142	> The lesser problem is that the <TT
	143	CLASS="FILENAME"
	144	>contrib/tsearch2</TT
	145	> module
	146	creates several functions that are improperly declared to return
	147	<TT
	148	CLASS="TYPE"
	149	>internal</TT
	150	> when they do not accept <TT
	151	CLASS="TYPE"
	152	>internal</TT
	153	> arguments.
	154	This breaks type safety for all functions using <TT
	155	CLASS="TYPE"
	156	>internal</TT
	157	>
	158	arguments.
	159	</P
	160	><P
	161	> It is strongly recommended that all installations repair these errors,
	162	either by initdb or by following the manual repair procedure given
	163	below. The errors at least allow unprivileged database users to crash
	164	their server process, and might allow unprivileged users to gain the
	165	privileges of a database superuser.
	166	</P
	167	><P
	168	> If you wish not to do an initdb, perform the same manual repair
	169	procedures shown in the <A
	170	HREF="release-7-4-8.html"
	171	>7.4.8 release
	172	notes</A
	173	>.
	174	</P
	175	></DIV
	176	><DIV
	177	CLASS="SECT2"
	178	><H2
	179	CLASS="SECT2"
	180	><A
1.1.11 by Martin Pitt Import upstream version 9.3.12	181	NAME="AEN144998"
1.1.11 by Martin Pitt Import upstream version 9.3.12	182	>E.195.2. Changes</A
1 by Martin Pitt Import upstream version 9.3~beta1	183	></H2
	184	><P
	185	></P
	186	><UL
	187	><LI
	188	><P
	189	>Change encoding function signature to prevent
	190	misuse</P
	191	></LI
	192	><LI
	193	><P
	194	>Change <TT
	195	CLASS="FILENAME"
	196	>contrib/tsearch2</TT
	197	> to avoid unsafe use of
	198	<TT
	199	CLASS="TYPE"
	200	>INTERNAL</TT
	201	> function results</P
	202	></LI
	203	><LI
	204	><P
	205	>Guard against incorrect second parameter to
	206	<CODE
	207	CLASS="FUNCTION"
	208	>record_out</CODE
	209	></P
	210	></LI
	211	><LI
	212	><P
	213	>Repair ancient race condition that allowed a transaction to be
	214	seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner
	215	than for other purposes</P
	216	><P
	217	>This is an extremely serious bug since it could lead to apparent
	218	data inconsistencies being briefly visible to applications.</P
	219	></LI
	220	><LI
	221	><P
	222	>Repair race condition between relation extension and
	223	VACUUM</P
	224	><P
	225	>This could theoretically have caused loss of a page's worth of
	226	freshly-inserted data, although the scenario seems of very low probability.
	227	There are no known cases of it having caused more than an Assert failure.</P
	228	></LI
	229	><LI
	230	><P
	231	>Fix comparisons of <TT
	232	CLASS="TYPE"
	233	>TIME WITH TIME ZONE</TT
	234	> values</P
	235	><P
	236	>The comparison code was wrong in the case where the
	237	<TT
	238	CLASS="LITERAL"
	239	>--enable-integer-datetimes</TT
	240	> configuration switch had been used.
	241	NOTE: if you have an index on a <TT
	242	CLASS="TYPE"
	243	>TIME WITH TIME ZONE</TT
	244	> column,
	245	it will need to be <TT
	246	CLASS="COMMAND"
247	>REINDEX</TT
248	>ed after installing this update, because
249	the fix corrects the sort order of column values.</P
250	></LI
251	><LI
252	><P
253	>Fix <CODE
254	CLASS="FUNCTION"
255	>EXTRACT(EPOCH)</CODE
256	> for
257	<TT
258	CLASS="TYPE"
259	>TIME WITH TIME ZONE</TT
260	> values</P
261	></LI
262	><LI
263	><P
264	>Fix mis-display of negative fractional seconds in
265	<TT
266	CLASS="TYPE"
267	>INTERVAL</TT
268	> values</P
269	><P
270	>This error only occurred when the
271	<TT
272	CLASS="LITERAL"
273	>--enable-integer-datetimes</TT
274	> configuration switch had been used.</P
275	></LI
276	><LI
277	><P
278	>Fix pg_dump to dump trigger names containing <TT
279	CLASS="LITERAL"
280	>%</TT
281	>
282	correctly (Neil)</P
283	></LI
284	><LI
285	><P
286	>Still more 64-bit fixes for
287	<TT
288	CLASS="FILENAME"
289	>contrib/intagg</TT
290	></P
291	></LI
292	><LI
293	><P
294	>Prevent incorrect optimization of functions returning
295	<TT
296	CLASS="TYPE"
297	>RECORD</TT
298	></P
299	></LI
300	><LI
301	><P
302	>Prevent crash on <TT
303	CLASS="LITERAL"
304	>COALESCE(NULL,NULL)</TT
305	></P
306	></LI
307	><LI
308	><P
309	>Fix Borland makefile for libpq</P
310	></LI
311	><LI
312	><P
313	>Fix <TT
314	CLASS="FILENAME"
315	>contrib/btree_gist</TT
316	> for <TT
317	CLASS="TYPE"
318	>timetz</TT
319	> type
320	(Teodor)</P
321	></LI
322	><LI
323	><P
324	>Make <TT
325	CLASS="COMMAND"
326	>pg_ctl</TT
327	> check the PID found in
328	<TT
329	CLASS="FILENAME"
330	>postmaster.pid</TT
331	> to see if it is still a live
332	process</P
333	></LI
334	><LI
335	><P
336	>Fix <TT
337	CLASS="COMMAND"
338	>pg_dump</TT
339	>/<TT
340	CLASS="COMMAND"
341	>pg_restore</TT
342	> problems caused
343	by addition of dump timestamps</P
344	></LI
345	><LI
346	><P
347	>Fix interaction between materializing holdable cursors and
348	firing deferred triggers during transaction commit</P
349	></LI
350	><LI
351	><P
352	>Fix memory leak in SQL functions returning pass-by-reference
353	data types</P
354	></LI
355	></UL
356	></DIV
357	></DIV
358	><DIV
359	CLASS="NAVFOOTER"
360	><HR
361	ALIGN="LEFT"
362	WIDTH="100%"><TABLE
363	SUMMARY="Footer navigation table"
364	WIDTH="100%"
365	BORDER="0"
366	CELLPADDING="0"
367	CELLSPACING="0"
368	><TR
369	><TD
370	WIDTH="33%"
371	ALIGN="left"
372	VALIGN="top"
373	><A
374	HREF="release-8-0-4.html"
375	ACCESSKEY="P"
376	>Prev</A
377	></TD
378	><TD
379	WIDTH="34%"
380	ALIGN="center"
381	VALIGN="top"
382	><A
383	HREF="index.html"
384	ACCESSKEY="H"
385	>Home</A
386	></TD
387	><TD
388	WIDTH="33%"
389	ALIGN="right"
390	VALIGN="top"
391	><A
392	HREF="release-8-0-2.html"
393	ACCESSKEY="N"
394	>Next</A
395	></TD
396	></TR
397	><TR
398	><TD
399	WIDTH="33%"
400	ALIGN="left"
401	VALIGN="top"
402	>Release 8.0.4</TD
403	><TD
404	WIDTH="34%"
405	ALIGN="center"
406	VALIGN="top"
407	><A
408	HREF="release.html"
409	ACCESSKEY="U"
410	>Up</A
411	></TD
412	><TD
413	WIDTH="33%"
414	ALIGN="right"
415	VALIGN="top"
416	>Release 8.0.2</TD
417	></TR
418	></TABLE
419	></DIV
420	></BODY
421	></HTML
422	>