Neil Conway
826f14f6d3
Some builds (depends on crypto engine support?) of OpenSSL
...
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch fixes it by carring the digest info around
EVP_DigestFinal and re-initializing cipher.
Marko Kreen.
2005-03-13 23:46:27 +00:00
Neil Conway
5e72d01d20
Update contrib/pgcrypto in 7.3 and 7.2 branches to avoid problems with
...
recent versions of OpenSSL. From Marko Kreen.
2005-03-13 23:42:07 +00:00
Tom Lane
46ace73498
Back-patch Neil's four additional buffer overrun checks.
2005-02-08 18:22:54 +00:00
Tom Lane
ebe0341927
Recommend security@postgresql.org as the contact point for security-related bugs.
2005-01-30 21:32:38 +00:00
Tom Lane
bcc1c7b1ea
Stamp release 7.2.7.
2005-01-30 20:32:42 +00:00
Tom Lane
2c03786309
Make sure contrib C functions are marked strict where needed.
...
Kris Jurka
2005-01-29 22:36:03 +00:00
Neil Conway
9eeeb9809e
Backpatch fix for buffer overrun in parsing refcursor parameters to
...
REL7_2_STABLE.
2005-01-27 01:52:34 +00:00
Neil Conway
13fab5b3ad
Mark the text_soundex() function as "strict", to avoid crashing on NULL
...
input. Also, may as well mark it "cacheable" as well. From Kris Jurka.
2005-01-26 08:25:46 +00:00
Tom Lane
ae5b7a0c5b
Disallow LOAD to non-superusers. Per report from John Heasman.
2005-01-24 17:46:58 +00:00
Tom Lane
66bb44cf63
The result of a FULL or RIGHT join can't be assumed to be sorted by the
...
left input's sorting, because null rows may be inserted at various points.
Per report from Ferenc Lutischá¸n.
2005-01-23 02:26:05 +00:00
Tom Lane
2b47146a07
interval_out failed to mention 'ago' for negative intervals in SQL and
...
GERMAN datestyles. Ancient bug reported by Terry Lee Tucker.
2005-01-11 18:34:41 +00:00
Tom Lane
643bb8125c
Back-patch removal of extraneous semicolon, so that this will build
...
with recent bisons (if anyone still cares).
2004-10-24 23:02:41 +00:00
Tom Lane
6452043ec8
Stamp release 7.2.6.
2004-10-22 00:27:34 +00:00
Tom Lane
6acddf56b4
Prevent pg_ctl from being run as root. Since it uses configuration files
...
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE. Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres. The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
2004-10-22 00:24:39 +00:00
Tom Lane
02571d4e20
Back-patch make_oidjoins_check security improvement.
2004-10-21 17:12:35 +00:00
Tom Lane
6b3d751747
Repair possible failure to update hint bits back to disk, per
...
http://archives.postgresql.org/pgsql-hackers/2004-10/msg00464.php .
I plan a more permanent fix in HEAD, but for the back branches it seems
best to just touch the places that actually have a problem.
2004-10-13 22:22:41 +00:00
Tom Lane
7b0919047f
Fix breakage in hashjoin from recent backpatch of left-join bug fix.
...
(That's what I get for not testing the back branches *before* committing.)
2004-10-13 21:56:14 +00:00
Tom Lane
44ed69c8f3
Hashed LEFT JOIN would miss outer tuples with no inner match if the join
...
was large enough to be batched and the tuples fell into a batch where
there were no inner tuples at all. Thanks to Xiaoyu Wang for finding a
test case that exposed this long-standing bug.
2004-09-17 18:29:40 +00:00
Tom Lane
a59084fe5e
Update 7.2 regression tests to match what you get when using a modern
...
version of Bison.
2004-08-19 20:03:49 +00:00
Tom Lane
9f7cf9c0a6
Stamp 7.2.5.
2004-08-15 01:23:30 +00:00
Tom Lane
d0b776b2be
Fix failure to guarantee that a checkpoint will write out pg_clog updates
...
for transaction commits that occurred just before the checkpoint. This is
an EXTREMELY serious bug --- kudos to Satoshi Okada for creating a
reproducible test case to prove its existence.
2004-08-11 04:09:14 +00:00
Tom Lane
fbec0d7e94
Repair multiple memory leaks in getTables(), including one that could
...
easily exhaust memory on databases with more than a few hundred triggers.
I don't expect any more releases of these old versions, but let's put the
fix in CVS just so it's archived.
2004-03-20 18:12:32 +00:00
Tom Lane
5925377401
Fix longstanding error in _bt_search(): should moveright at top of loop not
...
bottom. Otherwise we fail to moveright when the root page was split while
we were "in flight" to it. This is not a significant problem when the root
is above the leaf level, but if the root was also a leaf (ie, a single-page
index just got split) we may return the wrong leaf page to the caller,
resulting in failure to find a key that is in fact present. Bug has existed
at least since 7.1, probably forever.
2003-07-29 22:18:53 +00:00
Tom Lane
90011a8918
Fix a *second* buffer overrun bug in to_ascii(). Grumble.
2003-07-14 16:41:56 +00:00
Tom Lane
e3859d1ad9
Second try at avoiding conflicts with system isblank().
2003-04-13 04:07:43 +00:00
Tom Lane
afed1af696
Guard against macro versions of isblank().
2003-04-12 22:28:45 +00:00
Tom Lane
680dc79f17
Add #include <errno.h> per recent reports that it's now necessary on
...
RHL 9. (Not clear why it didn't break long before, actually...)
2003-04-11 20:51:27 +00:00
Tom Lane
07b776f52f
Fix buffer overrun in to_ascii(), per report from Guido Notari.
2003-04-02 21:08:14 +00:00
Tom Lane
28afe6f8ef
TestConfiguration returns int, not bool. This mistake is relatively
...
harmless on signed-char machines but would lead to core dump in the
deadlock detection code if char is unsigned. Amazingly, this bug has
been here since 7.1 and yet wasn't reported till now. Thanks to Robert
Bruccoleri for providing the opportunity to track it down.
2003-03-31 20:33:09 +00:00
Tom Lane
40faf433b0
Async_NotifyHandler must save and restore ImmediateInterruptOK. Fixes
...
known problem with failure to respond to 'pg_ctl stop -m fast', and
probable problems if SIGINT or SIGTERM arrives while processing a
SIGUSR2 interrupt that arrived while waiting for a new client query.
2003-03-13 23:44:07 +00:00
D'Arcy J.M. Cain
f08392b55a
Back patch bug fix to quote function.
2003-02-27 10:43:50 +00:00
Tom Lane
895491bc22
Brand 7.2.4.
2003-01-29 22:13:19 +00:00
Tom Lane
d106c799e6
Update release history for 7.2.4.
2003-01-29 22:12:42 +00:00
Tom Lane
dd10354587
Back-patch fix to avoid integer overflow in ExecHashJoinGetBatch(),
...
which leads to core dump in large-enough hash joins.
2003-01-29 19:37:23 +00:00
Tom Lane
2357fd166f
Back-patch fixes to detoast pg_group.grolist.
2003-01-26 23:16:23 +00:00
Tom Lane
12fa07750e
Back-patch fixes to ensure t_ctid always has correct value (prevents
...
some instances of 'No one parent tuple' VACUUM error, and perhaps
worse things).
2003-01-26 23:09:37 +00:00
Tom Lane
3c877e57f3
Back-patch fix for alphabetization mistakes in datetime token tables.
2003-01-26 22:33:16 +00:00
Tom Lane
adf852ba4a
Back-patch fix to ensure pg_clog updates are not only written but sync'ed
...
before we consider the checkpoint to be done.
2003-01-21 19:51:42 +00:00
Tom Lane
0c3cf79244
Back-patch fixes for integer overflows in circle_poly(), path_encode(),
...
and path_add() --- from Neil Conway. Also, repair recently-detected
errors in lseg_eq(), lseg_ne(), lseg_center().
2003-01-21 19:41:26 +00:00
Tom Lane
474f1130c6
Back-patch fix for VACUUM being confused by SELECT FOR UPDATE of tuple
...
that was previously outdated by a transaction that later aborted.
Also, prevent VACUUM from being called inside function.
2003-01-21 19:38:21 +00:00
Bruce Momjian
4526d2183f
Brand 7.2.3.
2002-10-01 03:34:29 +00:00
Bruce Momjian
9227bc5e5b
Update HISTORY/release.sgml for 7.2.3.
2002-10-01 03:24:17 +00:00
Tom Lane
407517f039
Back-patch fixes to work around broken mktime() in recent glibc releases.
2002-09-30 20:57:11 +00:00
Tom Lane
96464fa37c
Back-patch fix for bad SIGUSR2 interrupt handling during backend shutdown.
2002-09-30 20:47:22 +00:00
Tom Lane
c6ec2a8ba5
Back-patch fix for correct TAS operation on multi-CPU PPC machines.
2002-09-30 20:24:53 +00:00
Tom Lane
c9e3806e57
Back-patch fix for 'can't wait without a PROC structure' failures:
...
remove separate ShutdownBufferPoolAccess exit callback, and do the
work in ProcKill instead, before we delete MyProc.
2002-09-30 20:18:59 +00:00
Tom Lane
c80d09f123
Back-patch fix to ensure a checkpoint occurs before truncating CLOG,
...
even if no recent WAL activity has occurred.
2002-09-30 19:55:08 +00:00
Tom Lane
a829ad1570
Back-patch fix to not change pg_database.datvacuumxid or truncate CLOG
...
when an unprivileged user runs VACUUM.
2002-09-30 19:45:57 +00:00
Tom Lane
826692788d
Back-patch fix for failure to dump views containing FULL JOIN USING.
...
The bug is not present in CVS tip due to cleanup of JOIN handling,
but 7.2.* is broken.
2002-09-20 21:37:07 +00:00
Bruce Momjian
30ab8da488
Update HISTORY with Neil's changes.
2002-08-23 02:33:06 +00:00