Commit Graph

12066 Commits

Author SHA1 Message Date
Neil Conway
826f14f6d3 Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX.  This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.

Following patch fixes it by carring the digest info around
EVP_DigestFinal and re-initializing cipher.

Marko Kreen.
2005-03-13 23:46:27 +00:00
Neil Conway
5e72d01d20 Update contrib/pgcrypto in 7.3 and 7.2 branches to avoid problems with
recent versions of OpenSSL. From Marko Kreen.
2005-03-13 23:42:07 +00:00
Tom Lane
46ace73498 Back-patch Neil's four additional buffer overrun checks. 2005-02-08 18:22:54 +00:00
Tom Lane
ebe0341927 Recommend security@postgresql.org as the contact point for security-related bugs. 2005-01-30 21:32:38 +00:00
Tom Lane
bcc1c7b1ea Stamp release 7.2.7. 2005-01-30 20:32:42 +00:00
Tom Lane
2c03786309 Make sure contrib C functions are marked strict where needed.
Kris Jurka
2005-01-29 22:36:03 +00:00
Neil Conway
9eeeb9809e Backpatch fix for buffer overrun in parsing refcursor parameters to
REL7_2_STABLE.
2005-01-27 01:52:34 +00:00
Neil Conway
13fab5b3ad Mark the text_soundex() function as "strict", to avoid crashing on NULL
input. Also, may as well mark it "cacheable" as well. From Kris Jurka.
2005-01-26 08:25:46 +00:00
Tom Lane
ae5b7a0c5b Disallow LOAD to non-superusers. Per report from John Heasman. 2005-01-24 17:46:58 +00:00
Tom Lane
66bb44cf63 The result of a FULL or RIGHT join can't be assumed to be sorted by the
left input's sorting, because null rows may be inserted at various points.
Per report from Ferenc Lutischá¸n.
2005-01-23 02:26:05 +00:00
Tom Lane
2b47146a07 interval_out failed to mention 'ago' for negative intervals in SQL and
GERMAN datestyles.  Ancient bug reported by Terry Lee Tucker.
2005-01-11 18:34:41 +00:00
Tom Lane
643bb8125c Back-patch removal of extraneous semicolon, so that this will build
with recent bisons (if anyone still cares).
2004-10-24 23:02:41 +00:00
Tom Lane
6452043ec8 Stamp release 7.2.6. 2004-10-22 00:27:34 +00:00
Tom Lane
6acddf56b4 Prevent pg_ctl from being run as root. Since it uses configuration files
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE.  Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres.  The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
2004-10-22 00:24:39 +00:00
Tom Lane
02571d4e20 Back-patch make_oidjoins_check security improvement. 2004-10-21 17:12:35 +00:00
Tom Lane
6b3d751747 Repair possible failure to update hint bits back to disk, per
http://archives.postgresql.org/pgsql-hackers/2004-10/msg00464.php.
I plan a more permanent fix in HEAD, but for the back branches it seems
best to just touch the places that actually have a problem.
2004-10-13 22:22:41 +00:00
Tom Lane
7b0919047f Fix breakage in hashjoin from recent backpatch of left-join bug fix.
(That's what I get for not testing the back branches *before* committing.)
2004-10-13 21:56:14 +00:00
Tom Lane
44ed69c8f3 Hashed LEFT JOIN would miss outer tuples with no inner match if the join
was large enough to be batched and the tuples fell into a batch where
there were no inner tuples at all.  Thanks to Xiaoyu Wang for finding a
test case that exposed this long-standing bug.
2004-09-17 18:29:40 +00:00
Tom Lane
a59084fe5e Update 7.2 regression tests to match what you get when using a modern
version of Bison.
2004-08-19 20:03:49 +00:00
Tom Lane
9f7cf9c0a6 Stamp 7.2.5. 2004-08-15 01:23:30 +00:00
Tom Lane
d0b776b2be Fix failure to guarantee that a checkpoint will write out pg_clog updates
for transaction commits that occurred just before the checkpoint.  This is
an EXTREMELY serious bug --- kudos to Satoshi Okada for creating a
reproducible test case to prove its existence.
2004-08-11 04:09:14 +00:00
Tom Lane
fbec0d7e94 Repair multiple memory leaks in getTables(), including one that could
easily exhaust memory on databases with more than a few hundred triggers.
I don't expect any more releases of these old versions, but let's put the
fix in CVS just so it's archived.
2004-03-20 18:12:32 +00:00
Tom Lane
5925377401 Fix longstanding error in _bt_search(): should moveright at top of loop not
bottom.  Otherwise we fail to moveright when the root page was split while
we were "in flight" to it.  This is not a significant problem when the root
is above the leaf level, but if the root was also a leaf (ie, a single-page
index just got split) we may return the wrong leaf page to the caller,
resulting in failure to find a key that is in fact present.  Bug has existed
at least since 7.1, probably forever.
2003-07-29 22:18:53 +00:00
Tom Lane
90011a8918 Fix a *second* buffer overrun bug in to_ascii(). Grumble. 2003-07-14 16:41:56 +00:00
Tom Lane
e3859d1ad9 Second try at avoiding conflicts with system isblank(). 2003-04-13 04:07:43 +00:00
Tom Lane
afed1af696 Guard against macro versions of isblank(). 2003-04-12 22:28:45 +00:00
Tom Lane
680dc79f17 Add #include <errno.h> per recent reports that it's now necessary on
RHL 9.  (Not clear why it didn't break long before, actually...)
2003-04-11 20:51:27 +00:00
Tom Lane
07b776f52f Fix buffer overrun in to_ascii(), per report from Guido Notari. 2003-04-02 21:08:14 +00:00
Tom Lane
28afe6f8ef TestConfiguration returns int, not bool. This mistake is relatively
harmless on signed-char machines but would lead to core dump in the
deadlock detection code if char is unsigned.  Amazingly, this bug has
been here since 7.1 and yet wasn't reported till now.  Thanks to Robert
Bruccoleri for providing the opportunity to track it down.
2003-03-31 20:33:09 +00:00
Tom Lane
40faf433b0 Async_NotifyHandler must save and restore ImmediateInterruptOK. Fixes
known problem with failure to respond to 'pg_ctl stop -m fast', and
probable problems if SIGINT or SIGTERM arrives while processing a
SIGUSR2 interrupt that arrived while waiting for a new client query.
2003-03-13 23:44:07 +00:00
D'Arcy J.M. Cain
f08392b55a Back patch bug fix to quote function. 2003-02-27 10:43:50 +00:00
Tom Lane
895491bc22 Brand 7.2.4. 2003-01-29 22:13:19 +00:00
Tom Lane
d106c799e6 Update release history for 7.2.4. 2003-01-29 22:12:42 +00:00
Tom Lane
dd10354587 Back-patch fix to avoid integer overflow in ExecHashJoinGetBatch(),
which leads to core dump in large-enough hash joins.
2003-01-29 19:37:23 +00:00
Tom Lane
2357fd166f Back-patch fixes to detoast pg_group.grolist. 2003-01-26 23:16:23 +00:00
Tom Lane
12fa07750e Back-patch fixes to ensure t_ctid always has correct value (prevents
some instances of 'No one parent tuple' VACUUM error, and perhaps
worse things).
2003-01-26 23:09:37 +00:00
Tom Lane
3c877e57f3 Back-patch fix for alphabetization mistakes in datetime token tables. 2003-01-26 22:33:16 +00:00
Tom Lane
adf852ba4a Back-patch fix to ensure pg_clog updates are not only written but sync'ed
before we consider the checkpoint to be done.
2003-01-21 19:51:42 +00:00
Tom Lane
0c3cf79244 Back-patch fixes for integer overflows in circle_poly(), path_encode(),
and path_add() --- from Neil Conway.  Also, repair recently-detected
errors in lseg_eq(), lseg_ne(), lseg_center().
2003-01-21 19:41:26 +00:00
Tom Lane
474f1130c6 Back-patch fix for VACUUM being confused by SELECT FOR UPDATE of tuple
that was previously outdated by a transaction that later aborted.
Also, prevent VACUUM from being called inside function.
2003-01-21 19:38:21 +00:00
Bruce Momjian
4526d2183f Brand 7.2.3. 2002-10-01 03:34:29 +00:00
Bruce Momjian
9227bc5e5b Update HISTORY/release.sgml for 7.2.3. 2002-10-01 03:24:17 +00:00
Tom Lane
407517f039 Back-patch fixes to work around broken mktime() in recent glibc releases. 2002-09-30 20:57:11 +00:00
Tom Lane
96464fa37c Back-patch fix for bad SIGUSR2 interrupt handling during backend shutdown. 2002-09-30 20:47:22 +00:00
Tom Lane
c6ec2a8ba5 Back-patch fix for correct TAS operation on multi-CPU PPC machines. 2002-09-30 20:24:53 +00:00
Tom Lane
c9e3806e57 Back-patch fix for 'can't wait without a PROC structure' failures:
remove separate ShutdownBufferPoolAccess exit callback, and do the
work in ProcKill instead, before we delete MyProc.
2002-09-30 20:18:59 +00:00
Tom Lane
c80d09f123 Back-patch fix to ensure a checkpoint occurs before truncating CLOG,
even if no recent WAL activity has occurred.
2002-09-30 19:55:08 +00:00
Tom Lane
a829ad1570 Back-patch fix to not change pg_database.datvacuumxid or truncate CLOG
when an unprivileged user runs VACUUM.
2002-09-30 19:45:57 +00:00
Tom Lane
826692788d Back-patch fix for failure to dump views containing FULL JOIN USING.
The bug is not present in CVS tip due to cleanup of JOIN handling,
but 7.2.* is broken.
2002-09-20 21:37:07 +00:00
Bruce Momjian
30ab8da488 Update HISTORY with Neil's changes. 2002-08-23 02:33:06 +00:00