This page in other versions: 8.4 / 9.0 / 9.1 / 9.2 / 9.3  |  Development versions: devel / 9.4  |  Unsupported versions: 8.1 / 8.2 / 8.3

E.137. Release 8.1.3

Release Date: 2006-02-14

This release contains a variety of fixes from 8.1.2, including one very serious security issue. For information about new features in the 8.1 major release, see Section E.140.

E.137.1. Migration to Version 8.1.3

A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see Section E.138.

E.137.2. Changes

  • Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553)

    Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem.

  • Fix bug with row visibility logic in self-inserted rows (Tom)

    Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.

  • Fix race condition that could lead to "file already exists" errors during pg_clog and pg_subtrans file creation (Tom)

  • Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)

  • Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil)

  • Ensure ALTER COLUMN TYPE will process FOREIGN KEY, UNIQUE, and PRIMARY KEY constraints in the proper order (Nakano Yoshihisa)

  • Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)

  • Allow pg_restore to continue properly after a COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost)

  • Fix pg_ctl unregister crash when the data directory is not specified (Magnus)

  • Fix libpq PQprint HTML tags (Christoph Zwerschke)

  • Fix ecpg crash on AMD64 and PPC (Neil)

  • Allow SETOF and %TYPE to be used together in function result type declarations

  • Recover properly if error occurs during argument passing in PL/python (Neil)

  • Fix memory leak in plperl_return_next (Neil)

  • Fix PL/perl's handling of locales on Win32 to match the backend (Andrew)

  • Various optimizer fixes (Tom)

  • Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce)

  • Fix pgxs -L library path specification for Win32, Cygwin, OS X, AIX (Bruce)

  • Check that SID is enabled while checking for Win32 admin privileges (Magnus)

  • Properly reject out-of-range date inputs (Kris Jurka)

  • Portability fix for testing presence of finite and isinf during configure (Tom)

  • Improve speed of COPY IN via libpq, by avoiding a kernel call per data line (Alon Goldshuv)

  • Improve speed of /contrib/tsearch2 index creation (Tom)

Add Comment

Please use this form to add your own comments regarding your experience with particular features of PostgreSQL, clarifications of the documentation, or hints for other users. Please note, this is not a support forum, and your IP address will be logged. If you have a question or need help, please see the faq, try a mailing list, or join us on IRC. Note that submissions containing URLs or other keywords commonly found in 'spam' comments may be silently discarded. Please contact the webmaster if you think this is happening to you in error.

Proceed to the comment form.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group