Release date: 2008-01-07
This release contains a variety of fixes from 8.2.5, including fixes for significant security issues. For information about new features in the 8.2 major release, see Section E.212.
A dump/restore is not required for those running 8.2.X.
Prevent functions in indexes from executing with the privileges
of the user running VACUUM
,
ANALYZE
, etc (Tom)
Functions used in index expressions and partial-index predicates
are evaluated whenever a new table entry is made. It has long been
understood that this poses a risk of trojan-horse code execution if
one modifies a table owned by an untrustworthy user. (Note that
triggers, defaults, check constraints, etc. pose the same type of
risk.) But functions in indexes pose extra danger because they will
be executed by routine maintenance operations such as VACUUM FULL
, which are commonly performed
automatically under a superuser account. For example, a nefarious
user can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine
vacuum. The fix arranges for standard maintenance operations
(including VACUUM
, ANALYZE
, REINDEX
, and
CLUSTER
) to execute as the table owner
rather than the calling user, using the same privilege-switching
mechanism already used for SECURITY
DEFINER
functions. To prevent bypassing this security
measure, execution of SET SESSION
AUTHORIZATION
and SET ROLE
is
now forbidden within a SECURITY
DEFINER
context. (CVE-2007-6600)
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
Require non-superusers who use /contrib/dblink
to use only password
authentication, as a security measure (Joe)
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some dblink
functions. (CVE-2007-6601, CVE-2007-3278)
Fix bugs in WAL replay for GIN indexes (Teodor)
Fix GIN index build to work properly when maintenance_work_mem
is 4GB or more (Tom)
Update time zone data files to tzdata release 2007k (in particular, recent Argentina changes) (Tom)
Improve planner's handling of LIKE/regex estimation in non-C locales (Tom)
Fix planning-speed problem for deep outer-join nests, as well as possible poor choice of join order (Tom)
Fix planner failure in some cases of WHERE
false AND var IN (SELECT ...)
(Tom)
Make CREATE TABLE ... SERIAL
and
ALTER SEQUENCE ... OWNED BY
not change
the currval()
state of the sequence
(Tom)
Preserve the tablespace and storage parameters of indexes that
are rebuilt by ALTER TABLE ... ALTER COLUMN
TYPE
(Tom)
Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used (Simon)
This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition.
Make VACUUM
not use all of
maintenance_work_mem
when the table is
too small for it to be useful (Alvaro)
Fix potential crash in translate()
when using a multibyte database encoding (Tom)
Make corr()
return the correct
result for negative correlation values (Neil)
Fix overflow in extract(epoch from
interval)
for intervals exceeding 68 years (Tom)
Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function (Andrew)
Fix PL/Perl to cope when platform's Perl defines type
bool
as int
rather than char
(Tom)
While this could theoretically happen anywhere, no standard build of Perl did things this way ... until macOS 10.5.
Fix PL/Python to work correctly with Python 2.5 on 64-bit machines (Marko Kreen)
Fix PL/Python to not crash on long exception messages (Alvaro)
Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's (Tom)
Fix libpq crash when
PGPASSFILE
refers to a file that is
not a plain file (Martin Pitt)
ecpg parser fixes (Michael)
Make contrib/pgcrypto
defend
against OpenSSL libraries that
fail on keys longer than 128 bits; which is the case at least on
some Solaris versions (Marko Kreen)
Make contrib/tablefunc
's
crosstab()
handle NULL rowid as a
category in its own right, rather than crashing (Joe)
Fix tsvector
and tsquery
output routines to escape backslashes
correctly (Teodor, Bruce)
Fix crash of to_tsvector()
on huge
input strings (Teodor)
Require a specific version of Autoconf to be used when re-generating the
configure
script (Peter)
This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not.
Update gettimeofday
configuration
check so that PostgreSQL can be
built on newer versions of MinGW
(Magnus)
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.