Skip site navigation (1) Skip section navigation (2)

== PostgreSQL Weekly News - May 23 2010 ==

From: David Fetter <david(at)fetter(dot)org>
To: PostgreSQL Announce <pgsql-announce(at)postgresql(dot)org>
Subject: == PostgreSQL Weekly News - May 23 2010 ==
Date: 2010-05-23 21:09:39
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-announce
== PostgreSQL Weekly News - May 23 2010 ==

CHAR(10), the PostgreSQL Conference on Clustering, High Availability
and Replication is now open for online registration and bookings.
July 2-3 2010, Oriel College, Oxford University, UK

== PostgreSQL Product News ==

Cybercluster 2.0 released.

Muldi-D 0.129.1, a specification for an object-relational language
intended to run atop, among other systems, PostgreSQL, released.

MyJSQLView 3.17, a GUI tool that can be used with PostgreSQL, released.

PostgreDAC 2.5.5, a Delphi/C++ builder for PostgreSQL, released.

psycopg2 2.2.1, a Python connector for PostgreSQL, released.

Devrim GUNDUZ has posted RPMs for the 8.4.4, 8.3.11, 8.2.17, 8.1.21,
8.0.25, and 7.4.29 security updates.

2ndQuadrant France is now open for business.

Security updates 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29 are
out.  Update ASAP!

Checksums for the tar files are at:                                                                                                                       

Postgres-XC 0.9.1 released.

== PostgreSQL 9.0 Feature of the Week ==

Large objects (lo_*) now have access controls just like other database

== PostgreSQL Jobs for May ==

== PostgreSQL Local ==

Registration for Open Source Bridge is open and talks are announced!
June 1-4, 2010 in Portland, Oregon.

Michael Renner will be speaking at AMOOCON, which goes from June 4-6, 2010.

SouthEast LinuxFest 2010 will take place in Spartanburg, SC USA on
June 11-13.  PostgreSQL gurus Joshua Drake and Andrew Dunstan will be
giving some must-see PostgreSQL-related presentations.

Michael Renner will be speaking at Netways OSDC in Nuremberg, Germany,
which will be June 23-24, 2010.

PDXPUG Day will be July 18, 2010 at the Oregon Convention Center in
Portland, OR.  For more information, see:

OSCON will take place in Portland, Oregon July 19-23, 2010.

== PostgreSQL in the News ==

Planet PostgreSQL:

PostgreSQL Weekly News is brought to you this week by David Fetter
and Devrim GUNDUZ.

Submit news and announcements by Sunday at 3:00pm Pacific time.
Please send English language ones to david(at)fetter(dot)org, German language
to pwn(at)pgug(dot)de, Italian language to pwn(at)itpug(dot)org(dot)  Spanish language
to pwn(at)arpug(dot)com(dot)ar(dot)

== Applied Patches ==

Andrew Dunstan committed:

- Abandon the use of Perl's to enforce restrictions in plperl,
  as it is fundamentally insecure. Instead apply an opmask to the
  whole interpreter that imposes restrictions on unsafe operations.
  These restrictions are much harder to subvert than is, since
  there is no container to be broken out of.  Backported to release
  7.4.  In releases 7.4, 8.0 and 8.1 this also includes the necessary
  backporting of the two interpreters model for plperl and plperlu
  adopted in release 8.2.  In versions 8.0 and up, the use of Perl's
  POSIX module to undo its locale mangling on Windows has become
  insecure with these changes, so it is replaced by our own routine,
  which is also faster.  Nice side effects of the changes include that
  it is now possible to use perl's "strict" pragma in a natural way in
  plperl, and that perl's $a and $b variables now work as expected in
  sort routines, and that function compilation is significantly
  faster.  Tim Bunce and Andrew Dunstan, with reviews from Alex
  Hunsaker and Alexey Klyukin.  Security: CVE-2010-1169

- In pgsql/src/tools/msvc/, fix MSVC builds for recent
  plperl changes. Go back to version 8.2, which is where we started
  supporting MSVC builds.  Security: CVE-2010-1169.

- In pgsql/src/pl/plperl/plperl.c, follow up a visit from the style

- In pgsql/src/pl/plperl/expected/plperl_init.out, fix regression
  tests to match error message change.

Tom Lane committed:

- Prevent PL/Tcl from loading the "unknown" module from pltcl_modules
  unless that is a regular table or view owned by a superuser.  This
  prevents a trojan horse attack whereby any unprivileged SQL user
  could create such a table and insert code into it that would then
  get executed in other users' sessions whenever they call pltcl
  functions.  Worse yet, because the code was automatically loaded
  into both the "normal" and "safe" interpreters at first use, the
  attacker could execute unrestricted Tcl code in the "normal"
  interpreter without there being any pltclu functions anywhere, or
  indeed anyone else using pltcl at all: installing pltcl is
  sufficient to open the hole.  Change the initialization logic so
  that the "unknown" code is only loaded into an interpreter when the
  interpreter is first really used.  (That doesn't add any additional
  security in this particular context, but it seems a prudent change,
  and anyway the former behavior violated the principle of least
  astonishment.) Security: CVE-2010-1170

- Update release notes with security issues.  Security: CVE-2010-1169,

- In pgsql/doc/src/sgml/config.sgml, fix index entry for
  lo_compat_privileges, per bug #5467 from KOIZUMI Satoru.

- Fix oversight in join removal patch: we have to delete the removed
  relation from SpecialJoinInfo relid sets as well.  Per example from
  Vaclav Novotny.

- In pgsql/contrib/pg_upgrade/check.c, issue_warnings() has no
  business freeing its parameter, especially not when its sole caller
  does that too.  Jan Matousek, via Pavel Stehule

Alvaro Herrera committed:

- In pgsql/doc/src/sgml/ref/show.sgml, make table in example less

Robert Haas committed:

- In pgsql/doc/src/sgml/ref/notify.sgml, move pg_notify() details to a
  subsection within the NOTIFY reference page.  This allows the index
  to reference the pg_notify() subsection specifically, rather than
  Notes section of the NOTIFY reference page more generally.  Fujii

- In pgsql/src/bin/psql/command.c, unbreak \h; can't do strlen(NULL).
  This was broken by the following commmit.  Although the original
  commit was backpatched all the way to 7.4, this particular bug
  exists only in the version applied to HEAD.

Bruce Momjian committed:

- In pgsql/contrib/pg_upgrade/TESTING, add pg_upgrade TESTING files
  explaining a testing method.

- In pgsql/contrib/pg_upgrade/pg_upgrade.c, use a 'datallowconn' check
  for avoiding 'template0', rather than hardcoding a 'template0'
  check, per suggestion from Alvaro.  This might fix a problem where
  someone has allowed 'template0' connections, but it is a cleaner
  approach even if doesn't fix the bug.

- In pgsql/contrib/pg_upgrade/pg_upgrade.c, for pg_upgrade, update
  template0's datfrozenxid and its relfrozenxids to match the behavior
  of autovacuum, which does this as the xid advances even if
  autovacuum is turned off.

- In pgsql/contrib/pg_upgrade/info.c, simplify pg_upgrade queries by
  using IN instead of multiple OR clauses comparing the same column to
  multiple values.

- Add command-line documentation for pg_upgrade.

- In pgsql/doc/src/sgml/oid2name.sgml, restore oid2name doc change.

- In pgsql/doc/src/sgml/pgupgrade.sgml, pg_upgrade doc cleanup.
  Stefan Kaltenbrunner

- In pgsql/doc/src/sgml/pgupgrade.sgml, doc change:  Rename of
  directory no longer required for pg_migrator 9.0.  Alvaro Herrera 

- In pgsql/doc/src/sgml/pgupgrade.sgml, SGML markup cleanup for

- In pgsql/doc/src/sgml/oid2name.sgml, show oid2name command-line
  arguments in documentation like we do for non-contrib command-line
  tools (no longer in a single table display).

Magnus Hagander committed:

- In pgsql/doc/src/sgml/pgupgrade.sgml, make pg_upgrade documentation
  refer to 9.0 instead of 8.4.  Fujii Masao.

- In pgsql/doc/src/sgml/config.sgml, refer to pg_ident.conf as config
  file for username mapping, as it's now used for other things than
  just ident authentication.  Noted by Stephen Frost

- In pgsql/src/timezone/pgtz.c, change the "N. Central Asia Standard
  Time" timezone to map to Asia/Novosibirsk on Windows.  Microsoft
  changed the behaviour of this zone in the timezone update from
  KB976098.  The zones differ in handling of DST, and the old zone was
  just removed.  Noted by Dmitry Funk.

Michael Meskes committed:

- Ecpg now accepts "long long" datatypes even if "long" is 64bit wide.
  This used to cover the equally long "long long" type.  This patch
  closes bug #5464.

== Rejected Patches (for now) ==

No one was disappointed this week :-)

== Pending Patches ==

Stephen Frost sent in two more revisions of a patch to fix psql's
ability to clean up when quitting the pager, which resulted in queries
continuing to run after the pager exited.

Fujii Masao sent in two revisions of a patch to fix smart shutdown for
Hot Standby.

Fujii Masao sent in a patch to distinguish normal shutdown from
unexpected exit, while the server is in recovery.

Tom Lane sent in a patch to fix a performance issue with

Alvaro Herrera sent in a patch to fix an issue with fillfactor on
TOAST tables.

Florian Pflug sent in two revisions of a patch to fix SERIALIZABLE

Kevin Grittner sent in a WIP patch for 9.1 to do true SERIALIZABLE
using predicate locking.

Joel Jacobson sent in another revision of the patch to implement

Robert Haas sent in a patch to add a hook called ExecutorCheckPerms(),
per discussion.

Andres Freund sent in a patch which replaces the current CRC32 with a
more efficient version from zlib.

Jeff Davis sent in a patch to change a sanity check in exclusion

Jeff Davis sent in a patch for 9.1 to add btree_gist support for the
"<>" operator.

pgsql-announce by date

Next:From: Mark WongDate: 2010-05-26 02:12:17
Subject: Fwd: PDXPUG Day at OSCON 2010
Previous:From: dmpDate: 2010-05-20 18:11:43
Subject: MyJSQLView Version 3.17 Released

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group