--- /dev/null
+<!-- BEGIN page_title_block -->
+Weekly News - May 23 2010
+<!-- END page_title_block -->
+
+<h1>PostgreSQL Weekly News - May 23 2010</h1>
+
+<p>
+CHAR(10), the PostgreSQL Conference on Clustering, High Availability
+and Replication is now open for online registration and bookings.
+July 2-3 2010, Oriel College, Oxford University, UK
+<a href="http://www.char10.org/">http://www.char10.org/</a>
+</p>
+
+<h2>PostgreSQL Product News</h2>
+<p>
+Cybercluster 2.0 released.
+<a href="http://www.cybertec.at/en/cybercluster-2-0-synchronous-postgresql-replication">http://www.cybertec.at/en/cybercluster-2-0-synchronous-postgresql-replication</a>
+</p>
+
+<p>
+Muldi-D 0.129.1, a specification for an object-relational language
+intended to run atop, among other systems, PostgreSQL, released.
+<a href="http://archives.postgresql.org/pgsql-announce/2010-05/msg00020.php">http://archives.postgresql.org/pgsql-announce/2010-05/msg00020.php</a>
+</p>
+
+<p>
+MyJSQLView 3.17, a GUI tool that can be used with PostgreSQL, released.
+<a href="http://dandymadeproductions.com/projects/MyJSQLView/index.html">http://dandymadeproductions.com/projects/MyJSQLView/index.html</a>
+</p>
+
+<p>
+PostgreDAC 2.5.5, a Delphi/C++ builder for PostgreSQL, released.
+<a href="http://microolap.com/products/connectivity/postgresdac/download/">http://microolap.com/products/connectivity/postgresdac/download/</a>
+</p>
+
+<p>
+psycopg2 2.2.1, a Python connector for PostgreSQL, released.
+<a href="http://initd.org/psycopg/">http://initd.org/psycopg/</a>
+</p>
+
+<p>
+Devrim GUNDUZ has posted RPMs for the 8.4.4, 8.3.11, 8.2.17, 8.1.21,
+8.0.25, and 7.4.29 security updates.
+<a href="http://yum.pgrpms.org">http://yum.pgrpms.org</a>
+</p>
+
+<p>
+2ndQuadrant France is now open for business.
+<a href="http://www.2ndQuadrant.fr/">http://www.2ndQuadrant.fr/</a>
+</p>
+
+<p>
+Security updates 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, and 7.4.29 are
+out. Update ASAP!
+<a href="http://www.postgresql.org/docs/current/static/release.html">http://www.postgresql.org/docs/current/static/release.html</a>
+</p>
+
+<p>
+Checksums for the tar files are at:
+<a href="http://www.gtsm.com/postgres_sigs.html">http://www.gtsm.com/postgres_sigs.html</a>
+</p>
+
+<p>
+Postgres-XC 0.9.1 released.
+<a href="http://postgres-xc.sourceforge.net/">http://postgres-xc.sourceforge.net/</a>
+</p>
+
+<h2>PostgreSQL 9.0 Feature of the Week</h2>
+<p>
+Large objects (lo_*) now have access controls just like other database
+objects.
+</p>
+
+<h2>PostgreSQL Jobs for May</h2>
+<p>
+<a href="http://archives.postgresql.org/pgsql-jobs/2010-05/threads.php">http://archives.postgresql.org/pgsql-jobs/2010-05/threads.php</a>
+</p>
+
+<h2>PostgreSQL Local</h2>
+<p>
+Registration for Open Source Bridge is open and talks are announced!
+June 1-4, 2010 in Portland, Oregon.
+<a href="http://opensourcebridge.org/events/2010/proposals/">http://opensourcebridge.org/events/2010/proposals/</a>
+</p>
+
+<p>
+Michael Renner will be speaking at AMOOCON, which goes from June 4-6, 2010.
+<a href="http://www.amoocon.de/speakers/214">http://www.amoocon.de/speakers/214</a>
+</p>
+
+<p>
+SouthEast LinuxFest 2010 will take place in Spartanburg, SC USA on
+June 11-13. Â PostgreSQL gurus Joshua Drake and Andrew Dunstan will be
+giving some must-see PostgreSQL-related presentations.
+<a href="http://southeastlinuxfest.org/">http://southeastlinuxfest.org/</a>
+</p>
+
+<p>
+Michael Renner will be speaking at Netways OSDC in Nuremberg, Germany,
+which will be June 23-24, 2010.
+<a href="http://www.netways.de/osdc/y2010/programm/">http://www.netways.de/osdc/y2010/programm/</a>
+</p>
+
+<p>
+PDXPUG Day will be July 18, 2010 at the Oregon Convention Center in
+Portland, OR. For more information, see:
+<a href="http://wiki.postgresql.org/wiki/PDXPUGDay2010">http://wiki.postgresql.org/wiki/PDXPUGDay2010</a>
+</p>
+
+<p>
+OSCON will take place in Portland, Oregon July 19-23, 2010.
+<a href="http://www.oscon.com/oscon2010">http://www.oscon.com/oscon2010</a>
+</p>
+
+<h2>PostgreSQL in the News</h2>
+<p>
+Planet PostgreSQL: <a href="http://planet.postgresql.org/">http://planet.postgresql.org/</a>
+</p>
+
+<p>
+PostgreSQL Weekly News is brought to you this week by David Fetter
+and Devrim GUNDUZ.
+</p>
+
+<p>
+Submit news and announcements by Sunday at 3:00pm Pacific time.
+Please send English language ones to david@fetter.org, German language
+to pwn@pgug.de, Italian language to pwn@itpug.org. Spanish language
+to pwn@arpug.com.ar.
+</p>
+
+<h2>Applied Patches</h2>
+<p>
+Andrew Dunstan committed:
+</p>
+
+<p>
+- Abandon the use of Perl's Safe.pm to enforce restrictions in plperl,
+ as it is fundamentally insecure. Instead apply an opmask to the
+ whole interpreter that imposes restrictions on unsafe operations.
+ These restrictions are much harder to subvert than is Safe.pm, since
+ there is no container to be broken out of. Backported to release
+ 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary
+ backporting of the two interpreters model for plperl and plperlu
+ adopted in release 8.2. In versions 8.0 and up, the use of Perl's
+ POSIX module to undo its locale mangling on Windows has become
+ insecure with these changes, so it is replaced by our own routine,
+ which is also faster. Nice side effects of the changes include that
+ it is now possible to use perl's "strict" pragma in a natural way in
+ plperl, and that perl's $a and $b variables now work as expected in
+ sort routines, and that function compilation is significantly
+ faster. Tim Bunce and Andrew Dunstan, with reviews from Alex
+ Hunsaker and Alexey Klyukin. Security: CVE-2010-1169
+</p>
+
+<p>
+- In pgsql/src/tools/msvc/Mkvcbuild.pm, fix MSVC builds for recent
+ plperl changes. Go back to version 8.2, which is where we started
+ supporting MSVC builds. Security: CVE-2010-1169.
+</p>
+
+<p>
+- In pgsql/src/pl/plperl/plperl.c, follow up a visit from the style
+ police.
+</p>
+
+<p>
+- In pgsql/src/pl/plperl/expected/plperl_init.out, fix regression
+ tests to match error message change.
+</p>
+
+<p>
+Tom Lane committed:
+</p>
+
+<p>
+- Prevent PL/Tcl from loading the "unknown" module from pltcl_modules
+ unless that is a regular table or view owned by a superuser. This
+ prevents a trojan horse attack whereby any unprivileged SQL user
+ could create such a table and insert code into it that would then
+ get executed in other users' sessions whenever they call pltcl
+ functions. Worse yet, because the code was automatically loaded
+ into both the "normal" and "safe" interpreters at first use, the
+ attacker could execute unrestricted Tcl code in the "normal"
+ interpreter without there being any pltclu functions anywhere, or
+ indeed anyone else using pltcl at all: installing pltcl is
+ sufficient to open the hole. Change the initialization logic so
+ that the "unknown" code is only loaded into an interpreter when the
+ interpreter is first really used. (That doesn't add any additional
+ security in this particular context, but it seems a prudent change,
+ and anyway the former behavior violated the principle of least
+ astonishment.) Security: CVE-2010-1170
+</p>
+
+<p>
+- Update release notes with security issues. Security: CVE-2010-1169,
+ CVE-2010-1170
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/config.sgml, fix index entry for
+ lo_compat_privileges, per bug #5467 from KOIZUMI Satoru.
+</p>
+
+<p>
+- Fix oversight in join removal patch: we have to delete the removed
+ relation from SpecialJoinInfo relid sets as well. Per example from
+ Vaclav Novotny.
+</p>
+
+<p>
+- In pgsql/contrib/pg_upgrade/check.c, issue_warnings() has no
+ business freeing its parameter, especially not when its sole caller
+ does that too. Jan Matousek, via Pavel Stehule
+</p>
+
+<p>
+Alvaro Herrera committed:
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/ref/show.sgml, make table in example less
+ wide.
+</p>
+
+<p>
+Robert Haas committed:
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/ref/notify.sgml, move pg_notify() details to a
+ subsection within the NOTIFY reference page. This allows the index
+ to reference the pg_notify() subsection specifically, rather than
+ Notes section of the NOTIFY reference page more generally. Fujii
+ Masao
+</p>
+
+<p>
+- In pgsql/src/bin/psql/command.c, unbreak \h; can't do strlen(NULL).
+ This was broken by the following commmit. Although the original
+ commit was backpatched all the way to 7.4, this particular bug
+ exists only in the version applied to HEAD.
+ <a href="http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php">http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php</a>
+</p>
+
+<p>
+Bruce Momjian committed:
+</p>
+
+<p>
+- In pgsql/contrib/pg_upgrade/TESTING, add pg_upgrade TESTING files
+ explaining a testing method.
+</p>
+
+<p>
+- In pgsql/contrib/pg_upgrade/pg_upgrade.c, use a 'datallowconn' check
+ for avoiding 'template0', rather than hardcoding a 'template0'
+ check, per suggestion from Alvaro. This might fix a problem where
+ someone has allowed 'template0' connections, but it is a cleaner
+ approach even if doesn't fix the bug.
+</p>
+
+<p>
+- In pgsql/contrib/pg_upgrade/pg_upgrade.c, for pg_upgrade, update
+ template0's datfrozenxid and its relfrozenxids to match the behavior
+ of autovacuum, which does this as the xid advances even if
+ autovacuum is turned off.
+</p>
+
+<p>
+- In pgsql/contrib/pg_upgrade/info.c, simplify pg_upgrade queries by
+ using IN instead of multiple OR clauses comparing the same column to
+ multiple values.
+</p>
+
+<p>
+- Add command-line documentation for pg_upgrade.
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/oid2name.sgml, restore oid2name doc change.
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/pgupgrade.sgml, pg_upgrade doc cleanup.
+ Stefan Kaltenbrunner
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/pgupgrade.sgml, doc change: Rename of
+ directory no longer required for pg_migrator 9.0. Alvaro Herrera
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/pgupgrade.sgml, SGML markup cleanup for
+ pg_upgrade.
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/oid2name.sgml, show oid2name command-line
+ arguments in documentation like we do for non-contrib command-line
+ tools (no longer in a single table display).
+</p>
+
+<p>
+Magnus Hagander committed:
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/pgupgrade.sgml, make pg_upgrade documentation
+ refer to 9.0 instead of 8.4. Fujii Masao.
+</p>
+
+<p>
+- In pgsql/doc/src/sgml/config.sgml, refer to pg_ident.conf as config
+ file for username mapping, as it's now used for other things than
+ just ident authentication. Noted by Stephen Frost
+</p>
+
+<p>
+- In pgsql/src/timezone/pgtz.c, change the "N. Central Asia Standard
+ Time" timezone to map to Asia/Novosibirsk on Windows. Microsoft
+ changed the behaviour of this zone in the timezone update from
+ KB976098. The zones differ in handling of DST, and the old zone was
+ just removed. Noted by Dmitry Funk.
+</p>
+
+<p>
+Michael Meskes committed:
+</p>
+
+<p>
+- Ecpg now accepts "long long" datatypes even if "long" is 64bit wide.
+ This used to cover the equally long "long long" type. This patch
+ closes bug #5464.
+</p>
+
+<h2>Rejected Patches (for now)</h2>
+<p>
+No one was disappointed this week :-)
+</p>
+
+<h2>Pending Patches</h2>
+<p>
+Stephen Frost sent in two more revisions of a patch to fix psql's
+ability to clean up when quitting the pager, which resulted in queries
+continuing to run after the pager exited.
+</p>
+
+<p>
+Fujii Masao sent in two revisions of a patch to fix smart shutdown for
+Hot Standby.
+</p>
+
+<p>
+Fujii Masao sent in a patch to distinguish normal shutdown from
+unexpected exit, while the server is in recovery.
+</p>
+
+<p>
+Tom Lane sent in a patch to fix a performance issue with
+textanycat/anytextcat.
+</p>
+
+<p>
+Alvaro Herrera sent in a patch to fix an issue with fillfactor on
+TOAST tables.
+</p>
+
+<p>
+Florian Pflug sent in two revisions of a patch to fix SERIALIZABLE
+transactions.
+</p>
+
+<p>
+Kevin Grittner sent in a WIP patch for 9.1 to do true SERIALIZABLE
+using predicate locking.
+</p>
+
+<p>
+Joel Jacobson sent in another revision of the patch to implement
+pg_stat_transaction.
+</p>
+
+<p>
+Robert Haas sent in a patch to add a hook called ExecutorCheckPerms(),
+per discussion.
+</p>
+
+<p>
+Andres Freund sent in a patch which replaces the current CRC32 with a
+more efficient version from zlib.
+</p>
+
+<p>
+Jeff Davis sent in a patch to change a sanity check in exclusion
+constraints.
+</p>
+
+<p>
+Jeff Davis sent in a patch for 9.1 to add btree_gist support for the
+"<>" operator.
+
+</p>
+
projects / pgweb-old.git / commitdiff