Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite5ac0d6

Browse files
committed
Merge branch 'REL9_5_STABLE' into PGPRO9_5
Conflicts:doc/bug.template
2 parents0605b58 +eb4dfa2 commite5ac0d6

File tree

65 files changed

+5629
-4363
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

65 files changed

+5629
-4363
lines changed

‎configure

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#! /bin/sh
22
# Guess values for system-dependent variables and create Makefiles.
3-
# Generated by GNU Autoconf 2.69 for PostgreSQL 9.5.3.
3+
# Generated by GNU Autoconf 2.69 for PostgreSQL 9.5.4.
44
#
55
# Report bugs to <pgsql-bugs@postgresql.org>.
66
#
@@ -583,8 +583,8 @@ MAKEFLAGS=
583583
# Identity of this package.
584584
PACKAGE_NAME='PostgreSQL'
585585
PACKAGE_TARNAME='postgresql'
586-
PACKAGE_VERSION='9.5.3'
587-
PACKAGE_STRING='PostgreSQL 9.5.3'
586+
PACKAGE_VERSION='9.5.4'
587+
PACKAGE_STRING='PostgreSQL 9.5.4'
588588
PACKAGE_BUGREPORT='pgsql-bugs@postgresql.org'
589589
PACKAGE_URL=''
590590

@@ -1401,7 +1401,7 @@ if test "$ac_init_help" = "long"; then
14011401
# Omit some internal or obsolete options to make the list less imposing.
14021402
# This message is too long to be a string in the A/UX 3.1 sh.
14031403
cat<<_ACEOF
1404-
\`configure' configures PostgreSQL 9.5.3 to adapt to many kinds of systems.
1404+
\`configure' configures PostgreSQL 9.5.4 to adapt to many kinds of systems.
14051405
14061406
Usage:$0 [OPTION]... [VAR=VALUE]...
14071407
@@ -1466,7 +1466,7 @@ fi
14661466

14671467
iftest -n"$ac_init_help";then
14681468
case$ac_init_helpin
1469-
short | recursive )echo"Configuration of PostgreSQL 9.5.3:";;
1469+
short | recursive )echo"Configuration of PostgreSQL 9.5.4:";;
14701470
esac
14711471
cat<<\_ACEOF
14721472
@@ -1617,7 +1617,7 @@ fi
16171617
test -n "$ac_init_help" && exit $ac_status
16181618
if $ac_init_version; then
16191619
cat <<\_ACEOF
1620-
PostgreSQL configure 9.5.3
1620+
PostgreSQL configure 9.5.4
16211621
generated by GNU Autoconf 2.69
16221622
16231623
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2329,7 +2329,7 @@ cat >config.log <<_ACEOF
23292329
This file contains any messages produced by compilers while
23302330
running configure, to aid debugging if configure makes a mistake.
23312331
2332-
It was created by PostgreSQL$as_me 9.5.3, which was
2332+
It was created by PostgreSQL$as_me 9.5.4, which was
23332333
generated by GNU Autoconf 2.69. Invocation command line was
23342334
23352335
$$0$@
@@ -18131,7 +18131,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
1813118131
# report actual input values of CONFIG_FILES etc. instead of their
1813218132
# values after options handling.
1813318133
ac_log="
18134-
This file was extended by PostgreSQL $as_me 9.5.3, which was
18134+
This file was extended by PostgreSQL $as_me 9.5.4, which was
1813518135
generated by GNU Autoconf 2.69. Invocation command line was
1813618136
1813718137
CONFIG_FILES = $CONFIG_FILES
@@ -18201,7 +18201,7 @@ _ACEOF
1820118201
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
1820218202
ac_cs_config="`$as_echo"$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
1820318203
ac_cs_version="\\
18204-
PostgreSQL config.status 9.5.3
18204+
PostgreSQL config.status 9.5.4
1820518205
configured by$0, generated by GNU Autoconf 2.69,
1820618206
with options\\"\$ac_cs_config\\"
1820718207

‎configure.in

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ dnl Read the Autoconf manual for details.
1717
dnl
1818
m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
1919

20-
AC_INIT([PostgreSQL], [9.5.3], [pgsql-bugs@postgresql.org])
20+
AC_INIT([PostgreSQL], [9.5.4], [pgsql-bugs@postgresql.org])
2121

2222
m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
2323
Untested combinations of 'autoconf' and PostgreSQL versions are not

‎doc/bug.template

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ System Configuration:
2323

2424
Operating System (example: Ubuntu Linux 16.04):
2525

26-
PostgreSQL version (example: PostgresPro 9.5.3.1): PostgrePro 9.5.3.1
26+
PostgreSQL version (example: PostgresPro 9.5.4.1): PostgrePro 9.5.4.1
2727

2828
Compiler used (example: gcc 3.3.5):
2929

‎doc/src/sgml/ref/psql-ref.sgml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -799,7 +799,7 @@ testdb=&gt;
799799
</varlistentry>
800800

801801
<varlistentry>
802-
<term><literal>\c</literal> or <literal>\connect</literal> <literal>[ <replaceable class="parameter">dbname</replaceable> [ <replaceable class="parameter">username</replaceable> ] [ <replaceable class="parameter">host</replaceable> ] [ <replaceable class="parameter">port</replaceable> ]]| <replaceable class="parameter">conninfo</replaceable> </literal></term>
802+
<term><literal>\c</literal> or <literal>\connect [ -reuse-previous=<replaceable class="parameter">on|off</replaceable> ][ <replaceable class="parameter">dbname</replaceable> [ <replaceable class="parameter">username</replaceable> ] [ <replaceable class="parameter">host</replaceable> ] [ <replaceable class="parameter">port</replaceable> ] | <replaceable class="parameter">conninfo</replaceable>]</literal></term>
803803
<listitem>
804804
<para>
805805
Establishes a new connection to a <productname>&productname;</>
@@ -809,16 +809,19 @@ testdb=&gt;
809809
</para>
810810

811811
<para>
812-
When using positional parameters, if any of
813-
<replaceable class="parameter">dbname</replaceable>,
812+
Where the command omits database name, user, host, or port, the new
813+
connection can reuse values from the previous connection. By default,
814+
values from the previous connection are reused except when processing
815+
a <literal>conninfo</> string. Passing a first argument
816+
of <literal>-reuse-previous=on</>
817+
or <literal>-reuse-previous=off</literal> overrides that default.
818+
When the command neither specifies nor reuses a particular parameter,
819+
the <application>libpq</application> default is used. Specifying any
820+
of <replaceable class="parameter">dbname</replaceable>,
814821
<replaceable class="parameter">username</replaceable>,
815822
<replaceable class="parameter">host</replaceable> or
816-
<replaceable class="parameter">port</replaceable> are omitted or
817-
specified as <literal>-</literal>, the value of that parameter from
818-
the previous connection is used; if there is no previous connection,
819-
the <application>libpq</application> default for the parameter's value
820-
is used. When using <literal>conninfo</> strings, no values from the
821-
previous connection are used for the new connection.
823+
<replaceable class="parameter">port</replaceable>
824+
as <literal>-</literal> is equivalent to omitting that parameter.
822825
</para>
823826

824827
<para>

‎doc/src/sgml/release-9.1.sgml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,72 @@
4040

4141
<itemizedlist>
4242

43+
<listitem>
44+
<para>
45+
Fix possible mis-evaluation of
46+
nested <literal>CASE</>-<literal>WHEN</> expressions (Heikki
47+
Linnakangas, Michael Paquier, Tom Lane)
48+
</para>
49+
50+
<para>
51+
A <literal>CASE</> expression appearing within the test value
52+
subexpression of another <literal>CASE</> could become confused about
53+
whether its own test value was null or not. Also, inlining of a SQL
54+
function implementing the equality operator used by
55+
a <literal>CASE</> expression could result in passing the wrong test
56+
value to functions called within a <literal>CASE</> expression in the
57+
SQL function's body. If the test values were of different data
58+
types, a crash might result; moreover such situations could be abused
59+
to allow disclosure of portions of server memory. (CVE-2016-5423)
60+
</para>
61+
</listitem>
62+
63+
<listitem>
64+
<para>
65+
Fix client programs' handling of special characters in database and
66+
role names (Noah Misch, Nathan Bossart, Michael Paquier)
67+
</para>
68+
69+
<para>
70+
Numerous places in <application>vacuumdb</> and other client programs
71+
could become confused by database and role names containing double
72+
quotes or backslashes. Tighten up quoting rules to make that safe.
73+
Also, ensure that when a conninfo string is used as a database name
74+
parameter to these programs, it is correctly treated as such throughout.
75+
</para>
76+
77+
<para>
78+
Fix handling of paired double quotes
79+
in <application>psql</>'s <command>\connect</>
80+
and <command>\password</> commands to match the documentation.
81+
</para>
82+
83+
<para>
84+
Introduce a new <option>-reuse-previous</> option
85+
in <application>psql</>'s <command>\connect</> command to allow
86+
explicit control of whether to re-use connection parameters from a
87+
previous connection. (Without this, the choice is based on whether
88+
the database name looks like a conninfo string, as before.) This
89+
allows secure handling of database names containing special
90+
characters in <application>pg_dumpall</> scripts.
91+
</para>
92+
93+
<para>
94+
<application>pg_dumpall</> now refuses to deal with database and role
95+
names containing carriage returns or newlines, as it seems impractical
96+
to quote those characters safely on Windows. In future we may reject
97+
such names on the server side, but that step has not been taken yet.
98+
</para>
99+
100+
<para>
101+
These are considered security fixes because crafted object names
102+
containing special characters could have been used to execute
103+
commands with superuser privileges the next time a superuser
104+
executes <application>pg_dumpall</> or other routine maintenance
105+
operations. (CVE-2016-5424)
106+
</para>
107+
</listitem>
108+
43109
<listitem>
44110
<para>
45111
Fix corner-case misbehaviors for <literal>IS NULL</>/<literal>IS NOT
@@ -77,6 +143,20 @@
77143
</para>
78144
</listitem>
79145

146+
<listitem>
147+
<para>
148+
Fix several one-byte buffer over-reads in <function>to_number()</>
149+
(Peter Eisentraut)
150+
</para>
151+
152+
<para>
153+
In several cases the <function>to_number()</> function would read one
154+
more character than it should from the input string. There is a
155+
small chance of a crash, if the input happens to be adjacent to the
156+
end of memory.
157+
</para>
158+
</listitem>
159+
80160
<listitem>
81161
<para>
82162
Avoid unsafe intermediate state during expensive paths

‎doc/src/sgml/release-9.2.sgml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,72 @@
3434

3535
<itemizedlist>
3636

37+
<listitem>
38+
<para>
39+
Fix possible mis-evaluation of
40+
nested <literal>CASE</>-<literal>WHEN</> expressions (Heikki
41+
Linnakangas, Michael Paquier, Tom Lane)
42+
</para>
43+
44+
<para>
45+
A <literal>CASE</> expression appearing within the test value
46+
subexpression of another <literal>CASE</> could become confused about
47+
whether its own test value was null or not. Also, inlining of a SQL
48+
function implementing the equality operator used by
49+
a <literal>CASE</> expression could result in passing the wrong test
50+
value to functions called within a <literal>CASE</> expression in the
51+
SQL function's body. If the test values were of different data
52+
types, a crash might result; moreover such situations could be abused
53+
to allow disclosure of portions of server memory. (CVE-2016-5423)
54+
</para>
55+
</listitem>
56+
57+
<listitem>
58+
<para>
59+
Fix client programs' handling of special characters in database and
60+
role names (Noah Misch, Nathan Bossart, Michael Paquier)
61+
</para>
62+
63+
<para>
64+
Numerous places in <application>vacuumdb</> and other client programs
65+
could become confused by database and role names containing double
66+
quotes or backslashes. Tighten up quoting rules to make that safe.
67+
Also, ensure that when a conninfo string is used as a database name
68+
parameter to these programs, it is correctly treated as such throughout.
69+
</para>
70+
71+
<para>
72+
Fix handling of paired double quotes
73+
in <application>psql</>'s <command>\connect</>
74+
and <command>\password</> commands to match the documentation.
75+
</para>
76+
77+
<para>
78+
Introduce a new <option>-reuse-previous</> option
79+
in <application>psql</>'s <command>\connect</> command to allow
80+
explicit control of whether to re-use connection parameters from a
81+
previous connection. (Without this, the choice is based on whether
82+
the database name looks like a conninfo string, as before.) This
83+
allows secure handling of database names containing special
84+
characters in <application>pg_dumpall</> scripts.
85+
</para>
86+
87+
<para>
88+
<application>pg_dumpall</> now refuses to deal with database and role
89+
names containing carriage returns or newlines, as it seems impractical
90+
to quote those characters safely on Windows. In future we may reject
91+
such names on the server side, but that step has not been taken yet.
92+
</para>
93+
94+
<para>
95+
These are considered security fixes because crafted object names
96+
containing special characters could have been used to execute
97+
commands with superuser privileges the next time a superuser
98+
executes <application>pg_dumpall</> or other routine maintenance
99+
operations. (CVE-2016-5424)
100+
</para>
101+
</listitem>
102+
37103
<listitem>
38104
<para>
39105
Fix corner-case misbehaviors for <literal>IS NULL</>/<literal>IS NOT
@@ -71,6 +137,20 @@
71137
</para>
72138
</listitem>
73139

140+
<listitem>
141+
<para>
142+
Fix several one-byte buffer over-reads in <function>to_number()</>
143+
(Peter Eisentraut)
144+
</para>
145+
146+
<para>
147+
In several cases the <function>to_number()</> function would read one
148+
more character than it should from the input string. There is a
149+
small chance of a crash, if the input happens to be adjacent to the
150+
end of memory.
151+
</para>
152+
</listitem>
153+
74154
<listitem>
75155
<para>
76156
Avoid unsafe intermediate state during expensive paths

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp