Subject: CVS commit: [pkgsrc-2006Q1] pkgsrc/databases
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 05/31/2006 11:53:44
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed May 31 11:53:44 UTC 2006

Modified Files:
	pkgsrc/databases/postgresql73 [pkgsrc-2006Q1]: Makefile.common distinfo
	pkgsrc/databases/postgresql73-docs [pkgsrc-2006Q1]: PLIST
	pkgsrc/databases/postgresql74 [pkgsrc-2006Q1]: Makefile.common distinfo
	pkgsrc/databases/postgresql74-docs [pkgsrc-2006Q1]: PLIST
	pkgsrc/databases/postgresql80 [pkgsrc-2006Q1]: Makefile.common distinfo
	pkgsrc/databases/postgresql80-client [pkgsrc-2006Q1]: PLIST
	pkgsrc/databases/postgresql81 [pkgsrc-2006Q1]: Makefile.common distinfo
	pkgsrc/databases/postgresql81-client [pkgsrc-2006Q1]: PLIST

Log Message:
Pullup ticket 1680 - requested by joerg
security updates for postgresql

Revisions pulled up:
- pkgsrc/databases/postgresql73/Makefile.common		1.19
- pkgsrc/databases/postgresql73/distinfo		1.13
- pkgsrc/databases/postgresql73-docs/PLIST		1.7
- pkgsrc/databases/postgresql74/Makefile.common		1.36
- pkgsrc/databases/postgresql74/distinfo		1.21
- pkgsrc/databases/postgresql74-docs/PLIST		1.6
- pkgsrc/databases/postgresql80/Makefile.common		1.23
- pkgsrc/databases/postgresql80/distinfo		1.13
- pkgsrc/databases/postgresql80-client/PLIST		1.11
- pkgsrc/databases/postgresql81/Makefile.common		1.6
- pkgsrc/databases/postgresql81/distinfo		1.2
- pkgsrc/databases/postgresql81-client/PLIST		1.2

   Module Name:	pkgsrc
   Committed By:	joerg
   Date:		Fri May 26 17:47:58 UTC 2006

   Modified Files:
   	pkgsrc/databases/postgresql73: Makefile.common distinfo
   	pkgsrc/databases/postgresql73-docs: PLIST
   	pkgsrc/databases/postgresql74: Makefile.common distinfo
   	pkgsrc/databases/postgresql74-docs: PLIST
   	pkgsrc/databases/postgresql80: Makefile.common distinfo
   	pkgsrc/databases/postgresql80-client: PLIST
   	pkgsrc/databases/postgresql81: Makefile.common distinfo
   	pkgsrc/databases/postgresql81-client: PLIST

   Log Message:
   Update PostgreSQL to 7.3.15, 7.4.13, 8.0.8 and 8.1.4 respectively.

   Common to all versions:
        * Change the server to reject invalidly-encoded multibyte characters
          in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this
          direction for some time, the checks are now applied uniformly to
          all encodings and all textual input, and are now always errors not
          merely warnings. This change defends against SQL-injection attacks
          of the type described in CVE-2006-2313.
        * Reject unsafe uses of \' in string literals As a server-side
          defense against SQL-injection attacks of the type described in
          CVE-2006-2314, the server now only accepts '' and not \' as a
          representation of ASCII single quote in SQL string literals. By
          default, \' is  rejected  only  when  client_encoding is set to a
          client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is
          the scenario in which SQL injection is possible. A new
          configuration parameter backslash_quote is available  to  adjust
          this  behavior  when needed. Note that full security against
          CVE-2006-2314 may require client-side changes; the purpose of
          backslash_quote is in part to make it obvious that insecure clients
          are insecure.
        * Modify libpq's string-escaping routines to be aware of encoding
          considerations This  fixes  libpq-using applications for the
          security issues described in CVE-2006-2313 and CVE-2006-2314.
          Applications that use multiple PostgreSQL connections concurrently
          should migrate to PQescapeStringConn() and PQescapeByteaConn() to
          ensure that escaping is done correctly for the settings in use in
          each database connection. Applications that do string escaping
          "by hand" should be modified to rely on library routines instead.
        * Fix some incorrect encoding conversion functions win1251_to_iso,
          alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all
          broken to varying extents.
        * Clean up stray remaining uses of \' in strings (Bruce, Jan)
        * Fix server to use custom DH SSL parameters correctly (Michael Fuhr)
        * Fix various minor memory leaks

   Additionally for 7.4.13 and later:
        * Fix bug that sometimes caused OR'd index scans to miss rows they
          should have returned
        * Fix WAL replay for case where a btree index has been truncated
        * Fix SIMILAR TO for patterns involving | (Tom)
        * Fix for Bonjour on Intel Macs (Ashley Clark)

   Additionally for 8.0.8 and 8.1.4:
        * Fix SELECT INTO and CREATE TABLE AS to create tables in the
          default tablespace, not the base directory (Kris Jurka)
        * Fix problem with password prompting on some Win32 systems (Robert
          Kinberg)

   Additionally for 8.1.4:
        * Fix weak key selection in pgcrypto (Marko Kreen)
          Errors in fortuna PRNG reseeding logic could cause a predictable
          session key to be selected by pgp_sym_encrypt() in some cases.
          This only affects non-OpenSSL-using builds.
        * Make autovacuum visible in pg_stat_activity (Alvaro)
        * Disable full_page_writes (Tom)
          In certain cases, having full_page_writes off would cause crash
          recovery to fail. A proper fix will appear in 8.2; for now it's
          just disabled.
        * Various planner fixes, particularly for bitmap index scans and
          MIN/MAX optimization (Tom)
        * Fix incorrect optimization in merge join (Tom)
          Outer joins could sometimes emit multiple copies of unmatched
          rows.
        * Fix crash from using and modifying a plpgsql function in the same
          transaction
        * Improve qsort performance (Dann Corbit)
          Currently this code is only used on Solaris.
        * Improve pg_dump's handling of default values for domains
        * Fix pg_dumpall to handle identically-named users and groups
          reasonably (only possible when dumping from a pre-8.1 server) (Tom)
          The user and group will be merged into a single role with LOGIN
          permission. Formerly the merged role wouldn't have LOGIN
          permission, making it unusable as a user.
        * Fix pg_restore -n to work as documented (Tom)


To generate a diff of this commit:
cvs rdiff -r1.16 -r1.16.2.1 pkgsrc/databases/postgresql73/Makefile.common
cvs rdiff -r1.12 -r1.12.2.1 pkgsrc/databases/postgresql73/distinfo
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/databases/postgresql73-docs/PLIST
cvs rdiff -r1.32 -r1.32.2.1 pkgsrc/databases/postgresql74/Makefile.common
cvs rdiff -r1.20 -r1.20.2.1 pkgsrc/databases/postgresql74/distinfo
cvs rdiff -r1.5 -r1.5.2.1 pkgsrc/databases/postgresql74-docs/PLIST
cvs rdiff -r1.19 -r1.19.2.1 pkgsrc/databases/postgresql80/Makefile.common
cvs rdiff -r1.12 -r1.12.2.1 pkgsrc/databases/postgresql80/distinfo
cvs rdiff -r1.10 -r1.10.2.1 pkgsrc/databases/postgresql80-client/PLIST
cvs rdiff -r1.3 -r1.3.2.1 pkgsrc/databases/postgresql81/Makefile.common
cvs rdiff -r1.1.1.1 -r1.1.1.1.2.1 pkgsrc/databases/postgresql81/distinfo
cvs rdiff -r1.1.1.1 -r1.1.1.1.2.1 pkgsrc/databases/postgresql81-client/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.