This message came across pgsql-announce@xxxxxxxxxxxxxxx I can't seem to find any information about the "security" release mentioned. Are there any specific security issues that have been addressed? Begin forwarded message: Date: Sun, 22 Oct 2006 18:15:27 -0700 From: David Fetter <david@xxxxxxxxxx> To: PostgreSQL Announce <pgsql-announce@xxxxxxxxxxxxxx> Subject: [ANNOUNCE] == PostgreSQL Weekly News - October 22 2006 == == PostgreSQL Weekly News - October 22 2006 == Security Upgrade Releases 8.1.5, 8.0.9, 7.4.14 and 7.3.16 are out. Upgrade as soon as possible. http://www.postgresql.org/download There is an ongoing discussion about adopting a new CRC algorithm, slicing-by-8, which Intel has developed. Intel may have (and can still apply for) one or more patents on this algorithm. == PostgreSQL Product News == MacDent Pro 1.5 released. http://www.macdentpro.com/ ExtenDB 1.1 released. http://www.extendb.com/pr11.php Slony 1.2.0 released. http://pgfoundry.org/frs/?group_id=1000122 == PostgreSQL Jobs for October == http://archives.postgresql.org/pgsql-jobs/2006-10/threads.php == PostgreSQL Local == Everything this week was global. == PostgreSQL in the News == Planet PostgreSQL: http://www.planetpostgresql.org/ General Bits, Archives and occasional new articles: http://www.varlena.com/GeneralBits/ PostgreSQL Weekly News is brought to you this week by David Fetter and Volkan YAZICI. == Applied Patches == Tom Lane committed: - Various MSVC build fixes from Magnus; also remove stray Windows newlines. - Some desultory copy-editing. - Some marginal editorial improvements and updates in the tutorial. - Further release-note editorialization. - Editorial improvements for recent PL/Python doc updates. - In syntax.sgml, rewrote discussion of string constant syntax to bring it into line with the politically correct view that backslash escapes are deprecated. - Make index entry more specific in libpq.sgml. - Update release notes to current, and do a pass of editorial corrections. - Back-patch second version of AIX getaddrinfo fix. - Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it) - Try to fix the AIX getaddrinfo mess in a way that works on all versions. - Clarify note about interaction of log_statement logging with errors. Remove obsolete note about logging of statements generated by PL/PgSQL function execution as that doesn't happen anymore. - Marginal improvement in logging: include the function name when logging a fastpath function call. - Rename our substitute qsort to pg_qsort at the link-symbol level (but provide a macro so code can still just say qsort). Avoids linker warnings on pickier platforms such as Darwin, and outright failure on MSVC. - Add externs for optarg/optind where apparently needed. Per Magnus. - In contrib/earthdistance, Handle missing M_PI the same way we've been doing in the core code, instead of inserting an MSVC dependency. - Further MSVC portability fixes from Magnus. - Improve port/qsort() to handle sorts with 50% unique and 50% duplicate values. This involves choosing better pivot points for the quicksort. - Fix a couple of places that were assuming debug_query_string couldn't be NULL, as this seems an unsafe assumption. - Make sure that debug_query_string contains the original query text, if available (which it usually should be), during processing of Bind and Execute protocol messages. This improves usefulness of log_min_error_statement logging for extended query protocol. - Clean up local re-declarations of variables with DLLIMPORT, per report from Magnus that MSVC complains about this. - Simplify contrib Makefiles by removing unnecessary SRCS macro, per Magnus. - Work around reported problem that AIX's getaddrinfo() doesn't seem to zero sin_port in the returned IP address struct when servname is NULL. This has been observed to cause failure to bind the stats collection socket, and could perhaps cause other issues too. Per reports from Brad Nicholson and Chris Browne. - Add some code to CREATE DATABASE to check for pre-existing subdirectories that conflict with the OID that we want to use for the new database. This avoids the risk of trying to remove files that maybe we shouldn't remove. Per gripe from Jon Lapham and subsequent discussion of 27-Sep. - Fix up timetz input so that a date is required only when the specified timezone actually has a daylight-savings rule. This avoids breaking cases that used to work because they went through the DecodePosixTimezone code path. Per contrib regression failures. Also document the already-applied change to allow GMT offsets up to 14 hours. - Fix array operator reference in release notes, per David Wheeler. - Fix up some problems in handling of zic-style time zone names in datetime input routines. Remove the former "DecodePosixTimezone" function in favor of letting the zic code handle POSIX-style zone specs (see tzparse()). In particular this means that "PST+3" now means the same as "-03", whereas it used to mean "-11" --- the zone abbreviation is effectively just a noise word in this syntax. Make sure that all named and POSIX-style zone names will be parsed as a single token. Fix long-standing bogosities in printing and input of fractional-hour timezone offsets (since the tzparse() code will accept these, we'd better make 'em work). Also correct an error in the original coding of the zic-zone-name patch: in "timestamp without time zone" input, zone names are supposed to be allowed but ignored, but the coding was such that the zone changed the interpretation anyway. - Arrange for timezone names to be recognized case-insensitively; for example SET TIME ZONE 'america/new_york' works now. This seems a good idea on general user-friendliness grounds, and is part of the solution to the timestamp-input parsing problems I noted recently. - Fix unexpected side-effect of changes for case insensitivity of timezone names. Bruce Momjian committed: - Update PQserverVersion() to use 8.1.X as an example, rather than 7.4 because the function didn't exist in 7.4.X. - Marko Kreen's patch which updates the release notes for new pgcrypto additions. - Add URL for async I/O to TODO list. - Remove qsort TODO.detail. All items completed. - Mark 8.2 release as 2006-??, not 2005-??, per observation by David Wheeler. - Devrim GUNDUZ's, patch which fixes the link problem in FAQ_DEV.html, removes some parts related to website development and changes the link to the FAQ_DEV.html. - Michael Paesold's CREATE CONSTRAINT manual page wording improvements. - Michael Glaesemann's update to CREATE CONSTRAINT manual page. - Devrim GUNDUZ's updates to the RPM-related parts of FAQ_DEV against. - Change use of '<' and '>' to '<' and '>' respectively in SGML. Update find_gt_lt to allow grep parameters to be passed into it. Peter Eisentraut committed: - Translations update. - Punt when trying to build with threaded Python on FreeBSD. Also cut back on excessive use of *** to decorate configure error messages. If it's an error message, you are sure to see it without any decoration. - Remove use of whrandom module from PL/Python, as it was removed in Python 2.5. Neil Conway committed: - Minor doc tweak: make a reference to pg_locks into a link. - A fix to a typo in contrib/adminpack Alvaro Herrera committed: - Fix typo in release.sgml. Tatsuo Ishii committed: - pgbench: More fix with handling default scaling factor in the default scenarios. With multiple clients, only the first client got the right scaling factor and this gave a illusion of better performance in case of the scaling factor greater than 1. == Rejected Patches (for now) == No one was disappointed this week :-) == Pending Patches == Euler Taveira de Oliveira sent an update to the Brazilian FAQ ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly -- Bill Moran Collaborative Fusion Inc. **************************************************************** IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****************************************************************