Skip to content

Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010


Der Originalartikel befindet sich unter:

http://www.postgresql.org/community/weeklynews/pwn20100523



== Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 ==

Für die CHAR(10), die PostgreSQL-Konferenz über Clustering,
Hochverfügbarkeit und Replikation kann man sich jetzt online
anmelden und buchen. Die Veranstaltung findet am 2. und 3. Juli 2010
im Oriel College an der Oxford Universität in England statt.
http://www.char10.org/

== PostgreSQL Produkt Neuigkeiten ==

Cybercluster 2.0 erschienen.
http://www.cybertec.at/en/cybercluster-2-0-synchronous-postgresql-replication

Muldi-D 0.129.1, eine Spezifikation für eine objekt-relationale
Sprache, die in PostgreSQL (und anderen) läuft, ist erschienen.
http://archives.postgresql.org/pgsql-announce/2010-05/msg00020.php

MyJSQLView 3.17, ein GUI Werkzeug welches mit PostgreSQL verwendet
werden kann, ist erschienen.
http://dandymadeproductions.com/projects/MyJSQLView/index.html

PostgreDAC 2.5.5, ein Delphi/C++ Builder für PostgreSQL,
ist erschienen.
http://microolap.com/products/connectivity/postgresdac/download/

psycopg2 2.2.1, ein in Python geschriebener Connector für
PostgreSQL, ist erschienen.
http://initd.org/psycopg/

Devrim GUNDUZ hat RPMs für die 8.4.4, 8.3.11, 8.2.17, 8.1.21,
8.0.25 und 7.4.29 Sicherheitsupdates veröffentlicht.
http://yum.pgrpms.org

2ndQuadrant France ist jetzt im Geschäft.
http://www.2ndQuadrant.fr/

Sicherheitsupdates für 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25 und
7.4.29 sind erschienen. Zeitnah updaten!
http://www.postgresql.org/docs/current/static/release.html

Prüfsummen für die Tar Dateien sind hier:
http://www.gtsm.com/postgres_sigs.html

Postgres-XC 0.9.1 erschienen.
http://postgres-xc.sourceforge.net/

== PostgreSQL 9.0 Feature der Woche ==

Large Objects (lo_*) haben nun eine Zugriffskontrolle wie jedes andere
Objekt in der Datenbank.

== PostgreSQL Jobs im Mai ==

http://archives.postgresql.org/pgsql-jobs/2010-05/threads.php

== PostgreSQL Lokal ==

Registrierung für Open Source Bridge ist offen und Vorträge sind
veröffentlicht. Vom 1. bis 4. Juni in Portland, Oregon.
http://opensourcebridge.org/events/2010/proposals/

Michael Renner will be speaking at AMOOCON, which goes from June 4-6,
2010. http://www.amoocon.de/speakers/214

Das Southeast Linuxfest 2010 findet in Spartanburg, SC, USA am
12. und 13. Juni statt. Die PostgreSQL-Gurus Joshua Drake und
Andrew Dunstan werden einige PostgreSQL-relevante Vorträge halten,
die du gesehen haben musst.
http://southeastlinuxfest.org/

Michael Renner wird auf der Netways OSDC in Nürnberg, Deutschland,
am 23./24. Juni 2010 einen Vortrag halten.
http://www.netways.de/osdc/y2010/programm/

Der PDXPUG Day findet am 18. Juli 2010 im Oregon Convention
Center in Portland, OR., statt. Mehr Informationen unter:
http://wiki.postgresql.org/wiki/PDXPUGDay2010

OSCON wird in Portland, Oregon vom 19. bis 23. Juli 2010 stattfinden.
http://www.oscon.com/oscon2010

== PostgreSQL in den News ==

Planet PostgreSQL: http://planet.postgresql.org/

Dieser wöchentliche PostgreSQL Newsletter wurde erstellt von David
Fetter und Devrim GUNDUZ.

Sende Neuigkeiten und Ankündigungen bis Sonntag, 15 Uhr Pazifischer
Zeit. Bitte sende englische Beiträge an david@fetter.org, deutsche an
pwn@pgug.de, italienische an pwn@itpug.org.



== Angewandte Patches ==

Andrew Dunstan committed:

- Abandon the use of Perl's Safe.pm to enforce restrictions in plperl,
  as it is fundamentally insecure. Instead apply an opmask to the
  whole interpreter that imposes restrictions on unsafe operations.
  These restrictions are much harder to subvert than is Safe.pm, since
  there is no container to be broken out of.  Backported to release
  7.4.  In releases 7.4, 8.0 and 8.1 this also includes the necessary
  backporting of the two interpreters model for plperl and plperlu
  adopted in release 8.2.  In versions 8.0 and up, the use of Perl's
  POSIX module to undo its locale mangling on Windows has become
  insecure with these changes, so it is replaced by our own routine,
  which is also faster.  Nice side effects of the changes include that
  it is now possible to use perl's "strict" pragma in a natural way in
  plperl, and that perl's $a and $b variables now work as expected in
  sort routines, and that function compilation is significantly
  faster.  Tim Bunce and Andrew Dunstan, with reviews from Alex
  Hunsaker and Alexey Klyukin.  Security: CVE-2010-1169

- In pgsql/src/tools/msvc/Mkvcbuild.pm, fix MSVC builds for recent
  plperl changes. Go back to version 8.2, which is where we started
  supporting MSVC builds.  Security: CVE-2010-1169.

- In pgsql/src/pl/plperl/plperl.c, follow up a visit from the style
  police.

- In pgsql/src/pl/plperl/expected/plperl_init.out, fix regression
  tests to match error message change.

Tom Lane committed:

- Prevent PL/Tcl from loading the "unknown" module from pltcl_modules
  unless that is a regular table or view owned by a superuser.  This
  prevents a trojan horse attack whereby any unprivileged SQL user
  could create such a table and insert code into it that would then
  get executed in other users' sessions whenever they call pltcl
  functions.  Worse yet, because the code was automatically loaded
  into both the "normal" and "safe" interpreters at first use, the
  attacker could execute unrestricted Tcl code in the "normal"
  interpreter without there being any pltclu functions anywhere, or
  indeed anyone else using pltcl at all: installing pltcl is
  sufficient to open the hole.  Change the initialization logic so
  that the "unknown" code is only loaded into an interpreter when the
  interpreter is first really used.  (That doesn't add any additional
  security in this particular context, but it seems a prudent change,
  and anyway the former behavior violated the principle of least
  astonishment.) Security: CVE-2010-1170

- Update release notes with security issues.  Security: CVE-2010-1169,
  CVE-2010-1170

- In pgsql/doc/src/sgml/config.sgml, fix index entry for
  lo_compat_privileges, per bug #5467 from KOIZUMI Satoru.

- Fix oversight in join removal patch: we have to delete the removed
  relation from SpecialJoinInfo relid sets as well.  Per example from
  Vaclav Novotny.

- In pgsql/contrib/pg_upgrade/check.c, issue_warnings() has no
  business freeing its parameter, especially not when its sole caller
  does that too.  Jan Matousek, via Pavel Stehule

Alvaro Herrera committed:

- In pgsql/doc/src/sgml/ref/show.sgml, make table in example less
  wide.

Robert Haas committed:

- In pgsql/doc/src/sgml/ref/notify.sgml, move pg_notify() details to a
  subsection within the NOTIFY reference page.  This allows the index
  to reference the pg_notify() subsection specifically, rather than
  Notes section of the NOTIFY reference page more generally.  Fujii
  Masao

- In pgsql/src/bin/psql/command.c, unbreak \h; can't do strlen(NULL).
  This was broken by the following commmit.  Although the original
  commit was backpatched all the way to 7.4, this particular bug
  exists only in the version applied to HEAD.
  http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php

Bruce Momjian committed:

- In pgsql/contrib/pg_upgrade/TESTING, add pg_upgrade TESTING files
  explaining a testing method.

- In pgsql/contrib/pg_upgrade/pg_upgrade.c, use a 'datallowconn' check
  for avoiding 'template0', rather than hardcoding a 'template0'
  check, per suggestion from Alvaro.  This might fix a problem where
  someone has allowed 'template0' connections, but it is a cleaner
  approach even if doesn't fix the bug.

- In pgsql/contrib/pg_upgrade/pg_upgrade.c, for pg_upgrade, update
  template0's datfrozenxid and its relfrozenxids to match the behavior
  of autovacuum, which does this as the xid advances even if
  autovacuum is turned off.

- In pgsql/contrib/pg_upgrade/info.c, simplify pg_upgrade queries by
  using IN instead of multiple OR clauses comparing the same column to
  multiple values.

- Add command-line documentation for pg_upgrade.

- In pgsql/doc/src/sgml/oid2name.sgml, restore oid2name doc change.

- In pgsql/doc/src/sgml/pgupgrade.sgml, pg_upgrade doc cleanup.
  Stefan Kaltenbrunner

- In pgsql/doc/src/sgml/pgupgrade.sgml, doc change:  Rename of
  directory no longer required for pg_migrator 9.0.  Alvaro Herrera

- In pgsql/doc/src/sgml/pgupgrade.sgml, SGML markup cleanup for
  pg_upgrade.

- In pgsql/doc/src/sgml/oid2name.sgml, show oid2name command-line
  arguments in documentation like we do for non-contrib command-line
  tools (no longer in a single table display).

Magnus Hagander committed:

- In pgsql/doc/src/sgml/pgupgrade.sgml, make pg_upgrade documentation
  refer to 9.0 instead of 8.4.  Fujii Masao.

- In pgsql/doc/src/sgml/config.sgml, refer to pg_ident.conf as config
  file for username mapping, as it's now used for other things than
  just ident authentication.  Noted by Stephen Frost

- In pgsql/src/timezone/pgtz.c, change the "N. Central Asia Standard
  Time" timezone to map to Asia/Novosibirsk on Windows.  Microsoft
  changed the behaviour of this zone in the timezone update from
  KB976098.  The zones differ in handling of DST, and the old zone was
  just removed.  Noted by Dmitry Funk.

Michael Meskes committed:

- Ecpg now accepts "long long" datatypes even if "long" is 64bit wide.
  This used to cover the equally long "long long" type.  This patch
  closes bug #5464.

== Abgelehnte Patches (bis jetzt) ==

No one was disappointed this week :-)

== Eingesandte Patches ==

Stephen Frost sent in two more revisions of a patch to fix psql's
ability to clean up when quitting the pager, which resulted in queries
continuing to run after the pager exited.

Fujii Masao sent in two revisions of a patch to fix smart shutdown for
Hot Standby.

Fujii Masao sent in a patch to distinguish normal shutdown from
unexpected exit, while the server is in recovery.

Tom Lane sent in a patch to fix a performance issue with
textanycat/anytextcat.

Alvaro Herrera sent in a patch to fix an issue with fillfactor on
TOAST tables.

Florian Pflug sent in two revisions of a patch to fix SERIALIZABLE
transactions.

Kevin Grittner sent in a WIP patch for 9.1 to do true SERIALIZABLE
using predicate locking.

Joel Jacobson sent in another revision of the patch to implement
pg_stat_transaction.

Robert Haas sent in a patch to add a hook called ExecutorCheckPerms(),
per discussion.

Andres Freund sent in a patch which replaces the current CRC32 with a
more efficient version from zlib.

Jeff Davis sent in a patch to change a sanity check in exclusion
constraints.

Jeff Davis sent in a patch for 9.1 to add btree_gist support for the
"<>" operator.

  • Twitter
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010
  • Bloglines Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010
  • Technorati Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010
  • Fark this: Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at YahooMyWeb
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at Furl.net
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at reddit.com
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at blinklist.com
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at Spurl.net
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at Simpy.com
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 at blogmarks
  • Bookmark Wöchentlicher PostgreSQL Newsletter - 23. Mai 2010 with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.
Form options