<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Release 8.0.26</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 8.4.12 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Release Notes"
HREF="release.html"><LINK
REL="PREVIOUS"
TITLE="Release 8.1"
HREF="release-8-1.html"><LINK
REL="NEXT"
TITLE="Release 8.0.25"
HREF="release-8-0-25.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2012-05-31T23:30:11"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
>PostgreSQL 8.4.12 Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="release-8-1.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="release.html"
>Fast Backward</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Appendix E. Release Notes</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="release.html"
>Fast Forward</A
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="release-8-0-25.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RELEASE-8-0-26"
>E.82. Release 8.0.26</A
></H1
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Release date: </B
>2010-10-04</P
></BLOCKQUOTE
></DIV
><P
> This release contains a variety of fixes from 8.0.25.
For information about new features in the 8.0 major release, see
<A
HREF="release-8-0.html"
>Section E.108</A
>.
</P
><P
> This is expected to be the last <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> release
in the 8.0.X series. Users are encouraged to update to a newer
release branch soon.
</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN105896"
>E.82.1. Migration to Version 8.0.26</A
></H2
><P
> A dump/restore is not required for those running 8.0.X.
However, if you are upgrading from a version earlier than 8.0.22,
see the release notes for 8.0.22.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN105899"
>E.82.2. Changes</A
></H2
><P
></P
><UL
><LI
><P
> Use a separate interpreter for each calling SQL userid in PL/Perl and
PL/Tcl (Tom Lane)
</P
><P
> This change prevents security problems that can be caused by subverting
Perl or Tcl code that will be executed later in the same session under
another SQL user identity (for example, within a <TT
CLASS="LITERAL"
>SECURITY
DEFINER</TT
> function). Most scripting languages offer numerous ways that
that might be done, such as redefining standard functions or operators
called by the target function. Without this change, any SQL user with
Perl or Tcl language usage rights can do essentially anything with the
SQL privileges of the target function's owner.
</P
><P
> The cost of this change is that intentional communication among Perl
and Tcl functions becomes more difficult. To provide an escape hatch,
PL/PerlU and PL/TclU functions continue to use only one interpreter
per session. This is not considered a security issue since all such
functions execute at the trust level of a database superuser already.
</P
><P
> It is likely that third-party procedural languages that claim to offer
trusted execution have similar security issues. We advise contacting
the authors of any PL you are depending on for security-critical
purposes.
</P
><P
> Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
</P
></LI
><LI
><P
> Prevent possible crashes in <CODE
CLASS="FUNCTION"
>pg_get_expr()</CODE
> by disallowing
it from being called with an argument that is not one of the system
catalog columns it's intended to be used with
(Heikki Linnakangas, Tom Lane)
</P
></LI
><LI
><P
> Fix <SPAN
CLASS="QUOTE"
>"cannot handle unplanned sub-select"</SPAN
> error (Tom Lane)
</P
><P
> This occurred when a sub-select contains a join alias reference that
expands into an expression containing another sub-select.
</P
></LI
><LI
><P
> Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype (Tom Lane)
</P
></LI
><LI
><P
> Take care to fsync the contents of lockfiles (both
<TT
CLASS="FILENAME"
>postmaster.pid</TT
> and the socket lockfile) while writing them
(Tom Lane)
</P
><P
> This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from succeeding,
until the lockfile is manually removed.
</P
></LI
><LI
><P
> Avoid recursion while assigning XIDs to heavily-nested
subtransactions (Andres Freund, Robert Haas)
</P
><P
> The original coding could result in a crash if there was limited
stack space.
</P
></LI
><LI
><P
> Fix <TT
CLASS="VARNAME"
>log_line_prefix</TT
>'s <TT
CLASS="LITERAL"
>%i</TT
> escape,
which could produce junk early in backend startup (Tom Lane)
</P
></LI
><LI
><P
> Fix possible data corruption in <TT
CLASS="COMMAND"
>ALTER TABLE ... SET
TABLESPACE</TT
> when archiving is enabled (Jeff Davis)
</P
></LI
><LI
><P
> Allow <TT
CLASS="COMMAND"
>CREATE DATABASE</TT
> and <TT
CLASS="COMMAND"
>ALTER DATABASE ... SET
TABLESPACE</TT
> to be interrupted by query-cancel (Guillaume Lelarge)
</P
></LI
><LI
><P
> In PL/Python, defend against null pointer results from
<CODE
CLASS="FUNCTION"
>PyCObject_AsVoidPtr</CODE
> and <CODE
CLASS="FUNCTION"
>PyCObject_FromVoidPtr</CODE
>
(Peter Eisentraut)
</P
></LI
><LI
><P
> Improve <TT
CLASS="FILENAME"
>contrib/dblink</TT
>'s handling of tables containing
dropped columns (Tom Lane)
</P
></LI
><LI
><P
> Fix connection leak after <SPAN
CLASS="QUOTE"
>"duplicate connection name"</SPAN
>
errors in <TT
CLASS="FILENAME"
>contrib/dblink</TT
> (Itagaki Takahiro)
</P
></LI
><LI
><P
> Fix <TT
CLASS="FILENAME"
>contrib/dblink</TT
> to handle connection names longer than
62 bytes correctly (Itagaki Takahiro)
</P
></LI
><LI
><P
> Update build infrastructure and documentation to reflect the source code
repository's move from CVS to Git (Magnus Hagander and others)
</P
></LI
><LI
><P
> Update time zone data files to <SPAN
CLASS="APPLICATION"
>tzdata</SPAN
> release 2010l
for DST law changes in Egypt and Palestine; also historical corrections
for Finland.
</P
><P
> This change also adds new names for two Micronesian timezones:
Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred
abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over
Pacific/Ponape.
</P
></LI
></UL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="release-8-1.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="release-8-0-25.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Release 8.1</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="release.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Release 8.0.25</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
current
>
i586
>
media
>
main-updates
>
by-pkgid
>
fc62ce67f262cdcd253dc7f849ce3223
>
files
>
591
