E.138. Release 8.1.3
Release Date: 2006-02-14
This release contains a variety of fixes from 8.1.2, including one very serious security issue. For information about new features in the 8.1 major release, see Section E.141.
E.138.1. Migration to Version 8.1.3
A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see Section E.139.
E.138.2. Changes
-
Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553)
Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem.
-
Fix bug with row visibility logic in self-inserted rows (Tom)
Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.
-
Fix race condition that could lead to "file already exists" errors during pg_clog and pg_subtrans file creation (Tom)
-
Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)
-
Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil)
-
Ensure ALTER COLUMN TYPE will process FOREIGN KEY, UNIQUE, and PRIMARY KEY constraints in the proper order (Nakano Yoshihisa)
-
Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)
-
Allow pg_restore to continue properly after a COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost)
-
Fix pg_ctl unregister crash when the data directory is not specified (Magnus)
-
Fix libpq
PQprint
HTML tags (Christoph Zwerschke) -
Fix ecpg crash on AMD64 and PPC (Neil)
-
Allow SETOF and %TYPE to be used together in function result type declarations
-
Recover properly if error occurs during argument passing in PL/python (Neil)
-
Fix memory leak in
plperl_return_next
(Neil) -
Fix PL/perl's handling of locales on Win32 to match the backend (Andrew)
-
Various optimizer fixes (Tom)
-
Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce)
-
Fix pgxs -L library path specification for Win32, Cygwin, OS X, AIX (Bruce)
-
Check that SID is enabled while checking for Win32 admin privileges (Magnus)
-
Properly reject out-of-range date inputs (Kris Jurka)
-
Portability fix for testing presence of
finite
andisinf
during configure (Tom) -
Improve speed of COPY IN via libpq, by avoiding a kernel call per data line (Alon Goldshuv)
-
Improve speed of /contrib/tsearch2 index creation (Tom)