E.223. Release 8.1.3
Release date: 2006-02-14
This release contains a variety of fixes from 8.1.2, including one very serious security issue. For information about new features in the 8.1 major release, see Section E.226 .
E.223.1. Migration to Version 8.1.3
A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see Section E.224 .
E.223.2. Changes
-
Fix bug that allowed any logged-in user to
SET ROLE
to any other database user id (CVE-2006-0553)Due to inadequate validity checking, a user could exploit the special case that
SET ROLE
normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug inSET SESSION AUTHORIZATION
that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem. -
Fix bug with row visibility logic in self-inserted rows (Tom)
Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.
-
Fix race condition that could lead to " file already exists " errors during pg_clog and pg_subtrans file creation (Tom)
-
Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)
-
Properly check
DOMAIN
constraints forUNKNOWN
parameters in prepared statements (Neil) -
Ensure
ALTER COLUMN TYPE
will processFOREIGN KEY
,UNIQUE
, andPRIMARY KEY
constraints in the proper order (Nakano Yoshihisa) -
Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)
-
Allow pg_restore to continue properly after a
COPY
failure; formerly it tried to treat the remainingCOPY
data as SQL commands (Stephen Frost) -
Fix pg_ctl
unregister
crash when the data directory is not specified (Magnus) -
Fix libpq
PQprint
HTML tags (Christoph Zwerschke) -
Fix ecpg crash on AMD64 and PPC (Neil)
-
Allow
SETOF
and%TYPE
to be used together in function result type declarations -
Recover properly if error occurs during argument passing in PL/Python (Neil)
-
Fix memory leak in
plperl_return_next
(Neil) -
Fix PL/Perl 's handling of locales on Win32 to match the backend (Andrew)
-
Various optimizer fixes (Tom)
-
Fix crash when
log_min_messages
is set toDEBUG3
or above inpostgresql.conf
on Win32 (Bruce) -
Fix pgxs
-L
library path specification for Win32, Cygwin, macOS, AIX (Bruce) -
Check that SID is enabled while checking for Win32 admin privileges (Magnus)
-
Properly reject out-of-range date inputs (Kris Jurka)
-
Portability fix for testing presence of
finite
andisinf
during configure (Tom) -
Improve speed of
COPY IN
via libpq, by avoiding a kernel call per data line (Alon Goldshuv) -
Improve speed of
/contrib/tsearch2
index creation (Tom)