Stamp release 7.3.10.

1 files changed, 156 insertions, 1 deletions

diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml
index a68f83ed82b..5f9870b4382 100644
--- a/doc/src/sgml/release.sgml
+++ b/doc/src/sgml/release.sgml
@@ -1,10 +1,125 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.163.2.20 2005/01/30 20:08:14 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.163.2.21 2005/05/05 20:09:11 tgl Exp $
 -->
 
 <appendix id="release">
  <title>Release Notes</title>
 
+  <sect1 id="release-7-3-10">
+   <title>Release 7.3.10</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2005-05-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.3.9, including several
+    security-related issues.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.3.10</title>
+
+    <para>
+     A dump/restore is not required for those running 7.3.X.  However,
+     it is one possible way of handling a significant security problem
+     that has been found in the initial contents of 7.3.X system
+     catalogs.  A dump/initdb/reload sequence using 7.3.10's initdb will
+     automatically correct this problem.
+    </para>
+
+    <para>
+     The security problem is that the built-in character set encoding
+     conversion functions can be invoked from SQL commands by unprivileged
+     users, but the functions were not designed for such use and are not
+     secure against malicious choices of arguments.  The fix involves changing
+     the declared parameter list of these functions so that they can no longer
+     be invoked from SQL commands.  (This does not affect their normal use
+     by the encoding conversion machinery.)
+     It is strongly recommended that all installations repair this error,
+     either by initdb or by following the manual repair procedure given
+     below.  The error at least allows unprivileged database users to crash
+     their server process, and may allow unprivileged users to gain the
+     privileges of a database superuser.
+    </para>
+
+    <para>
+     If you wish not to do an initdb, perform the following procedure instead.
+     As the database superuser, do:
+
+<programlisting>
+BEGIN;
+UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype
+WHERE pronamespace = 11 AND pronargs = 5
+      AND proargtypes[2] = 'cstring'::regtype;
+-- The command should report having updated 90 rows;
+-- if not, rollback and investigate instead of committing!
+COMMIT;
+</programlisting>
+    </para>
+
+    <para>
+     The above procedure must be carried out in <emphasis>each</> database
+     of an installation, including <literal>template1</>, and ideally
+     including <literal>template0</> as well.  If you do not fix the
+     template databases then any subsequently created databases will contain
+     the same error.  <literal>template1</> can be fixed in the same way
+     as any other database, but fixing <literal>template0</> requires
+     additional steps.  First, from any database issue
+<programlisting>
+UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
+</programlisting>
+      Next connect to <literal>template0</> and perform the above repair
+      procedure.  Finally, do
+<programlisting>
+-- re-freeze template0:
+VACUUM FREEZE;
+-- and protect it against future alterations:
+UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
+</programlisting>
+    </para>
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+<itemizedlist>
+<listitem><para>Change encoding function signature to prevent
+misuse</para></listitem>
+<listitem><para>Fix comparisons of <type>TIME WITH TIME ZONE</> values</para>
+<para>
+The comparison code was wrong in the case where the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+NOTE: if you have an index on a <type>TIME WITH TIME ZONE</> column,
+it will need to be <command>REINDEX</>ed after installing this update, because
+the fix corrects the sort order of column values.
+</para></listitem>
+<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
+<type>TIME WITH TIME ZONE</> values</para></listitem>
+<listitem><para>Fix mis-display of negative fractional seconds in
+<type>INTERVAL</> values</para>
+<para>
+This error only occurred when the
+<literal>--enable-integer-datetimes</> configuration switch had been used.
+</para></listitem>
+<listitem><para>Additional buffer overrun checks in plpgsql
+(Neil)</para></listitem>
+<listitem><para>Fix pg_dump to dump trigger names containing <literal>%</>
+correctly (Neil)</para></listitem>
+<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
+month-related formats</para></listitem>
+<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
+(Marko Kreen)</para></listitem>
+<listitem><para>Still more 64-bit fixes for
+<filename>contrib/intagg</></para></listitem>
+<listitem><para>Prevent incorrect optimization of functions returning
+<type>RECORD</></para></listitem>
+</itemizedlist>
+
+  </sect2>
+ </sect1>
+
   <sect1 id="release-7-3-9">
    <title>Release 7.3.9</title>
 
@@ -1166,6 +1281,46 @@ operations on bytea columns (Joe)</para></listitem>
   </sect2>
  </sect1>
 
+  <sect1 id="release-7-2-8">
+   <title>Release 7.2.8</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2005-05-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.2.7, including one
+    security-related issue.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.2.8</title>
+
+    <para>
+     A dump/restore is not required for those running 7.2.X.
+    </para>
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+<itemizedlist>
+<listitem><para>Fix <function>EXTRACT(EPOCH)</> for
+<type>TIME WITH TIME ZONE</> values</para></listitem>
+<listitem><para>Additional buffer overrun checks in plpgsql
+(Neil)</para></listitem>
+<listitem><para>Fix pg_dump to dump index names and trigger names containing
+<literal>%</> correctly (Neil)</para></listitem>
+<listitem><para>Prevent <function>to_char(interval)</> from dumping core for
+month-related formats</para></listitem>
+<listitem><para>Fix <filename>contrib/pgcrypto</> for newer OpenSSL builds
+(Marko Kreen)</para></listitem>
+</itemizedlist>
+
+  </sect2>
+ </sect1>
+
   <sect1 id="release-7-2-7">
    <title>Release 7.2.7</title>