"The data corruption issue in PostgreSQL 9.3 affects binary replication
standbys, servers being recovered from point-in-time-recovery backup,
and standalone servers which recover from a system crash. The bug
causes unrecoverable index corruption during recovery due to incorrect
replay of row locking operations. This can then cause query results to be
inconsistent depending on whether or not an index is used, and eventually
lead to primary key violations and similar issues."
ok sthen@, jasper@
This update fixes 8 CVE (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062,
CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066 and CVE-2014-0067).
This update also fixes some issues which affect binary replication and row
locking, and can cause recoverable data corruption in some cases.
ok sthen@
avoiding any issues with it being higher than whatever value openfiles-max
ends up taking (which may be non-obvious as it may be inherited from
"openfiles" in "default"). ok ajacoutot@ pea@
CVE-2013-1900 and CVE-2013-1901. ok jasper@
"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center." http://www.postgresql.org/about/news/1456/
suitable for normal use, but is a bit lower (semmni=60, semmns=1024),
make it clear that the default in the kernel is *just* enough for the
default max_connections value, and point out the manual section
describing this in more detail. ok pea@ jeremy@
Two important things:
+ Fix bugs in information_schema.referential_constraints view
If you need to fix this in an existing installation, you
can (as a superuser) drop the information_schema schema then re-create it
by sourcing /usr/local/share/postgresql/information_schema.sql.
This must be repeated in each database to be fixed.
+ Make contrib/citext's upgrade script fix collations of
citext columns and indexes.
If you have a previously-upgraded database that is suffering
from this problem, and you already ran the CREATE EXTENSION command,
you can manually run (as superuser) the UPDATE commands found
at the end of /usr/local/share/postgresql/extension/citext--unpackaged--1.0.sql.
ok jeremy@
- use /etc/rc.d to stop and start the daemon.
- use sudo rather than keep jumping between root/_postgresql users.
- use pkg_add -ui rather than just -u (allow it to ask if you've backed
up, rather than just terminating).
ok pea@
+ CVE fix (CVE-2010-4015)
+ fix nasty behavior:
- Before exiting walreceiver, ensure all the received WAL is fsync'd to disk.
Otherwise the standby server could replay some un-synced WAL, conceivably leading
to data corruption if the system crashes just at that point.
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
Tested in a bulk by landry@
ok ajacoutot@, landry@, sthen@
