CVE-2013-1900 and CVE-2013-1901. ok jasper@
"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center." http://www.postgresql.org/about/news/1456/
suitable for normal use, but is a bit lower (semmni=60, semmns=1024),
make it clear that the default in the kernel is *just* enough for the
default max_connections value, and point out the manual section
describing this in more detail. ok pea@ jeremy@
Two important things:
+ Fix bugs in information_schema.referential_constraints view
If you need to fix this in an existing installation, you
can (as a superuser) drop the information_schema schema then re-create it
by sourcing /usr/local/share/postgresql/information_schema.sql.
This must be repeated in each database to be fixed.
+ Make contrib/citext's upgrade script fix collations of
citext columns and indexes.
If you have a previously-upgraded database that is suffering
from this problem, and you already ran the CREATE EXTENSION command,
you can manually run (as superuser) the UPDATE commands found
at the end of /usr/local/share/postgresql/extension/citext--unpackaged--1.0.sql.
ok jeremy@
- use /etc/rc.d to stop and start the daemon.
- use sudo rather than keep jumping between root/_postgresql users.
- use pkg_add -ui rather than just -u (allow it to ask if you've backed
up, rather than just terminating).
ok pea@
+ CVE fix (CVE-2010-4015)
+ fix nasty behavior:
- Before exiting walreceiver, ensure all the received WAL is fsync'd to disk.
Otherwise the standby server could replay some un-synced WAL, conceivably leading
to data corruption if the system crashes just at that point.
- Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
Tested in a bulk by landry@
ok ajacoutot@, landry@, sthen@
