-<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.10.3 2009/09/03 22:14:41 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.10.4 2009/12/10 00:32:06 tgl Exp $ -->
<!-- See header comment in release.sgml about typical markup -->
+ <sect1 id="release-7-4-27">
+ <title>Release 7.4.27</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2009-12-14</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.4.26.
+ For information about new features in the 7.4 major release, see
+ <xref linkend="release-7-4">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 7.4.27</title>
+
+ <para>
+ A dump/restore is not required for those running 7.4.X.
+ However, if you are upgrading from a version earlier than 7.4.26,
+ see the release notes for 7.4.26.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Protect against indirect security threats caused by index functions
+ changing session-local state (Gurjeet Singh, Tom)
+ </para>
+
+ <para>
+ This change prevents allegedly-immutable index functions from possibly
+ subverting a superuser's session (CVE-2009-4136).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Reject SSL certificates containing an embedded null byte in the common
+ name (CN) field (Magnus)
+ </para>
+
+ <para>
+ This prevents unintended matching of a certificate to a server or client
+ name during SSL validation (CVE-2009-4034).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible crash during backend-startup-time cache initialization (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent signals from interrupting <literal>VACUUM</> at unsafe times
+ (Alvaro)
+ </para>
+
+ <para>
+ This fix prevents a PANIC if a <literal>VACUUM FULL</> is cancelled
+ after it's already committed its tuple movements, as well as transient
+ errors if a plain <literal>VACUUM</> is interrupted after having
+ truncated the table.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible crash due to integer overflow in hash table size
+ calculation (Tom)
+ </para>
+
+ <para>
+ This could occur with extremely large planner estimates for the size of
+ a hashjoin's result.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix very rare crash in <type>inet</>/<type>cidr</> comparisons (Chris
+ Mikkelson)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix PAM password processing to be more robust (Tom)
+ </para>
+
+ <para>
+ The previous code is known to fail with the combination of the Linux
+ <literal>pam_krb5</> PAM module with Microsoft Active Directory as the
+ domain controller. It might have problems elsewhere too, since it was
+ making unjustified assumptions about what arguments the PAM stack would
+ pass to it.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make the postmaster ignore any <literal>application_name</> parameter in
+ connection request packets, to improve compatibility with future libpq
+ versions (Tom)
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-4-26">
<title>Release 7.4.26</title>
projects / users / c2main / postgres.git / commitdiff