Release date: 2006-02-14
This release contains a variety of fixes from 8.1.2, including one very serious security issue. For information about new features in the 8.1 major release, see Section E.247.
A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see Section E.245.
Fix bug that allowed any logged-in user to SET
ROLE to any other database user id (CVE-2006-0553)
Due to inadequate validity checking, a user could exploit the special
case that SET ROLE normally uses to restore the previous role
setting after an error. This allowed ordinary users to acquire superuser
status, for example.
The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related bug in SET
SESSION AUTHORIZATION that allows unprivileged users to crash the server,
if it has been compiled with Asserts enabled (which is not the default).
Thanks to Akio Ishida for reporting this problem.
Fix bug with row visibility logic in self-inserted rows (Tom)
Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.
Fix race condition that could lead to “file already exists” errors during pg_clog and pg_subtrans file creation (Tom)
Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)
Properly check DOMAIN constraints for
UNKNOWN parameters in prepared statements
(Neil)
Ensure ALTER COLUMN TYPE will process
FOREIGN KEY, UNIQUE, and PRIMARY KEY
constraints in the proper order (Nakano Yoshihisa)
Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)
Allow pg_restore to continue properly after a
COPY failure; formerly it tried to treat the remaining
COPY data as SQL commands (Stephen Frost)
Fix pg_ctl unregister crash
when the data directory is not specified (Magnus)
Fix libpq PQprint HTML tags
(Christoph Zwerschke)
Fix ecpg crash on AMD64 and PPC (Neil)
Allow SETOF and %TYPE to be used
together in function result type declarations
Recover properly if error occurs during argument passing in PL/Python (Neil)
Fix memory leak in plperl_return_next
(Neil)
Fix PL/Perl's handling of locales on Win32 to match the backend (Andrew)
Various optimizer fixes (Tom)
Fix crash when log_min_messages is set to
DEBUG3 or above in postgresql.conf on Win32
(Bruce)
Fix pgxs -L library path
specification for Win32, Cygwin, macOS, AIX (Bruce)
Check that SID is enabled while checking for Win32 admin privileges (Magnus)
Properly reject out-of-range date inputs (Kris Jurka)
Portability fix for testing presence of finite
and isinf during configure (Tom)
Improve speed of COPY IN via libpq, by
avoiding a kernel call per data line (Alon Goldshuv)
Improve speed of /contrib/tsearch2 index
creation (Tom)