of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to those affecting
other open source projects. All users are urged to update their installations at the first
available opportunity.
This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT vulnerability
allows writing files as well. The fixes cause limited backwards compatibility issues.
These issues correspond to the following two vulnerabilities:
CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:
Updates and corrections to time zone data
Multiple documentation updates and corrections
Add limit on max_wal_senders
Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
Correct behavior of unicode conversions for PL/Python
Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
Fix syslogger so that log_truncate_on_rotation works in the first rotation.
Only allow autovacuum to be auto-canceled by a directly blocked process.
Improve fsync request queue operation
Prevent corner-case core dump in rfree().
Fix Walsender so that it responds correctly to timeouts and deadlocks
Several PL/Perl fixes for encoding-related issues
Make selectivity operators use the correct collation
Prevent unsuitable slaves from being selected for synchronous replication
Make REASSIGN OWNED work on extensions as well
Fix race condition with ENUM comparisons
Make NOTIFY cope with out-of-disk-space
Fix memory leak in ARRAY subselect queries
Reduce data loss at replication failover
Fix behavior of subtransactions with Hot Standby
The current lang/erlang option defaults match those specified in
lang/erlang-lite, thus making it redundant. Also, mixing ports
depending on lang/erlang and lang/erlang-lite is impossible without
manual patching.
Hence, lang/erlang-lite is going to be removed.
- This is a fast-reaction patch: no details about the vulnerability
are available yet, other than it involves XSS.
- VuXML to follow, once the advisories are published
Changes:
* DatabaseMetaData::getSQLKeywords() updated to match MySQL 5.5. Note
that C/C++, just like C/JDBC, returns the same list for every
MySQL database version. (Ulf)
* Added MySQL_Connection::getLastStatementInfo() which returns back the
value of the mysql_info() function of libmysql / Connector/C. (Andrey)
* Added new method ResultSetMetaData::isNumeric() and implemented it in
all classes that subclass from it. (Andrey)
* Fixed the bug causing compilation errors in Microsoft Visual Studio 2010 if
stdint.h was included. See http://bugs.mysql.com/bug.php?id=60307
* Fixed bug making statement that did not raise any warning to return
warnings from previously executed statement.
* Fixed stores(Lower|Mixed)Case(Quoted)Identifiers methods.
* Built against libmysql 5.5.27 enabling support of authentification plugins
and IPv6.
of PostgreSQL 9.2, which will include major increases in performance and
both vertical and horizontal scalability. The PostgreSQL Project asks
all users to download and begin testing 9.2 beta 3 as soon as possible.
9.2 Beta 3 includes multiple bug fixes to earlier beta releases, fixing
almost all known outstanding issues as of last week. Among them are:
* Multiple documentation updates
* Apply translation updates
* Fixes to transaction log and replication issues with SP-GiST
* Replace libpq's "row processor" API with a "single row" mode.
* Fix WITH issue with set operations (UNION/INTERSECT/EXCEPT)
* Improvements to Autovacuum cancellation
* Multiple pg_upgrade fixes
* Fix memory leak in pg_recievexlog
* Restore statistics collection broken by change to bgwriter
* Prevent corner-case coredump with rfree().
If you previously tested 9.2 beta and found one or more bugs, please
test 9.2 beta 3 and make sure that those issues are resolved. If you
haven't yet tested 9.2, please help out the PostgreSQL project by
testing it now!
More information on how to test and report issues:
http://www.postgresql.org/developer/beta
developed in years and has been dropped from the MESA 8.0 distribution.
Freeglut is a rewrite of glut and is actively developed and is used by
many linux distributions instead of libglut.
Bump all ports that directly depend on libglut because of the shlib version
change.
There are some extra items in this patch.
*) Because freeglut doesn't have the same dependancies as libglut, some ports
need extra dependencies added to USE_XORG to make them build.
*) Mark graphics/f90gl broken, f90gl depends on a header that is only shipped
with libglut.
*) Remove option for libglut/freeglut selection in games/cake, only freeglut
remains now.
*) While here fix a png related build issue games/vegastrike.
Thanks to miwi for running the exp-run.
Approved by: portmgr (miwi)
Collaboration with: zeising@
Obtained from: xorg-dev staging area.