[Trad] [svn:pgfr] r1490 - traduc/branches/bv803/manuel
admin at listes.postgresql.fr
admin at listes.postgresql.fr
Sam 15 Mai 10:31:17 CEST 2010
Author: gleu
Date: 2010-05-15 10:31:17 +0200 (Sat, 15 May 2010)
New Revision: 1490
Modified:
traduc/branches/bv803/manuel/plperl.sgml
traduc/branches/bv803/manuel/pltcl.sgml
traduc/branches/bv803/manuel/release-7.4.sgml
traduc/branches/bv803/manuel/release-8.0.sgml
traduc/branches/bv803/manuel/runtime.sgml
traduc/branches/bv803/manuel/version.sgml
Log:
Mise ?\195?\160 jour en version 8.0.25.
Modified: traduc/branches/bv803/manuel/plperl.sgml
===================================================================
--- traduc/branches/bv803/manuel/plperl.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/plperl.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -473,6 +473,30 @@
Si la fonction ci-dessus a été créée par un super-utilisateur en utilisant
le langage <literal>plperlu</>, l'exécution de celle-ci réussira.
</para>
+
+ <note>
+ <para>
+ Pour des raisons de sécurité, afin de stopper une faille dans les
+ opérations nécessitant des droits de
+ <application>PL/PerlU</application> dans
+ <application>PL/Perl</application>, ces deux langages doivent être
+ exécutés dans des instances séparés de l'interpréteur Perl. Si votre
+ installation Perl a été compilé correctement, ce n'est pas un
+ problème. Néanmoins, toutes les installations ne sont pas compilées
+ avec les drapeaux nécessaires. Si <productname>PostgreSQL</productname>
+ détecte que c'est le cas, il ne lancera pas un deuxième interpréteur
+ mais renverra une erreur. En conséquence, pour ce type d'installation,
+ vous ne pouvez pas utiliser à la fois
+ <application>PL/PerlU</application> et
+ <application>PL/Perl</application> dans le même processus serveur. Le
+ remède est d'installer un interpréteur Perl compilé avec les bons
+ drapeaux, à savoir soit <literal>usemultiplicity</literal> soit
+ <literal>usethreads</literal> et <literal>useithreads</literal>.
+ Pour plus de détails, consultez la page de manuel de
+ <literal>perlembed</literal>.
+ </para>
+ </note>
+
</sect1>
<sect1 id="plperl-triggers">
@@ -695,4 +719,4 @@
sgml-local-catalogs:("/usr/lib/sgml/catalog")
sgml-local-ecat-files:nil
End:
--->
\ No newline at end of file
+-->
Modified: traduc/branches/bv803/manuel/pltcl.sgml
===================================================================
--- traduc/branches/bv803/manuel/pltcl.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/pltcl.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -675,12 +675,14 @@
<sect1 id="pltcl-unknown">
<title>Les modules et la commande <function>unknown</></title>
<para>
- PL/Tcl dispose du support de chargement automatique de code Tcl
- lorsqu'il est utilisé. Il reconnaît une table spéciale,
- <literal>pltcl_modules</>, qui est présumée contenir les modules de code
- Tcl. Si cette table existe, le module <literal>unknown</> est récupéré
- de la table et chargé immédiatement dans l'interpréteur Tcl après
- création de l'interpréteur.
+ PL/Tcl dispose du support de chargement automatique de code Tcl
+ lorsqu'il est utilisé. Il reconnaît une table spéciale,
+ <literal>pltcl_modules</>, qui est présumée contenir les modules de code
+ Tcl. Si cette table existe, le module <literal>unknown</> est récupéré
+ de la table et chargé immédiatement dans l'interpréteur Tcl avant la
+ première exécution d'une fonction PL/Tcl dans une session. (Ceci
+ survient séparément pour PL/Tcl et PL/TclU, si les deux sont utilisés,
+ car des interpréteurs séparés sont utilisés pour les deux langages.)
</para>
<para>
Alors que le module <literal>unknown</> pourrait réellement contenir
@@ -705,9 +707,14 @@
</para>
<para>
Les tables <literal>pltcl_modules</> et <literal>pltcl_modfuncs</>
- doivent être lisibles par tous mais il est conseillé de les laisser
- modifiables uniquement par le propriétaire, administrateur de la base de
- données.
+ doivent être lisibles par tous mais il est conseillé de les laisser
+ modifiables uniquement par le propriétaire, administrateur de la base de
+ données. Pour des raisons de sécurité, PL/Tcl ignorera
+ <literal>pltcl_modules</literal> (et donc n'essaiera pas de charger le
+ module <literal>unknown</literal>) sauf s'il appartient à un
+ superutilisateur. Cependant, les droits de modification sur cette table
+ peuvent être données à d'autres utilisateurs si vous avez suffisamment
+ confiance en eux.
</para>
</sect1>
Modified: traduc/branches/bv803/manuel/release-7.4.sgml
===================================================================
--- traduc/branches/bv803/manuel/release-7.4.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/release-7.4.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -1,6 +1,150 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.10.3 2009-09-03 22:14:41 tgl Exp $ -->
<!-- See header comment in release.sgml about typical markup -->
+ <sect1 id="release-7-4-29">
+ <title>Release 7.4.29</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.4.28.
+ For information about new features in the 7.4 major release, see
+ <xref linkend="release-7-4"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 7.4.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 7.4.29</title>
+
+ <para>
+ A dump/restore is not required for those running 7.4.X.
+ However, if you are upgrading from a version earlier than 7.4.26,
+ see the release notes for 7.4.26.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-4-28">
<title>Release 7.4.28</title>
Modified: traduc/branches/bv803/manuel/release-8.0.sgml
===================================================================
--- traduc/branches/bv803/manuel/release-8.0.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/release-8.0.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -1,6 +1,166 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.0.sgml,v 1.1.8.3 2009-09-03 22:14:33 tgl Exp $ -->
<!-- See header comment in release.sgml about typical markup -->
+ <sect1 id="release-8-0-25">
+ <title>Release 8.0.25</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.0.24.
+ For information about new features in the 8.0 major release, see
+ <xref linkend="release-8-0"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 8.0.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.0.25</title>
+
+ <para>
+ A dump/restore is not required for those running 8.0.X.
+ However, if you are upgrading from a version earlier than 8.0.22,
+ see the release notes for 8.0.22.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-0-24">
<title>Release 8.0.24</title>
@@ -240,7 +400,7 @@
<listitem>
<para>
- Prevent signals from interrupting <literal>VACUUM</> at unsafe times
+ Prevent signals from interrupting <literal>VACUUM</literal> at unsafe times
(Alvaro)
</para>
Modified: traduc/branches/bv803/manuel/runtime.sgml
===================================================================
--- traduc/branches/bv803/manuel/runtime.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/runtime.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -969,7 +969,7 @@
</varlistentry>
<varlistentry>
- <term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
+ <term><varname>ssl_renegotiation_limit</varname> (<type>integer</type>)</term>
<indexterm>
<primary>paramètre de configuration <varname>ssl_renegotiation_limit</varname></primary>
</indexterm>
Modified: traduc/branches/bv803/manuel/version.sgml
===================================================================
--- traduc/branches/bv803/manuel/version.sgml 2010-05-15 08:23:02 UTC (rev 1489)
+++ traduc/branches/bv803/manuel/version.sgml 2010-05-15 08:31:17 UTC (rev 1490)
@@ -1,2 +1,2 @@
-<!entity version "8.0.24">
+<!entity version "8.0.25">
<!entity majorversion "8.0">
Plus d'informations sur la liste de diffusion Trad