[Trad] [svn:pgfr] r1492 - traduc/branches/bv81x/manuel
admin at listes.postgresql.fr
admin at listes.postgresql.fr
Sam 15 Mai 10:41:48 CEST 2010
Author: gleu
Date: 2010-05-15 10:41:48 +0200 (Sat, 15 May 2010)
New Revision: 1492
Modified:
traduc/branches/bv81x/manuel/config.xml
traduc/branches/bv81x/manuel/monitoring.xml
traduc/branches/bv81x/manuel/plperl.xml
traduc/branches/bv81x/manuel/pltcl.xml
traduc/branches/bv81x/manuel/release-7.4.xml
traduc/branches/bv81x/manuel/release-8.0.xml
traduc/branches/bv81x/manuel/release-8.1.xml
traduc/branches/bv81x/manuel/version.xml
Log:
Mise ?\195?\160 jour en version 8.1.21.
Modified: traduc/branches/bv81x/manuel/config.xml
===================================================================
--- traduc/branches/bv81x/manuel/config.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/config.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -568,7 +568,7 @@
</varlistentry>
<varlistentry>
- <term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
+ <term><varname>ssl_renegotiation_limit</varname> (<type>integer</type>)</term>
<indexterm>
<primary>paramètre de configuration <varname>ssl_renegotiation_limit</varname></primary>
</indexterm>
Modified: traduc/branches/bv81x/manuel/monitoring.xml
===================================================================
--- traduc/branches/bv81x/manuel/monitoring.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/monitoring.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -647,8 +647,8 @@
<entry><literal><function>pg_stat_get_backend_client_port</function>(<type>integer</type>)</literal></entry>
<entry><type>integer</type></entry>
<entry>
- Le numéro de port du client connecté au processus serveur donné. -1 si
- la connexion est établie sur un socket de domaine Unix. NULL si
+ Le numéro de port TCP du client connecté au processus serveur donné.
+ -1 si la connexion est établie sur un socket de domaine Unix. NULL si
l'utilisateur en cours n'est ni un superutilisateur ni l'utilisateur
de la session requêtée
</entry>
Modified: traduc/branches/bv81x/manuel/plperl.xml
===================================================================
--- traduc/branches/bv81x/manuel/plperl.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/plperl.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -275,12 +275,7 @@
Une autre façon d'utiliser le pragma <literal>strict</literal> est de placer
<programlisting>use strict;
</programlisting>
- dans le corps de la fonction. Mais ceci fonctionne uniquement dans les
- fonctions <application>PL/PerlU</application> car <literal>use</literal> n'est pas une
- opération de confiance. Dans les fonctions <application>PL/Perl</application>, vous
- pouvez utiliser à la place :
-<programlisting>BEGIN { strict->import(); }
-</programlisting>
+ dans le corps de la fonction.
</para>
</sect1>
@@ -583,6 +578,30 @@
Si la fonction ci-dessus a été créée par un super-utilisateur en utilisant
le langage <literal>plperlu</literal>, l'exécution de celle-ci réussira.
</para>
+
+ <note>
+ <para>
+ Pour des raisons de sécurité, afin de stopper une faille dans les
+ opérations nécessitant des droits de
+ <application>PL/PerlU</application> dans
+ <application>PL/Perl</application>, ces deux langages doivent être
+ exécutés dans des instances séparés de l'interpréteur Perl. Si votre
+ installation Perl a été compilé correctement, ce n'est pas un
+ problème. Néanmoins, toutes les installations ne sont pas compilées
+ avec les drapeaux nécessaires. Si <productname>PostgreSQL</productname>
+ détecte que c'est le cas, il ne lancera pas un deuxième interpréteur
+ mais renverra une erreur. En conséquence, pour ce type d'installation,
+ vous ne pouvez pas utiliser à la fois
+ <application>PL/PerlU</application> et
+ <application>PL/Perl</application> dans le même processus serveur. Le
+ remède est d'installer un interpréteur Perl compilé avec les bons
+ drapeaux, à savoir soit <literal>usemultiplicity</literal> soit
+ <literal>usethreads</literal> et <literal>useithreads</literal>.
+ Pour plus de détails, consultez la page de manuel de
+ <literal>perlembed</literal>.
+ </para>
+ </note>
+
</sect1>
<sect1 id="plperl-triggers">
Modified: traduc/branches/bv81x/manuel/pltcl.xml
===================================================================
--- traduc/branches/bv81x/manuel/pltcl.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/pltcl.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -669,12 +669,14 @@
<sect1 id="pltcl-unknown">
<title>Les modules et la commande <function>unknown</function></title>
<para>
- PL/Tcl dispose du support de chargement automatique de code Tcl
- lorsqu'il est utilisé. Il reconnaît une table spéciale,
- <literal>pltcl_modules</literal>, qui est présumée contenir les modules de code
- Tcl. Si cette table existe, le module <literal>unknown</literal> est récupéré
- de la table et chargé immédiatement dans l'interpréteur Tcl après
- création de l'interpréteur.
+ PL/Tcl dispose du support de chargement automatique de code Tcl
+ lorsqu'il est utilisé. Il reconnaît une table spéciale,
+ <literal>pltcl_modules</>, qui est présumée contenir les modules de code
+ Tcl. Si cette table existe, le module <literal>unknown</> est récupéré
+ de la table et chargé immédiatement dans l'interpréteur Tcl avant la
+ première exécution d'une fonction PL/Tcl dans une session. (Ceci
+ survient séparément pour PL/Tcl et PL/TclU, si les deux sont utilisés,
+ car des interpréteurs séparés sont utilisés pour les deux langages.)
</para>
<para>
Alors que le module <literal>unknown</literal> pourrait réellement contenir
@@ -698,10 +700,15 @@
supporter le mécanisme de chargement automatique.
</para>
<para>
- Les tables <literal>pltcl_modules</literal> et <literal>pltcl_modfuncs</literal>
- doivent être lisibles par tous mais il est conseillé de les laisser
- modifiables uniquement par le propriétaire, administrateur de la base de
- données.
+ Les tables <literal>pltcl_modules</> et <literal>pltcl_modfuncs</>
+ doivent être lisibles par tous mais il est conseillé de les laisser
+ modifiables uniquement par le propriétaire, administrateur de la base de
+ données. Pour des raisons de sécurité, PL/Tcl ignorera
+ <literal>pltcl_modules</literal> (et donc n'essaiera pas de charger le
+ module <literal>unknown</literal>) sauf s'il appartient à un
+ superutilisateur. Cependant, les droits de modification sur cette table
+ peuvent être données à d'autres utilisateurs si vous avez suffisamment
+ confiance en eux.
</para>
</sect1>
Modified: traduc/branches/bv81x/manuel/release-7.4.xml
===================================================================
--- traduc/branches/bv81x/manuel/release-7.4.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/release-7.4.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -4,6 +4,150 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-7-4-29">
+ <title>Release 7.4.29</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.4.28.
+ For information about new features in the 7.4 major release, see
+ <xref linkend="release-7-4"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 7.4.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 7.4.29</title>
+
+ <para>
+ A dump/restore is not required for those running 7.4.X.
+ However, if you are upgrading from a version earlier than 7.4.26,
+ see the release notes for 7.4.26.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-4-28">
<title>Release 7.4.28</title>
Modified: traduc/branches/bv81x/manuel/release-8.0.xml
===================================================================
--- traduc/branches/bv81x/manuel/release-8.0.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/release-8.0.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -4,6 +4,166 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-0-25">
+ <title>Release 8.0.25</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.0.24.
+ For information about new features in the 8.0 major release, see
+ <xref linkend="release-8-0"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 8.0.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.0.25</title>
+
+ <para>
+ A dump/restore is not required for those running 8.0.X.
+ However, if you are upgrading from a version earlier than 8.0.22,
+ see the release notes for 8.0.22.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-0-24">
<title>Release 8.0.24</title>
Modified: traduc/branches/bv81x/manuel/release-8.1.xml
===================================================================
--- traduc/branches/bv81x/manuel/release-8.1.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/release-8.1.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -4,6 +4,160 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-1-21">
+ <title>Release 8.1.21</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.1.20.
+ For information about new features in the 8.1 major release, see
+ <xref linkend="release-8-1"/>.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.1.21</title>
+
+ <para>
+ A dump/restore is not required for those running 8.1.X.
+ However, if you are upgrading from a version earlier than 8.1.18,
+ see the release notes for 8.1.18.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-1-20">
<title>Release 8.1.20</title>
Modified: traduc/branches/bv81x/manuel/version.xml
===================================================================
--- traduc/branches/bv81x/manuel/version.xml 2010-05-15 08:32:59 UTC (rev 1491)
+++ traduc/branches/bv81x/manuel/version.xml 2010-05-15 08:41:48 UTC (rev 1492)
@@ -1,2 +1,2 @@
-<!ENTITY version "8.1.20">
+<!ENTITY version "8.1.21">
<!ENTITY majorversion "8.1">
Plus d'informations sur la liste de diffusion Trad