[Trad] [svn:pgfr] r1496 - in traduc/branches: bv82x/manuel bv83x
admin at listes.postgresql.fr
admin at listes.postgresql.fr
Sam 15 Mai 11:12:18 CEST 2010
Author: gleu
Date: 2010-05-15 11:12:18 +0200 (Sat, 15 May 2010)
New Revision: 1496
Modified:
traduc/branches/bv82x/manuel/version.xml
traduc/branches/bv83x/config.xml
traduc/branches/bv83x/intarray.xml
traduc/branches/bv83x/monitoring.xml
traduc/branches/bv83x/plperl.xml
traduc/branches/bv83x/pltcl.xml
traduc/branches/bv83x/release-7.4.xml
traduc/branches/bv83x/release-8.0.xml
traduc/branches/bv83x/release-8.1.xml
traduc/branches/bv83x/release-8.2.xml
traduc/branches/bv83x/release-8.3.xml
traduc/branches/bv83x/version.xml
Log:
Mise ?\195?\160 jour en version 8.3.11.
Modified: traduc/branches/bv82x/manuel/version.xml
===================================================================
--- traduc/branches/bv82x/manuel/version.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv82x/manuel/version.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -1,2 +1,2 @@
-<!ENTITY version "8.2.16">
+<!ENTITY version "8.2.17">
<!ENTITY majorversion "8.2">
Modified: traduc/branches/bv83x/config.xml
===================================================================
--- traduc/branches/bv83x/config.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/config.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -610,7 +610,7 @@
</varlistentry>
<varlistentry>
- <term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
+ <term><varname>ssl_renegotiation_limit</varname> (<type>integer</type>)</term>
<indexterm>
<primary>paramètre de configuration <varname>ssl_renegotiation_limit</varname></primary>
</indexterm>
@@ -797,25 +797,50 @@
</indexterm>
<para>
Initialise la quantité de mémoire que le serveur de bases de données
- utilise comme mémoire partagée. La valeur par défaut, en général 32 Mo,
- peut être automatiquement abaissée si la configuration du noyau ne la supporte
- pas (déterminé lors de l'exécution de l'<application>initdb</application>).
- Ce paramètre doit être au minimum de 128 Ko + 16 Ko par
- <xref linkend="guc-max-connections"/>. (Des valeurs personnalisées de
- <symbol>BLCKSZ</symbol> agissent sur ce minimum.) Des
- valeurs significativement plus importantes que ce minimum sont
- généralement nécessaires pour de bonnes performances. Plusieurs dizaines de
- méga-octets sont recommandées pour des installations en
- production. Ce paramètre ne peut être configuré qu'au lancement du serveur.
+ utilise comme mémoire partagée. La valeur par défaut, en général
+ 32 Mo, peut être automatiquement abaissée si la configuration du
+ noyau ne la supporte pas (déterminé lors de l'exécution de
+ l'<application>initdb</application>). Ce paramètre doit être au minimum
+ de 128 Ko + 16 Ko par <xref linkend="guc-max-connections"/>.
+ (Des valeurs personnalisées de <symbol>BLCKSZ</symbol> agissent sur ce
+ minimum.) Des valeurs significativement plus importantes que ce minimum
+ sont généralement nécessaires pour de bonnes performances. Ce paramètre
+ ne peut être configuré qu'au lancement du serveur.
</para>
<para>
+ Si vous disposez d'un serveur dédié à la base de données, avec 1 Go
+ de mémoire ou plus, une valeur de départ raisonnable pour ce paramètre
+ est de 25% la mémoire de votre système. Certains cas peuvent nécessiter
+ une valeur encore plus importante pour le
+ <varname>shared_buffers</varname> mais comme
+ <productname>PostgreSQL</productname> profite aussi du cache du système
+ d'exploitation, il est peu probable qu'une allocation de plus de 40% de
+ la mémoire fonctionnera mieux qu'une valeur plus restreinte. Des valeurs
+ importantes pour le paramètre <varname>shared_buffers</varname>
+ requièrent généralement une augmentation proportionnelle du
+ <varname>checkpoint_segments</varname>, pour étendre dans le temps les
+ écritures de grandes quantités de données, nouvelles ou modifiées.
+ </para>
+
+ <para>
+ Sur des systèmes comprenant moins d'1 Go de mémoire, un pourcentage
+ plus restreint est approprié pour laisser une place suffisante au
+ système d'exploitation. De plus, sur Windows, les grandes valeurs pour
+ <varname>shared_buffers</varname> ne sont pas aussi efficaces. Vous
+ pouvez avoir de meilleurs résultats en conservant un paramétrage assez
+ bas et en utilisant le cache du système d'exploitation à la place.
+ L'échelle habituelle pour <varname>shared_buffers</varname> sur des
+ systèmes Windows va de 64 Mo à 512 Mo.
+ </para>
+
+ <para>
L'augmentation de ce paramètre peut obliger
<productname>PostgreSQL</productname> à réclamer plus de mémoire
- partagée <systemitem class="osname">System V</systemitem> que ce
- que la configuration par défaut du système d'exploitation ne peut
- gérer. Voir la <xref linkend="sysvipc"/> pour de plus amples
- informations sur l'ajustement de ces paramètres, si nécessaire.
+ partagée <systemitem class="osname">System V</systemitem> que ce que la
+ configuration par défaut du système d'exploitation ne peut gérer. Voir
+ la <xref linkend="sysvipc"/> pour de plus amples informations sur
+ l'ajustement de ces paramètres, si nécessaire.
</para>
</listitem>
</varlistentry>
Modified: traduc/branches/bv83x/intarray.xml
===================================================================
--- traduc/branches/bv83x/intarray.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/intarray.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -96,7 +96,7 @@
<row>
<entry><function>subarray(int[], int start, int len)</function></entry>
<entry><type>int[]</type></entry>
- <entry>portion du tableau commençant à la position <parameter>start</parameter>, de longueur <parameter>elements</parameter></entry>
+ <entry>portion du tableau commençant à la position <parameter>start</parameter>, de longueur <parameter>len</parameter></entry>
<entry><literal>subarray('{1,2,3,2,1}'::int[], 2, 3)</literal></entry>
<entry><literal>{2,3,2}</literal></entry>
</row>
Modified: traduc/branches/bv83x/monitoring.xml
===================================================================
--- traduc/branches/bv83x/monitoring.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/monitoring.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -820,8 +820,8 @@
<entry><literal><function>pg_stat_get_backend_client_port</function>(<type>integer</type>)</literal></entry>
<entry><type>integer</type></entry>
<entry>
- Le numéro de port du client connecté au processus serveur donné. -1 si
- la connexion est établie sur un socket de domaine Unix. NULL si
+ Le numéro de port TCP du client connecté au processus serveur donné.
+ -1 si la connexion est établie sur un socket de domaine Unix. NULL si
l'utilisateur en cours n'est ni un superutilisateur ni l'utilisateur
de la session requêtée
</entry>
Modified: traduc/branches/bv83x/plperl.xml
===================================================================
--- traduc/branches/bv83x/plperl.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/plperl.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -296,12 +296,7 @@
placer :
<programlisting>use strict;
</programlisting>
- dans le corps de la fonction. Mais ceci fonctionne uniquement dans les
- fonctions <application>PL/PerlU</application> car <literal>use</literal> n'est pas une
- opération de confiance. Dans les fonctions <application>PL/Perl</application>, vous
- pouvez utiliser à la place :
-<programlisting>BEGIN { strict->import(); }
-</programlisting>
+ dans le corps de la fonction.
</para>
</sect1>
Modified: traduc/branches/bv83x/pltcl.xml
===================================================================
--- traduc/branches/bv83x/pltcl.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/pltcl.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -686,12 +686,14 @@
<sect1 id="pltcl-unknown">
<title>Les modules et la commande <function>unknown</function></title>
<para>
- PL/Tcl dispose du support de chargement automatique de code Tcl
- lorsqu'il est utilisé. Il reconnaît une table spéciale,
- <literal>pltcl_modules</literal>, qui est présumée contenir les modules de code
- Tcl. Si cette table existe, le module <literal>unknown</literal> est récupéré
- de la table et chargé immédiatement dans l'interpréteur Tcl après
- création de l'interpréteur.
+ PL/Tcl dispose du support de chargement automatique de code Tcl
+ lorsqu'il est utilisé. Il reconnaît une table spéciale,
+ <literal>pltcl_modules</>, qui est présumée contenir les modules de code
+ Tcl. Si cette table existe, le module <literal>unknown</> est récupéré
+ de la table et chargé immédiatement dans l'interpréteur Tcl avant la
+ première exécution d'une fonction PL/Tcl dans une session. (Ceci
+ survient séparément pour PL/Tcl et PL/TclU, si les deux sont utilisés,
+ car des interpréteurs séparés sont utilisés pour les deux langages.)
</para>
<para>
Alors que le module <literal>unknown</literal> pourrait réellement contenir
@@ -715,10 +717,15 @@
supporter le mécanisme de chargement automatique.
</para>
<para>
- Les tables <literal>pltcl_modules</literal> et <literal>pltcl_modfuncs</literal>
- doivent être lisibles par tous mais il est conseillé de les laisser
- modifiables uniquement par le propriétaire, administrateur de la base de
- données.
+ Les tables <literal>pltcl_modules</> et <literal>pltcl_modfuncs</>
+ doivent être lisibles par tous mais il est conseillé de les laisser
+ modifiables uniquement par le propriétaire, administrateur de la base de
+ données. Pour des raisons de sécurité, PL/Tcl ignorera
+ <literal>pltcl_modules</literal> (et donc n'essaiera pas de charger le
+ module <literal>unknown</literal>) sauf s'il appartient à un
+ superutilisateur. Cependant, les droits de modification sur cette table
+ peuvent être données à d'autres utilisateurs si vous avez suffisamment
+ confiance en eux.
</para>
</sect1>
Modified: traduc/branches/bv83x/release-7.4.xml
===================================================================
--- traduc/branches/bv83x/release-7.4.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/release-7.4.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -4,6 +4,150 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-7-4-29">
+ <title>Release 7.4.29</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 7.4.28.
+ For information about new features in the 7.4 major release, see
+ <xref linkend="release-7-4"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 7.4.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 7.4.29</title>
+
+ <para>
+ A dump/restore is not required for those running 7.4.X.
+ However, if you are upgrading from a version earlier than 7.4.26,
+ see the release notes for 7.4.26.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-7-4-28">
<title>Release 7.4.28</title>
Modified: traduc/branches/bv83x/release-8.0.xml
===================================================================
--- traduc/branches/bv83x/release-8.0.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/release-8.0.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -4,6 +4,166 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-0-25">
+ <title>Release 8.0.25</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.0.24.
+ For information about new features in the 8.0 major release, see
+ <xref linkend="release-8-0"/>.
+ </para>
+
+ <para>
+ The <productname>PostgreSQL</productname> community will stop releasing updates
+ for the 8.0.X release series in July 2010.
+ Users are encouraged to update to a newer release branch soon.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.0.25</title>
+
+ <para>
+ A dump/restore is not required for those running 8.0.X.
+ However, if you are upgrading from a version earlier than 8.0.22,
+ see the release notes for 8.0.22.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-0-24">
<title>Release 8.0.24</title>
Modified: traduc/branches/bv83x/release-8.1.xml
===================================================================
--- traduc/branches/bv83x/release-8.1.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/release-8.1.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -4,6 +4,160 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-1-21">
+ <title>Release 8.1.21</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.1.20.
+ For information about new features in the 8.1 major release, see
+ <xref linkend="release-8-1"/>.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.1.21</title>
+
+ <para>
+ A dump/restore is not required for those running 8.1.X.
+ However, if you are upgrading from a version earlier than 8.1.18,
+ see the release notes for 8.1.18.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-1-20">
<title>Release 8.1.20</title>
Modified: traduc/branches/bv83x/release-8.2.xml
===================================================================
--- traduc/branches/bv83x/release-8.2.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/release-8.2.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -4,6 +4,207 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-2-17">
+ <title>Release 8.2.17</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.2.16.
+ For information about new features in the 8.2 major release, see
+ <xref linkend="release-8-2"/>.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.2.17</title>
+
+ <para>
+ A dump/restore is not required for those running 8.2.X.
+ However, if you are upgrading from a version earlier than 8.2.14,
+ see the release notes for 8.2.14.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible crash if a cache reset message is received during
+ rebuild of a relcache entry (Heikki)
+ </para>
+
+ <para>
+ This error was introduced in 8.2.16 while fixing a related failure.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</application>'s <literal>\copy</literal> to not add spaces around
+ a dot within <literal>\copy (select ...)</literal> (Tom)
+ </para>
+
+ <para>
+ Addition of spaces around the decimal point in a numeric literal would
+ result in a syntax error.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crashes in syslogger process on Windows (Heikki)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Deal more robustly with incomplete time zone information in the
+ Windows registry (Magnus)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update the set of known Windows time zone names (Magnus)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+
+ <para>
+ Also, add <literal>PKST</literal> (Pakistan Summer Time) to the default set of
+ timezone abbreviations.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-2-16">
<title>Release 8.2.16</title>
Modified: traduc/branches/bv83x/release-8.3.xml
===================================================================
--- traduc/branches/bv83x/release-8.3.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/release-8.3.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -4,6 +4,235 @@
par $Author: gleu $
révision $Revision: 1317 $ -->
+ <sect1 id="release-8-3-11">
+ <title>Release 8.3.11</title>
+
+ <note>
+ <title>Release date</title>
+ <simpara>2010-05-17</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 8.3.10.
+ For information about new features in the 8.3 major release, see
+ <xref linkend="release-8-3"/>.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 8.3.11</title>
+
+ <para>
+ A dump/restore is not required for those running 8.3.X.
+ However, if you are upgrading from a version earlier than 8.3.8,
+ see the release notes for 8.3.8.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Enforce restrictions in <literal>plperl</literal> using an opmask applied to
+ the whole interpreter, instead of using <filename>Safe.pm</filename>
+ (Tim Bunce, Andrew Dunstan)
+ </para>
+
+ <para>
+ Recent developments have convinced us that <filename>Safe.pm</filename> is too
+ insecure to rely on for making <literal>plperl</literal> trustable. This
+ change removes use of <filename>Safe.pm</filename> altogether, in favor of using
+ a separate interpreter with an opcode mask that is always applied.
+ Pleasant side effects of the change include that it is now possible to
+ use Perl's <literal>strict</literal> pragma in a natural way in
+ <literal>plperl</literal>, and that Perl's <literal>$a</literal> and <literal>$b</literal>
+ variables work as expected in sort routines, and that function
+ compilation is significantly faster. (CVE-2010-1169)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent PL/Tcl from executing untrustworthy code from
+ <structname>pltcl_modules</structname> (Tom)
+ </para>
+
+ <para>
+ PL/Tcl's feature for autoloading Tcl code from a database table
+ could be exploited for trojan-horse attacks, because there was no
+ restriction on who could create or insert into that table. This change
+ disables the feature unless <structname>pltcl_modules</structname> is owned by a
+ superuser. (However, the permissions on the table are not checked, so
+ installations that really need a less-than-secure modules table can
+ still grant suitable privileges to trusted non-superusers.) Also,
+ prevent loading code into the unrestricted <quote>normal</quote> Tcl
+ interpreter unless we are really going to execute a <literal>pltclu</literal>
+ function. (CVE-2010-1170)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible crash if a cache reset message is received during
+ rebuild of a relcache entry (Heikki)
+ </para>
+
+ <para>
+ This error was introduced in 8.3.10 while fixing a related failure.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Apply per-function GUC settings while running the language validator
+ for the function (Itagaki Takahiro)
+ </para>
+
+ <para>
+ This avoids failures if the function's code is invalid without the
+ setting; an example is that SQL functions may not parse if the
+ <varname>search_path</varname> is not correct.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not allow an unprivileged user to reset superuser-only parameter
+ settings (Alvaro)
+ </para>
+
+ <para>
+ Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
+ ALL</literal> for himself, or <literal>ALTER DATABASE ... RESET ALL</literal> for
+ a database he owns, this would remove all special parameter settings
+ for the user or database, even ones that are only supposed to be
+ changeable by a superuser. Now, the <command>ALTER</command> will only
+ remove the parameters that the user has permission to change.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash during backend shutdown if shutdown occurs
+ when a <literal>CONTEXT</literal> addition would be made to log entries (Tom)
+ </para>
+
+ <para>
+ In some cases the context-printing function would fail because the
+ current transaction had already been rolled back when it came time
+ to print a log message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure the archiver process responds to changes in
+ <varname>archive_command</varname> as soon as possible (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update pl/perl's <filename>ppport.h</filename> for modern Perl versions
+ (Andrew)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite recursion in <application>psql</application> when expanding
+ a variable that refers to itself (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</application>'s <literal>\copy</literal> to not add spaces around
+ a dot within <literal>\copy (select ...)</literal> (Tom)
+ </para>
+
+ <para>
+ Addition of spaces around the decimal point in a numeric literal would
+ result in a syntax error.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix unnecessary <quote>GIN indexes do not support whole-index scans</quote>
+ errors for unsatisfiable queries using <filename>contrib/intarray</filename>
+ operators (Tom)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgstattuple</filename> functions respond to cancel
+ interrupts promptly (Tatsuhito Kasahara)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make server startup deal properly with the case that
+ <function>shmget()</function> returns <literal>EINVAL</literal> for an existing
+ shared memory segment (Tom)
+ </para>
+
+ <para>
+ This behavior has been observed on BSD-derived kernels including OS X.
+ It resulted in an entirely-misleading startup failure complaining that
+ the shared memory request size was too large.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crashes in syslogger process on Windows (Heikki)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Deal more robustly with incomplete time zone information in the
+ Windows registry (Magnus)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update the set of known Windows time zone names (Magnus)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</application> release 2010j
+ for DST law changes in Argentina, Australian Antarctic, Bangladesh,
+ Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
+ also historical corrections for Taiwan.
+ </para>
+
+ <para>
+ Also, add <literal>PKST</literal> (Pakistan Summer Time) to the default set of
+ timezone abbreviations.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-8-3-10">
<title>Release 8.3.10</title>
Modified: traduc/branches/bv83x/version.xml
===================================================================
--- traduc/branches/bv83x/version.xml 2010-05-15 08:52:47 UTC (rev 1495)
+++ traduc/branches/bv83x/version.xml 2010-05-15 09:12:18 UTC (rev 1496)
@@ -1,2 +1,2 @@
-<!ENTITY version "8.3.10">
+<!ENTITY version "8.3.11">
<!ENTITY majorversion "8.3">
Plus d'informations sur la liste de diffusion Trad