Communauté francophone de PostgreSQL

<p><strong>Nouvelles hebdomadaires de PostgreSQL - 23 mai 2010</strong></p> <p>CHAR(10), la conf&eacute;rence PostgreSQL d&eacute;di&eacute;e au clustering, &agrave; la haute-disponibilit&eacute; et &agrave; la r&eacute;plication vient d'ouvrir les inscriptions en ligne et les r&eacute;servations. 2 &amp; 3 juillet 2010, Oriel College, Universit&eacute; d'Oxford (Royaume-Uni)&nbsp;: <a target="_blank" href="http://www.char10.org/">http://www.char10.org/</a></p> <p><strong>Les nouveaut&eacute;s des produits d&eacute;riv&eacute;s</strong></p> <ul> <li>Cybercluster 2.0&nbsp;: <a target="_blank" href="http://www.cybertec.at/en/cybercluster-2-0-synchronous-postgresql-replication">http://www.cybertec.at/en/cybercluster-2-0-synchronous-postgresql-replication</a></li> <li>Muldi-D 0.129.1, une sp&eacute;cification de langage objet-relationnel destin&eacute;, entre autres syst&egrave;mes, &agrave; PostgreSQL&nbsp;: <a target="_blank" href="http://archives.postgresql.org/pgsql-announce/2010-05/msg00020.php">http://archives.postgresql.org/pgsql-announce/2010-05/msg00020.php</a></li> <li>MyJSQLView 3.17, un utilitaire graphique utilisable avec PostgreSQL&nbsp;: <a target="_blank" href="http://dandymadeproductions.com/projects/MyJSQLView/index.html">http://dandymadeproductions.com/projects/MyJSQLView/index.html</a></li> <li>PostgreDAC 2.5.5, un "builder" Delphi/C++ pour PostgreSQL&nbsp;: <a target="_blank" href="http://microolap.com/products/connectivity/postgresdac/download/">http://microolap.com/products/connectivity/postgresdac/download/</a></li> <li>psycopg2 2.2.1, un connecteur Python pour PostgreSQL&nbsp;: <a target="_blank" href="http://initd.org/psycopg/">http://initd.org/psycopg/</a></li> <li>Devrim GUNDUZ a publi&eacute; les RPMs pour les mises &agrave; jour de s&eacute;curit&eacute; 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25 et 7.4.29&nbsp;: <a target="_blank" href="http://yum.pgrpms.org">http://yum.pgrpms.org</a></li> <li>2ndQuadrant vient d'ouvrir une succursale fran&ccedil;aise&nbsp;: <a target="_blank" href="http://www.2ndQuadrant.fr/">http://www.2ndQuadrant.fr/</a></li> <li>Les mises &agrave; jour de s&eacute;curit&eacute; 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25 et 7.4.29 sont disponibles. Mettez &agrave; jour d&egrave;s que possible&nbsp;: <a target="_blank" href="http://www.postgresql.org/docs/current/static/release.html">http://www.postgresql.org/docs/current/static/release.html</a></li> <li>Les sommes de contr&ocirc;le des fichiers Tar sont disponibles &agrave; cette adresse&nbsp;: <a target="_blank" href="http://www.gtsm.com/postgres_sigs.html">http://www.gtsm.com/postgres_sigs.html</a></li> <li>Postgres-XC 0.9.1&nbsp;: <a target="_blank" href="http://postgres-xc.sourceforge.net/">http://postgres-xc.sourceforge.net/</a></li> </ul> <p><strong>La fonctionnalit&eacute; 9.0 de la semaine</strong></p> <p>Les Large Objects (LO ou BLOB) b&eacute;n&eacute;ficient maintenant de contr&ocirc;les d'acc&egrave;s comme les autres objets en base de donn&eacute;e.</p> <p><strong>Offres d'emplois autour de PostgreSQL en mai</strong></p> <ul> <li>Internationales&nbsp;: <a target="_blank" href="http://archives.postgresql.org/pgsql-jobs/2010-05/threads.php">http://archives.postgresql.org/pgsql-jobs/2010-05/threads.php</a>;</li> <li>Francophones&nbsp;: <a target="_blank" href="http://forums.postgresql.fr/viewforum.php?id=4">http://forums.postgresql.fr/viewforum.php?id=4</a>.</li> </ul> <p><strong>PostgreSQL Local</strong></p> <ul> <li>Les inscriptions sont ouvertes pour l'Open Source Bridge et les conf&eacute;rences sont annonc&eacute;es&nbsp;! L'&eacute;v&eacute;nement aura lieu du 1er au 4 juin 2010 &agrave; Portland (Oregon)&nbsp;: <a target="_blank" href="http://opensourcebridge.org/events/2010/proposals/">http://opensourcebridge.org/events/2010/proposals/</a></li> <li>Michael Renner tiendra une conf&eacute;rence au AMOOCON qui aura lieu du 4 au 6 juin 2010&nbsp;: <a target="_blank" href="http://www.amoocon.de/speakers/214">http://www.amoocon.de/speakers/214</a></li> <li>La "Southeast Linuxfest 2010" aura lieu &agrave; Spartanburg (Caroline du Sud, &Eacute;tats-Unis) du 11 au 13 juin. Nos PG-gourous Joshua Drake et Andrew Dunstan donneront des pr&eacute;sentations &agrave; ne pas manquer&nbsp;: <a target="_blank" href="http://southeastlinuxfest.org/">http://southeastlinuxfest.org/</a></li> <li>Conf&eacute;rence de Michael Renner au Netways OSDC &agrave; Nuremberg (All.) les 23 &amp; 24 juin 2010&nbsp;: <a target="_blank" href="http://www.netways.de/osdc/y2010/programm/">http://www.netways.de/osdc/y2010/programm/</a></li> <li>Le PDXPUG Day est programm&eacute; pour le 18 juillet 2010 &agrave; "l'Oregon Convention Center" &agrave; Portland. D'avantage d'informations&nbsp;: <a target="_blank" href="http://wiki.postgresql.org/wiki/PDXPUGDay2010">http://wiki.postgresql.org/wiki/PDXPUGDay2010</a></li> <li>L'OSCON aura lieu &agrave; Portland (Oregon) du 19 au 23 juillet 2010&nbsp;: <a target="_blank" href="http://www.oscon.com/oscon2010">http://www.oscon.com/oscon2010</a></li> </ul> <p><strong>PostgreSQL dans les m&eacute;dia</strong></p> <ul> <li>Planet PostgreSQL&nbsp;: <a target="_blank" href="http://planet.postgresql.org/">http://planet.postgresql.org/</a></li> <li>Planet PostgreSQLFr&nbsp;: <a target="_blank" href="http://planete.postgresql.fr/">http://planete.postgresql.fr/</a></li> </ul> <p><i>PostgreSQL Weekly News / les nouvelles hebdomadaires vous sont offertes cette semaine par David Fetter et Devrim Gunduz. Traduction par l'&eacute;quipe PostgreSQLFr sous licence CC BY-NC-SA.</i></p> <p><i>Proposez vos articles ou annonces avant dimanche 15:00 (heure du Pacifique). Merci de les envoyer en anglais &agrave; david (a) fetter.org, en allemand &agrave; pwn (a) pgug.de, en italien &agrave; pwn (a) itpug.org et en espagnol &agrave; pwn (a) arpug.com.ar.</i></p> <p>(<a target="_blank" href="http://www.postgresql.org/community/weeklynews/pwn20100523">lien vers l'article original</a>)</p> <p><strong>Correctifs appliqu&eacute;s</strong></p> <p>Andrew Dunstan a commit&eacute;&nbsp;:</p> <ul> <li>Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169</li> <li>In pgsql/src/tools/msvc/Mkvcbuild.pm, fix MSVC builds for recent plperl changes. Go back to version 8.2, which is where we started supporting MSVC builds. Security: CVE-2010-1169.</li> <li>In pgsql/src/pl/plperl/plperl.c, follow up a visit from the style police.</li> <li>In pgsql/src/pl/plperl/expected/plperl_init.out, fix regression tests to match error message change.</li> </ul> <p>Tom Lane a commit&eacute;&nbsp;:</p> <ul> <li>Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless that is a regular table or view owned by a superuser. This prevents a trojan horse attack whereby any unprivileged SQL user could create such a table and insert code into it that would then get executed in other users' sessions whenever they call pltcl functions. Worse yet, because the code was automatically loaded into both the "normal" and "safe" interpreters at first use, the attacker could execute unrestricted Tcl code in the "normal" interpreter without there being any pltclu functions anywhere, or indeed anyone else using pltcl at all: installing pltcl is sufficient to open the hole. Change the initialization logic so that the "unknown" code is only loaded into an interpreter when the interpreter is first really used. (That doesn't add any additional security in this particular context, but it seems a prudent change, and anyway the former behavior violated the principle of least astonishment.) Security: CVE-2010-1170</li> <li>Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170</li> <li>In pgsql/doc/src/sgml/config.sgml, fix index entry for lo_compat_privileges, per bug #5467 from KOIZUMI Satoru.</li> <li>Fix oversight in join removal patch: we have to delete the removed relation from SpecialJoinInfo relid sets as well. Per example from Vaclav Novotny.</li> <li>In pgsql/contrib/pg_upgrade/check.c, issue_warnings() has no business freeing its parameter, especially not when its sole caller does that too. Jan Matousek, via Pavel Stehule</li> </ul> <p>Alvaro Herrera a commit&eacute;&nbsp;:</p> <ul> <li>In pgsql/doc/src/sgml/ref/show.sgml, make table in example less wide.</li> </ul> <p>Robert Haas a commit&eacute;&nbsp;:</p> <ul> <li>In pgsql/doc/src/sgml/ref/notify.sgml, move pg_notify() details to a subsection within the NOTIFY reference page. This allows the index to reference the pg_notify() subsection specifically, rather than Notes section of the NOTIFY reference page more generally. Fujii Masao</li> <li>In pgsql/src/bin/psql/command.c, unbreak \h; can't do strlen(NULL). This was broken by the following commmit. Although the original commit was backpatched all the way to 7.4, this particular bug exists only in the version applied to HEAD. <a target="_blank" href="http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php">http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php</a></li> </ul> <p>Bruce Momjian a commit&eacute;&nbsp;:</p> <ul> <li>In pgsql/contrib/pg_upgrade/TESTING, add pg_upgrade TESTING files explaining a testing method.</li> <li>In pgsql/contrib/pg_upgrade/pg_upgrade.c, use a 'datallowconn' check for avoiding 'template0', rather than hardcoding a 'template0' check, per suggestion from Alvaro. This might fix a problem where someone has allowed 'template0' connections, but it is a cleaner approach even if doesn't fix the bug.</li> <li>In pgsql/contrib/pg_upgrade/pg_upgrade.c, for pg_upgrade, update template0's datfrozenxid and its relfrozenxids to match the behavior of autovacuum, which does this as the xid advances even if autovacuum is turned off.</li> <li>In pgsql/contrib/pg_upgrade/info.c, simplify pg_upgrade queries by using IN instead of multiple OR clauses comparing the same column to multiple values.</li> <li>Add command-line documentation for pg_upgrade.</li> <li>In pgsql/doc/src/sgml/oid2name.sgml, restore oid2name doc change.</li> <li>In pgsql/doc/src/sgml/pgupgrade.sgml, pg_upgrade doc cleanup. Stefan Kaltenbrunner</li> <li>In pgsql/doc/src/sgml/pgupgrade.sgml, doc change: Rename of directory no longer required for pg_migrator 9.0. Alvaro Herrera</li> <li>In pgsql/doc/src/sgml/pgupgrade.sgml, SGML markup cleanup for pg_upgrade.</li> <li>In pgsql/doc/src/sgml/oid2name.sgml, show oid2name command-line arguments in documentation like we do for non-contrib command-line tools (no longer in a single table display).</li> </ul> <p>Magnus Hagander a commit&eacute;&nbsp;:</p> <ul> <li>In pgsql/doc/src/sgml/pgupgrade.sgml, make pg_upgrade documentation refer to 9.0 instead of 8.4. Fujii Masao.</li> <li>In pgsql/doc/src/sgml/config.sgml, refer to pg_ident.conf as config file for username mapping, as it's now used for other things than just ident authentication. Noted by Stephen Frost</li> <li>In pgsql/src/timezone/pgtz.c, change the "N. Central Asia Standard Time" timezone to map to Asia/Novosibirsk on Windows. Microsoft changed the behaviour of this zone in the timezone update from KB976098. The zones differ in handling of DST, and the old zone was just removed. Noted by Dmitry Funk.</li> </ul> <p>Michael Meskes a commit&eacute;&nbsp;:</p> <ul> <li>Ecpg now accepts "long long" datatypes even if "long" is 64bit wide. This used to cover the equally long "long long" type. This patch closes bug #5464.</li> </ul> <p><strong>Correctifs rejet&eacute;s (&agrave; ce jour)</strong></p> <ul> <li>Pas de d&eacute;ception cette semaine&nbsp;:-)</li> </ul> <p><strong>Correctifs en attente</strong></p> <ul> <li>Stephen Frost sent in two more revisions of a patch to fix psql's ability to clean up when quitting the pager, which resulted in queries continuing to run after the pager exited.</li> <li>Fujii Masao sent in two revisions of a patch to fix smart shutdown for Hot Standby.</li> <li>Fujii Masao sent in a patch to distinguish normal shutdown from unexpected exit, while the server is in recovery.</li> <li>Tom Lane sent in a patch to fix a performance issue with textanycat/anytextcat.</li> <li>Alvaro Herrera sent in a patch to fix an issue with fillfactor on TOAST tables.</li> <li>Florian Pflug sent in two revisions of a patch to fix SERIALIZABLE transactions.</li> <li>Kevin Grittner sent in a WIP patch for 9.1 to do true SERIALIZABLE using predicate locking.</li> <li>Joel Jacobson sent in another revision of the patch to implement pg_stat_transaction.</li> <li>Robert Haas sent in a patch to add a hook called ExecutorCheckPerms(), per discussion.</li> <li>Andres Freund sent in a patch which replaces the current CRC32 with a more efficient version from zlib.</li> <li>Jeff Davis sent in a patch to change a sanity check in exclusion constraints.</li> <li>Jeff Davis sent in a patch for 9.1 to add btree_gist support for the "&gt;&lt;" operator.</li> </ul>