postgresql - postgresql mirror

	Commit message (Collapse)	Author	Age
*	Remove redundant message in AddUserToTokenDacl().	Noah Misch	2016-04-06
\| \| \| \| \| \| \| \|	GetTokenUser() will have reported an adequate error message. These error conditions almost can't happen, so users are unlikely to observe this change. Reviewed by Tom Lane and Stephen Frost.
*	Refer to a TOKEN_USER payload as a "token user," not as a "user token".	Noah Misch	2016-04-01
\| \| \| \| \|	This corrects messages for can't-happen errors. The corresponding "user token" appears in the HANDLE argument of GetTokenInformation().
*	Update copyright for 2016	Bruce Momjian	2016-01-02
\| \| \| \|	Backpatch certain files through 9.1
*	On Darwin, detect and report a multithreaded postmaster.	Noah Misch	2015-01-07
\| \| \| \| \| \| \| \| \|	Darwin --enable-nls builds use a substitute setlocale() that may start a thread. Buildfarm member orangutan experienced BackendList corruption on account of different postmaster threads executing signal handlers simultaneously. Furthermore, a multithreaded postmaster risks undefined behavior from sigprocmask() and fork(). Emit LOG messages about the problem and its workaround. Back-patch to 9.0 (all supported versions).
*	Update copyright for 2015	Bruce Momjian	2015-01-06
\| \| \| \|	Backpatch certain files through 9.0
*	Prevent potential overruns of fixed-size buffers.	Tom Lane	2014-02-17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Coverity identified a number of places in which it couldn't prove that a string being copied into a fixed-size buffer would fit. We believe that most, perhaps all of these are in fact safe, or are copying data that is coming from a trusted source so that any overrun is not really a security issue. Nonetheless it seems prudent to forestall any risk by using strlcpy() and similar functions. Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports. In addition, fix a potential null-pointer-dereference crash in contrib/chkpass. The crypt(3) function is defined to return NULL on failure, but chkpass.c didn't check for that before using the result. The main practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). This ideally should've been a separate commit, but since it touches code adjacent to one of the buffer overrun changes, I included it in this commit to avoid last-minute merge issues. This issue was reported by Honza Horak. Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
*	Update copyright for 2014	Bruce Momjian	2014-01-07
\| \| \| \| \|	Update all files in head, and files COPYRIGHT and legal.sgml in all back branches.
*	Switch dependency order of libpgcommon and libpgport	Peter Eisentraut	2013-10-17
	Continuing 63f32f3416a8b4f8e057dc184e8e8eae734ccc8a, libpgcommon should depend on libpgport, but not vice versa. But wait_result_to_str() in wait_error.c depends on pstrdup() in libpgcommon. So move exec.c and wait_error.c from libpgport to libpgcommon. Also switch the link order in the place that's actually used by the failing ecpg builds. The function declarations have been left in port.h for now. That should perhaps be separated sometime.