Thread: [SECURITY] New set of PostgreSQL RPMS are available for download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ---------------------------------------------------------------------
PostgreSQL RPM Set Update
2004-10-26

Version(s): 7.3.8, 7.4.6

New set labels: 7.3.8-2PGDG, 7.4.6-2PGDG
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
Update Info:

Due to a security bug in RPM sets, new RPM sets for 7.4.6 and 7.3.8 have
been released. They are available in FTP site and synched mirrors. Due to
the seriousness of the bug, it is strongly recommended that administrators
upgrade their database servers at their earliest convenience.

Also, some minor changes have been applied to the spec files.

It should be noted that, for those looking to upgrade from a 7.4.0/7.4.1
server to 7.4.6, that there a dump-n-reload is *recommended* (but not
required) to address a fix introduced between 7.4.1 and 7.4.2. Please
refer to the 7.4.6 HISTORY file for information on how this can be
accomplished without a dump-n-reload, as there are steps that can be
followed for this.

7.4.6-2 set also includes RPMs for RHAS 2.1, thanks to Gaetano Mendola for
the effort.

These sets include RPMs and SRPMs for Fedora Core 1, Fedore Core 2, Red
Hat Enterprise Linux 3.0, Red Hat Linux 9 and Red Hat Advanced Server 2.1.
md5sums are also provided with the packages.
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
Changes since 7.4.6-1PGDG and 7.3.8-1PGDG RPMs:

* Updated init script to preventa nefarious postgres user from obtaining
root privileges.(per Red Hat Bugzilla #136947, #136949)
* Updated kerbdir
* Updated PyGreSQL from 3.4 to 3.5 (only for 7.4.6-2PGDG)
* Updated spec file to correct permissions for PyGreSQL permissions (per
Red Hat RPMS) (for only 7.4.6-2PGDG)
* Updated doc files for PyGreSQL (only for 7.4.6-2PGDG)
* Modified if-endif lines for tcl&tcldevel prereq lines (per Red Hat RPMS)
* Applied getppid.patch as patch #4 (per Red Hat RPMS)
- - Updated preun and postun server scripts, per Red Hat RPMS
- ----------------------------------------------------------------------

Please download these from one of our FTP mirror sites:

http://www.PostgreSQL.org/mirrors-ftp.html

or from Bittorrent (Thanks to David Fetter) :

http://bt.PostgreSQL.org

As always, please report any bugs to pgsql-bugs@postgresql.org

Regards,
- --
Devrim GUNDUZ
devrim~gunduz.org                devrim.gunduz~linux.org.tr
             http://www.tdmsoft.com
             http://www.gunduz.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBfobetl86P3SPfQ4RArLrAJ9iau6uicftPX7VjWVwF/AgcW2lbQCdHXCT
JRFRQVj1nJ7h0jxdgrKARxU=
=yQGE
-----END PGP SIGNATURE-----

Devrim GUNDUZ wrote:

> * Updated PyGreSQL from 3.4 to 3.5 (only for 7.4.6-2PGDG)

Given the fact that PyGreSQL is still affected by the unfamous
"idle in transaction" behaviour:


     def __init__(self, cnx):
         self.__cnx = cnx
         self.__cache = pgdbTypeCache(cnx)
         try:
             src = self.__cnx.source()
             src.execute("BEGIN")
         except:
             raise OperationalError, "invalid connection."

     def close(self):
         self.__cnx.close()

     def commit(self):
         try:
             src = self.__cnx.source()
             src.execute("COMMIT")
             src.execute("BEGIN")
         except:
             raise OperationalError, "can't commit."

     def rollback(self):
         try:
             src = self.__cnx.source()
             src.execute("ROLLBACK")
             src.execute("BEGIN")
         except:
             raise OperationalError, "can't rollback."




why do not distribute with next RPM the psycopg instead ?



Regards
Gaetano Mendola