postgresql - postgresql mirror

	Commit message (Collapse)	Author	Age
*	Sync our regex code with upstream changes since last time we did this, which	Tom Lane	2008-02-14
\| \| \| \| \| \| \| \| \| \| \| \| \|	was Tcl 8.4.8. The main changes are to remove the never-fully-implemented code for multi-character collating elements, and to const-ify some stuff a bit more fully. In combination with the recent security patch, this commit brings us into line with Tcl 8.5.0. Note that I didn't make any effort to duplicate a lot of cosmetic changes that they made to bring their copy into line with their own style guidelines, such as adding braces around single-line IF bodies. Most of those we either had done already (such as ANSI-fication of function headers) or there is no point because pgindent would undo the change anyway.
*	Fix assorted security-grade bugs in the regex engine. All of these problems	Tom Lane	2008-01-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	are shared with Tcl, since it's their code to begin with, and the patches have been copied from Tcl 8.5.0. Problems: CVE-2007-4769: Inadequate check on the range of backref numbers allows crash due to out-of-bounds read. CVE-2007-4772: Infinite loop in regex optimizer for pattern '($\|^)*'. CVE-2007-6067: Very slow optimizer cleanup for regex with a large NFA representation, as well as crash if we encounter an out-of-memory condition during NFA construction. Part of the response to CVE-2007-6067 is to put a limit on the number of states in the NFA representation of a regex. This seems needed even though the within-the-code problems have been corrected, since otherwise the code could try to use very large amounts of memory for a suitably-crafted regex, leading to potential DOS by driving the system into swap, activating a kernel OOM killer, etc. Although there are certainly plenty of ways to drive the system into effective DOS with poorly-written SQL queries, these problems seem worth treating as security issues because many applications might accept regex search patterns from untrustworthy sources. Thanks to Will Drewry of Google for reporting these problems. Patches by Will Drewry and Tom Lane. Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067
*	Standard pgindent run for 8.1.	Bruce Momjian	2005-10-15
\|
*	Add parentheses to macros when args are used in computations. Without	Bruce Momjian	2005-05-25
\| \| \| \|	them, the executation behavior could be unexpected.
*	make sure the $Id tags are converted to $PostgreSQL as well ...	PostgreSQL Daemon	2003-11-29
\|
*	pgindent run.	Bruce Momjian	2003-08-04
\|
*	Replace regular expression package with Henry Spencer's latest version	Tom Lane	2003-02-05
	(extracted from Tcl 8.4.1 release, as Henry still hasn't got round to making it a separate library). This solves a performance problem for multibyte, as well as upgrading our regexp support to match recent Tcl and nearly match recent Perl.