rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/contrib
History
Tom Lane ca59dfa6f7 Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 
A password containing a character with the high bit set was misprocessed
on machines where char is signed (which is most).  This could cause the
preceding one to three characters to fail to affect the hashed result,
thus weakening the password.  The result was also unportable, and failed
to match some other blowfish implementations such as OpenBSD's.

Since the fix changes the output for such passwords, upstream chose
to provide a compatibility hack: password salts beginning with $2x$
(instead of the usual $2a$ for blowfish) are intentionally processed
"wrong" to give the same hash as before.  Stored password hashes can
thus be modified if necessary to still match, though it'd be better
to change any affected passwords.

In passing, sync a couple other upstream changes that marginally improve
performance and/or tighten error checking.

Back-patch to all supported branches.  Since this issue is already
public, no reason not to commit the fix ASAP.
 		2011-06-21 14:41:05 -04:00
..
adminpack pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
auth_delay pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
auto_explain Revise the API for GUC variable assign hooks. 2011-04-07 00:12:02 -04:00
btree_gin Support "make check" in contrib 2011-04-25 22:27:11 +03:00
btree_gist Pgindent run before 9.1 beta2. 2011-06-09 14:32:50 -04:00
chkpass Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
citext Make citext's equality and hashing functions collation-insensitive. 2011-06-08 15:25:02 -04:00
cube Support "make check" in contrib 2011-04-25 22:27:11 +03:00
dblink Support "make check" in contrib 2011-04-25 22:27:11 +03:00
dict_int Support "make check" in contrib 2011-04-25 22:27:11 +03:00
dict_xsyn Support "make check" in contrib 2011-04-25 22:27:11 +03:00
dummy_seclabel pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
earthdistance Support "make check" in contrib 2011-04-25 22:27:11 +03:00
file_fdw Support "make check" in contrib 2011-04-25 22:27:11 +03:00
fuzzystrmatch pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
hstore Support "make check" in contrib 2011-04-25 22:27:11 +03:00
intagg Rethink naming of contrib/intagg extension. 2011-02-14 21:00:24 -05:00
intarray Support "make check" in contrib 2011-04-25 22:27:11 +03:00
isn Clean up most -Wunused-but-set-variable warnings from gcc 4.6 2011-04-11 22:28:45 +03:00
lo Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
ltree Support "make check" in contrib 2011-04-25 22:27:11 +03:00
oid2name Use consistent spacing for PGAPPICON Makefile option. 2011-01-24 20:46:30 -05:00
pageinspect Clean up most -Wunused-but-set-variable warnings from gcc 4.6 2011-04-11 22:28:45 +03:00
passwordcheck Stamp copyrights for year 2011. 2011-01-01 13:18:15 -05:00
pg_archivecleanup Improve pg_archivecleanup and pg_standby --help output 2011-05-05 23:19:13 +03:00
pg_buffercache Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
pg_freespacemap Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
pg_standby Pgindent run before 9.1 beta2. 2011-06-09 14:32:50 -04:00
pg_stat_statements pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
pg_test_fsync Put pg_test_fsync --help and --version output in line with conventions 2011-05-10 21:34:26 +03:00
pg_trgm Support "make check" in contrib 2011-04-25 22:27:11 +03:00
pg_upgrade In pg_upgrade, clean up code layout in validateDirectoryOption(). 2011-06-15 17:23:02 -04:00
pg_upgrade_support pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
pgbench Put options help in alphabetical order 2011-05-10 21:48:07 +03:00
pgcrypto Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 2011-06-21 14:41:05 -04:00
pgrowlocks Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
pgstattuple Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
seg Replace strdup() with pstrdup(), to avoid leaking memory. 2011-05-18 22:49:22 -04:00
sepgsql pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
spi Recode non-ASCII characters in source to UTF-8 2011-05-31 23:11:46 +03:00
sslinfo More fixups for "unpackaged" conversion scripts. 2011-02-13 23:33:18 -05:00
start-scripts Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
tablefunc Support "make check" in contrib 2011-04-25 22:27:11 +03:00
test_parser Support "make check" in contrib 2011-04-25 22:27:11 +03:00
tsearch2 Support "make check" in contrib 2011-04-25 22:27:11 +03:00
unaccent Support "make check" in contrib 2011-04-25 22:27:11 +03:00
uuid-ossp Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
vacuumlo Use consistent spacing for PGAPPICON Makefile option. 2011-01-24 20:46:30 -05:00
xml2 Support "make check" in contrib 2011-04-25 22:27:11 +03:00
Makefile Add contrib/file_fdw foreign-data wrapper for reading files via COPY. 2011-02-20 14:06:59 -05:00
README Recode non-ASCII characters in source to UTF-8 2011-05-31 23:11:46 +03:00
contrib-global.mk Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00

README 

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly because
they address a limited audience or are too experimental to be part of
the main source tree.  This does not preclude their usefulness.

User documentation for each module appears in the main SGML documentation.

Most items can be built with `gmake all' and installed with
`gmake install' in the usual fashion, after you have run the `configure'
script in the top-level directory.  Some directories supply new
user-defined functions, operators, or types.  In these cases, after you have
installed the files you need to register the new entities in the database
system by running the commands in the supplied .sql file.  For example,

	$ psql -d dbname -f module.sql

See the PostgreSQL documentation for more information about this
procedure.


Index:
------

adminpack -
	File and log manipulation routines, used by pgAdmin
	by Dave Page <dpage@vale-housing.co.uk>

auth_delay
	Add a short delay after a failed authentication attempt, to make
	brute-force attacks on database passwords a bit harder.
	by KaiGai Kohei <kaigai@ak.jp.nec.com>

auto_explain -
	Log EXPLAIN output for long-running queries
	by Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>

btree_gin -
	Support for emulating BTREE indexing in GIN
	by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>

btree_gist -
	Support for emulating BTREE indexing in GiST
	by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>

chkpass -
	An auto-encrypted password datatype
	by D'Arcy J.M. Cain <darcy@druid.net>

citext -
	A case-insensitive character string datatype
	by David E. Wheeler <david@kineticode.com>

cube -
	Multidimensional-cube datatype (GiST indexing example)
	by Gene Selkov, Jr. <selkovjr@mcs.anl.gov>

dblink -
	Allows remote query execution
	by Joe Conway <mail@joeconway.com>

dict_int -
	Text search dictionary template for integers
	by Sergey Karpov <karpov@sao.ru>

dict_xsyn -
	Text search dictionary template for extended synonym processing
	by Sergey Karpov <karpov@sao.ru>

earthdistance -
	Functions for computing distances between two points on Earth
	by Bruno Wolff III <bruno@wolff.to> and Hal Snyder <hal@vailsys.com>

file_fdw
	Foreign-data wrapper for server-side CSV/TEXT files
	by Shigeru Hanada <hanada@metrosystems.co.jp>

fuzzystrmatch -
	Levenshtein, metaphone, and soundex fuzzy string matching
	by Joe Conway <mail@joeconway.com> and Joel Burton <jburton@scw.org>

hstore -
	Module for storing (key, value) pairs
	by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>

intagg -
	Integer aggregator
	by mlw <markw@mohawksoft.com>

intarray -
	Index support for arrays of int4, using GiST
	by Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>

isn -
	PostgreSQL type extensions for ISBN, ISSN, ISMN, EAN13 product numbers
	by Germán Méndez Bravo (Kronuz) <kronuz@hotmail.com>

lo -
	Large Object maintenance
	by Peter Mount <peter@retep.org.uk>

ltree -
	Tree-like data structures
	by Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>

oid2name -
	Maps numeric files to table names
	by B Palmer <bpalmer@crimelabs.net>

pageinspect -
	Allows inspection of database pages
	Heikki Linnakangas <heikki@enterprisedb.com>

passwordcheck -
	Simple password strength checker
	Laurenz Albe <laurenz.albe@wien.gv.at>

pg_buffercache -
	Real time queries on the shared buffer cache
	by Mark Kirkwood <markir@paradise.net.nz>

pg_freespacemap -
	Displays the contents of the free space map (FSM)
	by Mark Kirkwood <markir@paradise.net.nz>

pg_standby -
	Sample archive_command for warm standby operation
	by Simon Riggs <simon@2ndquadrant.com>

pg_stat_statements -
	Track statement execution times across a whole database cluster
	by Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>

pg_test_fsync -
	Test different wal_sync_method settings
	by Bruce Momjian <bruce@momjian.us>

pg_trgm -
	Functions for determining the similarity of text based on trigram
	matching.
	by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>

pg_upgrade -
	Support for in-place upgrade between major releases of PostgreSQL
	Bruce Momjian <bruce@momjian.us> and others

pgbench -
	TPC-B like benchmarking tool
	by Tatsuo Ishii <ishii@sraoss.co.jp>

pgcrypto -
	Cryptographic functions
	by Marko Kreen <marko@l-t.ee>

pgrowlocks -
	A function to return row locking information
	by Tatsuo Ishii <ishii@sraoss.co.jp>

pgstattuple -
	Functions to return statistics about "dead" tuples and free
	space within a table
	by Tatsuo Ishii <ishii@sraoss.co.jp>

seg -
	Confidence-interval datatype (GiST indexing example)
	by Gene Selkov, Jr. <selkovjr@mcs.anl.gov>

sepgsql -
	External security provider using SELinux
	by KaiGai Kohei <kaigai@ak.jp.nec.com>

spi -
	Various trigger functions, examples for using SPI.

sslinfo -
	Functions to get information about SSL certificates
	by Victor Wagner <vitus@cryptocom.ru>

start-scripts -
	Scripts for starting the server at boot time on various platforms.

tablefunc -
	Examples of functions returning tables
	by Joe Conway <mail@joeconway.com>

test_parser -
	Sample text search parser
	by Sergey Karpov <karpov@sao.ru>

tsearch2 -
	Compatibility package for the pre-8.3 implementation of text search.
	Pavel Stehule <pavel.stehule@gmail.com>, based on code originally by
	Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>.

unaccent -
	Unaccent dictionary for text search
	Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>.

uuid-ossp -
	UUID generation functions
	by Peter Eisentraut <peter_e@gmx.net>

vacuumlo -
	Remove orphaned large objects
	by Peter T Mount <peter@retep.org.uk>

xml2 -
	Storing XML in PostgreSQL
	by John Gray <jgray@azuli.co.uk>