PostgreSQL Summer of Code 2008

PostgreSQL has been invited by Google to be part of Google's Summer of Code
2008. They are calling all students, professors and potential mentors to
participate.

For Summer of Code, Google will be paying for student internships to work
on PostgreSQL features and applications. They've put up a list of ideas,
including guidelines for submissions and more. Applications for students
open March 25th, and close March 31, so urge any students you know to get
your applications prepared right away!

-- Ideas and Guidelines:
http://www.postgresql.org/developer/summerofcode

-- Summer of Code FAQ:
http://code.google.com/opensource/gsoc/2008/faqs.html

Guido van Rossum posted the slides of his PyCon 2008 keynote on python.org

Guido van Rossum posted the slides of his PyCon 2008 keynote on python.org

There's both a PowerPoint and a PDF file.

PS. The Python 3.0 final release is now scheduled for September 3, 2008. See PEP 361.

PostgreSQL 8.3 has been released

Today the PostgreSQL Global Development Group releases the long-awaited
version 8.3 of the most advanced open source database, which cements our
place as the best performing open source database. Among the
performance features you'll be excited about in 8.3 are:

-- Heap Only Tuples
-- BGWriter Autotuning
-- Asynchronous Commit
-- Spread Checkpoints
-- Synchronous Scan
-- "Var-Varlena"
-- L2 Cache Protection
-- Lazy XID

8.3 also has a lot of cool features for PostgreSQL DBAs and developers,
including:

-- SQL/XML
-- CSV Logging
-- MS Visual C++ support
-- ENUMs
-- Integrated Tsearch
-- SSPI & GSSAPI
-- Composite Type Arrays
-- pg_standby

There are many, many other features included in this release. Visit thefeatures list (http://www.postgresql.org/about/press/features83.html)and the features matrix (http://www.postgresql.org/about/featurematrix)for more information, and browse the release notes(http://www.postgresql.org/docs/8.3/static/release-8-3.html) to see themore than 300 patches that went into the release. You can even visit the press page (http://www.postgresql.org/about/press/presskit83.html).
Or just go ahead and download and install 8.3:
-- Source: http://www.postgresql.org/ftp/source/v8.3.0-- Windows Binaries: http://www.postgresql.org/ftp/binary/v8.3.0/win32-- Fedora, Red Hat, Solaris Binaries:http://www.postgresql.org/ftp/binary/v8.3.0

PostgreSQL Global Development Group released updated versions which patch five security vulnerabilities

Today the PostgreSQL Global Development Group is releasing updated
versions which patch five security vulnerabilities. These releases
update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and
7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins
should install the update as soon as they reasonably can. Our security
team has made all efforts to make these patches backwards-compatible,
and upgrading does not require converting your data files.

Please read the remainder of this message for further important details
and announcements.

Details of Security Fixes
----------------------------
There are five security fixes included in this release. None of these
issues are known to have been exploited in the field; they were
discovered through security analysis.

Index Functions Privilege Escalation (CVE-2007-6600): as a unique
feature, PostgreSQL allows users to create indexes on the results of
user-defined functions, known as "expression indexes". This provided
two vulnerabilities to privilege escalation: (1) index functions were
executed as the superuser and not the table owner during VACUUM and
ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
permitted within index functions. Both of these holes have now been
closed.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,
CVE-2007-4769): three separate issues in the regular expression
libraries used by PostgreSQL allowed malicious users to initiate a
denial-of-service by passing certain regular expressions in SQL queries.
First, users could create infinite loops using some specific regular
expressions. Second, certain complex regular expressions could consume
excessive amounts of memory. Third, out-of-range backref numbers could
be used to crash the backend. All of these issues have been patched.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined
with local trust or ident authentication could be used by a malicious
user to gain superuser privileges. This issue has been fixed, and does
not affect users who have not installed DBLink (an optional module), or
who are using password authentication for local access. This same
problem was addressed in the previous release cycle (see CVE-2007-3278),
but that patch failed to close all forms of the loophole.

EOL Notices
---------------------
Minor release 7.3.21 for PostgreSQL version 7.3 will be the last update
to the 7.3 branch. As version 7.3 is now over five years old, the
community will no longer release patches for it after today's release.
Users of version 7.3 are encouraged to upgrade to a more current version
as soon as possible, or to seek support from a commercial support vendor
who is willing to continue backpatching for them.

8.1.11 and 8.0.15 are also the last 8.1 and 8.0 update releases for
which the PostgreSQL community will produce binary packages for Windows.
Windows users are encouraged to move to 8.2.6 or later, since there are
Windows-specific fixes in 8.2 that are impractical to back-port. 8.1
and 8.0 updates will continue to be supported on other platforms and in
source form.

Download and Install
------------------------
PostgreSQL minor releases 8.2.6, 8.1.11, 8.0.15, 7.4.19 and 7.3.21 are
available through our FTP mirror network:

-- Source Code: http://www.postgresql.org/ftp/source/
-- Binaries for some platforms: http://www.postgresql.org/ftp/binary/

If you need additional information on the included updates, it's
available in the Release Notes
(http://www.postgresql.org/docs/current/static/release.html). These
upgrades can be copied directly over existing PostgreSQL binaries and do
not require dump-and-reload for any system which has been updated in the
last six months (older versions may require some specific post-update
steps; see the release notes).

As always, PostgreSQL update releases are cumulative. All security
fixes will be included in the upcoming version 8.3 release candidate.
This notice will be posted to the PostgreSQL security page:
http://www.postgresql.org/support/security

pgAdmin III v1.8.1 released

pgAdmin 1.8.1, the Open Source graphical PostgreSQL administration tool
for Windows, Linux, FreeBSD, Mac OS X and Solaris, now available for
download in source and a variety of binary formats from:

http://www.pgadmin.org/download/

v1.8.1 is primarily a bug fix release, including the following changes:

- Fix a bug that could cause a crash on GTK when closing the query tool
in certain circumstances.
- Avoid a crash if the connection is lost and the Functions node is
refreshed.
- Avoid crashes when working with objects with % characters in the
name.
- Properly reverse-engineer the SQL for indexes with DESC, NULLS FIRST
or NULLS LAST column options.
- Only offer the Jobs node if the user can access the pgagent schema.
- Ensure the 'Create Rule' context menu option is always offered when
appropriate.
- Prevent the user from trying to debug catalog objects.
- Refresh the tree without erroring after creating a new package on
EnterpriseDB.
- Fix a crash that occured if an object called '%' was selected in the
treeview, per Alexander Steffens.
- Fix a line number error in the debugger seen with procedures which
start on the same line as the 'CREATE PROCEDURE foo IS ...' Per report
from Heikki Linnakangas.
- Cleanup the covering index control logic in the Foreign Key dialogue.
- Fix to refresh version string and number, and last OID, per a report
from Alexander Kirpa.
- Disable CREATE FUNCTION etc. under EnterpriseDB packages because they
are created as part of the main package body.
- Fix some broken references to online help pages.
- Don't offer 'Drop Cascaded' unless the user can 'Drop' the object.
- Prevent non-superusers from attempting to use the debugger because the
plugin API won't let them anyway.
- Check that functions exist before debugging or setting global
breakpoints on them. Remove them from the treeview if not.
- Correct the URL for the EDB public synonym help page
- Handle the corner case when a user includes quotes in an object name
(backport of 2007-10-26 fix applied to trunk)
- Fix the debugger's connection class to ensure database names requiring
quotes will work and that is can be used with SSL and Kerberos
connections.
- Allow the length of array-typed columns to be changed (eg. 'character
varying[](100)'), per report from Ferenc Lutischan
- Don't allow the user to direct-debug trigger functions, only global
breakpoints should be used on them (or the trigger itself).
- Don't offer edbspl functions when creating triggers as they should
have inline bodies.
- Don't quote database names that happen to be keywords when starting
the debugger.
- Don't offer package names and system schemas as schemas when creating
public synonyms.
- Fix pgAgent's job query when a host agent is specified so that jobs
don't execute every time round the loop regardless of schedule, per
Brian Kalbfus.
- Add EnterpriseDB's default database (edb) to the Server dialog's
default option.
- Don't allow the user to debug an EnterpriseDB package function or
procedure if the body isn't defined.
- Don't offer the user the chance to create new columns on system
catalogues.
- Fix the debugger to send actual NULL values rather than 'NULL' through
the EnterpriseDB callable statement API. Allow parameter values to be
NULL or empty strings on both PostgreSQL and EnterpriseDB using the
same syntax as the Edit Grid.
- Always open the PostgreSQL Help when selecting that menu option, even
if connected to EnterpriseDB.
- Fix EnterpriseDB public synonym loading so that they aren't considered
system objects.
- Fix path discovery on Unix so standard installs can be relocated
easily.
- Fix character number display in the query tool.
- Use popen() when testing the versions of helper apps on non-windows
platforms to avoid an obscure bug on PPC Macs that could leave
wxExecute hanging indefinitely whilst waiting on a zombie process.
- When creating a new index and specifying both tablespace and fill
factor, make sure the SQL is formulated correctly, per Stefan Wolf
- Fix the locks tab on the server status dialogue so it works correctly
with PostgreSQL 8.3+.
- Properly format the object comments shown in the properties list when
a collection node is selected. Per report from Mike Blackwell.
- Fix a bug preventing the 'on error' flag of a pgAgent job step being
edited, per Jon Roberts.
- Properly escape _'s in queries for schemas, per Derek Fonda.
- Don't try to enable/disable prepared transaction related controls on
pre-8.1 servers, per Karl Zellnig

Django Running on Jython

It is true, Django is running on Jython. Check out all the details here: http://zyasoft.com/pythoneering/2008/01/django-on-jython-minding-gap.html

Inaugural Issue Of Postgres Online Magazine Available

The inaugural issue of the Postgres Online Magazine is available. The magazine is available in two formats: HTML and PDF

Here is the table of contents

From the Editors
PostgreSQL The Road Behind and Ahead

What's new and upcoming in PostgreSQL
PostgreSQL 8.3 is just around the Corner

PostgreSQL Q & A
Converting from Unix Timestamp to PostgreSQL Timestamp or Date Beginner
Using Distinct ON to return newest order for each customer Intermediate
How to create an index based on a function Intermediate

Basics
The Anatomy of a PostgreSQL - Part 1 Beginner
How does CLUSTER ON improve index performance Intermediate

PL Programming
Language Architecture in PostgreSQL Intermediate

Using PostgreSQL Contribs
PostGIS for geospatial analysis and mapping Intermediate

Application Development
Database Abstraction with Updateable Views Advanced

Product Showcase
Serendipity Blogging Software

A Product of Paragon Corporation

You can read the magazine here: http://www.postgresonline.com/