From 2f52c4f7c4aacf1ab15a3da29e44028a97d524e1 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Sat, 25 Nov 2017 09:43:20 -0500 Subject: [PATCH] Clean up whitespace in primary Python / HTML files Clean up the whitespace in the primary Python / HTML files in order to make it easier to apply changes going forward. --- pgweb/account/urls.py | 1 - pgweb/contributors/views.py | 1 - pgweb/downloads/forms.py | 1 - pgweb/downloads/models.py | 1 - pgweb/downloads/views.py | 5 +- pgweb/events/feeds.py | 1 - pgweb/events/models.py | 13 +- pgweb/events/views.py | 1 - pgweb/featurematrix/views.py | 1 - pgweb/lists/forms.py | 1 - pgweb/lists/models.py | 4 +- pgweb/lists/views.py | 6 +- pgweb/misc/forms.py | 1 - pgweb/news/feeds.py | 1 - pgweb/news/forms.py | 1 - pgweb/news/models.py | 4 +- pgweb/news/views.py | 1 - pgweb/profserv/forms.py | 1 - pgweb/profserv/models.py | 9 +- pgweb/profserv/views.py | 2 +- pgweb/quotes/models.py | 2 +- pgweb/search/models.py | 1 - pgweb/settings.py | 1 - pgweb/sponsors/admin.py | 1 - pgweb/sponsors/models.py | 11 +- pgweb/sponsors/views.py | 1 - pgweb/survey/admin.py | 1 - pgweb/survey/models.py | 1 - pgweb/survey/views.py | 1 - pgweb/util/auth.py | 1 - pgweb/util/helpers.py | 3 +- pgweb/util/middleware.py | 2 +- templates/account/communityauth_cooloff.html | 1 - templates/account/communityauth_noinfo.html | 1 - templates/account/index.html | 1 - templates/account/login.html | 1 - templates/account/objectlist.html | 1 - templates/account/orglist.html | 1 - templates/base/form.html | 1 - templates/base/page.html | 1 - templates/contributors/list.html | 1 - templates/downloads/categorylist.html | 1 - templates/downloads/ftpbrowser.html | 1 - templates/downloads/inc_mirror.html | 1 - templates/downloads/mirrorselect.html | 1 - templates/downloads/productlist.html | 1 - templates/events/rss_description.html | 1 - templates/featurematrix/featuredetail.html | 1 - templates/featurematrix/featurematrix.html | 1 - templates/lists/subscribed.html | 1 - templates/misc/bug_completed.html | 1 - templates/news/item.html | 1 - templates/news/newsarchive.html | 1 - templates/news/rss_description.html | 1 - templates/pages/about.html | 4 +- templates/pages/about/advantages.html | 3 +- templates/pages/about/contact.html | 4 +- templates/pages/about/donate_pg_org.html | 10 +- templates/pages/about/history.html | 14 +- templates/pages/about/licence.html | 8 +- templates/pages/about/users.html | 2 +- templates/pages/community/international.html | 2 +- templates/pages/community/propaganda.html | 2 +- templates/pages/developer.html | 8 +- templates/pages/developer/backend.html | 1 - templates/pages/developer/core.html | 2 +- templates/pages/developer/roadmap.html | 4 +- .../pages/developer/summerofcode2011.html | 2 +- .../pages/developer/summerofcode2012.html | 2 +- .../pages/developer/summerofcode2013.html | 4 +- .../pages/developer/summerofcode2014.html | 4 +- .../pages/developer/summerofcodeadvice.html | 1 - templates/pages/download.html | 6 +- templates/pages/download/freebsd.html | 4 +- templates/pages/download/snapshots.html | 6 +- templates/pages/download/windows.html | 14 +- templates/pages/support.html | 4 +- templates/pages/support/security.html | 38 ++--- .../support/security/faq/2013-04-04.html | 149 +++++++++--------- templates/pages/support/security_archive.html | 12 +- templates/profserv/list.html | 1 - templates/profserv/root.html | 1 - 82 files changed, 181 insertions(+), 235 deletions(-) diff --git a/pgweb/account/urls.py b/pgweb/account/urls.py index 1b28bf9c..505a5a8f 100644 --- a/pgweb/account/urls.py +++ b/pgweb/account/urls.py @@ -50,4 +50,3 @@ urlpatterns = patterns('', for provider in settings.OAUTH.keys(): urlpatterns.append(url(r'^login/({0})/$'.format(provider), 'pgweb.account.oauthclient.login_oauth')) - diff --git a/pgweb/contributors/views.py b/pgweb/contributors/views.py index 8cbac84c..13867e7c 100644 --- a/pgweb/contributors/views.py +++ b/pgweb/contributors/views.py @@ -9,4 +9,3 @@ def completelist(request): return render_to_response('contributors/list.html', { 'contributortypes': contributortypes, }, NavContext(request, 'community')) - diff --git a/pgweb/downloads/forms.py b/pgweb/downloads/forms.py index 58e8544a..93a952dd 100644 --- a/pgweb/downloads/forms.py +++ b/pgweb/downloads/forms.py @@ -13,4 +13,3 @@ If you have not done so, use this form class Meta: model = Product exclude = ('lastconfirmed', 'approved', ) - diff --git a/pgweb/downloads/models.py b/pgweb/downloads/models.py index bc97db37..a8114a75 100644 --- a/pgweb/downloads/models.py +++ b/pgweb/downloads/models.py @@ -86,4 +86,3 @@ class StackBuilderApp(models.Model): class Meta: unique_together = ('textid', 'version', 'platform', ) ordering = ('textid', 'name', 'platform', ) - diff --git a/pgweb/downloads/views.py b/pgweb/downloads/views.py index ccf8f5df..1229471a 100644 --- a/pgweb/downloads/views.py +++ b/pgweb/downloads/views.py @@ -26,7 +26,7 @@ from forms import ProductForm def ftpbrowser(request, subpath): if subpath: # An actual path has been selected. Fancy! - + if subpath.find('..') > -1: # Just claim it doesn't exist if the user tries to do this # type of bad thing @@ -89,7 +89,7 @@ def ftpbrowser(request, subpath): # Fetch files files = [{'name': k, 'mtime': v['d'], 'size': v['s']} for k,v in node.items() if v['t'] == 'f'] - + breadcrumbs = [] if subpath: breadroot = "" @@ -260,4 +260,3 @@ def applications_v2_xml(request): x.endElement('applications') x.endDocument() return resp - diff --git a/pgweb/events/feeds.py b/pgweb/events/feeds.py index c64311f6..b21d678b 100644 --- a/pgweb/events/feeds.py +++ b/pgweb/events/feeds.py @@ -19,4 +19,3 @@ class EventFeed(Feed): def item_pubdate(self, obj): return datetime.combine(obj.startdate,time.min) - diff --git a/pgweb/events/models.py b/pgweb/events/models.py index 3bf8affc..afc2cc3d 100644 --- a/pgweb/events/models.py +++ b/pgweb/events/models.py @@ -9,20 +9,20 @@ class Event(models.Model): title = models.CharField(max_length=100, null=False, blank=False) isonline = models.BooleanField(null=False, default=False, verbose_name="Online event") city = models.CharField(max_length=50, null=False, blank=True) - state = models.CharField(max_length=50, null=False, blank=True) + state = models.CharField(max_length=50, null=False, blank=True) country = models.ForeignKey(Country, null=True, blank=True) language = models.ForeignKey(Language, null=True, blank=True, default='eng', help_text="Primary language for event. When multiple languages, specify this in the event description") - + training = models.BooleanField(null=False, blank=False, default=False) startdate = models.DateField(null=False, blank=False, verbose_name="Start date") enddate = models.DateField(null=False, blank=False, verbose_name="End date") - + summary = models.TextField(blank=False, null=False, help_text="A short introduction (shown on the events listing page)") details = models.TextField(blank=False, null=False, help_text="Complete event description") - + send_notification = True markdown_fields = ('details', 'summary', ) - + def purge_urls(self): yield '/about/event/%s/' % self.pk yield '/about/events/' @@ -55,7 +55,7 @@ class Event(models.Model): return self.startdate else: return "%s – %s" % (self.startdate, self.enddate) - + @property def locationstring(self): if self.isonline: @@ -67,4 +67,3 @@ class Event(models.Model): class Meta: ordering = ('-startdate','-enddate',) - diff --git a/pgweb/events/views.py b/pgweb/events/views.py index bff7d10d..411a8c00 100644 --- a/pgweb/events/views.py +++ b/pgweb/events/views.py @@ -50,4 +50,3 @@ def item(request, itemid, throwaway=None): def form(request, itemid): return simple_form(Event, itemid, request, EventForm, redirect='/account/edit/events/') - diff --git a/pgweb/featurematrix/views.py b/pgweb/featurematrix/views.py index 959d6f8f..3a8411ef 100644 --- a/pgweb/featurematrix/views.py +++ b/pgweb/featurematrix/views.py @@ -34,4 +34,3 @@ def detail(request, featureid): return render_to_response('featurematrix/featuredetail.html', { 'feature': feature, }, NavContext(request, 'about')) - diff --git a/pgweb/lists/forms.py b/pgweb/lists/forms.py index 0227853f..94f41fd6 100644 --- a/pgweb/lists/forms.py +++ b/pgweb/lists/forms.py @@ -8,4 +8,3 @@ class SubscribeForm(forms.Form): email = forms.EmailField(max_length=100,required=True,label="Email address") action = forms.ChoiceField(required=True, choices=(('subscribe','Subscribe'),('unsubscribe','Unsubscribe'))) lists = forms.ModelChoiceField(required=True, queryset=MailingList.objects.filter(active=True), label="Mailinglist") - diff --git a/pgweb/lists/models.py b/pgweb/lists/models.py index 9531a1cd..19cae1e0 100644 --- a/pgweb/lists/models.py +++ b/pgweb/lists/models.py @@ -12,7 +12,7 @@ class MailingListGroup(models.Model): def __unicode__(self): return self.groupname - + class Meta: ordering = ('sortkey', ) @@ -34,6 +34,6 @@ class MailingList(models.Model): def __unicode__(self): return self.listname - + class Meta: ordering = ('listname', ) diff --git a/pgweb/lists/views.py b/pgweb/lists/views.py index 827d6708..d823ee4d 100644 --- a/pgweb/lists/views.py +++ b/pgweb/lists/views.py @@ -41,12 +41,12 @@ def subscribe(request): 'operation': 'Legacy subscription', 'jquery': True, 'form_intro': """ -Note 1: Please ensure you read the Note 1: Please ensure you read the Archive Policy before posting to the lists.

-

Note 2: Please do not subscribe to mailing lists using e-mail -accounts protected by mail-back anti-spam systems. These are extremely annoying +

Note 2: Please do not subscribe to mailing lists using e-mail +accounts protected by mail-back anti-spam systems. These are extremely annoying to the list maintainers and other members, and you may be automatically unsubscribed.""" }, NavContext(request, "community")) diff --git a/pgweb/misc/forms.py b/pgweb/misc/forms.py index 624805ac..7ddd57f1 100644 --- a/pgweb/misc/forms.py +++ b/pgweb/misc/forms.py @@ -31,4 +31,3 @@ class SubmitBugForm(forms.Form): if self.cleaned_data.get('pgversion') == '-1': raise forms.ValidationError('You must select a version') return self.cleaned_data.get('pgversion') - diff --git a/pgweb/news/feeds.py b/pgweb/news/feeds.py index 8aeaf32f..3bd563d2 100644 --- a/pgweb/news/feeds.py +++ b/pgweb/news/feeds.py @@ -19,4 +19,3 @@ class NewsFeed(Feed): def item_pubdate(self, obj): return datetime.combine(obj.date,time.min) - diff --git a/pgweb/news/forms.py b/pgweb/news/forms.py index dd8f54c7..281a46e0 100644 --- a/pgweb/news/forms.py +++ b/pgweb/news/forms.py @@ -18,4 +18,3 @@ class NewsArticleForm(forms.ModelForm): class Meta: model = NewsArticle exclude = ('submitter', 'approved', ) - diff --git a/pgweb/news/models.py b/pgweb/news/models.py index 77a8fa04..c382356c 100644 --- a/pgweb/news/models.py +++ b/pgweb/news/models.py @@ -18,10 +18,10 @@ class NewsArticle(models.Model): yield '/news.rss' # FIXME: when to expire the front page? yield '/$' - + def __unicode__(self): return "%s: %s" % (self.date, self.title) - + def verify_submitter(self, user): return (len(self.org.managers.filter(pk=user.pk)) == 1) diff --git a/pgweb/news/views.py b/pgweb/news/views.py index 0e9c1889..37a731ff 100644 --- a/pgweb/news/views.py +++ b/pgweb/news/views.py @@ -26,4 +26,3 @@ def item(request, itemid, throwaway=None): def form(request, itemid): return simple_form(NewsArticle, itemid, request, NewsArticleForm, redirect='/account/edit/news/') - diff --git a/pgweb/profserv/forms.py b/pgweb/profserv/forms.py index e5cc20f4..f61cde67 100644 --- a/pgweb/profserv/forms.py +++ b/pgweb/profserv/forms.py @@ -13,4 +13,3 @@ If you have not done so, use this form class Meta: model = ProfessionalService exclude = ('submitter', 'approved', ) - diff --git a/pgweb/profserv/models.py b/pgweb/profserv/models.py index fef5e49d..076a1d98 100644 --- a/pgweb/profserv/models.py +++ b/pgweb/profserv/models.py @@ -27,17 +27,16 @@ class ProfessionalService(models.Model): provides_support = models.BooleanField(null=False, default=False) provides_hosting = models.BooleanField(null=False, default=False) interfaces = models.CharField(max_length=512, null=True, blank=True, verbose_name="Interfaces (for hosting)") - + purge_urls = ('/support/professional_', ) - + send_notification = True - + def verify_submitter(self, user): return (len(self.org.managers.filter(pk=user.pk)) == 1) def __unicode__(self): return self.org.name - + class Meta: ordering = ('org__name',) - diff --git a/pgweb/profserv/views.py b/pgweb/profserv/views.py index 18ae4083..c179ef20 100644 --- a/pgweb/profserv/views.py +++ b/pgweb/profserv/views.py @@ -43,7 +43,7 @@ def region(request, servtype, regionname): # DB model is a bit funky here, so use the extra-where functionality to filter properly. # Field names are cleaned up earlier, so it's safe against injections. services = ProfessionalService.objects.select_related('org').filter(approved=True).extra(where=["region_%s AND provides_%s" % (regionname, what),]) - + return render_to_response('profserv/list.html', { 'title': title, 'support': support, diff --git a/pgweb/quotes/models.py b/pgweb/quotes/models.py index 4d4ee914..f390f65e 100644 --- a/pgweb/quotes/models.py +++ b/pgweb/quotes/models.py @@ -6,7 +6,7 @@ class Quote(models.Model): who = models.CharField(max_length=100, null=False, blank=False) org = models.CharField(max_length=100, null=False, blank=False) link = models.URLField(null=False, blank=False) - + send_notification = True purge_urls = ('/about/quotesarchive/', '/$', ) diff --git a/pgweb/search/models.py b/pgweb/search/models.py index fe5cb304..4ee48cd5 100644 --- a/pgweb/search/models.py +++ b/pgweb/search/models.py @@ -1,2 +1 @@ #from django.db import models - diff --git a/pgweb/settings.py b/pgweb/settings.py index 8d8758e4..4264e6f3 100644 --- a/pgweb/settings.py +++ b/pgweb/settings.py @@ -177,4 +177,3 @@ OAUTH={} # OAuth providers and key # Load local settings overrides from settings_local import * - diff --git a/pgweb/sponsors/admin.py b/pgweb/sponsors/admin.py index 555c4b1d..d3029c7d 100644 --- a/pgweb/sponsors/admin.py +++ b/pgweb/sponsors/admin.py @@ -4,4 +4,3 @@ from models import Sponsor, SponsorType, Server admin.site.register(SponsorType) admin.site.register(Sponsor) admin.site.register(Server) - diff --git a/pgweb/sponsors/models.py b/pgweb/sponsors/models.py index e66851ce..6c0031ab 100644 --- a/pgweb/sponsors/models.py +++ b/pgweb/sponsors/models.py @@ -12,10 +12,10 @@ class SponsorType(models.Model): def __unicode__(self): return self.typename - + class Meta: ordering = ('sortkey', ) - + class Sponsor(models.Model): sponsortype = models.ForeignKey(SponsorType, null=False) name = models.CharField(max_length=128, null=False, blank=False) @@ -27,7 +27,7 @@ class Sponsor(models.Model): def __unicode__(self): return self.name - + class Meta: ordering = ('name', ) @@ -39,12 +39,11 @@ class Server(models.Model): os = models.CharField(max_length=32, null=False, blank=False) location = models.CharField(max_length=128, null=False, blank=False) usage = models.TextField(null=False, blank=False) - + purge_urls = ('/about/servers/', ) def __unicode__(self): return self.name - + class Meta: ordering = ('name', ) - diff --git a/pgweb/sponsors/views.py b/pgweb/sponsors/views.py index b708a2c2..c91a61b2 100644 --- a/pgweb/sponsors/views.py +++ b/pgweb/sponsors/views.py @@ -17,4 +17,3 @@ def servers(request): return render_to_response('sponsors/servers.html', { 'servers': servers, }, NavContext(request, 'about')) - diff --git a/pgweb/survey/admin.py b/pgweb/survey/admin.py index 47622530..23d62319 100644 --- a/pgweb/survey/admin.py +++ b/pgweb/survey/admin.py @@ -12,4 +12,3 @@ class SurveyAnswerAdmin(admin.ModelAdmin): admin.site.register(Survey, SurveyAdmin) admin.site.register(SurveyLock) admin.site.register(SurveyAnswer, SurveyAnswerAdmin) - diff --git a/pgweb/survey/models.py b/pgweb/survey/models.py index 28baa8c1..df33e448 100644 --- a/pgweb/survey/models.py +++ b/pgweb/survey/models.py @@ -93,4 +93,3 @@ class SurveyAnswer(models.Model): class SurveyLock(models.Model): ipaddr = models.GenericIPAddressField(null=False, blank=False) time = models.DateTimeField(null=False, auto_now_add=True) - diff --git a/pgweb/survey/views.py b/pgweb/survey/views.py index 05c8d18b..a2a2b244 100644 --- a/pgweb/survey/views.py +++ b/pgweb/survey/views.py @@ -60,4 +60,3 @@ def vote(request, surveyid): varnish_purge("/community/survey/%s/" % surveyid) return HttpResponseRedirect("/community/survey/%s/" % surveyid) - diff --git a/pgweb/util/auth.py b/pgweb/util/auth.py index ffca11e2..2712b91c 100644 --- a/pgweb/util/auth.py +++ b/pgweb/util/auth.py @@ -54,4 +54,3 @@ class AuthBackend(ModelBackend): return None return None # Should never get here, but just in case... - diff --git a/pgweb/util/helpers.py b/pgweb/util/helpers.py index a203b0ef..87e586ce 100644 --- a/pgweb/util/helpers.py +++ b/pgweb/util/helpers.py @@ -24,7 +24,7 @@ def simple_form(instancetype, itemid, request, formclass, formtemplate='base/for elif hasattr(instance, 'verify_submitter'): if not instance.verify_submitter(request.user): raise Exception("You are not the owner of this item!") - + if request.method == 'POST': # Process this form form = formclass(data=request.POST, instance=instance) @@ -88,4 +88,3 @@ class PgXmlHelper(django.utils.xmlutils.SimplerXMLGenerator): self.startElement(name, {}) self.characters(value) self.endElement(name) - diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py index 540eae84..52504968 100644 --- a/pgweb/util/middleware.py +++ b/pgweb/util/middleware.py @@ -1,7 +1,7 @@ from django.http import HttpResponseRedirect, HttpResponse from django.conf import settings -# Use thread local storage to pass the username down. +# Use thread local storage to pass the username down. # http://code.djangoproject.com/wiki/CookBookThreadlocalsAndUser try: from threading import local, currentThread diff --git a/templates/account/communityauth_cooloff.html b/templates/account/communityauth_cooloff.html index f9f34cac..d37ae628 100644 --- a/templates/account/communityauth_cooloff.html +++ b/templates/account/communityauth_cooloff.html @@ -8,4 +8,3 @@ try again later, or contact the postgresql.org webmasters if you have an urgent need to log in.

{%endblock%} - diff --git a/templates/account/communityauth_noinfo.html b/templates/account/communityauth_noinfo.html index d9e218fe..e6dd572e 100644 --- a/templates/account/communityauth_noinfo.html +++ b/templates/account/communityauth_noinfo.html @@ -22,4 +22,3 @@ Please go to your account profile and complete these fields, and then try again.

{%endblock%} - diff --git a/templates/account/index.html b/templates/account/index.html index c8d9d222..c5fe8060 100644 --- a/templates/account/index.html +++ b/templates/account/index.html @@ -89,4 +89,3 @@ approval before they are published: {%endif%} {%endblock%} - diff --git a/templates/account/login.html b/templates/account/login.html index c16f00c0..80f92fad 100644 --- a/templates/account/login.html +++ b/templates/account/login.html @@ -58,4 +58,3 @@ document.getElementById('id_username').focus() {%endblock%} - diff --git a/templates/account/objectlist.html b/templates/account/objectlist.html index ae45cbf1..1839b063 100644 --- a/templates/account/objectlist.html +++ b/templates/account/objectlist.html @@ -21,4 +21,3 @@ extensive.

{%endblock%} - diff --git a/templates/account/orglist.html b/templates/account/orglist.html index fd652b1d..4cbd078d 100644 --- a/templates/account/orglist.html +++ b/templates/account/orglist.html @@ -25,4 +25,3 @@ We will then link your account to this organisation. {%endfor%} {%endblock%} - diff --git a/templates/base/form.html b/templates/base/form.html index 958fe2b1..937af6b4 100644 --- a/templates/base/form.html +++ b/templates/base/form.html @@ -90,4 +90,3 @@ $(document).ready(function() { {%endif%} {%endblock%} - diff --git a/templates/base/page.html b/templates/base/page.html index 7f9e27d0..3dac5e5b 100644 --- a/templates/base/page.html +++ b/templates/base/page.html @@ -26,4 +26,3 @@ {%block contents%}{%endblock%} {%endblock%} - diff --git a/templates/contributors/list.html b/templates/contributors/list.html index 36a2f44d..5e9b325c 100644 --- a/templates/contributors/list.html +++ b/templates/contributors/list.html @@ -46,4 +46,3 @@

All contributors are listed in alphabetical order. Please report omissions or corrections to the webmaster.

{%endblock%} - diff --git a/templates/downloads/categorylist.html b/templates/downloads/categorylist.html index 696bbb95..06ae780d 100644 --- a/templates/downloads/categorylist.html +++ b/templates/downloads/categorylist.html @@ -23,4 +23,3 @@ out this form.

{%endblock%} - diff --git a/templates/downloads/ftpbrowser.html b/templates/downloads/ftpbrowser.html index ad8f6866..20876e89 100644 --- a/templates/downloads/ftpbrowser.html +++ b/templates/downloads/ftpbrowser.html @@ -48,4 +48,3 @@ {%endif%} {%endblock%} - diff --git a/templates/downloads/inc_mirror.html b/templates/downloads/inc_mirror.html index a53257e7..8afb9e93 100644 --- a/templates/downloads/inc_mirror.html +++ b/templates/downloads/inc_mirror.html @@ -7,4 +7,3 @@ {%endif%} ftp - diff --git a/templates/downloads/mirrorselect.html b/templates/downloads/mirrorselect.html index 50d9def6..68307ecb 100644 --- a/templates/downloads/mirrorselect.html +++ b/templates/downloads/mirrorselect.html @@ -33,4 +33,3 @@ div.mirrorselect { {%endblock%} - diff --git a/templates/downloads/productlist.html b/templates/downloads/productlist.html index 31227a82..662d4714 100644 --- a/templates/downloads/productlist.html +++ b/templates/downloads/productlist.html @@ -43,4 +43,3 @@ recommend any products listed, and cannot vouch for the quality or reliability of any of them.

{%endblock%} - diff --git a/templates/events/rss_description.html b/templates/events/rss_description.html index e358b822..bfeb12fe 100644 --- a/templates/events/rss_description.html +++ b/templates/events/rss_description.html @@ -1,3 +1,2 @@ {%load markup%} {{obj.summary|markdown}} - diff --git a/templates/featurematrix/featuredetail.html b/templates/featurematrix/featuredetail.html index fd4ec08a..e3716ed7 100644 --- a/templates/featurematrix/featuredetail.html +++ b/templates/featurematrix/featuredetail.html @@ -7,4 +7,3 @@ {{feature.featuredescription}}

{%endblock%} - diff --git a/templates/featurematrix/featurematrix.html b/templates/featurematrix/featurematrix.html index 059e35b8..15182867 100644 --- a/templates/featurematrix/featurematrix.html +++ b/templates/featurematrix/featurematrix.html @@ -118,4 +118,3 @@ the text. {%endblock%} - diff --git a/templates/lists/subscribed.html b/templates/lists/subscribed.html index 37f38b27..b2dd8b8b 100644 --- a/templates/lists/subscribed.html +++ b/templates/lists/subscribed.html @@ -8,4 +8,3 @@ will receive a confirmation email shortly.

{%endblock%} - diff --git a/templates/misc/bug_completed.html b/templates/misc/bug_completed.html index 9878ecaf..2f9f86bd 100644 --- a/templates/misc/bug_completed.html +++ b/templates/misc/bug_completed.html @@ -9,4 +9,3 @@ mailinglist and will show up there as soon as it has cleared the moderator queue.

{%endblock%} - diff --git a/templates/news/item.html b/templates/news/item.html index 6b9f970e..6f7b7701 100644 --- a/templates/news/item.html +++ b/templates/news/item.html @@ -10,4 +10,3 @@ website. We apologise for any formatting issues caused by the migration.

{%endif%} {%endblock%} - diff --git a/templates/news/newsarchive.html b/templates/news/newsarchive.html index 93f7d034..76598427 100644 --- a/templates/news/newsarchive.html +++ b/templates/news/newsarchive.html @@ -10,4 +10,3 @@ {%endfor%}

Submit news

{%endblock%} - diff --git a/templates/news/rss_description.html b/templates/news/rss_description.html index c7e60bc7..31d7d836 100644 --- a/templates/news/rss_description.html +++ b/templates/news/rss_description.html @@ -1,3 +1,2 @@ {%load markup%} {{obj.content|markdown}} - diff --git a/templates/pages/about.html b/templates/pages/about.html index 54ae4026..cf9f8839 100644 --- a/templates/pages/about.html +++ b/templates/pages/about.html @@ -25,7 +25,7 @@ of data it can manage and in the number of concurrent users it can accommodate. There are active PostgreSQL systems in production environments that manage in excess of 4 terabytes of data. Some general PostgreSQL limits are included in the table below.

LimitValue
Maximum Database SizeUnlimited
Maximum Table Size32 TB
Maximum Row Size1.6 TB
Maximum Field Size1 GB
Maximum Rows per TableUnlimited
Maximum Columns per Table250 - 1600 depending on column types
Maximum Indexes per TableUnlimited
-

PostgreSQL has won praise from its users and industry recognition, including the Linux New Media Award for Best Database System and five time winner of the The Linux Journal Editors' Choice Award for best DBMS. +

PostgreSQL has won praise from its users and industry recognition, including the Linux New Media Award for Best Database System and five time winner of the The Linux Journal Editors' Choice Award for best DBMS.

Featureful and Standards Compliant

PostgreSQL prides itself in standards compliance. Its SQL implementation @@ -94,7 +94,7 @@ compiled and interpreted to interface with PostgreSQL. There are interfaces for Java (JDBC), ODBC, Perl, Python, Ruby, C, C++, PHP, Lisp, Scheme, and Qt just to name a few.

Best of all, PostgreSQL's source code is available under a liberal -open source license: the PostgreSQL License. +open source license: the PostgreSQL License. This license gives you the freedom to use, modify and distribute PostgreSQL in any form you like, open or closed source. Any modifications, enhancements, or changes you make are yours to do diff --git a/templates/pages/about/advantages.html b/templates/pages/about/advantages.html index f43584ba..10d666e8 100644 --- a/templates/pages/about/advantages.html +++ b/templates/pages/about/advantages.html @@ -41,7 +41,7 @@

GUI database design and administration tools

-

There are many high-quality GUI Tools available for PostgreSQL from both open source developers and commercial providers. A list is available on our wiki as a community guide to PostgreSQL GUI Tools. +

There are many high-quality GUI Tools available for PostgreSQL from both open source developers and commercial providers. A list is available on our wiki as a community guide to PostgreSQL GUI Tools.

Technical Features

@@ -49,4 +49,3 @@

{%endblock%} - diff --git a/templates/pages/about/contact.html b/templates/pages/about/contact.html index 2ef51f31..bff8a4d6 100644 --- a/templates/pages/about/contact.html +++ b/templates/pages/about/contact.html @@ -13,7 +13,7 @@ Please see the page about donations or contact the funds group directly at funds-group@postgresql.org.

-

User Group Liaison

+

User Group Liaison

A member of a PostgreSQL User group, looking to start a user group or need resources for a user group.

@@ -23,7 +23,7 @@ funds group directly at funds-group@

For press enquiries, please refer to the Press section. This section includes information on regional contacts as well.

- +

Technical Support

If you are looking for help with PostgreSQL, or this website.

Community support

diff --git a/templates/pages/about/donate_pg_org.html b/templates/pages/about/donate_pg_org.html index 211c9cca..6fc4147e 100644 --- a/templates/pages/about/donate_pg_org.html +++ b/templates/pages/about/donate_pg_org.html @@ -7,11 +7,11 @@

PostgreSQL donations are managed by the Fund raising Group. The money donated goes to many vital services that the PostgreSQL community needs including advocacy materials, conference expenses, legal expenses, and travel costs.

Donate by Credit Card (preferred)

-

Donation via credit card is handled through USA ePay using the form below. +

Donation via credit card is handled through USA ePay using the form below.

-
+
- + diff --git a/templates/pages/community/propaganda.html b/templates/pages/community/propaganda.html index 71c7b6a1..7c769b47 100644 --- a/templates/pages/community/propaganda.html +++ b/templates/pages/community/propaganda.html @@ -4,7 +4,7 @@

Propaganda

-

Template Monster, a graphics and website design company, has provided us with a number of updated PostgreSQL related graphics that you can use on your website. Right click on these images and select "Save As" to save the logo, then link them to the PostgreSQL home page at www.postgresql.org. You can also find more logos for different styles and colors, and the source files for these graphics, on our logo project page at http://pgfoundry.org/projects/graphics/ in case you want to play around with them and maybe submit your own. +

Template Monster, a graphics and website design company, has provided us with a number of updated PostgreSQL related graphics that you can use on your website. Right click on these images and select "Save As" to save the logo, then link them to the PostgreSQL home page at www.postgresql.org. You can also find more logos for different styles and colors, and the source files for these graphics, on our logo project page at http://pgfoundry.org/projects/graphics/ in case you want to play around with them and maybe submit your own.

@@ -42,7 +42,7 @@ and deposited into the PostgreSQL account at Software in the Public Interest.
- + @@ -57,9 +57,9 @@

Tax deductibility

Please be aware that PostgreSQL contributions may or may not be tax exempt. For more information please see the SPI website and your local tax advisor. If you would like to donate non-monetary items such as computers or other equipment, please contact Josh Berkus.

- +

Infrastructure Donations

There are many companies that donate servers.

- + {%endblock%} diff --git a/templates/pages/about/history.html b/templates/pages/about/history.html index 68342bd6..50a16361 100644 --- a/templates/pages/about/history.html +++ b/templates/pages/about/history.html @@ -2,11 +2,11 @@ {%block title%}History{%endblock%} {%block contents%}

History

-

Given its powerful and advanced features, you may wonder how such a -valuable piece of software came to be both free and open source.  As with -many other key open source projects, the answer starts at the University of +

Given its powerful and advanced features, you may wonder how such a +valuable piece of software came to be both free and open source.  As with +many other key open source projects, the answer starts at the University of California at Berkeley (UCB).

-

PostgreSQL, originally called Postgres, was created at +

PostgreSQL, originally called Postgres, was created at UCB by a computer science professor named Michael Stonebraker, who went on to become the CTO of Informix Corporation. Stonebraker started Postgres in 1986 as a followup project to its predecessor, Ingres, now @@ -41,8 +41,8 @@ source world, with many new features and enhancements, the database system took its current name: PostgreSQL. ("Postgres" is still used as an easy-to-pronounce nick-name.)

PostgreSQL began at version 6.0, giving credit to its many years of prior -development. With the help of hundreds of developers from around the world, -the system was changed and improved in almost every area. Over the next four years +development. With the help of hundreds of developers from around the world, +the system was changed and improved in almost every area. Over the next four years (versions 6.0 - 7.0), major improvements and new features were made such as:

  • Multiversion Concurrency Control (MVCC). @@ -73,7 +73,7 @@ contributions to PostgreSQL's development. And, true to its roots, it continues to improve in both sophistication and performance, now more than ever. Version 8.0 is PostgreSQL's long awaited debut into the enterprise database market, bringing features such as tablespaces, Java stored procedures, -point in time recovery, and nested transactions (savepoints). +point in time recovery, and nested transactions (savepoints). With it came a long awaited feature --- a native Windows port.

    Many organizations, government agencies and companies use PostgreSQL. diff --git a/templates/pages/about/licence.html b/templates/pages/about/licence.html index 219a94be..f741d139 100644 --- a/templates/pages/about/licence.html +++ b/templates/pages/about/licence.html @@ -31,11 +31,11 @@ PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

    Why not the GNU General Public License?

    -

    People often ask why PostgreSQL is not released under the GNU General -Public License. The simple answer is because we like our license and do not -want to change it. If you are keen to read more about this topic, then please +

    People often ask why PostgreSQL is not released under the GNU General +Public License. The simple answer is because we like our license and do not +want to change it. If you are keen to read more about this topic, then please take a look in the Archives at -any of the many threads on this subject, but please don't start yet another +any of the many threads on this subject, but please don't start yet another debate on the subject!

    {%endblock%} diff --git a/templates/pages/about/users.html b/templates/pages/about/users.html index 652799a7..b20ccc90 100644 --- a/templates/pages/about/users.html +++ b/templates/pages/about/users.html @@ -93,7 +93,7 @@
    • Bricolage
    • Debian
      • -
    • FreshPorts
      • +
    • FreshPorts
    • FLPR (FreeBsd,LightHttpd,PostgreSQL,Ruby)
    • GForge
    • LAMP (Linux/Apache/Middleware(Perl,PHP,Python,Ruby)/PostgreSQL)
      • diff --git a/templates/pages/community/international.html b/templates/pages/community/international.html index 8930c063..b6d956a3 100644 --- a/templates/pages/community/international.html +++ b/templates/pages/community/international.html @@ -85,7 +85,7 @@
A Russian community site
Türkce Türkiye PostgreSQL Kullanıcıları Grubu
diff --git a/templates/pages/developer.html b/templates/pages/developer.html index cc1f2b56..2feab98b 100644 --- a/templates/pages/developer.html +++ b/templates/pages/developer.html @@ -7,9 +7,9 @@

A PostgreSQL database developer is someone who is actually working on the project, not someone using it to develop an application or a website. We don't hire programmers, we reach across the Internet, drawing the best database -developers in the world to PostgreSQL. Read about the people behind PostgreSQL and -check out the group picture from the 2006 -PostgreSQL Anniversary Summit. +developers in the world to PostgreSQL. Read about the people behind PostgreSQL and +check out the group picture from the 2006 +PostgreSQL Anniversary Summit.

What will you find here?

@@ -24,6 +24,6 @@ necessarily available in the release version of PostgreSQL - it may not yet even

Google Summer of Code Program

-

The PostgreSQL Project is a proud participant in Google's Summer of Code program. If you are interested in working on a PostgreSQL related project, please check out our Summer of Code page.

+

The PostgreSQL Project is a proud participant in Google's Summer of Code program. If you are interested in working on a PostgreSQL related project, please check out our Summer of Code page.

{%endblock%} diff --git a/templates/pages/developer/backend.html b/templates/pages/developer/backend.html index 7226b619..72fed19e 100644 --- a/templates/pages/developer/backend.html +++ b/templates/pages/developer/backend.html @@ -113,4 +113,3 @@ functionality. They can be accessed by clicking on the flowchart.

{%endblock%} - diff --git a/templates/pages/developer/core.html b/templates/pages/developer/core.html index c3662e83..10d63fa9 100644 --- a/templates/pages/developer/core.html +++ b/templates/pages/developer/core.html @@ -19,7 +19,7 @@ with various specializations. Their roles include:

an open forum, like technical direction and advocacy. Core team members are appointed by existing core team members.

-

The core team members are listed on the +

The core team members are listed on the Contributor Profiles page.

You can contact the core team by emailing pgsql-core [at] postgresql [dot] org.

diff --git a/templates/pages/developer/roadmap.html b/templates/pages/developer/roadmap.html index 362bea9f..c95e0d04 100644 --- a/templates/pages/developer/roadmap.html +++ b/templates/pages/developer/roadmap.html @@ -5,7 +5,7 @@

Roadmap

PostgreSQL is a non-commercial, all volunteer, free software project, and as -such there is no formal list of feature requirements required for development. +such there is no formal list of feature requirements required for development. We really do follow the mantra of letting developers scratch their own itches.

@@ -36,7 +36,7 @@ releases is: tentative schedule for this version has a release in the third quarter of 2018.

-

While there are no formal requirements for each PostgreSQL release, there +

While there are no formal requirements for each PostgreSQL release, there are several places you can look to find out more information on upcoming features:

diff --git a/templates/pages/developer/summerofcode2011.html b/templates/pages/developer/summerofcode2011.html index 214cac4f..4e47e3ab 100644 --- a/templates/pages/developer/summerofcode2011.html +++ b/templates/pages/developer/summerofcode2011.html @@ -70,7 +70,7 @@ begin work?
  • Bio - Who are you? What makes you the best person to work on this project?
    • -
  • Contact - How can we contact if we have questions about your project? +
  • Contact - How can we contact if we have questions about your project? Can you supply us with an email/IM/phone method for being contacted, in case of emergency?
    • diff --git a/templates/pages/developer/summerofcode2012.html b/templates/pages/developer/summerofcode2012.html index 72d4b314..eb22221c 100644 --- a/templates/pages/developer/summerofcode2012.html +++ b/templates/pages/developer/summerofcode2012.html @@ -71,7 +71,7 @@ begin work?
  • Bio - Who are you? What makes you the best person to work on this project?
    • -
  • Contact - How can we contact if we have questions about your project? +
  • Contact - How can we contact if we have questions about your project? Can you supply us with an email/IM/phone method for being contacted, in case of emergency?
    • diff --git a/templates/pages/developer/summerofcode2013.html b/templates/pages/developer/summerofcode2013.html index 043d8a46..780e73a6 100644 --- a/templates/pages/developer/summerofcode2013.html +++ b/templates/pages/developer/summerofcode2013.html @@ -69,7 +69,7 @@ begin work?
  • Bio - Who are you? What makes you the best person to work on this project?
    • -
  • Contact - How can we contact if we have questions about your project? +
  • Contact - How can we contact if we have questions about your project? Can you supply us with an email/IM/phone method for being contacted, in case of emergency?
    • @@ -87,7 +87,7 @@ Can you supply us with an email/IM/phone method for being contacted, in case of
  • Document Collection Foreign-data Wrapper
    • -

    More information on these projects can be found on Google's PostgreSQL SoC pages: +

    More information on these projects can be found on Google's PostgreSQL SoC pages: ( 2012 | 2011 diff --git a/templates/pages/developer/summerofcode2014.html b/templates/pages/developer/summerofcode2014.html index 8168e623..d44ca520 100644 --- a/templates/pages/developer/summerofcode2014.html +++ b/templates/pages/developer/summerofcode2014.html @@ -69,7 +69,7 @@ begin work?

  • Bio - Who are you? What makes you the best person to work on this project?
    • -
  • Contact - How can we contact if we have questions about your project? +
  • Contact - How can we contact if we have questions about your project? Can you supply us with an email/IM/phone method for being contacted, in case of emergency?
    • @@ -87,7 +87,7 @@ Can you supply us with an email/IM/phone method for being contacted, in case of
  • Document Collection Foreign-data Wrapper
    • -

    More information on these projects can be found on Google's PostgreSQL SoC pages: +

    More information on these projects can be found on Google's PostgreSQL SoC pages: ( 2013 | 2012 diff --git a/templates/pages/developer/summerofcodeadvice.html b/templates/pages/developer/summerofcodeadvice.html index a64a74a7..b176410f 100644 --- a/templates/pages/developer/summerofcodeadvice.html +++ b/templates/pages/developer/summerofcodeadvice.html @@ -39,4 +39,3 @@ competitors.

    {%endblock%} - diff --git a/templates/pages/download.html b/templates/pages/download.html index 808f41f2..edcfaf7d 100644 --- a/templates/pages/download.html +++ b/templates/pages/download.html @@ -85,8 +85,8 @@ function of LibreOffice Calc. BigSQL provides a developer friendly bundle of tools for the data guru focused on analytics. This bundle combines Postgres and Hadoop through the -HadoopFDW to allow for -simplified analysis of data using included and integrated analytics +HadoopFDW to allow for +simplified analysis of data using included and integrated analytics tools such as HBase, Hive, Pig, DataFu, Flume, Sqoop and others.

    @@ -109,7 +109,7 @@ stacks are available from

    Software Catalogue

    -

    There is much software available that is not bundled with PostgreSQL. The Software +

    There is much software available that is not bundled with PostgreSQL. The Software Catalogue offers a listing of many commercial and Open Source applications, interfaces and extensions to PostgreSQL that you may find useful.

    diff --git a/templates/pages/download/freebsd.html b/templates/pages/download/freebsd.html index 2a1435ec..66e9755c 100644 --- a/templates/pages/download/freebsd.html +++ b/templates/pages/download/freebsd.html @@ -6,11 +6,11 @@

    FreeBSD Ports

    -

    PostgreSQL packages are available for FreeBSD from the FreeBSD +

    PostgreSQL packages are available for FreeBSD from the FreeBSD Ports and Packages Collection. Please see the ports documentation for information on how to install ports.

    -

    A list of PostgreSQL +

    A list of PostgreSQL packages can be found using the Ports Search tool on the FreeBSD website.

    {%endblock%} diff --git a/templates/pages/download/snapshots.html b/templates/pages/download/snapshots.html index ee90ccd4..d6e50348 100644 --- a/templates/pages/download/snapshots.html +++ b/templates/pages/download/snapshots.html @@ -18,7 +18,7 @@ as they have had little or no testing or quality control.

    -The latest development version of the documentation is also +The latest development version of the documentation is also available online.

    @@ -42,9 +42,9 @@ all bugfixes that are scheduled for the next release.

    Installers

    -Installers for Windows and Mac are available -here (offsite link). These installers also include pgAdmin and are +here (offsite link). These installers also include pgAdmin and are published by EnterpriseDB.

    diff --git a/templates/pages/download/windows.html b/templates/pages/download/windows.html index ac616f86..47f39c58 100644 --- a/templates/pages/download/windows.html +++ b/templates/pages/download/windows.html @@ -86,22 +86,22 @@ graphical installer from BigSQL for all supported versions.

    -This distribution includes the PostgreSQL server, a graphical component -manager, command line and graphical tools for managing databases, plus +This distribution includes the PostgreSQL server, a graphical component +manager, command line and graphical tools for managing databases, plus many open source community components.

    -Integrated components include web and desktop developer tools, geospatial, +Integrated components include web and desktop developer tools, geospatial, provisioning & management, compatibility & migration, backup/restore, integration with external databases (Cassandra, Oracle, SQL Server, Hadoop), and procedural languages (Python, Perl, Java, and TCL).

    -This distribution is a fast, developer-friendly way to get a complete PostgreSQL -environment installed and running. It uses an open source toolchain to build -PostgreSQL and extensions, which simplifies cross-platform development of -extensions. +This distribution is a fast, developer-friendly way to get a complete PostgreSQL +environment installed and running. It uses an open source toolchain to build +PostgreSQL and extensions, which simplifies cross-platform development of +extensions.

    diff --git a/templates/pages/support.html b/templates/pages/support.html index 441aaf1e..1459583b 100644 --- a/templates/pages/support.html +++ b/templates/pages/support.html @@ -19,6 +19,6 @@ also available.

    Found a bug in PostgreSQL? Please read over our bug reporting guidelines and then report it using our bug reporting form.

    -

    You can see previous bug reports, and track your own on the pgsql-bugs@postgresql.org mailing -list.

    +

    You can see previous bug reports, and track your own on the pgsql-bugs@postgresql.org mailing +list.

    {%endblock%} diff --git a/templates/pages/support/security.html b/templates/pages/support/security.html index 17d79f2a..f49fbd39 100644 --- a/templates/pages/support/security.html +++ b/templates/pages/support/security.html @@ -6,7 +6,7 @@

    If you wish to report a new security vulnerability in PostgreSQL, please -send an email to +send an email to security@postgresql.org. For reporting non-security bugs, please see the Report a Bug page.

    @@ -17,12 +17,12 @@ The PostgreSQL Global Development Group (PGDG) takes security seriously, allowing our users to place their trust in the web sites and applications built around PostgreSQL. Our approach covers fail-safe configuration options, a secure and robust database server as well as good integration with other -security infrastructure software. +security infrastructure software.

    PostgreSQL security updates are primarily made available as minor version -upgrades. You are always advised to use the latest minor version available, +upgrades. You are always advised to use the latest minor version available, as it will likely also contain other non-security related fixes. All known security issues are always fixed in the next major release, when it comes out.

    @@ -31,13 +31,13 @@ security issues are always fixed in the next major release, when it comes out. PGDG believes that accuracy, completeness and availability of security information is essential for our users. We choose to pool all information on this one page, allowing easy searching for vulnerabilities by a range of -criteria. +criteria.

    The following table lists all known security issues. Please note that versions prior to 9.3 are no longer -supported. An archive of vulnerabilities found only in unsupported +supported. An archive of vulnerabilities found only in unsupported versions is on our Security Archive page, but vulnerability information on those versions is no longer updated, @@ -152,7 +152,7 @@ to determine if the bug affects specific installations or not.

    - + @@ -197,7 +197,7 @@ to determine if the bug affects specific installations or not. - + @@ -206,7 +206,7 @@ to determine if the bug affects specific installations or not. - + @@ -215,7 +215,7 @@ to determine if the bug affects specific installations or not. - + @@ -224,7 +224,7 @@ to determine if the bug affects specific installations or not. - + @@ -233,7 +233,7 @@ to determine if the bug affects specific installations or not. - + @@ -242,7 +242,7 @@ to determine if the bug affects specific installations or not. - + @@ -251,7 +251,7 @@ to determine if the bug affects specific installations or not. - + @@ -260,7 +260,7 @@ to determine if the bug affects specific installations or not. - + @@ -269,7 +269,7 @@ to determine if the bug affects specific installations or not. - + @@ -278,7 +278,7 @@ to determine if the bug affects specific installations or not. - + @@ -286,8 +286,8 @@ to determine if the bug affects specific installations or not. - - + + @@ -397,7 +397,7 @@ The following vulnerability class references are used in the above table: - +
    A Interactive installer downloads software over plain HTTP, then executes it
    CVE-2016-5423 9.5, 9.4, 9.3, 9.2, 9.1C Unchecked regex can crash the server
    CVE-2015-5289 9.4, 9.3B Unchecked JSON input can crash the server
    CVE-2015-5288 9.4, 9.3, 9.2, 9.1, 9.0C Memory leak in crypt() function.
    CVE-2015-3165 9.4, 9.3, 9.2, 9.1, 9.0B Double "free" after authentication timeout
    CVE-2015-3166 9.4, 9.3, 9.2, 9.1, 9.0D Unanticipated errors from the standard library.
    CVE-2015-3167 9.4, 9.3, 9.2, 9.1, 9.0C pgcrypto has multiple error messages for decryption with an incorrect key.
    CVE-2015-0241 9.4, 9.3, 9.2, 9.1, 9.0C Buffer overruns in "to_char" functions.
    CVE-2015-0242 9.4, 9.3, 9.2, 9.1, 9.0C Buffer overrun in replacement printf family of functions.
    CVE-2015-0243 9.4, 9.3, 9.2, 9.1, 9.0C Memory errors in functions in the pgcrypto extension.
    CVE-2015-0244 9.4, 9.3, 9.2, 9.1, 9.0C An error in extended protocol message reading.
    CVE-2014-8161 9.4, 9.3, 9.2, 9.1, 9.0core server C Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.
    CVE-2014-0067 9.4, 9.3, 9.2, 9.1, 9.0D A vulnerability that is exploitable for denial-of-service, but requiring a valid prior login.
    diff --git a/templates/pages/support/security/faq/2013-04-04.html b/templates/pages/support/security/faq/2013-04-04.html index cced1e99..37d995e9 100644 --- a/templates/pages/support/security/faq/2013-04-04.html +++ b/templates/pages/support/security/faq/2013-04-04.html @@ -13,8 +13,8 @@
  • v8.4.17
    • -

    While this FAQ covers the 2013-04-04 PostgreSQL Security Update in general, -most of its contents focus on the primary security vulnerability patched in the +

    While this FAQ covers the 2013-04-04 PostgreSQL Security Update in general, +most of its contents focus on the primary security vulnerability patched in the release, CVE-2013-1899.

    @@ -22,136 +22,136 @@ CVE-2013-1899.

    There were no known exploits at the time of release.

    Who is particularly vulnerable because of this issue?

    -

    Any system that allows unrestricted access to the PostgreSQL network port, -such as users running PostgreSQL on a public cloud, is especially vulnerable. -Users whose servers are only accessible on protected internal networks, or who -have effective firewalling or other network access restrictions, are less +

    Any system that allows unrestricted access to the PostgreSQL network port, +such as users running PostgreSQL on a public cloud, is especially vulnerable. +Users whose servers are only accessible on protected internal networks, or who +have effective firewalling or other network access restrictions, are less vulnerable.

    -

    This is a good general rule for database security: do not allow port access -to the database server from untrusted networks unless it is absolutely -necessary. This is as true, or more true, of other database systems as it is of +

    This is a good general rule for database security: do not allow port access +to the database server from untrusted networks unless it is absolutely +necessary. This is as true, or more true, of other database systems as it is of PostgreSQL.

    What is the nature of the vulnerability?

    -

    The vulnerability allows users to use a command-line switch for a PostgreSQL +

    The vulnerability allows users to use a command-line switch for a PostgreSQL connection intended for single-user recovery mode while PostgreSQL is running in normal, multiuser mode. This can be used to harm the server.

    What potential exploits are enabled by this vulnerability?

      -
    1. Persistent Denial of Service: an unauthenticated attacker may use this - vulnerability to cause PostgreSQL error messages to be appended to targeted - files in the PostgreSQL data directory on the server. Files corrupted in - this way may cause the database server to crash, and to refuse to restart. - The database server can be fixed either by editing the files and removing +
    2. Persistent Denial of Service: an unauthenticated attacker may use this + vulnerability to cause PostgreSQL error messages to be appended to targeted + files in the PostgreSQL data directory on the server. Files corrupted in + this way may cause the database server to crash, and to refuse to restart. + The database server can be fixed either by editing the files and removing the garbage text, or restoring from backup.
      3. -
    3. Configuration Setting Privilege Escalation: in the event that an attacker - has a legitimate login on the database server, and the server is configured - such that this user name and the database name are identical (e.g. user - web, database web), then this vulnerability may be used to - temporarily set one configuration variable with the privileges of the +
    4. Configuration Setting Privilege Escalation: in the event that an attacker + has a legitimate login on the database server, and the server is configured + such that this user name and the database name are identical (e.g. user + web, database web), then this vulnerability may be used to + temporarily set one configuration variable with the privileges of the superuser.
      5. -
    5. Arbitrary Code Execution: if the attacker meets all of the qualifications - under 2 above, and has the ability to save files to the filesystem as well - (even to the tmp directory), then they can use the vulnerability to - load and execute arbitrary C code. SELinux will prevent this specific +
    6. Arbitrary Code Execution: if the attacker meets all of the qualifications + under 2 above, and has the ability to save files to the filesystem as well + (even to the tmp directory), then they can use the vulnerability to + load and execute arbitrary C code. SELinux will prevent this specific type of exploit.

    Which major versions of PostgreSQL are affected?

    Versions 9.0, 9.1 and 9.2.

    -

    Users of version 8.4 are not affected. Users of version 8.3 and earlier are -not affected by this issue, but are vulnerable to other unpatched security +

    Users of version 8.4 are not affected. Users of version 8.3 and earlier are +not affected by this issue, but are vulnerable to other unpatched security vulnerabilities, since those versions are EOL.

    How can users protect themselves?

      -
    • Download the update release and update all of your servers as soon as +
    • Download the update release and update all of your servers as soon as possible.
    • Ensure that PostgreSQL is not open to connections from untrusted networks.
      • -
    • Audit your database users to be certain that all logins require proper - credentials, and that the only logins which exist are legitimate and in +
    • Audit your database users to be certain that all logins require proper + credentials, and that the only logins which exist are legitimate and in current use.
    -

    Use of advanced security frameworks, such as SELinux with PostgreSQL's +

    Use of advanced security frameworks, such as SELinux with PostgreSQL's SEPostgres extension, also lessen or eliminate the exposure and potential damage from PostgreSQL security vulnerabilities.

    Who was given access to the information about the vulnerability?

    Specifics about the vulnerability were first disclosed to our security team.

    -

    The PostgreSQL Global Development Group (PGDG) has had, for several years, a -policy granting engineers who build PostgreSQL binary packages to be distributed -to the public (such as RPMs and Windows installers) early access to be able to -release information and code so that packages can be ready on the official -release date. This applied to both minor and major releases. Given the -increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution -mechanism, we are revising this policy to accomodate the case of the cloud +

    The PostgreSQL Global Development Group (PGDG) has had, for several years, a +policy granting engineers who build PostgreSQL binary packages to be distributed +to the public (such as RPMs and Windows installers) early access to be able to +release information and code so that packages can be ready on the official +release date. This applied to both minor and major releases. Given the +increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution +mechanism, we are revising this policy to accomodate the case of the cloud providers. The new policy is still being edited and should be available soon.

    When was the vulnerability discovered?

    -

    This vulnerability was first reported to the PostgreSQL Global Development +

    This vulnerability was first reported to the PostgreSQL Global Development Group (PGDG) security team on March 12, 2013.

    -

    We filed for the CVE, with the assistance of the Red Hat security team, on +

    We filed for the CVE, with the assistance of the Red Hat security team, on March 27.

    Who discovered the vulnerability?

    -

    Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center +

    Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center while conducting a security audit. NTT is a longtime contributor to PostgreSQL.

    How was the vulnerability reported?

    Kondo-san and Horiguchi-san sent email to security@postgresql.org.

    -

    As reported by TechCrunch and Hacker News, some entities including cloud +

    As reported by TechCrunch and Hacker News, some entities including cloud platform provider Heroku were given early access. Why did this occur?

    -

    Heroku was given access to updated source code which patched the -vulnerability at the same time as other packagers. Because Heroku was especially -vulnerable, the PostgreSQL Core Team worked with them -- to secure their -infrastructure and to use their deployment as a test-bed for the security -patches. This helped to verify that the security update did not break any -application functionality. Heroku has a history both of working closely with -community developers, and of testing experimental features in their PostgreSQL +

    Heroku was given access to updated source code which patched the +vulnerability at the same time as other packagers. Because Heroku was especially +vulnerable, the PostgreSQL Core Team worked with them -- to secure their +infrastructure and to use their deployment as a test-bed for the security +patches. This helped to verify that the security update did not break any +application functionality. Heroku has a history both of working closely with +community developers, and of testing experimental features in their PostgreSQL service.

    Who was given access to the code before the official release?

    -

    We have two teams that communicate on private lists hosted on the PGDG +

    We have two teams that communicate on private lists hosted on the PGDG infrastructure. Both teams had access to the source code prior to the release of - any packages for analyzing the security patch and then creating packages for + any packages for analyzing the security patch and then creating packages for distributing PostgreSQL binaries. These are our Security Team and our Packagers -List. In both cases, these groups had early access in order to participate in +List. In both cases, these groups had early access in order to participate in patching the security hole.

    -

    How can end-users with large deployments or security-sensitive applications +

    How can end-users with large deployments or security-sensitive applications obtain early access security information?

    -

    At this time, the PostgreSQL project does not provide users who are not -directly involved in patching security vulnerabilities or packaging PostgreSQL -for other users early access to security information, patches, or code. It is -possible that at some time in the future we may be in a position to offer such +

    At this time, the PostgreSQL project does not provide users who are not +directly involved in patching security vulnerabilities or packaging PostgreSQL +for other users early access to security information, patches, or code. It is +possible that at some time in the future we may be in a position to offer such access, but we are not able to now.

    Was taking the repository private while this security discussion was ongoing the proper thing to do?

    Given the severity of the vulnerability, the PostgreSQL Core team deliberated -and determined the security risk posed by having the source code for the fix -available before the packages were made available outweighed the public’s +and determined the security risk posed by having the source code for the fix +available before the packages were made available outweighed the public’s interest in having immediate access.

    -

    Normal procedure for sharing information about security releases is to send +

    Normal procedure for sharing information about security releases is to send an announcement our developer mailing list, pgsql-hackers@postgresql.org, a week -before a new release. Tom Lane did this. Then, due to the severity of the -security vulnerability, we also sent an announcement to -pgsql-announce@postgresql.org and to our RSS News feed on our website homepage. -We did this because we wanted to give DBAs sufficient time to plan for a +before a new release. Tom Lane did this. Then, due to the severity of the +security vulnerability, we also sent an announcement to +pgsql-announce@postgresql.org and to our RSS News feed on our website homepage. +We did this because we wanted to give DBAs sufficient time to plan for a maintenance window to upgrade.

    The timing of the announcements and the release was based on the availability of volunteer packagers and release managers to conduct the release.

    How is the PostgreSQL project organized?

    -

    PostgreSQL Global Development Group (PGDG) is a volunteer-run, global +

    PostgreSQL Global Development Group (PGDG) is a volunteer-run, global organization. We have a six-person core team, a number of Major Contributors and -several mailing lists that make up the centralized portion of our community. +several mailing lists that make up the centralized portion of our community. See here for details about contributors.

    @@ -159,18 +159,18 @@ about contributors.

    Membership in both groups is maintained by the Core Team.

    How often does PostgreSQL find new security vulnerabilities?

    -

    We find zero to seven minor security issues a year. This is the first -security issue of this magnitude since 2006: the "backslash escape encoding +

    We find zero to seven minor security issues a year. This is the first +security issue of this magnitude since 2006: the "backslash escape encoding issue", which affected MySQL and a few other database systems as well.

    How was the vulnerability introduced?

    It was created as a side effect of a refactoring effort to make establishing -new connections to a PostgreSQL server faster, and the associated code more +new connections to a PostgreSQL server faster, and the associated code more maintainable.

    Who discovers vulnerabilities in PostgreSQL?

    -

    We are fortunate to have a large pool of security engineers who test -PostgreSQL regularly and responsibly report security issues so that they can be +

    We are fortunate to have a large pool of security engineers who test +PostgreSQL regularly and responsibly report security issues so that they can be fixed. This includes:

    • QA staff at contributing companies like NTT Open Source, EnterpriseDB and @@ -182,11 +182,10 @@ fixed. This includes:

    What else is included in this release?

    -

    This release also updates four other, minor, security issues which are -detailed on the security -page and in the release announcement. It includes a number of bug fixes for -PostgreSQL as well, most notably fixes for two potential data corruption issues +

    This release also updates four other, minor, security issues which are +detailed on the security +page and in the release announcement. It includes a number of bug fixes for +PostgreSQL as well, most notably fixes for two potential data corruption issues with binary replication.

    {%endblock%} - diff --git a/templates/pages/support/security_archive.html b/templates/pages/support/security_archive.html index d243b1f7..79d2b2cc 100644 --- a/templates/pages/support/security_archive.html +++ b/templates/pages/support/security_archive.html @@ -5,11 +5,11 @@

    Security Information Archive

    -This page contains a list of vulnerabilities which appear only in versions of PostgreSQL which are +This page contains a list of vulnerabilities which appear only in versions of PostgreSQL which are End Of Life and no longer updated, according to our version support policy. -These versions may contain additional vulnerabilities which are listed on the main +These versions may contain additional vulnerabilities which are listed on the main security page, as well as vulnerabilities which were discovered -later and have not been patched in those releases. +later and have not been patched in those releases.

    Users still running on unsupported PostgreSQL versions are strongly urged to upgrade @@ -149,7 +149,7 @@ the main security page. C Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. - + CVE-2010-4015 9.0, 8.4, 8.3, 8.2 @@ -167,7 +167,7 @@ the main security page. C An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Details - + CVE-2010-1975 8.4, 8.3, 8.2, 8.1, 8.0, 7.4 @@ -185,7 +185,7 @@ bypassing settings that should be enforced. 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29 core server, limited deployments C - A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database + A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled. diff --git a/templates/profserv/list.html b/templates/profserv/list.html index 2b6fdd4f..06d177ac 100644 --- a/templates/profserv/list.html +++ b/templates/profserv/list.html @@ -78,4 +78,3 @@ {%endfor%} {%endblock%} - diff --git a/templates/profserv/root.html b/templates/profserv/root.html index 98522493..086b9a60 100644 --- a/templates/profserv/root.html +++ b/templates/profserv/root.html @@ -22,4 +22,3 @@ solutions including support contracts.

    {%endblock%} -