Release Date: 2021-11-18
Reject extraneous data after SSL encryption handshake. (Tatsuo Ishii)
In the server side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary SQL commands. This is possible if Pgpool-II is configured to use cert authentication or hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.
Similarly, in the client side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary responses. This is possible if PostgreSQL is using trust authentication with a clientcert requirement. It is not possible with cert authentication because Pgpool-II does not implement the cert authentication between Pgpool-II and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.
Deal with PostgreSQL 14 while processing pg_terminate_backend(). (Tatsuo Ishii)
Enhance SIGCHLD handler of Pgpool-II main process. (Tatsuo Ishii)
When Pgpool-II child is killed by SIGKILL signal, the SIGCHLD handler just emitted LOG level message as other signals. But SIGKILL is an important event, for example killed by OOM killer. So emit a WARNING level message instead. Per suggestion from Michail Alexakis. Discussion: [pgpool-general: 7750]
Fix occasional hang in COPY FROM. (Tatsuo Ishii)
If an error occurs while doing COPY FROM, it was possible the Pgpool-II waited forever for a response from backend after COPY end marker was sent from frontend. The bug was found by Bo Peng.
Fix the incorrect display of load balancing node in raw mode. (Bo Peng)
In raw mode, Pgpool-II sends all queies to main node. This is harmless, but it may confuse users.
Fix backend_flag* parameter shown twice while executing PGPOOL SHOW ALL. (Tatsuo Ishii)
Fix documentation typos. (Bo Peng)
Patch is created by Kazufumi Noto.
Doc: Mention that double quotes are required in PGPOOL SHOW command, if the parameter contains uppercase letters. (Bo Peng)
Fix pgpool_setup to do nothing when no new main node is available. (Tatsuo Ishii)
Fix occasional 073.pg_terminate_backend regression test failure. (Tatsuo Ishii)
Fix psql command path to avoid test failure. (Bo Peng)