Accepted: postgresql-8.1 8.1.11-0ubuntu0.6.06 (source)

Martin Pitt martin.pitt at ubuntu.com
Mon Jan 7 16:12:24 GMT 2008


Accepted:
 OK: postgresql-8.1_8.1.11.orig.tar.gz
 OK: postgresql-8.1_8.1.11-0ubuntu0.6.06.diff.gz
 OK: postgresql-8.1_8.1.11-0ubuntu0.6.06.dsc
     -> Component: main Section: misc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 05 Jan 2008 19:26:49 +0100
Source: postgresql-8.1
Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg-compat2 libecpg5 libecpg-dev postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1
Architecture: source
Version: 8.1.11-0ubuntu0.6.06
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libecpg-compat2 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg5   - run-time library for ECPG programs
 libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1
 libpq-dev  - header files for libpq4 (PostgreSQL library)
 libpq4     - PostgreSQL C client library
 postgresql-8.1 - object-relational SQL database, version 8.1 server
 postgresql-client-8.1 - front-end programs for PostgreSQL 8.1
 postgresql-contrib-8.1 - additional facilities for PostgreSQL
 postgresql-doc-8.1 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1
 postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1
 postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1
 postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming
Changes: 
 postgresql-8.1 (8.1.11-0ubuntu0.6.06) dapper-proposed; urgency=low
 .
   * New upstream security/bugfix release:
     - Prevent functions in indexes from executing with the privileges of
       the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
       within a SECURITY DEFINER context. [CVE-2007-6600]
     - Suitably crafted regular-expression patterns could cause crashes,
       infinite or near-infinite looping, and/or massive memory
       consumption, all of which pose denial-of-service hazards for
       applications that accept regex search patterns from untrustworthy
       sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
     - Require non-superusers who use "/contrib/dblink" to use only
       password authentication, as a security measure.
       The fix that appeared for this in 8.2.5 was incomplete, as it
       plugged the hole for only some "dblink" functions. [CVE-2007-6601,
       CVE-2007-3278]
     - Fix planner failure in some cases of WHERE false AND var IN (SELECT
       ...).
     - Preserve the tablespace and storage parameters of indexes that are
       rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
     - Make archive recovery always start a new WAL timeline, rather than
       only when a recovery stop time was used. This avoids a corner-case risk
       of trying to overwrite an existing archived copy of the last WAL
       segment, and seems simpler and cleaner than the original definition.
     - Make "VACUUM" not use all of maintenance_work_mem when the table is
       too small for it to be useful.
     - Fix potential crash in translate() when using a multibyte database
       encoding.
     - Fix overflow in extract(epoch from interval) for intervals
       exceeding 68 years.
     - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
       a trusted function.
     - Fix PL/Python to not crash on long exception messages.
     - Fix pg_dump to correctly handle inheritance child tables that have
       default expressions different from their parent's.
     - Fix libpq crash when PGPASSFILE refers to a file that is not a
       plain file.
     - ecpg parser fixes.
     - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
       category in its own right, rather than crashing.
     - Fix tsvector and tsquery output routines to escape backslashes
       correctly.
     - Fix crash of to_tsvector() on huge input strings.
   * Use the timezone database from the system tzdata instead of shipping our
     own.
     - debian/patches/04-timezone-symlinks.patch: Drop previous
       hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
       the patch with a Makefile change that just symlinks /usr/share/zoneinfo
       to where postgresql previously installed its own tzdata copy.
     - debian/control: Add locales dependency (which contains tzdata in
       dapper).
     - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
       files in the dereferenced directory.
     - debian/postgresql-8.1.postinst: Replace the timezone directory with the
       symlink on upgrades, since dpkg does not do that automatically. Without
       this, we'd end up with an empty timezone directory.
Files: 
 a37fedb4a10822904eaf4ebce6cdffb5 1122 misc optional postgresql-8.1_8.1.11-0ubuntu0.6.06.dsc
 9eadd7e16f547a8ce1e0eec5de96632e 11444400 misc optional postgresql-8.1_8.1.11.orig.tar.gz
 3e951c55c5f16c76da9ec7af833f8c64 27183 misc optional postgresql-8.1_8.1.11-0ubuntu0.6.06.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf9XbDecnbV4Fd/IRAuSbAKDWGOKWKEU9tFbwKZw3QTTVvXqNbwCfTMSX
ruVu03TLGFwpdS8pwElx5FY=
=/NwQ
-----END PGP SIGNATURE-----





More information about the dapper-changes mailing list