[ubuntu/dapper-proposed] postgresql-8.1 8.1.20-0ubuntu0.6.06 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Thu Apr 8 18:39:35 BST 2010
postgresql-8.1 (8.1.20-0ubuntu0.6.06) dapper-proposed; urgency=low
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Date: Wed, 07 Apr 2010 19:25:03 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
https://launchpad.net/ubuntu/dapper/+source/postgresql-8.1/8.1.20-0ubuntu0.6.06
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 07 Apr 2010 19:25:03 +0200
Source: postgresql-8.1
Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg-compat2 libecpg5 libecpg-dev postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1
Architecture: source
Version: 8.1.20-0ubuntu0.6.06
Distribution: dapper-proposed
Urgency: low
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libecpg-compat2 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg5 - run-time library for ECPG programs
libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1
libpq-dev - header files for libpq4 (PostgreSQL library)
libpq4 - PostgreSQL C client library
postgresql-8.1 - object-relational SQL database, version 8.1 server
postgresql-client-8.1 - front-end programs for PostgreSQL 8.1
postgresql-contrib-8.1 - additional facilities for PostgreSQL
postgresql-doc-8.1 - documentation for the PostgreSQL database management system
postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1
postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1
postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1
postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming
Changes:
postgresql-8.1 (8.1.20-0ubuntu0.6.06) dapper-proposed; urgency=low
.
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Files:
ca2bdb660bc5dbe6e219bfaea5c5e5b1 1131 misc optional postgresql-8.1_8.1.20-0ubuntu0.6.06.dsc
94a97733e140584fff301c32026b4880 11542102 misc optional postgresql-8.1_8.1.20.orig.tar.gz
70eab12eae93f7ee3f5191d545a0a018 33613 misc optional postgresql-8.1_8.1.20-0ubuntu0.6.06.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku8ysUACgkQDecnbV4Fd/IjGwCgvHcuf9gdbfVrPUKBsOPWw33I
VBEAoNuhMzlHbakdzmmbvJYRi7OCnRmw
=FjWI
-----END PGP SIGNATURE-----
More information about the dapper-changes
mailing list