[ubuntu/dapper-security] postgresql-8.1 (delayed), postgresql-8.1 8.1.20-0ubuntu0.6.06.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Apr 28 23:06:04 BST 2010
postgresql-8.1 (8.1.20-0ubuntu0.6.06.1) dapper-security; urgency=low
* no change rebuild for -security
postgresql-8.1 (8.1.20-0ubuntu0.6.06) dapper-proposed; urgency=low
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Date: Tue, 27 Apr 2010 10:07:51 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
https://launchpad.net/ubuntu/dapper/+source/postgresql-8.1/8.1.20-0ubuntu0.6.06.1
-------------- next part --------------
Format: 1.7
Date: Tue, 27 Apr 2010 10:07:51 -0500
Source: postgresql-8.1
Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg-compat2 libecpg5 libecpg-dev postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1
Architecture: source
Version: 8.1.20-0ubuntu0.6.06.1
Distribution: dapper-security
Urgency: low
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libecpg-compat2 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg5 - run-time library for ECPG programs
libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1
libpq-dev - header files for libpq4 (PostgreSQL library)
libpq4 - PostgreSQL C client library
postgresql-8.1 - object-relational SQL database, version 8.1 server
postgresql-client-8.1 - front-end programs for PostgreSQL 8.1
postgresql-contrib-8.1 - additional facilities for PostgreSQL
postgresql-doc-8.1 - documentation for the PostgreSQL database management system
postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1
postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1
postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1
postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming
Changes:
postgresql-8.1 (8.1.20-0ubuntu0.6.06.1) dapper-security; urgency=low
.
* no change rebuild for -security
.
postgresql-8.1 (8.1.20-0ubuntu0.6.06) dapper-proposed; urgency=low
.
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Files:
7dfd50b87affea366e80f4e687dd6137 1135 misc optional postgresql-8.1_8.1.20-0ubuntu0.6.06.1.dsc
94a97733e140584fff301c32026b4880 11542102 misc optional postgresql-8.1_8.1.20.orig.tar.gz
98a0e6c5015c99a9428aabaa9e51ff0e 33787 misc optional postgresql-8.1_8.1.20-0ubuntu0.6.06.1.diff.gz
More information about the dapper-changes
mailing list