Accepted: postgresql-8.1 8.1.11-1 (source)
Ubuntu Installer
archive at ubuntu.com
Tue Jan 8 07:43:55 GMT 2008
Accepted:
OK: postgresql-8.1_8.1.11.orig.tar.gz
OK: postgresql-8.1_8.1.11-1.diff.gz
OK: postgresql-8.1_8.1.11-1.dsc
-> Component: universe Section: misc
Origin: Debian/unstable
Format: 1.7
Date: Tue, 08 Jan 2008 07:42:54 +0000
Source: postgresql-8.1
Binary: postgresql-plperl-8.1, postgresql-server-dev-8.1, postgresql-contrib-8.1, postgresql-client-8.1, libpq4, postgresql-8.1, postgresql-plpython-8.1, postgresql-pltcl-8.1, postgresql-doc-8.1
Architecture: source
Version: 8.1.11-1
Distribution: hardy
Urgency: medium
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
postgresql-8.1 - object-relational SQL database, version 8.1 server
Changes:
postgresql-8.1 (8.1.11-1) unstable; urgency=medium
.
* New upstream security/bugfix release:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Preserve the tablespace and storage parameters of indexes that are
rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
- Make archive recovery always start a new WAL timeline, rather than
only when a recovery stop time was used. This avoids a corner-case risk
of trying to overwrite an existing archived copy of the last WAL
segment, and seems simpler and cleaner than the original definition.
- Make "VACUUM" not use all of maintenance_work_mem when the table is
too small for it to be useful.
- Fix potential crash in translate() when using a multibyte database
encoding.
- Fix overflow in extract(epoch from interval) for intervals
exceeding 68 years.
- Fix PL/Perl to not fail when a UTF-8 regular expression is used in
a trusted function.
- Fix PL/Python to not crash on long exception messages.
- Fix pg_dump to correctly handle inheritance child tables that have
default expressions different from their parent's.
- Fix libpq crash when PGPASSFILE refers to a file that is not a
plain file.
- ecpg parser fixes.
- Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly.
- Fix crash of to_tsvector() on huge input strings.
* Use the timezone database from the system tzdata instead of shipping our
own.
- debian/patches/04-timezone-symlinks.patch: Drop previous
hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
the patch with a Makefile change that just symlinks /usr/share/zoneinfo
to where postgresql previously installed its own tzdata copy.
- debian/control: Add tzdata dependency.
- debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
files in the dereferenced directory.
- debian/postgresql-8.1.postinst: Replace the timezone directory with the
symlink on upgrades, since dpkg does not do that automatically. Without
this, we'd end up with an empty timezone directory.
Files:
6be189a40f35be83ef33a0b2381aee5f 34913 misc optional postgresql-8.1_8.1.11-1.diff.gz
d5d7805fe99dd1a98d62aacfae7fdedc 1096 misc optional postgresql-8.1_8.1.11-1.dsc
More information about the Hardy-changes
mailing list