[ubuntu/hardy-security] postgresql-8.3, postgresql-8.3_8.3.10-0ubuntu8.04.1_hppa_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu8.04.1_sparc_translations.tar.gz (delayed), postgresql-8.3_8.3.10-0ubuntu8.04.1_powerpc_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu8.04.1_lpia_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu8.04.1_ia64_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu8.04.1_i386_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu8.04.1_amd64_translations.tar.gz 8.3.10-0ubuntu8.04.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Apr 28 23:05:44 BST 2010


postgresql-8.3 (8.3.10-0ubuntu8.04.1) hardy-security; urgency=low

  * no change rebuild for -security

postgresql-8.3 (8.3.10-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #557408)
    - Add new configuration parameter ssl_renegotiation_limit to control
      how often we do session key renegotiation for an SSL connection.
      This can be set to zero to disable renegotiation completely, which
      may be required if a broken SSL library is used. In particular,
      some vendors are shipping stopgap patches for CVE-2009-3555 that
      cause renegotiation attempts to fail.
    - Fix possible deadlock during backend startup.
    - Fix possible crashes due to not handling errors during relcache
      reload cleanly.
    - Fix possible crash due to use of dangling pointer to a cached plan.
    - Fix possible crashes when trying to recover from a failure in
      subtransaction start.
    - Fix server memory leak associated with use of savepoints and a
      client encoding different from server's encoding.
    - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
      GIST index page split.
      This would result in index corruption, or even more likely an error
      during WAL replay, if we were unlucky enough to crash during
      end-of-recovery cleanup after having completed an incomplete GIST
      insertion.
    - Make substring() for bit types treat any negative length as meaning
      "all the rest of the string".
      The previous coding treated only -1 that way, and would produce an
      invalid result value for other negative values, possibly leading to
      a crash (CVE-2010-0442). (Closes: #567058)
    - Fix integer-to-bit-string conversions to handle the first
      fractional byte correctly when the output bit width is wider than
      the given integer by something other than a multiple of 8 bits.
    - Fix some cases of pathologically slow regular expression matching.
    - Fix assorted crashes in xml processing caused by sloppy memory
      management.
      This is a back-patch of changes first applied in 8.4. The 8.3 code
      was known buggy, but the new code was sufficiently different to not
      want to back-patch it until it had gotten some field testing.
    - Fix bug with trying to update a field of an element of a
      composite-type array column.
    - Fix the STOP WAL LOCATION entry in backup history files to report
      the next WAL segment's name when the end location is exactly at a
      segment boundary.
    - Fix some more cases of temporary-file leakage.
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
    - Improve constraint exclusion processing of boolean-variable cases,
      in particular make it possible to exclude a partition that has a
      "bool_column = false" constraint.
    - When reading "pg_hba.conf" and related files, do not treat
      @something as a file inclusion request if the @ appears inside
      quote marks; also, never treat @ by itself as a file inclusion
      request.
      This prevents erratic behavior if a role or database name starts
      with @. If you need to include a file whose path name contains
      spaces, you can still do so, but you must write @"/path to/file"
      rather than putting the quotes around the whole construct.
    - Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in "pg_hba.conf" and related files.
    - Fix possible infinite loop if SSL_read or SSL_write fails without
      setting errno.
      This is reportedly possible with some Windows versions of openssl.
    - Disallow GSSAPI authentication on local connections, since it
      requires a hostname to function correctly.
    - Make ecpg report the proper SQLSTATE if the connection disappears.
    - Fix psql's numericlocale option to not format strings it shouldn't
      in latex and troff output formats.
    - Make psql return the correct exit status (3) when ON_ERROR_STOP and
      --single-transaction are both specified and an error occurs during
      the implied "COMMIT".
    - Fix plpgsql failure in one case where a composite column is set to
      NULL.
    - Fix possible failure when calling PL/Perl functions from PL/PerlU
      or vice versa.
    - Add volatile markings in PL/Python to avoid possible
      compiler-specific misbehavior.
    - Ensure PL/Tcl initializes the Tcl interpreter fully.
      The only known symptom of this oversight is that the Tcl clock
      command misbehaves if using Tcl 8.5 or later.
    - Prevent crash in "contrib/dblink" when too many key columns are
      specified to a dblink_build_sql_- function.
    - Allow zero-dimensional arrays in "contrib/ltree" operations.
      This case was formerly rejected as an error, but it's more
      convenient to treat it the same as a zero-element array. In
      particular this avoids unnecessary failures when an ltree operation
      is applied to the result of ARRAY(SELECT ...) and the sub-select
      returns no rows.
    - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
      management.
  * Add 00cvs-unregister-ssl-callbacks.patch: Properly unregister OpenSSL
    callbacks when libpq is done with it's connection. Thanks Ondřej Surý for
    the backport! (Closes: #411982, LP: #63141)

Date: Tue, 27 Apr 2010 10:09:30 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/postgresql-8.3/8.3.10-0ubuntu8.04.1
-------------- next part --------------
Format: 1.7
Date: Tue, 27 Apr 2010 10:09:30 -0500
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.3.10-0ubuntu8.04.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (latest version)
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client - front-end programs for PostgreSQL (latest version)
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib - additional facilities for PostgreSQL (latest version)
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 411982 567058
Launchpad-Bugs-Fixed: 63141 557408
Changes: 
 postgresql-8.3 (8.3.10-0ubuntu8.04.1) hardy-security; urgency=low
 .
   * no change rebuild for -security
 .
 postgresql-8.3 (8.3.10-0ubuntu8.04) hardy-proposed; urgency=low
 .
   * New upstream bug fix release: (LP: #557408)
     - Add new configuration parameter ssl_renegotiation_limit to control
       how often we do session key renegotiation for an SSL connection.
       This can be set to zero to disable renegotiation completely, which
       may be required if a broken SSL library is used. In particular,
       some vendors are shipping stopgap patches for CVE-2009-3555 that
       cause renegotiation attempts to fail.
     - Fix possible deadlock during backend startup.
     - Fix possible crashes due to not handling errors during relcache
       reload cleanly.
     - Fix possible crash due to use of dangling pointer to a cached plan.
     - Fix possible crashes when trying to recover from a failure in
       subtransaction start.
     - Fix server memory leak associated with use of savepoints and a
       client encoding different from server's encoding.
     - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
       GIST index page split.
       This would result in index corruption, or even more likely an error
       during WAL replay, if we were unlucky enough to crash during
       end-of-recovery cleanup after having completed an incomplete GIST
       insertion.
     - Make substring() for bit types treat any negative length as meaning
       "all the rest of the string".
       The previous coding treated only -1 that way, and would produce an
       invalid result value for other negative values, possibly leading to
       a crash (CVE-2010-0442). (Closes: #567058)
     - Fix integer-to-bit-string conversions to handle the first
       fractional byte correctly when the output bit width is wider than
       the given integer by something other than a multiple of 8 bits.
     - Fix some cases of pathologically slow regular expression matching.
     - Fix assorted crashes in xml processing caused by sloppy memory
       management.
       This is a back-patch of changes first applied in 8.4. The 8.3 code
       was known buggy, but the new code was sufficiently different to not
       want to back-patch it until it had gotten some field testing.
     - Fix bug with trying to update a field of an element of a
       composite-type array column.
     - Fix the STOP WAL LOCATION entry in backup history files to report
       the next WAL segment's name when the end location is exactly at a
       segment boundary.
     - Fix some more cases of temporary-file leakage.
       This corrects a problem introduced in the previous minor release.
       One case that failed is when a plpgsql function returning set is
       called within another function's exception handler.
     - Improve constraint exclusion processing of boolean-variable cases,
       in particular make it possible to exclude a partition that has a
       "bool_column = false" constraint.
     - When reading "pg_hba.conf" and related files, do not treat
       @something as a file inclusion request if the @ appears inside
       quote marks; also, never treat @ by itself as a file inclusion
       request.
       This prevents erratic behavior if a role or database name starts
       with @. If you need to include a file whose path name contains
       spaces, you can still do so, but you must write @"/path to/file"
       rather than putting the quotes around the whole construct.
     - Prevent infinite loop on some platforms if a directory is named as
       an inclusion target in "pg_hba.conf" and related files.
     - Fix possible infinite loop if SSL_read or SSL_write fails without
       setting errno.
       This is reportedly possible with some Windows versions of openssl.
     - Disallow GSSAPI authentication on local connections, since it
       requires a hostname to function correctly.
     - Make ecpg report the proper SQLSTATE if the connection disappears.
     - Fix psql's numericlocale option to not format strings it shouldn't
       in latex and troff output formats.
     - Make psql return the correct exit status (3) when ON_ERROR_STOP and
       --single-transaction are both specified and an error occurs during
       the implied "COMMIT".
     - Fix plpgsql failure in one case where a composite column is set to
       NULL.
     - Fix possible failure when calling PL/Perl functions from PL/PerlU
       or vice versa.
     - Add volatile markings in PL/Python to avoid possible
       compiler-specific misbehavior.
     - Ensure PL/Tcl initializes the Tcl interpreter fully.
       The only known symptom of this oversight is that the Tcl clock
       command misbehaves if using Tcl 8.5 or later.
     - Prevent crash in "contrib/dblink" when too many key columns are
       specified to a dblink_build_sql_- function.
     - Allow zero-dimensional arrays in "contrib/ltree" operations.
       This case was formerly rejected as an error, but it's more
       convenient to treat it the same as a zero-element array. In
       particular this avoids unnecessary failures when an ltree operation
       is applied to the result of ARRAY(SELECT ...) and the sub-select
       returns no rows.
     - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
       management.
   * Add 00cvs-unregister-ssl-callbacks.patch: Properly unregister OpenSSL
     callbacks when libpq is done with it's connection. Thanks Ondřej Surý for
     the backport! (Closes: #411982, LP: #63141)
Files: 
 578cc1af160a036a73809644cabfa4ba 1311 misc optional postgresql-8.3_8.3.10-0ubuntu8.04.1.dsc
 fd9dde9afb7f1416961f4793b6f8da54 68817 misc optional postgresql-8.3_8.3.10-0ubuntu8.04.1.diff.gz
Original-Maintainer: Martin Pitt <mpitt at debian.org>


More information about the Hardy-changes mailing list