[ubuntu/hardy-security] postgresql-8.3_8.3.12-0ubuntu8.04_hppa_translations.tar.gz, postgresql-8.3, postgresql-8.3_8.3.12-0ubuntu8.04_sparc_translations.tar.gz (delayed), postgresql-8.3_8.3.12-0ubuntu8.04_powerpc_translations.tar.gz, postgresql-8.3_8.3.12-0ubuntu8.04_lpia_translations.tar.gz, postgresql-8.3_8.3.12-0ubuntu8.04_amd64_translations.tar.gz, postgresql-8.3_8.3.12-0ubuntu8.04_ia64_translations.tar.gz, postgresql-8.3_8.3.12-0ubuntu8.04_i386_translations.tar.gz 8.3.12-0ubuntu8.04 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Oct 7 15:09:36 BST 2010
postgresql-8.3 (8.3.12-0ubuntu8.04) hardy-security; urgency=low
* New upstream security/bug fix release: (LP: #655293)
- Use a separate interpreter for each calling SQL userid in PL/Perl
and PL/Tcl.
This change prevents security problems that can be caused by
subverting Perl or Tcl code that will be executed later in the same
session under another SQL user identity (for example, within a
SECURITY DEFINER function). Most scripting languages offer numerous
ways that that might be done, such as redefining standard functions
or operators called by the target function. Without this change,
any SQL user with Perl or Tcl language usage rights can do
essentially anything with the SQL privileges of the target
function's owner.
The cost of this change is that intentional communication among
Perl and Tcl functions becomes more difficult. To provide an escape
hatch, PL/PerlU and PL/TclU functions continue to use only one
interpreter per session. This is not considered a security issue
since all such functions execute at the trust level of a database
superuser already.
It is likely that third-party procedural languages that claim to
offer trusted execution have similar security issues. We advise
contacting the authors of any PL you are depending on for
security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue
(CVE-2010-3433).
- Prevent possible crashes in pg_get_expr() by disallowing it from
being called with an argument that is not one of the system catalog
columns it's intended to be used with.
- Fix incorrect usage of non-strict OR joinclauses in Append
indexscans.
This is a back-patch of an 8.4 fix that was missed in the 8.3
branch. This corrects an error introduced in 8.3.8 that could cause
incorrect results for outer joins when the inner relation is an
inheritance tree or UNION ALL subquery.
- Fix possible duplicate scans of UNION ALL member relations.
- Fix "cannot handle unplanned sub-select" error.
This occurred when a sub-select contains a join alias reference
that expands into an expression containing another sub-select.
- Fix failure to mark cached plans as transient.
If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
progress for one of the referenced tables, it is supposed to be
re-planned once the index is ready for use. This was not happening
reliably.
- Reduce PANIC to ERROR in some occasionally-reported btree failure
cases, and provide additional detail in the resulting error
messages.
This should improve the system's robustness with corrupted indexes.
- Prevent show_session_authorization() from crashing within
autovacuum processes.
- Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype.
- Fix possible failure when hashing a pass-by-reference function
result.
- Improve merge join's handling of NULLs in the join columns.
A merge join can now stop entirely upon reaching the first NULL, if
the sort order is such that NULLs sort high.
- Take care to fsync the contents of lockfiles (both "postmaster.pid"
and the socket lockfile) while writing them.
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from
succeeding, until the lockfile is manually removed.
- Avoid recursion while assigning XIDs to heavily-nested
subtransactions.
The original coding could result in a crash if there was limited
stack space.
- Avoid holding open old WAL segments in the walwriter process.
The previous coding would prevent removal of no-longer-needed
segments.
- Fix log_line_prefix's %i escape, which could produce junk early in
backend startup.
- Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
when archiving is enabled.
- Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
be interrupted by query-cancel.
- Fix "REASSIGN OWNED" to handle operator classes and families.
- Fix possible core dump when comparing two empty tsquery values.
- Fix LIKE's handling of patterns containing % followed by _.
We've fixed this before, but there were still some
incorrectly-handled cases.
- In PL/Python, defend against null pointer results from
PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
- Make psql recognize "DISCARD ALL" as a command that should not be
encased in a transaction block in autocommit-off mode.
- Fix ecpg to process data from RETURNING clauses correctly.
- Improve "contrib/dblink"'s handling of tables containing dropped
columns.
- Fix connection leak after "duplicate connection name" errors in
"contrib/dblink".
- Fix "contrib/dblink" to handle connection names longer than 62
bytes correctly.
- Add hstore(text, text) function to "contrib/hstore".
This function is the recommended substitute for the now-deprecated
=> operator. It was back-patched so that future-proofed code can be
used with older server versions. Note that the patch will be
effective only after "contrib/hstore" is installed or reinstalled
in a particular database. Users might prefer to execute the "CREATE
FUNCTION" command by hand, instead.
- Update build infrastructure and documentation to reflect the source
code repository's move from CVS to Git.
Date: Wed, 06 Oct 2010 09:56:37 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/postgresql-8.3/8.3.12-0ubuntu8.04
-------------- next part --------------
Format: 1.7
Date: Wed, 06 Oct 2010 09:56:37 +0200
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.3.12-0ubuntu8.04
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (latest version)
postgresql-8.3 - object-relational SQL database, version 8.3 server
postgresql-client - front-end programs for PostgreSQL (latest version)
postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
postgresql-contrib - additional facilities for PostgreSQL (latest version)
postgresql-contrib-8.3 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.3 - documentation for the PostgreSQL database management system
postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Launchpad-Bugs-Fixed: 655293
Changes:
postgresql-8.3 (8.3.12-0ubuntu8.04) hardy-security; urgency=low
.
* New upstream security/bug fix release: (LP: #655293)
- Use a separate interpreter for each calling SQL userid in PL/Perl
and PL/Tcl.
This change prevents security problems that can be caused by
subverting Perl or Tcl code that will be executed later in the same
session under another SQL user identity (for example, within a
SECURITY DEFINER function). Most scripting languages offer numerous
ways that that might be done, such as redefining standard functions
or operators called by the target function. Without this change,
any SQL user with Perl or Tcl language usage rights can do
essentially anything with the SQL privileges of the target
function's owner.
The cost of this change is that intentional communication among
Perl and Tcl functions becomes more difficult. To provide an escape
hatch, PL/PerlU and PL/TclU functions continue to use only one
interpreter per session. This is not considered a security issue
since all such functions execute at the trust level of a database
superuser already.
It is likely that third-party procedural languages that claim to
offer trusted execution have similar security issues. We advise
contacting the authors of any PL you are depending on for
security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue
(CVE-2010-3433).
- Prevent possible crashes in pg_get_expr() by disallowing it from
being called with an argument that is not one of the system catalog
columns it's intended to be used with.
- Fix incorrect usage of non-strict OR joinclauses in Append
indexscans.
This is a back-patch of an 8.4 fix that was missed in the 8.3
branch. This corrects an error introduced in 8.3.8 that could cause
incorrect results for outer joins when the inner relation is an
inheritance tree or UNION ALL subquery.
- Fix possible duplicate scans of UNION ALL member relations.
- Fix "cannot handle unplanned sub-select" error.
This occurred when a sub-select contains a join alias reference
that expands into an expression containing another sub-select.
- Fix failure to mark cached plans as transient.
If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
progress for one of the referenced tables, it is supposed to be
re-planned once the index is ready for use. This was not happening
reliably.
- Reduce PANIC to ERROR in some occasionally-reported btree failure
cases, and provide additional detail in the resulting error
messages.
This should improve the system's robustness with corrupted indexes.
- Prevent show_session_authorization() from crashing within
autovacuum processes.
- Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype.
- Fix possible failure when hashing a pass-by-reference function
result.
- Improve merge join's handling of NULLs in the join columns.
A merge join can now stop entirely upon reaching the first NULL, if
the sort order is such that NULLs sort high.
- Take care to fsync the contents of lockfiles (both "postmaster.pid"
and the socket lockfile) while writing them.
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from
succeeding, until the lockfile is manually removed.
- Avoid recursion while assigning XIDs to heavily-nested
subtransactions.
The original coding could result in a crash if there was limited
stack space.
- Avoid holding open old WAL segments in the walwriter process.
The previous coding would prevent removal of no-longer-needed
segments.
- Fix log_line_prefix's %i escape, which could produce junk early in
backend startup.
- Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
when archiving is enabled.
- Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
be interrupted by query-cancel.
- Fix "REASSIGN OWNED" to handle operator classes and families.
- Fix possible core dump when comparing two empty tsquery values.
- Fix LIKE's handling of patterns containing % followed by _.
We've fixed this before, but there were still some
incorrectly-handled cases.
- In PL/Python, defend against null pointer results from
PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
- Make psql recognize "DISCARD ALL" as a command that should not be
encased in a transaction block in autocommit-off mode.
- Fix ecpg to process data from RETURNING clauses correctly.
- Improve "contrib/dblink"'s handling of tables containing dropped
columns.
- Fix connection leak after "duplicate connection name" errors in
"contrib/dblink".
- Fix "contrib/dblink" to handle connection names longer than 62
bytes correctly.
- Add hstore(text, text) function to "contrib/hstore".
This function is the recommended substitute for the now-deprecated
=> operator. It was back-patched so that future-proofed code can be
used with older server versions. Note that the patch will be
effective only after "contrib/hstore" is installed or reinstalled
in a particular database. Users might prefer to execute the "CREATE
FUNCTION" command by hand, instead.
- Update build infrastructure and documentation to reflect the source
code repository's move from CVS to Git.
Files:
994169b1c8d892515ba5b3dc4dc0c091 1947 misc optional postgresql-8.3_8.3.12-0ubuntu8.04.dsc
03b56e23c3bcdc36eee3156334b8b97b 13955500 misc optional postgresql-8.3_8.3.12.orig.tar.gz
eca14e49f5241160460a954481f67f81 71970 misc optional postgresql-8.3_8.3.12-0ubuntu8.04.diff.gz
Original-Maintainer: Martin Pitt <mpitt at debian.org>
More information about the Hardy-changes
mailing list