[ubuntu/jaunty-security] postgresql-8.3_8.3.10-0ubuntu9.04.1_hppa_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu9.04.1_i386_translations.tar.gz, postgresql-8.3, postgresql-8.3_8.3.10-0ubuntu9.04.1_armel_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu9.04.1_sparc_translations.tar.gz (delayed), postgresql-8.3_8.3.10-0ubuntu9.04.1_ia64_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu9.04.1_lpia_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu9.04.1_amd64_translations.tar.gz, postgresql-8.3_8.3.10-0ubuntu9.04.1_powerpc_translations.tar.gz 8.3.10-0ubuntu9.04.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Apr 28 23:04:47 BST 2010
postgresql-8.3 (8.3.10-0ubuntu9.04.1) jaunty-security; urgency=low
* no change rebuild for -security
postgresql-8.3 (8.3.10-0ubuntu9.04) jaunty-proposed; urgency=low
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible deadlock during backend startup.
- Fix possible crashes due to not handling errors during relcache
reload cleanly.
- Fix possible crash due to use of dangling pointer to a cached plan.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split.
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442). (Closes: #567058)
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix assorted crashes in xml processing caused by sloppy memory
management.
This is a back-patch of changes first applied in 8.4. The 8.3 code
was known buggy, but the new code was sufficiently different to not
want to back-patch it until it had gotten some field testing.
- Fix bug with trying to update a field of an element of a
composite-type array column.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno.
This is reportedly possible with some Windows versions of openssl.
- Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly.
- Make ecpg report the proper SQLSTATE if the connection disappears.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT".
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Ensure PL/Tcl initializes the Tcl interpreter fully.
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Allow zero-dimensional arrays in "contrib/ltree" operations.
This case was formerly rejected as an error, but it's more
convenient to treat it the same as a zero-element array. In
particular this avoids unnecessary failures when an ltree operation
is applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Date: Tue, 27 Apr 2010 10:15:08 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/postgresql-8.3/8.3.10-0ubuntu9.04.1
-------------- next part --------------
Format: 1.8
Date: Tue, 27 Apr 2010 10:15:08 -0500
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.3.10-0ubuntu9.04.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.3 - object-relational SQL database, version 8.3 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.3 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.3 - documentation for the PostgreSQL database management system
postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 567058
Launchpad-Bugs-Fixed: 557408
Changes:
postgresql-8.3 (8.3.10-0ubuntu9.04.1) jaunty-security; urgency=low
.
* no change rebuild for -security
.
postgresql-8.3 (8.3.10-0ubuntu9.04) jaunty-proposed; urgency=low
.
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible deadlock during backend startup.
- Fix possible crashes due to not handling errors during relcache
reload cleanly.
- Fix possible crash due to use of dangling pointer to a cached plan.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split.
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442). (Closes: #567058)
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix assorted crashes in xml processing caused by sloppy memory
management.
This is a back-patch of changes first applied in 8.4. The 8.3 code
was known buggy, but the new code was sufficiently different to not
want to back-patch it until it had gotten some field testing.
- Fix bug with trying to update a field of an element of a
composite-type array column.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno.
This is reportedly possible with some Windows versions of openssl.
- Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly.
- Make ecpg report the proper SQLSTATE if the connection disappears.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT".
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Ensure PL/Tcl initializes the Tcl interpreter fully.
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Allow zero-dimensional arrays in "contrib/ltree" operations.
This case was formerly rejected as an error, but it's more
convenient to treat it the same as a zero-element array. In
particular this avoids unnecessary failures when an ltree operation
is applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
Checksums-Sha1:
c7e275595eefb4f1d03b95ecb80d11e7bd78b1db 1768 postgresql-8.3_8.3.10-0ubuntu9.04.1.dsc
2d76aad9449ea2577efa1629ff50d54e915230e8 68607 postgresql-8.3_8.3.10-0ubuntu9.04.1.diff.gz
Checksums-Sha256:
62154dba45f197541315c491e5987b4f90e4c404e7ccb5743bf32175ed78164e 1768 postgresql-8.3_8.3.10-0ubuntu9.04.1.dsc
142fa0f6c754dbda3a96d07c0954999ff8a53ad7f471ba212a20660c957e335f 68607 postgresql-8.3_8.3.10-0ubuntu9.04.1.diff.gz
Files:
7454f28deecedf089c24276ff513348d 1768 misc optional postgresql-8.3_8.3.10-0ubuntu9.04.1.dsc
8a83a19afbd33c4c8c622d46f6ef7085 68607 misc optional postgresql-8.3_8.3.10-0ubuntu9.04.1.diff.gz
Original-Maintainer: Martin Pitt <mpitt at debian.org>
More information about the Jaunty-changes
mailing list