[ubuntu/karmic] postgresql-8.4 8.4.1-1 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Wed Sep 9 17:30:14 BST 2009 

postgresql-8.4 (8.4.1-1) unstable; urgency=medium

  * Urgency medium due to security fix.
  * New upstream security/bug fix release:
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Fix WAL page header initialization at the end of archive recovery.
      This could lead to failure to process the WAL in a subsequent archive
      recovery.
    - Fix "cannot make new WAL entries during recovery" error.
    - Fix problem that could make expired rows visible after a crash.
      This bug involved a page status bit potentially not being set
      correctly after a server crash.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Make window function PARTITION BY and ORDER BY items always be
      interpreted as simple expressions.
      In 8.4.0 these lists were parsed following the rules used for
      top-level GROUP BY and ORDER BY lists. But this was not correct per
      the SQL standard, and it led to possible circularity.
    - Fix several errors in planning of semi-joins. These led to wrong query
      results in some cases where IN or EXISTS was used together with another
      join.
    - Fix handling of whole-row references to subqueries that are within
      an outer join. An example is SELECT COUNT(ss.-) FROM ... LEFT JOIN
      (SELECT ...) ss ON .... Here, ss.- would be treated as
      ROW(NULL,NULL,...) for null-extended join rows, which is not the same as
      a simple NULL.  Now it is treated as a simple NULL.
    - Fix locale handling with plperl. This bug could cause the server's
      locale setting to change when a plperl function is called, leading to
      data corruption.
    - Fix handling of reloptions to ensure setting one option doesn't
      force default values for others.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid memory leak for array_agg() in GROUP BY queries.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'.  It was previously handled as 'th'.
    - Include the fractional part in the result of EXTRACT(second) and
      EXTRACT(milliseconds) for time and time with time zone inputs.
      This has always worked for floating-point datetime configurations,
      but was broken in the integer datetime code.
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Improve performance when processing toasted values in index scans.
      This is particularly useful for PostGIS.
    - Fix a typo that disabled commit_delay.
    - Output early-startup messages to "postmaster.log" if the server is
      started in silent mode. Previously such error messages were discarded,
      leading to difficulty in debugging.
    - Remove translated FAQs. They are now on the wiki. The main FAQ was moved
      to the wiki some time ago.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Fix several errors in pg_dump's --binary-upgrade mode. pg_dump
      --binary-upgrade is used by pg_migrator.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".
    - Avoid including conflicting readline and editline header files when
      both libraries are installed.
    - Work around gcc bug that causes "floating-point exception" instead
      of "division by zero" on some platforms.
  * debian/control: Bump Standards-Version to 3.8.3 (no changes necessary).

Date: Sun, 06 Sep 2009 14:11:13 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
Origin: debian/unstable
https://launchpad.net/ubuntu/karmic/+source/postgresql-8.4/8.4.1-1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: debian/unstable
Format: 1.8
Date: Sun, 06 Sep 2009 14:11:13 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.4.1-1
Distribution: karmic
Urgency: medium
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.4 - object-relational SQL database, version 8.4 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.4 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Changes: 
 postgresql-8.4 (8.4.1-1) unstable; urgency=medium
 .
   * Urgency medium due to security fix.
   * New upstream security/bug fix release:
     - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
       security-definer functions. This covers a case that was missed in the
       previous patch that disallowed "SET ROLE" and "SET SESSION
       AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
     - Fix WAL page header initialization at the end of archive recovery.
       This could lead to failure to process the WAL in a subsequent archive
       recovery.
     - Fix "cannot make new WAL entries during recovery" error.
     - Fix problem that could make expired rows visible after a crash.
       This bug involved a page status bit potentially not being set
       correctly after a server crash.
     - Make "LOAD" of an already-loaded loadable module into a no-op.
       Formerly, "LOAD" would attempt to unload and re-load the module,
       but this is unsafe and not all that useful.
     - Make window function PARTITION BY and ORDER BY items always be
       interpreted as simple expressions.
       In 8.4.0 these lists were parsed following the rules used for
       top-level GROUP BY and ORDER BY lists. But this was not correct per
       the SQL standard, and it led to possible circularity.
     - Fix several errors in planning of semi-joins. These led to wrong query
       results in some cases where IN or EXISTS was used together with another
       join.
     - Fix handling of whole-row references to subqueries that are within
       an outer join. An example is SELECT COUNT(ss.-) FROM ... LEFT JOIN
       (SELECT ...) ss ON .... Here, ss.- would be treated as
       ROW(NULL,NULL,...) for null-extended join rows, which is not the same as
       a simple NULL.  Now it is treated as a simple NULL.
     - Fix locale handling with plperl. This bug could cause the server's
       locale setting to change when a plperl function is called, leading to
       data corruption.
     - Fix handling of reloptions to ensure setting one option doesn't
       force default values for others.
     - Ensure that a "fast shutdown" request will forcibly terminate open
       sessions, even if a "smart shutdown" was already in progress.
     - Avoid memory leak for array_agg() in GROUP BY queries.
     - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
       'HH'/'HH12'.  It was previously handled as 'th'.
     - Include the fractional part in the result of EXTRACT(second) and
       EXTRACT(milliseconds) for time and time with time zone inputs.
       This has always worked for floating-point datetime configurations,
       but was broken in the integer datetime code.
     - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
       and integer datetimes are in use.
     - Improve performance when processing toasted values in index scans.
       This is particularly useful for PostGIS.
     - Fix a typo that disabled commit_delay.
     - Output early-startup messages to "postmaster.log" if the server is
       started in silent mode. Previously such error messages were discarded,
       leading to difficulty in debugging.
     - Remove translated FAQs. They are now on the wiki. The main FAQ was moved
       to the wiki some time ago.
     - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
       empty.
     - Fix several errors in pg_dump's --binary-upgrade mode. pg_dump
       --binary-upgrade is used by pg_migrator.
     - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
       number of parameters (twenty).
     - Improve robustness of libpq's code to recover from errors during
       "COPY FROM STDIN".
     - Avoid including conflicting readline and editline header files when
       both libraries are installed.
     - Work around gcc bug that causes "floating-point exception" instead
       of "division by zero" on some platforms.
   * debian/control: Bump Standards-Version to 3.8.3 (no changes necessary).
Checksums-Sha1: 
 45d03fdc281e6726b42ddf550d10c8e72c581b15 1675 postgresql-8.4_8.4.1-1.dsc
 61fc780bf87dbb61b28c9199800cfe8a53404b9c 16765281 postgresql-8.4_8.4.1.orig.tar.gz
 0f1e02c7a1b0157aa0a5c563b5bd80094a28c802 28570 postgresql-8.4_8.4.1-1.diff.gz
Checksums-Sha256: 
 6fc5e724165cb04796fa4c0b6ca4131588af212f552a35288cc72e52538b8bc0 1675 postgresql-8.4_8.4.1-1.dsc
 49d43dad7c760836498f70878f2fea449b7d2ba647d7bfbd503d53f1bb3bf487 16765281 postgresql-8.4_8.4.1.orig.tar.gz
 7d0bdcdcd9194d27e8c103bbbb210302f92902c7dc46d3721fa7bb81e91c19be 28570 postgresql-8.4_8.4.1-1.diff.gz
Files: 
 7f10a139563a0268d1e844519cc24ab4 1675 database optional postgresql-8.4_8.4.1-1.dsc
 efb12995609aaba2ee5d43b03be161c6 16765281 database optional postgresql-8.4_8.4.1.orig.tar.gz
 44f6dbb8e81a4de0ff18911c08b29de6 28570 database optional postgresql-8.4_8.4.1-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqn1bcACgkQDecnbV4Fd/KfNACgm6JNMq4r54TsSHo8euQPO54G
k8MAn3mLH7oLkmDMXVDDoftEFfy4fHTu
=p1zi
-----END PGP SIGNATURE-----

More information about the Karmic-changes mailing list