[ubuntu/lucid] postgresql-8.4 8.4.2-1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Mon Dec 14 23:35:18 GMT 2009
postgresql-8.4 (8.4.2-1) unstable; urgency=medium
Medium urgency due to security fixes.
[ Peter Eisentraut ]
* debian/control: Added Homepage
* debian/control: Added ${misc:Depends} on all packages, per lintian
* debian/control: Added versioned dependencies on the shared libraries used
by the libecpg-dev package
* debian/control: Removed obsolete build dependency bzip2
* debian/control: Added Vcs fields
[ Martin Pitt ]
* New upstream security/bug fix release:
- Protect against indirect security threats caused by index functions
changing session-local state. This change prevents allegedly-immutable
index functions from possibly subverting a superuser's session
(CVE-2009-4136).
- Reject SSL certificates containing an embedded null byte in the
common name (CN) field. This prevents unintended matching of a
certificate to a server or client name during SSL validation
(CVE-2009-4034).
- Fix hash index corruption. The 8.4 change that made hash indexes keep
entries sorted by hash value failed to update the bucket splitting and
compaction routines to preserve the ordering. So application of either
of those operations could lead to permanent corruption of an index, in
the sense that searches might fail to find entries that are present. To
deal with this, it is recommended to REINDEX any hash indexes you may
have after installing this update.
- Fix possible crash during backend-startup-time cache initialization.
- Avoid crash on empty thesaurus dictionary.
- Prevent signals from interrupting VACUUM at unsafe times.
- Fix possible crash due to integer overflow in hash table size
calculation.
- Fix crash if a DROP is attempted on an internally-dependent object.
- Fix very rare crash in inet/cidr comparisons.
- Ensure that shared tuple-level locks held by prepared transactions
are not ignored.
- Fix premature drop of temporary files used for a cursor that is
accessed within a subtransaction.
- Fix memory leak in syslogger process when rotating to a new CSV
logfile.
- Fix memory leak in postmaster when re-parsing "pg_hba.conf".
- Make FOR UPDATE/SHARE in the primary query not propagate into WITH
queries.
- Fix bug with a WITH RECURSIVE query immediately inside another one.
- Fix concurrency bug in hash indexes.
- Fix incorrect logic for GiST index page splits, when the split
depends on a non-first column of the index.
- Fix wrong search results for a multi-column GIN index with
fastupdate enabled.
- Fix bugs in WAL entry creation for GIN indexes.
- Don't error out if recycling or removing an old WAL file fails at
the end of checkpoint.
- Fix PAM password processing to be more robust.
The previous code is known to fail with the combination of the
Linux pam_krb5 PAM module with Microsoft Active Directory as the
domain controller. It might have problems elsewhere too, since it
was making unjustified assumptions about what arguments the PAM
stack would pass to it.
- Raise the maximum authentication token (Kerberos ticket) size in
GSSAPI and SSPI authentication methods. While the old 2000-byte limit
was more than enough for Unix Kerberos implementations, tickets issued
by Windows Domain Controllers can be much larger.
- Ensure that domain constraints are enforced in constructs like
ARRAY[...]::domain, where the domain is over an array type.
- Fix foreign-key logic for some cases involving composite-type
columns as foreign keys.
- Ensure that a cursor's snapshot is not modified after it is created.
- Fix CREATE TABLE to properly merge default expressions coming from
different inheritance parent tables. This used to work but was broken in
8.4.
- Re-enable collection of access statistics for sequences. This used to
work but was broken in 8.3.
- Fix processing of ownership dependencies during CREATE OR REPLACE
FUNCTION.
- Fix incorrect handling of WHERE "x"="x" conditions.
In some cases these could get ignored as redundant, but they aren't
-- they're equivalent to "x" IS NOT NULL.
- Fix incorrect plan construction when using hash aggregation to
implement DISTINCT for textually identical volatile expressions
- Fix Assert failure for a volatile SELECT DISTINCT ON expression
- Fix ts_stat() to not fail on an empty tsvector value
- Make text search parser accept underscores in XML attributes
- Fix encoding handling in xml binary input.
If the XML header doesn't specify an encoding, we now assume UTF-8
by default; the previous handling was inconsistent.
- Fix bug with calling plperl from plperlu or vice versa.
- Fix session-lifespan memory leak when a PL/Perl function is
redefined.
- Ensure that Perl arrays are properly converted to PostgreSQL arrays
when returned by a set-returning PL/Perl function.
- Fix rare crash in exception processing in PL/Python.
- Fix ecpg problem with comments in DECLARE CURSOR statements
- Fix ecpg to not treat recently-added keywords as reserved words
This affected the keywords CALLED, CATALOG, DEFINER, ENUM,
FOLLOWING, INVOKER, OPTIONS, PARTITION, PRECEDING, RANGE, SECURITY,
SERVER, UNBOUNDED, and WRAPPER.
- Re-allow regular expression special characters in psql's \df
function name parameter.
- Put FREEZE and VERBOSE options in the right order in the VACUUM
command that "contrib/vacuumdb" produces.
- Fix possible leak of connections when "contrib/dblink" encounters
an error
- Make the postmaster ignore any application_name parameter in
connection request packets, to improve compatibility with future
libpq versions.
* debian/control: libreadline5-dev → libreadline-dev. (Closes: #553831)
* Add 03-sh-architecture.patch: Support Renesas' SuperH architecture, thanks
Nobuhiro Iwamatsu! (Closes: #548847)
Date: Mon, 14 Dec 2009 19:02:38 +0100
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
Origin: debian/unstable
https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.2-1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Origin: debian/unstable
Format: 1.8
Date: Mon, 14 Dec 2009 19:02:38 +0100
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.4.2-1
Distribution: lucid
Urgency: medium
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.4 - object-relational SQL database, version 8.4 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.4 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.4 - documentation for the PostgreSQL database management system
postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Closes: 548847 553831
Changes:
postgresql-8.4 (8.4.2-1) unstable; urgency=medium
.
Medium urgency due to security fixes.
.
[ Peter Eisentraut ]
* debian/control: Added Homepage
* debian/control: Added ${misc:Depends} on all packages, per lintian
* debian/control: Added versioned dependencies on the shared libraries used
by the libecpg-dev package
* debian/control: Removed obsolete build dependency bzip2
* debian/control: Added Vcs fields
.
[ Martin Pitt ]
* New upstream security/bug fix release:
- Protect against indirect security threats caused by index functions
changing session-local state. This change prevents allegedly-immutable
index functions from possibly subverting a superuser's session
(CVE-2009-4136).
- Reject SSL certificates containing an embedded null byte in the
common name (CN) field. This prevents unintended matching of a
certificate to a server or client name during SSL validation
(CVE-2009-4034).
- Fix hash index corruption. The 8.4 change that made hash indexes keep
entries sorted by hash value failed to update the bucket splitting and
compaction routines to preserve the ordering. So application of either
of those operations could lead to permanent corruption of an index, in
the sense that searches might fail to find entries that are present. To
deal with this, it is recommended to REINDEX any hash indexes you may
have after installing this update.
- Fix possible crash during backend-startup-time cache initialization.
- Avoid crash on empty thesaurus dictionary.
- Prevent signals from interrupting VACUUM at unsafe times.
- Fix possible crash due to integer overflow in hash table size
calculation.
- Fix crash if a DROP is attempted on an internally-dependent object.
- Fix very rare crash in inet/cidr comparisons.
- Ensure that shared tuple-level locks held by prepared transactions
are not ignored.
- Fix premature drop of temporary files used for a cursor that is
accessed within a subtransaction.
- Fix memory leak in syslogger process when rotating to a new CSV
logfile.
- Fix memory leak in postmaster when re-parsing "pg_hba.conf".
- Make FOR UPDATE/SHARE in the primary query not propagate into WITH
queries.
- Fix bug with a WITH RECURSIVE query immediately inside another one.
- Fix concurrency bug in hash indexes.
- Fix incorrect logic for GiST index page splits, when the split
depends on a non-first column of the index.
- Fix wrong search results for a multi-column GIN index with
fastupdate enabled.
- Fix bugs in WAL entry creation for GIN indexes.
- Don't error out if recycling or removing an old WAL file fails at
the end of checkpoint.
- Fix PAM password processing to be more robust.
The previous code is known to fail with the combination of the
Linux pam_krb5 PAM module with Microsoft Active Directory as the
domain controller. It might have problems elsewhere too, since it
was making unjustified assumptions about what arguments the PAM
stack would pass to it.
- Raise the maximum authentication token (Kerberos ticket) size in
GSSAPI and SSPI authentication methods. While the old 2000-byte limit
was more than enough for Unix Kerberos implementations, tickets issued
by Windows Domain Controllers can be much larger.
- Ensure that domain constraints are enforced in constructs like
ARRAY[...]::domain, where the domain is over an array type.
- Fix foreign-key logic for some cases involving composite-type
columns as foreign keys.
- Ensure that a cursor's snapshot is not modified after it is created.
- Fix CREATE TABLE to properly merge default expressions coming from
different inheritance parent tables. This used to work but was broken in
8.4.
- Re-enable collection of access statistics for sequences. This used to
work but was broken in 8.3.
- Fix processing of ownership dependencies during CREATE OR REPLACE
FUNCTION.
- Fix incorrect handling of WHERE "x"="x" conditions.
In some cases these could get ignored as redundant, but they aren't
-- they're equivalent to "x" IS NOT NULL.
- Fix incorrect plan construction when using hash aggregation to
implement DISTINCT for textually identical volatile expressions
- Fix Assert failure for a volatile SELECT DISTINCT ON expression
- Fix ts_stat() to not fail on an empty tsvector value
- Make text search parser accept underscores in XML attributes
- Fix encoding handling in xml binary input.
If the XML header doesn't specify an encoding, we now assume UTF-8
by default; the previous handling was inconsistent.
- Fix bug with calling plperl from plperlu or vice versa.
- Fix session-lifespan memory leak when a PL/Perl function is
redefined.
- Ensure that Perl arrays are properly converted to PostgreSQL arrays
when returned by a set-returning PL/Perl function.
- Fix rare crash in exception processing in PL/Python.
- Fix ecpg problem with comments in DECLARE CURSOR statements
- Fix ecpg to not treat recently-added keywords as reserved words
This affected the keywords CALLED, CATALOG, DEFINER, ENUM,
FOLLOWING, INVOKER, OPTIONS, PARTITION, PRECEDING, RANGE, SECURITY,
SERVER, UNBOUNDED, and WRAPPER.
- Re-allow regular expression special characters in psql's \df
function name parameter.
- Put FREEZE and VERBOSE options in the right order in the VACUUM
command that "contrib/vacuumdb" produces.
- Fix possible leak of connections when "contrib/dblink" encounters
an error
- Make the postmaster ignore any application_name parameter in
connection request packets, to improve compatibility with future
libpq versions.
* debian/control: libreadline5-dev → libreadline-dev. (Closes: #553831)
* Add 03-sh-architecture.patch: Support Renesas' SuperH architecture, thanks
Nobuhiro Iwamatsu! (Closes: #548847)
Checksums-Sha1:
7ec4308e99f74a4b0a48bad5418c971b18769d2f 1849 postgresql-8.4_8.4.2-1.dsc
563caa3da16ca84608e5ff9c487753f3bd127883 16810915 postgresql-8.4_8.4.2.orig.tar.gz
6640087f81be6238840a16fe46da199f468ae460 31570 postgresql-8.4_8.4.2-1.diff.gz
Checksums-Sha256:
5fb1e6ee332417c763ea91d45dc94de40d548405d1b77c37594eada25c508fb3 1849 postgresql-8.4_8.4.2-1.dsc
4cd9d9e0d321ac7ff264aa0b9bef11d49bb24dd5568c52ea1af9b4e8533b3708 16810915 postgresql-8.4_8.4.2.orig.tar.gz
3e177663d12741a18a9c2ff03318e6ceb9ca31dbe20ac25ddf1552790b772f66 31570 postgresql-8.4_8.4.2-1.diff.gz
Files:
64e8ed5ada8a3beb342603912f3d2f27 1849 database optional postgresql-8.4_8.4.2-1.dsc
1bc9cdc76c6a2a13bd7fdc0f3f53667f 16810915 database optional postgresql-8.4_8.4.2.orig.tar.gz
b50540b04fdcea815563656a5350ff82 31570 database optional postgresql-8.4_8.4.2-1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksmyLgACgkQDecnbV4Fd/KesQCgyCT3k0JFPxemQDyQX2OaDHJS
xKoAn2MONTDKUiYUqoUoFsD/42W8DMe6
=VpLB
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list