[ubuntu/lucid-security] postgresql-8.4, postgresql-8.4_8.4.12-0ubuntu10.04_powerpc_translations.tar.gz, postgresql-8.4_8.4.12-0ubuntu10.04_amd64_translations.tar.gz, postgresql-8.4_8.4.12-0ubuntu10.04_ia64_translations.tar.gz, postgresql-8.4_8.4.12-0ubuntu10.04_i386_translations.tar.gz, postgresql-8.4_8.4.12-0ubuntu10.04_armel_translations.tar.gz, postgresql-8.4_8.4.12-0ubuntu10.04_sparc_translations.tar.gz 8.4.12-0ubuntu10.04 (Accepted)

[Martin Pitt]

postgresql-8.4 (8.4.12-0ubuntu10.04) lucid-security; urgency=low

  * New upstream security/bug fix release: (LP: #1008317)
    - Fix incorrect password transformation in "contrib/pgcrypto"'s DES
      crypt() function.
      If a password string contained the byte value 0x80, the remainder
      of the password was ignored, causing the password to be much weaker
      than it appeared. With this fix, the rest of the string is properly
      included in the DES hash. Any stored password values that are
      affected by this bug will thus no longer match, so the stored
      values may need to be updated. (CVE-2012-2143)
    - Ignore SECURITY DEFINER and SET attributes for a procedural
      language's call handler.
      Applying such attributes to a call handler could crash the server.
      (CVE-2012-2655)
    - Allow numeric timezone offsets in timestamp input to be up to 16
      hours away from UTC.
      Some historical time zones have offsets larger than 15 hours, the
      previous limit. This could result in dumped data values being
      rejected during reload.
    - Fix timestamp conversion to cope when the given time is exactly the
      last DST transition time for the current timezone.
      This oversight has been there a long time, but was not noticed
      previously because most DST-using zones are presumed to have an
      indefinite sequence of future DST transitions.
    - Fix text to name and char to name casts to perform string
      truncation correctly in multibyte encodings.
    - Fix memory copying bug in to_tsquery().
    - Fix planner's handling of outer PlaceHolderVars within subqueries.
      This bug concerns sub-SELECTs that reference variables coming from
      the nullable side of an outer join of the surrounding query. In
      9.1, queries affected by this bug would fail with "ERROR:
      Upper-level PlaceHolderVar found where not expected". But in 9.0
      and 8.4, you'd silently get possibly-wrong answers, since the value
      transmitted into the subquery wouldn't go to null when it should.
    - Fix slow session startup when pg_attribute is very large.
      If pg_attribute exceeds one-fourth of shared_buffers, cache
      rebuilding code that is sometimes needed during session start would
      trigger the synchronized-scan logic, causing it to take many times
      longer than normal. The problem was particularly acute if many new
      sessions were starting at once.
    - Ensure sequential scans check for query cancel reasonably often.
      A scan encountering many consecutive pages that contain no live
      tuples would not respond to interrupts meanwhile.
    - Ensure the Windows implementation of PGSemaphoreLock() clears
      ImmediateInterruptOK before returning.
      This oversight meant that a query-cancel interrupt received later
      in the same query could be accepted at an unsafe time, with
      unpredictable but not good consequences.
    - Show whole-row variables safely when printing views or rules.
      Corner cases involving ambiguous names (that is, the name could be
      either a table or column name of the query) were printed in an
      ambiguous way, risking that the view or rule would be interpreted
      differently after dump and reload. Avoid the ambiguous case by
      attaching a no-op cast.
    - Fix "COPY FROM" to properly handle null marker strings that
      correspond to invalid encoding.
      A null marker string such as E'\\0' should work, and did work in
      the past, but the case got broken in 8.4.
    - Ensure autovacuum worker processes perform stack depth checking
      properly.
      Previously, infinite recursion in a function invoked by
      auto-"ANALYZE" could crash worker processes.
    - Fix logging collector to not lose log coherency under high load.
      The collector previously could fail to reassemble large messages if
      it got too busy.
    - Fix logging collector to ensure it will restart file rotation after
      receiving SIGHUP.
    - Fix WAL replay logic for GIN indexes to not fail if the index was
      subsequently dropped>
    - Fix memory leak in PL/pgSQL's "RETURN NEXT" command.
    - Fix PL/pgSQL's "GET DIAGNOSTICS" command when the target is the
      function's first variable.
    - Fix potential access off the end of memory in psql's expanded
      display ("\x") mode.
    - Fix several performance problems in pg_dump when the database
      contains many objects.
      pg_dump could get very slow if the database contained many schemas,
      or if many objects are in dependency loops, or if there are many
      owned sequences.
    - Fix "contrib/dblink"'s dblink_exec() to not leak temporary database
      connections upon error.
    - Fix "contrib/dblink" to report the correct connection name in error
      messages.

Date: Mon, 04 Jun 2012 09:03:09 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.12-0ubuntu10.04
-------------- next part --------------
Format: 1.8
Date: Mon, 04 Jun 2012 09:03:09 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source
Version: 8.4.12-0ubuntu10.04
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.4 - object-relational SQL database, version 8.4 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.4 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Launchpad-Bugs-Fixed: 1008317
Changes: 
 postgresql-8.4 (8.4.12-0ubuntu10.04) lucid-security; urgency=low
 .
   * New upstream security/bug fix release: (LP: #1008317)
     - Fix incorrect password transformation in "contrib/pgcrypto"'s DES
       crypt() function.
       If a password string contained the byte value 0x80, the remainder
       of the password was ignored, causing the password to be much weaker
       than it appeared. With this fix, the rest of the string is properly
       included in the DES hash. Any stored password values that are
       affected by this bug will thus no longer match, so the stored
       values may need to be updated. (CVE-2012-2143)
     - Ignore SECURITY DEFINER and SET attributes for a procedural
       language's call handler.
       Applying such attributes to a call handler could crash the server.
       (CVE-2012-2655)
     - Allow numeric timezone offsets in timestamp input to be up to 16
       hours away from UTC.
       Some historical time zones have offsets larger than 15 hours, the
       previous limit. This could result in dumped data values being
       rejected during reload.
     - Fix timestamp conversion to cope when the given time is exactly the
       last DST transition time for the current timezone.
       This oversight has been there a long time, but was not noticed
       previously because most DST-using zones are presumed to have an
       indefinite sequence of future DST transitions.
     - Fix text to name and char to name casts to perform string
       truncation correctly in multibyte encodings.
     - Fix memory copying bug in to_tsquery().
     - Fix planner's handling of outer PlaceHolderVars within subqueries.
       This bug concerns sub-SELECTs that reference variables coming from
       the nullable side of an outer join of the surrounding query. In
       9.1, queries affected by this bug would fail with "ERROR:
       Upper-level PlaceHolderVar found where not expected". But in 9.0
       and 8.4, you'd silently get possibly-wrong answers, since the value
       transmitted into the subquery wouldn't go to null when it should.
     - Fix slow session startup when pg_attribute is very large.
       If pg_attribute exceeds one-fourth of shared_buffers, cache
       rebuilding code that is sometimes needed during session start would
       trigger the synchronized-scan logic, causing it to take many times
       longer than normal. The problem was particularly acute if many new
       sessions were starting at once.
     - Ensure sequential scans check for query cancel reasonably often.
       A scan encountering many consecutive pages that contain no live
       tuples would not respond to interrupts meanwhile.
     - Ensure the Windows implementation of PGSemaphoreLock() clears
       ImmediateInterruptOK before returning.
       This oversight meant that a query-cancel interrupt received later
       in the same query could be accepted at an unsafe time, with
       unpredictable but not good consequences.
     - Show whole-row variables safely when printing views or rules.
       Corner cases involving ambiguous names (that is, the name could be
       either a table or column name of the query) were printed in an
       ambiguous way, risking that the view or rule would be interpreted
       differently after dump and reload. Avoid the ambiguous case by
       attaching a no-op cast.
     - Fix "COPY FROM" to properly handle null marker strings that
       correspond to invalid encoding.
       A null marker string such as E'\\0' should work, and did work in
       the past, but the case got broken in 8.4.
     - Ensure autovacuum worker processes perform stack depth checking
       properly.
       Previously, infinite recursion in a function invoked by
       auto-"ANALYZE" could crash worker processes.
     - Fix logging collector to not lose log coherency under high load.
       The collector previously could fail to reassemble large messages if
       it got too busy.
     - Fix logging collector to ensure it will restart file rotation after
       receiving SIGHUP.
     - Fix WAL replay logic for GIN indexes to not fail if the index was
       subsequently dropped>
     - Fix memory leak in PL/pgSQL's "RETURN NEXT" command.
     - Fix PL/pgSQL's "GET DIAGNOSTICS" command when the target is the
       function's first variable.
     - Fix potential access off the end of memory in psql's expanded
       display ("\x") mode.
     - Fix several performance problems in pg_dump when the database
       contains many objects.
       pg_dump could get very slow if the database contained many schemas,
       or if many objects are in dependency loops, or if there are many
       owned sequences.
     - Fix "contrib/dblink"'s dblink_exec() to not leak temporary database
       connections upon error.
     - Fix "contrib/dblink" to report the correct connection name in error
       messages.
Checksums-Sha1: 
 8f95755b4462bd972f73e4025d21de6754b6e504 2620 postgresql-8.4_8.4.12-0ubuntu10.04.dsc
 53a17cd0f104bcad112925d3c6fc2e29e1f89c8e 18193373 postgresql-8.4_8.4.12.orig.tar.gz
 61d2b5029f67ac096289a41126464671af12eac2 50157 postgresql-8.4_8.4.12-0ubuntu10.04.diff.gz
Checksums-Sha256: 
 40a8eaf423273ec8dbc615c89eac2d6d6f59057b4eef0ebf62516122c6bc036e 2620 postgresql-8.4_8.4.12-0ubuntu10.04.dsc
 0cd614f0f0f149d683aa1fbdefd7d873282cfdefada5a687d2644457c855d4f2 18193373 postgresql-8.4_8.4.12.orig.tar.gz
 3c512aa6ccda39454aff1b37d2c6efb2f8f5d7b28e4dff54bc2acaa66694abc1 50157 postgresql-8.4_8.4.12-0ubuntu10.04.diff.gz
Files: 
 b24a20bcd2bb65fca3e49ce1671d7654 2620 database optional postgresql-8.4_8.4.12-0ubuntu10.04.dsc
 2e7c6e16fe19e9597e2882fe47c7d3fd 18193373 database optional postgresql-8.4_8.4.12.orig.tar.gz
 dd3992c097e70c4ae74b3aa3d487f535 50157 database optional postgresql-8.4_8.4.12-0ubuntu10.04.diff.gz
Original-Maintainer: Martin Pitt <mpitt at debian.org>