postgresql-9.4 (9.4~beta2-1) unstable; urgency=low
* New upstream beta version.
+ Secure Unix-domain sockets of temporary postmasters started during make
check (Noah Misch)
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
* postgresql-9.4.preinst: Fail upgrade when upgrading from beta1, the
catalog version changed. People should dump/remove their old clusters
first.
* Use util-linux' uuid lib as backend for the uuid-ossp extension
(--with-uuid=e2fs).
* Enable sepgsql (--with-selinux). On systems with libselinux1-dev < 2.1.10,
this is automatically disabled.
* Revert multiarch for libpq-dev and libecpg-dev. (Closes: #750111, #750112)
* Remove our pg_regress patches to support --host=/path. Implemented
upstream as fix for CVE-2014-0067.
* debian/copyright: Say that there are various copyright holders for the
contrib modules. (Hello Lintian!)
* Update Vcs URLs.
-- Christoph Berg <email address hidden> Mon, 21 Jul 2014 22:26:24 +0200
