postgresql-10 10.3-1 source package in Ubuntu

Changelog

postgresql-10 (10.3-1) unstable; urgency=medium

  * New upstream version.

    If you run an installation in which not all users are mutually
    trusting, or if you maintain an application or extension that is
    intended for use in arbitrary situations, it is strongly recommended
    that you read the documentation changes described in the first changelog
    entry below, and take suitable steps to ensure that your installation or
    code is secure.

    Also, the changes described in the second changelog entry below may
    cause functions used in index expressions or materialized views to fail
    during auto-analyze, or when reloading from a dump.  After upgrading,
    monitor the server logs for such problems, and fix affected functions.

    + Document how to configure installations and applications to guard
      against search-path-dependent trojan-horse attacks from other users

      Using a search_path setting that includes any schemas writable by a
      hostile user enables that user to capture control of queries and then
      run arbitrary SQL code with the permissions of the attacked user.  While
      it is possible to write queries that are proof against such hijacking,
      it is notationally tedious, and it's very easy to overlook holes.
      Therefore, we now recommend configurations in which no untrusted schemas
      appear in one's search path.
      (CVE-2018-1058)

    + Avoid use of insecure search_path settings in pg_dump and other client
      programs

      pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
      were themselves vulnerable to the type of hijacking described in the
      previous changelog entry; since these applications are commonly run by
      superusers, they present particularly attractive targets.  To make them
      secure whether or not the installation as a whole has been secured,
      modify them to include only the pg_catalog schema in their search_path
      settings. Autovacuum worker processes now do the same, as well.

      In cases where user-provided functions are indirectly executed by these
      programs -- for example, user-provided functions in index expressions --
      the tighter search_path may result in errors, which will need to be
      corrected by adjusting those user-provided functions to not assume
      anything about what search path they are invoked under.  That has always
      been good practice, but now it will be necessary for correct behavior.
      (CVE-2018-1058)

 -- Christoph Berg <email address hidden>  Tue, 27 Feb 2018 12:54:34 +0100

Upload details

Uploaded by:
Debian PostgreSQL Maintainers on 2018-03-01
Uploaded to:
Sid
Original maintainer:
Debian PostgreSQL Maintainers
Architectures:
any all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic release on 2018-04-06 main misc

Downloads

File Size SHA-256 Checksum
postgresql-10_10.3-1.dsc 3.4 KiB 4d1c2d805241ffe873483c66fa531eac1cd785a6dbcfb452e38591abea5d24c7
postgresql-10_10.3.orig.tar.bz2 19.0 MiB 6ea268780ee35e88c65cdb0af7955ad90b7d0ef34573867f223f14e43467931a
postgresql-10_10.3-1.debian.tar.xz 22.3 KiB 5349970dd7c757b7dfcaec64d39bc457f15afd65f2307c976a3ce868b49c59bd

Available diffs

No changes file available.

Binary packages built by this source

libecpg-compat3: older version of run-time library for ECPG programs

 The libecpg_compat shared library is used by programs built with ecpg.
 (Embedded PostgreSQL for C).
 .
 PostgreSQL is an object-relational SQL database management system.

libecpg-compat3-dbgsym: debug symbols for libecpg-compat3
libecpg-dev: development files for ECPG (Embedded PostgreSQL for C)

 This package contains the necessary files to build ECPG (Embedded
 PostgreSQL for C) programs. It includes the development libraries
 and the preprocessor program ecpg.
 .
 PostgreSQL is an object-relational SQL database management system.
 .
 Install this package if you want to write C programs with SQL statements
 embedded in them (rather than run by an external process).

libecpg-dev-dbgsym: debug symbols for libecpg-dev
libecpg6: run-time library for ECPG programs

 The libecpg shared library is used by programs built with ECPG
 (Embedded PostgreSQL for C).
 .
 PostgreSQL is an object-relational SQL database management system.

libecpg6-dbgsym: debug symbols for libecpg6
libpgtypes3: shared library libpgtypes for PostgreSQL 10

 The libpgtypes shared library is used by programs built with ecpg.
 (Embedded PostgreSQL for C).
 .
 PostgreSQL is an object-relational SQL database management system.

libpgtypes3-dbgsym: debug symbols for libpgtypes3
libpq-dev: header files for libpq5 (PostgreSQL library)

 Header files and static library for compiling C programs to link
 with the libpq library in order to communicate with a PostgreSQL
 database backend.
 .
 PostgreSQL is an object-relational SQL database management system.

libpq5: PostgreSQL C client library

 libpq is a C library that enables user programs to communicate with
 the PostgreSQL database server. The server can be on another machine
 and accessed through TCP/IP. This version of libpq is compatible
 with servers from PostgreSQL 8.2 or later.
 .
 This package contains the run-time library, needed by packages using
 libpq.
 .
 PostgreSQL is an object-relational SQL database management system.

libpq5-dbgsym: debug symbols for libpq5
postgresql-10: object-relational SQL database, version 10 server

 PostgreSQL is a powerful, open source object-relational database
 system. It is fully ACID compliant, has full support for foreign
 keys, joins, views, triggers, and stored procedures (in multiple
 languages). It includes most SQL:2008 data types, including INTEGER,
 NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and TIMESTAMP. It
 also supports storage of binary large objects, including pictures,
 sounds, or video. It has native programming interfaces for C/C++,
 Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others, and
 exceptional documentation.
 .
 This package provides the database server for PostgreSQL 10.

postgresql-10-dbgsym: debug symbols for postgresql-10
postgresql-client-10: front-end programs for PostgreSQL 10

 This package contains client and administrative programs for
 PostgreSQL: these are the interactive terminal client psql and
 programs for creating and removing users and databases.
 .
 This is the client package for PostgreSQL 10. If you install
 PostgreSQL 10 on a standalone machine, you need the server package
 postgresql-10, too. On a network, you can install this package on
 many client machines, while the server package may be installed on
 only one machine.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-client-10-dbgsym: debug symbols for postgresql-client-10
postgresql-doc-10: documentation for the PostgreSQL database management system

 This package contains all README files, user manual, and examples for
 PostgreSQL 10. The manual is in HTML format.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-plperl-10: PL/Perl procedural language for PostgreSQL 10

 PL/Perl enables an SQL developer to write procedural language functions
 for PostgreSQL 10 in Perl. You need this package if you have any
 PostgreSQL 10 functions that use the languages plperl or plperlu.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-plperl-10-dbgsym: debug symbols for postgresql-plperl-10
postgresql-plpython-10: PL/Python procedural language for PostgreSQL 10

 PL/Python enables an SQL developer to write procedural language functions
 for PostgreSQL 10 in Python. You need this package if you have any
 PostgreSQL 10 functions that use the languages plpython or plpythonu.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-plpython-10-dbgsym: debug symbols for postgresql-plpython-10
postgresql-plpython3-10: PL/Python 3 procedural language for PostgreSQL 10

 PL/Python 3 enables an SQL developer to write procedural language functions
 for PostgreSQL 10 in Python 3. You need this package if you have any
 PostgreSQL 10 functions that use the languages plpython3 or plpython3u.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-plpython3-10-dbgsym: debug symbols for postgresql-plpython3-10
postgresql-pltcl-10: PL/Tcl procedural language for PostgreSQL 10

 PL/Tcl enables an SQL developer to write procedural language functions
 for PostgreSQL 10 in Tcl. You need this package if you have any
 PostgreSQL 10 functions that use the languages pltcl or pltclu.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-pltcl-10-dbgsym: debug symbols for postgresql-pltcl-10
postgresql-server-dev-10: development files for PostgreSQL 10 server-side programming

 Header files for compiling SSI code to link into PostgreSQL's backend; for
 example, for C functions to be called from SQL.
 .
 This package also contains the Makefiles necessary for building add-on
 modules of PostgreSQL, which would otherwise have to be built in the
 PostgreSQL source-code tree.
 .
 PostgreSQL is an object-relational SQL database management system.

postgresql-server-dev-10-dbgsym: debug symbols for postgresql-server-dev-10