Change log for postgresql-8.1 package in Ubuntu

157 of 57 results
Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
postgresql-8.1 (8.1.23-0ubuntu0.6.06.1) dapper-security; urgency=low

  * Add 14-intarray_query_int_buffer_overrun.patch:
    - Fix buffer overrun in "contrib/intarray"'s input function for the
      query_int type. This bug is a security risk since the function's return
      address could be overwritten. Patch backported from 8.2 (commit
      e11349fdb). (CVE-2010-4015) (LP: #711318)
 -- Martin Pitt <email address hidden>   Tue, 01 Feb 2011 23:24:29 +0100
Superseded in dapper-updates on 2011-02-04
Deleted in dapper-proposed on 2011-02-05 (Reason: moved to -updates)
postgresql-8.1 (8.1.23-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bug fix release (LP: #693157):
    - Force the default wal_sync_method to be fdatasync on Linux.
      The default on Linux has actually been fdatasync for many years,
      but recent kernel changes caused PostgreSQL to choose open_datasync
      instead. This choice did not result in any performance improvement,
      and caused outright failures on certain filesystems, notably ext4
      with the data=journal mount option.
    - Fix recovery from base backup when the starting checkpoint WAL
      record is not in the same WAL segment as its redo point.
    - Add support for detecting register-stack overrun on IA64.
      The IA64 architecture has two hardware stacks. Full prevention of
      stack-overrun failures requires checking both.
    - Add a check for stack overflow in copyObject().
      Certain code paths could crash due to stack overflow given a
      sufficiently complex query.
    - Fix detection of page splits in temporary GiST indexes.
      It is possible to have a "concurrent" page split in a temporary
      index, if for example there is an open cursor scanning the index
      when an insertion is done. GiST failed to detect this case and
      hence could deliver wrong results when execution of the cursor
      continued.
    - Avoid memory leakage while "ANALYZE"'ing complex index expressions.
    - Ensure an index that uses a whole-row Var still depends on its
      table.
      An index declared like create index i on t (foo(t.-)) would not
      automatically get dropped when its table was dropped.
    - Do not "inline" a SQL function with multiple OUT parameters.
      This avoids a possible crash due to loss of information about the
      expected result rowtype.
    - Fix constant-folding of COALESCE() expressions.
      The planner would sometimes attempt to evaluate sub-expressions
      that in fact could never be reached, possibly leading to unexpected
      errors.
    - Add print functionality for InhRelation nodes.
      This avoids a failure when debug_print_parse is enabled and certain
      types of query are executed.
    - Fix incorrect calculation of distance from a point to a horizontal
      line segment.
      This bug affected several different geometric distance-measurement
      operators.
    - Fix PL/pgSQL's handling of "simple" expressions to not fail in
      recursion or error-recovery cases.
    - Fix bug in "contrib/cube"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a cube column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update.
    - Don't emit "identifier will be truncated" notices in
      "contrib/dblink" except when creating new connections.
    - Fix potential coredump on missing public key in "contrib/pgcrypto".
    - Fix memory leak in "contrib/xml2"'s XPath query functions.
 -- Martin Pitt <email address hidden>   Tue, 21 Dec 2010 21:40:48 +0100
Superseded in dapper-updates on 2011-01-03
Superseded in dapper-security on 2011-02-04
postgresql-8.1 (8.1.22-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/bug fix release: (LP: #655293)
    - Use a separate interpreter for each calling SQL userid in PL/Perl
      and PL/Tcl.
      This change prevents security problems that can be caused by
      subverting Perl or Tcl code that will be executed later in the same
      session under another SQL user identity (for example, within a
      SECURITY DEFINER function). Most scripting languages offer numerous
      ways that that might be done, such as redefining standard functions
      or operators called by the target function. Without this change,
      any SQL user with Perl or Tcl language usage rights can do
      essentially anything with the SQL privileges of the target
      function's owner.
      The cost of this change is that intentional communication among
      Perl and Tcl functions becomes more difficult. To provide an escape
      hatch, PL/PerlU and PL/TclU functions continue to use only one
      interpreter per session. This is not considered a security issue
      since all such functions execute at the trust level of a database
      superuser already.
      It is likely that third-party procedural languages that claim to
      offer trusted execution have similar security issues. We advise
      contacting the authors of any PL you are depending on for
      security-critical purposes.
      Our thanks to Tim Bunce for pointing out this issue
      (CVE-2010-3433).
    - Prevent possible crashes in pg_get_expr() by disallowing it from
      being called with an argument that is not one of the system catalog
      columns it's intended to be used with.
    - Fix "cannot handle unplanned sub-select" error.
      This occurred when a sub-select contains a join alias reference
      that expands into an expression containing another sub-select.
    - Prevent show_session_authorization() from crashing within
      autovacuum processes.
    - Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype.
    - Fix possible failure when hashing a pass-by-reference function
      result.
    - Take care to fsync the contents of lockfiles (both "postmaster.pid"
      and the socket lockfile) while writing them.
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start. That could in turn
      prevent subsequent attempts to start the postmaster from
      succeeding, until the lockfile is manually removed.
    - Avoid recursion while assigning XIDs to heavily-nested
      subtransactions.
      The original coding could result in a crash if there was limited
      stack space.
    - Fix log_line_prefix's %i escape, which could produce junk early in
      backend startup.
    - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
      when archiving is enabled.
    - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
      be interrupted by query-cancel.
    - In PL/Python, defend against null pointer results from
      PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
    - Improve "contrib/dblink"'s handling of tables containing dropped
      columns.
    - Fix connection leak after "duplicate connection name" errors in
      "contrib/dblink".
    - Fix "contrib/dblink" to handle connection names longer than 62
      bytes correctly.
    - Update build infrastructure and documentation to reflect the source
      code repository's move from CVS to Git (Magnus Hagander and others)
 -- Martin Pitt <email address hidden>   Wed, 06 Oct 2010 10:04:24 +0200
Superseded in dapper-updates on 2010-10-07
Superseded in dapper-security on 2010-10-07
Deleted in dapper-proposed on 2010-10-08 (Reason: moved to -updates)
postgresql-8.1 (8.1.21-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/bug fix release:
    - Enforce restrictions in plperl using an opmask applied to the whole
      interpreter, instead of using "Safe.pm".
      Recent developments have convinced us that "Safe.pm" is too
      insecure to rely on for making plperl trustable. This change
      removes use of "Safe.pm" altogether, in favor of using a separate
      interpreter with an opcode mask that is always applied. Pleasant
      side effects of the change include that it is now possible to use
      Perl's strict pragma in a natural way in plperl, and that Perl's $a
      and $b variables work as expected in sort routines, and that
      function compilation is significantly faster. (CVE-2010-1169)
    - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table. This
      change disables the feature unless pltcl_modules is owned by a
      superuser. (However, the permissions on the table are not checked,
      so installations that really need a less-than-secure modules table
      can still grant suitable privileges to trusted non-superusers.)
      Also, prevent loading code into the unrestricted "normal" Tcl
      interpreter unless we are really going to execute a pltclu
      function. (CVE-2010-1170)
    - Do not allow an unprivileged user to reset superuser-only parameter
      settings.
      Previously, if an unprivileged user ran ALTER USER ... RESET ALL
      for himself, or ALTER DATABASE ... RESET ALL for a database he
      owns, this would remove all special parameter settings for the user
      or database, even ones that are only supposed to be changeable by a
      superuser. Now, the "ALTER" will only remove the parameters that
      the user has permission to change.
    - Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries.
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
    - Update pl/perl's "ppport.h" for modern Perl versions.
    - Fix assorted memory leaks in pl/python.
    - Prevent infinite recursion in psql when expanding a variable that
      refers to itself.
    - Ensure that "contrib/pgstattuple" functions respond to cancel
      interrupts promptly.
 -- Martin Pitt <email address hidden>   Sat, 15 May 2010 12:57:33 +0200
Superseded in dapper-updates on 2010-05-21
Superseded in dapper-security on 2010-05-21
postgresql-8.1 (8.1.20-0ubuntu0.6.06.1) dapper-security; urgency=low

  * no change rebuild for -security

Superseded in dapper-updates on 2010-04-28
Deleted in dapper-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.1 (8.1.20-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bug fix release: (LP: #557408)
    - Add new configuration parameter ssl_renegotiation_limit to control
      how often we do session key renegotiation for an SSL connection.
      This can be set to zero to disable renegotiation completely, which
      may be required if a broken SSL library is used. In particular,
      some vendors are shipping stopgap patches for CVE-2009-3555 that
      cause renegotiation attempts to fail.
    - Fix possible crashes when trying to recover from a failure in
      subtransaction start.
    - Fix server memory leak associated with use of savepoints and a
      client encoding different from server's encoding.
    - Make substring() for bit types treat any negative length as meaning
      "all the rest of the string".
      The previous coding treated only -1 that way, and would produce an
      invalid result value for other negative values, possibly leading to
      a crash (CVE-2010-0442).
    - Fix integer-to-bit-string conversions to handle the first
      fractional byte correctly when the output bit width is wider than
      the given integer by something other than a multiple of 8 bits.
    - Fix some cases of pathologically slow regular expression matching.
    - Fix the STOP WAL LOCATION entry in backup history files to report
      the next WAL segment's name when the end location is exactly at a
      segment boundary.
    - Fix some more cases of temporary-file leakage.
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
    - When reading "pg_hba.conf" and related files, do not treat
      @something as a file inclusion request if the @ appears inside
      quote marks; also, never treat @ by itself as a file inclusion
      request.
      This prevents erratic behavior if a role or database name starts
      with @. If you need to include a file whose path name contains
      spaces, you can still do so, but you must write @"/path to/file"
      rather than putting the quotes around the whole construct.
    - Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in "pg_hba.conf" and related files.
    - Fix psql's numericlocale option to not format strings it shouldn't
      in latex and troff output formats.
    - Fix plpgsql failure in one case where a composite column is set to
      NULL.
    - Add volatile markings in PL/Python to avoid possible
      compiler-specific misbehavior.
    - Prevent crash in "contrib/dblink" when too many key columns are
      specified to a dblink_build_sql_- function.
    - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
      management.
 -- Martin Pitt <email address hidden>   Wed, 07 Apr 2010 19:25:03 +0200
Superseded in dapper-updates on 2010-04-15
Superseded in dapper-security on 2010-04-28
Deleted in dapper-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.1 (8.1.19-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream bug fix/security release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix PAM password processing to be more robust. The previous code is
      known to fail with the combination of the Linux pam_krb5 PAM module with
      Microsoft Active Directory as the domain controller. It might have
      problems elsewhere too, since it was making unjustified assumptions about
      what arguments the PAM stack would pass to it.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
      This worked correctly already for non-set-returning functions.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
 -- Martin Pitt <email address hidden>   Tue, 15 Dec 2009 16:01:10 +0100
Superseded in dapper-updates on 2010-01-03
Superseded in dapper-security on 2010-01-03
Deleted in dapper-proposed on 2010-01-04 (Reason: moved to -updates)
postgresql-8.1 (8.1.18-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream bug fix/security release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions.
      This covers a case that was missed in the previous patch that
      disallowed "SET ROLE" and "SET SESSION AUTHORIZATION" inside
      security-definer functions. (See CVE-2007-6600)
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix hash calculation for data type interval.
      This corrects wrong results for hash joins on interval values. It
      also changes the contents of hash indexes on interval columns. If
      you have any such indexes, you must "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'
      It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Properly round datetime input like
      00:12:57.9999999999999999999999999999
    - Fix poor choice of page split point in GiST R-tree operator classes
    - Fix portability issues in plperl initialization
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty)
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN"
    - Avoid including conflicting readline and editline header files when
      both libraries are installed

 -- Martin Pitt <email address hidden>   Wed, 16 Sep 2009 08:30:31 +0000
Superseded in dapper-updates on 2009-09-21
Superseded in dapper-security on 2009-09-21
postgresql-8.1 (8.1.17-0ubuntu0.6.06.1) dapper-security; urgency=low

  * No change rebuild as a security update as this fixes CVE-2009-0922

 -- Marc Deslauriers <email address hidden>   Mon, 06 Apr 2009 10:10:22 -0400
Deleted in dapper-proposed on 2009-04-15 (Reason: moved to -updates)
postgresql-8.1 (8.1.17-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bug fix release 8.1.17: (LP: #344688)
    - Prevent error recursion crashes when encoding conversion fails.
      This change extends fixes made in the last two minor releases for
      related failure scenarios. The previous fixes were narrowly
      tailored for the original problem reports, but we have now
      recognized that *any* error thrown by an encoding conversion
      function could potentially lead to infinite recursion while trying
      to report the error. The solution therefore is to disable
      translation and encoding conversion and report the plain-ASCII form
      of any error message, if we find we have gotten into a recursive
      error reporting situation.
    - Disallow "CREATE CONVERSION" with the wrong encodings for the
      specified conversion function. This prevents one possible scenario for
      encoding conversion failure. The previous change is a backstop to guard
      against other kinds of failures in the same area.
    - Fix core dump when to_char() is given format codes that are
      inappropriate for the type of the data argument.
    - Fix decompilation of CASE WHEN with an implicit coercion.
    - Fix possible misassignment of the owner of a TOAST table's rowtype.
      If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
      by someone other than the table owner, the pg_type entry for the
      table's TOAST table would end up marked as owned by that someone.
      This caused no immediate problems, since the permissions on the
      TOAST rowtype aren't examined by any ordinary database operation.
      However, it could lead to unexpected failures if one later tried to
      drop the role that issued the command (in 8.1 or 8.2), or "owner of
      data type appears to be invalid" warnings from pg_dump after having
      done so (in 8.3).
    - Clean up PL/pgSQL error status variables fully at block exit.
      This is not a problem for PL/pgSQL itself, but the omission could
      cause the PL/pgSQL Debugger to crash while examining the state of a
      function.
    - Add MUST (Mauritius Island Summer Time) to the default list of
      known timezone abbreviations.

 -- Martin Pitt <email address hidden>   Wed, 25 Mar 2009 09:17:17 +0100
Superseded in dapper-updates on 2009-04-07
Deleted in dapper-proposed on 2009-04-08 (Reason: moved to -updates)
postgresql-8.1 (8.1.16-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bugfix release 8.1.16: (LP: #326372)
    - Fix rare crash in autovacuum.
    - Improve handling of URLs in headline() function.
    - Improve handling of overlength headlines in headline() function.
    - Prevent possible Assert failure or misconversion if an encoding
      conversion is created with the wrong conversion function for the
      specified pair of encodings.
    - Avoid unnecessary locking of small tables in "VACUUM".
    - Ensure that the contents of a holdable cursor don't depend on the
      contents of TOAST tables. Previously, large field values in a
      cursor result might be represented as TOAST pointers, which
      would fail if the referenced table got dropped before the cursor
      is read, or if the large value is deleted and then vacuumed
      away. This cannot happen with an ordinary cursor, but it could
      with a cursor that is held past its creating transaction.
    - Fix uninitialized variables in "contrib/tsearch2"'s get_covers()
      function.
    - Make all documentation reference pgsql-bugs and/or pgsql-hackers as
      appropriate, instead of the now-decommissioned pgsql-ports and
      pgsql-patches mailing lists.

 -- Martin Pitt <email address hidden>   Fri, 06 Feb 2009 23:21:07 +0100
Superseded in dapper-updates on 2009-02-16
Deleted in dapper-proposed on 2009-02-17 (Reason: moved to -updates)
postgresql-8.1 (8.1.15-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bugfix release 8.1.15: (LP: #293758)
    - Fix GiST index corruption due to marking the wrong index entry
      "dead" after a deletion. This would result in index searches failing to
      find rows they should have found.
    - Fix backend crash when the client encoding cannot represent a
      localized error message.
    - Fix possible crash when deeply nested functions are invoked from a
      trigger.
    - Fix mis-expansion of rule queries when a sub-SELECT appears in a
      function call in FROM, a multi-row VALUES list, or a RETURNING list.
      The usual symptom of this problem is an "unrecognized node type"
      error.
    - Ensure an error is reported when a newly-defined PL/pgSQL trigger
      function is invoked as a normal function.
    - Prevent possible collision of relfilenode numbers when moving a
      table to another tablespace with "ALTER SET TABLESPACE".
      The command tried to re-use the existing filename, instead of
      picking one that is known unused in the destination directory.
    - Fix incorrect tsearch2 headline generation when single query item
      matches first word of text.
    - Fix improper display of fractional seconds in interval values when
      using a non-ISO datestyle in an "--enable-integer-datetimes" build.
    - Ensure SPI_getvalue and SPI_getbinval behave correctly when the
      passed tuple and tuple descriptor have different numbers of columns.
      This situation is normal when a table has had columns added or
      removed, but these two functions didn't handle it properly. The
      only likely consequence is an incorrect error indication.
    - Fix ecpg's parsing of "CREATE ROLE".
    - Fix recent breakage of pg_ctl restart.
  * New upstream bugfix release 8.1.14:
    - Widen local lock counters from 32 to 64 bits. This responds to reports
      that the counters could overflow in sufficiently long transactions,
      leading to unexpected "lock is already held" errors.
    - Fix possible duplicate output of tuples during a GiST index scan.
    - Add checks in executor startup to ensure that the tuples produced
      by an "INSERT" or "UPDATE" will match the target table's current
      rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached
      plan, could produce this type of situation. The check protects
      against data corruption and/or crashes that could ensue.
    - Fix AT TIME ZONE to first try to interpret its timezone argument as
      a timezone abbreviation, and only try it as a full timezone name if
      that fails, rather than the other way around as formerly. The timestamp
      input functions have always resolved ambiguous zone names in this order.
      Making AT TIME ZONE do so as well improves consistency, and fixes a
      compatibility bug introduced in 8.1: in ambiguous cases we now behave
      the same as 8.0 and before did, since in the older versions AT TIME ZONE
      accepted -only* abbreviations.
    - Fix datetime input functions to correctly detect integer overflow
      when running on a 64-bit platform.
    - Improve performance of writing very long log messages to syslog.
    - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON
      query.
    - Fix planner bug with nested sub-select expressions. If the outer
      sub-select has no direct dependency on the parent query, but the inner
      one does, the outer value might not get recalculated for new parent
      query rows.
    - Fix planner to estimate that GROUP BY expressions yielding boolean
      results always result in two groups, regardless of the expressions'
      contents. This is very substantially more accurate than the regular
      GROUP BY estimate for certain boolean tests like "col" IS NULL.
    - Fix PL/PgSQL to not fail when a FOR loop's target variable is a
      record containing composite-type fields.
    - Improve pg_dump and pg_restore's error reporting after failure to
      send a SQL command.
    - Fix pg_ctl to properly preserve postmaster command-line arguments
      across a restart.
  * 03-gettext-domains.patch: Unfuzz for new upstream version.

 -- Martin Pitt <email address hidden>   Tue, 04 Nov 2008 21:20:52 +0100
Superseded in dapper-updates on 2008-11-24
Deleted in dapper-proposed on 2008-11-25 (Reason: moved to -updates)
postgresql-8.1 (8.1.13-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream bugfix release (please note that 8.1.12 was never released,
    due to the discovery of another major bug):
     - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
       This oversight could lead to problems if the aggregate was later
       involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
     - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
       is correctly checked to see if it's been initialized to all
       non-nulls. Previous versions neglected to check this requirement at
       all.
     - Fix possible "CREATE TABLE" failure when inheriting the "same"
       constraint from multiple parent relations that inherited that
       constraint from a common ancestor.
     - Fix conversions between ISO-8859-5 and other encodings to handle
       Cyrillic "Yo" characters (e and E with two dots).
     - Fix a few datatype input functions that were allowing unused bytes
       in their results to contain uninitialized, unpredictable values.
       This could lead to failures in which two apparently identical
       literal values were not seen as equal, resulting in the parser
       complaining about unmatched ORDER BY and DISTINCT expressions.
     - Fix a corner case in regular-expression substring matching.
     - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
     - Fix core dump in "contrib/xml2"'s xpath_table() function when the
       input query returns a NULL value.
     - Fix longstanding "LISTEN"/"NOTIFY" race condition.
       In rare cases a session that had just executed a "LISTEN" might not
       get a notification, even though one would be expected because the
       concurrent transaction executing "NOTIFY" was observed to commit
       later.
       A side effect of the fix is that a transaction that has executed a
       not-yet-committed "LISTEN" command will not see any row in
       pg_listener for the "LISTEN", should it choose to look; formerly it
       would have. This behavior was never documented one way or the
       other, but it is possible that some applications depend on the old
       behavior.
     - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction.
       This was formerly allowed but trying to do it had various
       unpleasant consequences, notably that the originating backend could
       not exit as long as an "UNLISTEN" remained uncommitted.
     - Fix rare crash when an error occurs during a query using a hash
       index.
     - Fix input of datetime values for February 29 in years BC.
       The former coding was mistaken about which years were leap years.
     - Fix "unrecognized node type" error in some variants of "ALTER
       OWNER".
     - Fix pg_ctl to correctly extract the postmaster's port number from
       command-line options.
       Previously, pg_ctl start -w could try to contact the postmaster on
       the wrong port, leading to bogus reports of startup failure.
     - Fix display of constant expressions in ORDER BY and GROUP BY.
       An explictly casted constant would be shown incorrectly. This could
       for example lead to corruption of a view definition during dump and
       reload.
     - Fix libpq to handle NOTICE messages correctly during COPY OUT.
       This failure has only been observed to occur when a user-defined
       datatype's output routine issues a NOTICE, but there is no
       guarantee it couldn't happen due to other causes.
     (LP: #238587)

 -- Martin Pitt <email address hidden>   Mon, 09 Jun 2008 19:09:25 +0200
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
postgresql-8.1 (8.1.11-0ubuntu0.6.10.1) edgy-security; urgency=low

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add tzdata dependency.
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Sat, 05 Jan 2008 19:39:17 +0100
Superseded in dapper-updates on 2008-06-25
Superseded in dapper-security on 2009-04-07
postgresql-8.1 (8.1.11-0ubuntu0.6.06.1) dapper-security; urgency=low

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add locales dependency (which contains tzdata in
      dapper).
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Sat, 05 Jan 2008 19:26:49 +0100
Deleted in hardy-release on 2008-01-17 (Reason: superseded by postgresql-8.2)
postgresql-8.1 (8.1.11-1) unstable; urgency=medium

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add tzdata dependency.
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Tue,  08 Jan 2008 07:42:54 +0000
Deleted in edgy-proposed on 2008-01-16 (Reason: SRU moved to -security)
postgresql-8.1 (8.1.11-0ubuntu0.6.10) edgy-proposed; urgency=low

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add tzdata dependency.
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Sat, 05 Jan 2008 19:39:17 +0100
Deleted in dapper-proposed on 2008-01-16 (Reason: SRU moved to -security)
postgresql-8.1 (8.1.11-0ubuntu0.6.06) dapper-proposed; urgency=low

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add locales dependency (which contains tzdata in
      dapper).
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Sat, 05 Jan 2008 19:26:49 +0100
Superseded in dapper-updates on 2008-01-22
Superseded in dapper-proposed on 2008-01-07
postgresql-8.1 (8.1.10-0ubuntu0.6.06.1) dapper-proposed; urgency=low

  * New upstream bugfix release:
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      [CVE-2007-3278, CVE-2007-3280]
    - Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
    - Allow the interval data type to accept input consisting only of
      milliseconds or microseconds.
    - Speed up rtree index insertion.
    - Fix excessive logging of SSL error messages.
    - Fix logging so that log messages are never interleaved when using
      the syslogger process.
    - Fix crash when log_min_error_statement logging runs out of memory.
    - Fix incorrect handling of some foreign-key corner cases.
    - Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
      process temporary tables of other sessions.
    - Update the time zone database rules, particularly New Zealand's
      upcoming changes.

 -- Martin Pitt <email address hidden>   Wed, 19 Sep 2007 10:47:22 +0200
Superseded in hardy-release on 2008-01-08
Obsolete in gutsy-release on 2011-09-16
postgresql-8.1 (8.1.10-1) unstable; urgency=low

  * New upstream bugfix release:
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      [CVE-2007-3278, CVE-2007-3280]
    - Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
    - Allow the interval data type to accept input consisting only of
      milliseconds or microseconds.
    - Speed up rtree index insertion.
    - Fix excessive logging of SSL error messages.
    - Fix logging so that log messages are never interleaved when using
      the syslogger process.
    - Fix crash when log_min_error_statement logging runs out of memory.
    - Fix incorrect handling of some foreign-key corner cases.
    - Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
      process temporary tables of other sessions.
    - Update the time zone database rules, particularly New Zealand's
      upcoming changes.
  * debian/{control,rules}: Build PL/Python against Python 2.4 instead of
    'current', since it crashes with 2.5 in some cases.
    (https://launchpad.net/bugs/85647)

 -- Martin Pitt <email address hidden>   Wed,  19 Sep 2007 09:21:31 +0100
Superseded in edgy-updates on 2008-02-04
Superseded in edgy-proposed on 2008-01-08
postgresql-8.1 (8.1.10-0ubuntu0.6.10.1) edgy-proposed; urgency=low

  * New upstream bugfix release:
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      [CVE-2007-3278, CVE-2007-3280]
    - Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
    - Allow the interval data type to accept input consisting only of
      milliseconds or microseconds.
    - Speed up rtree index insertion.
    - Fix excessive logging of SSL error messages.
    - Fix logging so that log messages are never interleaved when using
      the syslogger process.
    - Fix crash when log_min_error_statement logging runs out of memory.
    - Fix incorrect handling of some foreign-key corner cases.
    - Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
      process temporary tables of other sessions.
    - Update the time zone database rules, particularly New Zealand's
      upcoming changes.

 -- Martin Pitt <email address hidden>   Wed, 19 Sep 2007 10:32:27 +0200
Superseded in gutsy-release on 2007-09-19
postgresql-8.1 (8.1.9-1.1) gutsy; urgency=low

  * Upload current bzr head to drop the remaining Ubuntu delta.

Superseded in dapper-security on 2008-01-14
postgresql-8.1 (8.1.9-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/bugfix release:
    - Support explicit placement of the temporary-table schema within
      search_path, and disable searching it for functions and operators.
      This is needed to allow a security-definer function to set a truly
      secure value of search_path. Without it, an unprivileged SQL user
      can use temporary objects to execute code with the privileges of
      the security-definer function (CVE-2007-2138). See "CREATE
      FUNCTION" for more information.
    - "/contrib/tsearch2" crash fixes.
    - Require "COMMIT PREPARED" to be executed in the same database as
      the transaction was prepared in.
    - Fix potential-data-corruption bug in how "VACUUM FULL" handles
      "UPDATE" chains.
    - Planner fixes, including improving outer join and bitmap scan
      selection logic.
    - Fix PANIC during enlargement of a hash index (bug introduced in
      8.1.6).
    - Fix POSIX-style timezone specs to follow new USA DST rules.

 -- Martin Pitt <email address hidden>   Mon, 23 Apr 2007 09:44:15 +0200
Superseded in edgy-security on 2008-01-14
postgresql-8.1 (8.1.9-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security/bugfix release:
    - Support explicit placement of the temporary-table schema within
      search_path, and disable searching it for functions and operators.
      This is needed to allow a security-definer function to set a truly
      secure value of search_path. Without it, an unprivileged SQL user
      can use temporary objects to execute code with the privileges of
      the security-definer function (CVE-2007-2138). See "CREATE
      FUNCTION" for more information.
    - "/contrib/tsearch2" crash fixes.
    - Require "COMMIT PREPARED" to be executed in the same database as
      the transaction was prepared in.
    - Fix potential-data-corruption bug in how "VACUUM FULL" handles
      "UPDATE" chains.
    - Planner fixes, including improving outer join and bitmap scan
      selection logic.
    - Fix PANIC during enlargement of a hash index (bug introduced in
      8.1.6).
    - Fix POSIX-style timezone specs to follow new USA DST rules.

 -- Martin Pitt <email address hidden>   Mon, 23 Apr 2007 09:36:39 +0200
Superseded in gutsy-release on 2007-05-04
Obsolete in feisty-release on 2009-08-20
postgresql-8.1 (8.1.8-1ubuntu3) feisty; urgency=low

  * debian/rules: Explicitly set PYTHON=/usr/bin/python2.4, since the buildd
    chroots already seem to have 2.5 installed by default. Fixes FTBFS on the
    Ubuntu buildds (d'oh, worked fine in pbuilder).

 -- Martin Pitt <email address hidden>   Thu, 22 Feb 2007 13:06:28 +0100
Superseded in feisty-release on 2007-02-22
postgresql-8.1 (8.1.8-1ubuntu2) feisty; urgency=low

  * debian/control: Build PL/Python against Python 2.4 since it crashes with
    2.5 in some cases. (LP: #85647)
  * debian/control: Set Ubuntu maintainer.

 -- Martin Pitt <email address hidden>   Tue, 20 Feb 2007 09:03:46 +0100
Superseded in dapper-security on 2007-04-27
postgresql-8.1 (8.1.8-0ubuntu6.06.1) dapper-security; urgency=low

  * No-change upload, previous upload got lost in a ssh disconnect.

 -- Martin Pitt <email address hidden>   Fri,  9 Feb 2007 17:48:55 +0100
Superseded in edgy-security on 2007-04-27
postgresql-8.1 (8.1.8-0ubuntu6.10) edgy-security; urgency=low

  * Upgraded to new upstream microrelease:
    - Fix another overzealous type check.
    - Two handfuls of non-security, but important bug fixes.
  * Remove the following patches (these are included in 8.1.8 now):
    - 00upstream-disable-update-aggregates.patch
    - 00upstream-duration-logging-crash.patch
    - 00upstream-max-utf8-wchar-len.patch
    - 00upstream-sql-fun-typecheck.patch
    - 00upstream-table-plan-consistency.patch
    - 00upstream-unknown-array-coerce.patch
    - 00upstream-zzz-sql-fun-typecheck-regression.patch
    - 54-contrib-dbmirror-quoteparsing.patch

 -- Martin Pitt <email address hidden>   Fri,  9 Feb 2007 08:59:59 +0100
Superseded in feisty-release on 2007-02-20
postgresql-8.1 (8.1.8-1ubuntu1) feisty; urgency=low

  * Merge from Debian unstable; remaining Ubuntu change:
    - debian/control: Do not build the client-side libraries, they are built
      from postgresql-8.2 now.

Superseded in feisty-release on 2007-02-08
postgresql-8.1 (8.1.7-1ubuntu1) feisty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control: Do not build the client-side libraries, they are built
      from postgresql-8.2 now.

Superseded in edgy-security on 2007-02-12
postgresql-8.1 (8.1.4-7ubuntu0.3) edgy-security; urgency=low

  * Add debian/patches/00upstream-zzz-sql-fun-typecheck-regression.patch: Fix
    overzealous type checks in some cases. Closes: LP#83505

 -- Martin Pitt <email address hidden>   Tue,  6 Feb 2007 18:57:15 +0100
Superseded in dapper-security on 2007-02-12
postgresql-8.1 (8.1.4-0ubuntu1.3) dapper-security; urgency=low

  * Add debian/patches/00upstream-zzz-sql-fun-typecheck-regression.patch: Fix
    overzealous type checks in some cases. Closes: LP#83505

 -- Martin Pitt <email address hidden>   Tue,  6 Feb 2007 18:59:38 +0100
Superseded in edgy-security on 2007-02-06
postgresql-8.1 (8.1.4-7ubuntu0.2) edgy-security; urgency=low

  * SECURITY UPDATE: Read out arbitrary memory locations from the server,
    local DoS.
  * Add debian/patches/00upstream-sql-fun-typecheck.patch:
    - Repair insufficiently careful type checking for SQL-language functions.
      Not only can one trivially crash the backend, but with appropriate
      misuse of pass-by-reference datatypes it is possible to read out
      arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.98.2.2;r2=1.98.2.3
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.201.2.1;r2=1.201.2.2
    - CVE-2007-0555
  * Add debian/patches/00upstream-table-plan-consistency.patch:
    - Check that a table is still compatible with a previously made query
      plan. Use of ALTER COLUMN TYPE creates a hazard for cached query plans:
      they could contain vars that claim a column has a different type than it
      now has.  Not only can one trivially crash the backend, but with
      appropriate misuse of pass-by-reference datatypes it is possible to read
      out arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/tablecmds.c.diff?r1=1.174.2.3;r2=1.174.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.183.2.4;r2=1.183.2.5
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execScan.c.diff?r1=1.37.2.1;r2=1.37.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.126.2.3;r2=1.126.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeAgg.c.diff?r1=1.135.2.1;r2=1.135.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeGroup.c.diff?r1=1.62;r2=1.62.2.1
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeHashjoin.c.diff?r1=1.75.2.3;r2=1.75.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeMergejoin.c.diff?r1=1.75.2.2;r2=1.75.2.3
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeNestloop.c.diff?r1=1.39.2.1;r2=1.39.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeResult.c.diff?r1=1.32.2.1;r2=1.32.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubplan.c.diff?r1=1.70.2.1;r2=1.70.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/executor/executor.h.diff?r1=1.120.2.2;r2=1.120.2.3
    - CVE-2007-0556
  * Add debian/patches/00upstream-max-utf8-wchar-len.patch:
    - Update various string functions to support the maximum UTF-8 sequence
      length for 4-byte character set to prevent buffer overflows.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.47.2.4;r2=1.47.2.5

 -- Martin Pitt <email address hidden>   Mon,  5 Feb 2007 08:55:40 +0100
Superseded in dapper-security on 2007-02-06
postgresql-8.1 (8.1.4-0ubuntu1.2) dapper-security; urgency=low

  * SECURITY UPDATE: Read out arbitrary memory locations from the server,
    local DoS.
  * Add debian/patches/00upstream-sql-fun-typecheck.patch:
    - Repair insufficiently careful type checking for SQL-language functions.
      Not only can one trivially crash the backend, but with appropriate
      misuse of pass-by-reference datatypes it is possible to read out
      arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.98.2.2;r2=1.98.2.3
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.201.2.1;r2=1.201.2.2
    - CVE-2007-0555
  * Add debian/patches/00upstream-table-plan-consistency.patch:
    - Check that a table is still compatible with a previously made query
      plan. Use of ALTER COLUMN TYPE creates a hazard for cached query plans:
      they could contain vars that claim a column has a different type than it
      now has.  Not only can one trivially crash the backend, but with
      appropriate misuse of pass-by-reference datatypes it is possible to read
      out arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/tablecmds.c.diff?r1=1.174.2.3;r2=1.174.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.183.2.4;r2=1.183.2.5
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execScan.c.diff?r1=1.37.2.1;r2=1.37.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.126.2.3;r2=1.126.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeAgg.c.diff?r1=1.135.2.1;r2=1.135.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeGroup.c.diff?r1=1.62;r2=1.62.2.1
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeHashjoin.c.diff?r1=1.75.2.3;r2=1.75.2.4
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeMergejoin.c.diff?r1=1.75.2.2;r2=1.75.2.3
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeNestloop.c.diff?r1=1.39.2.1;r2=1.39.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeResult.c.diff?r1=1.32.2.1;r2=1.32.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubplan.c.diff?r1=1.70.2.1;r2=1.70.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/executor/executor.h.diff?r1=1.120.2.2;r2=1.120.2.3
    - CVE-2007-0556
  * Add debian/patches/00upstream-max-utf8-wchar-len.patch:
    - Update various string functions to support the maximum UTF-8 sequence
      length for 4-byte character set to prevent buffer overflows.
    - Patch backported from 8.1.7 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.47.2.4;r2=1.47.2.5

 -- Martin Pitt <email address hidden>   Mon,  5 Feb 2007 09:31:44 +0100
Superseded in feisty-release on 2007-02-07
Superseded in feisty-release on 2007-02-05
postgresql-8.1 (8.1.6-1ubuntu1) feisty; urgency=low

  * debian/control: Do not build the client-side libraries, they are built
    from postgresql-8.2 now.

Superseded in feisty-release on 2007-01-16
postgresql-8.1 (8.1.5-2build1) feisty; urgency=low

  * Rebuild for python2.5 as the default python version.

 -- Matthias Klose <email address hidden>   Sun, 14 Jan 2007 16:26:24 +0000
Superseded in feisty-release on 2007-01-14
postgresql-8.1 (8.1.5-2) unstable; urgency=medium

  * Urgency medium because only trivial changes.
  * Add watch file.
  * debian/control: Fix spelling of 'Tcl'. Closes: #401191

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  12 Dec 2006 11:03:44 +0000
Superseded in feisty-release on 2006-12-12
postgresql-8.1 (8.1.5-1) unstable; urgency=low

  * New upstream bugfix release:
    - Disallow aggregate functions in "UPDATE" commands, except within
      sub-SELECTs. The behavior of such an aggregate was unpredictable, and in
      8.1.X could cause a crash, so it has been disabled. The SQL standard
      does not allow this either.
    - Fix core dump when an untyped literal is taken as ANYARRAY.
    - Fix core dump in duration logging for extended query protocol when
      a "COMMIT" or "ROLLBACK" is executed.
    - Fix mishandling of AFTER triggers when query contains a SQL
      function returning multiple rows.
    - Fix "ALTER TABLE ... TYPE" to recheck NOT NULL for USING clause.
    - Fix string_to_array() to handle overlapping matches for the
      separator string. For example, string_to_array('123xx456xxx789', 'xx').
    - Fix to_timestamp() for AM/PM formats.
    - Fix autovacuum's calculation that decides whether "ANALYZE" is
      needed (Alvaro).
    - Fix corner cases in pattern matching for psql's \d commands.
    - Fix index-corrupting bugs in /contrib/ltree.
    - Numerous robustness fixes in ecpg.
    - Fix backslash escaping in /contrib/dbmirror.
    - Minor fixes in /contrib/dblink and /contrib/tsearch2.
    - Efficiency improvements in hash tables and bitmap index scans.
  * Remove debian/patches/54-contrib-dbmirror-quoteparsing.patch: Applied
    upstream.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  07 Nov 2006 03:24:53 +0000
Superseded in edgy-security on 2007-02-05
postgresql-8.1 (8.1.4-7ubuntu0.1) edgy-security; urgency=low

  * SECURITY UPDATE: Local DoS.
  * Add debian/patches/00upstream-disable-update-aggregates.patch:
    - Disallow aggregate functions in UPDATE commands (unless within a
      sub-SELECT). It is disallowed by the SQL spec and causes crashes.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/analyze.c.diff?r1=1.326.2.1&r2=1.326.2.2
    - CVE-2006-5540
  * Add debian/patches/00upstream-duration-logging-crash.patch:
    - Fix crash in duration logging for a V3-protocol Execute message
      when what's being executed is a COMMIT or ROLLBACK.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/tcop/postgres.c.diff?r1=1.468.2.5&r2=1.468.2.6
    - CVE-2006-5542
  * Add debian/patches/00upstream-unknown-array-coerce.patch:
    - Repair incorrect check for coercion of unknown literal to ANYARRAY,
      which could cause a backend crash.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/parse_coerce.c.diff?r1=2.132.2.3&r2=2.132.2.4
    - CVE-2006-5541

 -- Martin Pitt <email address hidden>   Mon, 23 Oct 2006 18:21:40 +0200
Superseded in dapper-security on 2007-02-05
postgresql-8.1 (8.1.4-0ubuntu1.1) dapper-security; urgency=low

  * SECURITY UPDATE: Local DoS.
  * Add debian/patches/00upstream-disable-update-aggregates.patch:
    - Disallow aggregate functions in UPDATE commands (unless within a
      sub-SELECT). It is disallowed by the SQL spec and causes crashes.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/analyze.c.diff?r1=1.326.2.1&r2=1.326.2.2
  * Add debian/patches/00upstream-duration-logging-crash.patch:
    - Fix crash in duration logging for a V3-protocol Execute message
      when what's being executed is a COMMIT or ROLLBACK.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/tcop/postgres.c.diff?r1=1.468.2.5&r2=1.468.2.6
  * Add debian/patches/00upstream-unknown-array-coerce.patch:
    - Repair incorrect check for coercion of unknown literal to ANYARRAY,
      which could cause a backend crash.
    - Patch backported from 8.1.5:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/parse_coerce.c.diff?r1=2.132.2.3&r2=2.132.2.4

 -- Martin Pitt <email address hidden>   Mon, 23 Oct 2006 18:21:40 +0200
Superseded in feisty-release on 2006-11-08
Obsolete in edgy-release on 2008-06-19
postgresql-8.1 (8.1.4-7) unstable; urgency=low

  * debian/control: Update libpq4 package description, point out that it is
    only compatible for servers up to 8.1 (8.2 got a new libpq soname).
  * Add debian/patches/08-unnecessary-libs.patch: Remove all unnecessary -lfoo
    library references from Makefiles to clean up unnecessary library
    dependencies. Thanks to Christian Aichinger for his neat checklib system!

 -- Martin Pitt <email address hidden>   Tue,  03 Oct 2006 10:58:05 +0100
Superseded in edgy-release on 2006-10-03
postgresql-8.1 (8.1.4-6) unstable; urgency=low

  * debian/control: Drop heimdal-dev suggestion of libpq-dev. Closes: #379848
  * debian/libpq-dev.install: Ship pg_wchar.h. Closes: #380047
  * Transition for private python extension in p-plpython-8.1:
    - debian/control:
      + Bump cdbs/debhelper build dependency versions.
      + Add {XS,XB}-Python-Version attributes.
    - debian/compat: Use compat level 5.
    - Add debian/pycompat: Use compat level 2.
    - debian/rules: Call dh_pycentral and dh_python for p-plpython-8.1.
    - Closes: #380898
  * debian/control: Change the order of records so that the libraries come
    first. With that, postgresql-client-8.1 and friends pick up the correct
    shlibs. Closes: #381211

 -- Martin Pitt <email address hidden>   Fri,  11 Aug 2006 15:29:01 +0100
Superseded in edgy-release on 2006-08-11
postgresql-8.1 (8.1.4-5) unstable; urgency=low

  * debian/rules: Install init script at priority 19, since Apache and web
    applications usually reside on priority 20, but often require a running
    database. This follows a recent change in the MySQL package, thanks to
    Christian Hammers for pointing this out. Closes: #379276
  * Add debian/patches/12-pg_restore-ignore-failing-tables.patch:
    - pg_restore: Add option -X no-data-for-failed-tables to ignore TABLE DATA
      objects if the corresponding TABLE could not be created. Necessary for
      fixing #351571.

 -- Martin Pitt <email address hidden>   Tue,  08 Aug 2006 07:31:07 +0100
Superseded in edgy-release on 2006-08-08
postgresql-8.1 (8.1.4-4) unstable; urgency=low

  * debian/rules: Use -fPIC instead of -fpic to avoid FTBFS on sparc and m68k
    (and maybe avoid the ICE on arm).
  * debian/postgresql-8.1.init: Add LSB magic comment header (provide both
    postgresql-8.1 and a generic postgresql service). Closes: #377882

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  12 Jul 2006 23:39:30 +0100
Superseded in edgy-release on 2006-07-12
postgresql-8.1 (8.1.4-3) unstable; urgency=low

  * debian/control: Add missing comerr-dev and libkrb5-dev dependencies to
    libpq-dev. Closes: #371158
  * Add debian/patches/54-contrib-dbmirror-quoteparsing.patch: Fix parsing of
    quotes escaped as '' in PendingData table. Closes: #375743
  * Add debian/patches/55-contrib-admin.patch:
    - Add the 'admin81' contrib module and build it. This provides
      instrumentation functions for use with PgAdmin 3 and similar.
    - http://www.postgresql.org/ftp/pgadmin3/release/v1.4.2/adminpacks/
    - Closes: #354731
  * debian/rules: Build with -fpic everywhere to improve the proactive
    security effectivity of address space layout randomization. This has no
    measurable performance impact on at least i386, amd64, and powerpc.  

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  11 Jul 2006 15:28:56 +0100
Superseded in edgy-release on 2006-07-11
postgresql-8.1 (8.1.4-2) unstable; urgency=medium

  * Add debian/libpq4.shlibs and bump it to >= 8.1.4, to respect the
    introduction of PQescapeStringConn() and PQescapeByteaConn().
  * debian/postgresql-8.1.postrm, clean_dir(): Do not use rmdir's
    --ignore-fail-on-nonempty, since that still falls apart when the
    directory is a mountpoint. Just ignore errors.

Superseded in dapper-security on 2006-10-24
postgresql-8.1 (8.1.4-0ubuntu1) dapper-security; urgency=medium

  * SECURITY UPDATE: Remote arbitrary SQL injection.
  * This is based on Debian's 8.1.4-1 plus the shlibs fix from bzr head.
  * New upstream security and bug fix release:
    - The server now rejects invalidly-encoded multibyte characters in all
      cases to defend against SQL-injection attacks. [CVE-2006-2313]
    - Reject unsafe uses of \' in string literals (for client encodings that
      allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A
      new configuration parameter backslash_quote is available to adjust this
      behavior when needed. [CVE-2006-2314]
    - Modify libpq's string-escaping routines to be aware of encoding
      considerations and standard_conforming_strings
      This fixes libpq-using applications for the security issues
      described in CVE-2006-2313 and CVE-2006-2314, and also
      future-proofs them against the planned changeover to SQL-standard
      string literal syntax. Applications that use multiple PostgreSQL
      connections concurrently should migrate to PQescapeStringConn() and
      PQescapeByteaConn() to ensure that escaping is done correctly for
      the settings in use in each database connection. Applications that
      do string escaping "by hand" should be modified to rely on library
      routines instead.
    - Various bug fixes, see upstream changelog for details.
  * Remove debian/patches/12-krb5-multiusers.patch: Fixed upstream.
  * debian/postgresql-8.1.init: Add a comment to point out that environment
    variables need to be set in the 'environment' file, not in the init
    script.
  * debian/postgresql-8.1.init, debian/postgresql-8.1.postinst: Do not fail if
    init.d-functions/maintscripts-functions are not present, which happens if
    postgresql-{8.1,common} are removed, but not purged. Closes: #362488
  * Bump Standards-Version to 3.7.2.
  * Add debian/libpq4.shlibs and bump it to >= 8.1.4, to respect the
    introduction of PQescapeStringConn() and PQescapeByteaConn().
  * debian/postgresql-8.1.postrm, clean_dir(): Do not use rmdir's
    --ignore-fail-on-nonempty, since that still falls apart when the
    directory is a mountpoint. Just ignore errors.

 -- Martin Pitt <email address hidden>   Thu,  1 Jun 2006 22:38:19 +0200
Superseded in edgy-release on 2006-06-15
Obsolete in dapper-release on 2011-09-06
postgresql-8.1 (8.1.3-4) unstable; urgency=low

  * debian/rules:
    - Put --as-needed into LDFLAGS instead of CFLAGS to avoid warnings when
      building extension modules. Closes: #360759
    - Fix a bashism.
  * debian/control: Suggest oidentd | ident-server (oidentd prefered since it
    works with IPv6). Closes: #359193
  * libecpg-dev: Move manpage to /usr/share/man/man1 where it belongs to.
    Closes: #360817
  * debian/rules: Ship the tutorial's Makefile and ship the SQL *.source files
    (not the generated *.sql files) to get the correct path to the built
    libraries. Closes: #360469
  * Add debian/patches/13-tutorial-README.patch: Remove confusing note about
    make and point out that p-server-dev-8.1 is required for building the
    tutorial.
  * debian/postgresql-contrib-8.1.install, 50-contrib-oracle-enable.patch:
    Move Ora2Pg.pm to /usr/share/postgresql/8.1 and adapt the library search
    path in ora2pg.pl accordingly. Closes: #360818

 -- Martin Pitt <email address hidden>   Wed,  12 Apr 2006 10:15:47 +0100
Superseded in dapper-release on 2006-04-12
postgresql-8.1 (8.1.3-3) unstable; urgency=low

  * debian/postgresql-8.1.init: Use shell 'sh -e' instead of bash.
  * debian/postgresql-contrib-8.1.install: Ship ora2pg.pl and Ora2Pg.pm.
  * debian/control: Updated contrib package description. Closes: #355172
  * debian/rules: Don't special-case HPPA for --enable-thread-safety-force;
    the current kernel seems to cope with threads quite well, so that the
    configure check does not hang any more. Closes: #315440
  * debian/control: Build server packages on mips and mipsel again, even if
    they do not work. No need to block testing migration forever (the
    ftp-masters seem reluctant to remove the mips binaries, see #344487), and
    the bug is in binutils, not PostgreSQL itself (see #357603).

 -- Martin Pitt <email address hidden>   Sat,  1 Apr 2006 22:13:03 +0200
Superseded in dapper-release on 2006-04-04
postgresql-8.1 (8.1.3-2build1) dapper; urgency=low

  * Fake sync from Debian.

Superseded in dapper-release on 2006-03-23
postgresql-8.1 (8.1.3-0.1) dapper; urgency=low

  * No Ubuntu version number, since this is the same version as Debian's
    8.1.3-1.
  * New upstream security and bug fix release:
    - Fix bug that allowed any logged-in user to "SET ROLE" to any other
      database user id (CVE-2006-0553).
    - See upstream changelog for detailled changes.
  * Remove debian/patches/80-cvs-pg_restore-COPY.patch: Upstream now.
  * debian/rules: Use --as-needed linker option to avoid excessive
    library dependencies.
  * debian/control: Remove unnecessary dependencies from PL/Python and PL/Tcl
    packages.

 -- Martin Pitt <email address hidden>   Wed, 15 Feb 2006 18:48:42 +0100
Superseded in dapper-release on 2006-02-15
postgresql-8.1 (8.1.2-1.1) dapper; urgency=low

  * Debian bzr head snapshot, thus no ubuntu version number.
  * debian/patches/09-relax-sslkey-permscheck.patch: Do not check for any
    particular group if the SSL key is group readable, to allow sharing a
    common SSL certificate with other server processes. This is required for
    properly handling the snakeoil certificate from ssl-cert.
Obsolete in breezy-backports on 2008-03-25
Superseded in breezy-backports on 2006-02-04
Superseded in breezy-backports on 2006-02-03
postgresql-8.1 (8.1.2-1~breezy1) breezy-backports; urgency=low


  * Automated backport upload; no source changes.

 -- Ubuntu Archive Auto-Backport <email address hidden>  Thu, 19 Jan 2006 17:21:56 +0000
Superseded in dapper-release on 2006-02-04
Superseded in dapper-release on 2006-02-03
postgresql-8.1 (8.1.2-1) unstable; urgency=medium


  * New upstream bugfix release:
    - Fix bug introduced in 8.0 that could allow ReadBuffer to return an
      already-used page as new, potentially causing loss of recently-committed
      data.
    - Fix for protocol-level Describe messages issued outside a
      transaction or in a failed transaction.
    - Fix character string comparison for locales that consider different
      character combinations as equal, such as Hungarian.
      This might require "REINDEX" to fix existing indexes on textual
      columns.
    - Set locale environment variables during postmaster startup to
      ensure that plperl won't change the locale later. This fixes a problem
      that occurred if the postmaster was started
      with environment variables specifying a different locale than what
      initdb had been told. Under these conditions, any use of plperl was
      likely to lead to corrupt indexes. You may need "REINDEX" to fix
      existing indexes on textual columns if this has happened to you.
      (postgresql-common checks and aborts on this condition.)
    - Allow more flexible relocation of installation directories.
      Previous releases supported relocation only if all installation
      directory paths were the same except for the last component.
      This makes the test suite work with Debian's directory structure, so
      that the horology test can find the timezones again and pass.
    - Prevent crashes caused by the use of ISO-8859-5 and ISO-8859-9
      encodings.
    - Fix longstanding bug in strpos() and regular expression handling in
      certain rarely used Asian multi-byte character sets.
    - Fix bug where COPY CSV mode considered any \. to terminate the copy
      data. The new code requires \. to appear alone on a line, as per
      documentation.
    - Make COPY CSV mode quote a literal data value of \. to ensure it
      cannot be interpreted as the end-of-data marker.
    - Various fixes for functions returning RECORDs.
    - Fix processing of "postgresql.conf" so a final line with no newline
      is processed properly.
    - Fix bug in "/contrib/pgcrypto" gen_salt, which caused it not to use
      all available salt space for MD5 and XDES algorithms.  Salts for
      Blowfish and standard DES are unaffected.
    - Fix autovacuum crash when processing expression indexes.
    - Fix "/contrib/dblink" to throw an error, rather than crashing, when
      the number of columns specified is different from what's actually
      returned by the query.
  * Remove debian/patches/12-readline-prompt-ignore.patch: Adopted upstream.
  * Bump postgresql-common dependencies to >= 39. This will ensure more
    robust upgrades and other bug fixes.

 -- Martin Pitt <email address hidden>  Mon,  9 Jan 2006 18:34:31 +0100
Superseded in dapper-release on 2006-01-31
postgresql-8.1 (8.1.1-2.1) dapper; urgency=low


  * Current bzr head snapshot to properly support backport to breezy. No
    '-ubuntu1' since it should be overridden on next autosync.
  * Add debian/patches/80-cvs-fix-make_relative_path.patch:
    - Fix make_relative_path to make less assumptions about path prefixes.
      This makes the test suite work with Debian's directory structure, so
      that the horology test can find the timezones again and pass.
    - Patch taken from upstream CVS.
  * Bump postgresql-common dependencies to >= 39. This will ensure more
    robust upgrades and other bug fixes.

 -- Martin Pitt <email address hidden>  Sat,  7 Jan 2006 13:13:12 +0100
Superseded in dapper-release on 2006-01-31
postgresql-8.1 (8.1.1-2) unstable; urgency=low


  * Do not build postgresql-8.1, p-contrib-8.1, and the PL/ packages on mips
    and mipsel, since the postmaster just SIGBUSes on these architectures and
    nobody seems to be able to fix that.
  * Add debian/patches/12-readline-prompt-ignore.patch: Do not prepend a
    '\001' before the 'prompt ignore begin/end' readline commands; this is a
    bash quirk, not a readline feature. Thanks to Aaron Schrab. 
    Closes: #343616

 -- Martin Pitt <email address hidden>  Thu, 22 Dec 2005 19:13:21 +0100
Superseded in dapper-release on 2006-01-31
postgresql-8.1 (8.1.1-1) unstable; urgency=low


  * New upstream bug fix release.
  * Remove debian/patches/80_cvs_crash_deform_tuple.patch, upstream now.
  * debian/postgresql-8.1.postrm: Also clean start.conf if purging without
    pg_dropcluster.
  * debian/postgresql-8.1.postrm: Check if a /etc/postgresql/8.1 subdirectory
    is really a cluster directory before trying to remove it. Closes: #339810
  * Ship upstream changelog.

 -- Martin Pitt <email address hidden>  Mon, 12 Dec 2005 17:27:57 +0100
157 of 57 results