Format: 1.7 Date: Sat, 05 Jan 2008 19:39:17 +0100 Source: postgresql-8.1 Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg5 libecpg-compat2 libecpg-dev postgresql-client-8.1 postgresql-contrib-8.1 postgresql-server-dev-8.1 Architecture: i386_translations i386 all Version: 8.1.11-0ubuntu0.6.10 Distribution: autobuild Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Martin Pitt Description: libecpg-compat2 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg5 - run-time library for ECPG programs libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1 libpq-dev - header files for libpq4 (PostgreSQL library) libpq4 - PostgreSQL C client library postgresql-8.1 - object-relational SQL database, version 8.1 server postgresql-client-8.1 - front-end programs for PostgreSQL 8.1 postgresql-contrib-8.1 - additional facilities for PostgreSQL postgresql-doc-8.1 - documentation for the PostgreSQL database management system postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1 postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1 postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1 postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming Changes: postgresql-8.1 (8.1.11-0ubuntu0.6.10) edgy-proposed; urgency=low . * New upstream security/bugfix release: - Prevent functions in indexes from executing with the privileges of the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden within a SECURITY DEFINER context. [CVE-2007-6600] - Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067] - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. The fix that appeared for this in 8.2.5 was incomplete, as it plugged the hole for only some "dblink" functions. [CVE-2007-6601, CVE-2007-3278] - Fix planner failure in some cases of WHERE false AND var IN (SELECT ...). - Preserve the tablespace and storage parameters of indexes that are rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE". - Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used. This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition. - Make "VACUUM" not use all of maintenance_work_mem when the table is too small for it to be useful. - Fix potential crash in translate() when using a multibyte database encoding. - Fix overflow in extract(epoch from interval) for intervals exceeding 68 years. - Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function. - Fix PL/Python to not crash on long exception messages. - Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's. - Fix libpq crash when PGPASSFILE refers to a file that is not a plain file. - ecpg parser fixes. - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a category in its own right, rather than crashing. - Fix tsvector and tsquery output routines to escape backslashes correctly. - Fix crash of to_tsvector() on huge input strings. * Use the timezone database from the system tzdata instead of shipping our own. - debian/patches/04-timezone-symlinks.patch: Drop previous hardlink-to-symlink patch to zic, since that is irrelevant now. Replace the patch with a Makefile change that just symlinks /usr/share/zoneinfo to where postgresql previously installed its own tzdata copy. - debian/control: Add tzdata dependency. - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the files in the dereferenced directory. - debian/postgresql-8.1.postinst: Replace the timezone directory with the symlink on upgrades, since dpkg does not do that automatically. Without this, we'd end up with an empty timezone directory. Files: 0b09dd6a86585ed704ec36cacf93262a 1476844 doc optional postgresql-doc-8.1_8.1.11-0ubuntu0.6.10_all.deb 1eaf893518ee6168b480661b97724893 320976 libdevel optional libpq-dev_8.1.11-0ubuntu0.6.10_i386.deb e1716618f56076924de122e21785b7ec 217516 libs optional libpq4_8.1.11-0ubuntu0.6.10_i386.deb 79916520bcfcd38cf64a7d5c43c5beeb 187384 libs optional libecpg5_8.1.11-0ubuntu0.6.10_i386.deb bf9ba0ce00b291e1c7de221302134598 356690 libdevel optional libecpg-dev_8.1.11-0ubuntu0.6.10_i386.deb 670700dd54259213bbf0cd897a30c99e 166922 libs optional libecpg-compat2_8.1.11-0ubuntu0.6.10_i386.deb 8c9bc1680b0a407624457ea3aba23f2e 189420 libs optional libpgtypes2_8.1.11-0ubuntu0.6.10_i386.deb af70299d09b9756afef963de1a351c93 3093368 misc optional postgresql-8.1_8.1.11-0ubuntu0.6.10_i386.deb b1b9642c5c8a30713764af7bf1db954a 778104 misc optional postgresql-client-8.1_8.1.11-0ubuntu0.6.10_i386.deb c41e9400c2f4a088164608c902832ac6 613168 libdevel optional postgresql-server-dev-8.1_8.1.11-0ubuntu0.6.10_i386.deb c28229bc840db2a6782bd555eeb83a55 604108 misc optional postgresql-contrib-8.1_8.1.11-0ubuntu0.6.10_i386.deb cf34e49980a4d81cd395829ab0eac13a 183172 misc optional postgresql-plperl-8.1_8.1.11-0ubuntu0.6.10_i386.deb 5e476587e928aff7d5a3f5a453284e91 176358 misc optional postgresql-plpython-8.1_8.1.11-0ubuntu0.6.10_i386.deb f719489103c8a274e74cbd46b858b5d2 177670 misc optional postgresql-pltcl-8.1_8.1.11-0ubuntu0.6.10_i386.deb 88916568a288f72d4c6a31394a3b939c 4117626 raw-translations - postgresql-8.1_8.1.11-0ubuntu0.6.10_i386_translations.tar.gz