Change log for postgresql-8.3 package in Ubuntu

162 of 62 results
Obsolete in hardy-updates on 2015-04-24
Obsolete in hardy-security on 2015-04-24
postgresql-8.3 (8.3.23-0ubuntu8.04.1) hardy-security; urgency=low

  * Add 15-ssl-init-state.patch: Reset OpenSSL randomness state in each
    postmaster child process. This avoids a scenario wherein random numbers
    generated by "contrib/pgcrypto" functions might be relatively easy for
    another database user to guess.  The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't use SSL
    encryption. Patch backported from 8.4.17. [CVE-2013-1900] (LP: #1163184)
 -- Martin Pitt <email address hidden>   Tue, 02 Apr 2013 12:59:28 +0200
Superseded in hardy-updates on 2013-04-04
Superseded in hardy-security on 2013-04-04
postgresql-8.3 (8.3.23-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server.  In principle an attacker might be able to use it to examine the
      contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for details about other changes.
  * 03-gettext-domains.patch: Unfuzz for new version.
 -- Martin Pitt <email address hidden>   Wed, 06 Feb 2013 09:02:48 +0100
Superseded in hardy-updates on 2013-02-14
Deleted in hardy-proposed on 2013-02-16 (Reason: moved to -updates)
postgresql-8.3 (8.3.22-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #1088393)
    - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
      Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
      changing the state of an index's pg_index row. This prevents race
      conditions that could cause concurrent sessions to miss updating
      the target index, thus resulting in corrupt concurrently-created
      indexes.
      Also, fix various other operations to ensure that they ignore
      invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
      command. The most important of these is "VACUUM", because an
      auto-vacuum could easily be launched on the table before corrective
      action can be taken to fix or remove the invalid index.
    - See HISTORY/changelog.gz for details about the other bug fixes.
 -- Martin Pitt <email address hidden>   Mon, 10 Dec 2012 16:16:57 +0100
Superseded in hardy-updates on 2012-12-19
Deleted in hardy-proposed on 2012-12-20 (Reason: moved to -updates)
postgresql-8.3 (8.3.21-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #1055944)
    - Improve page-splitting decisions in GiST indexes.
      Multi-column GiST indexes might suffer unexpected bloat due to this
      error.
    - Fix cascading privilege revoke to stop if privileges are still held.
      If we revoke a grant option from some role "X", but "X" still holds
      that option via a grant from someone else, we should not
      recursively revoke the corresponding privilege from role(s) "Y"
      that "X" had granted it to.
    - Fix handling of SIGFPE when PL/Perl is in use.
      Perl resets the process's SIGFPE handler to SIG_IGN, which could
      result in crashes later on. Restore the normal Postgres signal
      handler after initializing PL/Perl.
    - Prevent PL/Perl from crashing if a recursive PL/Perl function is
      redefined while being executed.
    - Work around possible misoptimization in PL/Perl.
      Some Linux distributions contain an incorrect version of
      "pthread.h" that results in incorrect compiled code in PL/Perl,
      leading to crashes if a PL/Perl function calls another one that
      throws an error.
 -- Martin Pitt <email address hidden>   Tue, 25 Sep 2012 07:45:57 +0200
Superseded in hardy-updates on 2012-10-01
Superseded in hardy-security on 2013-02-12
postgresql-8.3 (8.3.20-0ubuntu8.04) hardy-security; urgency=low

  * New upstream bug fix/security release:
   - Prevent access to external files/URLs via XML entity references
     (Noah Misch, Tom Lane)
     xml_parse() would attempt to fetch external files or URLs as needed
     to resolve DTD and entity references in an XML value, thus allowing
     unprivileged database users to attempt to fetch data with the
     privileges of the database server. While the external data wouldn't
     get returned directly to the user, portions of it could be exposed
     in error messages if the data didn't parse as valid XML; and in any
     case the mere ability to check existence of a file might be useful
     to an attacker. (CVE-2012-3489)
   - Prevent access to external files/URLs via "contrib/xml2"'s
     xslt_process() (Peter Eisentraut)
     libxslt offers the ability to read and write both files and URLs
     through stylesheet commands, thus allowing unprivileged database
     users to both read and write data with the privileges of the
     database server. Disable that through proper use of libxslt's
     security options. (CVE-2012-3488)
     Also, remove xslt_process()'s ability to fetch documents and
     stylesheets from external files/URLs. While this was a documented
     "feature", it was long regarded as a bad idea. The fix for
     CVE-2012-3489 broke that capability, and rather than expend effort
     on trying to fix it, we're just going to summarily remove it.
   - Prevent too-early recycling of btree index pages (Noah Misch)
     When we allowed read-only transactions to skip assigning XIDs, we
     introduced the possibility that a deleted btree page could be
     recycled while a read-only transaction was still in flight to it.
     This would result in incorrect index search results. The
     probability of such an error occurring in the field seems very low
     because of the timing requirements, but nonetheless it should be
     fixed.
   - Fix crash-safety bug with newly-created-or-reset sequences (Tom
     Lane)
     If "ALTER SEQUENCE" was executed on a freshly created or reset
     sequence, and then precisely one nextval() call was made on it, and
     then the server crashed, WAL replay would restore the sequence to a
     state in which it appeared that no nextval() had been done, thus
     allowing the first sequence value to be returned again by the next
     nextval() call. In particular this could manifest for serial
     columns, since creation of a serial column's sequence includes an
     "ALTER SEQUENCE OWNED BY" step.
   - Ensure the "backup_label" file is fsync'd after pg_start_backup()
     (Dave Kerr)
   - Back-patch 9.1 improvement to compress the fsync request queue
     (Robert Haas)
     This improves performance during checkpoints. The 9.1 change has
     now seen enough field testing to seem safe to back-patch.
   - Only allow autovacuum to be auto-canceled by a directly blocked
     process (Tom Lane)
     The original coding could allow inconsistent behavior in some
     cases; in particular, an autovacuum could get canceled after less
     than deadlock_timeout grace period.
   - Improve logging of autovacuum cancels (Robert Haas)
   - Fix log collector so that log_truncate_on_rotation works during the
     very first log rotation after server start (Tom Lane)
   - Ensure that a whole-row reference to a subquery doesn't include any
     extra GROUP BY or ORDER BY columns (Tom Lane)
   - Disallow copying whole-row references in CHECK constraints and
     index definitions during "CREATE TABLE" (Tom Lane)
     This situation can arise in "CREATE TABLE" with LIKE or INHERITS.
     The copied whole-row variable was incorrectly labeled with the row
     type of the original table not the new one. Rejecting the case
     seems reasonable for LIKE, since the row types might well diverge
     later. For INHERITS we should ideally allow it, with an implicit
     coercion to the parent table's row type; but that will require more
     work than seems safe to back-patch.
   - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki
     Linnakangas, Tom Lane)
   - Fix extraction of common prefixes from regular expressions (Tom
     Lane)
     The code could get confused by quantified parenthesized
     subexpressions, such as ^(foo)?bar. This would lead to incorrect
     index optimization of searches for such patterns.
   - Report errors properly in "contrib/xml2"'s xslt_process() (Tom
     Lane)
   - Update time zone data files to tzdata release 2012e for DST law
     changes in Morocco and Tokelau
 -- Jamie Strandboge <email address hidden>   Thu, 16 Aug 2012 17:23:29 -0500
Superseded in hardy-updates on 2012-08-20
Superseded in hardy-security on 2012-08-20
postgresql-8.3 (8.3.19-0ubuntu8.04) hardy-security; urgency=low

  * New upstream bug fix/security release: (LP: #1008317):
    - Fix incorrect password transformation in "contrib/pgcrypto"'s DES
      crypt() function.
      If a password string contained the byte value 0x80, the remainder
      of the password was ignored, causing the password to be much weaker
      than it appeared. With this fix, the rest of the string is properly
      included in the DES hash. Any stored password values that are
      affected by this bug will thus no longer match, so the stored
      values may need to be updated. (CVE-2012-2143)
    - Ignore SECURITY DEFINER and SET attributes for a procedural
      language's call handler.
      Applying such attributes to a call handler could crash the server.
      (CVE-2012-2655)
    - Allow numeric timezone offsets in timestamp input to be up to 16
      hours away from UTC.
      Some historical time zones have offsets larger than 15 hours, the
      previous limit. This could result in dumped data values being
      rejected during reload.
    - Fix timestamp conversion to cope when the given time is exactly the
      last DST transition time for the current timezone.
      This oversight has been there a long time, but was not noticed
      previously because most DST-using zones are presumed to have an
      indefinite sequence of future DST transitions.
    - Fix text to name and char to name casts to perform string
      truncation correctly in multibyte encodings.
    - Fix memory copying bug in to_tsquery().
    - Fix slow session startup when pg_attribute is very large.
      If pg_attribute exceeds one-fourth of shared_buffers, cache
      rebuilding code that is sometimes needed during session start would
      trigger the synchronized-scan logic, causing it to take many times
      longer than normal. The problem was particularly acute if many new
      sessions were starting at once.
    - Ensure sequential scans check for query cancel reasonably often.
      A scan encountering many consecutive pages that contain no live
      tuples would not respond to interrupts meanwhile.
    - Ensure the Windows implementation of PGSemaphoreLock() clears
      ImmediateInterruptOK before returning.
      This oversight meant that a query-cancel interrupt received later
      in the same query could be accepted at an unsafe time, with
      unpredictable but not good consequences.
    - Show whole-row variables safely when printing views or rules.
      Corner cases involving ambiguous names (that is, the name could be
      either a table or column name of the query) were printed in an
      ambiguous way, risking that the view or rule would be interpreted
      differently after dump and reload. Avoid the ambiguous case by
      attaching a no-op cast.
    - Ensure autovacuum worker processes perform stack depth checking
      properly.
      Previously, infinite recursion in a function invoked by
      auto-"ANALYZE" could crash worker processes.
    - Fix logging collector to not lose log coherency under high load.
      The collector previously could fail to reassemble large messages if
      it got too busy.
    - Fix logging collector to ensure it will restart file rotation after
      receiving SIGHUP.
    - Fix PL/pgSQL's "GET DIAGNOSTICS" command when the target is the
      function's first variable.
    - Fix several performance problems in pg_dump when the database
      contains many objects.
      pg_dump could get very slow if the database contained many schemas,
      or if many objects are in dependency loops, or if there are many
      owned sequences.
    - Fix "contrib/dblink"'s dblink_exec() to not leak temporary database
      connections upon error.
 -- Martin Pitt <email address hidden>   Mon, 04 Jun 2012 09:09:05 +0200
Superseded in hardy-updates on 2012-06-05
Superseded in hardy-security on 2012-06-05
postgresql-8.3 (8.3.18-0ubuntu0.8.04) hardy-security; urgency=low

  * New upstream bug fix/security release: (LP: #941912):
    - Require execute permission on the trigger function for "CREATE
      TRIGGER".
      This missing check could allow another user to execute a trigger
      function with forged input data, by installing it on a table he
      owns. This is only of significance for trigger functions marked
      SECURITY DEFINER, since otherwise trigger functions run as the
      table owner anyway. (CVE-2012-0866)
    - Convert newlines to spaces in names written in pg_dump comments.
      pg_dump was incautious about sanitizing object names that are
      emitted within SQL comments in its output script. A name containing
      a newline would at least render the script syntactically incorrect.
      Maliciously crafted object names could present a SQL injection risk
      when the script is reloaded. (CVE-2012-0868)
    - Fix btree index corruption from insertions concurrent with
      vacuuming.
      An index page split caused by an insertion could sometimes cause a
      concurrently-running "VACUUM" to miss removing index entries that
      it should remove. After the corresponding table rows are removed,
      the dangling index entries would cause errors (such as "could not
      read block N in file ...") or worse, silently wrong query results
      after unrelated rows are re-inserted at the now-free table
      locations. This bug has been present since release 8.2, but occurs
      so infrequently that it was not diagnosed until now. If you have
      reason to suspect that it has happened in your database, reindexing
      the affected index will fix things.
    - Allow non-existent values for some settings in "ALTER USER/DATABASE
      SET".
      Allow default_text_search_config, default_tablespace, and
      temp_tablespaces to be set to names that are not known. This is
      because they might be known in another database where the setting
      is intended to be used, or for the tablespace cases because the
      tablespace might not be created yet. The same issue was previously
      recognized for search_path, and these settings now act like that
      one.
    - Track the OID counter correctly during WAL replay, even when it
      wraps around.
      Previously the OID counter would remain stuck at a high value until
      the system exited replay mode. The practical consequences of that
      are usually nil, but there are scenarios wherein a standby server
      that's been promoted to master might take a long time to advance
      the OID counter to a reasonable value once values are needed.
    - Fix regular expression back-references with - attached.
      Rather than enforcing an exact string match, the code would
      effectively accept any string that satisfies the pattern
      sub-expression referenced by the back-reference symbol.
      A similar problem still afflicts back-references that are embedded
      in a larger quantified expression, rather than being the immediate
      subject of the quantifier. This will be addressed in a future
      PostgreSQL release.
    - Fix recently-introduced memory leak in processing of inet/cidr
      values.
    - Fix I/O-conversion-related memory leaks in plpgsql.
    - Improve pg_dump's handling of inherited table columns.
      pg_dump mishandled situations where a child column has a different
      default expression than its parent column. If the default is
      textually identical to the parent's default, but not actually the
      same (for instance, because of schema search path differences) it
      would not be recognized as different, so that after dump and
      restore the child would be allowed to inherit the parent's default.
      Child columns that are NOT NULL where their parent is not could
      also be restored subtly incorrectly.
    - Fix pg_restore's direct-to-database mode for INSERT-style table
      data.
      Direct-to-database restores from archive files made with
      "--inserts" or "--column-inserts" options fail when using
      pg_restore from a release dated September or December 2011, as a
      result of an oversight in a fix for another problem. The archive
      file itself is not at fault, and text-mode output is okay.
    - Fix error in "contrib/intarray"'s int[] & int[] operator.
      If the smallest integer the two input arrays have in common is 1,
      and there are smaller values in either array, then 1 would be
      incorrectly omitted from the result.
    - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
      decrypt_iv().
      These functions failed to report certain types of invalid-input
      errors, and would instead return random garbage values for
      incorrect input.
    - Fix one-byte buffer overrun in "contrib/test_parser".
      The code would try to read one more byte than it should, which
      would crash in corner cases. Since "contrib/test_parser" is only
      example code, this is not a security issue in itself, but bad
      example code is still bad.
    - Use __sync_lock_test_and_set() for spinlocks on ARM, if available.
      This function replaces our previous use of the SWPB instruction,
      which is deprecated and not available on ARMv6 and later. Reports
      suggest that the old code doesn't fail in an obvious way on recent
      ARM boards, but simply doesn't interlock concurrent accesses,
      leading to bizarre failures in multiprocess operation.
    - Use "-fexcess-precision=standard" option when building with gcc
      versions that accept it.
      This prevents assorted scenarios wherein recent versions of gcc
      will produce creative results.
    - Allow use of threaded Python on FreeBSD.
  * Drop 00git_inet_cidr_unpack.patch, applied upstream.
 -- Martin Pitt <email address hidden>   Mon, 27 Feb 2012 15:23:24 +0100
Superseded in hardy-updates on 2012-02-28
Deleted in hardy-proposed on 2012-02-29 (Reason: moved to -updates)
postgresql-8.3 (8.3.17-0ubuntu0.8.04.1) hardy-proposed; urgency=low

  * Add 00git_inet_cidr_unpack.patch: Revert the behavior of inet/cidr
    functions to not unpack the arguments. This fixes the memory leak when
    sorting inet values. Patch taken from upstream git HEAD. Spotted during
    testing in LP #904631.

Superseded in hardy-proposed on 2012-01-05
postgresql-8.3 (8.3.17-0ubuntu0.8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #904631)
    - Fix bugs in information_schema.referential_constraints view.
      This view was being insufficiently careful about matching the
      foreign-key constraint to the depended-on primary or unique key
      constraint. That could result in failure to show a foreign key
      constraint at all, or showing it multiple times, or claiming that
      it depends on a different constraint than the one it really does.
      Since the view definition is installed by initdb, merely upgrading
      will not fix the problem. If you need to fix this in an existing
      installation, you can (as a superuser) drop the information_schema
      schema then re-create it by sourcing
      "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if
      you're uncertain where "SHAREDIR" is.) This must be repeated in
      each database to be fixed.
    - Fix TOAST-related data corruption during CREATE TABLE dest AS
      SELECT - FROM src or INSERT INTO dest SELECT * FROM src.
      If a table has been modified by "ALTER TABLE ADD COLUMN", attempts
      to copy its data verbatim to another table could produce corrupt
      results in certain corner cases. The problem can only manifest in
      this precise form in 8.4 and later, but we patched earlier versions
      as well in case there are other code paths that could trigger the
      same bug.
    - Fix race condition during toast table access from stale syscache
      entries. The typical symptom was transient errors like "missing chunk
      number 0 for toast value NNNNN in pg_toast_2619", where the cited toast
      table would always belong to a system catalog.
    - Make DatumGetInetP() unpack inet datums that have a 1-byte header,
      and add a new macro, DatumGetInetPP(), that does not.
    - Improve locale support in money type's input and output.
      Aside from not supporting all standard lc_monetary formatting
      options, the input and output functions were inconsistent, meaning
      there were locales in which dumped money values could not be
      re-read.
    - Don't let transform_null_equals affect CASE foo WHEN NULL ...
      constructs.
    - Change foreign-key trigger creation order to better support
      self-referential foreign keys.
    - Avoid floating-point underflow while tracking buffer allocation
      rate.
    - Preserve blank lines within commands in psql's command history.
      The former behavior could cause problems if an empty line was
      removed from within a string literal, for example.
    - Fix pg_dump to dump user-defined casts between auto-generated
      types, such as table rowtypes.
    - Use the preferred version of xsubpp to build PL/Perl, not
      necessarily the operating system's main copy.
    - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn".
    - Honor query cancel interrupts promptly in pgstatindex().
    - Ensure VPATH builds properly install all server header files.
    - Shorten file names reported in verbose error messages.
      Regular builds have always reported just the name of the C file
      containing the error message call, but VPATH builds formerly
      reported an absolute path name.
 -- Martin Pitt <email address hidden>   Sat, 03 Dec 2011 17:33:01 +0100
Superseded in hardy-updates on 2012-01-16
Superseded in hardy-security on 2012-02-28
postgresql-8.3 (8.3.16-0ubuntu0.8.04) hardy-security; urgency=low

  * New upstream bug fix/security release 8.3.16: (LP: #866049)
    - Fix bugs in indexing of in-doubt HOT-updated tuples.
      These bugs could result in index corruption after reindexing a
      system catalog. They are not believed to affect user indexes.
    - Fix multiple bugs in GiST index page split processing.
      The probability of occurrence was low, but these could lead to
      index corruption.
    - Fix possible buffer overrun in tsvector_concat().
      The function could underestimate the amount of memory needed for
      its result, leading to server crashes.
    - Fix crash in xml_recv when processing a "standalone" parameter.
    - Avoid possibly accessing off the end of memory in "ANALYZE" and in
      SJIS-2004 encoding conversion.
      This fixes some very-low-probability server crash scenarios.
    - Fix race condition in relcache init file invalidation.
      There was a window wherein a new backend process could read a stale
      init file but miss the inval messages that would tell it the data
      is stale. The result would be bizarre failures in catalog accesses,
      typically "could not read block 0 in file ..." later during
      startup.
    - Fix memory leak at end of a GiST index scan.
      Commands that perform many separate GiST index scans, such as
      verification of a new GiST-based exclusion constraint on a table
      already containing many rows, could transiently require large
      amounts of memory due to this leak.
    - Fix performance problem when constructing a large, lossy bitmap.
    - Fix array- and path-creating functions to ensure padding bytes are
      zeroes. This avoids some situations where the planner will think that
      semantically-equal constants are not equal, resulting in poor
      optimization.
    - Fix dump bug for VALUES in a view.
    - Disallow SELECT FOR UPDATE/SHARE on sequences.
      This operation doesn't work as expected and can lead to failures.
    - Defend against integer overflow when computing size of a hash table.
    - Fix cases where "CLUSTER" might attempt to access already-removed
      TOAST data.
    - Fix portability bugs in use of credentials control messages for
      "peer" authentication.
    - Fix SSPI login when multiple roundtrips are required.
      The typical symptom of this problem was "The function requested is
      not supported" errors during SSPI login.
    - Fix typo in pg_srand48 seed initialization.
      This led to failure to use all bits of the provided seed. This
      function is not used on most platforms (only those without
      srandom), and the potential security exposure from a
      less-random-than-expected seed seems minimal in any case.
    - Avoid integer overflow when the sum of LIMIT and OFFSET values
      exceeds 2^63.
    - Add overflow checks to int4 and int8 versions of generate_series().
    - Fix trailing-zero removal in to_char(). In a format with FM and no digit
      positions after the decimal point, zeroes to the left of the decimal
      point could be removed incorrectly.
    - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63.
    - Fix psql's counting of script file line numbers during COPY from a
      different file.
    - Fix pg_restore's direct-to-database mode for
      standard_conforming_strings.
      pg_restore could emit incorrect commands when restoring directly to
      a database server from an archive file that had been made with
      standard_conforming_strings set to on.
    - Fix write-past-buffer-end and memory leak in libpq's LDAP service
      lookup code.
    - In libpq, avoid failures when using nonblocking I/O and an SSL
      connection.
    - Improve libpq's handling of failures during connection startup.
      In particular, the response to a server report of fork() failure
      during SSL connection startup is now saner.
    - Improve libpq's error reporting for SSL failures.
    - Make ecpglib write double values with 15 digits precision.
    - In ecpglib, be sure LC_NUMERIC setting is restored after an error.
    - Apply upstream fix for blowfish signed-character bug
      (CVE-2011-2483).
      "contrib/pg_crypto"'s blowfish encryption code could give wrong
      results on platforms where char is signed (which is most), leading
      to encrypted passwords being weaker than they should be.
    - Fix memory leak in "contrib/seg".
    - Fix pgstatindex() to give consistent results for empty indexes.
    - Allow building with perl 5.14 (Alex Hunsaker)
 -- Martin Pitt <email address hidden>   Tue, 04 Oct 2011 12:55:04 +0200
Superseded in hardy-updates on 2011-10-13
Deleted in hardy-proposed on 2011-10-14 (Reason: moved to -updates)
postgresql-8.3 (8.3.15-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #767165)
    - Disallow including a composite type in itself.
    - Avoid potential deadlock during catalog cache initialization.
    - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling
      when there was a concurrent update to the target tuple.
    - Disallow "DROP TABLE" when there are pending deferred trigger
      events for the table.
    - Fix PL/Python memory leak involving array slices.
    - Fix pg_restore to cope with long lines (over 1KB) in TOC files.
    - Put in more safeguards against crashing due to division-by-zero
      with overly enthusiastic compiler optimization.
 -- Martin Pitt <email address hidden>   Wed, 20 Apr 2011 16:20:32 +0200
Superseded in hardy-updates on 2011-04-28
Superseded in hardy-security on 2011-10-13
postgresql-8.3 (8.3.14-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #711318)
    - Fix buffer overrun in "contrib/intarray"'s input function for the
      query_int type.
      This bug is a security risk since the function's return address
      could be overwritten. Thanks to Apple Inc's security team for
      reporting this issue and supplying the fix. (CVE-2010-4015)
    - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
      expression.
      If the CASE's test expression was a constant, the planner could
      simplify the CASE into a form that confused the expression-display
      code, resulting in "unexpected CASE WHEN clause" errors.
    - Fix assignment to an array slice that is before the existing range
      of subscripts.
      If there was a gap between the newly added subscripts and the first
      pre-existing subscript, the code miscalculated how many entries
      needed to be copied from the old array's null bitmap, potentially
      leading to data corruption or crash.
    - Avoid unexpected conversion overflow in planner for very distant
      date values.
      The date type supports a wider range of dates than can be
      represented by the timestamp types, but the planner assumed it
      could always convert a date to timestamp with impunity.
    - Fix pg_restore's text output for large objects (BLOBs) when
      standard_conforming_strings is on.
      Although restoring directly to a database worked correctly, string
      escaping was incorrect if pg_restore was asked for SQL text output
      and standard_conforming_strings had been enabled in the source
      database.
    - Fix erroneous parsing of tsquery values containing ... &
      !(subexpression) | ... .
      Queries containing this combination of operators were not executed
      correctly. The same error existed in "contrib/intarray"'s query_int
      type and "contrib/ltree"'s ltxtquery type.
    - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a seg column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update. (This is identical to the bug that was fixed in
      "contrib/cube" in the previous update.)
 -- Martin Pitt <email address hidden>   Tue, 01 Feb 2011 23:13:46 +0100
Superseded in hardy-updates on 2011-02-04
Deleted in hardy-proposed on 2011-02-05 (Reason: moved to -updates)
postgresql-8.3 (8.3.13-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #693157)
    - Force the default wal_sync_method to be fdatasync on Linux.
      The default on Linux has actually been fdatasync for many years,
      but recent kernel changes caused PostgreSQL to choose open_datasync
      instead. This choice did not result in any performance improvement,
      and caused outright failures on certain filesystems, notably ext4
      with the data=journal mount option.
    - Fix assorted bugs in WAL replay logic for GIN indexes.
      This could result in "bad buffer id: 0" failures or corruption of
      index contents during replication.
    - Fix recovery from base backup when the starting checkpoint WAL
      record is not in the same WAL segment as its redo point.
    - Fix persistent slowdown of autovacuum workers when multiple workers
      remain active for a long time.
      The effective vacuum_cost_limit for an autovacuum worker could drop
      to nearly zero if it processed enough tables, causing it to run
      extremely slowly.
    - Add support for detecting register-stack overrun on IA64.
      The IA64 architecture has two hardware stacks. Full prevention of
      stack-overrun failures requires checking both.
    - Add a check for stack overflow in copyObject().
      Certain code paths could crash due to stack overflow given a
      sufficiently complex query.
    - Fix detection of page splits in temporary GiST indexes.
      It is possible to have a "concurrent" page split in a temporary
      index, if for example there is an open cursor scanning the index
      when an insertion is done. GiST failed to detect this case and
      hence could deliver wrong results when execution of the cursor
      continued.
    - Avoid memory leakage while "ANALYZE"'ing complex index expressions.
    - Ensure an index that uses a whole-row Var still depends on its
      table.
      An index declared like create index i on t (foo(t.-)) would not
      automatically get dropped when its table was dropped.
    - Do not "inline" a SQL function with multiple OUT parameters.
      This avoids a possible crash due to loss of information about the
      expected result rowtype.
    - Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
      attached to the VALUES part of INSERT ... VALUES.
    - Fix constant-folding of COALESCE() expressions.
      The planner would sometimes attempt to evaluate sub-expressions
      that in fact could never be reached, possibly leading to unexpected
      errors.
    - Fix postmaster crash when connection acceptance (accept() or one of
      the calls made immediately after it) fails, and the postmaster was
      compiled with GSSAPI support.
    - Fix missed unlink of temporary files when log_temp_files is active.
      If an error occurred while attempting to emit the log message, the
      unlink was not done, resulting in accumulation of temp files.
    - Add print functionality for InhRelation nodes.
      This avoids a failure when debug_print_parse is enabled and certain
      types of query are executed.
    - Fix incorrect calculation of distance from a point to a horizontal
      line segment.
      This bug affected several different geometric distance-measurement
      operators.
    - Fix PL/pgSQL's handling of "simple" expressions to not fail in
      recursion or error-recovery cases.
    - Fix PL/Python's handling of set-returning functions.
      Attempts to call SPI functions within the iterator generating a set
      result would fail.
    - Fix bug in "contrib/cube"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a cube column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update.
    - Don't emit "identifier will be truncated" notices in
      "contrib/dblink" except when creating new connections.
    - Fix potential coredump on missing public key in "contrib/pgcrypto".
    - Fix memory leak in "contrib/xml2"'s XPath query functions.
 -- Martin Pitt <email address hidden>   Tue, 21 Dec 2010 21:36:17 +0100
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
postgresql-8.3 (8.3.12-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #655293)
    - Use a separate interpreter for each calling SQL userid in PL/Perl
      and PL/Tcl.
      This change prevents security problems that can be caused by
      subverting Perl or Tcl code that will be executed later in the same
      session under another SQL user identity (for example, within a
      SECURITY DEFINER function). Most scripting languages offer numerous
      ways that that might be done, such as redefining standard functions
      or operators called by the target function. Without this change,
      any SQL user with Perl or Tcl language usage rights can do
      essentially anything with the SQL privileges of the target
      function's owner.
      The cost of this change is that intentional communication among
      Perl and Tcl functions becomes more difficult. To provide an escape
      hatch, PL/PerlU and PL/TclU functions continue to use only one
      interpreter per session. This is not considered a security issue
      since all such functions execute at the trust level of a database
      superuser already.
      It is likely that third-party procedural languages that claim to
      offer trusted execution have similar security issues. We advise
      contacting the authors of any PL you are depending on for
      security-critical purposes.
      Our thanks to Tim Bunce for pointing out this issue
      (CVE-2010-3433).
    - Prevent possible crashes in pg_get_expr() by disallowing it from
      being called with an argument that is not one of the system catalog
      columns it's intended to be used with.
    - Fix incorrect usage of non-strict OR joinclauses in Append
      indexscans.
      This is a back-patch of an 8.4 fix that was missed in the 8.3
      branch. This corrects an error introduced in 8.3.8 that could cause
      incorrect results for outer joins when the inner relation is an
      inheritance tree or UNION ALL subquery.
    - Fix possible duplicate scans of UNION ALL member relations.
    - Fix "cannot handle unplanned sub-select" error.
      This occurred when a sub-select contains a join alias reference
      that expands into an expression containing another sub-select.
    - Fix failure to mark cached plans as transient.
      If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
      progress for one of the referenced tables, it is supposed to be
      re-planned once the index is ready for use. This was not happening
      reliably.
    - Reduce PANIC to ERROR in some occasionally-reported btree failure
      cases, and provide additional detail in the resulting error
      messages.
      This should improve the system's robustness with corrupted indexes.
    - Prevent show_session_authorization() from crashing within
      autovacuum processes.
    - Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype.
    - Fix possible failure when hashing a pass-by-reference function
      result.
    - Improve merge join's handling of NULLs in the join columns.
      A merge join can now stop entirely upon reaching the first NULL, if
      the sort order is such that NULLs sort high.
    - Take care to fsync the contents of lockfiles (both "postmaster.pid"
      and the socket lockfile) while writing them.
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start. That could in turn
      prevent subsequent attempts to start the postmaster from
      succeeding, until the lockfile is manually removed.
    - Avoid recursion while assigning XIDs to heavily-nested
      subtransactions.
      The original coding could result in a crash if there was limited
      stack space.
    - Avoid holding open old WAL segments in the walwriter process.
      The previous coding would prevent removal of no-longer-needed
      segments.
    - Fix log_line_prefix's %i escape, which could produce junk early in
      backend startup.
    - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
      when archiving is enabled.
    - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
      be interrupted by query-cancel.
    - Fix "REASSIGN OWNED" to handle operator classes and families.
    - Fix possible core dump when comparing two empty tsquery values.
    - Fix LIKE's handling of patterns containing % followed by _.
      We've fixed this before, but there were still some
      incorrectly-handled cases.
    - In PL/Python, defend against null pointer results from
      PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
    - Make psql recognize "DISCARD ALL" as a command that should not be
      encased in a transaction block in autocommit-off mode.
    - Fix ecpg to process data from RETURNING clauses correctly.
    - Improve "contrib/dblink"'s handling of tables containing dropped
      columns.
    - Fix connection leak after "duplicate connection name" errors in
      "contrib/dblink".
    - Fix "contrib/dblink" to handle connection names longer than 62
      bytes correctly.
    - Add hstore(text, text) function to "contrib/hstore".
      This function is the recommended substitute for the now-deprecated
      => operator. It was back-patched so that future-proofed code can be
      used with older server versions. Note that the patch will be
      effective only after "contrib/hstore" is installed or reinstalled
      in a particular database. Users might prefer to execute the "CREATE
      FUNCTION" command by hand, instead.
    - Update build infrastructure and documentation to reflect the source
      code repository's move from CVS to Git.
 -- Martin Pitt <email address hidden>   Wed, 06 Oct 2010 09:44:46 +0200
Superseded in hardy-updates on 2011-01-03
Superseded in hardy-security on 2011-02-04
postgresql-8.3 (8.3.12-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #655293)
    - Use a separate interpreter for each calling SQL userid in PL/Perl
      and PL/Tcl.
      This change prevents security problems that can be caused by
      subverting Perl or Tcl code that will be executed later in the same
      session under another SQL user identity (for example, within a
      SECURITY DEFINER function). Most scripting languages offer numerous
      ways that that might be done, such as redefining standard functions
      or operators called by the target function. Without this change,
      any SQL user with Perl or Tcl language usage rights can do
      essentially anything with the SQL privileges of the target
      function's owner.
      The cost of this change is that intentional communication among
      Perl and Tcl functions becomes more difficult. To provide an escape
      hatch, PL/PerlU and PL/TclU functions continue to use only one
      interpreter per session. This is not considered a security issue
      since all such functions execute at the trust level of a database
      superuser already.
      It is likely that third-party procedural languages that claim to
      offer trusted execution have similar security issues. We advise
      contacting the authors of any PL you are depending on for
      security-critical purposes.
      Our thanks to Tim Bunce for pointing out this issue
      (CVE-2010-3433).
    - Prevent possible crashes in pg_get_expr() by disallowing it from
      being called with an argument that is not one of the system catalog
      columns it's intended to be used with.
    - Fix incorrect usage of non-strict OR joinclauses in Append
      indexscans.
      This is a back-patch of an 8.4 fix that was missed in the 8.3
      branch. This corrects an error introduced in 8.3.8 that could cause
      incorrect results for outer joins when the inner relation is an
      inheritance tree or UNION ALL subquery.
    - Fix possible duplicate scans of UNION ALL member relations.
    - Fix "cannot handle unplanned sub-select" error.
      This occurred when a sub-select contains a join alias reference
      that expands into an expression containing another sub-select.
    - Fix failure to mark cached plans as transient.
      If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
      progress for one of the referenced tables, it is supposed to be
      re-planned once the index is ready for use. This was not happening
      reliably.
    - Reduce PANIC to ERROR in some occasionally-reported btree failure
      cases, and provide additional detail in the resulting error
      messages.
      This should improve the system's robustness with corrupted indexes.
    - Prevent show_session_authorization() from crashing within
      autovacuum processes.
    - Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype.
    - Fix possible failure when hashing a pass-by-reference function
      result.
    - Improve merge join's handling of NULLs in the join columns.
      A merge join can now stop entirely upon reaching the first NULL, if
      the sort order is such that NULLs sort high.
    - Take care to fsync the contents of lockfiles (both "postmaster.pid"
      and the socket lockfile) while writing them.
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start. That could in turn
      prevent subsequent attempts to start the postmaster from
      succeeding, until the lockfile is manually removed.
    - Avoid recursion while assigning XIDs to heavily-nested
      subtransactions.
      The original coding could result in a crash if there was limited
      stack space.
    - Avoid holding open old WAL segments in the walwriter process.
      The previous coding would prevent removal of no-longer-needed
      segments.
    - Fix log_line_prefix's %i escape, which could produce junk early in
      backend startup.
    - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
      when archiving is enabled.
    - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
      be interrupted by query-cancel.
    - Fix "REASSIGN OWNED" to handle operator classes and families.
    - Fix possible core dump when comparing two empty tsquery values.
    - Fix LIKE's handling of patterns containing % followed by _.
      We've fixed this before, but there were still some
      incorrectly-handled cases.
    - In PL/Python, defend against null pointer results from
      PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
    - Make psql recognize "DISCARD ALL" as a command that should not be
      encased in a transaction block in autocommit-off mode.
    - Fix ecpg to process data from RETURNING clauses correctly.
    - Improve "contrib/dblink"'s handling of tables containing dropped
      columns.
    - Fix connection leak after "duplicate connection name" errors in
      "contrib/dblink".
    - Fix "contrib/dblink" to handle connection names longer than 62
      bytes correctly.
    - Add hstore(text, text) function to "contrib/hstore".
      This function is the recommended substitute for the now-deprecated
      => operator. It was back-patched so that future-proofed code can be
      used with older server versions. Note that the patch will be
      effective only after "contrib/hstore" is installed or reinstalled
      in a particular database. Users might prefer to execute the "CREATE
      FUNCTION" command by hand, instead.
    - Update build infrastructure and documentation to reflect the source
      code repository's move from CVS to Git.
 -- Martin Pitt <email address hidden>   Wed, 06 Oct 2010 09:56:37 +0200
Superseded in hardy-updates on 2010-10-07
Superseded in hardy-security on 2010-10-07
Deleted in hardy-proposed on 2010-10-08 (Reason: moved to -updates)
postgresql-8.3 (8.3.11-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release:
    - Enforce restrictions in plperl using an opmask applied to the whole
      interpreter, instead of using "Safe.pm".
      Recent developments have convinced us that "Safe.pm" is too
      insecure to rely on for making plperl trustable. This change
      removes use of "Safe.pm" altogether, in favor of using a separate
      interpreter with an opcode mask that is always applied. Pleasant
      side effects of the change include that it is now possible to use
      Perl's strict pragma in a natural way in plperl, and that Perl's $a
      and $b variables work as expected in sort routines, and that
      function compilation is significantly faster. (CVE-2010-1169)
    - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table. This
      change disables the feature unless pltcl_modules is owned by a
      superuser. (However, the permissions on the table are not checked,
      so installations that really need a less-than-secure modules table
      can still grant suitable privileges to trusted non-superusers.)
      Also, prevent loading code into the unrestricted "normal" Tcl
      interpreter unless we are really going to execute a pltclu
      function. (CVE-2010-1170)
    - Fix possible crash if a cache reset message is received during
      rebuild of a relcache entry.
      This error was introduced in 8.3.10 while fixing a related failure.
    - Apply per-function GUC settings while running the language
      validator for the function.
      This avoids failures if the function's code is invalid without the
      setting; an example is that SQL functions may not parse if the
      search_path is not correct.
    - Do not allow an unprivileged user to reset superuser-only parameter
      settings.
      Previously, if an unprivileged user ran ALTER USER ... RESET ALL
      for himself, or ALTER DATABASE ... RESET ALL for a database he
      owns, this would remove all special parameter settings for the user
      or database, even ones that are only supposed to be changeable by a
      superuser. Now, the "ALTER" will only remove the parameters that
      the user has permission to change.
    - Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries.
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
    - Ensure the archiver process responds to changes in archive_command
      as soon as possible.
    - Update pl/perl's "ppport.h" for modern Perl versions.
    - Fix assorted memory leaks in pl/python.
    - Prevent infinite recursion in psql when expanding a variable that
      refers to itself.
    - Fix psql's \copy to not add spaces around a dot within \copy
      (select ...).
      Addition of spaces around the decimal point in a numeric literal
      would result in a syntax error.
    - Fix unnecessary "GIN indexes do not support whole-index scans"
      errors for unsatisfiable queries using "contrib/intarray" operators.
    - Ensure that "contrib/pgstattuple" functions respond to cancel
      interrupts promptly.
 -- Martin Pitt <email address hidden>   Sat, 15 May 2010 14:02:22 +0200
Superseded in jaunty-updates on 2010-10-07
Superseded in jaunty-security on 2010-10-07
Deleted in jaunty-proposed on 2010-10-08 (Reason: moved to -updates)
postgresql-8.3 (8.3.11-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release:
    - Enforce restrictions in plperl using an opmask applied to the whole
      interpreter, instead of using "Safe.pm".
      Recent developments have convinced us that "Safe.pm" is too
      insecure to rely on for making plperl trustable. This change
      removes use of "Safe.pm" altogether, in favor of using a separate
      interpreter with an opcode mask that is always applied. Pleasant
      side effects of the change include that it is now possible to use
      Perl's strict pragma in a natural way in plperl, and that Perl's $a
      and $b variables work as expected in sort routines, and that
      function compilation is significantly faster. (CVE-2010-1169)
    - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table. This
      change disables the feature unless pltcl_modules is owned by a
      superuser. (However, the permissions on the table are not checked,
      so installations that really need a less-than-secure modules table
      can still grant suitable privileges to trusted non-superusers.)
      Also, prevent loading code into the unrestricted "normal" Tcl
      interpreter unless we are really going to execute a pltclu
      function. (CVE-2010-1170)
    - Fix possible crash if a cache reset message is received during
      rebuild of a relcache entry.
      This error was introduced in 8.3.10 while fixing a related failure.
    - Apply per-function GUC settings while running the language
      validator for the function.
      This avoids failures if the function's code is invalid without the
      setting; an example is that SQL functions may not parse if the
      search_path is not correct.
    - Do not allow an unprivileged user to reset superuser-only parameter
      settings.
      Previously, if an unprivileged user ran ALTER USER ... RESET ALL
      for himself, or ALTER DATABASE ... RESET ALL for a database he
      owns, this would remove all special parameter settings for the user
      or database, even ones that are only supposed to be changeable by a
      superuser. Now, the "ALTER" will only remove the parameters that
      the user has permission to change.
    - Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries.
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
    - Ensure the archiver process responds to changes in archive_command
      as soon as possible.
    - Update pl/perl's "ppport.h" for modern Perl versions.
    - Fix assorted memory leaks in pl/python.
    - Prevent infinite recursion in psql when expanding a variable that
      refers to itself.
    - Fix psql's \copy to not add spaces around a dot within \copy
      (select ...).
      Addition of spaces around the decimal point in a numeric literal
      would result in a syntax error.
    - Fix unnecessary "GIN indexes do not support whole-index scans"
      errors for unsatisfiable queries using "contrib/intarray" operators.
    - Ensure that "contrib/pgstattuple" functions respond to cancel
      interrupts promptly.
 -- Martin Pitt <email address hidden>   Sat, 15 May 2010 14:07:21 +0200
Superseded in hardy-updates on 2010-05-21
Superseded in hardy-security on 2010-05-21
postgresql-8.3 (8.3.10-0ubuntu8.04.1) hardy-security; urgency=low

  * no change rebuild for -security

Superseded in jaunty-updates on 2010-05-21
Superseded in jaunty-security on 2010-05-21
postgresql-8.3 (8.3.10-0ubuntu9.04.1) jaunty-security; urgency=low

  * no change rebuild for -security

Superseded in hardy-updates on 2010-04-28
Deleted in hardy-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.3 (8.3.10-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #557408)
    - Add new configuration parameter ssl_renegotiation_limit to control
      how often we do session key renegotiation for an SSL connection.
      This can be set to zero to disable renegotiation completely, which
      may be required if a broken SSL library is used. In particular,
      some vendors are shipping stopgap patches for CVE-2009-3555 that
      cause renegotiation attempts to fail.
    - Fix possible deadlock during backend startup.
    - Fix possible crashes due to not handling errors during relcache
      reload cleanly.
    - Fix possible crash due to use of dangling pointer to a cached plan.
    - Fix possible crashes when trying to recover from a failure in
      subtransaction start.
    - Fix server memory leak associated with use of savepoints and a
      client encoding different from server's encoding.
    - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
      GIST index page split.
      This would result in index corruption, or even more likely an error
      during WAL replay, if we were unlucky enough to crash during
      end-of-recovery cleanup after having completed an incomplete GIST
      insertion.
    - Make substring() for bit types treat any negative length as meaning
      "all the rest of the string".
      The previous coding treated only -1 that way, and would produce an
      invalid result value for other negative values, possibly leading to
      a crash (CVE-2010-0442). (Closes: #567058)
    - Fix integer-to-bit-string conversions to handle the first
      fractional byte correctly when the output bit width is wider than
      the given integer by something other than a multiple of 8 bits.
    - Fix some cases of pathologically slow regular expression matching.
    - Fix assorted crashes in xml processing caused by sloppy memory
      management.
      This is a back-patch of changes first applied in 8.4. The 8.3 code
      was known buggy, but the new code was sufficiently different to not
      want to back-patch it until it had gotten some field testing.
    - Fix bug with trying to update a field of an element of a
      composite-type array column.
    - Fix the STOP WAL LOCATION entry in backup history files to report
      the next WAL segment's name when the end location is exactly at a
      segment boundary.
    - Fix some more cases of temporary-file leakage.
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
    - Improve constraint exclusion processing of boolean-variable cases,
      in particular make it possible to exclude a partition that has a
      "bool_column = false" constraint.
    - When reading "pg_hba.conf" and related files, do not treat
      @something as a file inclusion request if the @ appears inside
      quote marks; also, never treat @ by itself as a file inclusion
      request.
      This prevents erratic behavior if a role or database name starts
      with @. If you need to include a file whose path name contains
      spaces, you can still do so, but you must write @"/path to/file"
      rather than putting the quotes around the whole construct.
    - Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in "pg_hba.conf" and related files.
    - Fix possible infinite loop if SSL_read or SSL_write fails without
      setting errno.
      This is reportedly possible with some Windows versions of openssl.
    - Disallow GSSAPI authentication on local connections, since it
      requires a hostname to function correctly.
    - Make ecpg report the proper SQLSTATE if the connection disappears.
    - Fix psql's numericlocale option to not format strings it shouldn't
      in latex and troff output formats.
    - Make psql return the correct exit status (3) when ON_ERROR_STOP and
      --single-transaction are both specified and an error occurs during
      the implied "COMMIT".
    - Fix plpgsql failure in one case where a composite column is set to
      NULL.
    - Fix possible failure when calling PL/Perl functions from PL/PerlU
      or vice versa.
    - Add volatile markings in PL/Python to avoid possible
      compiler-specific misbehavior.
    - Ensure PL/Tcl initializes the Tcl interpreter fully.
      The only known symptom of this oversight is that the Tcl clock
      command misbehaves if using Tcl 8.5 or later.
    - Prevent crash in "contrib/dblink" when too many key columns are
      specified to a dblink_build_sql_- function.
    - Allow zero-dimensional arrays in "contrib/ltree" operations.
      This case was formerly rejected as an error, but it's more
      convenient to treat it the same as a zero-element array. In
      particular this avoids unnecessary failures when an ltree operation
      is applied to the result of ARRAY(SELECT ...) and the sub-select
      returns no rows.
    - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
      management.
  * Add 00cvs-unregister-ssl-callbacks.patch: Properly unregister OpenSSL
    callbacks when libpq is done with it's connection. Thanks Ondřej Surý for
    the backport! (Closes: #411982, LP: #63141)
 -- Martin Pitt <email address hidden>   Wed, 07 Apr 2010 18:50:00 +0200
Superseded in jaunty-updates on 2010-04-28
Deleted in jaunty-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.3 (8.3.10-0ubuntu9.04) jaunty-proposed; urgency=low

  * New upstream bug fix release: (LP: #557408)
    - Add new configuration parameter ssl_renegotiation_limit to control
      how often we do session key renegotiation for an SSL connection.
      This can be set to zero to disable renegotiation completely, which
      may be required if a broken SSL library is used. In particular,
      some vendors are shipping stopgap patches for CVE-2009-3555 that
      cause renegotiation attempts to fail.
    - Fix possible deadlock during backend startup.
    - Fix possible crashes due to not handling errors during relcache
      reload cleanly.
    - Fix possible crash due to use of dangling pointer to a cached plan.
    - Fix possible crashes when trying to recover from a failure in
      subtransaction start.
    - Fix server memory leak associated with use of savepoints and a
      client encoding different from server's encoding.
    - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
      GIST index page split.
      This would result in index corruption, or even more likely an error
      during WAL replay, if we were unlucky enough to crash during
      end-of-recovery cleanup after having completed an incomplete GIST
      insertion.
    - Make substring() for bit types treat any negative length as meaning
      "all the rest of the string".
      The previous coding treated only -1 that way, and would produce an
      invalid result value for other negative values, possibly leading to
      a crash (CVE-2010-0442). (Closes: #567058)
    - Fix integer-to-bit-string conversions to handle the first
      fractional byte correctly when the output bit width is wider than
      the given integer by something other than a multiple of 8 bits.
    - Fix some cases of pathologically slow regular expression matching.
    - Fix assorted crashes in xml processing caused by sloppy memory
      management.
      This is a back-patch of changes first applied in 8.4. The 8.3 code
      was known buggy, but the new code was sufficiently different to not
      want to back-patch it until it had gotten some field testing.
    - Fix bug with trying to update a field of an element of a
      composite-type array column.
    - Fix the STOP WAL LOCATION entry in backup history files to report
      the next WAL segment's name when the end location is exactly at a
      segment boundary.
    - Fix some more cases of temporary-file leakage.
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
    - Improve constraint exclusion processing of boolean-variable cases,
      in particular make it possible to exclude a partition that has a
      "bool_column = false" constraint.
    - When reading "pg_hba.conf" and related files, do not treat
      @something as a file inclusion request if the @ appears inside
      quote marks; also, never treat @ by itself as a file inclusion
      request.
      This prevents erratic behavior if a role or database name starts
      with @. If you need to include a file whose path name contains
      spaces, you can still do so, but you must write @"/path to/file"
      rather than putting the quotes around the whole construct.
    - Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in "pg_hba.conf" and related files.
    - Fix possible infinite loop if SSL_read or SSL_write fails without
      setting errno.
      This is reportedly possible with some Windows versions of openssl.
    - Disallow GSSAPI authentication on local connections, since it
      requires a hostname to function correctly.
    - Make ecpg report the proper SQLSTATE if the connection disappears.
    - Fix psql's numericlocale option to not format strings it shouldn't
      in latex and troff output formats.
    - Make psql return the correct exit status (3) when ON_ERROR_STOP and
      --single-transaction are both specified and an error occurs during
      the implied "COMMIT".
    - Fix plpgsql failure in one case where a composite column is set to
      NULL.
    - Fix possible failure when calling PL/Perl functions from PL/PerlU
      or vice versa.
    - Add volatile markings in PL/Python to avoid possible
      compiler-specific misbehavior.
    - Ensure PL/Tcl initializes the Tcl interpreter fully.
      The only known symptom of this oversight is that the Tcl clock
      command misbehaves if using Tcl 8.5 or later.
    - Prevent crash in "contrib/dblink" when too many key columns are
      specified to a dblink_build_sql_- function.
    - Allow zero-dimensional arrays in "contrib/ltree" operations.
      This case was formerly rejected as an error, but it's more
      convenient to treat it the same as a zero-element array. In
      particular this avoids unnecessary failures when an ltree operation
      is applied to the result of ARRAY(SELECT ...) and the sub-select
      returns no rows.
    - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
      management.
 -- Martin Pitt <email address hidden>   Wed, 07 Apr 2010 18:45:05 +0200
Superseded in hardy-updates on 2010-04-15
Superseded in hardy-security on 2010-04-28
Deleted in hardy-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.3 (8.3.9-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal.  Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
 -- Martin Pitt <email address hidden>   Tue, 15 Dec 2009 15:17:18 +0100
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
Deleted in intrepid-proposed on 2013-02-27 (Reason: moved to -updates)
postgresql-8.3 (8.3.9-0ubuntu8.10) intrepid-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal.  Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
 -- Martin Pitt <email address hidden>   Tue, 15 Dec 2009 15:02:52 +0100
Superseded in jaunty-updates on 2010-04-15
Superseded in jaunty-security on 2010-04-28
Deleted in jaunty-proposed on 2010-04-29 (Reason: moved to -updates)
postgresql-8.3 (8.3.9-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal.  Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
 -- Martin Pitt <email address hidden>   Tue, 15 Dec 2009 14:42:30 +0100
Deleted in lucid-release on 2010-02-24 (Reason: obsolete, lucid supports 8.4)
postgresql-8.3 (8.3.9-1) unstable; urgency=medium

  Urgency medium due to security fixes.

  * New upstream security/bug fix release:
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal.  Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
  * debian/control: libreadline5-dev → libreadline-dev. (Closes: #553828)
 -- Martin Pitt <email address hidden>   Mon, 14 Dec 2009 23:00:56 +0100

Available diffs

Superseded in jaunty-updates on 2010-01-03
Superseded in jaunty-security on 2010-01-03
Deleted in jaunty-proposed on 2010-01-04 (Reason: moved to -updates)
postgresql-8.3 (8.3.8-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".

 -- Martin Pitt <email address hidden>   Wed, 16 Sep 2009 11:15:21 +0200
Superseded in intrepid-updates on 2010-01-03
Superseded in intrepid-security on 2010-01-03
Deleted in intrepid-proposed on 2010-01-04 (Reason: moved to -updates)
postgresql-8.3 (8.3.8-0ubuntu8.10) intrepid-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".

 -- Martin Pitt <email address hidden>   Wed, 16 Sep 2009 10:45:23 +0200
Superseded in hardy-updates on 2010-01-03
Superseded in hardy-security on 2010-01-03
Deleted in hardy-proposed on 2010-01-04 (Reason: moved to -updates)
postgresql-8.3 (8.3.8-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".

 -- Martin Pitt <email address hidden>   Wed, 16 Sep 2009 10:36:16 +0200
Superseded in lucid-release on 2009-12-15
Obsolete in karmic-release on 2013-03-04
postgresql-8.3 (8.3.8-1) unstable; urgency=medium

  * Urgency medium due to security fix.
  * New upstream security/bug fix release:
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".
  * Bump Standards-Version to 3.8.3 (no changes necessary).

 -- Martin Pitt <email address hidden>   Sun, 06 Sep 2009 14:10:22 +0200

Available diffs

Superseded in karmic-release on 2009-09-09
postgresql-8.3 (8.3.7-4) unstable; urgency=low

  * debian/control: Add missing libpq-dev build dependency to fix FTBFS, since
    we don't build libpq5 ourselves any more. (Closes: #538316)
  * debian/postgresql-8.3.init: Drop "postgresql" from LSB "Provides" header,
    since insserv falls over if multiple packages provide a service. Just
    provide "postgresql-8.3" and let the default version (8.4) provide
    "postgresql". (Closes: #535442)

 -- Michael Bienia <email address hidden>   Mon,  24 Aug 2009 13:17:42 +0100

Available diffs

Superseded in karmic-release on 2009-08-24
postgresql-8.3 (8.3.7-3) unstable; urgency=low

  * Drop library packages, they are built by postgresql-8.4 now.

 -- Michael Bienia <email address hidden>   Thu,  30 Jul 2009 08:48:56 +0100

Available diffs

Superseded in karmic-release on 2009-07-30
Superseded in karmic-release on 2009-07-23
postgresql-8.3 (8.3.7-2) unstable; urgency=low

  * debian/control: Fix section to be "databases", according to existing
    archive overrides.
  * debian/control: Bump Standards-Version to 3.8.2 (no changes required).
  * debian/watch: Fix file once again, now hopefully more stable.
  * debian/control: Drop the versionless metapackages, they are now built by
    -8.4.

 -- Martin Pitt <email address hidden>   Thu,  23 Jul 2009 10:21:32 +0100

Available diffs

Superseded in karmic-release on 2009-07-23
postgresql-8.3 (8.3.7-1build1) karmic; urgency=low

  * No-change rebuild against libkrb5-3.

 -- Steve Langasek <email address hidden>   Thu, 04 Jun 2009 23:37:45 +0000

Available diffs

Superseded in intrepid-updates on 2009-09-21
Superseded in intrepid-security on 2009-09-21
postgresql-8.3 (8.3.7-0ubuntu8.10.1) intrepid-security; urgency=low

  * No change rebuild as a security update as this fixes CVE-2009-0922

 -- Marc Deslauriers <email address hidden>   Mon, 06 Apr 2009 11:24:43 -0400
Superseded in hardy-updates on 2009-09-21
Superseded in hardy-security on 2009-09-21
postgresql-8.3 (8.3.7-0ubuntu8.04.1) hardy-security; urgency=low

  * No change rebuild as a security update as this fixes CVE-2009-0922

 -- Marc Deslauriers <email address hidden>   Mon, 06 Apr 2009 11:16:37 -0400
Deleted in intrepid-proposed on 2009-04-15 (Reason: moved to -updates)
postgresql-8.3 (8.3.7-0ubuntu8.10) intrepid-proposed; urgency=low

  * New upstream bug fix release: (LP: #344688)
    - Prevent error recursion crashes when encoding conversion fails.
      This change extends fixes made in the last two minor releases for
      related failure scenarios. The previous fixes were narrowly
      tailored for the original problem reports, but we have now
      recognized that *any* error thrown by an encoding conversion
      function could potentially lead to infinite recursion while trying
      to report the error. The solution therefore is to disable
      translation and encoding conversion and report the plain-ASCII form
      of any error message, if we find we have gotten into a recursive
      error reporting situation. (Closes: #517405)
    - Disallow "CREATE CONVERSION" with the wrong encodings for the
      specified conversion function. This prevents one possible scenario for
      encoding conversion failure. The previous change is a backstop to guard
      against other kinds of failures in the same area.
    - Fix xpath() to not modify the path expression unless necessary, and
      to make a saner attempt at it when necessary.
      The SQL standard suggests that xpath should work on data that is a
      document fragment, but libxml doesn't support that, and indeed it's
      not clear that this is sensible according to the XPath standard.
      xpath attempted to work around this mismatch by modifying both the
      data and the path expression, but the modification was buggy and
      could cause valid searches to fail. Now, xpath checks whether the
      data is in fact a well-formed document, and if so invokes libxml
      with no change to the data or path expression. Otherwise, a
      different modification method that is somewhat less likely to fail
      is used.
      Note: The new modification method is still not 100% satisfactory,
      and it seems likely that no real solution is possible. This patch
      should therefore be viewed as a band-aid to keep from breaking
      existing applications unnecessarily. It is likely that PostgreSQL
      8.4 will simply reject use of xpath on data that is not a
      well-formed document.
    - Fix core dump when to_char() is given format codes that are
      inappropriate for the type of the data argument.
    - Fix extreme inefficiency in text search parser's handling of an
      email-like string containing multiple @ characters.
    - Fix planner problem with sub-"SELECT" in the output list of a
      larger subquery.
    - Fix decompilation of CASE WHEN with an implicit coercion.
    - Fix possible misassignment of the owner of a TOAST table's rowtype.
      If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
      by someone other than the table owner, the pg_type entry for the
      table's TOAST table would end up marked as owned by that someone.
      This caused no immediate problems, since the permissions on the
      TOAST rowtype aren't examined by any ordinary database operation.
      However, it could lead to unexpected failures if one later tried to
      drop the role that issued the command (in 8.1 or 8.2), or "owner of
      data type appears to be invalid" warnings from pg_dump after having
      done so (in 8.3).
    - Change "UNLISTEN" to exit quickly if the current session has never
      executed any "LISTEN" command.
      Most of the time this is not a particularly useful optimization,
      but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
      caused a substantial performance problem for applications that made
      heavy use of "DISCARD ALL".
    - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
      clause anywhere in the string, not only at the start; in
      particular, don't fail for "INSERT INTO" within "CREATE RULE".
    - Clean up PL/pgSQL error status variables fully at block exit.
      This is not a problem for PL/pgSQL itself, but the omission could
      cause the PL/pgSQL Debugger to crash while examining the state of a
      function.
    - Add MUST (Mauritius Island Summer Time) to the default list of
      known timezone abbreviations.

 -- Martin Pitt <email address hidden>   Wed, 25 Mar 2009 09:02:46 +0100
Deleted in hardy-proposed on 2009-04-15 (Reason: moved to -updates)
postgresql-8.3 (8.3.7-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #344688)
    - Prevent error recursion crashes when encoding conversion fails.
      This change extends fixes made in the last two minor releases for
      related failure scenarios. The previous fixes were narrowly
      tailored for the original problem reports, but we have now
      recognized that *any* error thrown by an encoding conversion
      function could potentially lead to infinite recursion while trying
      to report the error. The solution therefore is to disable
      translation and encoding conversion and report the plain-ASCII form
      of any error message, if we find we have gotten into a recursive
      error reporting situation. (Closes: #517405)
    - Disallow "CREATE CONVERSION" with the wrong encodings for the
      specified conversion function. This prevents one possible scenario for
      encoding conversion failure. The previous change is a backstop to guard
      against other kinds of failures in the same area.
    - Fix xpath() to not modify the path expression unless necessary, and
      to make a saner attempt at it when necessary.
      The SQL standard suggests that xpath should work on data that is a
      document fragment, but libxml doesn't support that, and indeed it's
      not clear that this is sensible according to the XPath standard.
      xpath attempted to work around this mismatch by modifying both the
      data and the path expression, but the modification was buggy and
      could cause valid searches to fail. Now, xpath checks whether the
      data is in fact a well-formed document, and if so invokes libxml
      with no change to the data or path expression. Otherwise, a
      different modification method that is somewhat less likely to fail
      is used.
      Note: The new modification method is still not 100% satisfactory,
      and it seems likely that no real solution is possible. This patch
      should therefore be viewed as a band-aid to keep from breaking
      existing applications unnecessarily. It is likely that PostgreSQL
      8.4 will simply reject use of xpath on data that is not a
      well-formed document.
    - Fix core dump when to_char() is given format codes that are
      inappropriate for the type of the data argument.
    - Fix extreme inefficiency in text search parser's handling of an
      email-like string containing multiple @ characters.
    - Fix planner problem with sub-"SELECT" in the output list of a
      larger subquery.
    - Fix decompilation of CASE WHEN with an implicit coercion.
    - Fix possible misassignment of the owner of a TOAST table's rowtype.
      If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
      by someone other than the table owner, the pg_type entry for the
      table's TOAST table would end up marked as owned by that someone.
      This caused no immediate problems, since the permissions on the
      TOAST rowtype aren't examined by any ordinary database operation.
      However, it could lead to unexpected failures if one later tried to
      drop the role that issued the command (in 8.1 or 8.2), or "owner of
      data type appears to be invalid" warnings from pg_dump after having
      done so (in 8.3).
    - Change "UNLISTEN" to exit quickly if the current session has never
      executed any "LISTEN" command.
      Most of the time this is not a particularly useful optimization,
      but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
      caused a substantial performance problem for applications that made
      heavy use of "DISCARD ALL".
    - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
      clause anywhere in the string, not only at the start; in
      particular, don't fail for "INSERT INTO" within "CREATE RULE".
    - Clean up PL/pgSQL error status variables fully at block exit.
      This is not a problem for PL/pgSQL itself, but the omission could
      cause the PL/pgSQL Debugger to crash while examining the state of a
      function.
    - Add MUST (Mauritius Island Summer Time) to the default list of
      known timezone abbreviations.

 -- Martin Pitt <email address hidden>   Wed, 25 Mar 2009 09:13:38 +0100
Superseded in karmic-release on 2009-06-05
Obsolete in jaunty-release on 2013-02-28
postgresql-8.3 (8.3.7-1) unstable; urgency=low

  * New upstream bug fix release:
     - Prevent error recursion crashes when encoding conversion fails.
       This change extends fixes made in the last two minor releases for
       related failure scenarios. The previous fixes were narrowly
       tailored for the original problem reports, but we have now
       recognized that *any* error thrown by an encoding conversion
       function could potentially lead to infinite recursion while trying
       to report the error. The solution therefore is to disable
       translation and encoding conversion and report the plain-ASCII form
       of any error message, if we find we have gotten into a recursive
       error reporting situation. (Closes: #517405)
     - Disallow "CREATE CONVERSION" with the wrong encodings for the
       specified conversion function. This prevents one possible scenario for
       encoding conversion failure. The previous change is a backstop to guard
       against other kinds of failures in the same area.
     - Fix xpath() to not modify the path expression unless necessary, and
       to make a saner attempt at it when necessary.
       The SQL standard suggests that xpath should work on data that is a
       document fragment, but libxml doesn't support that, and indeed it's
       not clear that this is sensible according to the XPath standard.
       xpath attempted to work around this mismatch by modifying both the
       data and the path expression, but the modification was buggy and
       could cause valid searches to fail. Now, xpath checks whether the
       data is in fact a well-formed document, and if so invokes libxml
       with no change to the data or path expression. Otherwise, a
       different modification method that is somewhat less likely to fail
       is used.
       Note: The new modification method is still not 100% satisfactory,
       and it seems likely that no real solution is possible. This patch
       should therefore be viewed as a band-aid to keep from breaking
       existing applications unnecessarily. It is likely that PostgreSQL
       8.4 will simply reject use of xpath on data that is not a
       well-formed document.
     - Fix core dump when to_char() is given format codes that are
       inappropriate for the type of the data argument.
     - Fix extreme inefficiency in text search parser's handling of an
       email-like string containing multiple @ characters.
     - Fix planner problem with sub-"SELECT" in the output list of a
       larger subquery.
     - Fix decompilation of CASE WHEN with an implicit coercion.
     - Fix possible misassignment of the owner of a TOAST table's rowtype.
       If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
       by someone other than the table owner, the pg_type entry for the
       table's TOAST table would end up marked as owned by that someone.
       This caused no immediate problems, since the permissions on the
       TOAST rowtype aren't examined by any ordinary database operation.
       However, it could lead to unexpected failures if one later tried to
       drop the role that issued the command (in 8.1 or 8.2), or "owner of
       data type appears to be invalid" warnings from pg_dump after having
       done so (in 8.3).
     - Change "UNLISTEN" to exit quickly if the current session has never
       executed any "LISTEN" command.
       Most of the time this is not a particularly useful optimization,
       but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
       caused a substantial performance problem for applications that made
       heavy use of "DISCARD ALL".
     - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
       clause anywhere in the string, not only at the start; in
       particular, don't fail for "INSERT INTO" within "CREATE RULE".
     - Clean up PL/pgSQL error status variables fully at block exit.
       This is not a problem for PL/pgSQL itself, but the omission could
       cause the PL/pgSQL Debugger to crash while examining the state of a
       function.
     - Add MUST (Mauritius Island Summer Time) to the default list of
       known timezone abbreviations (Xavier Bugaud)
  * debian/postgresql-8.3.init: Drop obsolete autovac-* commands.
    (Closes: #519582)
  * debian/rules: Enable build hardening on Debian now. Drop lsb-release build
    dependency, since we do not need it any more.

 -- Martin Pitt <email address hidden>   Fri,  20 Mar 2009 02:24:20 +0000

Available diffs

Superseded in jaunty-release on 2009-03-20
postgresql-8.3 (8.3.6-1build1) jaunty; urgency=low

  * No-change rebuild against python 2.6.

 -- Steve Langasek <email address hidden>   Wed, 04 Mar 2009 19:16:05 +0000

Available diffs

Superseded in hardy-updates on 2009-04-07
Deleted in hardy-proposed on 2009-04-08 (Reason: moved to -updates)
postgresql-8.3 (8.3.6-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #326372)
    - Make "DISCARD ALL" release advisory locks, in addition to
      everything it already did. This was decided to be the most
      appropriate behavior. This could affect existing applications,
      however.
    - Fix whole-index GiST scans to work correctly.  This error could
      cause rows to be lost if a table is clustered on a GiST index.
    - Fix crash of xmlconcat(NULL).
    - Fix possible crash in ispell dictionary if high-bit-set characters
      are used as flags.  This is known to be done by one widely
      available Norwegian dictionary, and the same condition may exist
      in others. (Closes: #513580)
    - Fix misordering of pg_dump output for composite types.  The most
      likely problem was for user-defined operator classes to be
      dumped after indexes or views that needed them.
    - Improve handling of URLs in headline() function.
    - Improve handling of overlength headlines in headline() function.
    - Prevent possible Assert failure or misconversion if an encoding
      conversion is created with the wrong conversion function for the
      specified pair of encodings.
    - Fix possible Assert failure if a statement executed in PL/pgSQL is
      rewritten into another kind of statement, for example if an
      "INSERT" is rewritten into an "UPDATE".
    - Ensure that a snapshot is available to datatype input functions.
      This primarily affects domains that are declared with CHECK
      constraints involving user-defined stable or immutable functions.
      Such functions typically fail if no snapshot has been set.
    - Make it safer for SPI-using functions to be used within datatype
      I/O; in particular, to be used in domain check constraints.
    - Avoid unnecessary locking of small tables in "VACUUM".
    - Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE"
      from being recognized by active sessions.
    - Fix a problem that made UPDATE RETURNING tableoid return zero
      instead of the correct OID.
    - Allow functions declared as taking ANYARRAY to work on the
      pg_statistic columns of that type.
      This used to work, but was unintentionally broken in 8.3.
    - Fix planner misestimation of selectivity when transitive equality
      is applied to an outer-join clause.
      This could result in bad plans for queries like ... from a left
      join b on a.a1 = b.b1 where a.a1 = 42 ...
    - Improve optimizer's handling of long IN lists.  This change
      avoids wasting large amounts of time on such lists when
      constraint exclusion is enabled.
    - Prevent synchronous scan during GIN index build.  Because GIN is
      optimized for inserting tuples in increasing TID order, choosing
      to use a synchronous scan could slow the build by a factor of
      three or more.
    - Ensure that the contents of a holdable cursor don't depend on the
      contents of TOAST tables.  Previously, large field values in a
      cursor result might be represented as TOAST pointers, which
      would fail if the referenced table got dropped before the cursor
      is read, or if the large value is deleted and then vacuumed
      away. This cannot happen with an ordinary cursor, but it could
      with a cursor that is held past its creating transaction.
    - Fix memory leak when a set-returning function is terminated without
      reading its whole result.
    - Fix encoding conversion problems in XML functions when the database
      encoding isn't UTF-8.
    - Fix "contrib/dblink"'s dblink_get_result(text,bool) function.
    - Fix possible garbage output from "contrib/sslinfo" functions.
    - Fix incorrect behavior of "contrib/tsearch2" compatibility trigger
      when it's fired more than once in a command.
    - Fix possible mis-signaling in autovacuum.
    - Fix ecpg's handling of varchar structs.
    - Make all documentation reference pgsql-bugs and/or pgsql-hackers as
      appropriate, instead of the now-decommissioned pgsql-ports and
      pgsql-patches mailing lists.

 -- Martin Pitt <email address hidden>   Fri, 06 Feb 2009 23:51:09 +0100
Superseded in intrepid-updates on 2009-04-07
Deleted in intrepid-proposed on 2009-04-08 (Reason: moved to -updates)
postgresql-8.3 (8.3.6-0ubuntu8.10) intrepid-proposed; urgency=low

  * New upstream bug fix release: (LP: #326372)
    - Make "DISCARD ALL" release advisory locks, in addition to
      everything it already did. This was decided to be the most
      appropriate behavior. This could affect existing applications,
      however.
    - Fix whole-index GiST scans to work correctly.  This error could
      cause rows to be lost if a table is clustered on a GiST index.
    - Fix crash of xmlconcat(NULL).
    - Fix possible crash in ispell dictionary if high-bit-set characters
      are used as flags.  This is known to be done by one widely
      available Norwegian dictionary, and the same condition may exist
      in others. (Closes: #513580)
    - Fix misordering of pg_dump output for composite types.  The most
      likely problem was for user-defined operator classes to be
      dumped after indexes or views that needed them.
    - Improve handling of URLs in headline() function.
    - Improve handling of overlength headlines in headline() function.
    - Prevent possible Assert failure or misconversion if an encoding
      conversion is created with the wrong conversion function for the
      specified pair of encodings.
    - Fix possible Assert failure if a statement executed in PL/pgSQL is
      rewritten into another kind of statement, for example if an
      "INSERT" is rewritten into an "UPDATE".
    - Ensure that a snapshot is available to datatype input functions.
      This primarily affects domains that are declared with CHECK
      constraints involving user-defined stable or immutable functions.
      Such functions typically fail if no snapshot has been set.
    - Make it safer for SPI-using functions to be used within datatype
      I/O; in particular, to be used in domain check constraints.
    - Avoid unnecessary locking of small tables in "VACUUM".
    - Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE"
      from being recognized by active sessions.
    - Fix a problem that made UPDATE RETURNING tableoid return zero
      instead of the correct OID.
    - Allow functions declared as taking ANYARRAY to work on the
      pg_statistic columns of that type.
      This used to work, but was unintentionally broken in 8.3.
    - Fix planner misestimation of selectivity when transitive equality
      is applied to an outer-join clause.
      This could result in bad plans for queries like ... from a left
      join b on a.a1 = b.b1 where a.a1 = 42 ...
    - Improve optimizer's handling of long IN lists.  This change
      avoids wasting large amounts of time on such lists when
      constraint exclusion is enabled.
    - Prevent synchronous scan during GIN index build.  Because GIN is
      optimized for inserting tuples in increasing TID order, choosing
      to use a synchronous scan could slow the build by a factor of
      three or more.
    - Ensure that the contents of a holdable cursor don't depend on the
      contents of TOAST tables.  Previously, large field values in a
      cursor result might be represented as TOAST pointers, which
      would fail if the referenced table got dropped before the cursor
      is read, or if the large value is deleted and then vacuumed
      away. This cannot happen with an ordinary cursor, but it could
      with a cursor that is held past its creating transaction.
    - Fix memory leak when a set-returning function is terminated without
      reading its whole result.
    - Fix encoding conversion problems in XML functions when the database
      encoding isn't UTF-8.
    - Fix "contrib/dblink"'s dblink_get_result(text,bool) function.
    - Fix possible garbage output from "contrib/sslinfo" functions.
    - Fix incorrect behavior of "contrib/tsearch2" compatibility trigger
      when it's fired more than once in a command.
    - Fix possible mis-signaling in autovacuum.
    - Fix ecpg's handling of varchar structs.
    - Make all documentation reference pgsql-bugs and/or pgsql-hackers as
      appropriate, instead of the now-decommissioned pgsql-ports and
      pgsql-patches mailing lists.

 -- Martin Pitt <email address hidden>   Fri, 06 Feb 2009 23:44:54 +0100
Superseded in jaunty-release on 2009-03-04
postgresql-8.3 (8.3.6-1) unstable; urgency=low

  * New upstream bug fix release:
    - Make "DISCARD ALL" release advisory locks, in addition to
      everything it already did. This was decided to be the most
      appropriate behavior. This could affect existing applications,
      however.
    - Fix whole-index GiST scans to work correctly.  This error could
      cause rows to be lost if a table is clustered on a GiST index.
    - Fix crash of xmlconcat(NULL).
    - Fix possible crash in ispell dictionary if high-bit-set characters
      are used as flags.  This is known to be done by one widely
      available Norwegian dictionary, and the same condition may exist
      in others. (Closes: #513580)
    - Fix misordering of pg_dump output for composite types.  The most
      likely problem was for user-defined operator classes to be
      dumped after indexes or views that needed them.
    - Improve handling of URLs in headline() function.
    - Improve handling of overlength headlines in headline() function.
    - Prevent possible Assert failure or misconversion if an encoding
      conversion is created with the wrong conversion function for the
      specified pair of encodings.
    - Fix possible Assert failure if a statement executed in PL/pgSQL is
      rewritten into another kind of statement, for example if an
      "INSERT" is rewritten into an "UPDATE".
    - Ensure that a snapshot is available to datatype input functions.
      This primarily affects domains that are declared with CHECK
      constraints involving user-defined stable or immutable functions.
      Such functions typically fail if no snapshot has been set.
    - Make it safer for SPI-using functions to be used within datatype
      I/O; in particular, to be used in domain check constraints.
    - Avoid unnecessary locking of small tables in "VACUUM".
    - Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE"
      from being recognized by active sessions.
    - Fix a problem that made UPDATE RETURNING tableoid return zero
      instead of the correct OID.
    - Allow functions declared as taking ANYARRAY to work on the
      pg_statistic columns of that type.
      This used to work, but was unintentionally broken in 8.3.
    - Fix planner misestimation of selectivity when transitive equality
      is applied to an outer-join clause.
      This could result in bad plans for queries like ... from a left
      join b on a.a1 = b.b1 where a.a1 = 42 ...
    - Improve optimizer's handling of long IN lists.  This change
      avoids wasting large amounts of time on such lists when
      constraint exclusion is enabled.
    - Prevent synchronous scan during GIN index build.  Because GIN is
      optimized for inserting tuples in increasing TID order, choosing
      to use a synchronous scan could slow the build by a factor of
      three or more.
    - Ensure that the contents of a holdable cursor don't depend on the
      contents of TOAST tables.  Previously, large field values in a
      cursor result might be represented as TOAST pointers, which
      would fail if the referenced table got dropped before the cursor
      is read, or if the large value is deleted and then vacuumed
      away. This cannot happen with an ordinary cursor, but it could
      with a cursor that is held past its creating transaction.
    - Fix memory leak when a set-returning function is terminated without
      reading its whole result.
    - Fix encoding conversion problems in XML functions when the database
      encoding isn't UTF-8.
    - Fix "contrib/dblink"'s dblink_get_result(text,bool) function.
    - Fix possible garbage output from "contrib/sslinfo" functions.
    - Fix incorrect behavior of "contrib/tsearch2" compatibility trigger
      when it's fired more than once in a command.
    - Fix possible mis-signaling in autovacuum.
    - Fix ecpg's handling of varchar structs.
    - Make all documentation reference pgsql-bugs and/or pgsql-hackers as
      appropriate, instead of the now-decommissioned pgsql-ports and
      pgsql-patches mailing lists.

 -- Martin Pitt <email address hidden>   Fri, 06 Feb 2009 23:10:40 +0100

Available diffs

Superseded in jaunty-release on 2009-02-06
postgresql-8.3 (8.3.5-2) experimental; urgency=low

  * Add 15-dict-fallback-dir.patch: If a tsearch/stem dictionary is
    not found in sharedir/tsearch_data/ll_cc.{dict,affix}, fall back
    to sharedir/tsearch_data/system_ll_cc.{dict,affix}, where
    postgresql-common creates them from system directories. (LP: #301770)

 -- Martin Pitt <email address hidden>   Sat, 06 Dec 2008 11:39:31 -0800

Available diffs

Superseded in jaunty-release on 2008-12-06
postgresql-8.3 (8.3.5-1) unstable; urgency=low

  * New upstream bug fix release:
    - Fix GiST index corruption due to marking the wrong index entry
      "dead" after a deletion. This would result in index searches failing to
      find rows they should have found.
    - Fix backend crash when the client encoding cannot represent a
      localized error message.
    - Fix possible crash in bytea-to-XML mapping.
    - Fix possible crash when deeply nested functions are invoked from a
      trigger.
    - Improve optimization of "expression" IN ("expression-list") queries.
    - Fix mis-expansion of rule queries when a sub-SELECT appears in a
      function call in FROM, a multi-row VALUES list, or a RETURNING list.
    - Fix Assert failure during rescan of an IS NULL search of a GiST
      index.
    - Fix memory leak during rescan of a hashed aggregation plan.
    - Ensure an error is reported when a newly-defined PL/pgSQL trigger
      function is invoked as a normal function.
    - Force a checkpoint before "CREATE DATABASE" starts to copy files.
      This prevents a possible failure if files had recently been deleted
      in the source database.
    - Prevent possible collision of relfilenode numbers when moving a
      table to another tablespace with "ALTER SET TABLESPACE". The command
      tried to re-use the existing filename, instead of picking one that is
      known unused in the destination directory.
    - Fix incorrect text search headline generation when single query
      item matches first word of text.
    - Fix improper display of fractional seconds in interval values when
      using a non-ISO datestyle.
    - Make ILIKE compare characters case-insensitively even when they're
      escaped.
    - Ensure "DISCARD" is handled properly by statement logging.
    - Fix incorrect logging of last-completed-transaction time during
      PITR recovery.
    - Ensure SPI_getvalue and SPI_getbinval behave correctly when the
      passed tuple and tuple descriptor have different numbers of columns.
      This situation is normal when a table has had columns added or
      removed, but these two functions didn't handle it properly. The
      only likely consequence is an incorrect error indication.
    - Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
      Slony on Windows.
    - Fix small memory leak when using libpq's gsslib parameter.
      The space used by the parameter string was not freed at connection
      close.
    - Ensure libgssapi is linked into libpq if needed.
    - Fix ecpg's parsing of "CREATE ROLE".
    - Fix recent breakage of pg_ctl restart.
  * 03-gettext-domains.patch: Unfuzz for new upstream version.
  * Drop -contrib's libdbd-pg-perl to Suggests:, since it is only really
    needed for bench.pl of the _int module. Changed description to point that
    out.
  * debian/control: Add explicit dependency to locales, to ensure that the
    locales package is configured before postgresql-8.3. Otherwise, the server
    fails to start up when locales is unpacked while postgresql-8.3 is
    configured. (LP: #280135)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  05 Nov 2008 10:46:00 +0000

Available diffs

Superseded in hardy-updates on 2009-02-16
Deleted in hardy-proposed on 2009-02-17 (Reason: moved to -updates)
postgresql-8.3 (8.3.5-0ubuntu0.8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #293758)
    - Fix GiST index corruption due to marking the wrong index entry
      "dead" after a deletion. This would result in index searches failing to
      find rows they should have found.
    - Fix backend crash when the client encoding cannot represent a
      localized error message.
    - Fix possible crash in bytea-to-XML mapping.
    - Fix possible crash when deeply nested functions are invoked from a
      trigger.
    - Improve optimization of "expression" IN ("expression-list") queries.
    - Fix mis-expansion of rule queries when a sub-SELECT appears in a
      function call in FROM, a multi-row VALUES list, or a RETURNING list.
    - Fix Assert failure during rescan of an IS NULL search of a GiST
      index.
    - Fix memory leak during rescan of a hashed aggregation plan.
    - Ensure an error is reported when a newly-defined PL/pgSQL trigger
      function is invoked as a normal function.
    - Force a checkpoint before "CREATE DATABASE" starts to copy files.
      This prevents a possible failure if files had recently been deleted
      in the source database.
    - Prevent possible collision of relfilenode numbers when moving a
      table to another tablespace with "ALTER SET TABLESPACE". The command
      tried to re-use the existing filename, instead of picking one that is
      known unused in the destination directory.
    - Fix incorrect text search headline generation when single query
      item matches first word of text.
    - Fix improper display of fractional seconds in interval values when
      using a non-ISO datestyle.
    - Make ILIKE compare characters case-insensitively even when they're
      escaped.
    - Ensure "DISCARD" is handled properly by statement logging.
    - Fix incorrect logging of last-completed-transaction time during
      PITR recovery.
    - Ensure SPI_getvalue and SPI_getbinval behave correctly when the
      passed tuple and tuple descriptor have different numbers of columns.
      This situation is normal when a table has had columns added or
      removed, but these two functions didn't handle it properly. The
      only likely consequence is an incorrect error indication.
    - Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
      Slony on Windows.
    - Fix small memory leak when using libpq's gsslib parameter.
      The space used by the parameter string was not freed at connection
      close.
    - Ensure libgssapi is linked into libpq if needed.
    - Fix ecpg's parsing of "CREATE ROLE".
    - Fix recent breakage of pg_ctl restart.
  * 03-gettext-domains.patch: Unfuzz for new upstream version.
  * debian/control: Add explicit dependency to ssl-cert and locales, to ensure
    that those packages are configured before postgresql-8.3. Otherwise, the
    server fails to start up when they are unpacked while postgresql-8.3 is
    configured. (see LP #280135)

 -- Martin Pitt <email address hidden>   Tue, 04 Nov 2008 20:38:23 +0100
Superseded in intrepid-updates on 2009-02-16
Deleted in intrepid-proposed on 2009-02-17 (Reason: moved to -updates)
postgresql-8.3 (8.3.5-0ubuntu8.10) intrepid-proposed; urgency=low

  * New upstream bug fix release: (LP: #293758)
    - Fix GiST index corruption due to marking the wrong index entry
      "dead" after a deletion. This would result in index searches failing to
      find rows they should have found.
    - Fix backend crash when the client encoding cannot represent a
      localized error message.
    - Fix possible crash in bytea-to-XML mapping.
    - Fix possible crash when deeply nested functions are invoked from a
      trigger.
    - Improve optimization of "expression" IN ("expression-list") queries.
    - Fix mis-expansion of rule queries when a sub-SELECT appears in a
      function call in FROM, a multi-row VALUES list, or a RETURNING list.
    - Fix Assert failure during rescan of an IS NULL search of a GiST
      index.
    - Fix memory leak during rescan of a hashed aggregation plan.
    - Ensure an error is reported when a newly-defined PL/pgSQL trigger
      function is invoked as a normal function.
    - Force a checkpoint before "CREATE DATABASE" starts to copy files.
      This prevents a possible failure if files had recently been deleted
      in the source database.
    - Prevent possible collision of relfilenode numbers when moving a
      table to another tablespace with "ALTER SET TABLESPACE". The command
      tried to re-use the existing filename, instead of picking one that is
      known unused in the destination directory.
    - Fix incorrect text search headline generation when single query
      item matches first word of text.
    - Fix improper display of fractional seconds in interval values when
      using a non-ISO datestyle.
    - Make ILIKE compare characters case-insensitively even when they're
      escaped.
    - Ensure "DISCARD" is handled properly by statement logging.
    - Fix incorrect logging of last-completed-transaction time during
      PITR recovery.
    - Ensure SPI_getvalue and SPI_getbinval behave correctly when the
      passed tuple and tuple descriptor have different numbers of columns.
      This situation is normal when a table has had columns added or
      removed, but these two functions didn't handle it properly. The
      only likely consequence is an incorrect error indication.
    - Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
      Slony on Windows.
    - Fix small memory leak when using libpq's gsslib parameter.
      The space used by the parameter string was not freed at connection
      close.
    - Ensure libgssapi is linked into libpq if needed.
    - Fix ecpg's parsing of "CREATE ROLE".
    - Fix recent breakage of pg_ctl restart.
  * 03-gettext-domains.patch: Unfuzz for new upstream version.

 -- Martin Pitt <email address hidden>   Tue, 04 Nov 2008 20:32:37 +0100

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
postgresql-8.3 (8.3.4-2.2) intrepid; urgency=low

  * debian/control: Add explicit dependency to locales, to ensure that the
    locales package is configured before postgresql-8.3. Otherwise, the server
    fails to start up when locales is unpacked while postgresql-8.3 is
    configured. (LP: #280135)

 -- Martin Pitt <email address hidden>   Sun, 19 Oct 2008 15:31:07 +0200

Available diffs

Superseded in intrepid-release on 2008-10-19
postgresql-8.3 (8.3.4-2.1) intrepid; urgency=low

  * Drop -contrib's libdbd-pg-perl to Suggests:, since it is only really
    needed for bench.pl of the _int module. Changed description to point that
    out.

 -- Martin Pitt <email address hidden>   Fri, 17 Oct 2008 18:39:14 +0200

Available diffs

Superseded in intrepid-release on 2008-10-17
postgresql-8.3 (8.3.4-2) unstable; urgency=medium

  * Urgency medium due to RC bug fix (breaks upgrades).
  * Add dependency to ssl-cert. This has always been implicitly there through
    postgresql-common, but when upgrading -8.3 and ssl-cert at the same time,
    apt does not ensure to configure ssl-cert before postgresql-8.3 if there
    is no direct dependency. (Closes: #501690)
  * debian/rules: Enable hardening when we build on Ubuntu. Lenny is too close
    to release, so we do not enable that yet for Debian. Add hardening-wrapper
    and lsb-release build dependencies for this.

 -- Martin Pitt <email address hidden>   Sat, 11 Oct 2008 14:28:34 +0200

Available diffs

Superseded in intrepid-release on 2008-10-11
postgresql-8.3 (8.3.4-1ubuntu1) intrepid; urgency=low

  * Upload current Debian bzr head to intrepid to get back in sync with
    Debian.
  * debian/rules: Enable hardening when we build on Ubuntu. Lenny is too close
    to release, so we do not enable that yet for Debian. Add hardening-wrapper
    and lsb-release build dependencies for this.

Available diffs

Superseded in intrepid-release on 2008-10-07
postgresql-8.3 (8.3.3-1ubuntu1) intrepid; urgency=low

  * debian/{control,rules}: enable PIE hardening

 -- Kees Cook <email address hidden>   Wed, 20 Aug 2008 15:55:29 -0700

Available diffs

Obsolete in gutsy-backports on 2011-09-16
postgresql-8.3 (8.3.3-1~gutsy1) gutsy-backports; urgency=low

  * Automated backport upload; no source changes.

Available diffs

Superseded in hardy-updates on 2008-11-24
Deleted in hardy-proposed on 2008-11-25 (Reason: moved to -updates)
postgresql-8.3 (8.3.3-0ubuntu0.8.04) hardy-proposed; urgency=low

  * New upstream bugfix release (note that 8.3.2 was never officially released
    due to the discovery of another major bug):
    - Make pg_get_ruledef() parenthesize negative constants.
      Before this fix, a negative constant in a view or rule might be
      dumped as, say, -42::integer, which is subtly incorrect: it should
      be (-42)::integer due to operator precedence rules. Usually this
      would make little difference, but it could interact with another
      recent patch to cause PostgreSQL to reject what had been a valid
      "SELECT DISTINCT" view query. Since this could result in pg_dump
      output failing to reload, it is being treated as a high-priority
      fix. The only released versions in which dump output is actually
      incorrect are 8.3.1 and 8.2.7.
    - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
      This oversight could lead to problems if the aggregate was later
      involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
    - Fix incorrect archive truncation point calculation for the %r macro
      in recovery_command parameters. This could lead to data loss if a
      warm-standby script relied on %r to decide when to throw away WAL
      segment files.
    - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
      is correctly checked to see if it's been initialized to all
      non-nulls.
    - Fix "REASSIGN OWNED" so that it works on procedural languages too.
    - Fix problems with "SELECT FOR UPDATE/SHARE" occurring as a subquery
      in a query with a non-"SELECT" top-level operation.
    - Fix possible "CREATE TABLE" failure when inheriting the "same"
      constraint from multiple parent relations that inherited that
      constraint from a common ancestor.
    - Fix pg_get_ruledef() to show the alias, if any, attached to the
      target table of an "UPDATE" or "DELETE".
    - Restore the pre-8.3 behavior that an out-of-range block number in a
      TID being used in a TidScan plan results in silently not matching
      any rows. 8.3.0 and 8.3.1 threw an error instead.
    - Fix GIN bug that could result in a too many LWLocks taken failure.
    - Fix broken GiST comparison function for tsquery.
    - Fix tsvector_update_trigger() and ts_stat() to accept domains over
      the types they expect to work with.
    - Fix failure to support enum data types as foreign keys.
    - Avoid possible crash when decompressing corrupted data.
    - Fix race conditions between delayed unlinks and "DROP DATABASE".
      In the worst case this could result in deleting a newly created
      table in a new database that happened to get the same OID as the
      recently-dropped one; but of course that is an extremely
      low-probability scenario.
    - Repair two places where SIGTERM exit of a backend could leave
      corrupted state in shared memory.
    - Fix possible crash due to incorrect plan generated for an x IN
      (SELECT y FROM ...) clause when "x" and "y" have different data
      types; and make sure the behavior is semantically correct when the
      conversion from "y"'s type to "x"'s type is lossy.
    - Fix oversight that prevented the planner from substituting known
      Param values as if they were constants.
    - Fix planner failure when an indexable MIN or MAX aggregate is used
      with DISTINCT or ORDER BY.
    - Fix planner to ensure it never uses a "physical tlist" for a plan
      node that is feeding a Sort node.
    - Avoid unnecessary copying of query strings.
    - Make TransactionIdIsCurrentTransactionId() use binary search
      instead of linear search when checking child-transaction XIDs.
      This fixes some cases in which 8.3.0 was significantly slower than
      earlier releases.
    - Fix conversions between ISO-8859-5 and other encodings to handle
      Cyrillic "Yo" characters (e and E with two dots).
    - Fix several datatype input functions, notably array_in(), that were
      allowing unused bytes in their results to contain uninitialized,
      unpredictable values. This could lead to failures in which two
      apparently identical literal values were not seen as equal, resulting in
      the parser complaining about unmatched ORDER BY and DISTINCT
      expressions.
    - Fix a corner case in regular-expression substring matching
      (substring(string from pattern)).
      The problem occurs when there is a match to the pattern overall but
      the user has specified a parenthesized subexpression and that
      subexpression hasn't got a match. An example is substring('foo'
      from 'foo(bar)?'). This should return NULL, since (bar) isn't
      matched, but it was mistakenly returning the whole-pattern match
      instead (ie, foo).
    - Prevent cancellation of an auto-vacuum that was launched to prevent
      XID wraparound.
    - Improve "ANALYZE"'s handling of in-doubt tuples (those inserted or
      deleted by a not-yet-committed transaction) so that the counts it
      reports to the stats collector are more likely to be correct.
    - Fix initdb to reject a relative path for its --xlogdir (-X) option.
    - Make psql print tab characters as an appropriate number of spaces,
      rather than \x09 as was done in 8.3.0 and 8.3.1.
    - Add ECPGget_PGconn() function to ecpglib. Dropped
      00upstream-ecpg-get-connection.patch, which backported this fix.
    - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
    - Fix handling of continuation line markers in ecpg.
    - Fix possible crashes in "contrib/cube" functions.
    - Fix core dump in "contrib/xml2"'s xpath_table() function when the
      input query returns a NULL value.

 -- Martin Pitt <email address hidden>   Mon, 09 Jun 2008 18:01:16 +0200

Available diffs

Superseded in intrepid-release on 2008-08-25
postgresql-8.3 (8.3.3-1) unstable; urgency=low

  * New upstream bugfix release (note that 8.3.2 was never officially released
    due to the discovery of another major bug):
    - Make pg_get_ruledef() parenthesize negative constants.
      Before this fix, a negative constant in a view or rule might be
      dumped as, say, -42::integer, which is subtly incorrect: it should
      be (-42)::integer due to operator precedence rules. Usually this
      would make little difference, but it could interact with another
      recent patch to cause PostgreSQL to reject what had been a valid
      "SELECT DISTINCT" view query. Since this could result in pg_dump
      output failing to reload, it is being treated as a high-priority
      fix. The only released versions in which dump output is actually
      incorrect are 8.3.1 and 8.2.7.
    - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
      This oversight could lead to problems if the aggregate was later
      involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
    - Fix incorrect archive truncation point calculation for the %r macro
      in recovery_command parameters. This could lead to data loss if a
      warm-standby script relied on %r to decide when to throw away WAL
      segment files.
    - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
      is correctly checked to see if it's been initialized to all
      non-nulls.
    - Fix "REASSIGN OWNED" so that it works on procedural languages too.
    - Fix problems with "SELECT FOR UPDATE/SHARE" occurring as a subquery
      in a query with a non-"SELECT" top-level operation.
    - Fix possible "CREATE TABLE" failure when inheriting the "same"
      constraint from multiple parent relations that inherited that
      constraint from a common ancestor.
    - Fix pg_get_ruledef() to show the alias, if any, attached to the
      target table of an "UPDATE" or "DELETE".
    - Restore the pre-8.3 behavior that an out-of-range block number in a
      TID being used in a TidScan plan results in silently not matching
      any rows. 8.3.0 and 8.3.1 threw an error instead.
    - Fix GIN bug that could result in a too many LWLocks taken failure.
    - Fix broken GiST comparison function for tsquery.
    - Fix tsvector_update_trigger() and ts_stat() to accept domains over
      the types they expect to work with.
    - Fix failure to support enum data types as foreign keys.
    - Avoid possible crash when decompressing corrupted data.
    - Fix race conditions between delayed unlinks and "DROP DATABASE".
      In the worst case this could result in deleting a newly created
      table in a new database that happened to get the same OID as the
      recently-dropped one; but of course that is an extremely
      low-probability scenario.
    - Repair two places where SIGTERM exit of a backend could leave
      corrupted state in shared memory.
    - Fix possible crash due to incorrect plan generated for an x IN
      (SELECT y FROM ...) clause when "x" and "y" have different data
      types; and make sure the behavior is semantically correct when the
      conversion from "y"'s type to "x"'s type is lossy.
    - Fix oversight that prevented the planner from substituting known
      Param values as if they were constants.
    - Fix planner failure when an indexable MIN or MAX aggregate is used
      with DISTINCT or ORDER BY.
    - Fix planner to ensure it never uses a "physical tlist" for a plan
      node that is feeding a Sort node.
    - Avoid unnecessary copying of query strings.
    - Make TransactionIdIsCurrentTransactionId() use binary search
      instead of linear search when checking child-transaction XIDs.
      This fixes some cases in which 8.3.0 was significantly slower than
      earlier releases.
    - Fix conversions between ISO-8859-5 and other encodings to handle
      Cyrillic "Yo" characters (e and E with two dots).
    - Fix several datatype input functions, notably array_in(), that were
      allowing unused bytes in their results to contain uninitialized,
      unpredictable values. This could lead to failures in which two
      apparently identical literal values were not seen as equal, resulting in
      the parser complaining about unmatched ORDER BY and DISTINCT
      expressions.
    - Fix a corner case in regular-expression substring matching
      (substring(string from pattern)).
      The problem occurs when there is a match to the pattern overall but
      the user has specified a parenthesized subexpression and that
      subexpression hasn't got a match. An example is substring('foo'
      from 'foo(bar)?'). This should return NULL, since (bar) isn't
      matched, but it was mistakenly returning the whole-pattern match
      instead (ie, foo).
    - Prevent cancellation of an auto-vacuum that was launched to prevent
      XID wraparound.
    - Improve "ANALYZE"'s handling of in-doubt tuples (those inserted or
      deleted by a not-yet-committed transaction) so that the counts it
      reports to the stats collector are more likely to be correct.
    - Fix initdb to reject a relative path for its --xlogdir (-X) option.
    - Make psql print tab characters as an appropriate number of spaces,
      rather than \x09 as was done in 8.3.0 and 8.3.1.
    - Add ECPGget_PGconn() function to ecpglib. Dropped
      00upstream-ecpg-get-connection.patch, which backported this fix.
    - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
    - Fix handling of continuation line markers in ecpg.
    - Fix possible crashes in "contrib/cube" functions.
    - Fix core dump in "contrib/xml2"'s xpath_table() function when the
      input query returns a NULL value.
  * Build against tcl 8.5.
  * debian/control: Fix bad wrapping in build dependencies.

 -- Martin Pitt <email address hidden>   Wed, 11 Jun 2008 20:43:07 +0200

Available diffs

Superseded in intrepid-release on 2008-06-11
postgresql-8.3 (8.3.1-2) unstable; urgency=low

  * debian/control: Change description of the metapackages from "latest
    available" to "currently supported", since after a distro release, the
    latest available upstream version changes, and thus this becomes slightly
    confusing.
  * debian/control: Add missing description of 'hstore' to p-contrib.
  * debian/control: Wrap build dependencies.
  * Add debian/patches/00upstream-ecpg-get-connection.patch: Backport change
    from upcoming 8.3.2 to add definition for ECPGget_PGconn().
    (Closes: #475184)
  * debian/postgresql-doc-8.3.doc-base: Update section, use "Data management"
    now.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  02 May 2008 02:23:00 +0100
Obsolete in feisty-backports on 2009-08-20
postgresql-8.3 (8.3.1-1~feisty1) feisty-backports; urgency=low

  * Automated backport upload; no source changes.

Superseded in gutsy-backports on 2008-07-11
postgresql-8.3 (8.3.1-1~gutsy1) gutsy-backports; urgency=low

  * Automated backport upload; no source changes.

Superseded in intrepid-release on 2008-05-03
Obsolete in hardy-release on 2015-04-24
postgresql-8.3 (8.3.1-1) unstable; urgency=low

  * New upstream bugfix release:
    - Repair corner-case bugs in "VACUUM FULL".
    - Fix misbehavior of foreign key checks involving character or bit
      columns.
    - Avoid needless deadlock failures in no-op foreign-key checks.
    - Fix possible core dump when re-planning a prepared query.
    - Fix possible failure when re-planning a query that calls an
      SPI-using function.
    - Fix failure in row-wise comparisons involving columns of different
      datatypes.
    - Fix longstanding "LISTEN"/"NOTIFY" race condition.
    - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction
      This was formerly allowed but trying to do it had various
      unpleasant consequences, notably that the originating backend could
      not exit as long as an "UNLISTEN" remained uncommitted.
    - Disallow dropping a temporary table within a prepared transaction
      This was correctly disallowed by 8.1, but the check was
      inadvertently broken in 8.2 and 8.3.
    - Fix rare crash when an error occurs during a query using a hash
      index.
    - Fix incorrect comparison of tsquery values.
    - Fix incorrect behavior of LIKE with non-ASCII characters in
      single-byte encodings. (Closes: #469180)
    - Disable xmlvalidate. This function should have been removed before 8.3
      release, but was inadvertently left in the source code. It poses a small
      security risk since unprivileged users could use it to read the first
      few characters of any file accessible to the server.
    - Fix memory leaks in certain usages of set-returning functions.
    - Make encode(bytea, 'escape') convert all high-bit-set byte values
      into \"nnn" octal escape sequences.
      This is necessary to avoid encoding problems when the database
      encoding is multi-byte. This change could pose compatibility issues
      for applications that are expecting specific results from encode.
    - Fix input of datetime values for February 29 in years BC.
      The former coding was mistaken about which years were leap years.
    . Fix "unrecognized node type" error in some variants of "ALTER
      OWNER".
    - Avoid tablespace permissions errors in "CREATE TABLE LIKE INCLUDING
      INDEXES".
    - Ensure pg_stat_activity.waiting flag is cleared when a lock wait is
      aborted.
    - Fix ecpg problems with arrays.
    - Fix pg_ctl to correctly extract the postmaster's port number from
      command-line options. Previously, pg_ctl start -w could try to contact
      the postmaster on the wrong port, leading to bogus reports of startup
      failure. (Closes: #358546)
    - Use "-fwrapv" to defend against possible misoptimization in recent
      gcc versions (4.3 and later).
  * debian/postgresql-8.3.init:
    - Remove erroneous 'S' from Should-Stop.
    - Require $remote_fs for startup, since postgresql needs /usr.
    - Thanks to Petter Reinholdtsen!
    - (Closes: #470935)

 -- Martin Pitt <email address hidden>   Fri,  21 Mar 2008 10:54:00 +0000
Superseded in feisty-backports on 2008-03-28
Superseded in feisty-backports on 2008-02-13
postgresql-8.3 (8.3.0-1~feisty1) feisty-backports; urgency=low

  * Automated backport upload; no source changes.

Superseded in gutsy-backports on 2008-03-28
Superseded in gutsy-backports on 2008-02-13
Superseded in gutsy-backports on 2008-02-13
postgresql-8.3 (8.3.0-1~gutsy1) gutsy-backports; urgency=low

  * Automated backport upload; no source changes.

Superseded in hardy-release on 2008-03-21
postgresql-8.3 (8.3.0-1) unstable; urgency=low

  * Final 8.3.0 release. (Closes: #462070)
  * debian/watch: Update for a currently working mirror. (Closes: #462821)
  * Add debian/patches/14-pg_config-paths.patch: Disable PostgreSQL's
    automagic path mangling and fix libdir for pg_config, so that pg_config in
    /usr/bin and /usr/lib/postgresql/8.3/bin behave identically.
    (Closes: #462037)

 -- Martin Pitt <email address hidden>   Tue,  05 Feb 2008 11:15:24 +0000
Superseded in hardy-release on 2008-02-05
postgresql-8.3 (8.3~rc2-1) unstable; urgency=low

  * Second release candidate of PostgreSQL 8.3. Upload to unstable now, the
    database format is not likely to change any more, and we want more
    widespread testing now.
  * debian/control: Build the versionless metapackages from this source now
    and let them point to 8.3.
  * debian/postgresql-server-dev-8.3.install: Do not ship pg_config.1, it's
    already shipped by libpq-dev. (Closes: #459746)
  * debian/rules: Stop postgresql at priority 21, not 19, so that services at
    runlevel 20 which use postgresql (such as postfix, pdns) can shutdown
    cleanly. Do the transition on upgrades, too
    (debian/postgresql-8.3.postinst). (Closes: #447063)
  * debian/rules: set SYSCONFDIR to /etc/postgresql-common, so that
    pg_service.conf is searched there. (Closes: #439026)
  * Add debian/patches/13-pg_service.conf_directory_doc.patch: Change
    documentation comment in sample pg_service.conf to point to Debian's
    sysconfdir (/etc/postgresql-common) instead of /usr/local/pgsql/etc.
  * Fix dependencies of libecpg-dev.

162 of 62 results