Format: 1.8 Date: Wed, 19 Feb 2014 10:15:39 +0100 Source: postgresql-9.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.3 postgresql-9.3-dbg postgresql-client-9.3 postgresql-server-dev-9.3 postgresql-doc-9.3 postgresql-contrib-9.3 postgresql-plperl-9.3 postgresql-plpython-9.3 postgresql-plpython3-9.3 postgresql-pltcl-9.3 Architecture: i386 all i386_translations Version: 9.3.3-1 Distribution: trusty-proposed Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.3 - object-relational SQL database, version 9.3 server postgresql-9.3-dbg - debug symbols for postgresql-9.3 postgresql-client-9.3 - front-end programs for PostgreSQL 9.3 postgresql-contrib-9.3 - additional facilities for PostgreSQL postgresql-doc-9.3 - documentation for the PostgreSQL database management system postgresql-plperl-9.3 - PL/Perl procedural language for PostgreSQL 9.3 postgresql-plpython-9.3 - PL/Python procedural language for PostgreSQL 9.3 postgresql-plpython3-9.3 - PL/Python 3 procedural language for PostgreSQL 9.3 postgresql-pltcl-9.3 - PL/Tcl procedural language for PostgreSQL 9.3 postgresql-server-dev-9.3 - development files for PostgreSQL 9.3 server-side programming Closes: 646245 Launchpad-Bugs-Fixed: 991725 Changes: postgresql-9.3 (9.3.3-1) unstable; urgency=medium . [ Christoph Berg ] * New upstream security/bugfix release. . + Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) . Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) . + Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) . The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) . + Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) . If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) . + Prevent buffer overrun with long datetime strings (Noah Misch) . The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) . + Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) . Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) . + Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) . Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) . + Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) . There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066) . + Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) . Since the temporary server started by make check uses "trust" authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) . + Rework tuple freezing protocol (Álvaro Herrera, Andres Freund) . The logic for tuple freezing was unable to handle some cases involving freezing of multixact IDs, with the practical effect that shared row-level locks might be forgotten once old enough. . Fixing this required changing the WAL record format for tuple freezing. While this is no issue for standalone servers, when using replication it means that standby servers must be upgraded to 9.3.3 or later before their masters are. An older standby will be unable to interpret freeze records generated by a newer master, and will fail with a PANIC message. (In such a case, upgrading the standby should be sufficient to let it resume execution.) . * The upstream tarballs no longer contain a plain HISTORY file, but point to the html documentation. Note the location of these files in our changelog.gz file. * Teach configure to find tclsh8.6 where tclsh is not available. . [ Martin Pitt ] * Build with LINUX_OOM_SCORE_ADJ=0 instead of the older LINUX_OOM_ADJ=0. All relevant distro releases (>= squeeze/lucid) use kernels which support /proc/pid/oom_score_adj, so avoid the dmesg warnings. (Closes: #646245, LP: #991725) * Bump Standards-Version to 3.9.5 (no changes necessary). * Build with tcl8.6 where available (>= Jessie, >= trusty). Checksums-Sha1: 9767e90a7c14dbbfae7b09a3ef64af76f2bb20cf 167980 libpq-dev_9.3.3-1_i386.deb 2c82a8cbf5eea00607b6d43cdc69f5a8b7135518 78718 libpq5_9.3.3-1_i386.deb fdb281870d32ee951a466d95c0f47da9a64ec231 34682 libecpg6_9.3.3-1_i386.deb 27651a9979bc8b3d09a39b80d3b9309cb0ba2966 203946 libecpg-dev_9.3.3-1_i386.deb b8322f31eefb1a657f62a3c3c2f628325bbcf9dc 11006 libecpg-compat3_9.3.3-1_i386.deb ba9a9db2391901ab4b2b865d3e095aa6510b7799 38588 libpgtypes3_9.3.3-1_i386.deb 26e87ee0d7e8826b8c5dc00383905fa25878303d 2600494 postgresql-9.3_9.3.3-1_i386.deb cb487beeae3291129ef78d5c68571e83baecd633 6841916 postgresql-9.3-dbg_9.3.3-1_i386.deb 3481054b67d7397dd5d37936deeb0d2eb5a887d0 761500 postgresql-client-9.3_9.3.3-1_i386.deb 6c5a874da67a5bd4f4cd4a7846d4de58e957d920 595132 postgresql-server-dev-9.3_9.3.3-1_i386.deb bcdcbcf2b0a8b51a2174ba9fe55097c6ae44372d 1741426 postgresql-doc-9.3_9.3.3-1_all.deb b6930e839e8a24e74cf846de0899dc2ba505f796 391214 postgresql-contrib-9.3_9.3.3-1_i386.deb 06f6732944b9d1e0e1912c0f93cdb946fde201e0 36462 postgresql-plperl-9.3_9.3.3-1_i386.deb 6850b1482b1cc5ef91c75b08ed5b510f86899fcd 36678 postgresql-plpython-9.3_9.3.3-1_i386.deb 64c6438a7f46bbcbde060774d6dd81bb1ba72d45 36304 postgresql-plpython3-9.3_9.3.3-1_i386.deb dacb2ab8f23455dd5aba3f4ef3eccd088e3a06f5 20982 postgresql-pltcl-9.3_9.3.3-1_i386.deb 083762ac82b2446e2f609d98e58d0c74dc7fdf55 5055347 postgresql-9.3_9.3.3-1_i386_translations.tar.gz Checksums-Sha256: 0953a80431e5525c167124be935372993e22b1fd8e092cdca2bf19d64643c745 167980 libpq-dev_9.3.3-1_i386.deb 21f8ccd9328f5dd69d4c280c04a8d2ea1cce72bd229c959f841f7fce5bd4d07e 78718 libpq5_9.3.3-1_i386.deb b805d5629fa5116fe34e08fb10dd1c8cecdba8b43f2433dae7d9f150528ed4e3 34682 libecpg6_9.3.3-1_i386.deb 9d385d7f59e96dbc01becf03a6ebd83ca2eee58829028beaf40a9e241ab87002 203946 libecpg-dev_9.3.3-1_i386.deb 84a57b0f09f8231e7175bd8885960760a4dd20b74297b64f9af2217418dbbf2c 11006 libecpg-compat3_9.3.3-1_i386.deb df2b887aaf9e7da931375d04c8489ffadc33c99ea4efc6ed0d1cf3651c060925 38588 libpgtypes3_9.3.3-1_i386.deb 31b8fe78deaf2502f30f29553044c494313dc35cc4472ba1c5a0806e0048dd76 2600494 postgresql-9.3_9.3.3-1_i386.deb c112c80b36e85f17403190aa4c749536e4dedb5fa4e2153a1fd119e80fbcb3be 6841916 postgresql-9.3-dbg_9.3.3-1_i386.deb b286c6e87c95e2f0173e4e4609a96d15b6fdd26145e08c463cb89999457217f8 761500 postgresql-client-9.3_9.3.3-1_i386.deb e17515fdf7f5915f498f9e1a110ce88ce5056239f6f4370a247113c92bf194aa 595132 postgresql-server-dev-9.3_9.3.3-1_i386.deb 18b72bc082598ecbc0f8e508347c4712a4f4a5a91996fa83127116f51e7d75ef 1741426 postgresql-doc-9.3_9.3.3-1_all.deb 30d8c8f69195d7a31bff2efc44e877a7b85d52107e69e8e0472a68be8629f902 391214 postgresql-contrib-9.3_9.3.3-1_i386.deb f534b63bb2cd5f1aeadbf5c6a5398602b493b67817bec87801039bba7fbad204 36462 postgresql-plperl-9.3_9.3.3-1_i386.deb 4c98eecf2d2f3e79451c501fce5ab3af0e4983fab52a874c38b0728d824f9b7b 36678 postgresql-plpython-9.3_9.3.3-1_i386.deb f85fd297887db3760a3fb08d5e7eea32507dae02a9c7d038f2d40341bb7acec4 36304 postgresql-plpython3-9.3_9.3.3-1_i386.deb 1c958bb570a34a4e8f6de12ccabd7f99c21a5a92cbabd969b959cfee99bf0e2b 20982 postgresql-pltcl-9.3_9.3.3-1_i386.deb 1768ecd8c3b9455a0cb1ba33a1a119e7e63aef2a7c28390e0f9cd2780b97ea21 5055347 postgresql-9.3_9.3.3-1_i386_translations.tar.gz Files: 67f53904792ac87ea218a1ad1035746a 167980 libdevel optional libpq-dev_9.3.3-1_i386.deb 7aa7171be960f01e12ad9b950b0bb7c3 78718 libs optional libpq5_9.3.3-1_i386.deb c1188d10f9a59e5ef703bcfb07c681f2 34682 libs optional libecpg6_9.3.3-1_i386.deb e6b82cbbdbcb99fe9d5219404c668533 203946 libdevel optional libecpg-dev_9.3.3-1_i386.deb 3d9bce176a508005fc36284f197a8ded 11006 libs optional libecpg-compat3_9.3.3-1_i386.deb aaac2cce7b9657629ffcdee0fc8dc9f4 38588 libs optional libpgtypes3_9.3.3-1_i386.deb 9af4beae75294838de8b93f342267ba6 2600494 database optional postgresql-9.3_9.3.3-1_i386.deb c52970c899094ac9147a28014ef0c870 6841916 debug extra postgresql-9.3-dbg_9.3.3-1_i386.deb fe3c243254d09874f3560635c28edc4e 761500 database optional postgresql-client-9.3_9.3.3-1_i386.deb dd7e2d3ca781e6f5e76a7bc5b20ccd9f 595132 libdevel optional postgresql-server-dev-9.3_9.3.3-1_i386.deb 4ef28aab4fa10829a821e7808aa2d963 1741426 doc optional postgresql-doc-9.3_9.3.3-1_all.deb 8adb7c4e4e87498c02beb98941187c1b 391214 database optional postgresql-contrib-9.3_9.3.3-1_i386.deb 71d87013a69c2b62cce3d739c2c2aebb 36462 database optional postgresql-plperl-9.3_9.3.3-1_i386.deb e280a274b4fc67194b3dd730e6b6538f 36678 database optional postgresql-plpython-9.3_9.3.3-1_i386.deb a4e2331cd25f71487922a16bded4ad6c 36304 database optional postgresql-plpython3-9.3_9.3.3-1_i386.deb 5ee7c652791e2eb176f32a4b027daa39 20982 database optional postgresql-pltcl-9.3_9.3.3-1_i386.deb 92a1e4d7898127811a79011bf30a22bc 5055347 raw-translations - postgresql-9.3_9.3.3-1_i386_translations.tar.gz