-
postgresql-8.3 (8.3.12-0ubuntu9.04) jaunty-security; urgency=low
* New upstream security/bug fix release: (LP: #655293)
- Use a separate interpreter for each calling SQL userid in PL/Perl
and PL/Tcl.
This change prevents security problems that can be caused by
subverting Perl or Tcl code that will be executed later in the same
session under another SQL user identity (for example, within a
SECURITY DEFINER function). Most scripting languages offer numerous
ways that that might be done, such as redefining standard functions
or operators called by the target function. Without this change,
any SQL user with Perl or Tcl language usage rights can do
essentially anything with the SQL privileges of the target
function's owner.
The cost of this change is that intentional communication among
Perl and Tcl functions becomes more difficult. To provide an escape
hatch, PL/PerlU and PL/TclU functions continue to use only one
interpreter per session. This is not considered a security issue
since all such functions execute at the trust level of a database
superuser already.
It is likely that third-party procedural languages that claim to
offer trusted execution have similar security issues. We advise
contacting the authors of any PL you are depending on for
security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue
(CVE-2010-3433).
- Prevent possible crashes in pg_get_expr() by disallowing it from
being called with an argument that is not one of the system catalog
columns it's intended to be used with.
- Fix incorrect usage of non-strict OR joinclauses in Append
indexscans.
This is a back-patch of an 8.4 fix that was missed in the 8.3
branch. This corrects an error introduced in 8.3.8 that could cause
incorrect results for outer joins when the inner relation is an
inheritance tree or UNION ALL subquery.
- Fix possible duplicate scans of UNION ALL member relations.
- Fix "cannot handle unplanned sub-select" error.
This occurred when a sub-select contains a join alias reference
that expands into an expression containing another sub-select.
- Fix failure to mark cached plans as transient.
If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
progress for one of the referenced tables, it is supposed to be
re-planned once the index is ready for use. This was not happening
reliably.
- Reduce PANIC to ERROR in some occasionally-reported btree failure
cases, and provide additional detail in the resulting error
messages.
This should improve the system's robustness with corrupted indexes.
- Prevent show_session_authorization() from crashing within
autovacuum processes.
- Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype.
- Fix possible failure when hashing a pass-by-reference function
result.
- Improve merge join's handling of NULLs in the join columns.
A merge join can now stop entirely upon reaching the first NULL, if
the sort order is such that NULLs sort high.
- Take care to fsync the contents of lockfiles (both "postmaster.pid"
and the socket lockfile) while writing them.
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from
succeeding, until the lockfile is manually removed.
- Avoid recursion while assigning XIDs to heavily-nested
subtransactions.
The original coding could result in a crash if there was limited
stack space.
- Avoid holding open old WAL segments in the walwriter process.
The previous coding would prevent removal of no-longer-needed
segments.
- Fix log_line_prefix's %i escape, which could produce junk early in
backend startup.
- Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
when archiving is enabled.
- Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
be interrupted by query-cancel.
- Fix "REASSIGN OWNED" to handle operator classes and families.
- Fix possible core dump when comparing two empty tsquery values.
- Fix LIKE's handling of patterns containing % followed by _.
We've fixed this before, but there were still some
incorrectly-handled cases.
- In PL/Python, defend against null pointer results from
PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
- Make psql recognize "DISCARD ALL" as a command that should not be
encased in a transaction block in autocommit-off mode.
- Fix ecpg to process data from RETURNING clauses correctly.
- Improve "contrib/dblink"'s handling of tables containing dropped
columns.
- Fix connection leak after "duplicate connection name" errors in
"contrib/dblink".
- Fix "contrib/dblink" to handle connection names longer than 62
bytes correctly.
- Add hstore(text, text) function to "contrib/hstore".
This function is the recommended substitute for the now-deprecated
=> operator. It was back-patched so that future-proofed code can be
used with older server versions. Note that the patch will be
effective only after "contrib/hstore" is installed or reinstalled
in a particular database. Users might prefer to execute the "CREATE
FUNCTION" command by hand, instead.
- Update build infrastructure and documentation to reflect the source
code repository's move from CVS to Git.
-- Martin Pitt <email address hidden> Wed, 06 Oct 2010 09:44:46 +0200
-
postgresql-8.3 (8.3.11-0ubuntu9.04) jaunty-security; urgency=low
* New upstream security/bug fix release:
- Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm".
Recent developments have convinced us that "Safe.pm" is too
insecure to rely on for making plperl trustable. This change
removes use of "Safe.pm" altogether, in favor of using a separate
interpreter with an opcode mask that is always applied. Pleasant
side effects of the change include that it is now possible to use
Perl's strict pragma in a natural way in plperl, and that Perl's $a
and $b variables work as expected in sort routines, and that
function compilation is significantly faster. (CVE-2010-1169)
- Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
PL/Tcl's feature for autoloading Tcl code from a database table
could be exploited for trojan-horse attacks, because there was no
restriction on who could create or insert into that table. This
change disables the feature unless pltcl_modules is owned by a
superuser. (However, the permissions on the table are not checked,
so installations that really need a less-than-secure modules table
can still grant suitable privileges to trusted non-superusers.)
Also, prevent loading code into the unrestricted "normal" Tcl
interpreter unless we are really going to execute a pltclu
function. (CVE-2010-1170)
- Fix possible crash if a cache reset message is received during
rebuild of a relcache entry.
This error was introduced in 8.3.10 while fixing a related failure.
- Apply per-function GUC settings while running the language
validator for the function.
This avoids failures if the function's code is invalid without the
setting; an example is that SQL functions may not parse if the
search_path is not correct.
- Do not allow an unprivileged user to reset superuser-only parameter
settings.
Previously, if an unprivileged user ran ALTER USER ... RESET ALL
for himself, or ALTER DATABASE ... RESET ALL for a database he
owns, this would remove all special parameter settings for the user
or database, even ones that are only supposed to be changeable by a
superuser. Now, the "ALTER" will only remove the parameters that
the user has permission to change.
- Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries.
In some cases the context-printing function would fail because the
current transaction had already been rolled back when it came time
to print a log message.
- Ensure the archiver process responds to changes in archive_command
as soon as possible.
- Update pl/perl's "ppport.h" for modern Perl versions.
- Fix assorted memory leaks in pl/python.
- Prevent infinite recursion in psql when expanding a variable that
refers to itself.
- Fix psql's \copy to not add spaces around a dot within \copy
(select ...).
Addition of spaces around the decimal point in a numeric literal
would result in a syntax error.
- Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators.
- Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly.
-- Martin Pitt <email address hidden> Sat, 15 May 2010 14:07:21 +0200
-
postgresql-8.3 (8.3.10-0ubuntu9.04.1) jaunty-security; urgency=low
* no change rebuild for -security
postgresql-8.3 (8.3.10-0ubuntu9.04) jaunty-proposed; urgency=low
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible deadlock during backend startup.
- Fix possible crashes due to not handling errors during relcache
reload cleanly.
- Fix possible crash due to use of dangling pointer to a cached plan.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split.
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442). (Closes: #567058)
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix assorted crashes in xml processing caused by sloppy memory
management.
This is a back-patch of changes first applied in 8.4. The 8.3 code
was known buggy, but the new code was sufficiently different to not
want to back-patch it until it had gotten some field testing.
- Fix bug with trying to update a field of an element of a
composite-type array column.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno.
This is reportedly possible with some Windows versions of openssl.
- Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly.
- Make ecpg report the proper SQLSTATE if the connection disappears.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT".
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Ensure PL/Tcl initializes the Tcl interpreter fully.
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Allow zero-dimensional arrays in "contrib/ltree" operations.
This case was formerly rejected as an error, but it's more
convenient to treat it the same as a zero-element array. In
particular this avoids unnecessary failures when an ltree operation
is applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
-- Jamie Strandboge <email address hidden> Tue, 27 Apr 2010 10:15:08 -0500
-
postgresql-8.3 (8.3.10-0ubuntu9.04) jaunty-proposed; urgency=low
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible deadlock during backend startup.
- Fix possible crashes due to not handling errors during relcache
reload cleanly.
- Fix possible crash due to use of dangling pointer to a cached plan.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split.
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442). (Closes: #567058)
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix assorted crashes in xml processing caused by sloppy memory
management.
This is a back-patch of changes first applied in 8.4. The 8.3 code
was known buggy, but the new code was sufficiently different to not
want to back-patch it until it had gotten some field testing.
- Fix bug with trying to update a field of an element of a
composite-type array column.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno.
This is reportedly possible with some Windows versions of openssl.
- Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly.
- Make ecpg report the proper SQLSTATE if the connection disappears.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT".
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Ensure PL/Tcl initializes the Tcl interpreter fully.
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Allow zero-dimensional arrays in "contrib/ltree" operations.
This case was formerly rejected as an error, but it's more
convenient to treat it the same as a zero-element array. In
particular this avoids unnecessary failures when an ltree operation
is applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
-- Martin Pitt <email address hidden> Wed, 07 Apr 2010 18:45:05 +0200
-
postgresql-8.3 (8.3.9-0ubuntu9.04) jaunty-security; urgency=low
* New upstream security/bug fix release: (LP: #496923)
- Protect against indirect security threats caused by index functions
changing session-local state. This change prevents allegedly-immutable
index functions from possibly subverting a superuser's session
(CVE-2009-4136).
- Reject SSL certificates containing an embedded null byte in the
common name (CN) field. This prevents unintended matching of a
certificate to a server or client name during SSL validation
(CVE-2009-4034).
- Fix possible crash during backend-startup-time cache initialization.
- Avoid crash on empty thesaurus dictionary.
- Prevent signals from interrupting VACUUM at unsafe times.
- Fix possible crash due to integer overflow in hash table size
calculation.
- Fix very rare crash in inet/cidr comparisons.
- Ensure that shared tuple-level locks held by prepared transactions
are not ignored.
- Fix premature drop of temporary files used for a cursor that is
accessed within a subtransaction.
- Fix memory leak in syslogger process when rotating to a new CSV
logfile.
- Fix incorrect logic for GiST index page splits, when the split
depends on a non-first column of the index.
- Don't error out if recycling or removing an old WAL file fails at
the end of checkpoint. It's better to treat the problem as non-fatal and
allow the checkpoint to complete. Future checkpoints will retry the
removal. Such problems are not expected in normal operation, but have
been seen to be caused by misdesigned Windows anti-virus and backup
software.
- Fix PAM password processing to be more robust.
- Raise the maximum authentication token (Kerberos ticket) size in
GSSAPI and SSPI authentication methods. While the old 2000-byte limit
was more than enough for Unix Kerberos implementations, tickets issued
by Windows Domain Controllers can be much larger.
- Re-enable collection of access statistics for sequences. This used to
work but was broken in 8.3.
- Fix processing of ownership dependencies during CREATE OR REPLACE
FUNCTION.
- Fix incorrect handling of WHERE "x"="x" conditions.
In some cases these could get ignored as redundant, but they aren't
-- they're equivalent to "x" IS NOT NULL.
- Make text search parser accept underscores in XML attributes.
- Fix encoding handling in xml binary input. If the XML header doesn't
specify an encoding, we now assume UTF-8 by default; the previous
handling was inconsistent.
- Fix bug with calling plperl from plperlu or vice versa.
- Fix session-lifespan memory leak when a PL/Perl function is
redefined.
- Ensure that Perl arrays are properly converted to PostgreSQL arrays
when returned by a set-returning PL/Perl function.
- Fix rare crash in exception processing in PL/Python.
- Make the postmaster ignore any application_name parameter in
connection request packets, to improve compatibility with future
libpq versions.
-- Martin Pitt <email address hidden> Tue, 15 Dec 2009 14:42:30 +0100
-
postgresql-8.3 (8.3.8-0ubuntu9.04) jaunty-security; urgency=low
* New upstream security/bug fix release: (LP: #430544)
- Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
security-definer functions. This covers a case that was missed in the
previous patch that disallowed "SET ROLE" and "SET SESSION
AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
- Force WAL segment switch during pg_start_backup(). This avoids corner
cases that could render a base backup unusable.
- Make "LOAD" of an already-loaded loadable module into a no-op.
Formerly, "LOAD" would attempt to unload and re-load the module,
but this is unsafe and not all that useful.
- Disallow empty passwords during LDAP authentication.
- Fix handling of sub-SELECTs appearing in the arguments of an
outer-level aggregate function.
- Fix bugs associated with fetching a whole-row value from the output
of a Sort or Materialize plan node.
- Prevent synchronize_seqscans from changing the results of
scrollable and WITH HOLD cursors.
- Revert planner change that disabled partial-index and constraint
exclusion optimizations when there were more than 100 clauses in an
AND or OR list.
- Fix hash calculation for data type interval. This corrects wrong results
for hash joins on interval values. It also changes the contents of hash
indexes on interval columns. If you have any such indexes, you must
"REINDEX" them after updating.
- Treat to_char(..., 'TH') as an uppercase ordinal suffix with
'HH'/'HH12'. It was previously handled as 'th' (lowercase).
- Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
and integer datetimes are in use.
- Fix calculation of distance between a point and a line segment.
This led to incorrect results from a number of geometric operators.
- Fix money data type to work in locales where currency amounts have
no fractional digits, e.g. Japan.
- Fix LIKE for case where pattern contains %_.
- Properly round datetime input like 00:12:57.9999999999999999999999999999.
- Fix memory leaks in XML operations.
- Fix poor choice of page split point in GiST R-tree operator classes.
- Ensure that a "fast shutdown" request will forcibly terminate open
sessions, even if a "smart shutdown" was already in progress.
- Avoid performance degradation in bulk inserts into GIN indexes when
the input values are (nearly) in sorted order.
- Correctly enforce NOT NULL domain constraints in some contexts in
PL/pgSQL.
- Fix portability issues in plperl initialization.
- Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
empty.
- Improve pg_dump's efficiency when there are many large objects.
- Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
- Make pg_standby's maxretries option behave as documented.
- Make "contrib/hstore" throw an error when a key or value is too
long to fit in its data structure, rather than silently truncating
it.
- Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
number of parameters (twenty).
- Improve robustness of libpq's code to recover from errors during
"COPY FROM STDIN".
-- Martin Pitt <email address hidden> Wed, 16 Sep 2009 11:15:21 +0200
-
postgresql-8.3 (8.3.7-1) unstable; urgency=low
* New upstream bug fix release:
- Prevent error recursion crashes when encoding conversion fails.
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation. (Closes: #517405)
- Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function. This prevents one possible scenario for
encoding conversion failure. The previous change is a backstop to guard
against other kinds of failures in the same area.
- Fix xpath() to not modify the path expression unless necessary, and
to make a saner attempt at it when necessary.
The SQL standard suggests that xpath should work on data that is a
document fragment, but libxml doesn't support that, and indeed it's
not clear that this is sensible according to the XPath standard.
xpath attempted to work around this mismatch by modifying both the
data and the path expression, but the modification was buggy and
could cause valid searches to fail. Now, xpath checks whether the
data is in fact a well-formed document, and if so invokes libxml
with no change to the data or path expression. Otherwise, a
different modification method that is somewhat less likely to fail
is used.
Note: The new modification method is still not 100% satisfactory,
and it seems likely that no real solution is possible. This patch
should therefore be viewed as a band-aid to keep from breaking
existing applications unnecessarily. It is likely that PostgreSQL
8.4 will simply reject use of xpath on data that is not a
well-formed document.
- Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument.
- Fix extreme inefficiency in text search parser's handling of an
email-like string containing multiple @ characters.
- Fix planner problem with sub-"SELECT" in the output list of a
larger subquery.
- Fix decompilation of CASE WHEN with an implicit coercion.
- Fix possible misassignment of the owner of a TOAST table's rowtype.
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
- Change "UNLISTEN" to exit quickly if the current session has never
executed any "LISTEN" command.
Most of the time this is not a particularly useful optimization,
but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
caused a substantial performance problem for applications that made
heavy use of "DISCARD ALL".
- Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
clause anywhere in the string, not only at the start; in
particular, don't fail for "INSERT INTO" within "CREATE RULE".
- Clean up PL/pgSQL error status variables fully at block exit.
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
- Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)
* debian/postgresql-8.3.init: Drop obsolete autovac-* commands.
(Closes: #519582)
* debian/rules: Enable build hardening on Debian now. Drop lsb-release build
dependency, since we do not need it any more.
-- Martin Pitt <email address hidden> Fri, 20 Mar 2009 02:24:20 +0000
-
postgresql-8.3 (8.3.6-1build1) jaunty; urgency=low
* No-change rebuild against python 2.6.
-- Steve Langasek <email address hidden> Wed, 04 Mar 2009 19:16:05 +0000
-
postgresql-8.3 (8.3.6-1) unstable; urgency=low
* New upstream bug fix release:
- Make "DISCARD ALL" release advisory locks, in addition to
everything it already did. This was decided to be the most
appropriate behavior. This could affect existing applications,
however.
- Fix whole-index GiST scans to work correctly. This error could
cause rows to be lost if a table is clustered on a GiST index.
- Fix crash of xmlconcat(NULL).
- Fix possible crash in ispell dictionary if high-bit-set characters
are used as flags. This is known to be done by one widely
available Norwegian dictionary, and the same condition may exist
in others. (Closes: #513580)
- Fix misordering of pg_dump output for composite types. The most
likely problem was for user-defined operator classes to be
dumped after indexes or views that needed them.
- Improve handling of URLs in headline() function.
- Improve handling of overlength headlines in headline() function.
- Prevent possible Assert failure or misconversion if an encoding
conversion is created with the wrong conversion function for the
specified pair of encodings.
- Fix possible Assert failure if a statement executed in PL/pgSQL is
rewritten into another kind of statement, for example if an
"INSERT" is rewritten into an "UPDATE".
- Ensure that a snapshot is available to datatype input functions.
This primarily affects domains that are declared with CHECK
constraints involving user-defined stable or immutable functions.
Such functions typically fail if no snapshot has been set.
- Make it safer for SPI-using functions to be used within datatype
I/O; in particular, to be used in domain check constraints.
- Avoid unnecessary locking of small tables in "VACUUM".
- Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE"
from being recognized by active sessions.
- Fix a problem that made UPDATE RETURNING tableoid return zero
instead of the correct OID.
- Allow functions declared as taking ANYARRAY to work on the
pg_statistic columns of that type.
This used to work, but was unintentionally broken in 8.3.
- Fix planner misestimation of selectivity when transitive equality
is applied to an outer-join clause.
This could result in bad plans for queries like ... from a left
join b on a.a1 = b.b1 where a.a1 = 42 ...
- Improve optimizer's handling of long IN lists. This change
avoids wasting large amounts of time on such lists when
constraint exclusion is enabled.
- Prevent synchronous scan during GIN index build. Because GIN is
optimized for inserting tuples in increasing TID order, choosing
to use a synchronous scan could slow the build by a factor of
three or more.
- Ensure that the contents of a holdable cursor don't depend on the
contents of TOAST tables. Previously, large field values in a
cursor result might be represented as TOAST pointers, which
would fail if the referenced table got dropped before the cursor
is read, or if the large value is deleted and then vacuumed
away. This cannot happen with an ordinary cursor, but it could
with a cursor that is held past its creating transaction.
- Fix memory leak when a set-returning function is terminated without
reading its whole result.
- Fix encoding conversion problems in XML functions when the database
encoding isn't UTF-8.
- Fix "contrib/dblink"'s dblink_get_result(text,bool) function.
- Fix possible garbage output from "contrib/sslinfo" functions.
- Fix incorrect behavior of "contrib/tsearch2" compatibility trigger
when it's fired more than once in a command.
- Fix possible mis-signaling in autovacuum.
- Fix ecpg's handling of varchar structs.
- Make all documentation reference pgsql-bugs and/or pgsql-hackers as
appropriate, instead of the now-decommissioned pgsql-ports and
pgsql-patches mailing lists.
-- Martin Pitt <email address hidden> Fri, 06 Feb 2009 23:10:40 +0100
-
postgresql-8.3 (8.3.5-2) experimental; urgency=low
* Add 15-dict-fallback-dir.patch: If a tsearch/stem dictionary is
not found in sharedir/tsearch_data/ll_cc.{dict,affix}, fall back
to sharedir/tsearch_data/system_ll_cc.{dict,affix}, where
postgresql-common creates them from system directories. (LP: #301770)
-- Martin Pitt <email address hidden> Sat, 06 Dec 2008 11:39:31 -0800
-
postgresql-8.3 (8.3.5-1) unstable; urgency=low
* New upstream bug fix release:
- Fix GiST index corruption due to marking the wrong index entry
"dead" after a deletion. This would result in index searches failing to
find rows they should have found.
- Fix backend crash when the client encoding cannot represent a
localized error message.
- Fix possible crash in bytea-to-XML mapping.
- Fix possible crash when deeply nested functions are invoked from a
trigger.
- Improve optimization of "expression" IN ("expression-list") queries.
- Fix mis-expansion of rule queries when a sub-SELECT appears in a
function call in FROM, a multi-row VALUES list, or a RETURNING list.
- Fix Assert failure during rescan of an IS NULL search of a GiST
index.
- Fix memory leak during rescan of a hashed aggregation plan.
- Ensure an error is reported when a newly-defined PL/pgSQL trigger
function is invoked as a normal function.
- Force a checkpoint before "CREATE DATABASE" starts to copy files.
This prevents a possible failure if files had recently been deleted
in the source database.
- Prevent possible collision of relfilenode numbers when moving a
table to another tablespace with "ALTER SET TABLESPACE". The command
tried to re-use the existing filename, instead of picking one that is
known unused in the destination directory.
- Fix incorrect text search headline generation when single query
item matches first word of text.
- Fix improper display of fractional seconds in interval values when
using a non-ISO datestyle.
- Make ILIKE compare characters case-insensitively even when they're
escaped.
- Ensure "DISCARD" is handled properly by statement logging.
- Fix incorrect logging of last-completed-transaction time during
PITR recovery.
- Ensure SPI_getvalue and SPI_getbinval behave correctly when the
passed tuple and tuple descriptor have different numbers of columns.
This situation is normal when a table has had columns added or
removed, but these two functions didn't handle it properly. The
only likely consequence is an incorrect error indication.
- Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
Slony on Windows.
- Fix small memory leak when using libpq's gsslib parameter.
The space used by the parameter string was not freed at connection
close.
- Ensure libgssapi is linked into libpq if needed.
- Fix ecpg's parsing of "CREATE ROLE".
- Fix recent breakage of pg_ctl restart.
* 03-gettext-domains.patch: Unfuzz for new upstream version.
* Drop -contrib's libdbd-pg-perl to Suggests:, since it is only really
needed for bench.pl of the _int module. Changed description to point that
out.
* debian/control: Add explicit dependency to locales, to ensure that the
locales package is configured before postgresql-8.3. Otherwise, the server
fails to start up when locales is unpacked while postgresql-8.3 is
configured. (LP: #280135)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 10:46:00 +0000
-
postgresql-8.3 (8.3.4-2.2) intrepid; urgency=low
* debian/control: Add explicit dependency to locales, to ensure that the
locales package is configured before postgresql-8.3. Otherwise, the server
fails to start up when locales is unpacked while postgresql-8.3 is
configured. (LP: #280135)
-- Martin Pitt <email address hidden> Sun, 19 Oct 2008 15:31:07 +0200