Change logs for postgresql-9.0 source package in Precise

  • postgresql-9.0 (9.0.6-1) unstable; urgency=low
      * New upstream bug fix release.
        - Fix bugs in information_schema.referential_constraints view.
          This view was being insufficiently careful about matching the
          foreign-key constraint to the depended-on primary or unique key
          constraint. That could result in failure to show a foreign key
          constraint at all, or showing it multiple times, or claiming that
          it depends on a different constraint than the one it really does.
          Since the view definition is installed by initdb, merely upgrading
          will not fix the problem. If you need to fix this in an existing
          installation, you can (as a superuser) drop the information_schema
          schema then re-create it by sourcing
          "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if
          you're uncertain where "SHAREDIR" is.) This must be repeated in
          each database to be fixed.
        - Fix possible crash during "UPDATE" or "DELETE" that joins to the
          output of a scalar-returning function. A crash could only occur if the
          target row had been concurrently updated, so this problem surfaced only
        - Fix incorrect replay of WAL records for GIN index updates.
          This could result in transiently failing to find index entries
          after a crash, or on a hot-standby server. The problem would be
          repaired by the next "VACUUM" of the index, however.
        - Fix TOAST-related data corruption during CREATE TABLE dest AS
          SELECT - FROM src or INSERT INTO dest SELECT * FROM src.
          If a table has been modified by "ALTER TABLE ADD COLUMN", attempts
          to copy its data verbatim to another table could produce corrupt
          results in certain corner cases. The problem can only manifest in
          this precise form in 8.4 and later, but we patched earlier versions
          as well in case there are other code paths that could trigger the
          same bug.
        - Fix possible failures during hot standby startup.
        - Start hot standby faster when initial snapshot is incomplete.
        - Fix race condition during toast table access from stale syscache
          entries. The typical symptom was transient errors like "missing chunk
          number 0 for toast value NNNNN in pg_toast_2619", where the cited toast
          table would always belong to a system catalog.
        - Track dependencies of functions on items used in parameter default
          expressions. Previously, a referenced object could be dropped without
          having dropped or modified the function, leading to misbehavior when the
          function was used. Note that merely installing this update will not fix
          the missing dependency entries; to do that, you'd need to "CREATE OR
          REPLACE" each such function afterwards. If you have functions whose
          defaults depend on non-built-in objects, doing so is recommended.
        - Allow inlining of set-returning SQL functions with multiple OUT
        - Don't trust deferred-unique indexes for join removal.  A deferred
          uniqueness constraint might not hold intra-transaction, so assuming that
          it does could give incorrect query results.
        - Make DatumGetInetP() unpack inet datums that have a 1-byte header,
          and add a new macro, DatumGetInetPP(), that does not.
          This change affects no core code, but might prevent crashes in
          add-on code that expects DatumGetInetP() to produce an unpacked
          datum as per usual convention.
        - Improve locale support in money type's input and output. Aside from not
          supporting all standard lc_monetary formatting options, the input and
          output functions were inconsistent, meaning there were locales in which
          dumped money values could not be re-read.
        - Don't let transform_null_equals affect CASE foo WHEN NULL ...
        - Change foreign-key trigger creation order to better support
          self-referential foreign keys.
          For a cascading foreign key that references its own table, a row
          update will fire both the ON UPDATE trigger and the CHECK trigger
          as one event. The ON UPDATE trigger must execute first, else the
          CHECK will check a non-final state of the row and possibly throw an
          inappropriate error. However, the firing order of these triggers is
          determined by their names, which generally sort in creation order
          since the triggers have auto-generated names following the
          convention "RI_ConstraintTrigger_NNNN". A proper fix would require
          modifying that convention, which we will do in 9.2, but it seems
          risky to change it in existing releases. So this patch just changes
          the creation order of the triggers. Users encountering this type of
          error should drop and re-create the foreign key constraint to get
          its triggers into the right order.
        - Avoid floating-point underflow while tracking buffer allocation
        - Fix incorrect field alignment in ecpg's SQLDA area.
        - Preserve blank lines within commands in psql's command history.
          The former behavior could cause problems if an empty line was
          removed from within a string literal, for example.
        - Fix pg_dump to dump user-defined casts between auto-generated
          types, such as table rowtypes.
        - Assorted fixes for pg_upgrade. Handle exclusion constraints correctly,
          don't complain about mismatched toast table names in 8.4 databases.
        - Use the preferred version of xsubpp to build PL/Perl, not
          necessarily the operating system's main copy.
        - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn".
        - Fix assorted errors in "contrib/unaccent"'s configuration file
        - Honor query cancel interrupts promptly in pgstatindex().
        - Ensure VPATH builds properly install all server header files.
        - Shorten file names reported in verbose error messages.
          Regular builds have always reported just the name of the C file
          containing the error message call, but VPATH builds formerly
          reported an absolute path name.
     -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  16 Dec 2011 16:27:19 +0000
  • postgresql-9.0 (9.0.5-1build1) precise; urgency=low
      * Rebuild for Perl 5.14.
     -- Colin Watson <email address hidden>   Wed, 16 Nov 2011 18:43:48 +0000
  • postgresql-9.0 (9.0.5-1) unstable; urgency=low
      * New upstream bug fix release:
        - Fix catalog cache invalidation after a "VACUUM FULL" or "CLUSTER"
          on a system catalog. In some cases the relocation of a system catalog
          row to another place would not be recognized by concurrent server
          processes, allowing catalog corruption to occur if they then tried to
          update that row. The worst-case outcome could be as bad as complete loss
          of a table.
        - Fix incorrect order of operations during sinval reset processing,
          and ensure that TOAST OIDs are preserved in system catalogs.
          These mistakes could lead to transient failures after a "VACUUM
          FULL" or "CLUSTER" on a system catalog.
        - Fix bugs in indexing of in-doubt HOT-updated tuples.
          These bugs could result in index corruption after reindexing a
          system catalog. They are not believed to affect user indexes.
        - Fix multiple bugs in GiST index page split processing.
        - Fix possible buffer overrun in tsvector_concat().
        - Fix crash in xml_recv when processing a "standalone" parameter.
        - Make pg_options_to_table return NULL for an option with no value.
          Previously such cases would result in a server crash.
        - Avoid possibly accessing off the end of memory in "ANALYZE" and in
          SJIS-2004 encoding conversion.
          This fixes some very-low-probability server crash scenarios.
        - Protect pg_stat_reset_shared() against NULL input.
        - Fix possible failure when a recovery conflict deadlock is detected
          within a sub-transaction.
        - Avoid spurious conflicts while recycling btree index pages during
          hot standby.
        - Shut down WAL receiver if it's still running at end of recovery.
          The postmaster formerly panicked in this situation, but it's
          actually a legitimate case.
        - Fix race condition in relcache init file invalidation.
          There was a window wherein a new backend process could read a stale
          init file but miss the inval messages that would tell it the data
          is stale. The result would be bizarre failures in catalog accesses,
          typically "could not read block 0 in file ..." later during
        - Fix memory leak at end of a GiST index scan.
        - Fix memory leak when encoding conversion has to be done on incoming
          command strings and "LISTEN" is active.
        - Fix incorrect memory accounting (leading to possible memory bloat)
          in tuplestores supporting holdable cursors and plpgsql's RETURN
          NEXT command.
        - Fix trigger WHEN conditions when both BEFORE and AFTER triggers
          exist.  Evaluation of WHEN conditions for AFTER ROW UPDATE triggers
          could crash if there had been a BEFORE ROW trigger fired for the same
        - Fix performance problem when constructing a large, lossy bitmap.
        - Fix join selectivity estimation for unique columns.
        - Fix nested PlaceHolderVar expressions that appear only in
          sub-select target lists. This mistake could result in outputs of an
          outer join incorrectly appearing as NULL.
        - Allow the planner to assume that empty parent tables really are
          empty.  Normally an empty table is assumed to have a certain minimum
          size for planning purposes; but this heuristic seems to do more harm
          than good for the parent table of an inheritance hierarchy, which
          often is permanently empty.
        - Allow nested EXISTS queries to be optimized properly.
        - Fix array- and path-creating functions to ensure padding bytes are
          zeroes. This avoids some situations where the planner will think that
          semantically-equal constants are not equal, resulting in poor
        - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan
          subplans.  The usual symptom of this oversight was "bogus varno" errors.
        - Fix btree preprocessing of "indexedcol" IS NULL conditions.
          Such a condition is unsatisfiable if combined with any other type
          of btree-indexable condition on the same index column. The case was
          handled incorrectly in 9.0.0 and later, leading to query output
          where there should be none.
        - Work around gcc 4.6.0 bug that breaks WAL replay.
          This could lead to loss of committed transactions after a server
        - Fix dump bug for VALUES in a view.
        - Disallow SELECT FOR UPDATE/SHARE on sequences.
          This operation doesn't work as expected and can lead to failures.
        - Fix "VACUUM" so that it always updates pg_class.reltuples/relpages.
          This fixes some scenarios where autovacuum could make increasingly
          poor decisions about when to vacuum tables.
        - Defend against integer overflow when computing size of a hash table.
        - Fix cases where "CLUSTER" might attempt to access already-removed
          TOAST data.
        - Fix premature timeout failures during initial authentication
        - Fix portability bugs in use of credentials control messages for
          "peer" authentication. (see #627596, already fixed in Debian before)
        - Fix SSPI login when multiple roundtrips are required. The typical
          symptom of this problem was "The function requested is not supported"
          errors during SSPI login.
        - Fix failure when adding a new variable of a custom variable class
          to "postgresql.conf".
        - Throw an error if "pg_hba.conf" contains hostssl but SSL is
          disabled.  This was concluded to be more user-friendly than the previous
          behavior of silently ignoring such lines.
        - Fix failure when "DROP OWNED BY" attempts to remove default
          privileges on sequences.
        - Fix typo in pg_srand48 seed initialization.
          This led to failure to use all bits of the provided seed. This
          function is not used on most platforms (only those without
          srandom), and the potential security exposure from a
          less-random-than-expected seed seems minimal in any case.
        - Avoid integer overflow when the sum of LIMIT and OFFSET values
          exceeds 2^63.
        - Add overflow checks to int4 and int8 versions of generate_series()
        - Fix trailing-zero removal in to_char(). In a format with FM and no digit
          positions after the decimal point, zeroes to the left of the decimal
          point could be removed incorrectly.
        - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63.
        - Weaken plpgsql's check for typmod matching in record values.
          An overly enthusiastic check could lead to discarding length
          modifiers that should have been kept.
        - In pg_upgrade, avoid dumping orphaned temporary tables.  This prevents
          situations wherein table OID assignments could get out of sync between old
          and new installations.
        - Fix pg_upgrade to preserve toast tables' relfrozenxids during an
          upgrade from 8.3. Failure to do this could lead to "pg_clog" files being
          removed too soon after the upgrade.
        - Fix psql's counting of script file line numbers during COPY from a
          different file.
        - Fix pg_restore's direct-to-database mode for
          standard_conforming_strings. pg_restore could emit incorrect commands
          when restoring directly to a database server from an archive file that
          had been made with standard_conforming_strings set to on.
        - Be more user-friendly about unsupported cases for parallel
          pg_restore. This change ensures that such cases are detected and
          reported before any restore actions have been taken.
        - Fix write-past-buffer-end and memory leak in libpq's LDAP service
          lookup code.
        - In libpq, avoid failures when using nonblocking I/O and an SSL
        - Improve libpq's handling of failures during connection startup.
          In particular, the response to a server report of fork() failure
          during SSL connection startup is now saner.
        - Improve libpq's error reporting for SSL failures.
        - Fix PQsetvalue() to avoid possible crash when adding a new tuple to
          a PGresult originally obtained from a server query.
        - Make ecpglib write double values with 15 digits precision.
        - In ecpglib, be sure LC_NUMERIC setting is restored after an error.
        - Apply upstream fix for blowfish signed-character bug
          (CVE-2011-2483) (Tom Lane) (Closes: #636571)
          "contrib/pg_crypto"'s blowfish encryption code could give wrong
          results on platforms where char is signed (which is most), leading
          to encrypted passwords being weaker than they should be.
        - Fix memory leak in "contrib/seg".
        - Fix pgstatindex() to give consistent results for empty indexes.
        - Allow building with perl 5.14. (Closes: #628505)
      * Drop 03-cmsgcred-size.patch. Fixed upstream in a different way.
    postgresql-9.0 (9.0.4-3) unstable; urgency=low
      * debian/control: Stop building the client-side libraries, they are built by
        postgresql-9.1 now. Add libpq-dev build dependency.
      * debian/rules: Drop check for uninstalled files, since it'd now break the
        build due to the uninstalled libraries.
    postgresql-9.0 (9.0.4-2) unstable; urgency=low
      * debian/postgresql-9.0.postrm: Clean up pg_ctl.conf on purge.
      * Add 03-cmsgcred-size.patch: Fix size of struct cmsgcred to fix ident
        authentication on kFreeBSD 64 bit. Thanks to Petr Salinger for the
        patch! (Closes: #627596)
      * debian/control: Add explicit build dependency to jade. (Closes: #621492)
      * debian/control: Drop the versionless metapackages, they are built by -9.1
    postgresql-9.0 (9.0.4-1) unstable; urgency=medium
      Priority medium due to data-loss pg_upgrade bug.
      * New upstream bug fix release:
        - If your installation was upgraded from a previous major release by
          running pg_upgrade, you should take action to prevent possible data loss
          due to a now-fixed bug in pg_upgrade. The recommended solution is to run
          "VACUUM FREEZE" on all TOAST tables.  More information is available at

        - Fix pg_upgrade's handling of TOAST tables.
          This error poses a significant risk of data loss for installations
          that have been upgraded with pg_upgrade. This patch corrects the
          problem for future uses of pg_upgrade, but does not in itself cure
          the issue in installations that have been processed with a buggy
          version of pg_upgrade.
        - Suppress incorrect "PD_ALL_VISIBLE flag was incorrectly set"
        - Use better SQLSTATE error codes for hot standby conflict cases.
        - Prevent intermittent hang in interactions of startup process with
          bgwriter process.  This affected recovery in non-hot-standby cases.
        - Disallow including a composite type in itself.
        - Avoid potential deadlock during catalog cache initialization.
        - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling
          when there was a concurrent update to the target tuple.
        - Disallow "DROP TABLE" when there are pending deferred trigger
          events for the table.
          Formerly the "DROP" would go through, leading to "could not open
          relation with OID nnn" errors when the triggers were eventually
        - Allow "replication" as a user name in "pg_hba.conf".
          "replication" is special in the database name column, but it was
          mistakenly also treated as special in the user name column.
        - Prevent crash triggered by constant-false WHERE conditions during
          GEQO optimization.
        - Improve planner's handling of semi-join and anti-join cases.
        - Fix handling of SELECT FOR UPDATE in a sub-SELECT.
          This bug typically led to "cannot extract system attribute from
          virtual tuple" errors.
        - Fix selectivity estimation for text search to account for NULLs.
        - Fix get_actual_variable_range() to support hypothetical indexes
          injected by an index adviser plugin.
        - Fix PL/Python memory leak involving array slices.
        - Allow libpq's SSL initialization to succeed when user's home
          directory is unavailable.
          If the SSL mode is such that a root certificate file is not
          required, there is no need to fail. This change restores the
          behavior to what it was in pre-9.0 releases.
        - Fix libpq to return a useful error message for errors detected in
        - Fix ecpg preprocessor's handling of float constants.
        - Fix parallel pg_restore to handle comments on POST_DATA items
        - Fix pg_restore to cope with long lines (over 1KB) in TOC files.
        - Put in more safeguards against crashing due to division-by-zero
          with overly enthusiastic compiler optimization. (Closes: #616180)
      * debian/control: Build debug package. (Closes: #551880)
      * debian/control, debian/rules: Drop usage of pycentral. We don't ship any
        Python extension/module, so we don't need a python helper at all.
        (Closes: #616949)
    postgresql-9.0 (9.0.3-1) unstable; urgency=low
      * New upstream security/bug fix release:
        - Fix buffer overrun in "contrib/intarray"'s input function for the
          query_int type.
          This bug is a security risk since the function's return address
          could be overwritten. Thanks to Apple Inc's security team for
          reporting this issue and supplying the fix. (CVE-2010-4015)
        - Before exiting walreceiver, ensure all the received WAL is fsync'd
          to disk. Otherwise the standby server could replay some un-synced WAL,
          conceivably leading to data corruption if the system crashes just
          at that point.
        - Avoid excess fsync activity in walreceiver.
        - Make "ALTER TABLE" revalidate uniqueness and exclusion constraints
          when needed. This was broken in 9.0 by a change that was intended to
          suppress revalidation during "VACUUM FULL" and "CLUSTER", but
          unintentionally affected "ALTER TABLE" as well.
        - Fix EvalPlanQual for "UPDATE" of an inheritance tree in which the
          tables are not all alike.
          Any variation in the table row types (including dropped columns
          present in only some child tables) would confuse the EvalPlanQual
          code, leading to misbehavior or even crashes. Since EvalPlanQual is
          only executed during concurrent updates to the same row, the
          problem was only seen intermittently.
        - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
          If the CASE's test expression was a constant, the planner could
          simplify the CASE into a form that confused the expression-display
          code, resulting in "unexpected CASE WHEN clause" errors.
        - Fix assignment to an array slice that is before the existing range
          of subscripts.
          If there was a gap between the newly added subscripts and the first
          pre-existing subscript, the code miscalculated how many entries
          needed to be copied from the old array's null bitmap, potentially
          leading to data corruption or crash.
        - Avoid unexpected conversion overflow in planner for very distant
          date values.
          The date type supports a wider range of dates than can be
          represented by the timestamp types, but the planner assumed it
          could always convert a date to timestamp with impunity.
        - Fix PL/Python crash when an array contains null entries.
        - Remove ecpg's fixed length limit for constants defining an array
        - Fix erroneous parsing of tsquery values containing ... &
          !(subexpression) | ... .
          Queries containing this combination of operators were not executed
          correctly. The same error existed in "contrib/intarray"'s query_int
          type and "contrib/ltree"'s ltxtquery type.
        - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
          This could result in considerable inefficiency, though not actually
          incorrect answers, in a GiST index on a seg column. If you have
          such an index, consider "REINDEX"ing it after installing this
          update. (This is identical to the bug that was fixed in
          "contrib/cube" in the previous update.)
    postgresql-9.0 (9.0.2-1) unstable; urgency=low
      * New upstream bug fix release:
        - Force the default wal_sync_method to be fdatasync on Linux.
          The default on Linux has actually been fdatasync for many years,
          but recent kernel changes caused PostgreSQL to choose open_datasync
          instead. This choice did not result in any performance improvement,
          and caused outright failures on certain filesystems, notably ext4
          with the data=journal mount option.
        - Fix "too many KnownAssignedXids" error during Hot Standby replay.
        - Fix race condition in lock acquisition during Hot Standby.
        - Avoid unnecessary conflicts during Hot Standby.
          This fixes some cases where replay was considered to conflict with
          standby queries (causing delay of replay or possibly cancellation
          of the queries), but there was no real conflict.
        - Fix assorted bugs in WAL replay logic for GIN indexes.
          This could result in "bad buffer id: 0" failures or corruption of
          index contents during replication.
        - Fix recovery from base backup when the starting checkpoint WAL
          record is not in the same WAL segment as its redo point.
        - Fix corner-case bug when streaming replication is enabled
          immediately after creating the master database cluster.
        - Fix persistent slowdown of autovacuum workers when multiple workers
          remain active for a long time.
          The effective vacuum_cost_limit for an autovacuum worker could drop
          to nearly zero if it processed enough tables, causing it to run
          extremely slowly.
        - Fix long-term memory leak in autovacuum launcher.
        - Avoid failure when trying to report an impending transaction
          wraparound condition from outside a transaction.
          This oversight prevented recovery after transaction wraparound got
          too close, because database startup processing would fail.
        - Add support for detecting register-stack overrun on IA64.
          The IA64 architecture has two hardware stacks. Full prevention of
          stack-overrun failures requires checking both.
        - Add a check for stack overflow in copyObject().
          Certain code paths could crash due to stack overflow given a
          sufficiently complex query.
        - Fix detection of page splits in temporary GiST indexes.
          It is possible to have a "concurrent" page split in a temporary
          index, if for example there is an open cursor scanning the index
          when an insertion is done. GiST failed to detect this case and
          hence could deliver wrong results when execution of the cursor
        - Fix error checking during early connection processing.
          The check for too many child processes was skipped in some cases,
          possibly leading to postmaster crash when attempting to add the new
          child process to fixed-size arrays.
        - Improve efficiency of window functions. Certain cases where a large
          number of tuples needed to be read in advance, but work_mem was large
          enough to allow them all to be held in memory, were unexpectedly slow.
          percent_rank(), cume_dist() and ntile() in particular were subject to
          this problem.
        - Avoid memory leakage while "ANALYZE"'ing complex index expressions.
        - Ensure an index that uses a whole-row Var still depends on its
          An index declared like create index i on t (foo(t.-)) would not
          automatically get dropped when its table was dropped.
        - Add missing support in "DROP OWNED BY" for removing foreign data
          wrapper/server privileges belonging to a user.
        - Do not "inline" a SQL function with multiple OUT parameters.
          This avoids a possible crash due to loss of information about the
          expected result rowtype.
        - Fix crash when inline-ing a set-returning function whose argument
          list contains a reference to an inline-able user function.
        - Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
          attached to the VALUES part of INSERT ... VALUES.
        - Make the OFF keyword unreserved.
          This prevents problems with using off as a variable name in
          PL/pgSQL. That worked before 9.0, but was now broken because
          PL/pgSQL now treats all core reserved words as reserved.
        - Fix constant-folding of COALESCE() expressions.
          The planner would sometimes attempt to evaluate sub-expressions
          that in fact could never be reached, possibly leading to unexpected
        - Fix "could not find pathkey item to sort" planner failure with
          comparison of whole-row Vars.
        - Fix postmaster crash when connection acceptance (accept() or one of
          the calls made immediately after it) fails, and the postmaster was
          compiled with GSSAPI support.
        - Retry after receiving an invalid response packet from a RADIUS
          authentication server.
          This fixes a low-risk potential denial of service condition.
        - Fix missed unlink of temporary files when log_temp_files is active.
          If an error occurred while attempting to emit the log message, the
          unlink was not done, resulting in accumulation of temp files.
        - Add print functionality for InhRelation nodes.
          This avoids a failure when debug_print_parse is enabled and certain
          types of query are executed.
        - Fix incorrect calculation of distance from a point to a horizontal
          line segment.
          This bug affected several different geometric distance-measurement
        - Fix incorrect calculation of transaction status in ecpg.
        - Fix errors in psql's Unicode-escape support.
        - Speed up parallel pg_restore when the archive contains many large
          objects (blobs).
        - Fix PL/pgSQL's handling of "simple" expressions to not fail in
          recursion or error-recovery cases.
        - Fix PL/pgSQL's error reporting for no-such-column cases.
          As of 9.0, it would sometimes report "missing FROM-clause entry for
          table foo" when "record foo has no field bar" would be more
        - Fix PL/Python to honor typmod (i.e., length or precision
          restrictions) when assigning to tuple fields.
          This fixes a regression from 8.4.
        - Fix PL/Python's handling of set-returning functions.
          Attempts to call SPI functions within the iterator generating a set
          result would fail.
        - Fix bug in "contrib/cube"'s GiST picksplit algorithm.
          This could result in considerable inefficiency, though not actually
          incorrect answers, in a GiST index on a cube column. If you have
          such an index, consider "REINDEX"ing it after installing this
        - Don't emit "identifier will be truncated" notices in
          "contrib/dblink" except when creating new connections.
        - Fix potential coredump on missing public key in "contrib/pgcrypto".
        - Fix buffer overrun in "contrib/pg_upgrade".
        - Fix memory leak in "contrib/xml2"'s XPath query functions.
    postgresql-9.0 (9.0.1-2) unstable; urgency=low
      * debian/control: Build against libedit instead of libreadline. We can't
        simultaneously link against readline (GPL) and libssl (incompatible with
        GPL). (Closes: #603599)
    postgresql-9.0 (9.0.1-1) unstable; urgency=low
      * New upstream security/bug fix release:
        - Use a separate interpreter for each calling SQL userid in PL/Perl
          and PL/Tcl.
          This change prevents security problems that can be caused by
          subverting Perl or Tcl code that will be executed later in the same
          session under another SQL user identity (for example, within a
          SECURITY DEFINER function). Most scripting languages offer numerous
          ways that that might be done, such as redefining standard functions
          or operators called by the target function. Without this change,
          any SQL user with Perl or Tcl language usage rights can do
          essentially anything with the SQL privileges of the target
          function's owner.
          The cost of this change is that intentional communication among
          Perl and Tcl functions becomes more difficult. To provide an escape
          hatch, PL/PerlU and PL/TclU functions continue to use only one
          interpreter per session. This is not considered a security issue
          since all such functions execute at the trust level of a database
          superuser already.
          It is likely that third-party procedural languages that claim to
          offer trusted execution have similar security issues. We advise
          contacting the authors of any PL you are depending on for
          security-critical purposes.
          Our thanks to Tim Bunce for pointing out this issue
        - Improve pg_get_expr() security fix so that the function can still
          be used on the output of a sub-select.
        - Fix incorrect placement of placeholder evaluation.
          This bug could result in query outputs being non-null when they
          should be null, in cases where the inner side of an outer join is a
          sub-select with non-strict expressions in its output list.
        - Fix join removal's handling of placeholder expressions.
        - Fix possible duplicate scans of UNION ALL member relations.
        - Prevent infinite loop in ProcessIncomingNotify() after unlistening.
        - Prevent show_session_authorization() from crashing within
          autovacuum processes.
        - Re-allow input of Julian dates prior to 0001-01-01 AD.
          Input such as 'J100000'::date worked before 8.4, but was
          unintentionally broken by added error-checking.
        - Make psql recognize "DISCARD ALL" as a command that should not be
          encased in a transaction block in autocommit-off mode.
        - Update build infrastructure and documentation to reflect the source
          code repository's move from CVS to Git.
    postgresql-9.0 (9.0.0-3) unstable; urgency=low
      * debian/postgresql-9.0.preinst: Add missing debhelper token.
      * debian/rules: debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point
        out outdated .symbols files more strongly.
      * Add symbols files for libecpg-compat3, libecpg6, and libpgtypes3.
    postgresql-9.0 (9.0.0-2) unstable; urgency=low
      * debian/rules: Reenable building with -O1 on sparc and alpha, floating
        point with -O2 is still broken there.
      * Drop debian/libpq5.shlibs, replace it with a proper debian/libpq5.symbols.
        This keeps the reverse dependencies of libpq5 to >= 8.4, unless they use
        one of the four new functions.
    postgresql-9.0 (9.0.0-1) unstable; urgency=low
      * Final 9.0 release, upload to unstable (will not go into Squeeze, though).
      * debian/postgresql-9.0.preinst: Add missing debhelper token.
      * debian/control: Bump Standards-Version to 3.9.1; no changes necessary.
      * debian/control: Build the versionless metapackages now and point them to
      * debian/control: Fix Vcs-* to point to 9.0 branch.
      * debian/rules: Drop special-case building with -O1 on sparc and alpha,
        let's see how the current compiler does.
    postgresql-9.0 (9.0~rc1-1) experimental; urgency=low
      * First 9.0 release candidate.
    postgresql-9.0 (9.0~beta4-1) experimental; urgency=low
      * New upstream beta release.
    postgresql-9.0 (9.0~beta3-2) experimental; urgency=low
      * Migrate to a common init script for all server versions, to avoid
        providing the "postgresql" service in multiple packages (which causes
        insserv to complain bitterly):
        - Drop debian/postgresql-9.0.init.
        - debian/control: Bump dependency to postgresql-common to ensure we have a
          common /etc/init.d/postgresql init script.
        - debian/postgresql-9.0.preinst: Remove/rename our init script on upgrade.	
        - debian/postgresql-9.0.prerm: Call stop_version on upgrade/removal.
        - debian/rules: Drop dh_installinit arguments.
        - (Closes: #589523)
    postgresql-9.0 (9.0~beta3-1) experimental; urgency=low
      * New upstream beta release.
      * debian/postgresql-contrib-9.0.install: Add the new pg_archivecleanup.
    postgresql-9.0 (9.0~beta2-1) experimental; urgency=low
      * New upstream beta release.
      * debian/postgresql-9.0.install: Install pg_upgrade.
      * debian/control: Set back maintainer to me, but keep Peter Eisentraut as
    postgresql-9.0 (9.0~beta1-1) experimental; urgency=low
      [ Peter Eisentraut ]
      * Create 9.0 package based on 8.4 packaging trunk. Don't build versionless
        metapackages for 9.0 yet.
        - Adjusted 11-pg_regress-socketpath.patch
        - Obsoletes 03-sh-architecture.patch
      * Dropped obsolete documentation build.
      * debian/rules: Use make world/install-world targets, obsoletes
      * debian/watch: Adjusted for alpha releases.
      [ Martin Pitt ]
      * Update to upstream beta 1 release.
      * 07-relax-sslkey-permscheck.patch: Add parentheses around || .. &&
        construct to avoid a compiler warning (which turns into an error when
        building with -Werror). Also add a DEP3 compatible header.
      * 14-pg_config-paths.patch: Drop now unused "ret" variable (fix FTBFS with
        -Werror). Add a DEP3 compatible header.
      * debian/control: Bump p-common dependency to >= 107~ to ensure support for
      * debian/disable-root-check.patch: Refresh to apply cleanly.
      * Convert source package to "3.0 (quilt)" format.
      * Refresh patches to apply without fuzz.
      * debian/control: Bump Standards-Version to 3.8.4 (no changes necessary).
      * debian/patches/: Add DEP-3 compatible patch descriptions.
      * Merge 08-pkglibdir.patch, 09-server-includedir.patch, and
        14-pg_config-paths.patch into 50-per-version-dirs.patch, since they really
        belong together.
      * Merge 06-libpq-defaultsocketdir.patch and 11-pg_regress-socketpath.patch
        into 51-default-sockets-in-var.patch, they really belong together.
      * Re-enumerate 10-tutorial-README.patch and
        13-pg_service.conf_directory_doc.patch to 5x-*, since they are Debian
      * Merge 02-pager.patch and 12-psql-sensible-editor.patch into
      * Re-enumerate remaining patches.
     -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  12 Nov 2011 07:25:38 +0000