Change logs for postgresql-9.5 source package in Zesty

postgresql-9.5 (9.5.5-0ubuntu1) zesty-proposed; urgency=medium

  * New upstream bug fix release (LP: #1637236)
    - Fix WAL-logging of truncation of relation free space maps and visibility
      maps.
      It was possible for these files to not be correctly restored during
      crash recovery, or to be written incorrectly on a standby server. Bogus
      entries in a free space map could lead to attempts to access pages that
      have been truncated away from the relation itself, typically producing
      errors like "could not read block XXX: read only 0 of 8192 bytes".
      Checksum failures in the visibility map are also possible, if
      checksumming is enabled.

      Procedures for determining whether there is a problem and repairing it
      if so are discussed at
         https://wiki.postgresql.org/wiki/Free_Space_Map_Problems.

    - Details about other changes:
      http://www.postgresql.org/docs/9.5/static/release-9-5-5.html

 -- Martin Pitt <email address hidden>  Thu, 27 Oct 2016 17:51:11 +0200

postgresql-9.5 (9.5.4-3) unstable; urgency=medium

  * Team upload.
  * Build-Depend on libpq-dev and libecpg-dev.

 -- Christoph Berg <email address hidden>  Mon, 26 Sep 2016 15:42:29 +0200

postgresql-9.5 (9.5.4-1) unstable; urgency=medium

  * New upstream version.

    + Fix possible mis-evaluation of nested CASE-WHEN expressions
      (Heikki Linnakangas, Michael Paquier, Tom Lane)

      A CASE expression appearing within the test value subexpression of
      another CASE could become confused about whether its own test value was
      null or not.  Also, inlining of a SQL function implementing the equality
      operator used by a CASE expression could result in passing the wrong
      test value to functions called within a CASE expression in the SQL
      function's body.  If the test values were of different data types, a
      crash might result; moreover such situations could be abused to allow
      disclosure of portions of server memory.  (CVE-2016-5423)

    + Fix client programs' handling of special characters in database and role
      names (Noah Misch, Nathan Bossart, Michael Paquier)

      Numerous places in vacuumdb and other client programs could become
      confused by database and role names containing double quotes or
      backslashes.  Tighten up quoting rules to make that safe. Also, ensure
      that when a conninfo string is used as a database name parameter to
      these programs, it is correctly treated as such throughout.

      Fix handling of paired double quotes in psql's \connect and \password
      commands to match the documentation.

      Introduce a new -reuse-previous option in psql's \connect command to
      allow explicit control of whether to re-use connection parameters from a
      previous connection.  (Without this, the choice is based on whether the
      database name looks like a conninfo string, as before.)  This allows
      secure handling of database names containing special characters in
      pg_dumpall scripts.

      pg_dumpall now refuses to deal with database and role names containing
      carriage returns or newlines, as it seems impractical to quote those
      characters safely on Windows.  In future we may reject such names on the
      server side, but that step has not been taken yet.

      These are considered security fixes because crafted object names
      containing special characters could have been used to execute commands
      with superuser privileges the next time a superuser executes pg_dumpall
      or other routine maintenance operations.  (CVE-2016-5424)

  * Remove conditional multi-arch compilation, all supported dists are
    multi-arched now.
  * Use explicit xz compression for wheezy and precise

 -- Christoph Berg <email address hidden>  Tue, 09 Aug 2016 17:19:59 +0200