Format: 1.8 Date: Tue, 05 Oct 2010 22:11:42 +0200 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: amd64 amd64_translations Version: 8.4.5-0ubuntu9.10 Distribution: karmic Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Changes: postgresql-8.4 (8.4.5-0ubuntu9.10) karmic-security; urgency=low . * New upstream security/bug fix update: (LP: #655293) - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect placement of placeholder evaluation. This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix mishandling of whole-row Vars that reference a view or sub-select and appear within a nested sub-select. - Fix mishandling of cross-type IN comparisons. This could result in failures if the planner tried to implement an IN join with a sort-then-unique-then-plain-join plan. - Fix computation of "ANALYZE" statistics for tsvector columns. The original coding could produce incorrect statistics, leading to poor plan choices later. - Improve planner's estimate of memory used by array_agg(), string_agg(), and similar aggregate functions. The previous drastic underestimate could lead to out-of-memory failures due to inappropriate choice of a hash-aggregation plan. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Fix incorrect search logic for partial-match queries with GIN indexes. Cases involving AND/OR combination of several GIN index conditions didn't always give the right answer, and were sometimes much slower than necessary. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible corruption of pending trigger event lists during subtransaction rollback. This could lead to a crash or incorrect firing of triggers. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Prevent misinterpretation of partially-specified relation options for TOAST tables. In particular, fillfactor would be read as zero if any other reloption had been set for the table, leading to serious bloat. - Fix inheritance count tracking in "ALTER TABLE ... ADD CONSTRAINT" - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Improve "CREATE INDEX"'s checking of whether proposed index expressions are immutable. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - Re-allow input of Julian dates prior to 0001-01-01 AD. Input such as 'J100000'::date worked before 8.4, but was unintentionally broken by added error-checking. - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within a FOR loop that is iterating over that cursor. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - In libpq, fix full SSL certificate verification for the case where both host and hostaddr are specified. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix some issues in pg_dump's handling of SQL/MED objects. Notably, pg_dump would always fail if run by a non-superuser, which was not intended. - Improve pg_dump and pg_restore's handling of non-seekable archive files. This is important for proper functioning of parallel restore. - Improve parallel pg_restore's ability to cope with selective restore (-L option). The original code tended to fail if the -L file commanded a non-default restore ordering. - Fix ecpg to process data from RETURNING clauses correctly. - Fix some memory leaks in ecpg. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. Checksums-Sha1: a746c4469e0d3b24ea68b3a476d44003002dc66a 201656 libpq-dev_8.4.5-0ubuntu9.10_amd64.deb 552696b63b87e73c0a44c13e5e2b7411a55d5412 2066439 postgresql-8.4_8.4.5-0ubuntu9.10_amd64_translations.tar.gz a48cc5af4b79a6e16917f4dfa4aa89ee3d2fb446 88650 libpq5_8.4.5-0ubuntu9.10_amd64.deb 522976ad45036b9a9a8d696003f364cccd698221 33530 libecpg6_8.4.5-0ubuntu9.10_amd64.deb 84cac8842458126c2fe88eb8f487e4280d0db34d 241116 libecpg-dev_8.4.5-0ubuntu9.10_amd64.deb 70c0c5c59e0236cbebafdb3364da3b652b1b7323 11530 libecpg-compat3_8.4.5-0ubuntu9.10_amd64.deb b2160f1466086bd76c9e506a8eae198106c612ab 48764 libpgtypes3_8.4.5-0ubuntu9.10_amd64.deb 20f66fd648b9625654bbba62d484bfa6b3260972 4050016 postgresql-8.4_8.4.5-0ubuntu9.10_amd64.deb a44be27626a148b31a55fcfd70a2643e29d1a065 826914 postgresql-client-8.4_8.4.5-0ubuntu9.10_amd64.deb d6ba9e43261554477eaea1b1ac1975673197cdd7 630532 postgresql-server-dev-8.4_8.4.5-0ubuntu9.10_amd64.deb 68a5d13c11c6884b010f7aa961e65e41f2fc4481 413954 postgresql-contrib-8.4_8.4.5-0ubuntu9.10_amd64.deb eccf6ab04890f50b8f25dd03aa0e55042bffad0a 46756 postgresql-plperl-8.4_8.4.5-0ubuntu9.10_amd64.deb 44de75666be9233221cb82838725f1bc29f92c09 39634 postgresql-plpython-8.4_8.4.5-0ubuntu9.10_amd64.deb 424f56e51f460d8c45305cc2071c7137ac76edb8 37156 postgresql-pltcl-8.4_8.4.5-0ubuntu9.10_amd64.deb Checksums-Sha256: f6f788214b0a0676dc4b9d7e8c5afe6ad56fb68772009633ade0225080a58374 201656 libpq-dev_8.4.5-0ubuntu9.10_amd64.deb 9c172fa2a9b9976e3df584fa324860884af2eb708cd5feb1704c888a300d4026 2066439 postgresql-8.4_8.4.5-0ubuntu9.10_amd64_translations.tar.gz a022440dc661f8fe292b6241d6d6e31c1ab2df6231d0aa541bafd45ec12c3ef3 88650 libpq5_8.4.5-0ubuntu9.10_amd64.deb fb287272e317a846acebef4f5ef8b8c93f9bb56e2b12888f369ac5ed2dd1dc8e 33530 libecpg6_8.4.5-0ubuntu9.10_amd64.deb 1d76d23928aa2d562e8f290c707d2222bb93216f4341759993bc36540c375b7b 241116 libecpg-dev_8.4.5-0ubuntu9.10_amd64.deb 4c4cd06779bf306f537f88176b632ecb02df415fc284973b2ed938101b1ed163 11530 libecpg-compat3_8.4.5-0ubuntu9.10_amd64.deb ee64f98d797aa0e05eac143677eb0ead1268d6b8021bd746c32eeb4f222f32f7 48764 libpgtypes3_8.4.5-0ubuntu9.10_amd64.deb a55964c9da1b099c094519b310d3cc01d651a1d0a070ddd05c6f3ae81fe08540 4050016 postgresql-8.4_8.4.5-0ubuntu9.10_amd64.deb c53ec845ee56ce0c8ffc7e98206f2ff2872c8c51b3e7bde2d9cecac6916558c3 826914 postgresql-client-8.4_8.4.5-0ubuntu9.10_amd64.deb 2f0b71b3363390be1d174092dd971a769b77e4ac7663f73f19d03f572510bcc1 630532 postgresql-server-dev-8.4_8.4.5-0ubuntu9.10_amd64.deb e1894d83e3c0eeedcb6528b9a850808a85e7673ba44abea709fc31c3d27d34e2 413954 postgresql-contrib-8.4_8.4.5-0ubuntu9.10_amd64.deb 2a8486e651965c8d5f73dc15133b786f601a9a6d2cb937da1ec8bad73833cc71 46756 postgresql-plperl-8.4_8.4.5-0ubuntu9.10_amd64.deb e6ee31e39379a17ebcf8428499967b552c56ada5cd0a56140c8011ee27d3e286 39634 postgresql-plpython-8.4_8.4.5-0ubuntu9.10_amd64.deb 893eaf2611aab2874b1623b86abe7b1add2d25e6a686125760bce17375146948 37156 postgresql-pltcl-8.4_8.4.5-0ubuntu9.10_amd64.deb Files: 71f2d523105ca5aa16371f0c9d5a0df9 201656 libdevel optional libpq-dev_8.4.5-0ubuntu9.10_amd64.deb 53c7dfbecc30875b3c15994b39e06f1c 2066439 raw-translations - postgresql-8.4_8.4.5-0ubuntu9.10_amd64_translations.tar.gz 0ab4f6de4102dec237e9543e6103464d 88650 libs optional libpq5_8.4.5-0ubuntu9.10_amd64.deb cdc00a4432b0cae85312af3476325036 33530 libs optional libecpg6_8.4.5-0ubuntu9.10_amd64.deb 912c2366fd56b13ae38933df231c71da 241116 libdevel optional libecpg-dev_8.4.5-0ubuntu9.10_amd64.deb 35828827aa7c99d7f4b8c6161e6d6fa3 11530 libs optional libecpg-compat3_8.4.5-0ubuntu9.10_amd64.deb c0dc58c7fb583b8fc81d48ce28e11fd6 48764 libs optional libpgtypes3_8.4.5-0ubuntu9.10_amd64.deb 491d54cbbbbba1aba4f243b0d74ce2d8 4050016 database optional postgresql-8.4_8.4.5-0ubuntu9.10_amd64.deb 2b4072f8fb78ac395599b2cff188cf71 826914 database optional postgresql-client-8.4_8.4.5-0ubuntu9.10_amd64.deb c1e532ac0d56191659f9cfcdee57b589 630532 libdevel optional postgresql-server-dev-8.4_8.4.5-0ubuntu9.10_amd64.deb ba8e9e5a26044d951cc008ba872843e0 413954 database optional postgresql-contrib-8.4_8.4.5-0ubuntu9.10_amd64.deb 355911bfa603bc533ff797a8610acc28 46756 database optional postgresql-plperl-8.4_8.4.5-0ubuntu9.10_amd64.deb 96781e48d73dc47e2c6fcd5902cc4788 39634 database optional postgresql-plpython-8.4_8.4.5-0ubuntu9.10_amd64.deb 684b69005677f2432b9971b2996dd767 37156 database optional postgresql-pltcl-8.4_8.4.5-0ubuntu9.10_amd64.deb Launchpad-Bugs-Fixed: 655293 Original-Maintainer: Martin Pitt