Format: 1.8 Date: Tue, 05 Oct 2010 22:05:37 +0200 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: amd64 amd64_translations Version: 8.4.5-0ubuntu10.04 Distribution: lucid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 655293 Changes: postgresql-8.4 (8.4.5-0ubuntu10.04) lucid-security; urgency=low . * New upstream security/bug fix update: (LP: #655293) - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect placement of placeholder evaluation. This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix mishandling of whole-row Vars that reference a view or sub-select and appear within a nested sub-select. - Fix mishandling of cross-type IN comparisons. This could result in failures if the planner tried to implement an IN join with a sort-then-unique-then-plain-join plan. - Fix computation of "ANALYZE" statistics for tsvector columns. The original coding could produce incorrect statistics, leading to poor plan choices later. - Improve planner's estimate of memory used by array_agg(), string_agg(), and similar aggregate functions. The previous drastic underestimate could lead to out-of-memory failures due to inappropriate choice of a hash-aggregation plan. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Fix incorrect search logic for partial-match queries with GIN indexes. Cases involving AND/OR combination of several GIN index conditions didn't always give the right answer, and were sometimes much slower than necessary. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible corruption of pending trigger event lists during subtransaction rollback. This could lead to a crash or incorrect firing of triggers. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Prevent misinterpretation of partially-specified relation options for TOAST tables. In particular, fillfactor would be read as zero if any other reloption had been set for the table, leading to serious bloat. - Fix inheritance count tracking in "ALTER TABLE ... ADD CONSTRAINT" - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Improve "CREATE INDEX"'s checking of whether proposed index expressions are immutable. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - Re-allow input of Julian dates prior to 0001-01-01 AD. Input such as 'J100000'::date worked before 8.4, but was unintentionally broken by added error-checking. - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within a FOR loop that is iterating over that cursor. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - In libpq, fix full SSL certificate verification for the case where both host and hostaddr are specified. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix some issues in pg_dump's handling of SQL/MED objects. Notably, pg_dump would always fail if run by a non-superuser, which was not intended. - Improve pg_dump and pg_restore's handling of non-seekable archive files. This is important for proper functioning of parallel restore. - Improve parallel pg_restore's ability to cope with selective restore (-L option). The original code tended to fail if the -L file commanded a non-default restore ordering. - Fix ecpg to process data from RETURNING clauses correctly. - Fix some memory leaks in ecpg. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. Checksums-Sha1: eecd1b24780267af2f4f023bf9d9d32bab985d10 201392 libpq-dev_8.4.5-0ubuntu10.04_amd64.deb f60897073f28c0ec452ad0f879ea0c7290e22498 2070912 postgresql-8.4_8.4.5-0ubuntu10.04_amd64_translations.tar.gz fc64c174a8863b6bd0503f85ac178e58f539d18a 89112 libpq5_8.4.5-0ubuntu10.04_amd64.deb f227ce2c8c40f300ea47997f98a2429902f2fdc8 33500 libecpg6_8.4.5-0ubuntu10.04_amd64.deb b4d5c5984f2e9072116fdb517bdb18fcbb30c0a4 241100 libecpg-dev_8.4.5-0ubuntu10.04_amd64.deb f663576e23c9c1885313d75131da2589163764d6 11544 libecpg-compat3_8.4.5-0ubuntu10.04_amd64.deb 510e396bd241cf85740765e1b2732c2496dfeeb6 49264 libpgtypes3_8.4.5-0ubuntu10.04_amd64.deb e79321adf98c1ceefe284c319345138f7318982c 4050142 postgresql-8.4_8.4.5-0ubuntu10.04_amd64.deb a86ad63b340ca32474476e404b9752be207521b8 826496 postgresql-client-8.4_8.4.5-0ubuntu10.04_amd64.deb 3b44af6252b11dedbb0ac5b283e52a06684bfae7 637322 postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_amd64.deb 1f8a635cfc389cd94c1a392a980322e0dee977e1 415284 postgresql-contrib-8.4_8.4.5-0ubuntu10.04_amd64.deb bbe6739ddb6f0b98b69da7a4325cdb4485777f29 47022 postgresql-plperl-8.4_8.4.5-0ubuntu10.04_amd64.deb c9f4d3309389e7543f7f6078a33a4abe3ac19df6 40056 postgresql-plpython-8.4_8.4.5-0ubuntu10.04_amd64.deb 63e92c1abd35258a5b68969e6c3cf2146694a825 37502 postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_amd64.deb Checksums-Sha256: 8b385c92df9d6b9d5cb231f1535735f2677998fd305ce13e7291dd253c1c4f9e 201392 libpq-dev_8.4.5-0ubuntu10.04_amd64.deb ab77ac1a5448561900c1c215e1e24ff322c919412882d11c3b1f71ce03b6caae 2070912 postgresql-8.4_8.4.5-0ubuntu10.04_amd64_translations.tar.gz fef36cce80361aabf424cd4d614a88f10bf87404c309c64f4cfe30ea7a76e361 89112 libpq5_8.4.5-0ubuntu10.04_amd64.deb ed8279a7cf226252d6cebd61f75dba7db772e158d235377d7b8b0c08dfbb0eee 33500 libecpg6_8.4.5-0ubuntu10.04_amd64.deb 5ffc90710a4b90e2804190216d1c9737eafbec81b9081ec593af54750d037d4b 241100 libecpg-dev_8.4.5-0ubuntu10.04_amd64.deb 2a10409f5aca14d20dcc2dff84e07e9ba4b212d561374569b5097059f52d7426 11544 libecpg-compat3_8.4.5-0ubuntu10.04_amd64.deb 97893ffc87e39c2186c5ae04263f8a22443e1e18c14b7774fa99e2f6dcfd116b 49264 libpgtypes3_8.4.5-0ubuntu10.04_amd64.deb 4899444a9105f3ac9e05747ad5f88c6a901dba62df51f6e8c41f5e0cf194f22a 4050142 postgresql-8.4_8.4.5-0ubuntu10.04_amd64.deb 79f565d98238d132f0e4ab3cf633b42d4a9f9a160fad4a934a121a44cd602077 826496 postgresql-client-8.4_8.4.5-0ubuntu10.04_amd64.deb d2158bc86b2a0f2b366600e839d6c4590139e69ecae767467dd9262cf2bc61f4 637322 postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_amd64.deb 08c24ede862a091fc3edcdddb7a1d3009e7cea7bfd55109eb04a8b451866c95b 415284 postgresql-contrib-8.4_8.4.5-0ubuntu10.04_amd64.deb c73f67c9169c6203376ded60f0b76e44058c21cfd0eb9aa7fc2bdf89f5de924e 47022 postgresql-plperl-8.4_8.4.5-0ubuntu10.04_amd64.deb aed921a561957e9711dd0587101ddbd9d26a35ba792db57e9bc5231761507897 40056 postgresql-plpython-8.4_8.4.5-0ubuntu10.04_amd64.deb 05c1e74f7341f63527cf0125f6b78418e8879a240312f04198705ac28cededd4 37502 postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_amd64.deb Files: 416b64969b27f8e6d326cca4c0e72ca2 201392 libdevel optional libpq-dev_8.4.5-0ubuntu10.04_amd64.deb cd5360d1fda0989b2b4f4b37141ef17f 2070912 raw-translations - postgresql-8.4_8.4.5-0ubuntu10.04_amd64_translations.tar.gz d237d97953de469fe1ae84af04e3cf11 89112 libs optional libpq5_8.4.5-0ubuntu10.04_amd64.deb f638668d6cceebc57d0b12984cbb7b9e 33500 libs optional libecpg6_8.4.5-0ubuntu10.04_amd64.deb 5aac5a84c4ebb7d0a0b48ea76fa85ee1 241100 libdevel optional libecpg-dev_8.4.5-0ubuntu10.04_amd64.deb 79a26f4eee7f7f6df8bffdb7e202df82 11544 libs optional libecpg-compat3_8.4.5-0ubuntu10.04_amd64.deb 1b41d9e1e163fd946a14e264a6b87ccc 49264 libs optional libpgtypes3_8.4.5-0ubuntu10.04_amd64.deb 8d9bbe1723d2004523235141c84cb32f 4050142 database optional postgresql-8.4_8.4.5-0ubuntu10.04_amd64.deb 62483e6a8a77dadafb28bc54a68a4dad 826496 database optional postgresql-client-8.4_8.4.5-0ubuntu10.04_amd64.deb 8180370e8641bdde4e678b3e09b89888 637322 libdevel optional postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_amd64.deb a722d1383c7afa38880129765c308d3a 415284 database optional postgresql-contrib-8.4_8.4.5-0ubuntu10.04_amd64.deb 38ad9cc2363e17ffe3a10d93899c28e1 47022 database optional postgresql-plperl-8.4_8.4.5-0ubuntu10.04_amd64.deb b136c5d0f70ae0546a21ec23d9e9bf1f 40056 database optional postgresql-plpython-8.4_8.4.5-0ubuntu10.04_amd64.deb 310c51cc029ef4eb505969425fea507f 37502 database optional postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_amd64.deb Original-Maintainer: Martin Pitt