Format: 1.8 Date: Tue, 05 Oct 2010 22:05:37 +0200 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: armel armel_translations Version: 8.4.5-0ubuntu10.04 Distribution: lucid Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 655293 Changes: postgresql-8.4 (8.4.5-0ubuntu10.04) lucid-security; urgency=low . * New upstream security/bug fix update: (LP: #655293) - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect placement of placeholder evaluation. This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix mishandling of whole-row Vars that reference a view or sub-select and appear within a nested sub-select. - Fix mishandling of cross-type IN comparisons. This could result in failures if the planner tried to implement an IN join with a sort-then-unique-then-plain-join plan. - Fix computation of "ANALYZE" statistics for tsvector columns. The original coding could produce incorrect statistics, leading to poor plan choices later. - Improve planner's estimate of memory used by array_agg(), string_agg(), and similar aggregate functions. The previous drastic underestimate could lead to out-of-memory failures due to inappropriate choice of a hash-aggregation plan. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Fix incorrect search logic for partial-match queries with GIN indexes. Cases involving AND/OR combination of several GIN index conditions didn't always give the right answer, and were sometimes much slower than necessary. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible corruption of pending trigger event lists during subtransaction rollback. This could lead to a crash or incorrect firing of triggers. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Prevent misinterpretation of partially-specified relation options for TOAST tables. In particular, fillfactor would be read as zero if any other reloption had been set for the table, leading to serious bloat. - Fix inheritance count tracking in "ALTER TABLE ... ADD CONSTRAINT" - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Improve "CREATE INDEX"'s checking of whether proposed index expressions are immutable. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - Re-allow input of Julian dates prior to 0001-01-01 AD. Input such as 'J100000'::date worked before 8.4, but was unintentionally broken by added error-checking. - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within a FOR loop that is iterating over that cursor. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - In libpq, fix full SSL certificate verification for the case where both host and hostaddr are specified. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix some issues in pg_dump's handling of SQL/MED objects. Notably, pg_dump would always fail if run by a non-superuser, which was not intended. - Improve pg_dump and pg_restore's handling of non-seekable archive files. This is important for proper functioning of parallel restore. - Improve parallel pg_restore's ability to cope with selective restore (-L option). The original code tended to fail if the -L file commanded a non-default restore ordering. - Fix ecpg to process data from RETURNING clauses correctly. - Fix some memory leaks in ecpg. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. Checksums-Sha1: eb24f3e36c90c9753228a4858b2f4e0d2443da4f 183066 libpq-dev_8.4.5-0ubuntu10.04_armel.deb 03156548f85f03563c96c5e4e8b75fe217e8dc23 2063584 postgresql-8.4_8.4.5-0ubuntu10.04_armel_translations.tar.gz 563adcb9992fe624d2eaa020674b16f600d16fcf 76364 libpq5_8.4.5-0ubuntu10.04_armel.deb 5a9029b958bbde9d2f3d17bacf977352842ec968 30028 libecpg6_8.4.5-0ubuntu10.04_armel.deb 07b36d5a737d144f8ce0071db94906578da9e331 222306 libecpg-dev_8.4.5-0ubuntu10.04_armel.deb 6668c5c659530cfc1b60d2fd52067b11b52c81ff 9796 libecpg-compat3_8.4.5-0ubuntu10.04_armel.deb bf5f747c1047ff12147e6678f4d952cce638451e 46786 libpgtypes3_8.4.5-0ubuntu10.04_armel.deb 0bc31f306c2cb48f83a493fe0eeb08ecded5f9e5 3773268 postgresql-8.4_8.4.5-0ubuntu10.04_armel.deb 02b5c9773041039b3d113a562b9b198452bfdeff 749020 postgresql-client-8.4_8.4.5-0ubuntu10.04_armel.deb 5ab69560cacf424e720ec92283fa8b7bf1d94c0c 632702 postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_armel.deb 614c6460a8bca541eabb7ab1971bd32abd42d026 354748 postgresql-contrib-8.4_8.4.5-0ubuntu10.04_armel.deb 55e7ef5f93274dd4e305a6fdc93ccf880842c0fa 44000 postgresql-plperl-8.4_8.4.5-0ubuntu10.04_armel.deb 03d54a523a0e944c9869640030be3525dbef195d 37654 postgresql-plpython-8.4_8.4.5-0ubuntu10.04_armel.deb 2032b2a1623de7f50a91e233d80fa647be2ebd93 36308 postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_armel.deb Checksums-Sha256: fe626bc7fb1f882fd33845d7d3322fa5a28fe7d451e6fea6646d3fe4711f1674 183066 libpq-dev_8.4.5-0ubuntu10.04_armel.deb fa7f4ea8ba8a874d4a2033c1e0cb25df06b24508a85896bd675fb0d0b2562e0b 2063584 postgresql-8.4_8.4.5-0ubuntu10.04_armel_translations.tar.gz fd22604e630785e9557b834c73e727680034ad5ae5fedf649f954013b37d1b40 76364 libpq5_8.4.5-0ubuntu10.04_armel.deb 0f2bb29eddcee4c0314b1146c5fb22bb7da865235a005b99c5dced346d52fa39 30028 libecpg6_8.4.5-0ubuntu10.04_armel.deb 361207f935634cf5ac28d4b4cf663409ab451e4f2e40a36345ff2b8158b83971 222306 libecpg-dev_8.4.5-0ubuntu10.04_armel.deb 0af18d2ef45b1648d5a294bc50422ff724de20f97beab527953ef86caa40f197 9796 libecpg-compat3_8.4.5-0ubuntu10.04_armel.deb 8c39c2acd065d6296d8f9cc122c822375f5f1b99bb45f53a7db667dd90bebc9d 46786 libpgtypes3_8.4.5-0ubuntu10.04_armel.deb 7a49f55f209d508e3b1e23ab79fa6f19947a517fadcc89aa64239fc7d67a2436 3773268 postgresql-8.4_8.4.5-0ubuntu10.04_armel.deb 0d6f0af710461419146f4669d5af3ab1fbe536ae4b24f509096883f3db163481 749020 postgresql-client-8.4_8.4.5-0ubuntu10.04_armel.deb c4bc35142ff216b613def290cc0b157f80ca517c3c99864e51566f753f5f2377 632702 postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_armel.deb 1a8fe5598865fc7f33f68c9c03b731e88a34f51f72cbbec117d5e5141d13cc7a 354748 postgresql-contrib-8.4_8.4.5-0ubuntu10.04_armel.deb 1e9615ff48a960ed3186ccfe2b181ebabf8b2ed945b8f733193534fbe181eb4c 44000 postgresql-plperl-8.4_8.4.5-0ubuntu10.04_armel.deb fbc31297e43a2073099de0436088cb36ad56a3b8f59292078c7c35dd73240b27 37654 postgresql-plpython-8.4_8.4.5-0ubuntu10.04_armel.deb 98b98ed622051072b45e400eaf8a6e706d0253ecc8f1c2b9ff1a6d67c9f4542b 36308 postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_armel.deb Files: 38972a39088a3fa32537bfe9f972a7f0 183066 libdevel optional libpq-dev_8.4.5-0ubuntu10.04_armel.deb 574c7291ff3f2e20116668cfee5114b0 2063584 raw-translations - postgresql-8.4_8.4.5-0ubuntu10.04_armel_translations.tar.gz c97425d13a4c0bb57404bac2f66bb338 76364 libs optional libpq5_8.4.5-0ubuntu10.04_armel.deb cffc2c835fc343af3287391e573d1bf7 30028 libs optional libecpg6_8.4.5-0ubuntu10.04_armel.deb 7d1b1c1f8d3debb52d7d46c481b13c3b 222306 libdevel optional libecpg-dev_8.4.5-0ubuntu10.04_armel.deb 91dcd3801b31ab00839d072388e9715b 9796 libs optional libecpg-compat3_8.4.5-0ubuntu10.04_armel.deb 1d6d76edd593fe90fad779ee53ad76ba 46786 libs optional libpgtypes3_8.4.5-0ubuntu10.04_armel.deb 265fcfd9d2c5f6c4b64b33db8e04d7ac 3773268 database optional postgresql-8.4_8.4.5-0ubuntu10.04_armel.deb c46f2d6bc52676710cacc8caf15c66b9 749020 database optional postgresql-client-8.4_8.4.5-0ubuntu10.04_armel.deb bcdfbb7bebaab0ef7fb8f1bd9045e19d 632702 libdevel optional postgresql-server-dev-8.4_8.4.5-0ubuntu10.04_armel.deb 5652f74ca3a095979c070c23119248d1 354748 database optional postgresql-contrib-8.4_8.4.5-0ubuntu10.04_armel.deb 1f202d2f4ea39a00fac0e6cc115f62a7 44000 database optional postgresql-plperl-8.4_8.4.5-0ubuntu10.04_armel.deb 0bff5b0269f658e5aaac7263045a14a2 37654 database optional postgresql-plpython-8.4_8.4.5-0ubuntu10.04_armel.deb f9b5b29f7359fa32f87713e08ccdb7f0 36308 database optional postgresql-pltcl-8.4_8.4.5-0ubuntu10.04_armel.deb Original-Maintainer: Martin Pitt