Format: 1.8 Date: Mon, 27 Feb 2012 15:05:31 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: amd64 amd64_translations Version: 8.4.11-0ubuntu0.11.04 Distribution: natty Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 941912 Changes: postgresql-8.4 (8.4.11-0ubuntu0.11.04) natty-security; urgency=low . * New upstream bug fix/security release: (LP: #941912) - Require execute permission on the trigger function for "CREATE TRIGGER". This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) - Remove arbitrary limitation on length of common name in SSL certificates. Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) - Convert newlines to spaces in names written in pg_dump comments. pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) - Fix btree index corruption from insertions concurrent with vacuuming. An index page split caused by an insertion could sometimes cause a concurrently-running "VACUUM" to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. - Update per-column permissions, not only per-table permissions, when changing table owner. Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. - Allow non-existent values for some settings in "ALTER USER/DATABASE SET". Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. - Avoid crashing when we have problems deleting table files post-commit. Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. - Track the OID counter correctly during WAL replay, even when it wraps around. Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. - Fix regular expression back-references with - attached. Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. - Fix recently-introduced memory leak in processing of inet/cidr values. - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a SQL-language function. In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. - Fix I/O-conversion-related memory leaks in plpgsql. - Improve pg_dump's handling of inherited table columns. pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. - Fix pg_restore's direct-to-database mode for INSERT-style table data. Direct-to-database restores from archive files made with "--inserts" or "--column-inserts" options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. - Allow AT option in ecpg DEALLOCATE statements. The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. - Fix error in "contrib/intarray"'s int[] & int[] operator. If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and decrypt_iv(). These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. - Fix one-byte buffer overrun in "contrib/test_parser". The code would try to read one more byte than it should, which would crash in corner cases. Since "contrib/test_parser" is only example code, this is not a security issue in itself, but bad example code is still bad. - Use __sync_lock_test_and_set() for spinlocks on ARM, if available. This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. - Use "-fexcess-precision=standard" option when building with gcc versions that accept it. This prevents assorted scenarios wherein recent versions of gcc will produce creative results. - Allow use of threaded Python on FreeBSD. Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. * Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch, applied upstream. Checksums-Sha1: 9cd4eb6c16adfd49f1218bb35e9ecbbd03ed6b69 202860 libpq-dev_8.4.11-0ubuntu0.11.04_amd64.deb 6cde7b53e8d671c9787d7608318b5c6f7f410c05 2274812 postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64_translations.tar.gz 7827981f01a2026cdecb9e1e3c8be5d108f1991d 90512 libpq5_8.4.11-0ubuntu0.11.04_amd64.deb 28fe53232ef793ec95f8438efdd3203ee3ff74d4 33862 libecpg6_8.4.11-0ubuntu0.11.04_amd64.deb ef0ee31e02fcaf66b602b4c899000e4c504af9c9 241474 libecpg-dev_8.4.11-0ubuntu0.11.04_amd64.deb 94db9cd66524962341b17ef3be460089f946b91b 11534 libecpg-compat3_8.4.11-0ubuntu0.11.04_amd64.deb 5764c260cf949f0707061c962db8bd48061b0537 50966 libpgtypes3_8.4.11-0ubuntu0.11.04_amd64.deb f2e6215ef10d518f17a23f9ff16564d77b35fc2f 4047180 postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64.deb c368f7228f8729bd484a47a2804b8492ec2806e4 827606 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 6f38e945fcd9c5f1f84d8d2f10c34266ce8ee91f 636666 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_amd64.deb c2ee4157e81c9397499b7e4459f92a57ff41ead7 409218 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 8c6e91a50be8d06570f0ad75ea9de4d4d7b5026d 48640 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 50d2a42d409a8a2718e524b1923693f788f6e3f4 41754 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_amd64.deb f6b64df927d35df8b236d2c97cf29809a577a6ff 39122 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb Checksums-Sha256: 4c0bad7cf8301631efea40ad07b63d3ddae9c630780f23280d3defaa4467fe62 202860 libpq-dev_8.4.11-0ubuntu0.11.04_amd64.deb 6231b4e40eba7701a7ff05b5cdd2727af360ee7bd79acfac1239a41c960b78eb 2274812 postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64_translations.tar.gz ca2e8d6a6088405d4f6592d87a208ea72e42f5e0da30124174c16f483d030584 90512 libpq5_8.4.11-0ubuntu0.11.04_amd64.deb 0cba010119cc4b8584a0ce9c5156535dad25533ddb4203cdfb9d0b41f2392a6e 33862 libecpg6_8.4.11-0ubuntu0.11.04_amd64.deb b9700e9d353106b4bd4ddab0cc443f6f376e5e72ea15fee4464c94e46e7b9458 241474 libecpg-dev_8.4.11-0ubuntu0.11.04_amd64.deb f2d572618ed4cc1dca87b5e3e99647146340ecc88294d34766d61837e63e28ab 11534 libecpg-compat3_8.4.11-0ubuntu0.11.04_amd64.deb f6a667ee4d55a36f681d53520b6d4965dbae61c5578cddd4830a9a1dd03445cf 50966 libpgtypes3_8.4.11-0ubuntu0.11.04_amd64.deb 7ab540c5b2be4fcf4ac49d35a65c99d2efccd5d794eef3e5f7c9a3373daed8aa 4047180 postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 7ca1e9fd9dcdc66e4bf8a7aa85b4b229270a122bf0897d8b03cf31fdfbc007c0 827606 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 73355871d4897f18af98fca5d6d8b250040a6d8f2c776bcec0101689963ed751 636666 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 37302874a50f6652c7d262057a98aba4727e1cd1003d6a3c857f167b481a1a80 409218 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_amd64.deb d5c90a8cb81025f1b6977ab037dd312e1f7fbd2c57710afb9d9d733ee8e1dd45 48640 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 5f061960250d42197c1207f9941cbe4d2cd3b18924c828ff7d438a63bc68203d 41754 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_amd64.deb c218dce2b161eb12f65f1f480cf16d74392e7cce221999edadaf0979eff09596 39122 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb Files: 6fe36c80b7d427cb1409692834660878 202860 libdevel optional libpq-dev_8.4.11-0ubuntu0.11.04_amd64.deb 6b5c5efb3f3da56c795c77ef6e2b599f 2274812 raw-translations - postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64_translations.tar.gz 287de7bb7dc6bb29bba90fcebb8a1f58 90512 libs optional libpq5_8.4.11-0ubuntu0.11.04_amd64.deb 85d0e508a6b9f0e15ceaa4df95d2165d 33862 libs optional libecpg6_8.4.11-0ubuntu0.11.04_amd64.deb d9bc622cabcfa6c3e2339050af74e86b 241474 libdevel optional libecpg-dev_8.4.11-0ubuntu0.11.04_amd64.deb 3d7de3b0730d6b1f39cf1580341117f5 11534 libs optional libecpg-compat3_8.4.11-0ubuntu0.11.04_amd64.deb e70484b21d5eab7f297b602d5ec5193e 50966 libs optional libpgtypes3_8.4.11-0ubuntu0.11.04_amd64.deb 9e10b58f33dcea30bb55219567062731 4047180 database optional postgresql-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 29798c2e141b666fc092809e7a744709 827606 database optional postgresql-client-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 3415873176421df06ae7bc64773ee930 636666 libdevel optional postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 98316f92f45b9242eb3454446582e961 409218 database optional postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_amd64.deb 063e6e8a860e3802cfdc5495fad1b70c 48640 database optional postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb d4b103066ab54e804ea05fa6139d0ff8 41754 database optional postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_amd64.deb aa705e53400bd87bd3893ec4d7438602 39122 database optional postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_amd64.deb Original-Maintainer: Martin Pitt