Format: 1.8 Date: Mon, 27 Feb 2012 15:05:31 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: armel armel_translations Version: 8.4.11-0ubuntu0.11.04 Distribution: natty Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 941912 Changes: postgresql-8.4 (8.4.11-0ubuntu0.11.04) natty-security; urgency=low . * New upstream bug fix/security release: (LP: #941912) - Require execute permission on the trigger function for "CREATE TRIGGER". This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) - Remove arbitrary limitation on length of common name in SSL certificates. Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) - Convert newlines to spaces in names written in pg_dump comments. pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) - Fix btree index corruption from insertions concurrent with vacuuming. An index page split caused by an insertion could sometimes cause a concurrently-running "VACUUM" to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. - Update per-column permissions, not only per-table permissions, when changing table owner. Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. - Allow non-existent values for some settings in "ALTER USER/DATABASE SET". Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. - Avoid crashing when we have problems deleting table files post-commit. Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. - Track the OID counter correctly during WAL replay, even when it wraps around. Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. - Fix regular expression back-references with - attached. Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. - Fix recently-introduced memory leak in processing of inet/cidr values. - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a SQL-language function. In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. - Fix I/O-conversion-related memory leaks in plpgsql. - Improve pg_dump's handling of inherited table columns. pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. - Fix pg_restore's direct-to-database mode for INSERT-style table data. Direct-to-database restores from archive files made with "--inserts" or "--column-inserts" options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. - Allow AT option in ecpg DEALLOCATE statements. The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. - Fix error in "contrib/intarray"'s int[] & int[] operator. If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and decrypt_iv(). These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. - Fix one-byte buffer overrun in "contrib/test_parser". The code would try to read one more byte than it should, which would crash in corner cases. Since "contrib/test_parser" is only example code, this is not a security issue in itself, but bad example code is still bad. - Use __sync_lock_test_and_set() for spinlocks on ARM, if available. This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. - Use "-fexcess-precision=standard" option when building with gcc versions that accept it. This prevents assorted scenarios wherein recent versions of gcc will produce creative results. - Allow use of threaded Python on FreeBSD. Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. * Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch, applied upstream. Checksums-Sha1: 639507b2be4337631e3cbb36ffb6d856d9161b8c 182314 libpq-dev_8.4.11-0ubuntu0.11.04_armel.deb d5efff9f9e9e26b568d58c1544b687bf8aff09c0 2278771 postgresql-8.4_8.4.11-0ubuntu0.11.04_armel_translations.tar.gz 7e26e5eb38a7742147c6ce153fcb4e08dc07656e 75204 libpq5_8.4.11-0ubuntu0.11.04_armel.deb eb872ca7a1657f9957189d73015c8de40f9d44dc 29240 libecpg6_8.4.11-0ubuntu0.11.04_armel.deb 4ee737580bcb488c9fbb2d7d82103e218a52a5c2 217592 libecpg-dev_8.4.11-0ubuntu0.11.04_armel.deb a4def7f7ad7b62846bd34f1d8a7a6a5004d63a11 9664 libecpg-compat3_8.4.11-0ubuntu0.11.04_armel.deb a045f516fa0a00863a8c3868be1c708dbdc95f4b 48004 libpgtypes3_8.4.11-0ubuntu0.11.04_armel.deb c8d295c7bb39a8bdfd60127fe616f47960dc7e68 3740986 postgresql-8.4_8.4.11-0ubuntu0.11.04_armel.deb 159f4cb946ee84c469d99c70996ace99d6ab2bf3 741144 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_armel.deb d762c6f5dc8d6749a3eafdcab403f699f271e781 631702 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_armel.deb 01b9ef8d481377e72381c45003e01c1d5d5ee71d 336902 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_armel.deb 5a53de010c0db9f878680d9ef77c9793ba66f1c5 44764 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_armel.deb e4155fba7beacee8c1d3be4faf626970d1ed3d65 38182 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_armel.deb 93f7ac7d6c58f541a6d8e7f8cf6fe5756df0e38a 36864 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_armel.deb Checksums-Sha256: 59fd83ca884ad288613157c297a96e6445aa7be30fb6b37cbcb548c3c36ef97d 182314 libpq-dev_8.4.11-0ubuntu0.11.04_armel.deb 5e9c1dac32323588cc43069b992bd2d8f7a19184ea108e752643cc13867142c5 2278771 postgresql-8.4_8.4.11-0ubuntu0.11.04_armel_translations.tar.gz 856e894e0da08a6d6005f08ac2e49c034920f8a475bd3da4080240279971761f 75204 libpq5_8.4.11-0ubuntu0.11.04_armel.deb 6c1280feaf415d0c10addcf30827a2996ec62f342453208749d578c65291b9f7 29240 libecpg6_8.4.11-0ubuntu0.11.04_armel.deb 3202b19d7bf7c557b0a6904a9ed242743d9f7964899240d7067aba9614eb090f 217592 libecpg-dev_8.4.11-0ubuntu0.11.04_armel.deb 7b2b29b509a0af4d25e7bd183cec694c586beed0cc68b8f4e26a842956303a19 9664 libecpg-compat3_8.4.11-0ubuntu0.11.04_armel.deb a3654fff55bedd1930b6f5e6fac9dd4bf70ea50a104a776543b9e785f1b2b5bb 48004 libpgtypes3_8.4.11-0ubuntu0.11.04_armel.deb 4002e7c0ca5656775e70f1ec26b3be22a47dc037aaf62b040f4a14f0d02280cb 3740986 postgresql-8.4_8.4.11-0ubuntu0.11.04_armel.deb 47b90551d5225f177309febf95996a23895c296bb624f39c229f9b4fdeb7bea8 741144 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_armel.deb 1e3df802c4b8c6c848d5b6c1486a989566bb118bc904ae78ab5a2d275105d1f3 631702 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_armel.deb c4aebd65a523308209633552b8c9ec30a3bbc338e1b663bd4ad630725a47eb00 336902 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_armel.deb 0e03c46fb73c76ab0d1be9b4828d60096a1f272a866bb3c3feffd07693320f14 44764 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_armel.deb 46ddb6281f1662d5c1b88f6f84282c22281d38b5e908ea951d2a26f5a37bb6a3 38182 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_armel.deb 07c53e019101e33ebefd2f82e0275872b89fa778f895b9bddd644702f2721b48 36864 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_armel.deb Files: e229fec119342fdca3bcca3f8e0c79e8 182314 libdevel optional libpq-dev_8.4.11-0ubuntu0.11.04_armel.deb ca0971fbbe69a7cf6374031e03377a5b 2278771 raw-translations - postgresql-8.4_8.4.11-0ubuntu0.11.04_armel_translations.tar.gz d3c1adb6abdb854484ff8a4c3c29648f 75204 libs optional libpq5_8.4.11-0ubuntu0.11.04_armel.deb 28f6dbdc4cfe68865104451543fad8e6 29240 libs optional libecpg6_8.4.11-0ubuntu0.11.04_armel.deb fd990996be51f9e0d497d114c921524e 217592 libdevel optional libecpg-dev_8.4.11-0ubuntu0.11.04_armel.deb cb233828b3ed775259176704132c3ecd 9664 libs optional libecpg-compat3_8.4.11-0ubuntu0.11.04_armel.deb 89df4abfe5681c250357eda0db7073d8 48004 libs optional libpgtypes3_8.4.11-0ubuntu0.11.04_armel.deb e06ae5130c2ba2b871184f794ba481a6 3740986 database optional postgresql-8.4_8.4.11-0ubuntu0.11.04_armel.deb d7450e67ce6af5f7e33d608c063495dc 741144 database optional postgresql-client-8.4_8.4.11-0ubuntu0.11.04_armel.deb 60144350d7df87b1593c99c536cdc93d 631702 libdevel optional postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_armel.deb 1f92bc3dafb8490198278b0b24719e97 336902 database optional postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_armel.deb e8baad01e39b57a6c3506f6de308622b 44764 database optional postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_armel.deb 3ff57c6b0ee3a2712a01562eafbe436b 38182 database optional postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_armel.deb a074f520785a246cbfb8b73971ddc28b 36864 database optional postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_armel.deb Original-Maintainer: Martin Pitt