Format: 1.8 Date: Mon, 27 Feb 2012 15:05:31 +0100 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: powerpc powerpc_translations Version: 8.4.11-0ubuntu0.11.04 Distribution: natty Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Launchpad-Bugs-Fixed: 941912 Changes: postgresql-8.4 (8.4.11-0ubuntu0.11.04) natty-security; urgency=low . * New upstream bug fix/security release: (LP: #941912) - Require execute permission on the trigger function for "CREATE TRIGGER". This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) - Remove arbitrary limitation on length of common name in SSL certificates. Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) - Convert newlines to spaces in names written in pg_dump comments. pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) - Fix btree index corruption from insertions concurrent with vacuuming. An index page split caused by an insertion could sometimes cause a concurrently-running "VACUUM" to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. - Update per-column permissions, not only per-table permissions, when changing table owner. Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. - Allow non-existent values for some settings in "ALTER USER/DATABASE SET". Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. - Avoid crashing when we have problems deleting table files post-commit. Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. - Track the OID counter correctly during WAL replay, even when it wraps around. Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. - Fix regular expression back-references with - attached. Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. - Fix recently-introduced memory leak in processing of inet/cidr values. - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a SQL-language function. In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. - Fix I/O-conversion-related memory leaks in plpgsql. - Improve pg_dump's handling of inherited table columns. pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. - Fix pg_restore's direct-to-database mode for INSERT-style table data. Direct-to-database restores from archive files made with "--inserts" or "--column-inserts" options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. - Allow AT option in ecpg DEALLOCATE statements. The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. - Fix error in "contrib/intarray"'s int[] & int[] operator. If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and decrypt_iv(). These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. - Fix one-byte buffer overrun in "contrib/test_parser". The code would try to read one more byte than it should, which would crash in corner cases. Since "contrib/test_parser" is only example code, this is not a security issue in itself, but bad example code is still bad. - Use __sync_lock_test_and_set() for spinlocks on ARM, if available. This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. - Use "-fexcess-precision=standard" option when building with gcc versions that accept it. This prevents assorted scenarios wherein recent versions of gcc will produce creative results. - Allow use of threaded Python on FreeBSD. Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. * Drop 00git_inet_cidr_unpack.patch, 04-armel-tas.patch, applied upstream. Checksums-Sha1: a46811107ddf16046ac2c1894bc9096d57205810 199082 libpq-dev_8.4.11-0ubuntu0.11.04_powerpc.deb 9bb24e016a12434cf7eed9d09dfbb6ea1aa57a9b 2276754 postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc_translations.tar.gz 08d83b7d4e41d372c87dfd5648065316be172f86 86924 libpq5_8.4.11-0ubuntu0.11.04_powerpc.deb 4661b60fe12af665c6cf47f0f4c01d1499422d3d 34302 libecpg6_8.4.11-0ubuntu0.11.04_powerpc.deb bfeb3aed988a7bb4eba2eb561d34eec834bf902e 239798 libecpg-dev_8.4.11-0ubuntu0.11.04_powerpc.deb 96eb49c41f3dc1241f27d0cb939d6cdeac79ec60 10666 libecpg-compat3_8.4.11-0ubuntu0.11.04_powerpc.deb 698dd0770e662381fbe1ffd8a4c21f052791d040 53186 libpgtypes3_8.4.11-0ubuntu0.11.04_powerpc.deb 9b84ae41905d67dd4e5c9ffe1967b9795f5dd501 4312750 postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb eb4081f8e59715be16b204a8c35173bb00e1b567 820582 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb b9d4635795257e19171aeb0453361858e07fa6e0 632110 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb c5d29ac5bcf0ae0a7ef8f4b87ee2d84a35f35fd9 387514 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 8cdd8abbd2d8e6c774b6c5d3356075042569b864 47188 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb ba0bd65f892b3911b995f5b8934cc1f3f2d327ca 40752 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 2457e11dd417583762baecae53567ad6fa3f4c40 38592 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb Checksums-Sha256: 8d9641e52482372efad12ad8569113eea2885208181d4676059cfc111df0a35a 199082 libpq-dev_8.4.11-0ubuntu0.11.04_powerpc.deb 9fb0224725b58309601d9269cc0480b7c1681321592a6929d23bd10fa44ba4a0 2276754 postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc_translations.tar.gz ba6b8442797eabcd56fb5f16d93acaf65e342f9199b2aeafd68507987791dda8 86924 libpq5_8.4.11-0ubuntu0.11.04_powerpc.deb 21ee7cce8c1a5a42d9bf7fa15fa56d0dd26b07e9b044cb30a1c233889e0168af 34302 libecpg6_8.4.11-0ubuntu0.11.04_powerpc.deb af6655ab21e0a5f14fb9fbedd1e89a09c0138af25fcf9cb57622fc720eb70d56 239798 libecpg-dev_8.4.11-0ubuntu0.11.04_powerpc.deb 165a3377b87c9ce527ed58100ace46f781a0a76ea0fa6dd20b7af3fbb44a6b6b 10666 libecpg-compat3_8.4.11-0ubuntu0.11.04_powerpc.deb c530d9d60cc8a20afa258fe5ddbd322a8a515485912919468378a23de609a97e 53186 libpgtypes3_8.4.11-0ubuntu0.11.04_powerpc.deb 96c723dbdf1687741f0c2506f64a3ae728819ce54d9dc2f8f7c245ff39a83634 4312750 postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb e0effdb28dc6bed5c9f30657d9fcd39170729bd60dc054fc60f6abc402f46f66 820582 postgresql-client-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb a0cb098e213d7c6ee2ad12fb42ba4bccfcca18b3863fdfe815689a9df23a767a 632110 postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 6889c4d30ce999f2507766ac69a7f9102b7c823c1b2f0d721bedc8f7c777e330 387514 postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb ee793d7a4b08029bc4bcda19da4eb0137455a1d8a8e627fb8c2b87011b832899 47188 postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 01ced2ef5491edeebbc2ddbb6195b120e66fe9eadc13d27c4e23c6a4db74eb01 40752 postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 91e6aa515e5377a81cb0373d2cf71b6aaabf57e944fe8de792f627a22b7c995c 38592 postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb Files: 06ee3eeb51eb3576f4a2b4a69cfa3c29 199082 libdevel optional libpq-dev_8.4.11-0ubuntu0.11.04_powerpc.deb fdaf4f05b63f345866828eb7b21da0af 2276754 raw-translations - postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc_translations.tar.gz 297f30160e1c0a8b9f6f6df1df7f4f90 86924 libs optional libpq5_8.4.11-0ubuntu0.11.04_powerpc.deb c231eed78b823702e2ae87122f110dbf 34302 libs optional libecpg6_8.4.11-0ubuntu0.11.04_powerpc.deb 9de1641dc835eccac549126cbf4ec39b 239798 libdevel optional libecpg-dev_8.4.11-0ubuntu0.11.04_powerpc.deb 5954885b2e28f80cd43ee906e7fc4a89 10666 libs optional libecpg-compat3_8.4.11-0ubuntu0.11.04_powerpc.deb 103d341f9e18aea4d9b2620650dc6316 53186 libs optional libpgtypes3_8.4.11-0ubuntu0.11.04_powerpc.deb 8962c0ed8b41532f660226f117ba9177 4312750 database optional postgresql-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 151bb44a89a0d709fc5fb50969f84232 820582 database optional postgresql-client-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb a684e804ad901e538dbe65496d2a0984 632110 libdevel optional postgresql-server-dev-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 1f0120695656fa11c954e5c1d93b592b 387514 database optional postgresql-contrib-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 926847b93bcf9f5cfe6c7b310b562285 47188 database optional postgresql-plperl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb 35de729df517e08d8a87b1b871f7bc5b 40752 database optional postgresql-plpython-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb d306310a9469ee5b6b60cf04823975d5 38592 database optional postgresql-pltcl-8.4_8.4.11-0ubuntu0.11.04_powerpc.deb Original-Maintainer: Martin Pitt