Format: 1.8 Date: Thu, 16 Aug 2012 17:10:53 -0500 Source: postgresql-8.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: powerpc powerpc_translations Version: 8.4.13-0ubuntu11.04 Distribution: natty Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Jamie Strandboge Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.4 - object-relational SQL database, version 8.4 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.4 - front-end programs for PostgreSQL 8.4 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.4 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.4 - documentation for the PostgreSQL database management system postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming Changes: postgresql-8.4 (8.4.13-0ubuntu11.04) natty-security; urgency=low . * New upstream security/bug fix release: - Prevent access to external files/URLs via XML entity references (Noah Misch, Tom Lane) xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. While the external data wouldn't get returned directly to the user, portions of it could be exposed in error messages if the data didn't parse as valid XML; and in any case the mere ability to check existence of a file might be useful to an attacker. (CVE-2012-3489) - Prevent access to external files/URLs via "contrib/xml2"'s xslt_process() (Peter Eisentraut) libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488) Also, remove xslt_process()'s ability to fetch documents and stylesheets from external files/URLs. While this was a documented "feature", it was long regarded as a bad idea. The fix for CVE-2012-3489 broke that capability, and rather than expend effort on trying to fix it, we're just going to summarily remove it. - Prevent too-early recycling of btree index pages (Noah Misch) When we allowed read-only transactions to skip assigning XIDs, we introduced the possibility that a deleted btree page could be recycled while a read-only transaction was still in flight to it. This would result in incorrect index search results. The probability of such an error occurring in the field seems very low because of the timing requirements, but nonetheless it should be fixed. - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) If "ALTER SEQUENCE" was executed on a freshly created or reset sequence, and then precisely one nextval() call was made on it, and then the server crashed, WAL replay would restore the sequence to a state in which it appeared that no nextval() had been done, thus allowing the first sequence value to be returned again by the next nextval() call. In particular this could manifest for serial columns, since creation of a serial column's sequence includes an "ALTER SEQUENCE OWNED BY" step. - Ensure the "backup_label" file is fsync'd after pg_start_backup() (Dave Kerr) - Back-patch 9.1 improvement to compress the fsync request queue (Robert Haas) This improves performance during checkpoints. The 9.1 change has now seen enough field testing to seem safe to back-patch. - Only allow autovacuum to be auto-canceled by a directly blocked process (Tom Lane) The original coding could allow inconsistent behavior in some cases; in particular, an autovacuum could get canceled after less than deadlock_timeout grace period. - Improve logging of autovacuum cancels (Robert Haas) - Fix log collector so that log_truncate_on_rotation works during the very first log rotation after server start (Tom Lane) - Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT) (Tom Lane) - Ensure that a whole-row reference to a subquery doesn't include any extra GROUP BY or ORDER BY columns (Tom Lane) - Disallow copying whole-row references in CHECK constraints and index definitions during "CREATE TABLE" (Tom Lane) This situation can arise in "CREATE TABLE" with LIKE or INHERITS. The copied whole-row variable was incorrectly labeled with the row type of the original table not the new one. Rejecting the case seems reasonable for LIKE, since the row types might well diverge later. For INHERITS we should ideally allow it, with an implicit coercion to the parent table's row type; but that will require more work than seems safe to back-patch. - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki Linnakangas, Tom Lane) - Fix extraction of common prefixes from regular expressions (Tom Lane) The code could get confused by quantified parenthesized subexpressions, such as ^(foo)?bar. This would lead to incorrect index optimization of searches for such patterns. - Fix bugs with parsing signed "hh":"mm" and "hh":"mm":"ss" fields in interval constants (Amit Kapila, Tom Lane) - Report errors properly in "contrib/xml2"'s xslt_process() (Tom Lane) - Update time zone data files to tzdata release 2012e for DST law changes in Morocco and Tokelau Checksums-Sha1: 30f929455fba4f1424ac17c999dc0c4e831180f1 200038 libpq-dev_8.4.13-0ubuntu11.04_powerpc.deb feb2b7c6f6b6fb6712d4f5e2cd4d7888e04c74c5 2480380 postgresql-8.4_8.4.13-0ubuntu11.04_powerpc_translations.tar.gz 8e289eda9a239a5b120cf8740f762678ba46d0d7 87948 libpq5_8.4.13-0ubuntu11.04_powerpc.deb 31ce61889aed5edf0e27df4e773b362b6291a23e 34304 libecpg6_8.4.13-0ubuntu11.04_powerpc.deb 3267b6ef04ee66744d9566bf565308e6baf093a0 239852 libecpg-dev_8.4.13-0ubuntu11.04_powerpc.deb 9d6642b7f8a5742c01d66bfb2c4a86c7469910e9 10654 libecpg-compat3_8.4.13-0ubuntu11.04_powerpc.deb 24bf8c8a0cc61b4e07763f832d5f3b61d7a32386 53558 libpgtypes3_8.4.13-0ubuntu11.04_powerpc.deb 85eb3a43b20f37d0a0cf7f83737e46558fea17b1 4316384 postgresql-8.4_8.4.13-0ubuntu11.04_powerpc.deb ce2038b2f9e12256fd03a243dedc43cc2b1913f1 821748 postgresql-client-8.4_8.4.13-0ubuntu11.04_powerpc.deb 30d66f2aa713b3d24f19c6d9922e55726f2254de 633968 postgresql-server-dev-8.4_8.4.13-0ubuntu11.04_powerpc.deb cb6947a09039cbe53ff690fc68fb500d6eb1b90b 387982 postgresql-contrib-8.4_8.4.13-0ubuntu11.04_powerpc.deb aedabc6800b9a86f9931303d8017b82e586a814d 47600 postgresql-plperl-8.4_8.4.13-0ubuntu11.04_powerpc.deb 0843a08a956a44ea7bb77c3ba6b1a33ec3f8ba07 41140 postgresql-plpython-8.4_8.4.13-0ubuntu11.04_powerpc.deb 89e55b95763be65682b8913ff857f8ddab07e67c 38970 postgresql-pltcl-8.4_8.4.13-0ubuntu11.04_powerpc.deb Checksums-Sha256: 11913470e77db5f0fe645f5e06bf90f127c8ff7fedd86f0af9be767c3549c23e 200038 libpq-dev_8.4.13-0ubuntu11.04_powerpc.deb 3f050190cecc7a29f4842da5bec575e7c644e1f4169eb6ee90234b168c684c58 2480380 postgresql-8.4_8.4.13-0ubuntu11.04_powerpc_translations.tar.gz 76410e0f76bc3a4a308d3020a64765912db3dae19b88bf1b329ef4b11c615524 87948 libpq5_8.4.13-0ubuntu11.04_powerpc.deb 5fa3ae2c15cd7179e9bb25a18e25c8508253b08eb3d9eb0c23b640ab48470eec 34304 libecpg6_8.4.13-0ubuntu11.04_powerpc.deb e7ea1bd631122bd782d1a1044309f62da6ab8c486469c9516cf397fb54a9f476 239852 libecpg-dev_8.4.13-0ubuntu11.04_powerpc.deb a221c17c7b830e924c6640024f741340db5d8e828f47bc2d32069e0fa2797e2e 10654 libecpg-compat3_8.4.13-0ubuntu11.04_powerpc.deb 820165c3eb31753ed4344bbe7465ab29d304fa2028614e5283c106c12eba85df 53558 libpgtypes3_8.4.13-0ubuntu11.04_powerpc.deb 7e301533aaec51ef82bc02ac1ff8c9879b59a7a617c0ccd83025d4173cc44425 4316384 postgresql-8.4_8.4.13-0ubuntu11.04_powerpc.deb 848a1868c498e9e27769832a6a890b0bd0114e821345e34e940574e5141d729b 821748 postgresql-client-8.4_8.4.13-0ubuntu11.04_powerpc.deb cf505d0936054cb5319be8662346fd00e824f3677a50d8aff8853b1d4ff9275f 633968 postgresql-server-dev-8.4_8.4.13-0ubuntu11.04_powerpc.deb 1ce2b1f336591709d0f656e79b1afcb058bb41056714cc6bed0a18e83dac2208 387982 postgresql-contrib-8.4_8.4.13-0ubuntu11.04_powerpc.deb 498d9363e00f2c8c746db231b5a56bd9e2b15803d334d637d30163b0da031c6d 47600 postgresql-plperl-8.4_8.4.13-0ubuntu11.04_powerpc.deb 1a364bd981953e8eed585ad0679d230f1d73d74789173adc3bd596c53d4ffa81 41140 postgresql-plpython-8.4_8.4.13-0ubuntu11.04_powerpc.deb 9bd8fa23c27417230f1437d09f93f2d945ee83e6b19e8516e5a9e878705ec6c5 38970 postgresql-pltcl-8.4_8.4.13-0ubuntu11.04_powerpc.deb Files: a73ef2e721ede709e1a4825718133b39 200038 libdevel optional libpq-dev_8.4.13-0ubuntu11.04_powerpc.deb 616706ba1675db08d077e2002e1f0e69 2480380 raw-translations - postgresql-8.4_8.4.13-0ubuntu11.04_powerpc_translations.tar.gz adaa02512d1250b22daafb861ac78f96 87948 libs optional libpq5_8.4.13-0ubuntu11.04_powerpc.deb 9706423861cb0efa977441713f176ba2 34304 libs optional libecpg6_8.4.13-0ubuntu11.04_powerpc.deb 107891fb2c3d69585a1d1b72d83a1b7d 239852 libdevel optional libecpg-dev_8.4.13-0ubuntu11.04_powerpc.deb c73e1d40a45798f71be1f3305dfaf85b 10654 libs optional libecpg-compat3_8.4.13-0ubuntu11.04_powerpc.deb b2b97609d1f318017a3c6b1b33cb17df 53558 libs optional libpgtypes3_8.4.13-0ubuntu11.04_powerpc.deb 864f1ef6f325800d99178b96cc2310d2 4316384 database optional postgresql-8.4_8.4.13-0ubuntu11.04_powerpc.deb 4542f190f88d3b6208dc7f0c2fa547f4 821748 database optional postgresql-client-8.4_8.4.13-0ubuntu11.04_powerpc.deb 3b76ad236537741bc80ecdc4b84ecadd 633968 libdevel optional postgresql-server-dev-8.4_8.4.13-0ubuntu11.04_powerpc.deb 9837c25c666335497e3176dea8678838 387982 database optional postgresql-contrib-8.4_8.4.13-0ubuntu11.04_powerpc.deb 42e26897520b72764b68a0df70ac58d8 47600 database optional postgresql-plperl-8.4_8.4.13-0ubuntu11.04_powerpc.deb b926ed09c06187475deba05071790ad0 41140 database optional postgresql-plpython-8.4_8.4.13-0ubuntu11.04_powerpc.deb 0b4c26fe06af909f69a4b8779e5241e7 38970 database optional postgresql-pltcl-8.4_8.4.13-0ubuntu11.04_powerpc.deb Original-Maintainer: Martin Pitt