[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted postgresql-9.1 9.1.3-1~bpo60+1 (source all amd64)

Hash: SHA256

Format: 1.8
Date: Fri, 02 Mar 2012 21:24:48 +0100
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source amd64 all
Version: 9.1.3-1~bpo60+1
Distribution: squeeze-backports
Urgency: medium
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Christoph Berg <myon@debian.org>
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.1 - object-relational SQL database, version 9.1 server
 postgresql-9.1-dbg - debug symbols for postgresql-9.1
 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
 postgresql-contrib-9.1 - additional facilities for PostgreSQL
 postgresql-doc-9.1 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
 postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Closes: 656129
 postgresql-9.1 (9.1.3-1~bpo60+1) squeeze-backports; urgency=low
   * Rebuild for squeeze-backports.
 postgresql-9.1 (9.1.3-1) unstable; urgency=medium
   * Urgency medium due to security fixes.
   * New upstream security/bug fix release:
     - Require execute permission on the trigger function for "CREATE
       This missing check could allow another user to execute a trigger
       function with forged input data, by installing it on a table he
       owns. This is only of significance for trigger functions marked
       SECURITY DEFINER, since otherwise trigger functions run as the
       table owner anyway. (CVE-2012-0866)
     - Remove arbitrary limitation on length of common name in SSL
       Both libpq and the server truncated the common name extracted from
       an SSL certificate at 32 bytes. Normally this would cause nothing
       worse than an unexpected verification failure, but there are some
       rather-implausible scenarios in which it might allow one
       certificate holder to impersonate another. The victim would have to
       have a common name exactly 32 bytes long, and the attacker would
       have to persuade a trusted CA to issue a certificate in which the
       common name has that string as a prefix. Impersonating a server
       would also require some additional exploit to redirect client
       connections. (CVE-2012-0867)
     - Convert newlines to spaces in names written in pg_dump comments.
       pg_dump was incautious about sanitizing object names that are
       emitted within SQL comments in its output script. A name containing
       a newline would at least render the script syntactically incorrect.
       Maliciously crafted object names could present a SQL injection risk
       when the script is reloaded. (CVE-2012-0868)
     - Fix btree index corruption from insertions concurrent with
       An index page split caused by an insertion could sometimes cause a
       concurrently-running "VACUUM" to miss removing index entries that
       it should remove. After the corresponding table rows are removed,
       the dangling index entries would cause errors (such as "could not
       read block N in file ...") or worse, silently wrong query results
       after unrelated rows are re-inserted at the now-free table
       locations. This bug has been present since release 8.2, but occurs
       so infrequently that it was not diagnosed until now. If you have
       reason to suspect that it has happened in your database, reindexing
       the affected index will fix things.
     - Fix transient zeroing of shared buffers during WAL replay.
       The replay logic would sometimes zero and refill a shared buffer,
       so that the contents were transiently invalid. In hot standby mode
       this can result in a query that's executing in parallel seeing
       garbage data. Various symptoms could result from that, but the most
       common one seems to be "invalid memory alloc request size".
     - Fix handling of data-modifying WITH subplans in READ COMMITTED
       A WITH clause containing "INSERT"/"UPDATE"/"DELETE" would crash if
       the parent "UPDATE" or "DELETE" command needed to be re-evaluated
       at one or more rows due to concurrent updates in READ COMMITTED
     - Fix corner case in SSI transaction cleanup.
       When finishing up a read-write serializable transaction, a crash
       could occur if all remaining active serializable transactions are
     - Fix postmaster to attempt restart after a hot-standby crash.
       A logic error caused the postmaster to terminate, rather than
       attempt to restart the cluster, if any backend process crashed
       while operating in hot standby mode.
     - Fix "CLUSTER"/"VACUUM FULL" handling of toast values owned by
       recently-updated rows.
       This oversight could lead to "duplicate key value violates unique
       constraint" errors being reported against the toast table's index
       during one of these commands.
     - Update per-column permissions, not only per-table permissions, when
       changing table owner.
       Failure to do this meant that any previously granted column
       permissions were still shown as having been granted by the old
       owner. This meant that neither the new owner nor a superuser could
       revoke the now-untraceable-to-table-owner permissions.
     - Support foreign data wrappers and foreign servers in "REASSIGN
       This command failed with "unexpected classid" errors if it needed
       to change the ownership of any such objects.
     - Allow non-existent values for some settings in "ALTER USER/DATABASE
       Allow default_text_search_config, default_tablespace, and
       temp_tablespaces to be set to names that are not known. This is
       because they might be known in another database where the setting
       is intended to be used, or for the tablespace cases because the
       tablespace might not be created yet. The same issue was previously
       recognized for search_path, and these settings now act like that
     - Fix "unsupported node type" error caused by COLLATE in an "INSERT"
     - Avoid crashing when we have problems deleting table files
       Dropping a table should lead to deleting the underlying disk files
       only after the transaction commits. In event of failure then (for
       instance, because of wrong file permissions) the code is supposed
       to just emit a warning message and go on, since it's too late to
       abort the transaction. This logic got broken as of release 8.4,
       causing such situations to result in a PANIC and an unrestartable
     - Recover from errors occurring during WAL replay of "DROP
       Replay will attempt to remove the tablespace's directories, but
       there are various reasons why this might fail (for example,
       incorrect ownership or permissions on those directories). Formerly
       the replay code would panic, rendering the database unrestartable
       without manual intervention. It seems better to log the problem and
       continue, since the only consequence of failure to remove the
       directories is some wasted disk space.
     - Fix race condition in logging AccessExclusiveLocks for hot standby.
       Sometimes a lock would be logged as being held by "transaction
       zero". This is at least known to produce assertion failures on
       slave servers, and might be the cause of more serious problems.
     - Track the OID counter correctly during WAL replay, even when it
       wraps around.
     - Prevent emitting misleading "consistent recovery state reached" log
       message at the beginning of crash recovery.
     - Fix initial value of pg_stat_replication.replay_location.
     - Fix regular expression back-references with - attached.
       Rather than enforcing an exact string match, the code would
       effectively accept any string that satisfies the pattern
       sub-expression referenced by the back-reference symbol.
       A similar problem still afflicts back-references that are embedded
       in a larger quantified expression, rather than being the immediate
       subject of the quantifier. This will be addressed in a future
       PostgreSQL release.
     - Fix recently-introduced memory leak in processing of inet/cidr
     - Fix planner's ability to push down index-expression restrictions
       through UNION ALL.
     - Fix planning of WITH clauses referenced in "UPDATE"/"DELETE" on an
       inherited table.
       This bug led to "could not find plan for CTE" failures.
     - Fix GIN cost estimation to handle column IN (...) index conditions.
       This oversight would usually lead to crashes if such a condition
       could be used with a GIN index.
     - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a
       SQL-language function.
       In most cases this only led to an assertion failure in
       assert-enabled builds, but worse consequences seem possible.
     - Fix I/O-conversion-related memory leaks in plpgsql.
     - Work around bug in perl's SvPVutf8() function.
       This function crashes when handed a typeglob or certain read-only
       objects such as $^V. Make plperl avoid passing those to it.
     - In pg_dump, don't dump contents of an extension's configuration
       tables if the extension itself is not being dumped.
     - Improve pg_dump's handling of inherited table columns.
       pg_dump mishandled situations where a child column has a different
       default expression than its parent column. If the default is
       textually identical to the parent's default, but not actually the
       same (for instance, because of schema search path differences) it
       would not be recognized as different, so that after dump and
       restore the child would be allowed to inherit the parent's default.
       Child columns that are NOT NULL where their parent is not could
       also be restored subtly incorrectly.
     - Fix pg_restore's direct-to-database mode for INSERT-style table data.
       Direct-to-database restores from archive files made with
       "--inserts" or "--column-inserts" options fail when using
       pg_restore from a release dated September or December 2011, as a
       result of an oversight in a fix for another problem. The archive
       file itself is not at fault, and text-mode output is okay.
     - Teach pg_upgrade to handle renaming of plpython's shared library.
       Upgrading a pre-9.1 database that included plpython would fail
       because of this oversight.
     - Allow pg_upgrade to process tables containing regclass columns.
       Since pg_upgrade now takes care to preserve pg_class OIDs, there
       was no longer any reason for this restriction.
     - Make libpq ignore ENOTDIR errors when looking for an SSL client
       certificate file.
       This allows SSL connections to be established, though without a
       certificate, even when the user's home directory is set to
       something like /dev/null.
     - Fix some more field alignment issues in ecpg's SQLDA area.
     - Allow AT option in ecpg DEALLOCATE statements.
       The infrastructure to support this has been there for awhile, but
       through an oversight there was still an error check rejecting the
     - Do not use the variable name when defining a varchar structure in
     - Fix "contrib/auto_explain"'s JSON output mode to produce valid JSON.
     - Fix error in "contrib/intarray"'s int[] & int[] operator.
       If the smallest integer the two input arrays have in common is 1,
       and there are smaller values in either array, then 1 would be
       incorrectly omitted from the result.
     - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
       These functions failed to report certain types of invalid-input
       errors, and would instead return random garbage values for
       incorrect input.
     - Fix one-byte buffer overrun in "contrib/test_parser".
       The code would try to read one more byte than it should, which
       would crash in corner cases. Since "contrib/test_parser" is only
       example code, this is not a security issue in itself, but bad
       example code is still bad.
     - Use __sync_lock_test_and_set() for spinlocks on ARM, if available.
       This function replaces our previous use of the SWPB instruction,
       which is deprecated and not available on ARMv6 and later. Reports
       suggest that the old code doesn't fail in an obvious way on recent
       ARM boards, but simply doesn't interlock concurrent accesses,
       leading to bizarre failures in multiprocess operation.
     - Use "-fexcess-precision=standard" option when building with gcc
       versions that accept it.
       This prevents assorted scenarios wherein recent versions of gcc
       will produce creative results.
     - Allow use of threaded Python on FreeBSD (Chris Rees)
       Our configure script previously believed that this combination
       wouldn't work; but FreeBSD fixed the problem, so remove that error
   * Drop 00git_inet_cidr_unpack.patch, 01-armel-tas.patch: Applied upstream.
   * debian/watch: Use ftp for checking, thanks Peter Eisentraut.
     (Closes: #656129)
   * debian/control: Bump Standards-Version to 3.9.3. No changes necessary.
 1340ea374ebf2c40eb7db58b0ab64f727a5d2f19 2522 postgresql-9.1_9.1.3-1~bpo60+1.dsc
 1cf3044415df807c08bb8ad8e40e24e8d375cf34 15582454 postgresql-9.1_9.1.3.orig.tar.bz2
 efe3779e819aff2688a5f9b1285145478399200e 30813 postgresql-9.1_9.1.3-1~bpo60+1.debian.tar.gz
 4918c4d013c9f99b3f26effc51bb273587c7937d 601840 libpq-dev_9.1.3-1~bpo60+1_amd64.deb
 5067c21e81ea6ca6bea110a7396dfec2da9df5ba 512720 libpq5_9.1.3-1~bpo60+1_amd64.deb
 c832a138b9adca26ffdd2754b0fd0c8b1062d8e5 459184 libecpg6_9.1.3-1~bpo60+1_amd64.deb
 726ee9b3c75ac230c02f5e7dba16902b1adc7ee9 631036 libecpg-dev_9.1.3-1~bpo60+1_amd64.deb
 7ca2d12f03efe8c1d51fc8f0638b3130dc0b37ff 377880 libecpg-compat3_9.1.3-1~bpo60+1_amd64.deb
 f155979e67abd0aebb896f3cd37b8deb63b41950 402262 libpgtypes3_9.1.3-1~bpo60+1_amd64.deb
 34501b212b84543b795ac3d320b79533e37a5e59 6304636 postgresql-9.1_9.1.3-1~bpo60+1_amd64.deb
 567476004f03861bf342f5c5f0844df2a1c0fe45 8146044 postgresql-9.1-dbg_9.1.3-1~bpo60+1_amd64.deb
 df9a68afc8d3e7468e8f1d69fd3dc4dbe165ef42 1974292 postgresql-client-9.1_9.1.3-1~bpo60+1_amd64.deb
 7fb014acddc9a65da7c5556ce87537ddedd71a5b 1046554 postgresql-server-dev-9.1_9.1.3-1~bpo60+1_amd64.deb
 df0b190a35ad2a9af414303a0491144353b9eded 2903816 postgresql-doc-9.1_9.1.3-1~bpo60+1_all.deb
 44e81874135c8562da3bd8b6f7e0e3a34273af38 837732 postgresql-contrib-9.1_9.1.3-1~bpo60+1_amd64.deb
 a2571fac6104df132c4f1307d7540e140504370d 425278 postgresql-plperl-9.1_9.1.3-1~bpo60+1_amd64.deb
 8ad12f30ca8c822d2c6e3c790adc0cd0d81f235e 408778 postgresql-plpython-9.1_9.1.3-1~bpo60+1_amd64.deb
 260cfddc2afb7b2027774ad610bed520672f8100 408584 postgresql-plpython3-9.1_9.1.3-1~bpo60+1_amd64.deb
 771dbd48a2c9e81735734db6c826dee5ebdc753a 394736 postgresql-pltcl-9.1_9.1.3-1~bpo60+1_amd64.deb
 80399396bbfc5bbd36f4b511c8860dceff17d7191fe574a94cf8323772567600 2522 postgresql-9.1_9.1.3-1~bpo60+1.dsc
 7a79800a624031c1d9bc9cdce73cb40050100ac50a82050cbf7bbbd16ac4d5d5 15582454 postgresql-9.1_9.1.3.orig.tar.bz2
 40550f5a34ee38af1f07ebe67c98288f1fa408ae3b5581de99b23969451f12e6 30813 postgresql-9.1_9.1.3-1~bpo60+1.debian.tar.gz
 b2bad2feaccca6c92137427092867673642cb748182589759d3ea41e1ed40884 601840 libpq-dev_9.1.3-1~bpo60+1_amd64.deb
 d127b5d7d10f5bb937d8b5d04bc792411a0f3fdfdc20bf693c1504c836f7cc28 512720 libpq5_9.1.3-1~bpo60+1_amd64.deb
 19154c7b40b1b63ccbbce94b4b112400970c26f2ec84728faa9364c59966b028 459184 libecpg6_9.1.3-1~bpo60+1_amd64.deb
 7e9ad2e434692115f165d774a688eb46f7c831671dfab2524717905f04c3fdd4 631036 libecpg-dev_9.1.3-1~bpo60+1_amd64.deb
 184408a15d77bc2765aedcf97fb711fd1688b011f68d5f6b9823ed8074c0e8b4 377880 libecpg-compat3_9.1.3-1~bpo60+1_amd64.deb
 6ac575eeb87f0d48b2f9ed501d0b438dc8c311d8aeb8ab3c7036ca0081be9f28 402262 libpgtypes3_9.1.3-1~bpo60+1_amd64.deb
 76bfb3713f5cc88a4109f71ab61839173c38257e99bddc76808596ce886bd497 6304636 postgresql-9.1_9.1.3-1~bpo60+1_amd64.deb
 284b18f345d050c458baee9624c2b959afcc8dbf18fc9eda4f44de7de4417ac8 8146044 postgresql-9.1-dbg_9.1.3-1~bpo60+1_amd64.deb
 d501d55e9d82049fb1d4e6831e7fa19ac752cfed131e3b86a861a20fa0752293 1974292 postgresql-client-9.1_9.1.3-1~bpo60+1_amd64.deb
 ee48e773f438c34c07d89c4f7d21f04845052fd56774e3306ff750d3cbfd29ee 1046554 postgresql-server-dev-9.1_9.1.3-1~bpo60+1_amd64.deb
 53452ccec96ff867104d173550ecaceff828504b9beea6870733a0b737af2810 2903816 postgresql-doc-9.1_9.1.3-1~bpo60+1_all.deb
 9da04d8005e140323a724e942676cd59ded76a8472598c970534dd95f1f9754d 837732 postgresql-contrib-9.1_9.1.3-1~bpo60+1_amd64.deb
 db1da9f9facc669ceaa29bd5276b92ac73753f39540f398e3cbd1622e8c6e3a9 425278 postgresql-plperl-9.1_9.1.3-1~bpo60+1_amd64.deb
 164605a9149cf71ae70f1ce4d139be2aa2bbcbe00653763d5dce97e8e28c2b73 408778 postgresql-plpython-9.1_9.1.3-1~bpo60+1_amd64.deb
 0c29d37cd4e0a9343cd722c13dcecbc4f36780d4270b171e1b2978f40bab703e 408584 postgresql-plpython3-9.1_9.1.3-1~bpo60+1_amd64.deb
 b2641a56cc2b296bd87bc5081b13c4c8258184eff9ac782ae856efc737522da1 394736 postgresql-pltcl-9.1_9.1.3-1~bpo60+1_amd64.deb
 5c432fa9559609a75e4b107e544514ae 2522 database optional postgresql-9.1_9.1.3-1~bpo60+1.dsc
 641e1915f7ebfdc9f138e4c55b6aec0e 15582454 database optional postgresql-9.1_9.1.3.orig.tar.bz2
 284b800ba620507a25cb5a7abc950de1 30813 database optional postgresql-9.1_9.1.3-1~bpo60+1.debian.tar.gz
 c2f6e71d1e4153e5b8bd6e58f833304d 601840 libdevel optional libpq-dev_9.1.3-1~bpo60+1_amd64.deb
 0fea1bfaa5fedb968d605e1c11a44b78 512720 libs optional libpq5_9.1.3-1~bpo60+1_amd64.deb
 4c0ffc0a4f9cf01b71141474c2a16480 459184 libs optional libecpg6_9.1.3-1~bpo60+1_amd64.deb
 3ca54882365004ec552ded082f2888f0 631036 libdevel optional libecpg-dev_9.1.3-1~bpo60+1_amd64.deb
 42b835880000839e6d6e19e137056d9c 377880 libs optional libecpg-compat3_9.1.3-1~bpo60+1_amd64.deb
 525d1cd3442718f6c56d6a004bfd3873 402262 libs optional libpgtypes3_9.1.3-1~bpo60+1_amd64.deb
 9b45a75c0237afb7eec08e2ac7de750e 6304636 database optional postgresql-9.1_9.1.3-1~bpo60+1_amd64.deb
 6f74a7fe44dfe11169d6419e27af60f5 8146044 debug extra postgresql-9.1-dbg_9.1.3-1~bpo60+1_amd64.deb
 2cbecf907c28245826be8fdc9b01dfce 1974292 database optional postgresql-client-9.1_9.1.3-1~bpo60+1_amd64.deb
 daa3f38c71d169871c7623232066cc68 1046554 libdevel optional postgresql-server-dev-9.1_9.1.3-1~bpo60+1_amd64.deb
 b7c07c4070df23db760957fb96d51205 2903816 doc optional postgresql-doc-9.1_9.1.3-1~bpo60+1_all.deb
 97988bc625cd86ba0d06169233b9b1d2 837732 database optional postgresql-contrib-9.1_9.1.3-1~bpo60+1_amd64.deb
 3bab6a57cc9aeb257a656f4616f8751c 425278 database optional postgresql-plperl-9.1_9.1.3-1~bpo60+1_amd64.deb
 af68e63f3ea203976fdc36910e6c532e 408778 database optional postgresql-plpython-9.1_9.1.3-1~bpo60+1_amd64.deb
 61b5fbd666564568e2e1db258c786e73 408584 database optional postgresql-plpython3-9.1_9.1.3-1~bpo60+1_amd64.deb
 3eeae34c3edcafb9b14cc73353f5d249 394736 database optional postgresql-pltcl-9.1_9.1.3-1~bpo60+1_amd64.deb

Version: GnuPG v1.4.10 (GNU/Linux)


  to main/p/postgresql-9.1/libecpg-compat3_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libecpg-dev_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libecpg6_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpgtypes3_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpq-dev_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpq5_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1-dbg_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1_9.1.3-1~bpo60+1.debian.tar.gz
  to main/p/postgresql-9.1/postgresql-9.1_9.1.3-1~bpo60+1.dsc
  to main/p/postgresql-9.1/postgresql-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1_9.1.3.orig.tar.bz2
  to main/p/postgresql-9.1/postgresql-client-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-contrib-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-doc-9.1_9.1.3-1~bpo60+1_all.deb
  to main/p/postgresql-9.1/postgresql-plperl-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-plpython-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-plpython3-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-pltcl-9.1_9.1.3-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-server-dev-9.1_9.1.3-1~bpo60+1_amd64.deb

Reply to: