Accepted postgresql-8.4 8.4.5-0squeeze1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 Oct 2010 20:41:08 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all amd64
Version: 8.4.5-0squeeze1
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.4 - object-relational SQL database, version 8.4 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.4 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.4 - documentation for the PostgreSQL database management system
postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Changes:
postgresql-8.4 (8.4.5-0squeeze1) testing-proposed-updates; urgency=medium
.
* Urgency medium, since this fixes a security bug (but also a lot of other
bugs, it's not a pinpointed patch).
* New upstream security/bug fix update:
- Use a separate interpreter for each calling SQL userid in PL/Perl
and PL/Tcl.
This change prevents security problems that can be caused by
subverting Perl or Tcl code that will be executed later in the same
session under another SQL user identity (for example, within a
SECURITY DEFINER function). Most scripting languages offer numerous
ways that that might be done, such as redefining standard functions
or operators called by the target function. Without this change,
any SQL user with Perl or Tcl language usage rights can do
essentially anything with the SQL privileges of the target
function's owner.
The cost of this change is that intentional communication among
Perl and Tcl functions becomes more difficult. To provide an escape
hatch, PL/PerlU and PL/TclU functions continue to use only one
interpreter per session. This is not considered a security issue
since all such functions execute at the trust level of a database
superuser already.
It is likely that third-party procedural languages that claim to
offer trusted execution have similar security issues. We advise
contacting the authors of any PL you are depending on for
security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue
(CVE-2010-3433).
- Prevent possible crashes in pg_get_expr() by disallowing it from
being called with an argument that is not one of the system catalog
columns it's intended to be used with.
- Fix incorrect placement of placeholder evaluation.
This bug could result in query outputs being non-null when they
should be null, in cases where the inner side of an outer join is a
sub-select with non-strict expressions in its output list.
- Fix possible duplicate scans of UNION ALL member relations.
- Fix "cannot handle unplanned sub-select" error.
This occurred when a sub-select contains a join alias reference
that expands into an expression containing another sub-select.
- Fix mishandling of whole-row Vars that reference a view or
sub-select and appear within a nested sub-select.
- Fix mishandling of cross-type IN comparisons.
This could result in failures if the planner tried to implement an
IN join with a sort-then-unique-then-plain-join plan.
- Fix computation of "ANALYZE" statistics for tsvector columns.
The original coding could produce incorrect statistics, leading to
poor plan choices later.
- Improve planner's estimate of memory used by array_agg(),
string_agg(), and similar aggregate functions.
The previous drastic underestimate could lead to out-of-memory
failures due to inappropriate choice of a hash-aggregation plan.
- Fix failure to mark cached plans as transient.
If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
progress for one of the referenced tables, it is supposed to be
re-planned once the index is ready for use. This was not happening
reliably.
- Reduce PANIC to ERROR in some occasionally-reported btree failure
cases, and provide additional detail in the resulting error
messages.
This should improve the system's robustness with corrupted indexes.
- Fix incorrect search logic for partial-match queries with GIN
indexes.
Cases involving AND/OR combination of several GIN index conditions
didn't always give the right answer, and were sometimes much slower
than necessary.
- Prevent show_session_authorization() from crashing within
autovacuum processes.
- Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype.
- Fix possible corruption of pending trigger event lists during
subtransaction rollback.
This could lead to a crash or incorrect firing of triggers.
- Fix possible failure when hashing a pass-by-reference function
result.
- Improve merge join's handling of NULLs in the join columns.
A merge join can now stop entirely upon reaching the first NULL, if
the sort order is such that NULLs sort high.
- Take care to fsync the contents of lockfiles (both "postmaster.pid"
and the socket lockfile) while writing them.
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from
succeeding, until the lockfile is manually removed.
- Avoid recursion while assigning XIDs to heavily-nested
subtransactions.
The original coding could result in a crash if there was limited
stack space.
- Avoid holding open old WAL segments in the walwriter process.
The previous coding would prevent removal of no-longer-needed
segments.
- Fix log_line_prefix's %i escape, which could produce junk early in
backend startup.
- Prevent misinterpretation of partially-specified relation options
for TOAST tables.
In particular, fillfactor would be read as zero if any other
reloption had been set for the table, leading to serious bloat.
- Fix inheritance count tracking in "ALTER TABLE ... ADD CONSTRAINT"
- Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
when archiving is enabled.
- Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
be interrupted by query-cancel.
- Improve "CREATE INDEX"'s checking of whether proposed index
expressions are immutable.
- Fix "REASSIGN OWNED" to handle operator classes and families.
- Fix possible core dump when comparing two empty tsquery values.
- Fix LIKE's handling of patterns containing % followed by _.
We've fixed this before, but there were still some
incorrectly-handled cases.
- Re-allow input of Julian dates prior to 0001-01-01 AD.
Input such as 'J100000'::date worked before 8.4, but was
unintentionally broken by added error-checking.
- Fix PL/pgSQL to throw an error, not crash, if a cursor is closed
within a FOR loop that is iterating over that cursor.
- In PL/Python, defend against null pointer results from
PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
- In libpq, fix full SSL certificate verification for the case where
both host and hostaddr are specified.
- Make psql recognize "DISCARD ALL" as a command that should not be
encased in a transaction block in autocommit-off mode.
- Fix some issues in pg_dump's handling of SQL/MED objects.
Notably, pg_dump would always fail if run by a non-superuser, which
was not intended.
- Improve pg_dump and pg_restore's handling of non-seekable archive
files.
This is important for proper functioning of parallel restore.
- Improve parallel pg_restore's ability to cope with selective
restore (-L option).
The original code tended to fail if the -L file commanded a
non-default restore ordering.
- Fix ecpg to process data from RETURNING clauses correctly.
- Fix some memory leaks in ecpg.
- Improve "contrib/dblink"'s handling of tables containing dropped
columns.
- Fix connection leak after "duplicate connection name" errors in
"contrib/dblink".
- Fix "contrib/dblink" to handle connection names longer than 62
bytes correctly.
- Add hstore(text, text) function to "contrib/hstore".
This function is the recommended substitute for the now-deprecated
=> operator. It was back-patched so that future-proofed code can be
used with older server versions. Note that the patch will be
effective only after "contrib/hstore" is installed or reinstalled
in a particular database. Users might prefer to execute the "CREATE
FUNCTION" command by hand, instead.
- Update build infrastructure and documentation to reflect the source
code repository's move from CVS to Git.
* debian/postgresql-8.4.preinst: Add missing debhelper token.
* debian/control: Bump Standards-Version to 3.9.1 (no changes necessary).
Checksums-Sha1:
d1840f1be3a50e0f633e9608f4538c90494a7435 2522 postgresql-8.4_8.4.5-0squeeze1.dsc
17b83944d892f3e592c615184e41d720239ba596 17590296 postgresql-8.4_8.4.5.orig.tar.gz
3829a74f4307c49c31188eb909818e6e56d7050c 39153 postgresql-8.4_8.4.5-0squeeze1.diff.gz
959b66b63ed7c5c657a89e471bd5d3026d3143ab 2127178 postgresql-doc-8.4_8.4.5-0squeeze1_all.deb
6b0b8c3f4306deaeb4c2ad69e58699b0784cdc64 18074 postgresql_8.4.5-0squeeze1_all.deb
156e1dc8bb5129f131a08fb9906b167fc615266c 18042 postgresql-client_8.4.5-0squeeze1_all.deb
21b316ab9e76c12670f844fc22ab2c6b3ea84a06 17884 postgresql-doc_8.4.5-0squeeze1_all.deb
810758060dc15f5c8531b3d0a564d48cca09322d 17942 postgresql-contrib_8.4.5-0squeeze1_all.deb
15bb9d83e30a4ec2a39d1508bb0bef39b514001b 234570 libpq-dev_8.4.5-0squeeze1_amd64.deb
33ba6ec33e95d3b368e177970f0fce91df1c6956 151444 libpq5_8.4.5-0squeeze1_amd64.deb
fe6c1695186b121ad4e5f31f1883fd287c4d9029 87724 libecpg6_8.4.5-0squeeze1_amd64.deb
afd00c2c183daa2870a192c1a3ac6626c2fb2bd4 255502 libecpg-dev_8.4.5-0squeeze1_amd64.deb
d7100a63c3c17063276d3b9b0e38b725a7d44e39 25812 libecpg-compat3_8.4.5-0squeeze1_amd64.deb
d08d5310aba4d22242cb6b34353a779c8d862acd 49472 libpgtypes3_8.4.5-0squeeze1_amd64.deb
e82380c146943950ed868753969cb3046eff655e 5328900 postgresql-8.4_8.4.5-0squeeze1_amd64.deb
5286464aadc0220e9d43ac0a0be3fd2e2efc7946 1468242 postgresql-client-8.4_8.4.5-0squeeze1_amd64.deb
51039d663b604c549fcd85549bf82cdd424b99bf 636450 postgresql-server-dev-8.4_8.4.5-0squeeze1_amd64.deb
cbb4f390d3d19490294b92d4d37c486bf730ece8 428108 postgresql-contrib-8.4_8.4.5-0squeeze1_amd64.deb
a173ed27056a0e9e0b862e318f10bd113c2467a2 54068 postgresql-plperl-8.4_8.4.5-0squeeze1_amd64.deb
fbb1297e5334d9a49e28fa5caf17fab44720eda8 54472 postgresql-plpython-8.4_8.4.5-0squeeze1_amd64.deb
2f9e99d06edbb64fb8db8a2a4392315eb5f8ad83 40674 postgresql-pltcl-8.4_8.4.5-0squeeze1_amd64.deb
Checksums-Sha256:
4148bfee8fbebb53ba69f1751d69f3b09b646838b7d96579c49cf292e4530c2d 2522 postgresql-8.4_8.4.5-0squeeze1.dsc
c2eeb85a871cb7c3f494ce247e729758854e9f4a193fb5aade0e0709e8e466b3 17590296 postgresql-8.4_8.4.5.orig.tar.gz
727997cdfeb2f47865920297bc63da95d46537f5a1db7c98c6da001897b7e3fd 39153 postgresql-8.4_8.4.5-0squeeze1.diff.gz
749d8b92ebd58afef9692620be9af411a21cc72b51439d526a90acbb01827f91 2127178 postgresql-doc-8.4_8.4.5-0squeeze1_all.deb
eeecf94e2b59d680e0a0bb5f96c2687c50cb924b1694d5d0b8b573c2d305cb2a 18074 postgresql_8.4.5-0squeeze1_all.deb
57b35836d6e2d869781d246b3834b144665798f500efd474cb2db2ac59366fe6 18042 postgresql-client_8.4.5-0squeeze1_all.deb
5fccbc1ce6365b2a1b091011fe65bf1048a5bacda7f9745643f22d9ea541c420 17884 postgresql-doc_8.4.5-0squeeze1_all.deb
733541a28cc720bce1cf055854cd58d7e684f8eef7aafad22b8a2486c871242a 17942 postgresql-contrib_8.4.5-0squeeze1_all.deb
8cab38837626f3da0d8957c4a52d33b111b90d2f667661ae01ddb6daa99316b3 234570 libpq-dev_8.4.5-0squeeze1_amd64.deb
6d9d8c32c0ba01aa0c5e9b65334f217356c7d653bb0557ae839921edb89c051f 151444 libpq5_8.4.5-0squeeze1_amd64.deb
32090a4395b11535d8f3a1f097f03e0b0daedeb5e01073ed62d14a3cd3c67e71 87724 libecpg6_8.4.5-0squeeze1_amd64.deb
0b556181109ed2b71388f342af00492330efea17f95a334b3b28bc7a4cc16aa3 255502 libecpg-dev_8.4.5-0squeeze1_amd64.deb
baf41f2ebf6e15ec949f48e5b5429128dea6c554d27f08405add4608821ebc24 25812 libecpg-compat3_8.4.5-0squeeze1_amd64.deb
ae01e47486c8d04ddd256ecef6173fbf3f7b7b9f0c76c6cdd853caece18f1f62 49472 libpgtypes3_8.4.5-0squeeze1_amd64.deb
56e069e578bc462dae2ac819f335d3de66b81815b478a28c54bec2ec8338aeff 5328900 postgresql-8.4_8.4.5-0squeeze1_amd64.deb
1e7b467763389bb62a63538b624093ccb0fa253a51105f368396d617b485ae4c 1468242 postgresql-client-8.4_8.4.5-0squeeze1_amd64.deb
d9d9aa3ba908a8117757db01d6601a8fd641da57c159b78860f83e3395bf7148 636450 postgresql-server-dev-8.4_8.4.5-0squeeze1_amd64.deb
a04cb1a03f123cbb037876bfe2ee6d77148c4f3b7dfbadb7667c96e2c7fb00da 428108 postgresql-contrib-8.4_8.4.5-0squeeze1_amd64.deb
4cf21ee6804dbcf1efa5cd8e65952b37e34a635ce495683b87bde5a77a6cad3e 54068 postgresql-plperl-8.4_8.4.5-0squeeze1_amd64.deb
f5b8f70b75457410baf9e2858e1baf4a8645b899d9746daf6cd9d92ce18fc0fc 54472 postgresql-plpython-8.4_8.4.5-0squeeze1_amd64.deb
9e2773e97df95576d17176434e7f2a4442a17f8ab13068312cc73ce0470658f4 40674 postgresql-pltcl-8.4_8.4.5-0squeeze1_amd64.deb
Files:
e792b1bdaa3c3855b1df2b5111556930 2522 database optional postgresql-8.4_8.4.5-0squeeze1.dsc
8ddea33493bf5cf6f5ea62212bb079df 17590296 database optional postgresql-8.4_8.4.5.orig.tar.gz
f0152a6ca21bee55c083532027fd4e4a 39153 database optional postgresql-8.4_8.4.5-0squeeze1.diff.gz
d8f4c1b9d7035243786ed064588a81c4 2127178 doc optional postgresql-doc-8.4_8.4.5-0squeeze1_all.deb
6500a9bb8274814d7b884e3c405212df 18074 database optional postgresql_8.4.5-0squeeze1_all.deb
a4b37644744d8b7a8f89058e4a37ee67 18042 database optional postgresql-client_8.4.5-0squeeze1_all.deb
6df03c2983aeb051213dacd8634e6310 17884 doc optional postgresql-doc_8.4.5-0squeeze1_all.deb
4c6d217223b8094641c85c10db744b0e 17942 database optional postgresql-contrib_8.4.5-0squeeze1_all.deb
93346654b33b31a734cc48c9d088b170 234570 libdevel optional libpq-dev_8.4.5-0squeeze1_amd64.deb
f71b591af97535cbded4bf6a40855c3a 151444 libs optional libpq5_8.4.5-0squeeze1_amd64.deb
3f9bc03c1045c83a3b55e6e0c576b516 87724 libs optional libecpg6_8.4.5-0squeeze1_amd64.deb
9f59c035855d75d18da1adaa033041b8 255502 libdevel optional libecpg-dev_8.4.5-0squeeze1_amd64.deb
2df66fba94f8e7ebd3c15e04cab04c82 25812 libs optional libecpg-compat3_8.4.5-0squeeze1_amd64.deb
4e7e2dc07243c95c6afb62485f24d2a5 49472 libs optional libpgtypes3_8.4.5-0squeeze1_amd64.deb
99f9d938986b4342bd1d5db59ede991a 5328900 database optional postgresql-8.4_8.4.5-0squeeze1_amd64.deb
7430557cfa4f81c010904fd5754fd222 1468242 database optional postgresql-client-8.4_8.4.5-0squeeze1_amd64.deb
2f67ad0b8f7b2c98391222af6a459267 636450 libdevel optional postgresql-server-dev-8.4_8.4.5-0squeeze1_amd64.deb
234348a97c95ec7697f3030444f75645 428108 database optional postgresql-contrib-8.4_8.4.5-0squeeze1_amd64.deb
f856cebdb8e227836e2f3b0325715911 54068 database optional postgresql-plperl-8.4_8.4.5-0squeeze1_amd64.deb
3b0b47aedd72bc9fb2cc9a9fdbd7a433 54472 database optional postgresql-plpython-8.4_8.4.5-0squeeze1_amd64.deb
a1ded056381d2f45bf6fa1a66af186be 40674 database optional postgresql-pltcl-8.4_8.4.5-0squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMstciAAoJEPmIJawmtHufmekP/0xnoNeR6L25x9GBxltA4Iwy
Qpkn2rP7Qrw4BdBUa5GVKgPTF9tCia+pK2j1TxhiIDKyagdlBrV+IiSO3MsLKFne
Le+J/v6kzeLJEonyAxyxVKpcaLYmCFcmxvrTFrkxuJE16xuHB1qDgpNfpSpEYrbx
YBABQkd9SedhN2Ct5R9jAw1mULjYc1gcX/yK6p+A4MgOF7XJ2rrDa4cAm122LvO2
QPYiqmD+6LALkGfjWG+kCu6UsjHppW8xhc0S3tcqXLgJYf2XO0rbXw0wyQ0bao2+
8ICSQKEPmRYfIBzHHuO57bunTiiYvJOLzsvuXzhWR9xSdLFAZTr3VhTb/aV9cj16
IkPDIQnGD7acLLc0T7bsvJIvc/3TDHRMpuRuioqe55sOTvZRt/8txPke8CKiMhYk
mZQOjlb0pgT3vshZJ0y0DyNlqdPCwwJpG8FJtj9pXuUFhTHbSfvpoCcYjdAAObpE
NbT8e2wdKyUcDhCBoTMrLdEeiLWoChZWh/SnO8j1ZKe1fOE6AT75NT9TUjQiYYGF
XNRIgr73SHAApEoc4NqPJN2nCxAvp10AE4kMeoI5Oyl1DuiV2n9SkGfTJiGcxNUy
28pKPYYQjynJ84+xp4DPUbr9/vGUVAQARKq2j40JRxwd0a1U1wv3jqSWufpmY6KK
hqkCRaMQM0rOYcqLzu0A
=XRZq
-----END PGP SIGNATURE-----
Accepted:
libecpg-compat3_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libecpg-compat3_8.4.5-0squeeze1_amd64.deb
libecpg-dev_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libecpg-dev_8.4.5-0squeeze1_amd64.deb
libecpg6_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libecpg6_8.4.5-0squeeze1_amd64.deb
libpgtypes3_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libpgtypes3_8.4.5-0squeeze1_amd64.deb
libpq-dev_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libpq-dev_8.4.5-0squeeze1_amd64.deb
libpq5_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/libpq5_8.4.5-0squeeze1_amd64.deb
postgresql-8.4_8.4.5-0squeeze1.diff.gz
to main/p/postgresql-8.4/postgresql-8.4_8.4.5-0squeeze1.diff.gz
postgresql-8.4_8.4.5-0squeeze1.dsc
to main/p/postgresql-8.4/postgresql-8.4_8.4.5-0squeeze1.dsc
postgresql-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-client-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-client_8.4.5-0squeeze1_all.deb
to main/p/postgresql-8.4/postgresql-client_8.4.5-0squeeze1_all.deb
postgresql-contrib-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-contrib_8.4.5-0squeeze1_all.deb
to main/p/postgresql-8.4/postgresql-contrib_8.4.5-0squeeze1_all.deb
postgresql-doc-8.4_8.4.5-0squeeze1_all.deb
to main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0squeeze1_all.deb
postgresql-doc_8.4.5-0squeeze1_all.deb
to main/p/postgresql-8.4/postgresql-doc_8.4.5-0squeeze1_all.deb
postgresql-plperl-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-plpython-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-pltcl-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0squeeze1_amd64.deb
postgresql-server-dev-8.4_8.4.5-0squeeze1_amd64.deb
to main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0squeeze1_amd64.deb
postgresql_8.4.5-0squeeze1_all.deb
to main/p/postgresql-8.4/postgresql_8.4.5-0squeeze1_all.deb
Reply to: