Ubuntu
postgresql-9.1 package

New upstream microreleases 9.3.5, 9.1.14, 8.4.22

Bug #1348176 reported by Martin Pitt
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.4 (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
postgresql-9.1 (Ubuntu)
Invalid
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
postgresql-9.3 (Ubuntu)
Fix Released
Medium
Martin Pitt
Trusty
Fix Released
Undecided
Unassigned
Utopic
Fix Released
Medium
Martin Pitt

Bug Description

New postgresql bug fix releases today: http://www.postgresql.org/about/news/1534/

As per the standing MRE these should go into stables.

See original description
Martin Pitt (pitti)
no longer affects: postgresql-8.4 (Ubuntu Precise)
no longer affects: postgresql-8.4 (Ubuntu Trusty)
no longer affects: postgresql-8.4 (Ubuntu Utopic)
Changed in postgresql-8.4 (Ubuntu):
status: New → Invalid
no longer affects: postgresql-9.1 (Ubuntu Lucid)
no longer affects: postgresql-9.1 (Ubuntu Trusty)
no longer affects: postgresql-9.1 (Ubuntu Utopic)
Changed in postgresql-9.1 (Ubuntu):
status: New → Invalid
no longer affects: postgresql-9.3 (Ubuntu Lucid)
no longer affects: postgresql-9.3 (Ubuntu Precise)
Changed in postgresql-9.3 (Ubuntu Utopic):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti)
description: updated
Martin Pitt (pitti)
Changed in postgresql-9.3 (Ubuntu Utopic):
status: In Progress → Fix Committed
Martin Pitt (pitti)
Changed in postgresql-9.3 (Ubuntu Trusty):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.3 - 9.3.5-0ubuntu1

---------------
postgresql-9.3 (9.3.5-0ubuntu1) utopic; urgency=medium

  [ Christoph Berg ]
  * New upstream release. (LP: #1348176)
    + Secure Unix-domain sockets of temporary postmasters started during make
      check (Noah Misch)

      Any local user able to access the socket file could connect as the
      server's bootstrap superuser, then proceed to execute arbitrary code as
      the operating-system user running the test, as we previously noted in
      CVE-2014-0067. This change defends against that risk by placing the
      server's socket in a temporary, mode 0700 subdirectory of /tmp.

  * Remove our pg_regress patches to support --host=/path.
  * Remove the tcl8.6 patch, went upstream.
  * Update Vcs URLs.
 -- Martin Pitt <email address hidden> Thu, 24 Jul 2014 15:14:05 +0200

Changed in postgresql-9.3 (Ubuntu Utopic):
status: Fix Committed → Fix Released
Martin Pitt (pitti)
Changed in postgresql-9.1 (Ubuntu Precise):
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

All updates for stables uploaded to SRU review queues.

Changed in postgresql-8.4 (Ubuntu Lucid):
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

I just uploaded the two missing ones for keeping upgrades working: postgresql-8.4_8.4.22 0ubuntu0.12.04 (precise) and postgresql-9.1 9.1.14-0ubuntu0.14.04 (trusty). Unfortunately I can't resurrect the bug tasks for those.

Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Martin, or anyone else affected,

Accepted postgresql-8.4 into lucid-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.22-0ubuntu0.10.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in postgresql-8.4 (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Martin, or anyone else affected,

Accepted postgresql-8.4 into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.22-0ubuntu0.12.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in postgresql-9.1 (Ubuntu Precise):
status: In Progress → Fix Committed
Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Martin, or anyone else affected,

Accepted postgresql-9.1 into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.14-0ubuntu0.12.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Martin, or anyone else affected,

Accepted postgresql-9.3 into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.5-0ubuntu0.14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in postgresql-9.3 (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Martin, or anyone else affected,

Accepted postgresql-9.1 into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.14-0ubuntu0.14.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Martin Pitt (pitti) wrote :

I'm trying to get back proper bug tasks for the missing 8.4/precise and 9.1/trusty. This requires some extra mangling to work around a Launchpad bug, sorry for the noise.

affects: postgresql-9.1 (Ubuntu) → ubuntu
no longer affects: Ubuntu Precise
affects: ubuntu → postgresql-9.1 (Ubuntu)
Changed in postgresql-8.4 (Ubuntu Precise):
status: New → Fix Committed
Changed in postgresql-9.1 (Ubuntu Precise):
status: New → Fix Committed
no longer affects: postgresql-9.3 (Ubuntu Precise)
affects: postgresql-9.3 (Ubuntu Trusty) → Ubuntu Trusty
no longer affects: Ubuntu Trusty
affects: Ubuntu Utopic → postgresql-9.3 (Ubuntu Utopic)
Changed in postgresql-9.3 (Ubuntu Trusty):
status: New → Fix Committed
no longer affects: postgresql-8.4 (Ubuntu Trusty)
Changed in postgresql-9.1 (Ubuntu Trusty):
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Trusty can now be verified using the autopkgtest: https://jenkins.qa.ubuntu.com/job/trusty-adt-postgresql-9.3/104/
This succeeded, marking v-done.

tags: added: verification-done
tags: added: verification-done-trusty
removed: verification-done
Revision history for this message
Martin Pitt (pitti) wrote :

I successfully ran the p-common test suite in lucid, precise, and trusty. I also installed 9.1 in precise, a test database with a PL/Perl function, dist-upgraded to trusty and confirm that the PL/Perl function still works in the obsolete 9.1 cluster, i. e. the proposed plperl-9.1 works fine.

tags: added: verification-done
removed: verification-done-trusty verification-needed
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of the Stable Release Update for postgresql-8.4 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.22-0ubuntu0.12.04

---------------
postgresql-8.4 (8.4.22-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-8-4-22.html
  * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.
 -- Martin Pitt <email address hidden> Tue, 29 Jul 2014 14:47:30 +0200

Changed in postgresql-8.4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.14-0ubuntu0.12.04

---------------
postgresql-9.1 (9.1.14-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-9-1-14.html
  * Drop pg_regress patches to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.
 -- Martin Pitt <email address hidden> Thu, 24 Jul 2014 18:09:12 +0200

Changed in postgresql-9.1 (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.3 - 9.3.5-0ubuntu0.14.04.1

---------------
postgresql-9.3 (9.3.5-0ubuntu0.14.04.1) trusty-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - pg_upgrade: Users who upgraded to version 9.3 using pg_upgrade may have
      an issue with transaction information which causes VACUUM to eventually
      fail. These users should run the script provided in the release notes to
      determine if their installation is affected, and then take the remedy
      steps outlined there.
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
      check.
      Any local user able to access the socket file could connect as the
      server's bootstrap superuser, then proceed to execute arbitrary code as
      the operating-system user running the test, as we previously noted in
      CVE-2014-0067. This change defends against that risk by placing the
      server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/about/news/1534/
  * Remove pg_regress patches to support --host=/path, obsolete with above
    upstream changes and not applicable any more.
  * Drop tcl8.6 patch, applied upstream.
  * Add missing logrotate test dependency.
 -- Martin Pitt <email address hidden> Thu, 24 Jul 2014 16:13:59 +0200

Changed in postgresql-9.3 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.14-0ubuntu0.14.04

---------------
postgresql-9.1 (9.1.14-0ubuntu0.14.04) trusty-proposed; urgency=medium

  * New upstream bug fix release (LP: #1348176). No effective changes for
    PL/Perl, the version must just be higher than the one in precise, to not
    break upgrades.
  * Drop pg_regress patches to run tests with socket in /tmp, obsolete with
    upstream changes and not applicable any more.
 -- Martin Pitt <email address hidden> Tue, 29 Jul 2014 14:58:28 +0200

Changed in postgresql-9.1 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.22-0ubuntu0.10.04

---------------
postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-8-4-22.html
  * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.
  * Add debian/postgresql-8.4.NEWS to point out that upstream support ends
    now.
 -- Martin Pitt <email address hidden> Thu, 24 Jul 2014 18:17:34 +0200

Changed in postgresql-8.4 (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.