Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/postgresql-10
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2018-11-14 23:12:43 UTC 2018-11-14
DSC file for 10.5-1ubuntu3

Author: Ubuntu Git Importer
Author Date: 2018-11-14 23:12:43 UTC

DSC file for 10.5-1ubuntu3

applied/ubuntu/devel 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bc641bf5d374f2e82f8d9366a9bf296da73f676a
Unapplied parent: 29c741b6ac1c77baab14d1886ade2a803b5915ab

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

applied/ubuntu/disco 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bc641bf5d374f2e82f8d9366a9bf296da73f676a
Unapplied parent: 29c741b6ac1c77baab14d1886ade2a803b5915ab

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

applied/ubuntu/disco-devel 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bc641bf5d374f2e82f8d9366a9bf296da73f676a
Unapplied parent: 29c741b6ac1c77baab14d1886ade2a803b5915ab

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

ubuntu/disco-devel 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 51aa14b743c475910188769b1a34a839ebb5f277

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

ubuntu/disco-proposed 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 51aa14b743c475910188769b1a34a839ebb5f277

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

ubuntu/devel 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 51aa14b743c475910188769b1a34a839ebb5f277

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

ubuntu/disco 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-unapplied version 10.5-1ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 51aa14b743c475910188769b1a34a839ebb5f277

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

applied/ubuntu/disco-proposed 2018-11-14 23:03:17 UTC 2018-11-14
Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Author: Adam Conrad
Author Date: 2018-11-14 21:22:31 UTC

Import patches-applied version 10.5-1ubuntu3 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bc641bf5d374f2e82f8d9366a9bf296da73f676a
Unapplied parent: 29c741b6ac1c77baab14d1886ade2a803b5915ab

New changelog entries:
  * Drop mangling of files in debian/libpq-dev that isn't built.
  * Build-depend on libpq-dev and libecpg-dev to find symbols.

applied/ubuntu/cosmic-security 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic...

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 82ac2cb9f6a9b4d2dedbc8743fa1d5e0af86cbad
Unapplied parent: c8e3cb254584b120210a4b98b7347ecc4766d869

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

applied/ubuntu/cosmic-updates 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic...

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 82ac2cb9f6a9b4d2dedbc8743fa1d5e0af86cbad
Unapplied parent: c8e3cb254584b120210a4b98b7347ecc4766d869

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

applied/ubuntu/bionic-devel 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic...

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 1876991dec150e8c0dc6035a1873250e287288ea
Unapplied parent: 55cb0eee53114b8500b7d3066e0f14c75c46e8e3

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/cosmic-updates 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b1ea3f3b9d63caf8d77ff9c0bd5f801db3dace72

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/cosmic-security 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b1ea3f3b9d63caf8d77ff9c0bd5f801db3dace72

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/cosmic-devel 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b1ea3f3b9d63caf8d77ff9c0bd5f801db3dace72

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/bionic-devel 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 37ba6a2e2ea5dac5162d528a2a321c65ac85b6e8

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/bionic-updates 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 37ba6a2e2ea5dac5162d528a2a321c65ac85b6e8

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

ubuntu/bionic-security 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-unapplied version 10.6-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 37ba6a2e2ea5dac5162d528a2a321c65ac85b6e8

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

applied/ubuntu/bionic-security 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic...

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 1876991dec150e8c0dc6035a1873250e287288ea
Unapplied parent: 55cb0eee53114b8500b7d3066e0f14c75c46e8e3

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

applied/ubuntu/bionic-updates 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic...

Author: Marc Deslauriers
Author Date: 2018-11-13 20:18:23 UTC

Import patches-applied version 10.6-0ubuntu0.18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 1876991dec150e8c0dc6035a1873250e287288ea
Unapplied parent: 55cb0eee53114b8500b7d3066e0f14c75c46e8e3

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

applied/ubuntu/cosmic-devel 2018-11-14 18:53:20 UTC 2018-11-14
Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic...

Author: Marc Deslauriers
Author Date: 2018-11-13 19:20:49 UTC

Import patches-applied version 10.6-0ubuntu0.18.10.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 82ac2cb9f6a9b4d2dedbc8743fa1d5e0af86cbad
Unapplied parent: c8e3cb254584b120210a4b98b7347ecc4766d869

New changelog entries:
  * SECURITY UPDATE: Updated to 10.6 to fix security issue.
    - Details about the new release can be found at
      https://www.postgresql.org/docs/10/release-10-6.html
    - CVE-2018-16850

importer/debian/dsc 2018-08-09 16:38:39 UTC 2018-08-09
DSC file for 10.5-1

Author: Ubuntu Git Importer
Author Date: 2018-08-09 16:38:39 UTC

DSC file for 10.5-1

debian/sid 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-unapplied version 10.5-1 to debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-unapplied version 10.5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a441f6f72cfdb717fd2870568c68ba68f2ff6164

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

applied/debian/sid 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-applied version 10.5-1 to applied/debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-applied version 10.5-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bd220a889f9c63027df3f6dfec93aa64089f494
Unapplied parent: e3f396204210135e5976e12d3fdcff9cb163da0a

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

applied/ubuntu/cosmic 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-applied version 10.5-1 to applied/debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-applied version 10.5-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bd220a889f9c63027df3f6dfec93aa64089f494
Unapplied parent: e3f396204210135e5976e12d3fdcff9cb163da0a

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

applied/ubuntu/cosmic-proposed 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-applied version 10.5-1 to applied/debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-applied version 10.5-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bd220a889f9c63027df3f6dfec93aa64089f494
Unapplied parent: e3f396204210135e5976e12d3fdcff9cb163da0a

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

debian/buster 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-unapplied version 10.5-1 to debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-unapplied version 10.5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a441f6f72cfdb717fd2870568c68ba68f2ff6164

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

applied/debian/buster 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-applied version 10.5-1 to applied/debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-applied version 10.5-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bd220a889f9c63027df3f6dfec93aa64089f494
Unapplied parent: e3f396204210135e5976e12d3fdcff9cb163da0a

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

ubuntu/cosmic 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-unapplied version 10.5-1 to debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-unapplied version 10.5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a441f6f72cfdb717fd2870568c68ba68f2ff6164

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

ubuntu/cosmic-proposed 2018-08-09 10:35:30 UTC 2018-08-09
Import patches-unapplied version 10.5-1 to debian/sid

Author: Christoph Berg
Author Date: 2018-08-07 08:56:16 UTC

Import patches-unapplied version 10.5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a441f6f72cfdb717fd2870568c68ba68f2ff6164

New changelog entries:
  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts
      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server. Servers
      allowing peer authentication on local connections are particularly
      vulnerable. Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)
    + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
      FROM ...
      Erroneous expansion of an updatable view could lead to crashes or
      attribute ... has the wrong type errors, if the view's SELECT list
      doesn't match one-to-one with the underlying table's columns.
      Furthermore, this bug could be leveraged to allow updates of columns
      that an attacking user lacks UPDATE privilege for, if that user has
      INSERT and UPDATE privileges for some other column(s) of the table. Any
      user could also use it for disclosure of server memory. (CVE-2018-10925)
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Drop support for tcl8.5.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
    PGXS modules build reproducibly.
  * Add new pgtypes header and symbol.

applied/ubuntu/bionic-proposed 2018-05-24 14:14:09 UTC 2018-05-24
Import patches-applied version 10.4-0ubuntu0.18.04 to applied/ubuntu/bionic-p...

Author: Christian Ehrhardt 
Author Date: 2018-05-08 13:17:41 UTC

Import patches-applied version 10.4-0ubuntu0.18.04 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: aecbc96504600ffda951bce9a5dfd1efc169a683
Unapplied parent: c0806d406f7dd609b3aaa00db26f58f61348fb38

New changelog entries:
  * New upstream release (LP: #1769888)
    - A dump/restore is not required for those running 10.X.
      However, if you use the adminpack extension, you should update it as
      per the first changelog entry of the changelog.
      (CVE-2018-1115)
      Also, if the function marking mistakes mentioned in the first
      changelog entry affect you, you will want to take steps to
      correct your database catalogs.
    - Details about changes can be found at
      https://www.postgresql.org/docs/10/static/release-10-4.html

ubuntu/bionic-proposed 2018-05-24 14:14:09 UTC 2018-05-24
Import patches-unapplied version 10.4-0ubuntu0.18.04 to ubuntu/bionic-proposed

Author: Christian Ehrhardt 
Author Date: 2018-05-08 13:17:41 UTC

Import patches-unapplied version 10.4-0ubuntu0.18.04 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 3c97ca8118bb28a6d31782c67cbee3761fe558d5

New changelog entries:
  * New upstream release (LP: #1769888)
    - A dump/restore is not required for those running 10.X.
      However, if you use the adminpack extension, you should update it as
      per the first changelog entry of the changelog.
      (CVE-2018-1115)
      Also, if the function marking mistakes mentioned in the first
      changelog entry affect you, you will want to take steps to
      correct your database catalogs.
    - Details about changes can be found at
      https://www.postgresql.org/docs/10/static/release-10-4.html

importer/ubuntu/pristine-tar 2018-04-21 09:08:16 UTC 2018-04-21
Initial ubuntu pristine-tar branch.

Author: Ubuntu Git Importer
Author Date: 2018-04-21 09:08:16 UTC

Initial ubuntu pristine-tar branch.

importer/debian/pristine-tar 2018-04-21 08:23:22 UTC 2018-04-21
Initial debian pristine-tar branch.

Author: Ubuntu Git Importer
Author Date: 2018-04-21 08:23:22 UTC

Initial debian pristine-tar branch.

ubuntu/bionic 2018-03-01 16:37:59 UTC 2018-03-01
Import patches-unapplied version 10.3-1 to debian/sid

Author: Christoph Berg
Author Date: 2018-02-27 11:54:34 UTC

Import patches-unapplied version 10.3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 08309b1755673fee6be5f3ab76ac7bc831579a48

New changelog entries:
  * New upstream version.
    If you run an installation in which not all users are mutually
    trusting, or if you maintain an application or extension that is
    intended for use in arbitrary situations, it is strongly recommended
    that you read the documentation changes described in the first changelog
    entry below, and take suitable steps to ensure that your installation or
    code is secure.
    Also, the changes described in the second changelog entry below may
    cause functions used in index expressions or materialized views to fail
    during auto-analyze, or when reloading from a dump. After upgrading,
    monitor the server logs for such problems, and fix affected functions.
    + Document how to configure installations and applications to guard
      against search-path-dependent trojan-horse attacks from other users
      Using a search_path setting that includes any schemas writable by a
      hostile user enables that user to capture control of queries and then
      run arbitrary SQL code with the permissions of the attacked user. While
      it is possible to write queries that are proof against such hijacking,
      it is notationally tedious, and it's very easy to overlook holes.
      Therefore, we now recommend configurations in which no untrusted schemas
      appear in one's search path.
      (CVE-2018-1058)
    + Avoid use of insecure search_path settings in pg_dump and other client
      programs
      pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
      were themselves vulnerable to the type of hijacking described in the
      previous changelog entry; since these applications are commonly run by
      superusers, they present particularly attractive targets. To make them
      secure whether or not the installation as a whole has been secured,
      modify them to include only the pg_catalog schema in their search_path
      settings. Autovacuum worker processes now do the same, as well.
      In cases where user-provided functions are indirectly executed by these
      programs -- for example, user-provided functions in index expressions --
      the tighter search_path may result in errors, which will need to be
      corrected by adjusting those user-provided functions to not assume
      anything about what search path they are invoked under. That has always
      been good practice, but now it will be necessary for correct behavior.
      (CVE-2018-1058)

applied/ubuntu/bionic 2018-03-01 16:37:59 UTC 2018-03-01
Import patches-applied version 10.3-1 to applied/debian/sid

Author: Christoph Berg
Author Date: 2018-02-27 11:54:34 UTC

Import patches-applied version 10.3-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 333aa78c32da34e98e82e50a29126a304c9418ad
Unapplied parent: 5d359f63bf9d334a7605a3c896a0addccbb41b0d

New changelog entries:
  * New upstream version.
    If you run an installation in which not all users are mutually
    trusting, or if you maintain an application or extension that is
    intended for use in arbitrary situations, it is strongly recommended
    that you read the documentation changes described in the first changelog
    entry below, and take suitable steps to ensure that your installation or
    code is secure.
    Also, the changes described in the second changelog entry below may
    cause functions used in index expressions or materialized views to fail
    during auto-analyze, or when reloading from a dump. After upgrading,
    monitor the server logs for such problems, and fix affected functions.
    + Document how to configure installations and applications to guard
      against search-path-dependent trojan-horse attacks from other users
      Using a search_path setting that includes any schemas writable by a
      hostile user enables that user to capture control of queries and then
      run arbitrary SQL code with the permissions of the attacked user. While
      it is possible to write queries that are proof against such hijacking,
      it is notationally tedious, and it's very easy to overlook holes.
      Therefore, we now recommend configurations in which no untrusted schemas
      appear in one's search path.
      (CVE-2018-1058)
    + Avoid use of insecure search_path settings in pg_dump and other client
      programs
      pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
      were themselves vulnerable to the type of hijacking described in the
      previous changelog entry; since these applications are commonly run by
      superusers, they present particularly attractive targets. To make them
      secure whether or not the installation as a whole has been secured,
      modify them to include only the pg_catalog schema in their search_path
      settings. Autovacuum worker processes now do the same, as well.
      In cases where user-provided functions are indirectly executed by these
      programs -- for example, user-provided functions in index expressions --
      the tighter search_path may result in errors, which will need to be
      corrected by adjusting those user-provided functions to not assume
      anything about what search path they are invoked under. That has always
      been good practice, but now it will be necessary for correct behavior.
      (CVE-2018-1058)

applied/debian/experimental 2017-08-31 16:29:29 UTC 2017-08-31
Import patches-applied version 10~beta4-1 to applied/debian/experimental

Author: Christoph Berg
Author Date: 2017-08-29 09:57:43 UTC

Import patches-applied version 10~beta4-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4fb940b26042fe5f5c8bc280c8391a61632f0b2c
Unapplied parent: a8c7a14182863ddb65b30bded7c9ba9563e128c2

New changelog entries:
  * Team upload.
  * Fourth PostgreSQL 10 Beta release.
  * Remove long obsolete --with-krb5 and move c/ldflags to configure switches.
  * Unconditionally use DEB_BUILD_MAINT_OPTIONS=hardening=+all.

debian/experimental 2017-08-31 16:29:29 UTC 2017-08-31
Import patches-unapplied version 10~beta4-1 to debian/experimental

Author: Christoph Berg
Author Date: 2017-08-29 09:57:43 UTC

Import patches-unapplied version 10~beta4-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 64331d6601d8ed220e8c29e24c72cbf16b28afa6

New changelog entries:
  * Team upload.
  * Fourth PostgreSQL 10 Beta release.
  * Remove long obsolete --with-krb5 and move c/ldflags to configure switches.
  * Unconditionally use DEB_BUILD_MAINT_OPTIONS=hardening=+all.

138 of 38 results

Other repositories

Name Last Modified
lp:~paelzer/ubuntu/+source/postgresql-10 2019-03-06
lp:ubuntu/+source/postgresql-10 2018-11-23
12 of 2 results
You can't create new repositories for postgresql-10 in Ubuntu.