Branches for Dapper

Author: Martin Pitt
Revision Date: 2006-04-10 22:43:11 UTC

* debian/rules:
  - Put --as-needed into LDFLAGS instead of CFLAGS to avoid warnings when
    building extension modules. Closes: #360759
  - Fix a bashism.
* debian/control: Suggest oidentd | ident-server (oidentd prefered since it
  works with IPv6). Closes: #359193
* libecpg-dev: Move manpage to /usr/share/man/man1 where it belongs to.
  Closes: #360817
* debian/rules: Ship the tutorial's Makefile and ship the SQL *.source files
  (not the generated *.sql files) to get the correct path to the built
  libraries. Closes: #360469
* Add debian/patches/13-tutorial-README.patch: Remove confusing note about
  make and point out that p-server-dev-8.1 is required for building the
  tutorial.
* debian/postgresql-contrib-8.1.install, 50-contrib-oracle-enable.patch:
  Move Ora2Pg.pm to /usr/share/postgresql/8.1 and adapt the library search
  path in ora2pg.pl accordingly. Closes: #360818

Author: Martin Pitt
Revision Date: 2010-04-07 19:25:03 UTC

* New upstream bug fix release: (LP: #557408)
  - Add new configuration parameter ssl_renegotiation_limit to control
    how often we do session key renegotiation for an SSL connection.
    This can be set to zero to disable renegotiation completely, which
    may be required if a broken SSL library is used. In particular,
    some vendors are shipping stopgap patches for CVE-2009-3555 that
    cause renegotiation attempts to fail.
  - Fix possible crashes when trying to recover from a failure in
    subtransaction start.
  - Fix server memory leak associated with use of savepoints and a
    client encoding different from server's encoding.
  - Make substring() for bit types treat any negative length as meaning
    "all the rest of the string".
    The previous coding treated only -1 that way, and would produce an
    invalid result value for other negative values, possibly leading to
    a crash (CVE-2010-0442).
  - Fix integer-to-bit-string conversions to handle the first
    fractional byte correctly when the output bit width is wider than
    the given integer by something other than a multiple of 8 bits.
  - Fix some cases of pathologically slow regular expression matching.
  - Fix the STOP WAL LOCATION entry in backup history files to report
    the next WAL segment's name when the end location is exactly at a
    segment boundary.
  - Fix some more cases of temporary-file leakage.
    This corrects a problem introduced in the previous minor release.
    One case that failed is when a plpgsql function returning set is
    called within another function's exception handler.
  - When reading "pg_hba.conf" and related files, do not treat
    @something as a file inclusion request if the @ appears inside
    quote marks; also, never treat @ by itself as a file inclusion
    request.
    This prevents erratic behavior if a role or database name starts
    with @. If you need to include a file whose path name contains
    spaces, you can still do so, but you must write @"/path to/file"
    rather than putting the quotes around the whole construct.
  - Prevent infinite loop on some platforms if a directory is named as
    an inclusion target in "pg_hba.conf" and related files.
  - Fix psql's numericlocale option to not format strings it shouldn't
    in latex and troff output formats.
  - Fix plpgsql failure in one case where a composite column is set to
    NULL.
  - Add volatile markings in PL/Python to avoid possible
    compiler-specific misbehavior.
  - Prevent crash in "contrib/dblink" when too many key columns are
    specified to a dblink_build_sql_- function.
  - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
    management.

Author: Martin Pitt
Revision Date: 2009-12-15 16:01:10 UTC

* New upstream bug fix/security release: (LP: #496923)
  - Protect against indirect security threats caused by index functions
    changing session-local state. This change prevents allegedly-immutable
    index functions from possibly subverting a superuser's session
    (CVE-2009-4136).
  - Reject SSL certificates containing an embedded null byte in the
    common name (CN) field. This prevents unintended matching of a
    certificate to a server or client name during SSL validation
    (CVE-2009-4034).
  - Fix possible crash during backend-startup-time cache initialization.
  - Prevent signals from interrupting VACUUM at unsafe times.
  - Fix possible crash due to integer overflow in hash table size
    calculation.
  - Fix very rare crash in inet/cidr comparisons.
  - Ensure that shared tuple-level locks held by prepared transactions
    are not ignored.
  - Fix premature drop of temporary files used for a cursor that is
    accessed within a subtransaction.
  - Fix PAM password processing to be more robust. The previous code is
    known to fail with the combination of the Linux pam_krb5 PAM module with
    Microsoft Active Directory as the domain controller. It might have
    problems elsewhere too, since it was making unjustified assumptions about
    what arguments the PAM stack would pass to it.
  - Fix processing of ownership dependencies during CREATE OR REPLACE
    FUNCTION.
  - Ensure that Perl arrays are properly converted to PostgreSQL arrays
    when returned by a set-returning PL/Perl function.
    This worked correctly already for non-set-returning functions.
  - Fix rare crash in exception processing in PL/Python.
  - Make the postmaster ignore any application_name parameter in
    connection request packets, to improve compatibility with future
    libpq versions.

Author: Martin Pitt
Revision Date: 2010-04-07 19:25:03 UTC

* New upstream bug fix release: (LP: #557408)
  - Add new configuration parameter ssl_renegotiation_limit to control
    how often we do session key renegotiation for an SSL connection.
    This can be set to zero to disable renegotiation completely, which
    may be required if a broken SSL library is used. In particular,
    some vendors are shipping stopgap patches for CVE-2009-3555 that
    cause renegotiation attempts to fail.
  - Fix possible crashes when trying to recover from a failure in
    subtransaction start.
  - Fix server memory leak associated with use of savepoints and a
    client encoding different from server's encoding.
  - Make substring() for bit types treat any negative length as meaning
    "all the rest of the string".
    The previous coding treated only -1 that way, and would produce an
    invalid result value for other negative values, possibly leading to
    a crash (CVE-2010-0442).
  - Fix integer-to-bit-string conversions to handle the first
    fractional byte correctly when the output bit width is wider than
    the given integer by something other than a multiple of 8 bits.
  - Fix some cases of pathologically slow regular expression matching.
  - Fix the STOP WAL LOCATION entry in backup history files to report
    the next WAL segment's name when the end location is exactly at a
    segment boundary.
  - Fix some more cases of temporary-file leakage.
    This corrects a problem introduced in the previous minor release.
    One case that failed is when a plpgsql function returning set is
    called within another function's exception handler.
  - When reading "pg_hba.conf" and related files, do not treat
    @something as a file inclusion request if the @ appears inside
    quote marks; also, never treat @ by itself as a file inclusion
    request.
    This prevents erratic behavior if a role or database name starts
    with @. If you need to include a file whose path name contains
    spaces, you can still do so, but you must write @"/path to/file"
    rather than putting the quotes around the whole construct.
  - Prevent infinite loop on some platforms if a directory is named as
    an inclusion target in "pg_hba.conf" and related files.
  - Fix psql's numericlocale option to not format strings it shouldn't
    in latex and troff output formats.
  - Fix plpgsql failure in one case where a composite column is set to
    NULL.
  - Add volatile markings in PL/Python to avoid possible
    compiler-specific misbehavior.
  - Prevent crash in "contrib/dblink" when too many key columns are
    specified to a dblink_build_sql_- function.
  - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
    management.