Branches for Lucid

Author: Martin Pitt
Revision Date: 2014-07-24 18:17:34 UTC

* New upstream bug fix release: (LP: #1348176)
  - Various data integrity and other bug fixes.
  - Secure Unix-domain sockets of temporary postmasters started during make
     check.
     Any local user able to access the socket file could connect as the
     server's bootstrap superuser, then proceed to execute arbitrary code as
     the operating-system user running the test, as we previously noted in
     CVE-2014-0067. This change defends against that risk by placing the
     server's socket in a temporary, mode 0700 subdirectory of /tmp.
  - See release notes for details:
    http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
  above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
  now.

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

Author: Martin Pitt
Revision Date: 2015-02-06 13:18:20 UTC

* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
  Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
  Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
  Fix possible loss of frontend/backend protocol synchronization after an
  error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
  Fix information leak via constraint-violation error messages
  [CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
  snprintf().

Author: Martin Pitt
Revision Date: 2010-03-13 16:44:46 UTC

* New upstream bug fix release:
  - Add new configuration parameter ssl_renegotiation_limit to control
    how often we do session key renegotiation for an SSL connection.
    This can be set to zero to disable renegotiation completely, which
    may be required if a broken SSL library is used. In particular,
    some vendors are shipping stopgap patches for CVE-2009-3555 that
    cause renegotiation attempts to fail.
  - Fix possible deadlock during backend startup.
  - Fix possible crashes due to not handling errors during relcache
    reload cleanly.
  - Fix possible crash due to use of dangling pointer to a cached plan.
  - Fix possible crash due to overenthusiastic invalidation of cached
    plan for "ROLLBACK".
  - Fix possible crashes when trying to recover from a failure in
    subtransaction start.
  - Fix server memory leak associated with use of savepoints and a
    client encoding different from server's encoding.
  - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
    GIST index page split.
  - Fix bug in WAL redo cleanup method for GIN indexes.
  - Fix incorrect comparison of scan key in GIN index search.
  - Make substring() for bit types treat any negative length as meaning
    "all the rest of the string". The previous coding treated only -1 that
    way, and would produce an invalid result value for other negative
    values, possibly leading to a crash (CVE-2010-0442).
  - Fix integer-to-bit-string conversions to handle the first
    fractional byte correctly when the output bit width is wider than
    the given integer by something other than a multiple of 8 bits.
  - Fix some cases of pathologically slow regular expression matching.
  - Fix bug occurring when trying to inline a SQL function that returns
    a set of a composite type that contains dropped columns.
  - Fix bug with trying to update a field of an element of a
    composite-type array column.
  - Avoid failure when "EXPLAIN" has to print a FieldStore or
    assignment ArrayRef expression.
    These cases can arise now that "EXPLAIN VERBOSE" tries to print
    plan node target lists.
  - Avoid an unnecessary coercion failure in some cases where an
    undecorated literal string appears in a subquery within
    "UNION"/"INTERSECT"/"EXCEPT".
    This fixes a regression for some cases that worked before 8.4.
  - Avoid undesirable rowtype compatibility check failures in some
    cases where a whole-row Var has a rowtype that contains dropped
    columns.
  - Fix the STOP WAL LOCATION entry in backup history files to report
    the next WAL segment's name when the end location is exactly at a
    segment boundary.
  - Always pass the catalog ID to an option validator function
    specified in "CREATE FOREIGN DATA WRAPPER".
  - Fix some more cases of temporary-file leakage.
    This corrects a problem introduced in the previous minor release.
    One case that failed is when a plpgsql function returning set is
    called within another function's exception handler.
  - Add support for doing FULL JOIN ON FALSE.
    This prevents a regression from pre-8.4 releases for some queries
    that can now be simplified to a constant-false join condition.
  - Improve constraint exclusion processing of boolean-variable cases,
    in particular make it possible to exclude a partition that has a
    "bool_column = false" constraint.
  - Prevent treating an INOUT cast as representing binary compatibility.
  - Include column name in the message when warning about inability to
    grant or revoke column-level privileges.
    This is more useful than before and helps to prevent confusion when
    a "REVOKE" generates multiple messages, which formerly appeared to
    be duplicates.
  - When reading "pg_hba.conf" and related files, do not treat
    @something as a file inclusion request if the @ appears inside
    quote marks; also, never treat @ by itself as a file inclusion
    request.
    This prevents erratic behavior if a role or database name starts
    with @. If you need to include a file whose path name contains
    spaces, you can still do so, but you must write @"/path to/file"
    rather than putting the quotes around the whole construct.
  - Prevent infinite loop on some platforms if a directory is named as
    an inclusion target in "pg_hba.conf" and related files.
  - Fix possible infinite loop if SSL_read or SSL_write fails without
    setting errno.
    This is reportedly possible with some Windows versions of openssl.
  - Disallow GSSAPI authentication on local connections, since it
    requires a hostname to function correctly.
  - Protect ecpg against applications freeing strings unexpectedly.
  - Make ecpg report the proper SQLSTATE if the connection disappears.
  - Fix translation of cell contents in psql \d output.
  - Fix psql's numericlocale option to not format strings it shouldn't
    in latex and troff output formats.
  - Fix a small per-query memory leak in psql.
  - Make psql return the correct exit status (3) when ON_ERROR_STOP and
    --single-transaction are both specified and an error occurs during
    the implied "COMMIT".
  - Fix pg_dump's output of permissions for foreign servers.
  - Fix possible crash in parallel pg_restore due to out-of-range
    dependency IDs.
  - Fix plpgsql failure in one case where a composite column is set to
    NULL.
  - Fix possible failure when calling PL/Perl functions from PL/PerlU
    or vice versa.
  - Add volatile markings in PL/Python to avoid possible
    compiler-specific misbehavior>
  - Ensure PL/Tcl initializes the Tcl interpreter.
    The only known symptom of this oversight is that the Tcl clock
    command misbehaves if using Tcl 8.5 or later.
  - Prevent ExecutorEnd from being run on portals created within a
    failed transaction or subtransaction.
    This is known to cause issues when using "contrib/auto_explain".
  - Prevent crash in "contrib/dblink" when too many key columns are
    specified to a dblink_build_sql_- function.
  - Allow zero-dimensional arrays in "contrib/ltree" operations.
    This case was formerly rejected as an error, but it's more
    convenient to treat it the same as a zero-element array. In
    particular this avoids unnecessary failures when an ltree operation
    is applied to the result of ARRAY(SELECT ...) and the sub-select
    returns no rows.
  - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
    management.
* Rebuild against libossp-uuid16. (Closes: #570108, LP: #538284)