Branches for Quantal

Author: Martin Pitt
Revision Date: 2012-12-10 15:00:57 UTC

* New upstream bug fix release: (LP: #1088393)
  - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
    Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
    changing the state of an index's pg_index row. This prevents race
    conditions that could cause concurrent sessions to miss updating
    the target index, thus resulting in corrupt concurrently-created
    indexes.
    Also, fix various other operations to ensure that they ignore
    invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
    command. The most important of these is "VACUUM", because an
    auto-vacuum could easily be launched on the table before corrective
    action can be taken to fix or remove the invalid index.
  - Fix buffer locking during WAL replay.
    The WAL replay code was insufficiently careful about locking
    buffers when replaying WAL records that affect more than one page.
    This could result in hot standby queries transiently seeing
    inconsistent states, resulting in wrong answers or unexpected
    failures.
  - See HISTORY/changelog.gz for the other bug fixes.
* Drop 00git_ecpg_array_bounds.patch, fixed upstream.

Author: Martin Pitt
Revision Date: 2013-04-02 11:52:28 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

Author: Martin Pitt
Revision Date: 2013-04-02 11:52:28 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

Author: Martin Pitt
Revision Date: 2012-09-25 05:40:23 UTC

* Urgency medium because of data loss bug fix.
* New upstream bug fix release:
  - Fix persistence marking of shared buffers during WAL replay.
    This mistake can result in buffers not being written out during
    checkpoints, resulting in data corruption if the server later
    crashes without ever having written those buffers. Corruption can
    occur on any server following crash recovery, but it is
    significantly more likely to occur on standby slave servers since
    those perform much more WAL replay. There is a low probability of
    corruption of btree and GIN indexes. There is a much higher
    probability of corruption of table "visibility maps". Fortunately,
    visibility maps are non-critical data in 9.1, so the worst
    consequence of such corruption in 9.1 installations is transient
    inefficiency of vacuuming. Table data proper cannot be corrupted by
    this bug.
    While no index corruption due to this bug is known to have occurred
    in the field, as a precautionary measure it is recommended that
    production installations "REINDEX" all btree and GIN indexes at a
    convenient time after upgrading to 9.1.6.
    Also, if you intend to do an in-place upgrade to 9.2.X, before
    doing so it is recommended to perform a "VACUUM" of all tables
    while having vacuum_freeze_table_age set to zero. This will ensure
    that any lingering wrong data in the visibility maps is corrected
    before 9.2.X can depend on it. vacuum_cost_delay can be adjusted to
    reduce the performance impact of vacuuming, while causing it to
    take longer to finish.
  - See HISTORY/changelog.gz for the other bug fixes.
* debian/rules: Compress all binaries with xz. Thanks Cyril Brulebois!
  (Closes: #688678)