Created by James Westby on 2009-07-31 and last modified on 2010-04-08
Get this branch:
bzr branch lp:ubuntu/dapper-proposed/postgresql-8.1
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

21. By Martin Pitt on 2010-04-07

* New upstream bug fix release: (LP: #557408)
  - Add new configuration parameter ssl_renegotiation_limit to control
    how often we do session key renegotiation for an SSL connection.
    This can be set to zero to disable renegotiation completely, which
    may be required if a broken SSL library is used. In particular,
    some vendors are shipping stopgap patches for CVE-2009-3555 that
    cause renegotiation attempts to fail.
  - Fix possible crashes when trying to recover from a failure in
    subtransaction start.
  - Fix server memory leak associated with use of savepoints and a
    client encoding different from server's encoding.
  - Make substring() for bit types treat any negative length as meaning
    "all the rest of the string".
    The previous coding treated only -1 that way, and would produce an
    invalid result value for other negative values, possibly leading to
    a crash (CVE-2010-0442).
  - Fix integer-to-bit-string conversions to handle the first
    fractional byte correctly when the output bit width is wider than
    the given integer by something other than a multiple of 8 bits.
  - Fix some cases of pathologically slow regular expression matching.
  - Fix the STOP WAL LOCATION entry in backup history files to report
    the next WAL segment's name when the end location is exactly at a
    segment boundary.
  - Fix some more cases of temporary-file leakage.
    This corrects a problem introduced in the previous minor release.
    One case that failed is when a plpgsql function returning set is
    called within another function's exception handler.
  - When reading "pg_hba.conf" and related files, do not treat
    @something as a file inclusion request if the @ appears inside
    quote marks; also, never treat @ by itself as a file inclusion
    This prevents erratic behavior if a role or database name starts
    with @. If you need to include a file whose path name contains
    spaces, you can still do so, but you must write @"/path to/file"
    rather than putting the quotes around the whole construct.
  - Prevent infinite loop on some platforms if a directory is named as
    an inclusion target in "pg_hba.conf" and related files.
  - Fix psql's numericlocale option to not format strings it shouldn't
    in latex and troff output formats.
  - Fix plpgsql failure in one case where a composite column is set to
  - Add volatile markings in PL/Python to avoid possible
    compiler-specific misbehavior.
  - Prevent crash in "contrib/dblink" when too many key columns are
    specified to a dblink_build_sql_- function.
  - Fix assorted crashes in "contrib/xml2" caused by sloppy memory

20. By Martin Pitt on 2009-12-15

* New upstream bug fix/security release: (LP: #496923)
  - Protect against indirect security threats caused by index functions
    changing session-local state. This change prevents allegedly-immutable
    index functions from possibly subverting a superuser's session
  - Reject SSL certificates containing an embedded null byte in the
    common name (CN) field. This prevents unintended matching of a
    certificate to a server or client name during SSL validation
  - Fix possible crash during backend-startup-time cache initialization.
  - Prevent signals from interrupting VACUUM at unsafe times.
  - Fix possible crash due to integer overflow in hash table size
  - Fix very rare crash in inet/cidr comparisons.
  - Ensure that shared tuple-level locks held by prepared transactions
    are not ignored.
  - Fix premature drop of temporary files used for a cursor that is
    accessed within a subtransaction.
  - Fix PAM password processing to be more robust. The previous code is
    known to fail with the combination of the Linux pam_krb5 PAM module with
    Microsoft Active Directory as the domain controller. It might have
    problems elsewhere too, since it was making unjustified assumptions about
    what arguments the PAM stack would pass to it.
  - Fix processing of ownership dependencies during CREATE OR REPLACE
  - Ensure that Perl arrays are properly converted to PostgreSQL arrays
    when returned by a set-returning PL/Perl function.
    This worked correctly already for non-set-returning functions.
  - Fix rare crash in exception processing in PL/Python.
  - Make the postmaster ignore any application_name parameter in
    connection request packets, to improve compatibility with future
    libpq versions.

19. By Martin Pitt on 2009-09-16

* New upstream bug fix/security release: (LP: #430544)
    security-definer functions.
    This covers a case that was missed in the previous patch that
    disallowed "SET ROLE" and "SET SESSION AUTHORIZATION" inside
    security-definer functions. (See CVE-2007-6600)
  - Fix handling of sub-SELECTs appearing in the arguments of an
    outer-level aggregate function.
  - Fix hash calculation for data type interval.
    This corrects wrong results for hash joins on interval values. It
    also changes the contents of hash indexes on interval columns. If
    you have any such indexes, you must "REINDEX" them after updating.
  - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
    It was previously handled as 'th' (lowercase).
  - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
    and integer datetimes are in use.
  - Fix calculation of distance between a point and a line segment.
    This led to incorrect results from a number of geometric operators.
  - Fix money data type to work in locales where currency amounts have
    no fractional digits, e.g. Japan.
  - Properly round datetime input like
  - Fix poor choice of page split point in GiST R-tree operator classes
  - Fix portability issues in plperl initialization
  - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
  - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
    number of parameters (twenty)
  - Improve robustness of libpq's code to recover from errors during
  - Avoid including conflicting readline and editline header files when
    both libraries are installed

18. By Marc Deslauriers on 2009-04-06

No change rebuild as a security update as this fixes CVE-2009-0922

17. By Martin Pitt on 2008-01-05

* New upstream security/bugfix release:
  - Prevent functions in indexes from executing with the privileges of
    the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
    within a SECURITY DEFINER context. [CVE-2007-6600]
  - Suitably crafted regular-expression patterns could cause crashes,
    infinite or near-infinite looping, and/or massive memory
    consumption, all of which pose denial-of-service hazards for
    applications that accept regex search patterns from untrustworthy
    sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
  - Require non-superusers who use "/contrib/dblink" to use only
    password authentication, as a security measure.
    The fix that appeared for this in 8.2.5 was incomplete, as it
    plugged the hole for only some "dblink" functions. [CVE-2007-6601,
  - Fix planner failure in some cases of WHERE false AND var IN (SELECT
  - Preserve the tablespace and storage parameters of indexes that are
    rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
  - Make archive recovery always start a new WAL timeline, rather than
    only when a recovery stop time was used. This avoids a corner-case risk
    of trying to overwrite an existing archived copy of the last WAL
    segment, and seems simpler and cleaner than the original definition.
  - Make "VACUUM" not use all of maintenance_work_mem when the table is
    too small for it to be useful.
  - Fix potential crash in translate() when using a multibyte database
  - Fix overflow in extract(epoch from interval) for intervals
    exceeding 68 years.
  - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
    a trusted function.
  - Fix PL/Python to not crash on long exception messages.
  - Fix pg_dump to correctly handle inheritance child tables that have
    default expressions different from their parent's.
  - Fix libpq crash when PGPASSFILE refers to a file that is not a
    plain file.
  - ecpg parser fixes.
  - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
    category in its own right, rather than crashing.
  - Fix tsvector and tsquery output routines to escape backslashes
  - Fix crash of to_tsvector() on huge input strings.
* Use the timezone database from the system tzdata instead of shipping our
  - debian/patches/04-timezone-symlinks.patch: Drop previous
    hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
    the patch with a Makefile change that just symlinks /usr/share/zoneinfo
    to where postgresql previously installed its own tzdata copy.
  - debian/control: Add locales dependency (which contains tzdata in
  - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
    files in the dereferenced directory.
  - debian/postgresql-8.1.postinst: Replace the timezone directory with the
    symlink on upgrades, since dpkg does not do that automatically. Without
    this, we'd end up with an empty timezone directory.

16. By Martin Pitt on 2007-04-23

* New upstream security/bugfix release:
  - Support explicit placement of the temporary-table schema within
    search_path, and disable searching it for functions and operators.
    This is needed to allow a security-definer function to set a truly
    secure value of search_path. Without it, an unprivileged SQL user
    can use temporary objects to execute code with the privileges of
    the security-definer function (CVE-2007-2138). See "CREATE
    FUNCTION" for more information.
  - "/contrib/tsearch2" crash fixes.
  - Require "COMMIT PREPARED" to be executed in the same database as
    the transaction was prepared in.
  - Fix potential-data-corruption bug in how "VACUUM FULL" handles
    "UPDATE" chains.
  - Planner fixes, including improving outer join and bitmap scan
    selection logic.
  - Fix PANIC during enlargement of a hash index (bug introduced in
  - Fix POSIX-style timezone specs to follow new USA DST rules.

15. By Martin Pitt on 2007-02-09

No-change upload, previous upload got lost in a ssh disconnect.

14. By Martin Pitt on 2007-02-06

Add debian/patches/00upstream-zzz-sql-fun-typecheck-regression.patch: Fix
overzealous type checks in some cases. Closes: LP#83505

13. By Martin Pitt on 2007-02-05

* SECURITY UPDATE: Read out arbitrary memory locations from the server,
  local DoS.
* Add debian/patches/00upstream-sql-fun-typecheck.patch:
  - Repair insufficiently careful type checking for SQL-language functions.
    Not only can one trivially crash the backend, but with appropriate
    misuse of pass-by-reference datatypes it is possible to read out
    arbitrary locations in the server process's memory, which could allow
    retrieving database content the user should not be able to see.
  - Discovered by Jeff Trout.
  - Patch backported from 8.1.7 from CVS:
  - CVE-2007-0555
* Add debian/patches/00upstream-table-plan-consistency.patch:
  - Check that a table is still compatible with a previously made query
    plan. Use of ALTER COLUMN TYPE creates a hazard for cached query plans:
    they could contain vars that claim a column has a different type than it
    now has. Not only can one trivially crash the backend, but with
    appropriate misuse of pass-by-reference datatypes it is possible to read
    out arbitrary locations in the server process's memory, which could allow
    retrieving database content the user should not be able to see.
  - Discovered by Jeff Trout.
  - Patch backported from 8.1.7 from CVS:
  - CVE-2007-0556
* Add debian/patches/00upstream-max-utf8-wchar-len.patch:
  - Update various string functions to support the maximum UTF-8 sequence
    length for 4-byte character set to prevent buffer overflows.
  - Patch backported from 8.1.7 from CVS:

12. By Martin Pitt on 2006-10-23

* Add debian/patches/00upstream-disable-update-aggregates.patch:
  - Disallow aggregate functions in UPDATE commands (unless within a
    sub-SELECT). It is disallowed by the SQL spec and causes crashes.
  - Patch backported from 8.1.5:
* Add debian/patches/00upstream-duration-logging-crash.patch:
  - Fix crash in duration logging for a V3-protocol Execute message
    when what's being executed is a COMMIT or ROLLBACK.
  - Patch backported from 8.1.5:
* Add debian/patches/00upstream-unknown-array-coerce.patch:
  - Repair incorrect check for coercion of unknown literal to ANYARRAY,
    which could cause a backend crash.
  - Patch backported from 8.1.5:

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.