lp:ubuntu/feisty-proposed/postgresql-8.2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Martin Pitt on 2008-06-09

* New upstream bug fix release (note that 8.2.8 was never officially
  released due to the discovery of another major bug):
  - Make pg_get_ruledef() parenthesize negative constants.
    Before this fix, a negative constant in a view or rule might be
    dumped as, say, -42::integer, which is subtly incorrect: it should
    be (-42)::integer due to operator precedence rules. Usually this
    would make little difference, but it could interact with another
    recent patch to cause PostgreSQL to reject what had been a valid
    "SELECT DISTINCT" view query. Since this could result in pg_dump
    output failing to reload, it is being treated as a high-priority
    fix.
  - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
    This oversight could lead to problems if the aggregate was later
    involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
  - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
    is correctly checked to see if it's been initialized to all
    non-nulls. Previous versions neglected to check this requirement at all.
  - Fix possible "CREATE TABLE" failure when inheriting the "same"
    constraint from multiple parent relations that inherited that
    constraint from a common ancestor.
  - Fix pg_get_ruledef() to show the alias, if any, attached to the
    target table of an "UPDATE" or "DELETE".
  - Fix GIN bug that could result in a too many LWLocks taken failure.
  - Avoid possible crash when decompressing corrupted data.
  - Repair two places where SIGTERM exit of a backend could leave
    corrupted state in shared memory.
  - Fix conversions between ISO-8859-5 and other encodings to handle
    Cyrillic "Yo" characters (e and E with two dots).
  - Fix several datatype input functions, notably array_in(), that were
    allowing unused bytes in their results to contain uninitialized,
    unpredictable values.
    This could lead to failures in which two apparently identical
    literal values were not seen as equal, resulting in the parser
    complaining about unmatched ORDER BY and DISTINCT expressions.
  - Fix a corner case in regular-expression substring matching.
  - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
  - Fix broken GiST comparison function for "contrib/tsearch2"'s
    tsquery type.
  - Fix possible crashes in "contrib/cube" functions.
  - Fix core dump in "contrib/xml2"'s xpath_table() function when the
    input query returns a NULL value.
 (LP: #238587)

14. By Martin Pitt on 2008-03-18

* New upstream bug fix release: (LP: #203734)
  - Repair potential deadlock between concurrent "VACUUM FULL"
    operations on different system catalogs.
  - Fix longstanding "LISTEN"/"NOTIFY" race condition.
  - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction.
    This was formerly allowed but trying to do it had various
    unpleasant consequences, notably that the originating backend could
    not exit as long as an "UNLISTEN" remained uncommitted.
  - Disallow dropping a temporary table within a prepared transaction
    This was correctly disallowed by 8.1, but the check was
    inadvertently broken in 8.2.
  - Fix rare crash when an error occurs during a query using a hash
    index.
  - Fix memory leaks in certain usages of set-returning functions.
  - Fix input of datetime values for February 29 in years BC.
  - Fix "unrecognized node type" error in some variants of "ALTER
    OWNER".
  - Ensure pg_stat_activity.waiting flag is cleared when a lock wait is
    aborted.
  - Fix pg_ctl to correctly extract the postmaster's port number from
    command-line options. (See Debian #358546)
  - Use "-fwrapv" to defend against possible misoptimization in recent
    gcc versions.
  - Correctly enforce statement_timeout values longer than INT_MAX
    microseconds (about 35 minutes).
  - Fix "unexpected PARAM_SUBLINK ID" planner error when
    constant-folding simplifies a sub-select.
  - Fix logical errors in constraint-exclusion handling of IS NULL and
    NOT expressions.
  - Fix another cause of "failed to build any N-way joins" planner
    errors.
  - Fix incorrect constant propagation in outer-join planning.
  - Fix display of constant expressions in ORDER BY and GROUP BY.
  - Fix libpq to handle NOTICE messages correctly during COPY OUT.
* Remove debian/patches/00upstream-clauseless-joins-regression.patch,
  upstream now.

13. By Martin Pitt on 2008-01-05

* New upstream security/bugfix release:
  - Prevent functions in indexes from executing with the privileges of
    the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
    within a SECURITY DEFINER context. [CVE-2007-6600]
  - Suitably crafted regular-expression patterns could cause crashes,
    infinite or near-infinite looping, and/or massive memory
    consumption, all of which pose denial-of-service hazards for
    applications that accept regex search patterns from untrustworthy
    sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
  - Require non-superusers who use "/contrib/dblink" to use only
    password authentication, as a security measure.
    The fix that appeared for this in 8.2.5 was incomplete, as it
    plugged the hole for only some "dblink" functions. [CVE-2007-6601,
    CVE-2007-3278]
  - Fix bugs in WAL replay for GIN indexes.
  - Fix GIN index build to work properly when maintenance_work_mem is
    4GB or more.
  - Improve planner's handling of LIKE/regex estimation in non-C
    locales.
  - Fix planning-speed problem for deep outer-join nests, as well as
    possible poor choice of join order.
  - Fix planner failure in some cases of WHERE false AND var IN (SELECT
    ...).
  - Make "CREATE TABLE ... SERIAL" and "ALTER SEQUENCE ... OWNED BY"
    not change the currval() state of the sequence.
  - Preserve the tablespace and storage parameters of indexes that are
    rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
  - Make archive recovery always start a new WAL timeline, rather than
    only when a recovery stop time was used. This avoids a corner-case risk
    of trying to overwrite an existing archived copy of the last WAL
    segment, and seems simpler and cleaner than the original definition.
  - Make "VACUUM" not use all of maintenance_work_mem when the table is
    too small for it to be useful.
  - Fix potential crash in translate() when using a multibyte database
    encoding.
  - Make corr() return the correct result for negative correlation
    values.
  - Fix overflow in extract(epoch from interval) for intervals
    exceeding 68 years.
  - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
    a trusted function.
  - Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
    (Marko Kreen)
  - Fix PL/Python to not crash on long exception messages.
  - Fix pg_dump to correctly handle inheritance child tables that have
    default expressions different from their parent's.
  - Fix libpq crash when PGPASSFILE refers to a file that is not a
    plain file.
  - ecpg parser fixes.
  - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
    category in its own right, rather than crashing.
  - Fix tsvector and tsquery output routines to escape backslashes
    correctly. (LP: #146382)
  - Fix crash of to_tsvector() on huge input strings.

12. By Martin Pitt on 2007-09-19

* New upstream bugfix release:
  - Require non-superusers who use "/contrib/dblink" to use only
    password authentication, as a security measure.
    [CVE-2007-3278, CVE-2007-3280]
  - Fix ALTER DOMAIN ADD CONSTRAINT for cases involving domains over
    domains.
  - Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
  - Fix some planner problems with outer joins, notably poor size
    estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL.
  - Allow the interval data type to accept input consisting only of
    milliseconds or microseconds.
  - Allow timezone name to appear before the year in timestamp input.
  - Fixes for GIN indexes used by "/contrib/tsearch2".
  - Speed up rtree index insertion.
  - Fix excessive logging of SSL error messages.
  - Fix logging so that log messages are never interleaved when using
    the syslogger process.
  - Fix crash when log_min_error_statement logging runs out of memory.
  - Fix incorrect handling of some foreign-key corner cases.
  - Fix stddev_pop(numeric) and var_pop(numeric).
  - Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
    process temporary tables of other sessions.
  - Restrict "/contrib/pgstattuple" functions to superusers, for
    security reasons.
  - Do not let "/contrib/intarray" try to make its GIN opclass the
    default (this caused problems at dump/restore).

11. By Martin Pitt on 2007-04-23

* New upstream security/bug fix release:
  - Support explicit placement of the temporary-table schema within
    search_path, and disable searching it for functions and operators.
    This is needed to allow a security-definer function to set a truly
    secure value of search_path. Without it, an unprivileged SQL user
    can use temporary objects to execute code with the privileges of
    the security-definer function (CVE-2007-2138). See "CREATE
    FUNCTION" for more information.
  - Fix to_char() so it properly upper/lower cases localized day or
    month names.
  - "/contrib/tsearch2" crash fixes.
  - Require "COMMIT PREPARED" to be executed in the same database as
    the transaction was prepared in.
  - New traditional (Taiwan) Chinese FAQ.
  - Prevent the statistics collector from writing to disk too
    frequently.
  - Fix potential-data-corruption bug in how "VACUUM FULL" handles
    "UPDATE" chains.
  - Fix bug in domains that use array types.
  - Fix "pg_dump" so it can dump a serial column's sequence using "-t"
    when not also dumping the owning table.
  - Planner fixes, including improving outer join and bitmap scan
    selection logic.
  - Fix possible wrong answers or crash when a PL/pgSQL function tries
    to RETURN from within an EXCEPTION block.
  - Fix PANIC during enlargement of a hash index.
* debian/patches/04-timezone-symlinks.patch: Adapt to slightly changed
  Makefile of 8.2.4.
* Remove debian/patches/12-vacuum-cycle-hang.patch: Fixed upstream.
* debian/control: Set Ubuntu maintainer.

10. By Martin Pitt on 2007-04-04

debian/rules: Do not FTBFS on failed test suite on sparc. sparc throws a
'floating point exception' instead of a 'division by zero' error, which is
fine, but differs from expected string output. Closes: #417160

9. By Martin Pitt on 2007-03-30

* debian/control: Add Perl dependency to p-8.2-plperl, to ensure that
  creating plperl functions works (as opposed to plperlu, which only needs
  libperl). (see bug #412135)
* debian/control: Do not mention nor suggest 'pgdocs' any more in p-doc's
  description since pgdocs is only available for 7.4. (see bug #405097)
* debian/patches/04-timezone-symlinks.patch:
  - Use the timezone database from the system tzdata instead of shipping our
    own. Towards a single authoritative time zone database in Debian and
    Ubuntu... :) (LP: #41159)
  - Drop previous hardlink-to-symlink patch to zic, since that is irrelevant
    now.
  - debian/control: Add tzdata dependency.
* Add debian/patches/12-vacuum-cycle-hang.patch: Properly release our
  semaphore lock before erroring out wit elog() to prevent deadlocks on
  vacuum errors. Thanks to Heikki Linnakangas!
* debian/rules: Have a test suite failure fail the build again. Let's ignore
  the old kernels on the Debian mips[el] buildds for now.

8. By Martin Pitt on 2007-02-08

* New upstream bug fix release to fix regressions in 8.2.2:
  - Remove overly-restrictive check for type length in constraints and
    functional indexes.
  - Fix optimization so MIN/MAX in subqueries can again use indexes.

7. By Martin Pitt on 2007-02-04

* New upstream security and bug fix release:
  - Fix security vulnerabilities that allowed connected users to
    read backend memory.
    The vulnerabilities involve suppressing the normal check that a SQL
    function returns the data type it's declared to, and changing the
    data type of a table column (CVE-2007-0555, CVE-2007-0556). These
    errors can easily be exploited to cause a backend crash, and in
    principle might be used to read database content that the user
    should not be able to access.
  - Fix not-so-rare-anymore bug wherein btree index page splits could
    fail due to choosing an infeasible split point.
  - Properly handle to_char('CC') for years ending in 00.
    Year 2000 is in the twentieth century, not the twenty-first.
  - "/contrib/tsearch2" localization improvements.
  - Fix incorrect permission check in information_schema.key_column_usage
    view.
    The symptom is "relation with OID nnnnn does not exist" errors. To
    get this fix without using "initdb", use "CREATE OR REPLACE VIEW"
    to install the corrected definition found in
    "share/information_schema.sql". Note you will need to do this in
    each database.
  - Improve "VACUUM" performance for databases with many tables.
  - Fix for rare Assert() crash triggered by UNION.
  - Fix potentially incorrect results from index searches using ROW
    inequality conditions.
  - Tighten security of multi-byte character processing for UTF8
    sequences over three bytes long.
  - Fix possible crashes when an already-in-use PL/pgSQL function is
    updated.
  - Improve PL/pgSQL handling of domain types.
  - Fix possible errors in processing PL/pgSQL exception blocks.
* debian/control: postgresql-client-8.2 provides postgresql-client. This
  avoids breaking all the reverse dependencies to p-c when the transitional
  package gets removed.

6. By Martin Pitt on 2007-01-29

* debian/libpq-dev.install: Install missing pg_trace.h.
* debian/control: Remove -contrib's libpg-perl recommendation, nothing in
  -contrib uses it any more. Thanks to Peter Eisentraut for spotting this.
  Closes: #408070
* debian/control: Update -contrib package description for 8.2.
  Closes: #408072