lp:ubuntu/feisty-proposed/postgresql-8.2
- Get this branch:
- bzr branch lp:ubuntu/feisty-proposed/postgresql-8.2
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 15. By Martin Pitt
-
* New upstream bug fix release (note that 8.2.8 was never officially
released due to the discovery of another major bug):
- Make pg_get_ruledef() parenthesize negative constants.
Before this fix, a negative constant in a view or rule might be
dumped as, say, -42::integer, which is subtly incorrect: it should
be (-42)::integer due to operator precedence rules. Usually this
would make little difference, but it could interact with another
recent patch to cause PostgreSQL to reject what had been a valid
"SELECT DISTINCT" view query. Since this could result in pg_dump
output failing to reload, it is being treated as a high-priority
fix.
- Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
This oversight could lead to problems if the aggregate was later
involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
- Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
is correctly checked to see if it's been initialized to all
non-nulls. Previous versions neglected to check this requirement at all.
- Fix possible "CREATE TABLE" failure when inheriting the "same"
constraint from multiple parent relations that inherited that
constraint from a common ancestor.
- Fix pg_get_ruledef() to show the alias, if any, attached to the
target table of an "UPDATE" or "DELETE".
- Fix GIN bug that could result in a too many LWLocks taken failure.
- Avoid possible crash when decompressing corrupted data.
- Repair two places where SIGTERM exit of a backend could leave
corrupted state in shared memory.
- Fix conversions between ISO-8859-5 and other encodings to handle
Cyrillic "Yo" characters (e and E with two dots).
- Fix several datatype input functions, notably array_in(), that were
allowing unused bytes in their results to contain uninitialized,
unpredictable values.
This could lead to failures in which two apparently identical
literal values were not seen as equal, resulting in the parser
complaining about unmatched ORDER BY and DISTINCT expressions.
- Fix a corner case in regular-expression substring matching.
- Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
- Fix broken GiST comparison function for "contrib/tsearch2" 's
tsquery type.
- Fix possible crashes in "contrib/cube" functions.
- Fix core dump in "contrib/xml2"'s xpath_table() function when the
input query returns a NULL value.
(LP: #238587) - 14. By Martin Pitt
-
* New upstream bug fix release: (LP: #203734)
- Repair potential deadlock between concurrent "VACUUM FULL"
operations on different system catalogs.
- Fix longstanding "LISTEN"/"NOTIFY" race condition.
- Disallow "LISTEN" and "UNLISTEN" within a prepared transaction.
This was formerly allowed but trying to do it had various
unpleasant consequences, notably that the originating backend could
not exit as long as an "UNLISTEN" remained uncommitted.
- Disallow dropping a temporary table within a prepared transaction
This was correctly disallowed by 8.1, but the check was
inadvertently broken in 8.2.
- Fix rare crash when an error occurs during a query using a hash
index.
- Fix memory leaks in certain usages of set-returning functions.
- Fix input of datetime values for February 29 in years BC.
- Fix "unrecognized node type" error in some variants of "ALTER
OWNER".
- Ensure pg_stat_activity. waiting flag is cleared when a lock wait is
aborted.
- Fix pg_ctl to correctly extract the postmaster's port number from
command-line options. (See Debian #358546)
- Use "-fwrapv" to defend against possible misoptimization in recent
gcc versions.
- Correctly enforce statement_timeout values longer than INT_MAX
microseconds (about 35 minutes).
- Fix "unexpected PARAM_SUBLINK ID" planner error when
constant-folding simplifies a sub-select.
- Fix logical errors in constraint-exclusion handling of IS NULL and
NOT expressions.
- Fix another cause of "failed to build any N-way joins" planner
errors.
- Fix incorrect constant propagation in outer-join planning.
- Fix display of constant expressions in ORDER BY and GROUP BY.
- Fix libpq to handle NOTICE messages correctly during COPY OUT.
* Remove debian/patches/ 00upstream- clauseless- joins-regressio n.patch,
upstream now. - 13. By Martin Pitt
-
* New upstream security/bugfix release:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix bugs in WAL replay for GIN indexes.
- Fix GIN index build to work properly when maintenance_work_mem is
4GB or more.
- Improve planner's handling of LIKE/regex estimation in non-C
locales.
- Fix planning-speed problem for deep outer-join nests, as well as
possible poor choice of join order.
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Make "CREATE TABLE ... SERIAL" and "ALTER SEQUENCE ... OWNED BY"
not change the currval() state of the sequence.
- Preserve the tablespace and storage parameters of indexes that are
rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
- Make archive recovery always start a new WAL timeline, rather than
only when a recovery stop time was used. This avoids a corner-case risk
of trying to overwrite an existing archived copy of the last WAL
segment, and seems simpler and cleaner than the original definition.
- Make "VACUUM" not use all of maintenance_work_mem when the table is
too small for it to be useful.
- Fix potential crash in translate() when using a multibyte database
encoding.
- Make corr() return the correct result for negative correlation
values.
- Fix overflow in extract(epoch from interval) for intervals
exceeding 68 years.
- Fix PL/Perl to not fail when a UTF-8 regular expression is used in
a trusted function.
- Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
(Marko Kreen)
- Fix PL/Python to not crash on long exception messages.
- Fix pg_dump to correctly handle inheritance child tables that have
default expressions different from their parent's.
- Fix libpq crash when PGPASSFILE refers to a file that is not a
plain file.
- ecpg parser fixes.
- Make "contrib/tablefunc" 's crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly. (LP: #146382)
- Fix crash of to_tsvector() on huge input strings. - 12. By Martin Pitt
-
* New upstream bugfix release:
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
[CVE-2007-3278, CVE-2007-3280]
- Fix ALTER DOMAIN ADD CONSTRAINT for cases involving domains over
domains.
- Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
- Fix some planner problems with outer joins, notably poor size
estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL.
- Allow the interval data type to accept input consisting only of
milliseconds or microseconds.
- Allow timezone name to appear before the year in timestamp input.
- Fixes for GIN indexes used by "/contrib/tsearch2" .
- Speed up rtree index insertion.
- Fix excessive logging of SSL error messages.
- Fix logging so that log messages are never interleaved when using
the syslogger process.
- Fix crash when log_min_error_statement logging runs out of memory.
- Fix incorrect handling of some foreign-key corner cases.
- Fix stddev_pop(numeric) and var_pop(numeric).
- Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
process temporary tables of other sessions.
- Restrict "/contrib/pgstattuple" functions to superusers, for
security reasons.
- Do not let "/contrib/intarray" try to make its GIN opclass the
default (this caused problems at dump/restore). - 11. By Martin Pitt
-
* New upstream security/bug fix release:
- Support explicit placement of the temporary-table schema within
search_path, and disable searching it for functions and operators.
This is needed to allow a security-definer function to set a truly
secure value of search_path. Without it, an unprivileged SQL user
can use temporary objects to execute code with the privileges of
the security-definer function (CVE-2007-2138). See "CREATE
FUNCTION" for more information.
- Fix to_char() so it properly upper/lower cases localized day or
month names.
- "/contrib/tsearch2" crash fixes.
- Require "COMMIT PREPARED" to be executed in the same database as
the transaction was prepared in.
- New traditional (Taiwan) Chinese FAQ.
- Prevent the statistics collector from writing to disk too
frequently.
- Fix potential-data-corruption bug in how "VACUUM FULL" handles
"UPDATE" chains.
- Fix bug in domains that use array types.
- Fix "pg_dump" so it can dump a serial column's sequence using "-t"
when not also dumping the owning table.
- Planner fixes, including improving outer join and bitmap scan
selection logic.
- Fix possible wrong answers or crash when a PL/pgSQL function tries
to RETURN from within an EXCEPTION block.
- Fix PANIC during enlargement of a hash index.
* debian/patches/ 04-timezone- symlinks. patch: Adapt to slightly changed
Makefile of 8.2.4.
* Remove debian/patches/ 12-vacuum- cycle-hang. patch: Fixed upstream.
* debian/control: Set Ubuntu maintainer. - 10. By Martin Pitt
-
debian/rules: Do not FTBFS on failed test suite on sparc. sparc throws a
'floating point exception' instead of a 'division by zero' error, which is
fine, but differs from expected string output. Closes: #417160 - 9. By Martin Pitt
-
* debian/control: Add Perl dependency to p-8.2-plperl, to ensure that
creating plperl functions works (as opposed to plperlu, which only needs
libperl). (see bug #412135)
* debian/control: Do not mention nor suggest 'pgdocs' any more in p-doc's
description since pgdocs is only available for 7.4. (see bug #405097)
* debian/patches/ 04-timezone- symlinks. patch:
- Use the timezone database from the system tzdata instead of shipping our
own. Towards a single authoritative time zone database in Debian and
Ubuntu... :) (LP: #41159)
- Drop previous hardlink-to-symlink patch to zic, since that is irrelevant
now.
- debian/control: Add tzdata dependency.
* Add debian/patches/ 12-vacuum- cycle-hang. patch: Properly release our
semaphore lock before erroring out wit elog() to prevent deadlocks on
vacuum errors. Thanks to Heikki Linnakangas!
* debian/rules: Have a test suite failure fail the build again. Let's ignore
the old kernels on the Debian mips[el] buildds for now. - 8. By Martin Pitt
-
* New upstream bug fix release to fix regressions in 8.2.2:
- Remove overly-restrictive check for type length in constraints and
functional indexes.
- Fix optimization so MIN/MAX in subqueries can again use indexes. - 7. By Martin Pitt
-
* New upstream security and bug fix release:
- Fix security vulnerabilities that allowed connected users to
read backend memory.
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
- Fix not-so-rare-anymore bug wherein btree index page splits could
fail due to choosing an infeasible split point.
- Properly handle to_char('CC') for years ending in 00.
Year 2000 is in the twentieth century, not the twenty-first.
- "/contrib/tsearch2" localization improvements.
- Fix incorrect permission check in information_schema. key_column_ usage
view.
The symptom is "relation with OID nnnnn does not exist" errors. To
get this fix without using "initdb", use "CREATE OR REPLACE VIEW"
to install the corrected definition found in
"share/information_ schema. sql". Note you will need to do this in
each database.
- Improve "VACUUM" performance for databases with many tables.
- Fix for rare Assert() crash triggered by UNION.
- Fix potentially incorrect results from index searches using ROW
inequality conditions.
- Tighten security of multi-byte character processing for UTF8
sequences over three bytes long.
- Fix possible crashes when an already-in-use PL/pgSQL function is
updated.
- Improve PL/pgSQL handling of domain types.
- Fix possible errors in processing PL/pgSQL exception blocks.
* debian/control: postgresql-client- 8.2 provides postgresql-client. This
avoids breaking all the reverse dependencies to p-c when the transitional
package gets removed. - 6. By Martin Pitt
-
* debian/
libpq-dev. install: Install missing pg_trace.h.
* debian/control: Remove -contrib's libpg-perl recommendation, nothing in
-contrib uses it any more. Thanks to Peter Eisentraut for spotting this.
Closes: #408070
* debian/control: Update -contrib package description for 8.2.
Closes: #408072
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)