lp:ubuntu/feisty-security/postgresql-8.2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

12. By Martin Pitt on 2008-01-11

* Upload 8.2.6 into feisty-security.
* Add debian/patches/00upstream-clauseless-joins-regression.patch:
  - Fix a regression of 8.2.6 wrt. large clauseless joins.
  - Taken from upstream CVS:
    http://archives.postgresql.org/pgsql-committers/2008-01/msg00164.php

11. By Martin Pitt on 2007-04-23

* New upstream security/bug fix release:
  - Support explicit placement of the temporary-table schema within
    search_path, and disable searching it for functions and operators.
    This is needed to allow a security-definer function to set a truly
    secure value of search_path. Without it, an unprivileged SQL user
    can use temporary objects to execute code with the privileges of
    the security-definer function (CVE-2007-2138). See "CREATE
    FUNCTION" for more information.
  - Fix to_char() so it properly upper/lower cases localized day or
    month names.
  - "/contrib/tsearch2" crash fixes.
  - Require "COMMIT PREPARED" to be executed in the same database as
    the transaction was prepared in.
  - New traditional (Taiwan) Chinese FAQ.
  - Prevent the statistics collector from writing to disk too
    frequently.
  - Fix potential-data-corruption bug in how "VACUUM FULL" handles
    "UPDATE" chains.
  - Fix bug in domains that use array types.
  - Fix "pg_dump" so it can dump a serial column's sequence using "-t"
    when not also dumping the owning table.
  - Planner fixes, including improving outer join and bitmap scan
    selection logic.
  - Fix possible wrong answers or crash when a PL/pgSQL function tries
    to RETURN from within an EXCEPTION block.
  - Fix PANIC during enlargement of a hash index.
* debian/patches/04-timezone-symlinks.patch: Adapt to slightly changed
  Makefile of 8.2.4.
* Remove debian/patches/12-vacuum-cycle-hang.patch: Fixed upstream.
* debian/control: Set Ubuntu maintainer.

10. By Martin Pitt on 2007-04-04

debian/rules: Do not FTBFS on failed test suite on sparc. sparc throws a
'floating point exception' instead of a 'division by zero' error, which is
fine, but differs from expected string output. Closes: #417160

9. By Martin Pitt on 2007-03-30

* debian/control: Add Perl dependency to p-8.2-plperl, to ensure that
  creating plperl functions works (as opposed to plperlu, which only needs
  libperl). (see bug #412135)
* debian/control: Do not mention nor suggest 'pgdocs' any more in p-doc's
  description since pgdocs is only available for 7.4. (see bug #405097)
* debian/patches/04-timezone-symlinks.patch:
  - Use the timezone database from the system tzdata instead of shipping our
    own. Towards a single authoritative time zone database in Debian and
    Ubuntu... :) (LP: #41159)
  - Drop previous hardlink-to-symlink patch to zic, since that is irrelevant
    now.
  - debian/control: Add tzdata dependency.
* Add debian/patches/12-vacuum-cycle-hang.patch: Properly release our
  semaphore lock before erroring out wit elog() to prevent deadlocks on
  vacuum errors. Thanks to Heikki Linnakangas!
* debian/rules: Have a test suite failure fail the build again. Let's ignore
  the old kernels on the Debian mips[el] buildds for now.

8. By Martin Pitt on 2007-02-08

* New upstream bug fix release to fix regressions in 8.2.2:
  - Remove overly-restrictive check for type length in constraints and
    functional indexes.
  - Fix optimization so MIN/MAX in subqueries can again use indexes.

7. By Martin Pitt on 2007-02-04

* New upstream security and bug fix release:
  - Fix security vulnerabilities that allowed connected users to
    read backend memory.
    The vulnerabilities involve suppressing the normal check that a SQL
    function returns the data type it's declared to, and changing the
    data type of a table column (CVE-2007-0555, CVE-2007-0556). These
    errors can easily be exploited to cause a backend crash, and in
    principle might be used to read database content that the user
    should not be able to access.
  - Fix not-so-rare-anymore bug wherein btree index page splits could
    fail due to choosing an infeasible split point.
  - Properly handle to_char('CC') for years ending in 00.
    Year 2000 is in the twentieth century, not the twenty-first.
  - "/contrib/tsearch2" localization improvements.
  - Fix incorrect permission check in information_schema.key_column_usage
    view.
    The symptom is "relation with OID nnnnn does not exist" errors. To
    get this fix without using "initdb", use "CREATE OR REPLACE VIEW"
    to install the corrected definition found in
    "share/information_schema.sql". Note you will need to do this in
    each database.
  - Improve "VACUUM" performance for databases with many tables.
  - Fix for rare Assert() crash triggered by UNION.
  - Fix potentially incorrect results from index searches using ROW
    inequality conditions.
  - Tighten security of multi-byte character processing for UTF8
    sequences over three bytes long.
  - Fix possible crashes when an already-in-use PL/pgSQL function is
    updated.
  - Improve PL/pgSQL handling of domain types.
  - Fix possible errors in processing PL/pgSQL exception blocks.
* debian/control: postgresql-client-8.2 provides postgresql-client. This
  avoids breaking all the reverse dependencies to p-c when the transitional
  package gets removed.

6. By Martin Pitt on 2007-01-29

* debian/libpq-dev.install: Install missing pg_trace.h.
* debian/control: Remove -contrib's libpg-perl recommendation, nothing in
  -contrib uses it any more. Thanks to Peter Eisentraut for spotting this.
  Closes: #408070
* debian/control: Update -contrib package description for 8.2.
  Closes: #408072

5. By Martin Pitt on 2007-01-15

debian/libpq-dev.install: Install missing pg_trace.h. Closes: LP#79116

4. By Matthias Klose on 2007-01-14

Rebuild for python2.5 as the default python version.

3. By Martin Pitt on 2007-01-08

* New upstream bugfix release:
  - Fix crash with SELECT ... LIMIT ALL (also LIMIT NULL).
  - "Several /contrib/tsearch2" fixes (Teodor)
  - Fix planner mistakes for outer join queries.
  - Fix several problems in queries involving sub-SELECTs.
  - Fix potential crash in SPI during subtransaction abort.
    This affects all PL functions since they all use SPI.
  - Improve build speed of PDF documentation.
  - Re-add JST (Japan) timezone abbreviation.
  - Improve optimization decisions related to index scans.
  - Have psql print multi-byte combining characters as before, rather
    than output as \u.
  - Improve index usage of regular expressions that use parentheses.
    This improves psql \d performance also.
  - Make pg_dumpall assume that databases have public CONNECT
    privilege, when dumping from a pre-8.2 server.
    This preserves the previous behavior that anyone can connect to a
    database if allowed by "pg_hba.conf".