lp:ubuntu/feisty-security/postgresql-8.2
- Get this branch:
- bzr branch lp:ubuntu/feisty-security/postgresql-8.2
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 12. By Martin Pitt
-
* Upload 8.2.6 into feisty-security.
* Add debian/patches/ 00upstream- clauseless- joins-regressio n.patch:
- Fix a regression of 8.2.6 wrt. large clauseless joins.
- Taken from upstream CVS:
http://archives. postgresql. org/pgsql- committers/ 2008-01/ msg00164. php - 11. By Martin Pitt
-
* New upstream security/bug fix release:
- Support explicit placement of the temporary-table schema within
search_path, and disable searching it for functions and operators.
This is needed to allow a security-definer function to set a truly
secure value of search_path. Without it, an unprivileged SQL user
can use temporary objects to execute code with the privileges of
the security-definer function (CVE-2007-2138). See "CREATE
FUNCTION" for more information.
- Fix to_char() so it properly upper/lower cases localized day or
month names.
- "/contrib/tsearch2" crash fixes.
- Require "COMMIT PREPARED" to be executed in the same database as
the transaction was prepared in.
- New traditional (Taiwan) Chinese FAQ.
- Prevent the statistics collector from writing to disk too
frequently.
- Fix potential-data-corruption bug in how "VACUUM FULL" handles
"UPDATE" chains.
- Fix bug in domains that use array types.
- Fix "pg_dump" so it can dump a serial column's sequence using "-t"
when not also dumping the owning table.
- Planner fixes, including improving outer join and bitmap scan
selection logic.
- Fix possible wrong answers or crash when a PL/pgSQL function tries
to RETURN from within an EXCEPTION block.
- Fix PANIC during enlargement of a hash index.
* debian/patches/ 04-timezone- symlinks. patch: Adapt to slightly changed
Makefile of 8.2.4.
* Remove debian/patches/ 12-vacuum- cycle-hang. patch: Fixed upstream.
* debian/control: Set Ubuntu maintainer. - 10. By Martin Pitt
-
debian/rules: Do not FTBFS on failed test suite on sparc. sparc throws a
'floating point exception' instead of a 'division by zero' error, which is
fine, but differs from expected string output. Closes: #417160 - 9. By Martin Pitt
-
* debian/control: Add Perl dependency to p-8.2-plperl, to ensure that
creating plperl functions works (as opposed to plperlu, which only needs
libperl). (see bug #412135)
* debian/control: Do not mention nor suggest 'pgdocs' any more in p-doc's
description since pgdocs is only available for 7.4. (see bug #405097)
* debian/patches/ 04-timezone- symlinks. patch:
- Use the timezone database from the system tzdata instead of shipping our
own. Towards a single authoritative time zone database in Debian and
Ubuntu... :) (LP: #41159)
- Drop previous hardlink-to-symlink patch to zic, since that is irrelevant
now.
- debian/control: Add tzdata dependency.
* Add debian/patches/ 12-vacuum- cycle-hang. patch: Properly release our
semaphore lock before erroring out wit elog() to prevent deadlocks on
vacuum errors. Thanks to Heikki Linnakangas!
* debian/rules: Have a test suite failure fail the build again. Let's ignore
the old kernels on the Debian mips[el] buildds for now. - 8. By Martin Pitt
-
* New upstream bug fix release to fix regressions in 8.2.2:
- Remove overly-restrictive check for type length in constraints and
functional indexes.
- Fix optimization so MIN/MAX in subqueries can again use indexes. - 7. By Martin Pitt
-
* New upstream security and bug fix release:
- Fix security vulnerabilities that allowed connected users to
read backend memory.
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
- Fix not-so-rare-anymore bug wherein btree index page splits could
fail due to choosing an infeasible split point.
- Properly handle to_char('CC') for years ending in 00.
Year 2000 is in the twentieth century, not the twenty-first.
- "/contrib/tsearch2" localization improvements.
- Fix incorrect permission check in information_schema. key_column_ usage
view.
The symptom is "relation with OID nnnnn does not exist" errors. To
get this fix without using "initdb", use "CREATE OR REPLACE VIEW"
to install the corrected definition found in
"share/information_ schema. sql". Note you will need to do this in
each database.
- Improve "VACUUM" performance for databases with many tables.
- Fix for rare Assert() crash triggered by UNION.
- Fix potentially incorrect results from index searches using ROW
inequality conditions.
- Tighten security of multi-byte character processing for UTF8
sequences over three bytes long.
- Fix possible crashes when an already-in-use PL/pgSQL function is
updated.
- Improve PL/pgSQL handling of domain types.
- Fix possible errors in processing PL/pgSQL exception blocks.
* debian/control: postgresql-client- 8.2 provides postgresql-client. This
avoids breaking all the reverse dependencies to p-c when the transitional
package gets removed. - 6. By Martin Pitt
-
* debian/
libpq-dev. install: Install missing pg_trace.h.
* debian/control: Remove -contrib's libpg-perl recommendation, nothing in
-contrib uses it any more. Thanks to Peter Eisentraut for spotting this.
Closes: #408070
* debian/control: Update -contrib package description for 8.2.
Closes: #408072 - 3. By Martin Pitt
-
* New upstream bugfix release:
- Fix crash with SELECT ... LIMIT ALL (also LIMIT NULL).
- "Several /contrib/tsearch2" fixes (Teodor)
- Fix planner mistakes for outer join queries.
- Fix several problems in queries involving sub-SELECTs.
- Fix potential crash in SPI during subtransaction abort.
This affects all PL functions since they all use SPI.
- Improve build speed of PDF documentation.
- Re-add JST (Japan) timezone abbreviation.
- Improve optimization decisions related to index scans.
- Have psql print multi-byte combining characters as before, rather
than output as \u.
- Improve index usage of regular expressions that use parentheses.
This improves psql \d performance also.
- Make pg_dumpall assume that databases have public CONNECT
privilege, when dumping from a pre-8.2 server.
This preserves the previous behavior that anyone can connect to a
database if allowed by "pg_hba.conf".
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)