lp:ubuntu/wily/postgresql-9.4

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Christoph Berg <email address hidden> on 2015-10-06

* New upstream version.

  + Guard against stack overflows in json parsing (Oskari Saarenmaa)

    If an application constructs PostgreSQL json or jsonb values from
    arbitrary user input, the application's users can reliably crash the
    PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)

  + Fix contrib/pgcrypto to detect and report too-short crypt() salts
    (Josh Kupershmidt)

    Certain invalid salt arguments crashed the server or disclosed a few
    bytes of server memory. We have not ruled out the viability of attacks
    that arrange for presence of confidential information in the disclosed
    bytes, but they seem unlikely. (CVE-2015-5288)

* debian/rules: Call dh without --parallel, it's not supported upstream.

14. By Christoph Berg <email address hidden> on 2015-06-10

* New upstream version.
  + Fix possible failure to recover from an inconsistent database state
  + Fix rare failure to invalidate relation cache init file

13. By Christoph Berg <email address hidden> on 2015-06-03

New upstream version:
Avoid failures while fsync'ing data directory during crash restart
(Abhijit Menon-Sen, Tom Lane; Closes: #786874)

12. By Christoph Berg <email address hidden> on 2015-05-20

* New upstream version.

  + Avoid possible crash when client disconnects just before the
    authentication timeout expires (Benkocs Norbert Attila)

    If the timeout interrupt fired partway through the session shutdown
    sequence, SSL-related state would be freed twice, typically causing a
    crash and hence denial of service to other sessions. Experimentation
    shows that an unauthenticated remote attacker could trigger the bug
    somewhat consistently, hence treat as security issue. (CVE-2015-3165)

  + Improve detection of system-call failures (Noah Misch)

    Our replacement implementation of snprintf() failed to check for errors
    reported by the underlying system library calls; the main case that
    might be missed is out-of-memory situations. In the worst case this
    might lead to information exposure, due to our code assuming that a
    buffer had been overwritten when it hadn't been. Also, there were a few
    places in which security-relevant calls of other system library
    functions did not check for failure.

    It remains possible that some calls of the *printf() family of functions
    are vulnerable to information disclosure if an out-of-memory error
    occurs at just the wrong time. We judge the risk to not be large, but
    will continue analysis in this area. (CVE-2015-3166)

  + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
    or corrupt data (Noah Misch)

    Previously, some cases of decryption with an incorrect key could report
    other error message texts. It has been shown that such variance in
    error reports can aid attackers in recovering keys from other systems.
    While it's unknown whether pgcrypto's specific behaviors are likewise
    exploitable, it seems better to avoid the risk by using a
    one-size-fits-all message. (CVE-2015-3167)

  + Protect against wraparound of multixact member IDs
    (Álvaro Herrera, Robert Haas, Thomas Munro)

    Under certain usage patterns, the existing defenses against this might
    be insufficient, allowing pg_multixact/members files to be removed too
    early, resulting in data loss.
    The fix for this includes modifying the server to fail transactions that
    would result in overwriting old multixact member ID data, and improving
    autovacuum to ensure it will act proactively to prevent multixact member
    ID wraparound, as it does for transaction ID wraparound.

  + pg_dump -Fd -Z compression level fixed. (Closes: #781361)

* Make postgresql-9.4 Recommends: postgresql-contrib-9.4.
* Enable TAP tests.
* Repository moved to git, update Vcs headers.

11. By Christoph Berg on 2015-02-04

* New upstream version.
  + libpq5: Name lookups fixed in minimal chroots (Closes: #756627)
  + Fix buffer overruns in to_char() (CVE-2015-0241)
  + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
  + Fix possible loss of frontend/backend protocol synchronization after an
    error (CVE-2015-0244)
  + Fix information leak via constraint-violation error messages
    (CVE-2014-8161)

10. By Christoph Berg on 2014-12-17

* 9.4 released.
* libpq5.symbols: PQhostaddr removed; it was new in 9.4.

9. By Christoph Berg on 2014-11-18

* First 9.4 RC release.
* Update psql call in dump-reload instructions.
* Reenable 010_pg_basebackup.t tests, fixed upstream.

8. By Christoph Berg on 2014-10-16

Temporarily disable failing test in 010_pg_basebackup.t.

7. By Christoph Berg on 2014-10-15

* postgresql-9.4.preinst: Output detailed dump-reload instructions when
  refusing the package upgrade, and also add a NEWS item about it.
  (Closes: #764705)
* Add libipc-run-perl for the regression tests which otherwise skip large
  parts.
* Update Standards-Version.

6. By Christoph Berg on 2014-10-07

* New upstream beta version.
  + Catalog version number changed, older 9.4 clusters need to be dumped and
    reloaded.
  + Regexp regression fixed. (Closes: #760564)
  + CACHE_LINE_SIZE definition renamed to mitigate conflict on *BSD.
    (Closes: #763098)

[ Martin Pitt ]
* Add missing logrotate test dependency.

[ Christoph Berg ]
* Set Multi-Arch: foreign in postgresql-client-9.4 and postgresql-doc-9.4.
  (Closes: #757520; do it even on non-multiarch dists, it doesn't hurt.)
* Fix postgresql_fdw in description, spotted by Andrei Popescu, thanks!
  (Closes: #762389)