postgresql-8.3 (8.3.17-0lenny1) oldstable; urgency=low * New upstream bug fix release: - Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if you're uncertain where "SHAREDIR" is.) This must be repeated in each database to be fixed. - Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT - FROM src or INSERT INTO dest SELECT * FROM src. If a table has been modified by "ALTER TABLE ADD COLUMN", attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. - Fix race condition during toast table access from stale syscache entries. The typical symptom was transient errors like "missing chunk number 0 for toast value NNNNN in pg_toast_2619", where the cited toast table would always belong to a system catalog. - Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. - Improve locale support in money type's input and output. Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. - Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs. - Change foreign-key trigger creation order to better support self-referential foreign keys. - Avoid floating-point underflow while tracking buffer allocation rate. - Preserve blank lines within commands in psql's command history. The former behavior could cause problems if an empty line was removed from within a string literal, for example. - Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes. - Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy. - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn". - Honor query cancel interrupts promptly in pgstatindex(). - Ensure VPATH builds properly install all server header files. - Shorten file names reported in verbose error messages. Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. -- Martin Pitt Sat, 03 Dec 2011 17:18:08 +0100 postgresql-8.3 (8.3.16-0lenny1) oldstable-security; urgency=low * New upstream bug fix release 8.3.15: - Disallow including a composite type in itself. This prevents scenarios wherein the server could recurse infinitely while processing the composite type. While there are some possible uses for such a structure, they don't seem compelling enough to justify the effort required to make sure it always works safely. - Avoid potential deadlock during catalog cache initialization. In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order. - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when there was a concurrent update to the target tuple. This bug has been observed to result in intermittent "cannot extract system attribute from virtual tuple" failures while trying to do UPDATE RETURNING ctid. There is a very small probability of more serious errors, such as generating incorrect index entries for the updated tuple. - Disallow "DROP TABLE" when there are pending deferred trigger events for the table. Formerly the "DROP" would go through, leading to "could not open relation with OID nnn" errors when the triggers were eventually fired. - Fix PL/Python memory leak involving array slices. - Fix pg_restore to cope with long lines (over 1KB) in TOC files. - Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization. * New upstream bug fix release 8.3.16: - Fix bugs in indexing of in-doubt HOT-updated tuples. These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. - Fix multiple bugs in GiST index page split processing. The probability of occurrence was low, but these could lead to index corruption. - Fix possible buffer overrun in tsvector_concat(). The function could underestimate the amount of memory needed for its result, leading to server crashes. - Fix crash in xml_recv when processing a "standalone" parameter. - Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion. This fixes some very-low-probability server crash scenarios. - Fix race condition in relcache init file invalidation. There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. - Fix memory leak at end of a GiST index scan. Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. - Fix performance problem when constructing a large, lossy bitmap. - Fix array- and path-creating functions to ensure padding bytes are zeroes. This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. - Fix dump bug for VALUES in a view. - Disallow SELECT FOR UPDATE/SHARE on sequences. This operation doesn't work as expected and can lead to failures. - Defend against integer overflow when computing size of a hash table. - Fix cases where "CLUSTER" might attempt to access already-removed TOAST data. - Fix portability bugs in use of credentials control messages for "peer" authentication. - Fix SSPI login when multiple roundtrips are required. The typical symptom of this problem was "The function requested is not supported" errors during SSPI login. - Fix typo in pg_srand48 seed initialization. This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. - Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63. - Add overflow checks to int4 and int8 versions of generate_series(). - Fix trailing-zero removal in to_char(). In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63. - Fix psql's counting of script file line numbers during COPY from a different file. - Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. - Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code. - In libpq, avoid failures when using nonblocking I/O and an SSL connection. - Improve libpq's handling of failures during connection startup. In particular, the response to a server report of fork() failure during SSL connection startup is now saner. - Improve libpq's error reporting for SSL failures. - Make ecpglib write double values with 15 digits precision. - In ecpglib, be sure LC_NUMERIC setting is restored after an error. - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). "contrib/pg_crypto"'s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. - Fix memory leak in "contrib/seg". - Fix pgstatindex() to give consistent results for empty indexes. - Allow building with perl 5.14 (Alex Hunsaker) * Drop 00cvs-unregister-ssl-callbacks.patch, upstream now. -- Martin Pitt Sun, 25 Sep 2011 13:40:58 +0200 postgresql-8.3 (8.3.14-0lenny1) stable-security; urgency=low * New upstream security/bug fix release: - Fix buffer overrun in "contrib/intarray"'s input function for the query_int type. This bug is a security risk since the function's return address could be overwritten. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. (CVE-2010-4015) - Avoid failures when "EXPLAIN" tries to display a simple-form CASE expression. If the CASE's test expression was a constant, the planner could simplify the CASE into a form that confused the expression-display code, resulting in "unexpected CASE WHEN clause" errors. - Fix assignment to an array slice that is before the existing range of subscripts. If there was a gap between the newly added subscripts and the first pre-existing subscript, the code miscalculated how many entries needed to be copied from the old array's null bitmap, potentially leading to data corruption or crash. - Avoid unexpected conversion overflow in planner for very distant date values. The date type supports a wider range of dates than can be represented by the timestamp types, but the planner assumed it could always convert a date to timestamp with impunity. - Fix pg_restore's text output for large objects (BLOBs) when standard_conforming_strings is on. Although restoring directly to a database worked correctly, string escaping was incorrect if pg_restore was asked for SQL text output and standard_conforming_strings had been enabled in the source database. - Fix erroneous parsing of tsquery values containing ... & !(subexpression) | ... . Queries containing this combination of operators were not executed correctly. The same error existed in "contrib/intarray"'s query_int type and "contrib/ltree"'s ltxtquery type. - Fix bug in "contrib/seg"'s GiST picksplit algorithm. This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a seg column. If you have such an index, consider "REINDEX"ing it after installing this update. (This is identical to the bug that was fixed in "contrib/cube" in the previous update.) -- Martin Pitt Tue, 01 Feb 2011 18:10:35 +0100 postgresql-8.3 (8.3.13-0lenny1) stable; urgency=low * New upstream bug fix release: - Force the default wal_sync_method to be fdatasync on Linux. The default on Linux has actually been fdatasync for many years, but recent kernel changes caused PostgreSQL to choose open_datasync instead. This choice did not result in any performance improvement, and caused outright failures on certain filesystems, notably ext4 with the data=journal mount option. - Fix assorted bugs in WAL replay logic for GIN indexes. This could result in "bad buffer id: 0" failures or corruption of index contents during replication. - Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point. - Fix persistent slowdown of autovacuum workers when multiple workers remain active for a long time. The effective vacuum_cost_limit for an autovacuum worker could drop to nearly zero if it processed enough tables, causing it to run extremely slowly. - Add support for detecting register-stack overrun on IA64. The IA64 architecture has two hardware stacks. Full prevention of stack-overrun failures requires checking both. - Add a check for stack overflow in copyObject(). Certain code paths could crash due to stack overflow given a sufficiently complex query. - Fix detection of page splits in temporary GiST indexes. It is possible to have a "concurrent" page split in a temporary index, if for example there is an open cursor scanning the index when an insertion is done. GiST failed to detect this case and hence could deliver wrong results when execution of the cursor continued. - Avoid memory leakage while "ANALYZE"'ing complex index expressions. - Ensure an index that uses a whole-row Var still depends on its table. An index declared like create index i on t (foo(t.-)) would not automatically get dropped when its table was dropped. - Do not "inline" a SQL function with multiple OUT parameters. This avoids a possible crash due to loss of information about the expected result rowtype. - Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is attached to the VALUES part of INSERT ... VALUES. - Fix constant-folding of COALESCE() expressions. The planner would sometimes attempt to evaluate sub-expressions that in fact could never be reached, possibly leading to unexpected errors. - Fix postmaster crash when connection acceptance (accept() or one of the calls made immediately after it) fails, and the postmaster was compiled with GSSAPI support. - Fix missed unlink of temporary files when log_temp_files is active. If an error occurred while attempting to emit the log message, the unlink was not done, resulting in accumulation of temp files. - Add print functionality for InhRelation nodes. This avoids a failure when debug_print_parse is enabled and certain types of query are executed. - Fix incorrect calculation of distance from a point to a horizontal line segment. This bug affected several different geometric distance-measurement operators. - Fix PL/pgSQL's handling of "simple" expressions to not fail in recursion or error-recovery cases. - Fix PL/Python's handling of set-returning functions. Attempts to call SPI functions within the iterator generating a set result would fail. - Fix bug in "contrib/cube"'s GiST picksplit algorithm. This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a cube column. If you have such an index, consider "REINDEX"ing it after installing this update. - Don't emit "identifier will be truncated" notices in "contrib/dblink" except when creating new connections. - Fix potential coredump on missing public key in "contrib/pgcrypto". - Fix memory leak in "contrib/xml2"'s XPath query functions. -- Martin Pitt Sat, 18 Dec 2010 23:15:44 +0100 postgresql-8.3 (8.3.12-0lenny1) stable-security; urgency=low * New upstream security/bug fix release: - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect usage of non-strict OR joinclauses in Append indexscans. This is a back-patch of an 8.4 fix that was missed in the 8.3 branch. This corrects an error introduced in 8.3.8 that could cause incorrect results for outer joins when the inner relation is an inheritance tree or UNION ALL subquery. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix ecpg to process data from RETURNING clauses correctly. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. -- Martin Pitt Tue, 05 Oct 2010 21:53:16 +0200 postgresql-8.3 (8.3.11-0lenny1) stable-security; urgency=high * New upstream security/bug fix release: - Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using "Safe.pm". Recent developments have convinced us that "Safe.pm" is too insecure to rely on for making plperl trustable. This change removes use of "Safe.pm" altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules. PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted "normal" Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) - Fix possible crash if a cache reset message is received during rebuild of a relcache entry. This error was introduced in 8.3.10 while fixing a related failure. - Apply per-function GUC settings while running the language validator for the function. This avoids failures if the function's code is invalid without the setting; an example is that SQL functions may not parse if the search_path is not correct. - Do not allow an unprivileged user to reset superuser-only parameter settings. Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the "ALTER" will only remove the parameters that the user has permission to change. - Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries. In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. - Ensure the archiver process responds to changes in archive_command as soon as possible. - Update pl/perl's "ppport.h" for modern Perl versions. - Fix assorted memory leaks in pl/python. - Prevent infinite recursion in psql when expanding a variable that refers to itself. - Fix psql's \copy to not add spaces around a dot within \copy (select ...). Addition of spaces around the decimal point in a numeric literal would result in a syntax error. - Fix unnecessary "GIN indexes do not support whole-index scans" errors for unsatisfiable queries using "contrib/intarray" operators. - Ensure that "contrib/pgstattuple" functions respond to cancel interrupts promptly. -- Martin Pitt Sat, 15 May 2010 12:47:43 +0200 postgresql-8.3 (8.3.10-0lenny1) stable; urgency=low * New upstream bug fix release: - Add new configuration parameter ssl_renegotiation_limit to control how often we do session key renegotiation for an SSL connection. This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail. - Fix possible deadlock during backend startup. - Fix possible crashes due to not handling errors during relcache reload cleanly. - Fix possible crash due to use of dangling pointer to a cached plan. - Fix possible crashes when trying to recover from a failure in subtransaction start. - Fix server memory leak associated with use of savepoints and a client encoding different from server's encoding. - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST index page split. This would result in index corruption, or even more likely an error during WAL replay, if we were unlucky enough to crash during end-of-recovery cleanup after having completed an incomplete GIST insertion. - Make substring() for bit types treat any negative length as meaning "all the rest of the string". The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442). (Closes: #567058) - Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits. - Fix some cases of pathologically slow regular expression matching. - Fix assorted crashes in xml processing caused by sloppy memory management. This is a back-patch of changes first applied in 8.4. The 8.3 code was known buggy, but the new code was sufficiently different to not want to back-patch it until it had gotten some field testing. - Fix bug with trying to update a field of an element of a composite-type array column. - Fix the STOP WAL LOCATION entry in backup history files to report the next WAL segment's name when the end location is exactly at a segment boundary. - Fix some more cases of temporary-file leakage. This corrects a problem introduced in the previous minor release. One case that failed is when a plpgsql function returning set is called within another function's exception handler. - Improve constraint exclusion processing of boolean-variable cases, in particular make it possible to exclude a partition that has a "bool_column = false" constraint. - When reading "pg_hba.conf" and related files, do not treat @something as a file inclusion request if the @ appears inside quote marks; also, never treat @ by itself as a file inclusion request. This prevents erratic behavior if a role or database name starts with @. If you need to include a file whose path name contains spaces, you can still do so, but you must write @"/path to/file" rather than putting the quotes around the whole construct. - Prevent infinite loop on some platforms if a directory is named as an inclusion target in "pg_hba.conf" and related files. - Fix possible infinite loop if SSL_read or SSL_write fails without setting errno. This is reportedly possible with some Windows versions of openssl. - Disallow GSSAPI authentication on local connections, since it requires a hostname to function correctly. - Make ecpg report the proper SQLSTATE if the connection disappears. - Fix psql's numericlocale option to not format strings it shouldn't in latex and troff output formats. - Make psql return the correct exit status (3) when ON_ERROR_STOP and --single-transaction are both specified and an error occurs during the implied "COMMIT". - Fix plpgsql failure in one case where a composite column is set to NULL. - Fix possible failure when calling PL/Perl functions from PL/PerlU or vice versa. - Add volatile markings in PL/Python to avoid possible compiler-specific misbehavior. - Ensure PL/Tcl initializes the Tcl interpreter fully. The only known symptom of this oversight is that the Tcl clock command misbehaves if using Tcl 8.5 or later. - Prevent crash in "contrib/dblink" when too many key columns are specified to a dblink_build_sql_- function. - Allow zero-dimensional arrays in "contrib/ltree" operations. This case was formerly rejected as an error, but it's more convenient to treat it the same as a zero-element array. In particular this avoids unnecessary failures when an ltree operation is applied to the result of ARRAY(SELECT ...) and the sub-select returns no rows. - Fix assorted crashes in "contrib/xml2" caused by sloppy memory management. * Add 00cvs-unregister-ssl-callbacks.patch: Properly unregister OpenSSL callbacks when libpq is done with it's connection. Thanks Ondřej Surý for the backport! (Closes: #411982, LP: #63141) -- Martin Pitt Sat, 13 Mar 2010 16:33:15 +0100 postgresql-8.3 (8.3.9-0lenny1) stable-security; urgency=high * New upstream security/bug fix release: - Protect against indirect security threats caused by index functions changing session-local state. This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136). - Reject SSL certificates containing an embedded null byte in the common name (CN) field. This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034). - Fix possible crash during backend-startup-time cache initialization. - Avoid crash on empty thesaurus dictionary. - Prevent signals from interrupting VACUUM at unsafe times. - Fix possible crash due to integer overflow in hash table size calculation. - Fix very rare crash in inet/cidr comparisons. - Ensure that shared tuple-level locks held by prepared transactions are not ignored. - Fix premature drop of temporary files used for a cursor that is accessed within a subtransaction. - Fix memory leak in syslogger process when rotating to a new CSV logfile. - Fix incorrect logic for GiST index page splits, when the split depends on a non-first column of the index. - Don't error out if recycling or removing an old WAL file fails at the end of checkpoint. It's better to treat the problem as non-fatal and allow the checkpoint to complete. Future checkpoints will retry the removal. Such problems are not expected in normal operation, but have been seen to be caused by misdesigned Windows anti-virus and backup software. - Fix PAM password processing to be more robust. - Raise the maximum authentication token (Kerberos ticket) size in GSSAPI and SSPI authentication methods. While the old 2000-byte limit was more than enough for Unix Kerberos implementations, tickets issued by Windows Domain Controllers can be much larger. - Re-enable collection of access statistics for sequences. This used to work but was broken in 8.3. - Fix processing of ownership dependencies during CREATE OR REPLACE FUNCTION. - Fix incorrect handling of WHERE "x"="x" conditions. In some cases these could get ignored as redundant, but they aren't -- they're equivalent to "x" IS NOT NULL. - Make text search parser accept underscores in XML attributes. - Fix encoding handling in xml binary input. If the XML header doesn't specify an encoding, we now assume UTF-8 by default; the previous handling was inconsistent. - Fix bug with calling plperl from plperlu or vice versa. - Fix session-lifespan memory leak when a PL/Perl function is redefined. - Ensure that Perl arrays are properly converted to PostgreSQL arrays when returned by a set-returning PL/Perl function. - Fix rare crash in exception processing in PL/Python. - Make the postmaster ignore any application_name parameter in connection request packets, to improve compatibility with future libpq versions. -- Martin Pitt Tue, 15 Dec 2009 12:03:15 +0100 postgresql-8.3 (8.3.8-0lenny1) stable-security; urgency=high * New upstream security/bug fix release: - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside security-definer functions. This covers a case that was missed in the previous patch that disallowed "SET ROLE" and "SET SESSION AUTHORIZATION" inside security-definer functions. [CVE-2007-6600] - Force WAL segment switch during pg_start_backup(). This avoids corner cases that could render a base backup unusable. - Make "LOAD" of an already-loaded loadable module into a no-op. Formerly, "LOAD" would attempt to unload and re-load the module, but this is unsafe and not all that useful. - Disallow empty passwords during LDAP authentication. - Fix handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function. - Fix bugs associated with fetching a whole-row value from the output of a Sort or Materialize plan node. - Prevent synchronize_seqscans from changing the results of scrollable and WITH HOLD cursors. - Revert planner change that disabled partial-index and constraint exclusion optimizations when there were more than 100 clauses in an AND or OR list. - Fix hash calculation for data type interval. This corrects wrong results for hash joins on interval values. It also changes the contents of hash indexes on interval columns. If you have any such indexes, you must "REINDEX" them after updating. - Treat to_char(..., 'TH') as an uppercase ordinal suffix with 'HH'/'HH12'. It was previously handled as 'th' (lowercase). - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million and integer datetimes are in use. - Fix calculation of distance between a point and a line segment. This led to incorrect results from a number of geometric operators. - Fix money data type to work in locales where currency amounts have no fractional digits, e.g. Japan. - Fix LIKE for case where pattern contains %_. - Properly round datetime input like 00:12:57.9999999999999999999999999999. - Fix memory leaks in XML operations. - Fix poor choice of page split point in GiST R-tree operator classes. - Ensure that a "fast shutdown" request will forcibly terminate open sessions, even if a "smart shutdown" was already in progress. - Avoid performance degradation in bulk inserts into GIN indexes when the input values are (nearly) in sorted order. - Correctly enforce NOT NULL domain constraints in some contexts in PL/pgSQL. - Fix portability issues in plperl initialization. - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is empty. - Improve pg_dump's efficiency when there are many large objects. - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby. - Make pg_standby's maxretries option behave as documented. - Make "contrib/hstore" throw an error when a key or value is too long to fit in its data structure, rather than silently truncating it. - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum number of parameters (twenty). - Improve robustness of libpq's code to recover from errors during "COPY FROM STDIN". -- Martin Pitt Fri, 18 Sep 2009 14:52:26 +0200 postgresql-8.3 (8.3.7-0lenny1) stable; urgency=low * New upstream bug fix release: - Prevent error recursion crashes when encoding conversion fails. This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that *any* error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (Closes: #517405) - Disallow "CREATE CONVERSION" with the wrong encodings for the specified conversion function. This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area. - Fix xpath() to not modify the path expression unless necessary, and to make a saner attempt at it when necessary. The SQL standard suggests that xpath should work on data that is a document fragment, but libxml doesn't support that, and indeed it's not clear that this is sensible according to the XPath standard. xpath attempted to work around this mismatch by modifying both the data and the path expression, but the modification was buggy and could cause valid searches to fail. Now, xpath checks whether the data is in fact a well-formed document, and if so invokes libxml with no change to the data or path expression. Otherwise, a different modification method that is somewhat less likely to fail is used. Note: The new modification method is still not 100% satisfactory, and it seems likely that no real solution is possible. This patch should therefore be viewed as a band-aid to keep from breaking existing applications unnecessarily. It is likely that PostgreSQL 8.4 will simply reject use of xpath on data that is not a well-formed document. - Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument. - Fix extreme inefficiency in text search parser's handling of an email-like string containing multiple @ characters. - Fix planner problem with sub-"SELECT" in the output list of a larger subquery. - Fix decompilation of CASE WHEN with an implicit coercion. - Fix possible misassignment of the owner of a TOAST table's rowtype. If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed by someone other than the table owner, the pg_type entry for the table's TOAST table would end up marked as owned by that someone. This caused no immediate problems, since the permissions on the TOAST rowtype aren't examined by any ordinary database operation. However, it could lead to unexpected failures if one later tried to drop the role that issued the command (in 8.1 or 8.2), or "owner of data type appears to be invalid" warnings from pg_dump after having done so (in 8.3). - Change "UNLISTEN" to exit quickly if the current session has never executed any "LISTEN" command. Most of the time this is not a particularly useful optimization, but since "DISCARD ALL" invokes "UNLISTEN", the previous coding caused a substantial performance problem for applications that made heavy use of "DISCARD ALL". - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables clause anywhere in the string, not only at the start; in particular, don't fail for "INSERT INTO" within "CREATE RULE". - Clean up PL/pgSQL error status variables fully at block exit. This is not a problem for PL/pgSQL itself, but the omission could cause the PL/pgSQL Debugger to crash while examining the state of a function. - Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud) -- Martin Pitt Sat, 14 Mar 2009 19:17:23 +0100 postgresql-8.3 (8.3.6-1) unstable; urgency=low * New upstream bug fix release: - Make "DISCARD ALL" release advisory locks, in addition to everything it already did. This was decided to be the most appropriate behavior. This could affect existing applications, however. - Fix whole-index GiST scans to work correctly. This error could cause rows to be lost if a table is clustered on a GiST index. - Fix crash of xmlconcat(NULL). - Fix possible crash in ispell dictionary if high-bit-set characters are used as flags. This is known to be done by one widely available Norwegian dictionary, and the same condition may exist in others. (Closes: #513580) - Fix misordering of pg_dump output for composite types. The most likely problem was for user-defined operator classes to be dumped after indexes or views that needed them. - Improve handling of URLs in headline() function. - Improve handling of overlength headlines in headline() function. - Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings. - Fix possible Assert failure if a statement executed in PL/pgSQL is rewritten into another kind of statement, for example if an "INSERT" is rewritten into an "UPDATE". - Ensure that a snapshot is available to datatype input functions. This primarily affects domains that are declared with CHECK constraints involving user-defined stable or immutable functions. Such functions typically fail if no snapshot has been set. - Make it safer for SPI-using functions to be used within datatype I/O; in particular, to be used in domain check constraints. - Avoid unnecessary locking of small tables in "VACUUM". - Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE" from being recognized by active sessions. - Fix a problem that made UPDATE RETURNING tableoid return zero instead of the correct OID. - Allow functions declared as taking ANYARRAY to work on the pg_statistic columns of that type. This used to work, but was unintentionally broken in 8.3. - Fix planner misestimation of selectivity when transitive equality is applied to an outer-join clause. This could result in bad plans for queries like ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... - Improve optimizer's handling of long IN lists. This change avoids wasting large amounts of time on such lists when constraint exclusion is enabled. - Prevent synchronous scan during GIN index build. Because GIN is optimized for inserting tuples in increasing TID order, choosing to use a synchronous scan could slow the build by a factor of three or more. - Ensure that the contents of a holdable cursor don't depend on the contents of TOAST tables. Previously, large field values in a cursor result might be represented as TOAST pointers, which would fail if the referenced table got dropped before the cursor is read, or if the large value is deleted and then vacuumed away. This cannot happen with an ordinary cursor, but it could with a cursor that is held past its creating transaction. - Fix memory leak when a set-returning function is terminated without reading its whole result. - Fix encoding conversion problems in XML functions when the database encoding isn't UTF-8. - Fix "contrib/dblink"'s dblink_get_result(text,bool) function. - Fix possible garbage output from "contrib/sslinfo" functions. - Fix incorrect behavior of "contrib/tsearch2" compatibility trigger when it's fired more than once in a command. - Fix possible mis-signaling in autovacuum. - Fix ecpg's handling of varchar structs. - Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of the now-decommissioned pgsql-ports and pgsql-patches mailing lists. -- Martin Pitt Fri, 06 Feb 2009 23:10:40 +0100 postgresql-8.3 (8.3.5-2) experimental; urgency=low * Add 15-dict-fallback-dir.patch: If a tsearch/stem dictionary is not found in sharedir/tsearch_data/ll_cc.{dict,affix}, fall back to sharedir/tsearch_data/system_ll_cc.{dict,affix}, where postgresql-common creates them from system directories. (LP: #301770) -- Martin Pitt Sat, 06 Dec 2008 11:39:31 -0800 postgresql-8.3 (8.3.5-1) unstable; urgency=low * New upstream bug fix release: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash in bytea-to-XML mapping. - Fix possible crash when deeply nested functions are invoked from a trigger. - Improve optimization of "expression" IN ("expression-list") queries. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. - Fix Assert failure during rescan of an IS NULL search of a GiST index. - Fix memory leak during rescan of a hashed aggregation plan. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Force a checkpoint before "CREATE DATABASE" starts to copy files. This prevents a possible failure if files had recently been deleted in the source database. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect text search headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle. - Make ILIKE compare characters case-insensitively even when they're escaped. - Ensure "DISCARD" is handled properly by statement logging. - Fix incorrect logging of last-completed-transaction time during PITR recovery. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Mark SessionReplicationRole as PGDLLIMPORT so it can be used by Slony on Windows. - Fix small memory leak when using libpq's gsslib parameter. The space used by the parameter string was not freed at connection close. - Ensure libgssapi is linked into libpq if needed. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * 03-gettext-domains.patch: Unfuzz for new upstream version. * Drop -contrib's libdbd-pg-perl to Suggests:, since it is only really needed for bench.pl of the _int module. Changed description to point that out. * debian/control: Add explicit dependency to locales, to ensure that the locales package is configured before postgresql-8.3. Otherwise, the server fails to start up when locales is unpacked while postgresql-8.3 is configured. (LP: #280135) -- Martin Pitt Fri, 31 Oct 2008 21:43:36 +0100 postgresql-8.3 (8.3.4-2) unstable; urgency=medium * Urgency medium due to RC bug fix (breaks upgrades). * Add dependency to ssl-cert. This has always been implicitly there through postgresql-common, but when upgrading -8.3 and ssl-cert at the same time, apt does not ensure to configure ssl-cert before postgresql-8.3 if there is no direct dependency. (Closes: #501690) * debian/rules: Enable hardening when we build on Ubuntu. Lenny is too close to release, so we do not enable that yet for Debian. Add hardening-wrapper and lsb-release build dependencies for this. -- Martin Pitt Sat, 11 Oct 2008 14:28:34 +0200 postgresql-8.3 (8.3.4-1) unstable; urgency=low * New upstream bugfix release: - Fix bug in btree WAL recovery code. Recovery failed if the WAL ended partway through a page split operation. - Fix potential use of wrong cutoff XID for HOT page pruning. This error created a risk of corruption in system catalogs that are consulted by "VACUUM": dead tuple versions might be removed too soon. The impact of this on actual database operations would be minimal, since the system doesn't follow MVCC rules while examining catalogs, but it might result in transiently wrong output from pg_dump or other client programs. - Fix potential miscalculation of datfrozenxid. - Fix incorrect HOT updates after pg_class is reindexed. Corruption of pg_class could occur if REINDEX TABLE pg_class was followed in the same session by an ALTER TABLE RENAME or ALTER TABLE SET SCHEMA command. - Fix missed "combo cid" case. This error made rows incorrectly invisible to a transaction in which they had been deleted by multiple subtransactions that all aborted. - Prevent autovacuum from crashing if the table it's currently checking is deleted at just the wrong time. - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Regenerate foreign key checking queries from scratch when either table is modified. Previously, 8.3 would attempt to replan the query, but would work from previously generated query text. This led to failures if a table or column was renamed. - Fix missed permissions checks when a view contains a simple UNION ALL construct. Permissions for the referenced tables were checked properly, but not permissions for the view itself. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. This situation is believed to be impossible in 8.3, but it can happen in prior releases, so a check seems prudent. - Fix possible repeated drops during "DROP OWNED". This would typically result in strange errors such as "cache lookup failed for relation NNN". - Fix several memory leaks in XML operations. - Fix xmlserialize() to raise error properly for unacceptable target data type. - Fix a couple of places that mis-handled multibyte characters in text search configuration file parsing. Certain characters occurring in configuration files would always cause "invalid byte sequence for encoding" failures. - Provide file name and line number location for all errors reported in text search configuration files. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Prevent integer overflows during units conversion when displaying a configuration parameter that has units. - Improve performance of writing very long log messages to syslog. - Allow spaces in the suffix part of an LDAP URL in "pg_hba.conf". - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug that could improperly push down IS NULL tests below an outer join. - Fix planner bug with nested sub-select expressions. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful about the encoding of data sent to or from Tcl. - Improve performance of PQescapeBytea(). - Fix ecpg to handle variables properly in "SET" commands. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. - Fix erroneous WAL file cutoff point calculation in pg_standby. * debian/control: Bump Standards-Version (no changes necessary). * debian/control: intarray contrib module was renamed to _int. (LP: #250483) -- Martin Pitt Tue, 23 Sep 2008 21:29:11 +0200 postgresql-8.3 (8.3.3-1) unstable; urgency=low * New upstream bugfix release (note that 8.3.2 was never officially released due to the discovery of another major bug): - Make pg_get_ruledef() parenthesize negative constants. Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid "SELECT DISTINCT" view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. - Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend. This oversight could lead to problems if the aggregate was later involved in a "DROP OWNED" or "REASSIGN OWNED" operation. - Fix incorrect archive truncation point calculation for the %r macro in recovery_command parameters. This could lead to data loss if a warm-standby script relied on %r to decide when to throw away WAL segment files. - Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column is correctly checked to see if it's been initialized to all non-nulls. - Fix "REASSIGN OWNED" so that it works on procedural languages too. - Fix problems with "SELECT FOR UPDATE/SHARE" occurring as a subquery in a query with a non-"SELECT" top-level operation. - Fix possible "CREATE TABLE" failure when inheriting the "same" constraint from multiple parent relations that inherited that constraint from a common ancestor. - Fix pg_get_ruledef() to show the alias, if any, attached to the target table of an "UPDATE" or "DELETE". - Restore the pre-8.3 behavior that an out-of-range block number in a TID being used in a TidScan plan results in silently not matching any rows. 8.3.0 and 8.3.1 threw an error instead. - Fix GIN bug that could result in a too many LWLocks taken failure. - Fix broken GiST comparison function for tsquery. - Fix tsvector_update_trigger() and ts_stat() to accept domains over the types they expect to work with. - Fix failure to support enum data types as foreign keys. - Avoid possible crash when decompressing corrupted data. - Fix race conditions between delayed unlinks and "DROP DATABASE". In the worst case this could result in deleting a newly created table in a new database that happened to get the same OID as the recently-dropped one; but of course that is an extremely low-probability scenario. - Repair two places where SIGTERM exit of a backend could leave corrupted state in shared memory. - Fix possible crash due to incorrect plan generated for an x IN (SELECT y FROM ...) clause when "x" and "y" have different data types; and make sure the behavior is semantically correct when the conversion from "y"'s type to "x"'s type is lossy. - Fix oversight that prevented the planner from substituting known Param values as if they were constants. - Fix planner failure when an indexable MIN or MAX aggregate is used with DISTINCT or ORDER BY. - Fix planner to ensure it never uses a "physical tlist" for a plan node that is feeding a Sort node. - Avoid unnecessary copying of query strings. - Make TransactionIdIsCurrentTransactionId() use binary search instead of linear search when checking child-transaction XIDs. This fixes some cases in which 8.3.0 was significantly slower than earlier releases. - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix several datatype input functions, notably array_in(), that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching (substring(string from pattern)). The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). - Prevent cancellation of an auto-vacuum that was launched to prevent XID wraparound. - Improve "ANALYZE"'s handling of in-doubt tuples (those inserted or deleted by a not-yet-committed transaction) so that the counts it reports to the stats collector are more likely to be correct. - Fix initdb to reject a relative path for its --xlogdir (-X) option. - Make psql print tab characters as an appropriate number of spaces, rather than \x09 as was done in 8.3.0 and 8.3.1. - Add ECPGget_PGconn() function to ecpglib. Dropped 00upstream-ecpg-get-connection.patch, which backported this fix. - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix handling of continuation line markers in ecpg. - Fix possible crashes in "contrib/cube" functions. - Fix core dump in "contrib/xml2"'s xpath_table() function when the input query returns a NULL value. * Build against tcl 8.5. * debian/control: Fix bad wrapping in build dependencies. -- Martin Pitt Wed, 11 Jun 2008 20:43:07 +0200 postgresql-8.3 (8.3.1-2) unstable; urgency=low * debian/control: Change description of the metapackages from "latest available" to "currently supported", since after a distro release, the latest available upstream version changes, and thus this becomes slightly confusing. * debian/control: Add missing description of 'hstore' to p-contrib. * debian/control: Wrap build dependencies. * Add debian/patches/00upstream-ecpg-get-connection.patch: Backport change from upcoming 8.3.2 to add definition for ECPGget_PGconn(). (Closes: #475184) * debian/postgresql-doc-8.3.doc-base: Update section, use "Data management" now. -- Martin Pitt Tue, 22 Apr 2008 19:20:44 +0200 postgresql-8.3 (8.3.1-1) unstable; urgency=low * New upstream bugfix release: - Repair corner-case bugs in "VACUUM FULL". - Fix misbehavior of foreign key checks involving character or bit columns. - Avoid needless deadlock failures in no-op foreign-key checks. - Fix possible core dump when re-planning a prepared query. - Fix possible failure when re-planning a query that calls an SPI-using function. - Fix failure in row-wise comparisons involving columns of different datatypes. - Fix longstanding "LISTEN"/"NOTIFY" race condition. - Disallow "LISTEN" and "UNLISTEN" within a prepared transaction This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an "UNLISTEN" remained uncommitted. - Disallow dropping a temporary table within a prepared transaction This was correctly disallowed by 8.1, but the check was inadvertently broken in 8.2 and 8.3. - Fix rare crash when an error occurs during a query using a hash index. - Fix incorrect comparison of tsquery values. - Fix incorrect behavior of LIKE with non-ASCII characters in single-byte encodings. (Closes: #469180) - Disable xmlvalidate. This function should have been removed before 8.3 release, but was inadvertently left in the source code. It poses a small security risk since unprivileged users could use it to read the first few characters of any file accessible to the server. - Fix memory leaks in certain usages of set-returning functions. - Make encode(bytea, 'escape') convert all high-bit-set byte values into \"nnn" octal escape sequences. This is necessary to avoid encoding problems when the database encoding is multi-byte. This change could pose compatibility issues for applications that are expecting specific results from encode. - Fix input of datetime values for February 29 in years BC. The former coding was mistaken about which years were leap years. . Fix "unrecognized node type" error in some variants of "ALTER OWNER". - Avoid tablespace permissions errors in "CREATE TABLE LIKE INCLUDING INDEXES". - Ensure pg_stat_activity.waiting flag is cleared when a lock wait is aborted. - Fix ecpg problems with arrays. - Fix pg_ctl to correctly extract the postmaster's port number from command-line options. Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. (Closes: #358546) - Use "-fwrapv" to defend against possible misoptimization in recent gcc versions (4.3 and later). * debian/postgresql-8.3.init: - Remove erroneous 'S' from Should-Stop. - Require $remote_fs for startup, since postgresql needs /usr. - Thanks to Petter Reinholdtsen! - (Closes: #470935) -- Martin Pitt Sat, 15 Mar 2008 18:39:36 +0100 postgresql-8.3 (8.3.0-1) unstable; urgency=low * Final 8.3.0 release. (Closes: #462070) * debian/watch: Update for a currently working mirror. (Closes: #462821) * Add debian/patches/14-pg_config-paths.patch: Disable PostgreSQL's automagic path mangling and fix libdir for pg_config, so that pg_config in /usr/bin and /usr/lib/postgresql/8.3/bin behave identically. (Closes: #462037) -- Martin Pitt Sun, 03 Feb 2008 12:14:56 +0100 postgresql-8.3 (8.3~rc2-1) unstable; urgency=low * Second release candidate of PostgreSQL 8.3. Upload to unstable now, the database format is not likely to change any more, and we want more widespread testing now. * debian/control: Build the versionless metapackages from this source now and let them point to 8.3. * debian/postgresql-server-dev-8.3.install: Do not ship pg_config.1, it's already shipped by libpq-dev. (Closes: #459746) * debian/rules: Stop postgresql at priority 21, not 19, so that services at runlevel 20 which use postgresql (such as postfix, pdns) can shutdown cleanly. Do the transition on upgrades, too (debian/postgresql-8.3.postinst). (Closes: #447063) * debian/rules: set SYSCONFDIR to /etc/postgresql-common, so that pg_service.conf is searched there. (Closes: #439026) * Add debian/patches/13-pg_service.conf_directory_doc.patch: Change documentation comment in sample pg_service.conf to point to Debian's sysconfdir (/etc/postgresql-common) instead of /usr/local/pgsql/etc. * Fix dependencies of libecpg-dev. -- Martin Pitt Sun, 20 Jan 2008 11:03:23 +0100 postgresql-8.3 (8.3~rc1-1) experimental; urgency=low * First release candidate of PostgreSQL 8.3. This also provides the security bug fixes of 8.2.6: - Prevent functions in indexes from executing with the privileges of the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden within a SECURITY DEFINER context. [CVE-2007-6600] - Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067] - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. The fix that appeared for this in 8.2.5 was incomplete, as it plugged the hole for only some "dblink" functions. [CVE-2007-6601, CVE-2007-3278] * debian/patches/04-psql-passwordprompt.patch: Update for new version. * Bump Standards-Version to 3.7.3 (no changes necessary). * debian/rules: - Build with -O1 on sparc and alpha until the miscompilation with -O2 is sorted out (http://lists.debian.org/debian-alpha/2007/11/msg00025.html). - Have a failed test suite fail the build on all architectures again. * Ship pg_config in postgresql-server-dev, and ship a copy in /usr/bin in libpq-dev, instead of libpq-dev shipping it in /usr/lib/postgresql//bin. This makes it possible to use a libpq-dev from a different major version. (See #455509) * debian/control: Mention tablefunc in -contrib description. (Closes: #458752) * debian/rules: Run make bigcheck instead of check, to run the numeric_big test, too. * debian/rules: Add target 'contrib-check' for running the tests in contrib. Do not call it by default for now, still needs some work. * debian/rules: Add target 'contrib-installcheck' for running the tests in contrib, using the installed programs in the system. * debian/rules: Replace hardcoded '8.3' strings with $(MAJOR_VER) variable. -- Martin Pitt Sat, 05 Jan 2008 19:19:46 +0100 postgresql-8.3 (8.3~beta4-1) experimental; urgency=low * Fourth beta release of PostgreSQL 8.3. -- Martin Pitt Mon, 03 Dec 2007 08:35:34 +0100 postgresql-8.3 (8.3~beta3-2) experimental; urgency=low * debian/control: Drop libgssapi-dev build dependency, current krb does not need it any more. (Closes: #452549) -- Martin Pitt Fri, 23 Nov 2007 17:26:12 +0100 postgresql-8.3 (8.3~beta3-1) experimental; urgency=low * Third beta release of PostgreSQL 8.3. * debian/rules: - Ignore test suite failure on alpha for now, since it behaves weird on some floating point operations (regression in glibc and gcc-4.2). Bug is under investigation. Fixes FTBFS for now. (see #449002) - Remove test suite ignoring for mips and mipsel again, seems the buildds finally got a fixed kernel. * Add debian/patches/12-psql-sensible-editor.patch: Use sensible-editor instead of vi as editor fallback in psql if $EDITOR and friends are not defined. (Closes: #451553) * Enable OSSP UUID support, add build dependency libossp-uuid-dev. (Closes: #451336) * Install some missing .so libraries. * debian/rules: Check that all files in debian/tmp get installed to somewhere, and fail the build if not. -- Martin Pitt Wed, 21 Nov 2007 20:18:44 +0100 postgresql-8.3 (8.3~beta2-1) experimental; urgency=low * Second beta release of PostgreSQL 8.3. * Remove patches which are upstream now: 00upstream-encoding-abibreakage.patch, 12-pgpassfile-crash.patch * 03-gettext-domains.patch: Adapt to new upstream version. -- Martin Pitt Sun, 28 Oct 2007 12:37:43 -0400 postgresql-8.3 (8.3~beta1-2) experimental; urgency=low * debian/control: Update -contrib description for new modules. * debian/{control,rules}: Enable GSSAPI and LDAP support and add build dependencies libgssapi-dev and libldap2-dev. * Add debian/patches/00upstream-encoding-abibreakage.patch: Fix libpq ABI breakage wrt. ordering of encoding names. Taken from upstream CVS head. This requires a catalog bump, thus upgrades from 8.3~beta1-1 will break. * debian/postgresql-8.3.postrm: - Clean up rotated logs on purge when postgresql-common is already gone. (Closes: #447445) - Clean up default data dir/log file if 'pgdata'/'log' symbolic links do not exist. - Clean up environment file. -- Martin Pitt Sun, 14 Oct 2007 13:30:32 +0200 postgresql-8.3 (8.3~beta1-1) experimental; urgency=low * First beta release of PostgreSQL 8.3. Branch off the 8.2 packaging. * Drop debian/patches/12-m32r-tas.patch: Adopted upstream. * Drop debian/patches/04-timezone-symlinks.patch: Upstream now offers configure option --with-system-tzdata. Use it in debian/rules. * Drop debian/patches/50-contrib-enablemodules.patch: xml2 is now built conditionally. Supply --with-lib{xml,xslt} configure options in debian/rules. * Updated patches for new upstream version. * debian/control: Bump postgresql-common dependencies to >= 79 to ensure support of version 8.3. * debian/control: Do not build the versionless metapackages like 'postgresql' until 8.3 is released and goes to unstable. Until then, 8.2 should remain the default. * Add debian/patches/04-psql-passwordprompt.patch: Change psql to not prompt for a password if PGPASSWORD is given, just as in earlier versions. Without that, there is no way to suppress the password input prompt, which is bad for scripts. * Add debian/patches/12-pgpassfile-crash.patch: Fix crash (free'ing a static stack variable) in fe-connect.c. -- Martin Pitt Tue, 09 Oct 2007 16:28:51 +0200 postgresql-8.2 (8.2.5-1) unstable; urgency=low * New upstream bugfix release: - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. [CVE-2007-3278, CVE-2007-3280] - Fix ALTER DOMAIN ADD CONSTRAINT for cases involving domains over domains. - Make "CREATE DOMAIN ... DEFAULT NULL" work properly. - Fix some planner problems with outer joins, notably poor size estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL. - Allow the interval data type to accept input consisting only of milliseconds or microseconds. - Allow timezone name to appear before the year in timestamp input. - Fixes for GIN indexes used by "/contrib/tsearch2". - Speed up rtree index insertion. - Fix excessive logging of SSL error messages. - Fix logging so that log messages are never interleaved when using the syslogger process. - Fix crash when log_min_error_statement logging runs out of memory. - Fix incorrect handling of some foreign-key corner cases. - Fix stddev_pop(numeric) and var_pop(numeric). - Prevent "REINDEX" and "CLUSTER" from failing due to attempting to process temporary tables of other sessions. - Restrict "/contrib/pgstattuple" functions to superusers, for security reasons. - Do not let "/contrib/intarray" try to make its GIN opclass the default (this caused problems at dump/restore). * Remove debian/patches/00upstream-01-polymorphic-functions.patch: Upstream now. -- Martin Pitt Sun, 16 Sep 2007 12:25:19 +0200 postgresql-8.2 (8.2.4-3) unstable; urgency=medium * Urgency medium since the dpkg bug above is nasty and I want this fixed in testing ASAP. * debian/postgresql-8.2.postinst: Work around dpkg bug #435938 by manually doing the timezone symlink transition. Closes: #430524 * debian/rules: Make binary-arch idempotent if test suite fails. Closes: #431565 -- Martin Pitt Sat, 04 Aug 2007 14:07:00 +0200 postgresql-8.2 (8.2.4-2) unstable; urgency=low * debian/control: Remove some unnecessary build depends. Closes: #424010 * debian/postgresql-8.2.install: Actually install the "timezone" symlink, not the dereferenced files. * Add debian/patches/12-m32r-tas.patch: - Support m32r architecture, thanks to Kazuhiro Inaoka for the initial patch. - Backported from CVS head: http://archives.postgresql.org/pgsql-committers/2007-05/msg00065.php - Closes: #419267 * Add debian/patches/00upstream-01-polymorphic-functions.patch: - Fix breakage of polymorphic SQL functions (regression in 8.2.4), add test cases. - Patch taken from upstream CVS: http://archives.postgresql.org/pgsql-committers/2007-05/msg00010.php - Closes: #430347 * debian/control: Fix libpq-dev Depends: line: ${Source-Version} -> ${binary:Version}. -- Martin Pitt Sat, 23 Jun 2007 19:08:25 +0200 postgresql-8.2 (8.2.4-1) unstable; urgency=medium * New upstream security/bug fix release: - Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See "CREATE FUNCTION" for more information. - Fix to_char() so it properly upper/lower cases localized day or month names. - "/contrib/tsearch2" crash fixes. - Require "COMMIT PREPARED" to be executed in the same database as the transaction was prepared in. - New traditional (Taiwan) Chinese FAQ. - Prevent the statistics collector from writing to disk too frequently. - Fix potential-data-corruption bug in how "VACUUM FULL" handles "UPDATE" chains. - Fix bug in domains that use array types. - Fix "pg_dump" so it can dump a serial column's sequence using "-t" when not also dumping the owning table. - Planner fixes, including improving outer join and bitmap scan selection logic. - Fix possible wrong answers or crash when a PL/pgSQL function tries to RETURN from within an EXCEPTION block. - Fix PANIC during enlargement of a hash index. * debian/patches/04-timezone-symlinks.patch: Adapt to slightly changed Makefile of 8.2.4. * Remove debian/patches/12-vacuum-cycle-hang.patch: Fixed upstream. * debian/postgresql-8.2.postrm: Fix bashism. -- Martin Pitt Fri, 20 Apr 2007 09:23:55 +0200 postgresql-8.2 (8.2.3-5) unstable; urgency=low * debian/rules: Do not let failed test suite fail the build on mips and mipsel. The Debian buildds' kernels are still broken. * debian/control: Add empty postgresql{,-client,-contrib,-doc} packages which always point to the latest available version. -- Martin Pitt Sat, 14 Apr 2007 21:23:32 +0200 postgresql-8.2 (8.2.3-4) unstable; urgency=low * First upload to unstable: Welcome, Lenny! -- Martin Pitt Sat, 14 Apr 2007 13:52:28 +0200 postgresql-8.2 (8.2.3-3) experimental; urgency=low * debian/rules: Do not FTBFS on failed test suite on sparc. sparc throws a 'floating point exception' instead of a 'division by zero' error, which is fine, but differs from expected string output. Closes: #417160 -- Martin Pitt Wed, 4 Apr 2007 12:09:37 +0200 postgresql-8.2 (8.2.3-2) experimental; urgency=low * debian/control: Add Perl dependency to p-8.2-plperl, to ensure that creating plperl functions works (as opposed to plperlu, which only needs libperl). (see bug #412135) * debian/control: Do not mention nor suggest 'pgdocs' any more in p-doc's description since pgdocs is only available for 7.4. (see bug #405097) * debian/patches/04-timezone-symlinks.patch: - Use the timezone database from the system tzdata instead of shipping our own. Towards a single authoritative time zone database in Debian and Ubuntu... :) (LP: #41159) - Drop previous hardlink-to-symlink patch to zic, since that is irrelevant now. - debian/control: Add tzdata dependency. * Add debian/patches/12-vacuum-cycle-hang.patch: Properly release our semaphore lock before erroring out wit elog() to prevent deadlocks on vacuum errors. Thanks to Heikki Linnakangas! * debian/rules: Have a test suite failure fail the build again. Let's ignore the old kernels on the Debian mips[el] buildds for now. -- Martin Pitt Fri, 30 Mar 2007 19:02:04 +0200 postgresql-8.2 (8.2.3-1) experimental; urgency=low * New upstream bug fix release to fix regressions in 8.2.2: - Remove overly-restrictive check for type length in constraints and functional indexes. - Fix optimization so MIN/MAX in subqueries can again use indexes. -- Martin Pitt Thu, 8 Feb 2007 17:13:08 +0100 postgresql-8.2 (8.2.2-1) experimental; urgency=low * New upstream security and bug fix release: - Fix security vulnerabilities that allowed connected users to read backend memory. The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access. - Fix not-so-rare-anymore bug wherein btree index page splits could fail due to choosing an infeasible split point. - Properly handle to_char('CC') for years ending in 00. Year 2000 is in the twentieth century, not the twenty-first. - "/contrib/tsearch2" localization improvements. - Fix incorrect permission check in information_schema.key_column_usage view. The symptom is "relation with OID nnnnn does not exist" errors. To get this fix without using "initdb", use "CREATE OR REPLACE VIEW" to install the corrected definition found in "share/information_schema.sql". Note you will need to do this in each database. - Improve "VACUUM" performance for databases with many tables. - Fix for rare Assert() crash triggered by UNION. - Fix potentially incorrect results from index searches using ROW inequality conditions. - Tighten security of multi-byte character processing for UTF8 sequences over three bytes long. - Fix possible crashes when an already-in-use PL/pgSQL function is updated. - Improve PL/pgSQL handling of domain types. - Fix possible errors in processing PL/pgSQL exception blocks. * debian/control: postgresql-client-8.2 provides postgresql-client. This avoids breaking all the reverse dependencies to p-c when the transitional package gets removed. Closes: #400648 -- Martin Pitt Sun, 4 Feb 2007 20:38:09 +0100 postgresql-8.2 (8.2.1-2) experimental; urgency=low * debian/libpq-dev.install: Install missing pg_trace.h. * debian/control: Remove -contrib's libpg-perl recommendation, nothing in -contrib uses it any more. Thanks to Peter Eisentraut for spotting this. Closes: #408070 * debian/control: Update -contrib package description for 8.2. Closes: #408072 -- Martin Pitt Mon, 29 Jan 2007 16:55:45 +0100 postgresql-8.2 (8.2.1-1) experimental; urgency=low * New upstream bugfix release: - Fix crash with SELECT ... LIMIT ALL (also LIMIT NULL). - "Several /contrib/tsearch2" fixes (Teodor) - Fix planner mistakes for outer join queries. - Fix several problems in queries involving sub-SELECTs. - Fix potential crash in SPI during subtransaction abort. This affects all PL functions since they all use SPI. - Improve build speed of PDF documentation. - Re-add JST (Japan) timezone abbreviation. - Improve optimization decisions related to index scans. - Have psql print multi-byte combining characters as before, rather than output as \u. - Improve index usage of regular expressions that use parentheses. This improves psql \d performance also. - Make pg_dumpall assume that databases have public CONNECT privilege, when dumping from a pre-8.2 server. This preserves the previous behavior that anyone can connect to a database if allowed by "pg_hba.conf". -- Martin Pitt Mon, 8 Jan 2007 18:04:34 +0100 postgresql-8.2 (8.2-1) experimental; urgency=low * 8.2 final release. * debian/control: Fix spelling of 'Tcl'. (See #401191) * Added a watch file. -- Martin Pitt Sun, 3 Dec 2006 17:57:43 +0100 postgresql-8.2 (8.2~rc1-1) experimental; urgency=low * Release candidate 1. -- Martin Pitt Sun, 26 Nov 2006 15:59:11 +0100 postgresql-8.2 (8.2~beta3-1) experimental; urgency=low * New upstream beta release. -- Martin Pitt Sat, 11 Nov 2006 11:52:23 -0800 postgresql-8.2 (8.2~beta2-1) experimental; urgency=low * New upstream beta release. - Documents ~/.pgpass file in psql(1). Closes: #308535 - Document long --format values in pg_dump(1). Closes: #308827 - Does not output ' any more in HTML mode. Closes: #353200 * debian/patches/{03-gettext-domains.patch,11-pg_regress-socketpath.patch}: Adapted to new upstream version. -- Martin Pitt Sun, 29 Oct 2006 17:25:02 +0100 postgresql-8.2 (8.2~beta1-2) experimental; urgency=low * Move vacuumlo from -client to -contrib, since it is a contributed script. Add appropriate Replaces:. * debian/control: Fix libpq-dev dependency of -server-dev-8.2. Closes: #393148 -- Martin Pitt Sun, 15 Oct 2006 17:40:06 +0200 postgresql-8.2 (8.2~beta1-1) experimental; urgency=low * First public beta release of 8.2, packaging based on current 8.1 tree. * Major improvements and changes (see HISTORY for details): - Improved sort performance with lower memory usage. - More efficient locking with better concurency. - New FILLFACTOR support for tables and indexes. - Many query optimization improvements. - More efficient vacuuming. - Warm standby server enhancements. - Monitoring, logging, and performance tuning additions. - Query enhancements including RETURNING values, multi-VALUES, - support, and self-joins for DELETE. - More control over creating/dropping objects and inheritance. - Index creation without blocking INSERT/UPDATE/DELETE. - COPY TO support for SELECT statements. - Array and aggregate improvements, including SQL:2003 statistical - functions. - Many /contrib improvements. -- Martin Pitt Wed, 27 Sep 2006 20:38:06 +0200 postgresql-8.1 (8.1.4-6) unstable; urgency=low * debian/control: Drop heimdal-dev suggestion of libpq-dev. Closes: #379848 * debian/libpq-dev.install: Ship pg_wchar.h. Closes: #380047 * Transition for private python extension in p-plpython-8.1: - debian/control: + Bump cdbs/debhelper build dependency versions. + Add {XS,XB}-Python-Version attributes. - debian/compat: Use compat level 5. - Add debian/pycompat: Use compat level 2. - debian/rules: Call dh_pycentral and dh_python for p-plpython-8.1. - Closes: #380898 * debian/control: Change the order of records so that the libraries come first. With that, postgresql-client-8.1 and friends pick up the correct shlibs. Closes: #381211 -- Martin Pitt Sun, 6 Aug 2006 12:31:37 +0200 postgresql-8.1 (8.1.4-5) unstable; urgency=low * debian/rules: Install init script at priority 19, since Apache and web applications usually reside on priority 20, but often require a running database. This follows a recent change in the MySQL package, thanks to Christian Hammers for pointing this out. Closes: #379276 * Add debian/patches/12-pg_restore-ignore-failing-tables.patch: - pg_restore: Add option -X no-data-for-failed-tables to ignore TABLE DATA objects if the corresponding TABLE could not be created. Necessary for fixing #351571. -- Martin Pitt Sun, 23 Jul 2006 10:34:55 +0200 postgresql-8.1 (8.1.4-4) unstable; urgency=low * debian/rules: Use -fPIC instead of -fpic to avoid FTBFS on sparc and m68k (and maybe avoid the ICE on arm). * debian/postgresql-8.1.init: Add LSB magic comment header (provide both postgresql-8.1 and a generic postgresql service). Closes: #377882 -- Martin Pitt Tue, 11 Jul 2006 22:28:07 +0200 postgresql-8.1 (8.1.4-3) unstable; urgency=low * debian/control: Add missing comerr-dev and libkrb5-dev dependencies to libpq-dev. Closes: #371158 * Add debian/patches/54-contrib-dbmirror-quoteparsing.patch: Fix parsing of quotes escaped as '' in PendingData table. Closes: #375743 * Add debian/patches/55-contrib-admin.patch: - Add the 'admin81' contrib module and build it. This provides instrumentation functions for use with PgAdmin 3 and similar. - http://www.postgresql.org/ftp/pgadmin3/release/v1.4.2/adminpacks/ - Closes: #354731 * debian/rules: Build with -fpic everywhere to improve the proactive security effectivity of address space layout randomization. This has no measurable performance impact on at least i386, amd64, and powerpc. -- Martin Pitt Fri, 7 Jul 2006 21:28:45 +0200 postgresql-8.1 (8.1.4-2) unstable; urgency=medium * Add debian/libpq4.shlibs and bump it to >= 8.1.4, to respect the introduction of PQescapeStringConn() and PQescapeByteaConn(). * debian/postgresql-8.1.postrm, clean_dir(): Do not use rmdir's --ignore-fail-on-nonempty, since that still falls apart when the directory is a mountpoint. Just ignore errors. -- Martin Pitt Fri, 2 Jun 2006 00:44:26 +0200 postgresql-8.1 (8.1.4-1) unstable; urgency=medium * New upstream security and bug fix release: - The server now rejects invalidly-encoded multibyte characters in all cases to defend against SQL-injection attacks. [CVE-2006-2313] - Reject unsafe uses of \' in string literals (for client encodings that allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A new configuration parameter backslash_quote is available to adjust this behavior when needed. [CVE-2006-2314] - Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping "by hand" should be modified to rely on library routines instead. - Various bug fixes, see upstream changelog for details. * Remove debian/patches/12-krb5-multiusers.patch: Fixed upstream. * debian/postgresql-8.1.init: Add a comment to point out that environment variables need to be set in the 'environment' file, not in the init script. * debian/postgresql-8.1.init, debian/postgresql-8.1.postinst: Do not fail if init.d-functions/maintscripts-functions are not present, which happens if postgresql-{8.1,common} are removed, but not purged. Closes: #362488 * Bump Standards-Version to 3.7.2. -- Martin Pitt Mon, 22 May 2006 10:33:20 +0200 postgresql-8.1 (8.1.3-4) unstable; urgency=low * debian/rules: - Put --as-needed into LDFLAGS instead of CFLAGS to avoid warnings when building extension modules. Closes: #360759 - Fix a bashism. * debian/control: Suggest oidentd | ident-server (oidentd prefered since it works with IPv6). Closes: #359193 * libecpg-dev: Move manpage to /usr/share/man/man1 where it belongs to. Closes: #360817 * debian/rules: Ship the tutorial's Makefile and ship the SQL *.source files (not the generated *.sql files) to get the correct path to the built libraries. Closes: #360469 * Add debian/patches/13-tutorial-README.patch: Remove confusing note about make and point out that p-server-dev-8.1 is required for building the tutorial. * debian/postgresql-contrib-8.1.install, 50-contrib-oracle-enable.patch: Move Ora2Pg.pm to /usr/share/postgresql/8.1 and adapt the library search path in ora2pg.pl accordingly. Closes: #360818 -- Martin Pitt Mon, 10 Apr 2006 22:43:11 +0200 postgresql-8.1 (8.1.3-3) unstable; urgency=low * debian/postgresql-8.1.init: Use shell 'sh -e' instead of bash. * debian/postgresql-contrib-8.1.install: Ship ora2pg.pl and Ora2Pg.pm. * debian/control: Updated contrib package description. Closes: #355172 * debian/rules: Don't special-case HPPA for --enable-thread-safety-force; the current kernel seems to cope with threads quite well, so that the configure check does not hang any more. Closes: #315440 * debian/control: Build server packages on mips and mipsel again, even if they do not work. No need to block testing migration forever (the ftp-masters seem reluctant to remove the mips binaries, see #344487), and the bug is in binutils, not PostgreSQL itself (see #357603). -- Martin Pitt Sat, 1 Apr 2006 22:13:03 +0200 postgresql-8.1 (8.1.3-2) unstable; urgency=low * Re-enable 'do not run as root' check from upstream: - Move debian/patches/08-disable-root-check.patch to debian/disable-root-check.patch. - debian/rules: Move test suite to binary/predeb and apply disable-root-check.patch manually right before calling the test suite. Unapply debian/disable-root-check.patch after executing the test suite to not break subsequent package builds. - With this, the test suite can happily run as (fake)root during package build without disabling the check in the actual packages. * postgresql-doc-8.1: Ship tutorial C and SQL files. (https://launchpad.net/bugs/30233) * debian/control, postgresql-client-8.1: Depend on postgresql-client-common instead of postgresql-common. -- Martin Pitt Sat, 18 Mar 2006 15:21:27 +0100 postgresql-8.1 (8.1.3-1) unstable; urgency=low * New upstream security and bug fix release: - Fix bug that allowed any logged-in user to "SET ROLE" to any other database user id (CVE-2006-0553). - See upstream changelog for detailled changes. * Remove debian/patches/80-cvs-pg_restore-COPY.patch: Upstream now. * debian/rules: Use --as-needed linker option to avoid excessive library dependencies. * debian/control: Remove unnecessary dependencies from PL/Python and PL/Tcl packages. -- Martin Pitt Tue, 14 Feb 2006 17:46:31 +0100 postgresql-8.1 (8.1.2-2) unstable; urgency=low * debian/patches/09-relax-sslkey-permscheck.patch: Do not check for any particular group if the SSL key is group readable, to allow sharing a common SSL certificate with other server processes. * debian/control: Add ${shlibs:Depends} to packages which need it. Closes: #348066 * debian/control, libecpg5: Remove obsolete Provides/Conflicts to ecpg. * Add debian/patches/80-cvs-pg_restore-COPY.patch: - Fix pg_restore to properly discard COPY data when trying to continue after an error in a COPY statement. Formerly it thought the COPY data was SQL commands, and got quite confused. - Patch from Stephen Frost, taken from upstream CVS. * Add debian/patches/12-krb5-multiusers.patch: - Fix krb5 credential handling in libpq for multiple connections with different users: Don't keep credentials in global variables, but pass them around in a new krb5_info struct. - Patch from Stephen Frost, proposed to be adopted upstream. -- Martin Pitt Mon, 6 Feb 2006 21:07:31 +0100 postgresql-8.1 (8.1.2-1) unstable; urgency=medium * New upstream bugfix release: - Fix bug introduced in 8.0 that could allow ReadBuffer to return an already-used page as new, potentially causing loss of recently-committed data. - Fix for protocol-level Describe messages issued outside a transaction or in a failed transaction. - Fix character string comparison for locales that consider different character combinations as equal, such as Hungarian. This might require "REINDEX" to fix existing indexes on textual columns. - Set locale environment variables during postmaster startup to ensure that plperl won't change the locale later. This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of plperl was likely to lead to corrupt indexes. You may need "REINDEX" to fix existing indexes on textual columns if this has happened to you. (postgresql-common checks and aborts on this condition.) - Allow more flexible relocation of installation directories. Previous releases supported relocation only if all installation directory paths were the same except for the last component. This makes the test suite work with Debian's directory structure, so that the horology test can find the timezones again and pass. - Prevent crashes caused by the use of ISO-8859-5 and ISO-8859-9 encodings. - Fix longstanding bug in strpos() and regular expression handling in certain rarely used Asian multi-byte character sets. - Fix bug where COPY CSV mode considered any \. to terminate the copy data. The new code requires \. to appear alone on a line, as per documentation. - Make COPY CSV mode quote a literal data value of \. to ensure it cannot be interpreted as the end-of-data marker. - Various fixes for functions returning RECORDs. - Fix processing of "postgresql.conf" so a final line with no newline is processed properly. - Fix bug in "/contrib/pgcrypto" gen_salt, which caused it not to use all available salt space for MD5 and XDES algorithms. Salts for Blowfish and standard DES are unaffected. - Fix autovacuum crash when processing expression indexes. - Fix "/contrib/dblink" to throw an error, rather than crashing, when the number of columns specified is different from what's actually returned by the query. * Remove debian/patches/12-readline-prompt-ignore.patch: Adopted upstream. * Bump postgresql-common dependencies to >= 39. This will ensure more robust upgrades and other bug fixes. -- Martin Pitt Mon, 9 Jan 2006 18:34:31 +0100 postgresql-8.1 (8.1.1-2) unstable; urgency=low * Do not build postgresql-8.1, p-contrib-8.1, and the PL/ packages on mips and mipsel, since the postmaster just SIGBUSes on these architectures and nobody seems to be able to fix that. * Add debian/patches/12-readline-prompt-ignore.patch: Do not prepend a '\001' before the 'prompt ignore begin/end' readline commands; this is a bash quirk, not a readline feature. Thanks to Aaron Schrab. Closes: #343616 -- Martin Pitt Thu, 22 Dec 2005 19:13:21 +0100 postgresql-8.1 (8.1.1-1) unstable; urgency=low * New upstream bug fix release. * Remove debian/patches/80_cvs_crash_deform_tuple.patch, upstream now. * debian/postgresql-8.1.postrm: Also clean start.conf if purging without pg_dropcluster. * debian/postgresql-8.1.postrm: Check if a /etc/postgresql/8.1 subdirectory is really a cluster directory before trying to remove it. Closes: #339810 * Ship upstream changelog. -- Martin Pitt Mon, 12 Dec 2005 17:27:57 +0100 postgresql-8.1 (8.1.0-3) unstable; urgency=low * debian/rules: Remove superfluous R include path. * debian/control: Version the libpq-dev dependency of -server-dev-8.1 to avoid horrible breakage. * Add debian/patches/80_cvs_crash_deform_tuple.patch: - Fix crash in tuple deformator (stolen from CVS head). - Closes: #339527 * Add debian/patches/52-contrib-dbase-enable-iconv.patch: - Enable iconv support for 'dbf2pg' contrib module. - Closes: #338645 -- Martin Pitt Sun, 20 Nov 2005 17:01:53 +0100 postgresql-8.1 (8.1.0-2) unstable; urgency=low * Do not install pg_config and its mo files into postgresql-server-dev-8.1 any more, since libpq-dev now ships it. Closes: #338231 * debian/control: Clean up contrib description. Closes: #338308 -- Martin Pitt Wed, 9 Nov 2005 20:29:16 -0500 postgresql-8.1 (8.1.0-1) unstable; urgency=low * Final 8.1.0 upstream release, first unstable upload. * Build client libraries (-8.0 does not build them any more). * Add debian/patches/11-server-includedir.patch: Change server include directory to /usr/include/postgresql/8.1/server since we do want to keep apart server include files. -- Martin Pitt Sat, 5 Nov 2005 18:57:00 -0500 postgresql-8.1 (8.0+8.1rc1-1) experimental; urgency=low * Upgrade to 8.1rc1 release. -- Martin Pitt Mon, 31 Oct 2005 17:43:19 -0500 postgresql-8.1 (8.0+8.1beta4-2) experimental; urgency=low * Clean up the installation path ./configure arguments. - debian/rules: Use default libdir /usr/lib. - Add debian/patches/10-pkglibdir.patch: Set pkglibdir to /usr/lib/postgresql/8.1/lib instead of /usr/lib/postgresql. -- Martin Pitt Wed, 26 Oct 2005 20:45:02 +0100 postgresql-8.1 (8.0+8.1beta4-1) experimental; urgency=low * Upgrade to 8.1beta4 release. * Adopt patches to new upstream version: - 09-relax-sslkey-permscheck.patch * debian/postgresql-8.1.postrm: clean_dir(): Ensure that directory is not a symbolic link before attempting to rmdir it. Closes: #333867 * debian/rules: Remove obsolete --disable-spinlocks build option for mips. -- Martin Pitt Mon, 24 Oct 2005 16:59:53 +0200 postgresql-8.1 (8.0+8.1beta3-1) experimental; urgency=low * Upgrade to 8.1beta3 release. * Drop debian/patches/81-beta2.patch: beta2->beta3 changes are too big to be sensibly stuffed into a patch. * Adopt patches to new upstream version: - 03-gettext-domains.patch * Remove patches which are upstream now: - 52-contrib-dbf2pg-errorcheck.patch - 53-contrib-dbf2pg-textfield * debian/patches/09-relax-sslkey-permscheck.patch: Use effective rather than real group id for checking the private SSL certificate permissions. It does not make any practical difference, but is more consistent. * Rename patch 01-top-makefile.patch to 01-build-contrib.patch to give a better idea of what it does. -- Martin Pitt Thu, 13 Oct 2005 18:32:33 +0200 postgresql-8.1 (8.0+8.1beta-4) experimental; urgency=low * Add debian/patches/09-relax-sslkey-permscheck.patch: - Relax security check on private SSL key file: The file is also considered safe if it has owner and/or group "root", and if it is group-readable (unless the group is something other than root or the database owner group). - See bug #327901. -- Martin Pitt Wed, 21 Sep 2005 22:52:39 +0200 postgresql-8.1 (8.0+8.1beta-3) experimental; urgency=low * Add debian/patches/81-beta2.patch: Upgrade to 8.1beta2 release. * Remove debian/patches/80-s_lock.h-m68k.patch: Included upstream now. -- Martin Pitt Mon, 19 Sep 2005 08:31:22 +0200 postgresql-8.1 (8.0+8.1beta-2) experimental; urgency=low * debian/postgresql-8.1.postrm: Do not remove an empty /var/log/postgresql, postgresql-common now cares for it to not break log rotation. (See #325330) * Remove debian/postgresql-server-dev-8.1.manpages: Do not install the manpage, since it belongs to libpq-dev (which is currently built by postgresql-8.0). Closes: #327379 * debian/postgresql-server-dev-8.1.install: Ship pg_config. * Build-depend on libpq-dev to pull in libpq4 dependencies for binary packages. This hack is necessary as long as we build libpq from postgresql-8.0. Closes: #327765 -- Martin Pitt Tue, 13 Sep 2005 22:04:54 +0200 postgresql-8.1 (8.0+8.1beta-1) experimental; urgency=low * First public beta version. -- Martin Pitt Fri, 26 Aug 2005 09:00:47 +0200 postgresql-8.1 (8.0+8.1alpha-1) experimental; urgency=low * New upstream snapshot release. The first beta is close to be released, and I want to be prepared for that. * Package based on postgresql-8.0 8.0.3-13; don't build client libraries yet until 8.1 final is released. -- Martin Pitt Wed, 24 Aug 2005 08:34:00 +0200 postgresql-8.0 (8.0.3-13) unstable; urgency=low * debian/control: Fix libpq4 description, it is compatible with servers starting from 7.3. * Move back client include files to /usr/include/postgresql/ for now to not render all client packages unbuildable which have not yet converted to pg_config: - debian/rules: Configure with include dir /usr/include/postgresql. - debian/libecpg-dev.install, debian/libpq-dev.install: Install files from and to /usr/include/postgresql - Add debian/patches/13_server_includedir.patch: Change server include directory back to /usr/include/postgresql/8.0/server since we do want to keep apart server include files. - Closes: #322085 * Drop obsolete xml contrib module, build and ship xml2 instead: - Remove debian/patches/51-contrib-xml-enable.patch - Add debian/patches/51-contrib-xml2-enable.patch - debian/control: Add build dependency libxslt1-dev. - debian/postgresql-contrib-8.0.install: Ship pgxml.so, drop pgxml_dom.so. - Closes: #322777 * Add debian/patches/14-mips-gcc4.patch: - Add a proper test-and-set function for mips and mipsel. Thanks to Thiemo Seufer for the patch and Aurelien Jarno for his help. This now also works with gcc 4. * debian/rules: Remove the --disable-spinlocks option for mips again, now that we have a proper patch for that. -- Martin Pitt Sat, 20 Aug 2005 17:34:01 +0200 postgresql-8.0 (8.0.3-12) unstable; urgency=low * debian/rules: - Robustify log output in case of a failed test suite; also print out regression.diffs if it fails. Closes: #319218 - Don't run the test suite if DEB_BUILD_OPTIONS contains "nocheck". * Add debian/check_installed_files to check for upstream installed files which are not shipped in any deb. * debian/postgresql-contrib-8.0.install: Ship pgxml_dom.so. Closes: #318922 -- Martin Pitt Sun, 24 Jul 2005 17:35:56 +0200 postgresql-8.0 (8.0.3-11) unstable; urgency=low * Add debian/patches/12-disable-root-check.patch: Disable "am I root" test in initdb and postmaster to be able to run the test suite at build time. This check is already done in pg_createcluster. * debian/rules: Remove all the chown/setuid crack and simply call "make check" now; print the log files if the test fails. * debian/patches/10-testsuite-params.patch: Disable authentication in the test suite db since ident authentication does not work with fakeroot. -- Martin Pitt Fri, 15 Jul 2005 13:31:51 +0300 postgresql-8.0 (8.0.3-10) unstable; urgency=low * debian/rules: If the test suite fails, don't let the build fail but rather cat the log files. Once the test suite calling works reliably, the previous behaviour can be restored. -- Martin Pitt Thu, 14 Jul 2005 14:19:30 +0300 postgresql-8.0 (8.0.3-9) unstable; urgency=low * Bump Standards-Version to 3.6.2. * debian/rules: Use start-stop-daemon instead of su to call the test suite since su requires a terminal. * debian/rules: Disable spinlocks on mips and mipsel for now since they FTBFS with gcc-4.0. -- Martin Pitt Wed, 13 Jul 2005 22:22:59 +0300 postgresql-8.0 (8.0.3-8) unstable; urgency=low * postgresql-client-8.0: Now suggest postgresql-8.0; clarified the description wrt the server package (see #313247). * Fix README.Debian symlink. * Add debian/patches/10-testsuite-params.patch: Use /tmp as the socket directory when running the test suite. * debian/rules: Call the test suite when building the package. Since creating databases as root is not permitted, do this as "nobody" if run by root (as on the buildds); don't do it at all if run with fakeroot. -- Martin Pitt Tue, 12 Jul 2005 19:10:03 +0300 postgresql-8.0 (8.0.3-7) unstable; urgency=low * Removed some redundant configure options which cdbs applies anyway. * configure with --enable-thread-safety-force on HPPA since the configure check triggers a kernel bug on the buildd. (See #315440) * debian/postgresql-8.0.init: autovac-* functions in postgresql-common were renamed to autovac_* to comply to POSIX shell standard (see #315551). Adaped dependencies. -- Martin Pitt Sun, 26 Jun 2005 14:23:32 +0200 postgresql-8.0 (8.0.3-6) unstable; urgency=low * Added debian/postgresql-8.0.links: Symlink README.Debian from postgresql-common. * Added debian/patches/08-timezone-inttimestamps.patch (stolen from CVS head): Fix integer timestamps in time zone handling. Closes: #249417, #311533. * debian/rules: Fix POT file generation. * Added debian/patches/09-libpq-defaultsocketdir.patch: - Set default socket directory for libpq to /var/run/postgresql. Closes: #313507, #313602 * Adjusted packages to follow upstream library SONAME change in 8.0.3: libecpg4 -> libecpg5, libecpg-compat1 -> libecpg-compat2, libpgtypes1 -> libpgtypes2. Closes: #313452, #313453, #313454 -- Martin Pitt Tue, 14 Jun 2005 19:58:10 +0200 postgresql-8.0 (8.0.3-5) unstable; urgency=low * debian/rules: Generate POT files to help translators. * Added debian/libpq-dev.manpages: Install pg_wrapper(1) manpage. Closes: #311671 * debian/control: Restrict libpq-dev conflict to postgresql-dev to versions << 7.5. Closes: #312827 -- Martin Pitt Fri, 10 Jun 2005 19:01:20 +0200 postgresql-8.0 (8.0.3-4) unstable; urgency=low * First unstable upload. * debian/control: Now build with libreadline5-dev instead of version 4. -- Martin Pitt Tue, 7 Jun 2005 12:15:43 +0200 postgresql-8.0 (8.0.3-3) experimental; urgency=low * Added libpq4 dependency to libpq-dev. * postgresql-contrib-8.0.install: Correct paths to install missing shared files and documentation. (Closes: #311553) * libpq-dev.install: Install some more header files from server/ which are required by client libraries. -- Martin Pitt Mon, 6 Jun 2005 12:24:57 +0200 postgresql-8.0 (8.0.3-2) experimental; urgency=low * Added CAN numbers to previous changelog entries. * debian/patches/07-postgresql.conf.patch: Enable listen_addresses = '*' by default. * debian/control, libpq-dev: Conflict to and replace postgresql-dev. -- Martin Pitt Tue, 31 May 2005 11:09:48 +0200 postgresql-8.0 (8.0.3-1) experimental; urgency=low * New upstream release: - Prevent calling conversion functions by users. [CAN-2005-1409] - Prevent calling tsearch2 functions by users. [CAN-2005-1410] * debian/libpq-dev.{install,links}: Install pg_config into /usr/lib/postgresql/8.0/bin to make it print correct paths, and install a symlink into /usr/bin instead. Closes: #305200 * debian/rules: Change include dir configure option to /usr/include/postgresql/8.0, so that different versions of postgresql-server-dev- do not conflict with each other. Since applications using the libpq-dev are supposed to use pg_config, this should not break them either. -- Martin Pitt Thu, 12 May 2005 23:37:56 +0200 postgresql-8.0 (8.0.2-1) experimental; urgency=low * New upstream release: - Removed debian/patches/02-libpq-soname.patch, upstream adopted SONAME change to libpq4. * Ship "reindexdb" in -contrib. * Added debian/patches/02_pager.patch: Use /usr/bin/pager as default pager in psql. Closes: #304459 * Added debian/postgresql-doc-8.0.doc-base: Register doc package in doc-base. -- Martin Pitt Tue, 19 Apr 2005 21:19:50 +1000 postgresql-8.0 (8.0.1-4) experimental; urgency=low * Ship pg_config in libpq-dev instead of postgresql-8.0; added proper package conflict. Closes: #303257 * Install pg_config in /usr/bin instead of 8.0-specific bin dir. Closes: #302368 * debian/postgresql-8.0.init: Added autovacuum functions. -- Martin Pitt Tue, 5 Apr 2005 23:15:31 +0200 postgresql-8.0 (8.0.1-3) experimental; urgency=low * Dropped pgxs package, the Makefiles are now part of postgresql-server-dev. * -contrib: Only recommend, not depend on libpg-perl and libdbd-pg-perl. * Renamed packages pg-pl*-8.0 to postgresql-pl*-8.0 for consistency. * Added debian/patches/07-postgresql.conf.patch: - Patch for Debian changes to the default configuration. - Enable stats_row_level to allow pg_autovacuum to work. -- Martin Pitt Sat, 2 Apr 2005 18:21:57 +0200 postgresql-8.0 (8.0.1-2) experimental; urgency=low * Changed dependency of pg-pltcl-8.0 from libtcl8.4 to tcl8.4 * Now depend on postgresql-common >= 3 which provides more maintainer script functions. * Compress manpages. -- Martin Pitt Sun, 20 Mar 2005 21:23:10 +0100 postgresql-8.0 (8.0.1-1) experimental; urgency=low * New upstream release. Closes: #274043, #291350 - Ignores shell backticks with invalid meta-commands. Closes: #285844 - Fixes uninitialized error strings when connecting to a server which is down. Closes: #264603, #277757 - configure script supports GNU/Hurd and GNU/k*BSD. Closes: #262081 - Fixes comma splices in HTML documentation. Closes: #243781 - Now upper() and lower() work also for Unicode characters. Closes: #139389, #290118, #290399 - New configuration variable max_stack_depth which prevents DoS situations due to infinite recursion. Closes: #239811 - Reportedly works with Turkish locale. Closes: #305886 - This version is not vulnerable against the following security issues: . Load arbitrary shared libs, execute startup function [CAN-2005-0227] . Execute functions with aggregate wrapper [CAN-2005-0244] . Buffer overflow and 64-bit issues in contrib/intagg [CAN-2005-0246] . Buffer overflows in the PL/PGSQL parser in gram.y [CAN-2005-0247] . Insecure temporary files in make_oidjoins_check [CAN-2004-0977] * Splitted development package into libpq-dev and postgresql-server-dev. Closes: #280417 * Splitted libecpg4 into libecpg4, libecpg-compat1 and libpgtypes1. * Old libpgtcl package does not exist any more. The PL/TCL procedural language is now shipped in pg-pltcl8.0, the TCL client library is not shipped by PostgreSQL any more. Closes: #280418 * Now use /var/lib/postgresql/ as (default) data directory. Closes: #285929 -- Martin Pitt Sun, 20 Feb 2005 19:17:17 +0100