postgresql-8.1 8.1.11-0ubuntu0.6.06.1 source package in Ubuntu

Changelog

postgresql-8.1 (8.1.11-0ubuntu0.6.06.1) dapper-security; urgency=low

  * New upstream security/bugfix release:
    - Prevent functions in indexes from executing with the privileges of
      the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
      within a SECURITY DEFINER context. [CVE-2007-6600]
    - Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory
      consumption, all of which pose denial-of-service hazards for
      applications that accept regex search patterns from untrustworthy
      sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
    - Require non-superusers who use "/contrib/dblink" to use only
      password authentication, as a security measure.
      The fix that appeared for this in 8.2.5 was incomplete, as it
      plugged the hole for only some "dblink" functions. [CVE-2007-6601,
      CVE-2007-3278]
    - Fix planner failure in some cases of WHERE false AND var IN (SELECT
      ...).
    - Preserve the tablespace and storage parameters of indexes that are
      rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
    - Make archive recovery always start a new WAL timeline, rather than
      only when a recovery stop time was used. This avoids a corner-case risk
      of trying to overwrite an existing archived copy of the last WAL
      segment, and seems simpler and cleaner than the original definition.
    - Make "VACUUM" not use all of maintenance_work_mem when the table is
      too small for it to be useful.
    - Fix potential crash in translate() when using a multibyte database
      encoding.
    - Fix overflow in extract(epoch from interval) for intervals
      exceeding 68 years.
    - Fix PL/Perl to not fail when a UTF-8 regular expression is used in
      a trusted function.
    - Fix PL/Python to not crash on long exception messages.
    - Fix pg_dump to correctly handle inheritance child tables that have
      default expressions different from their parent's.
    - Fix libpq crash when PGPASSFILE refers to a file that is not a
      plain file.
    - ecpg parser fixes.
    - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
      category in its own right, rather than crashing.
    - Fix tsvector and tsquery output routines to escape backslashes
      correctly.
    - Fix crash of to_tsvector() on huge input strings.
  * Use the timezone database from the system tzdata instead of shipping our
    own.
    - debian/patches/04-timezone-symlinks.patch: Drop previous
      hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
      the patch with a Makefile change that just symlinks /usr/share/zoneinfo
      to where postgresql previously installed its own tzdata copy.
    - debian/control: Add locales dependency (which contains tzdata in
      dapper).
    - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
      files in the dereferenced directory.
    - debian/postgresql-8.1.postinst: Replace the timezone directory with the
      symlink on upgrades, since dpkg does not do that automatically. Without
      this, we'd end up with an empty timezone directory.

 -- Martin Pitt <email address hidden>   Sat, 05 Jan 2008 19:26:49 +0100

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Dapper
Original maintainer:
Martin Pitt
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
postgresql-8.1_8.1.11.orig.tar.gz 10.9 MiB bb66ac1d7875450c9da1f9931b337157ff2c1d16bd5bd98245cc3007fa945b36
postgresql-8.1_8.1.11-0ubuntu0.6.06.1.diff.gz 26.5 KiB 112d7adf5c54e4d369cc4b38c6cfb56df34bb4e813a8f32df7d2f09dcf8d4fbb
postgresql-8.1_8.1.11-0ubuntu0.6.06.1.dsc 1.1 KiB e53c920c0a7c2c9e95d97c603803869b3c3af2881905a3a668abedd17d1cf08d

View changes file

Binary packages built by this source

libecpg-compat2: No summary available for libecpg-compat2 in ubuntu dapper.

No description available for libecpg-compat2 in ubuntu dapper.

libecpg-dev: No summary available for libecpg-dev in ubuntu dapper.

No description available for libecpg-dev in ubuntu dapper.

libecpg5: No summary available for libecpg5 in ubuntu dapper.

No description available for libecpg5 in ubuntu dapper.

libpgtypes2: No summary available for libpgtypes2 in ubuntu dapper.

No description available for libpgtypes2 in ubuntu dapper.

libpq-dev: No summary available for libpq-dev in ubuntu dapper.

No description available for libpq-dev in ubuntu dapper.

libpq4: No summary available for libpq4 in ubuntu dapper.

No description available for libpq4 in ubuntu dapper.

postgresql-8.1: No summary available for postgresql-8.1 in ubuntu dapper.

No description available for postgresql-8.1 in ubuntu dapper.

postgresql-client-8.1: No summary available for postgresql-client-8.1 in ubuntu dapper.

No description available for postgresql-client-8.1 in ubuntu dapper.

postgresql-contrib-8.1: No summary available for postgresql-contrib-8.1 in ubuntu dapper.

No description available for postgresql-contrib-8.1 in ubuntu dapper.

postgresql-doc-8.1: No summary available for postgresql-doc-8.1 in ubuntu dapper.

No description available for postgresql-doc-8.1 in ubuntu dapper.

postgresql-plperl-8.1: No summary available for postgresql-plperl-8.1 in ubuntu dapper.

No description available for postgresql-plperl-8.1 in ubuntu dapper.

postgresql-plpython-8.1: No summary available for postgresql-plpython-8.1 in ubuntu dapper.

No description available for postgresql-plpython-8.1 in ubuntu dapper.

postgresql-pltcl-8.1: No summary available for postgresql-pltcl-8.1 in ubuntu dapper.

No description available for postgresql-pltcl-8.1 in ubuntu dapper.

postgresql-server-dev-8.1: No summary available for postgresql-server-dev-8.1 in ubuntu dapper.

No description available for postgresql-server-dev-8.1 in ubuntu dapper.