postgresql-8.4 8.4.4-0ubuntu10.04 source package in Ubuntu

Changelog

postgresql-8.4 (8.4.4-0ubuntu10.04) lucid-security; urgency=low

  * New upstream security/bug fix release:
    - Enforce restrictions in plperl using an opmask applied to the whole
      interpreter, instead of using "Safe.pm".
      Recent developments have convinced us that "Safe.pm" is too
      insecure to rely on for making plperl trustable. This change
      removes use of "Safe.pm" altogether, in favor of using a separate
      interpreter with an opcode mask that is always applied. Pleasant
      side effects of the change include that it is now possible to use
      Perl's strict pragma in a natural way in plperl, and that Perl's $a
      and $b variables work as expected in sort routines, and that
      function compilation is significantly faster. (CVE-2010-1169)
    - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table. This
      change disables the feature unless pltcl_modules is owned by a
      superuser. (However, the permissions on the table are not checked,
      so installations that really need a less-than-secure modules table
      can still grant suitable privileges to trusted non-superusers.)
      Also, prevent loading code into the unrestricted "normal" Tcl
      interpreter unless we are really going to execute a pltclu
      function. (CVE-2010-1170)
    - Fix data corruption during WAL replay of ALTER ... SET TABLESPACE.
      When archive_mode is on, ALTER ... SET TABLESPACE generates a WAL
      record whose replay logic was incorrect. It could write the data to
      the wrong place, leading to possibly-unrecoverable data corruption.
      Data corruption would be observed on standby slaves, and could
      occur on the master as well if a database crash and recovery
      occurred after committing the ALTER and before the next checkpoint.
    - Fix possible crash if a cache reset message is received during
      rebuild of a relcache entry.
      This error was introduced in 8.4.3 while fixing a related failure.
    - Apply per-function GUC settings while running the language
      validator for the function. This avoids failures if the function's code
      is invalid without the setting; an example is that SQL functions may not
      parse if the search_path is not correct.
    - Do constraint exclusion for inherited "UPDATE" and "DELETE" target
      tables when constraint_exclusion = partition.
      Due to an oversight, this setting previously only caused constraint
      exclusion to be checked in "SELECT" commands.
    - Do not allow an unprivileged user to reset superuser-only parameter
      settings.
      Previously, if an unprivileged user ran ALTER USER ... RESET ALL
      for himself, or ALTER DATABASE ... RESET ALL for a database he
      owns, this would remove all special parameter settings for the user
      or database, even ones that are only supposed to be changeable by a
      superuser. Now, the "ALTER" will only remove the parameters that
      the user has permission to change.
    - Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries.
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
    - Fix erroneous handling of %r parameter in recovery_end_command.
      The value always came out zero.
    - Ensure the archiver process responds to changes in archive_command
      as soon as possible.
    - Fix pl/pgsql's CASE statement to not fail when the case expression
      is a query that returns no rows.
    - Update pl/perl's "ppport.h" for modern Perl versions.
    - Fix assorted memory leaks in pl/python.
    - Handle empty-string connect parameters properly in ecpg.
    - Prevent infinite recursion in psql when expanding a variable that
      refers to itself.
    - Fix psql's \copy to not add spaces around a dot within \copy
      (select ...).
      Addition of spaces around the decimal point in a numeric literal
      would result in a syntax error.
    - Avoid formatting failure in psql when running in a locale context
      that doesn't match the client_encoding.
    - Fix unnecessary "GIN indexes do not support whole-index scans"
      errors for unsatisfiable queries using "contrib/intarray" operators.
    - Ensure that "contrib/pgstattuple" functions respond to cancel
      interrupts promptly.
 -- Martin Pitt <email address hidden>   Sat, 15 May 2010 13:31:46 +0200

Upload details

Uploaded by:
Martin Pitt
Sponsored by:
Jamie Strandboge
Uploaded to:
Lucid
Original maintainer:
Martin Pitt
Architectures:
any
Section:
database
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
postgresql-8.4_8.4.4.orig.tar.gz 16.4 MiB 5f465a7231964dda5c15800436863d9d3558c869764eec327bdbc2702754dad9
postgresql-8.4_8.4.4-0ubuntu10.04.diff.gz 34.8 KiB 5d01f6997ae611c9a3e91195f7dde1491e9b0ed8b56616d3b525591cbf606d48
postgresql-8.4_8.4.4-0ubuntu10.04.dsc 1.8 KiB d3bde5c7c9a1585fbe482d035cff0388f6857b421ae8664fe3db4ab6a70a6760

View changes file

Binary packages built by this source

libecpg-compat3: No summary available for libecpg-compat3 in ubuntu lucid.

No description available for libecpg-compat3 in ubuntu lucid.

libecpg-dev: No summary available for libecpg-dev in ubuntu lucid.

No description available for libecpg-dev in ubuntu lucid.

libecpg6: No summary available for libecpg6 in ubuntu lucid.

No description available for libecpg6 in ubuntu lucid.

libpgtypes3: No summary available for libpgtypes3 in ubuntu lucid.

No description available for libpgtypes3 in ubuntu lucid.

libpq-dev: No summary available for libpq-dev in ubuntu lucid.

No description available for libpq-dev in ubuntu lucid.

libpq5: No summary available for libpq5 in ubuntu lucid.

No description available for libpq5 in ubuntu lucid.

postgresql: No summary available for postgresql in ubuntu lucid.

No description available for postgresql in ubuntu lucid.

postgresql-8.4: No summary available for postgresql-8.4 in ubuntu lucid.

No description available for postgresql-8.4 in ubuntu lucid.

postgresql-client: No summary available for postgresql-client in ubuntu lucid.

No description available for postgresql-client in ubuntu lucid.

postgresql-client-8.4: No summary available for postgresql-client-8.4 in ubuntu lucid.

No description available for postgresql-client-8.4 in ubuntu lucid.

postgresql-contrib: No summary available for postgresql-contrib in ubuntu lucid.

No description available for postgresql-contrib in ubuntu lucid.

postgresql-contrib-8.4: No summary available for postgresql-contrib-8.4 in ubuntu lucid.

No description available for postgresql-contrib-8.4 in ubuntu lucid.

postgresql-doc: No summary available for postgresql-doc in ubuntu lucid.

No description available for postgresql-doc in ubuntu lucid.

postgresql-doc-8.4: No summary available for postgresql-doc-8.4 in ubuntu lucid.

No description available for postgresql-doc-8.4 in ubuntu lucid.

postgresql-plperl-8.4: No summary available for postgresql-plperl-8.4 in ubuntu lucid.

No description available for postgresql-plperl-8.4 in ubuntu lucid.

postgresql-plpython-8.4: No summary available for postgresql-plpython-8.4 in ubuntu lucid.

No description available for postgresql-plpython-8.4 in ubuntu lucid.

postgresql-pltcl-8.4: No summary available for postgresql-pltcl-8.4 in ubuntu lucid.

No description available for postgresql-pltcl-8.4 in ubuntu lucid.

postgresql-server-dev-8.4: No summary available for postgresql-server-dev-8.4 in ubuntu lucid.

No description available for postgresql-server-dev-8.4 in ubuntu lucid.