-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 04 Jan 2008 15:27:50 +0100 Source: postgresql-8.1 Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1 Architecture: source all i386 Version: 8.1.11-1 Distribution: unstable Urgency: medium Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Description: libpq4 - PostgreSQL C client library postgresql-8.1 - object-relational SQL database, version 8.1 server postgresql-client-8.1 - front-end programs for PostgreSQL 8.1 postgresql-contrib-8.1 - additional facilities for PostgreSQL postgresql-doc-8.1 - documentation for the PostgreSQL database management system postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1 postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1 postgresql-pltcl-8.1 - PL/Tcl procedural language for PostgreSQL 8.1 postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming Changes: postgresql-8.1 (8.1.11-1) unstable; urgency=medium . * New upstream security/bugfix release: - Prevent functions in indexes from executing with the privileges of the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden within a SECURITY DEFINER context. [CVE-2007-6600] - Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067] - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. The fix that appeared for this in 8.2.5 was incomplete, as it plugged the hole for only some "dblink" functions. [CVE-2007-6601, CVE-2007-3278] - Fix planner failure in some cases of WHERE false AND var IN (SELECT ...). - Preserve the tablespace and storage parameters of indexes that are rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE". - Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used. This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition. - Make "VACUUM" not use all of maintenance_work_mem when the table is too small for it to be useful. - Fix potential crash in translate() when using a multibyte database encoding. - Fix overflow in extract(epoch from interval) for intervals exceeding 68 years. - Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function. - Fix PL/Python to not crash on long exception messages. - Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's. - Fix libpq crash when PGPASSFILE refers to a file that is not a plain file. - ecpg parser fixes. - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a category in its own right, rather than crashing. - Fix tsvector and tsquery output routines to escape backslashes correctly. - Fix crash of to_tsvector() on huge input strings. * Use the timezone database from the system tzdata instead of shipping our own. - debian/patches/04-timezone-symlinks.patch: Drop previous hardlink-to-symlink patch to zic, since that is irrelevant now. Replace the patch with a Makefile change that just symlinks /usr/share/zoneinfo to where postgresql previously installed its own tzdata copy. - debian/control: Add tzdata dependency. - debian/postgresql-8.1.install: Install the 'timezone' symlink, not the files in the dereferenced directory. - debian/postgresql-8.1.postinst: Replace the timezone directory with the symlink on upgrades, since dpkg does not do that automatically. Without this, we'd end up with an empty timezone directory. Files: d5d7805fe99dd1a98d62aacfae7fdedc 1096 misc optional postgresql-8.1_8.1.11-1.dsc 9eadd7e16f547a8ce1e0eec5de96632e 11444400 misc optional postgresql-8.1_8.1.11.orig.tar.gz 6be189a40f35be83ef33a0b2381aee5f 34913 misc optional postgresql-8.1_8.1.11-1.diff.gz d5cc02ae7e8e1a2004b4d94cb8d09179 1596932 doc optional postgresql-doc-8.1_8.1.11-1_all.deb cdeb978e249608fec959f66feea9486c 277936 libs optional libpq4_8.1.11-1_i386.deb 4c622c50452dc70c657c366c3c1b3351 4290928 misc optional postgresql-8.1_8.1.11-1_i386.deb 09711acb3f092c831a9ed7bc0ad256a8 1413140 misc optional postgresql-client-8.1_8.1.11-1_i386.deb 01b2e7d223a527bb0fae6e4d8b14f582 622376 libdevel optional postgresql-server-dev-8.1_8.1.11-1_i386.deb e72c676c91178d72841abd9f327c6312 608354 misc optional postgresql-contrib-8.1_8.1.11-1_i386.deb 2e0134d7b1fb332b4832bb8be04c2837 182936 misc optional postgresql-plperl-8.1_8.1.11-1_i386.deb 3ca2afd0639aa3b6e78863968fbe1869 175968 misc optional postgresql-plpython-8.1_8.1.11-1_i386.deb c47484dc6c3c59ebb9ae35e41695d14c 177630 misc optional postgresql-pltcl-8.1_8.1.11-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHgfj6DecnbV4Fd/IRAmTHAKCTiF0Vy/ENJdx8ytDLkKf596zTMgCgioyA SyZzW7TZjxbsdoHAFyZgWkY= =zILe -----END PGP SIGNATURE----- Accepted: libpq4_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/libpq4_8.1.11-1_i386.deb postgresql-8.1_8.1.11-1.diff.gz to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-1.diff.gz postgresql-8.1_8.1.11-1.dsc to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-1.dsc postgresql-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-1_i386.deb postgresql-8.1_8.1.11.orig.tar.gz to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11.orig.tar.gz postgresql-client-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-1_i386.deb postgresql-contrib-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-1_i386.deb postgresql-doc-8.1_8.1.11-1_all.deb to pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.11-1_all.deb postgresql-plperl-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-1_i386.deb postgresql-plpython-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-1_i386.deb postgresql-pltcl-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-1_i386.deb postgresql-server-dev-8.1_8.1.11-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-1_i386.deb