-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 05 Oct 2010 21:53:16 +0200 Source: postgresql-8.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all amd64 Version: 8.3.12-0lenny1 Distribution: stable-security Urgency: low Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.3 - object-relational SQL database, version 8.3 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.3 - front-end programs for PostgreSQL 8.3 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.3 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.3 - documentation for the PostgreSQL database management system postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming Changes: postgresql-8.3 (8.3.12-0lenny1) stable-security; urgency=low . * New upstream security/bug fix release: - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect usage of non-strict OR joinclauses in Append indexscans. This is a back-patch of an 8.4 fix that was missed in the 8.3 branch. This corrects an error introduced in 8.3.8 that could cause incorrect results for outer joins when the inner relation is an inheritance tree or UNION ALL subquery. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix ecpg to process data from RETURNING clauses correctly. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. Checksums-Sha1: 8d35a71f07776420a5e789fc0f7f745431a144b5 2313 postgresql-8.3_8.3.12-0lenny1.dsc 82c63dc0df3c61f2f1beb544464fdc3fd283fb05 13955500 postgresql-8.3_8.3.12.orig.tar.gz 860bfe83efee43f3a69b9cf9db22a67fe55628e9 52479 postgresql-8.3_8.3.12-0lenny1.diff.gz c92498e37da8004c64c4fce447641ae004ab6296 2213230 postgresql-doc-8.3_8.3.12-0lenny1_all.deb 869137ea6673ce72e5129030989346f32bde2568 273944 postgresql_8.3.12-0lenny1_all.deb 61b9f8ec58661b55efe585cdfceafd99598d3380 273928 postgresql-client_8.3.12-0lenny1_all.deb 6021399831f8ba40f0a37e544d5b7208008d0f22 273756 postgresql-doc_8.3.12-0lenny1_all.deb 80a21e6dbd0a7062e7bc992660ba2056b1b2c43a 273824 postgresql-contrib_8.3.12-0lenny1_all.deb fdb1c2d3e3a2c359994dfeca9af3e46b515bd3d3 480076 libpq-dev_8.3.12-0lenny1_amd64.deb 87ed67384a844fe7582ca7d6bce10a1bd15dac15 410660 libpq5_8.3.12-0lenny1_amd64.deb 904e774d6655c93ef827f519fbc7ad5146b2e8a8 303242 libecpg6_8.3.12-0lenny1_amd64.deb 2c9270b04786acc8dba9b62500c06da479efc6c4 493324 libecpg-dev_8.3.12-0lenny1_amd64.deb 0086d4f935198ec9994caad6aecdd87408bd8b4c 281942 libecpg-compat3_8.3.12-0lenny1_amd64.deb 5fe3db212239d9cadfc5860b84da65df7b222608 303486 libpgtypes3_8.3.12-0lenny1_amd64.deb cb722ec88b897d54f9791f9bb6502dbe426e1103 5396674 postgresql-8.3_8.3.12-0lenny1_amd64.deb 40c917ac0f08a5c5f8b45a126fbbffabf4163c6b 1719356 postgresql-client-8.3_8.3.12-0lenny1_amd64.deb 562edce39d18d41011f7e515ace1b99a465282ce 845666 postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb 14814d5bdc40564ab827423685d6198c8b715819 638362 postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb 057271b89d6287b0b986fb62e15b065889e77dc3 303432 postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb 27e024920e1f18504ba874ae881e7096b15b527f 295840 postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb ede5a3fe54d1f166a5844022a0dc502d38fd639a 293468 postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb Checksums-Sha256: 92bc7b7250dede18c878b9b4deb388558d5b8dd5bcb428bb2aa9ee1375073cd5 2313 postgresql-8.3_8.3.12-0lenny1.dsc 6b430c21cad2b2766ed164cb1f10acb3526421e23f6a636155656d92b98ce538 13955500 postgresql-8.3_8.3.12.orig.tar.gz b8485685a550b2be521e9af7d6468183945c7d43df30cdc2105ebb24040a101d 52479 postgresql-8.3_8.3.12-0lenny1.diff.gz e773c206a4f4ca251721d5d0552821abc0e857d26b6cf1e8db3575ccfa7dcf25 2213230 postgresql-doc-8.3_8.3.12-0lenny1_all.deb 44220055d9991a6fb59dcfb5476d313ea324c2d084b420cd30bc14477dadd520 273944 postgresql_8.3.12-0lenny1_all.deb d5e3030881797021e3d5ebe67de5e4540ee7300eea482a7de37a007aca3b1bd4 273928 postgresql-client_8.3.12-0lenny1_all.deb c90331dd182c74dd61c279e1efbeceafa1daa0d7a05a728568477519cff42410 273756 postgresql-doc_8.3.12-0lenny1_all.deb 2c143d12a203864e514609a065ae47513de41a68b14926a564334e1cf9661626 273824 postgresql-contrib_8.3.12-0lenny1_all.deb c73eb4ad7dd8f6ad35fc052eed767442d80da9f9eed15462cc1326ef07631494 480076 libpq-dev_8.3.12-0lenny1_amd64.deb abe81e1981fc3a30703d467e919388d0d791320f6ad1609f671c84a608d8cd44 410660 libpq5_8.3.12-0lenny1_amd64.deb a0abbe133eee3c638f68ce74360ff854450f7a0fd93aa5ca727c66dd36ce0097 303242 libecpg6_8.3.12-0lenny1_amd64.deb efd61adb41fc9cbb56f8c3e9e05e61b80625d30b5d256398e525c72423886228 493324 libecpg-dev_8.3.12-0lenny1_amd64.deb ea2864265ed13f661fa4c2d7b41aea636d47db07df15cba826985447b2d47465 281942 libecpg-compat3_8.3.12-0lenny1_amd64.deb 7f9f126084690ee19035fd50d8bc9d89ca9188d8a42ce0507db405bdf2b52ec2 303486 libpgtypes3_8.3.12-0lenny1_amd64.deb af0e4072018d8b7d15a64c5977e3c21c4fb416a7c757ce3b766bdb923c8f17bc 5396674 postgresql-8.3_8.3.12-0lenny1_amd64.deb e8258411f317b858b3a33a8bdd7f9ae8ea4612c7eba22ba835c1f3d50718d07f 1719356 postgresql-client-8.3_8.3.12-0lenny1_amd64.deb fc8f047313f7f4d70f9a3a69767ede8071367cf0283ed77075305b8457918423 845666 postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb 5b935555b405cc0c6a0719400854ff5e13ad8f528aa73d4d5fec0ad4d51e1075 638362 postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb 2fd69f9a6ad321eb78c85fe2e0105c97f30a561561c4b4bd31992249021fb7a9 303432 postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb a9346a241ef3a541fd0e7a8bd8ca26b7589e891c69bf20f4311ffe717f81dd8d 295840 postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb f41af32b1b6e8de4319e9780f37f1fdb729d2992638137c9725ccbd1abfeb712 293468 postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb Files: 1663c4c9915f51a31ff6e6b7b3bda545 2313 misc optional postgresql-8.3_8.3.12-0lenny1.dsc 03b56e23c3bcdc36eee3156334b8b97b 13955500 misc optional postgresql-8.3_8.3.12.orig.tar.gz e39048a272b6085ad0dce1933a1b1f5b 52479 misc optional postgresql-8.3_8.3.12-0lenny1.diff.gz 61228c350de23b18674fc3a2b0d11e44 2213230 doc optional postgresql-doc-8.3_8.3.12-0lenny1_all.deb b89079dac539bbbaed5794bee7f4d3c3 273944 misc optional postgresql_8.3.12-0lenny1_all.deb 744cf8e343f7c1c658eb64f976797736 273928 misc optional postgresql-client_8.3.12-0lenny1_all.deb 95f2dc5525e464769715c302d9141df4 273756 doc optional postgresql-doc_8.3.12-0lenny1_all.deb 0c762a2fed4bf2b85120b4fc6a3c5d09 273824 misc optional postgresql-contrib_8.3.12-0lenny1_all.deb 4fb675f2161719be5c34e6a3ae3f493a 480076 libdevel optional libpq-dev_8.3.12-0lenny1_amd64.deb 16bdc75eb32b9ce92b073687fc3a0964 410660 libs optional libpq5_8.3.12-0lenny1_amd64.deb 0fa23a3b0d13ad45f44abbb8e12b8ae5 303242 libs optional libecpg6_8.3.12-0lenny1_amd64.deb 4edc87e5bf26ae5741deec0a4f98f4f5 493324 libdevel optional libecpg-dev_8.3.12-0lenny1_amd64.deb c26daa35278a30b9a24d2ec3eeb1b36e 281942 libs optional libecpg-compat3_8.3.12-0lenny1_amd64.deb 1f72dfeb519ddbd0bbcda4adc7ac9fcd 303486 libs optional libpgtypes3_8.3.12-0lenny1_amd64.deb fb795f5e2f82bd737dc5b683ae762f2c 5396674 misc optional postgresql-8.3_8.3.12-0lenny1_amd64.deb c8d1430b1c726bfc14099a3385caa738 1719356 misc optional postgresql-client-8.3_8.3.12-0lenny1_amd64.deb 571a85c907cd1049eb69c0a173ea229c 845666 libdevel optional postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb 6640776b67da831335bff1c416c078f0 638362 misc optional postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb f7ba00803839065631bfe1d1774dbfaa 303432 misc optional postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb bb76af77727dba4e073015558c2d0d3f 295840 misc optional postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb 21691ffbf4b375416cb6a373acca3c5d 293468 misc optional postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMrCkQAAoJEPmIJawmtHufA30QAL+xC/+kP398EdnEMNVoOLqI SfsACEjHyLbQ3ISXWKxpliaaEKcvpXSG2Q6zueA9dvR/UaubCdjY4IDsqwpPY6Eh uTY9nohSbmOcKiHToLW/tz/U0MYvUIB+rlZqVetN1hc3eIf5/r+9TZYSa2e3wk17 7q/xnPF+1mq/8z5owZWtrugZ2vDMuWnAuWhUL7tJxpxXejHVLk70VLxbQxymwXau JK3n+XhBk2mU5zje6ajFTYvBJZMJDtyq/S2hAr36zSajJ4K0Qk++ZmmFbTc7vWGL KNvOWU/cjuBx03y8VYB9WlGZF4VlzPAxHqRqKgc1eGgymUyp9yrYaFEbFvWPQ0Ks ncZ0LeItf2O24/8TGHQMfEccB3MYSauDtvB6lW2qrl7b251FWO+BXNfckApC7nq1 HBFHRBzc3Ln+1qTlO8Kd8n+qMiQFcCRxb2YAiIC217aCYXN6aCNaGmV+j0toT89c wXbn9pL7Uhu2nOObS1jGUE+67vImAoh2ToTJ1i7pRb6QzhSBsGSlvOAIgYp9tLKM 36ysKJ+0B+aPcdzo1U4akC0iPSYzAgoemijT6eDYH66O2kTF4nE0y3T30viCMWuG cE246GApHnbOdeRh+OwlPHJgTnrlma4vvgFlzy5NAhbwwbpvd9Qjo7gA5SKADJty ygaLRRPWt7IhPddI+zb0 =bYi2 -----END PGP SIGNATURE----- Accepted: libecpg-compat3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_amd64.deb libecpg-dev_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_amd64.deb libecpg6_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_amd64.deb libpgtypes3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_amd64.deb libpq-dev_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_amd64.deb libpq5_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_amd64.deb postgresql-8.3_8.3.12-0lenny1.diff.gz to main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.diff.gz postgresql-8.3_8.3.12-0lenny1.dsc to main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.dsc postgresql-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_amd64.deb postgresql-8.3_8.3.12.orig.tar.gz to main/p/postgresql-8.3/postgresql-8.3_8.3.12.orig.tar.gz postgresql-client-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_amd64.deb postgresql-client_8.3.12-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-client_8.3.12-0lenny1_all.deb postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb postgresql-contrib_8.3.12-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-contrib_8.3.12-0lenny1_all.deb postgresql-doc-8.3_8.3.12-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-doc-8.3_8.3.12-0lenny1_all.deb postgresql-doc_8.3.12-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-doc_8.3.12-0lenny1_all.deb postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb postgresql_8.3.12-0lenny1_all.deb to main/p/postgresql-8.3/postgresql_8.3.12-0lenny1_all.deb