postgresql-8.3 8.3.12-0ubuntu9.04 source package in Ubuntu
Changelog
postgresql-8.3 (8.3.12-0ubuntu9.04) jaunty-security; urgency=low * New upstream security/bug fix release: (LP: #655293) - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with. - Fix incorrect usage of non-strict OR joinclauses in Append indexscans. This is a back-patch of an 8.4 fix that was missed in the 8.3 branch. This corrects an error introduced in 8.3.8 that could cause incorrect results for outer joins when the inner relation is an inheritance tree or UNION ALL subquery. - Fix possible duplicate scans of UNION ALL member relations. - Fix "cannot handle unplanned sub-select" error. This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. - Fix failure to mark cached plans as transient. If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in progress for one of the referenced tables, it is supposed to be re-planned once the index is ready for use. This was not happening reliably. - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages. This should improve the system's robustness with corrupted indexes. - Prevent show_session_authorization() from crashing within autovacuum processes. - Defend against functions returning setof record where not all the returned rows are actually of the same rowtype. - Fix possible failure when hashing a pass-by-reference function result. - Improve merge join's handling of NULLs in the join columns. A merge join can now stop entirely upon reaching the first NULL, if the sort order is such that NULLs sort high. - Take care to fsync the contents of lockfiles (both "postmaster.pid" and the socket lockfile) while writing them. This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. - Avoid recursion while assigning XIDs to heavily-nested subtransactions. The original coding could result in a crash if there was limited stack space. - Avoid holding open old WAL segments in the walwriter process. The previous coding would prevent removal of no-longer-needed segments. - Fix log_line_prefix's %i escape, which could produce junk early in backend startup. - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when archiving is enabled. - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be interrupted by query-cancel. - Fix "REASSIGN OWNED" to handle operator classes and families. - Fix possible core dump when comparing two empty tsquery values. - Fix LIKE's handling of patterns containing % followed by _. We've fixed this before, but there were still some incorrectly-handled cases. - In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Fix ecpg to process data from RETURNING clauses correctly. - Improve "contrib/dblink"'s handling of tables containing dropped columns. - Fix connection leak after "duplicate connection name" errors in "contrib/dblink". - Fix "contrib/dblink" to handle connection names longer than 62 bytes correctly. - Add hstore(text, text) function to "contrib/hstore". This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after "contrib/hstore" is installed or reinstalled in a particular database. Users might prefer to execute the "CREATE FUNCTION" command by hand, instead. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. -- Martin Pitt <email address hidden> Wed, 06 Oct 2010 09:44:46 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Jaunty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
postgresql-8.3_8.3.12.orig.tar.gz | 13.3 MiB | 6b430c21cad2b2766ed164cb1f10acb3526421e23f6a636155656d92b98ce538 |
postgresql-8.3_8.3.12-0ubuntu9.04.diff.gz | 70.4 KiB | bbcc90e86bc9607d6237b62781319997f499a5c1eaf818ee266f8c2dd8d7305b |
postgresql-8.3_8.3.12-0ubuntu9.04.dsc | 2.3 KiB | ad95002553af89277cefc5f853d305ef7df5048bfded1c2e106d50c49f38e34c |
Available diffs
- diff from 8.3.10-0ubuntu9.04.1 to 8.3.12-0ubuntu9.04 (1013.8 KiB)
Binary packages built by this source
- libecpg-compat3: No summary available for libecpg-compat3 in ubuntu jaunty.
No description available for libecpg-compat3 in ubuntu jaunty.
- libecpg-dev: No summary available for libecpg-dev in ubuntu jaunty.
No description available for libecpg-dev in ubuntu jaunty.
- libecpg6: No summary available for libecpg6 in ubuntu jaunty.
No description available for libecpg6 in ubuntu jaunty.
- libpgtypes3: No summary available for libpgtypes3 in ubuntu jaunty.
No description available for libpgtypes3 in ubuntu jaunty.
- libpq-dev: No summary available for libpq-dev in ubuntu jaunty.
No description available for libpq-dev in ubuntu jaunty.
- libpq5: No summary available for libpq5 in ubuntu jaunty.
No description available for libpq5 in ubuntu jaunty.
- postgresql: No summary available for postgresql in ubuntu jaunty.
No description available for postgresql in ubuntu jaunty.
- postgresql-8.3: No summary available for postgresql-8.3 in ubuntu jaunty.
No description available for postgresql-8.3 in ubuntu jaunty.
- postgresql-client: No summary available for postgresql-client in ubuntu jaunty.
No description available for postgresql-client in ubuntu jaunty.
- postgresql-client-8.3: No summary available for postgresql-client-8.3 in ubuntu jaunty.
No description available for postgresql-
client- 8.3 in ubuntu jaunty.
- postgresql-contrib: No summary available for postgresql-contrib in ubuntu jaunty.
No description available for postgresql-contrib in ubuntu jaunty.
- postgresql-contrib-8.3: No summary available for postgresql-contrib-8.3 in ubuntu jaunty.
No description available for postgresql-
contrib- 8.3 in ubuntu jaunty.
- postgresql-doc: No summary available for postgresql-doc in ubuntu jaunty.
No description available for postgresql-doc in ubuntu jaunty.
- postgresql-doc-8.3: No summary available for postgresql-doc-8.3 in ubuntu jaunty.
No description available for postgresql-doc-8.3 in ubuntu jaunty.
- postgresql-plperl-8.3: No summary available for postgresql-plperl-8.3 in ubuntu jaunty.
No description available for postgresql-
plperl- 8.3 in ubuntu jaunty.
- postgresql-plpython-8.3: No summary available for postgresql-plpython-8.3 in ubuntu jaunty.
No description available for postgresql-
plpython- 8.3 in ubuntu jaunty.
- postgresql-pltcl-8.3: No summary available for postgresql-pltcl-8.3 in ubuntu jaunty.
No description available for postgresql-
pltcl-8. 3 in ubuntu jaunty.
- postgresql-server-dev-8.3: No summary available for postgresql-server-dev-8.3 in ubuntu jaunty.
No description available for postgresql-
server- dev-8.3 in ubuntu jaunty.