-
postgresql-common (190ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
- pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is
not affected by this change. Users with directories on volatile
storage (tmpfs) in other locations have to make sure the parent
directory is writable for the cluster owner.
- Thanks to Rich Mirch and Christoph Berg.
- CVE-2019-3466
-- Marc Deslauriers <email address hidden> Wed, 13 Nov 2019 10:21:57 -0500
-
postgresql-common (190) unstable; urgency=medium
* Move packaging repository to salsa.debian.org
* pg_lsclusters: Add --help.
* pg_virtualenv: Error out if no server packages are installed.
* postgresql-common recommends e2fsprogs, we are using chattr in
pg_createcluster. (Closes: #887251)
* PgCommon.pm: Fix include directives parser, spotted by ironhalik, thanks!
* postgresql@.service: Set Timeoutstart=0, which is the same as infinity,
but works on older systemd versions as well.
* Rewrite architecture.html as README.md.
* t/006_next_free_port.t: Drop -q argument from netcat, nmap-ncat.rpm
doesn't have it.
* t/032_ssl_key_permissions.t: Adjust for 9.4 in oldstable which still has
the old permissions check.
-- Christoph Berg <email address hidden> Thu, 08 Feb 2018 13:26:44 +0100
-
postgresql-common (189) unstable; urgency=medium
[ Chris Lamb ]
* Update README.Debian for postgresql-10. (Closes: #876438)
[ Christoph Berg ]
* dh_make_pgxs: Use PostgreSQL license as default, fix extension name.
* Modernize README.Debian's version numbers and SSL instructions.
* postgresql@.service: Ignore startup failure, recovery might take
arbitrarily long to finish. The actual service status still correctly
reflects if the postmaster process is running.
https://www.postgresql.org/message-id/20171111205316.u56lkmkakdmcx6zm%40msg.df7cb.de
* supported-versions: Version 10 on Ubuntu 18.04 (bionic). (Closes: #881501)
* debian/maintscripts-functions: bump update-alternatives priority of
version 1x to 1x0.
* Unsupport 9.2 on apt.postgresql.org.
* t/140_pg_config.t: Also test /usr/bin/pg_config.libpq-dev, and check
MKDIR_P and abs_top_build/srcdir in Makefile.global.
-- Christoph Berg <email address hidden> Thu, 14 Dec 2017 21:13:24 +0100
-
postgresql-common (188ubuntu1) bionic; urgency=medium
* Add 18.04 to the list of recognized releases for supported-versions,
fixing autopkgtest failures due to warnings on stderr.
-- Steve Langasek <email address hidden> Mon, 13 Nov 2017 23:29:52 -0800
-
postgresql-common (188) unstable; urgency=medium
* pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead
of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806.
Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for
CVE-2016-1255.)
* dh_make_pgxs: Add options to set package name and version.
* pg_lsclusters: Raise error when called on a specific cluster that does not
exist. This was the behavior before the "accept dead postgresql.conf
symlinks" change, but not coded explicitly.
-- Christoph Berg <email address hidden> Wed, 08 Nov 2017 16:03:19 +0100
-
postgresql-common (187) unstable; urgency=medium
* Consistently call psql -X. (Closes: #877920)
* Update pt translation, thanks Ricardo Silva! (Closes: #872430)
* pg_virtualenv: Drop "BUG" message that really just means that
pg_createcluster threw an error.
* pg_createcluster: Drop new cluster if --start was requested and starting
fails.
* pg_createcluster: If not running as postgres or root, don't attempt to
install config and data parent directories with owner postgres.
* pg_lsclusters, postgresql-generator, get_version_clusters, cluster_info,
read_conf_file: Accept dead postgresql.conf symlinks, filesystem might not
be mounted yet.
* pg_virtualenv: Fix version comparison when determining newest PG major.
* pg_updatedicts, postgresql-common.postinst: Create tsearch dictionaries on
first install and set umask for correct permissions. (Closes: #868232)
Thanks to Christian Ehrhardt for the analysis!
* Demote postgresql-common hunspell/myspell triggers to noawait.
-- Christoph Berg <email address hidden> Sun, 22 Oct 2017 20:44:38 +0200
-
postgresql-common (184ubuntu1) artful; urgency=medium
* Fix umask in pg_updatedicts, without which /var/cache/postgresql
may be created with permissions that leave it inaccessible to postgresql
itself.
-- Steve Langasek <email address hidden> Fri, 04 Aug 2017 16:59:24 -0700