2007
postgresql-7.4 (1:7.4.16-1) unstable; urgency=high
* New upstream security and bug fix release:
- Remove security vulnerability that allowed connected users to read
backend memory.
The vulnerability involves suppressing the normal check that a SQL
function returns the data type it's declared to, or changing the
data type of a table column used in a SQL function (CVE-2007-0555).
This error can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
- Fix rare bug wherein btree index page splits could fail due to
choosing an infeasible split point.
- Fix for rare Assert() crash triggered by UNION.
- Tighten security of multi-byte character processing for UTF8
sequences over three bytes long.
* Urgency high: security relevant changes and critical bug fixes.
-- Martin Pitt <mpitt@debian.org> Sun, 4 Feb 2007 20:05:24 +0100
postgresql-7.4 (1:7.4.15-1) unstable; urgency=medium
* Urgency medium since these are important bug fixes that should reach Etch.
* New upstream bugfix release:
- Fix "failed to re-find parent key" errors in "VACUUM".
- Fix bugs affecting multi-gigabyte hash indexes.
- Fix error when constructing an ARRAY[] made up of multiple empty
elements.
- to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for
new initdb installs. This is because lc_numeric can potentially change
the output of these functions.
- Improve index usage of regular expressions that use parentheses.
This improves psql \d performance also.
-- Martin Pitt <mpitt@debian.org> Mon, 8 Jan 2007 18:56:56 +0100
2006
postgresql-7.4 (1:7.4.14-2) unstable; urgency=medium
* Urgency medium, since only trivial bug fixes. * Add watch file. * debian/control: Fix spelling of 'Tcl'. (See #401191)
-- Martin Pitt <mpitt@debian.org> Fri, 8 Dec 2006 22:36:30 +0100
postgresql-7.4 (1:7.4.14-1) unstable; urgency=low
* New upstream bugfix release:
- Fix core dump when an untyped literal is taken as ANYARRAY.
- Fix string_to_array() to handle overlapping matches for the
separator string. For example, string_to_array('123xx456xxx789', 'xx').
- Fix corner cases in pattern matching for psql's \d commands.
- Fix index-corrupting bugs in /contrib/ltree.
- Fix backslash escaping in /contrib/dbmirror.
- Adjust regression tests for recent changes in US DST laws.
* Remove debian/patches/37_contrib-dbmirror_quoteparsing.patch: Applied
upstream.
-- Martin Pitt <mpitt@debian.org> Sun, 15 Oct 2006 17:28:13 +0200
postgresql-7.4 (1:7.4.13-7) unstable; urgency=low
* debian/control: Add explicit p-client-7.4 dependency to -contrib, since
-contrib needs libpq3.
* debian/patches/15_unnecessary_libs.patch: Remove unnecessary NEEDED
libraries from PL/*, too.
-- Martin Pitt <mpitt@debian.org> Fri, 6 Oct 2006 19:15:31 +0200
postgresql-7.4 (1:7.4.13-6) unstable; urgency=low
* Remove libpq3 package. No package in testing uses it any more (just one in
unstable which is unmaintained, see #390461). Ship the library in
postgresql-client-7.4 instead. Enable rpath so that
/usr/lib/postgresql/7.4/lib/libpq.so is found by the client programs.
* Move pg_dumplo and vacuumlo from -client to -contrib, since these are
contributed scripts. Add appropriate Replaces:.
* Add debian/patches/15_unnecessary_libs.patch: Remove all unnecessary -lfoo
library references from Makefiles to clean up unnecessary library
dependencies. Thanks to Christian Aichinger for his neat checklib system!
-- Martin Pitt <mpitt@debian.org> Sun, 1 Oct 2006 15:27:39 +0200
postgresql-7.4 (1:7.4.13-5) unstable; urgency=low
* debian/postgresql-7.4.install: Remove files which do not actually exist
(this fails with debhelper compat 5).
* Transition for private python extension in p-plpython-7.4:
- debian/control:
+ Bump cdbs/debhelper build dependency versions.
+ Add {XS,XB}-Python-Version attributes.
- debian/compat: Use compat level 5.
- Add debian/pycompat: Use compat level 2.
- debian/rules: Call dh_pycentral and dh_python for p-plpython-7.4.
- Closes: #380896
-- Martin Pitt <mpitt@debian.org> Sat, 5 Aug 2006 23:49:02 +0200
postgresql-7.4 (1:7.4.13-4) unstable; urgency=low
* Add debian/patches/37_contrib-dbmirror_quoteparsing.patch: Fix parsing of
quotes escaped as '' in PendingData table. Closes: #375744
* debian/rules: Build with -fPIC everywhere to improve the proactive
security effectivity of address space layout randomization. This has no
measurable performance impact on at least i386, amd64, and powerpc.
* debian/postgresql-7.4.init: Add LSB magic comment header (provide both
postgresql-7.4 and a generic postgresql service). Closes: #377495
* debian/postgresql-7.4.init: Silently exit if init.d-functions does not
exist. (See bug #362488 for postgresql-8.1)
* debian/rules: Install init script at priority 19, since Apache and web
applications usually reside on priority 20, but often require a running
database. This follows a recent change in the MySQL package, thanks to
Christian Hammers for pointing this out. Closes: #379145
* Build server-related packages on mips and mipsel again. The SIGBUS problem
turned out to be a kernel bug, which is fixed on 2.6.16 and later. Thanks
to Thiemo Seufer for his investigations!
-- Martin Pitt <mpitt@debian.org> Sat, 22 Jul 2006 17:17:04 +0200
postgresql-7.4 (1:7.4.13-3) unstable; urgency=medium
* debian/rules: Do not completely fail the build when the test suite fails,
so that mips and mipsel at least get the client side packages.
* debian/control: Do not build the server-related packags on mips and
mipsel.
-- Martin Pitt <mpitt@debian.org> Fri, 9 Jun 2006 14:01:04 +0200
postgresql-7.4 (1:7.4.13-2) unstable; urgency=medium
* Add debian/libpq3.shlibs and bump it to >= 7.4.13, to respect the
introduction of PQescapeStringConn() and PQescapeByteaConn().
* debian/postgresql-7.4.postrm, clean_dir(): Do not use rmdir's
--ignore-fail-on-nonempty, since that still falls apart when the
directory is a mountpoint. Just ignore errors.
-- Martin Pitt <mpitt@debian.org> Thu, 1 Jun 2006 23:12:51 +0200
postgresql-7.4 (1:7.4.13-1) unstable; urgency=medium
* New upstream security and bug fix release:
- The server now rejects invalidly-encoded multibyte characters in all
cases to defend against SQL-injection attacks. [CVE-2006-2313]
- Reject unsafe uses of \' in string literals (for client encodings that
allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A
new configuration parameter backslash_quote is available to adjust this
behavior when needed. [CVE-2006-2314]
- Modify libpq's string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the security issues
described in CVE-2006-2313 and CVE-2006-2314, and also
future-proofs them against the planned changeover to SQL-standard
string literal syntax. Applications that use multiple PostgreSQL
connections concurrently should migrate to PQescapeStringConn() and
PQescapeByteaConn() to ensure that escaping is done correctly for
the settings in use in each database connection. Applications that
do string escaping "by hand" should be modified to rely on library
routines instead.
- Various bug fixes, see upstream changelog for details.
-- Martin Pitt <mpitt@debian.org> Mon, 22 May 2006 10:35:58 +0200
postgresql-7.4 (1:7.4.12-4) unstable; urgency=low
* Bump Standards-Version.
* debian/rules: Remove --as-needed linker option again since it now causes
an FTBFS. Closes: #366828
-- Martin Pitt <mpitt@debian.org> Sun, 14 May 2006 22:53:45 +0200
postgresql-7.4 (1:7.4.12-3) unstable; urgency=low
* debian/control, postgresql-client-7.4: Depend on postgresql-client-common
instead of postgresql-common.
* debian/rules: Unapply debian/disable-root-check.patch after running the
test suite to not break subsequent builds.
* debian/postgresql-7.4.init: Use shell 'sh -e' instead of bash.
-- Martin Pitt <mpitt@debian.org> Wed, 29 Mar 2006 23:12:52 +0200
postgresql-7.4 (1:7.4.12-2) unstable; urgency=low
* debian/patches/11_relax_sslkey_permscheck.patch: Do not check for any
particular group if the SSL key is group readable, to allow sharing a
common SSL certificate with other server processes.
* Fix CVE in previous changelog.
* Re-enable 'do not run as root' check from upstream:
- Move debian/patches/20_disable_root_check.patch to
debian/disable-root-check.patch.
- debian/rules: Move test suite to binary/predeb and apply
disable-root-check.patch manually right before calling the test suite.
- With this, the test suite can happily run as (fake)root during package
build without disabling the check in the actual packages.
-- Martin Pitt <mpitt@debian.org> Fri, 10 Mar 2006 17:12:09 +0100
postgresql-7.4 (1:7.4.12-1) unstable; urgency=low
* New upstream bugfix release:
- Fix potential crash in "SET SESSION AUTHORIZATION" (CVE-2006-0678)
An unprivileged user could crash the server process, resulting in
momentary denial of service to other users, if the server has been
compiled with Asserts enabled (which is not the default). Thanks to
Akio Ishida for reporting this problem.
- Fix bug with row visibility logic in self-inserted rows. Under rare
circumstances a row inserted by the current command could be seen as
already valid, when it should not be. Repairs bug created in 7.4.9 and
7.3.11 releases.
- Fix race condition that could lead to "file already exists" errors
during pg_clog file creation.
- Properly check DOMAIN constraints for UNKNOWN parameters in
prepared statements.
- Fix to allow restoring dumps that have cross-schema references to
custom operators.
- Portability fix for testing presence of finite and isinf during
configure.
* debian/control: Add some forgotten ${shlibs:Depends}.
* debian/rules: Use --as-needed linker option to avoid excessive library
dependencies.
* debian/control: Remove unnecessary dependencies from PL/Python and PL/Tcl
packages.
-- Martin Pitt <mpitt@debian.org> Fri, 17 Feb 2006 13:06:53 +0100
postgresql-7.4 (1:7.4.11-1) unstable; urgency=low
* New upstream bugfix release:
- Fix for protocol-level Describe messages issued outside a
transaction or in a failed transaction.
- Fix character string comparison for locales that consider different
character combinations as equal, such as Hungarian. This might require
"REINDEX" to fix existing indexes on textual columns.
- Set locale environment variables during postmaster startup to
ensure that plperl won't change the locale later.
This fixes a problem that occurred if the postmaster was started
with environment variables specifying a different locale than what
initdb had been told. Under these conditions, any use of plperl was
likely to lead to corrupt indexes. You may need "REINDEX" to fix
existing indexes on textual columns if this has happened to you.
(postgresql-common checks and aborts on this condition.)
- Fix longstanding bug in strpos() and regular expression handling in
certain rarely used Asian multi-byte character sets.
- Fix bug in "/contrib/pgcrypto" gen_salt, which caused it not to use
all available salt space for MD5 and XDES algorithms. Salts for Blowfish
and standard DES are unaffected.
- Fix "/contrib/dblink" to throw an error, rather than crashing, when
the number of columns specified is different from what's actually
returned by the query.
* Add debian/patches/53_testsuite-ignore-horology.patch: New upstream
version has the horology test now which fails on the buildds for known
reasons. 8.0 fix for make_relative_path is not easy to backport, so ignore
this failure for 7.4.
-- Martin Pitt <mpitt@debian.org> Mon, 9 Jan 2006 19:16:30 +0100
2005
postgresql-7.4 (1:7.4.10-4) unstable; urgency=low
* Drop debian/patches/51_testsuite-localhost_ip.patch, replace it with
debian/patches/51_testsuite-localhost_ip.patch: Simply ignore a failing
stats test until the buildds are fixed. Fixes FTBFS on s390.
-- Martin Pitt <mpitt@debian.org> Thu, 22 Dec 2005 20:33:30 +0100
postgresql-7.4 (1:7.4.10-3) unstable; urgency=low
* Rename patch 19_testsuite_params.patch to
50_testsuite-socket_in_tmp.patch.
* Add debian/patches/51_testsuite-localhost_ip.patch: Use '127.0.0.1'
instead of 'localhost' for PGHOST in the test suite since some broken
buildds cannot resolve 'localhost', which lets the stats test fail.
* Add debian/patches/52_testsuite-ignore-point.patch: Ignore failures in the
'point' regression test since on arm we get a different precision for some
test for some reason.
-- Martin Pitt <mpitt@debian.org> Thu, 22 Dec 2005 18:07:06 +0100
postgresql-7.4 (1:7.4.10-2) unstable; urgency=low
* debian/rules: Fail the build if the test suite fails. This will happen on
mips and mipsel, PostgreSQL does not work on these architectures. The mips
and mipsel binaries will be removed from sid and testing. Closes: #329197
-- Martin Pitt <mpitt@debian.org> Mon, 19 Dec 2005 12:58:57 +0100
postgresql-7.4 (1:7.4.10-1) unstable; urgency=low
* New upstream bugfix release:
- Fix race condition in transaction log management.
There was a narrow window in which an I/O operation could be
initiated for the wrong page, leading to an Assert failure or data
corruption.
- Prevent failure if client sends Bind protocol message when current
transaction is already aborted.
- "/contrib/ltree" fixes.
- AIX and HPUX compile fixes.
- Fix longstanding planning error for outer joins.
This bug sometimes caused a bogus error "RIGHT JOIN is only
supported with merge-joinable join conditions".
- Prevent core dump in pg_autovacuum when a table has been dropped.
* Ship upstream changelog.
* debian/postgresql-7.4.postrm: Check if a /etc/postgresql/7.4 subdirectory
is really a cluster directory before trying to remove it. Closes: #342350
-- Martin Pitt <mpitt@debian.org> Mon, 12 Dec 2005 17:31:31 +0100
postgresql-7.4 (1:7.4.9-2) unstable; urgency=low
* debian/postgresql-7.4.postrm: clean_dir(): Ensure that directory is not a
symbolic link before attempting to rmdir it. Closes: #334968
* Rebuild against OpenSSL 0.9.8.
-- Martin Pitt <mpitt@debian.org> Tue, 22 Nov 2005 14:13:34 +0100
postgresql-7.4 (1:7.4.9-1) unstable; urgency=low
* New upstream bugfix release.
* Adapted patches for new release:
- 03_check_rlimit_nofile.patch
- 12_gettext_domains.patch
* Removed patches which are upstream now:
- 15_timezone_inttimestamps.patch
* Fix installation of gettext MO files to actually ship them.
* debian/postgresql-7.4.postrm: Do not remove an empty /var/log/postgresql,
postgresql-common now cares for it to not break log rotation. (See
#325330)
* Add debian/patches/11_relax_sslkey_permscheck.patch:
- Relax security check on private SSL key file: The file is also
considered safe if it has owner and/or group "root", and if it is
group-readable (unless the group is something other than root or the
database owner group).
- See bug #327901.
* Build with gcc 3.3 on ia64, hppa, mips, mipsel, and sparc. Building with
gcc 4.0 causes bus errors. Closes: #329197.
* Add debian/patches/13_krb5_virtualserver.patch:
- Fix Kerberos authentication when using virtual hosts. Thanks to
pod@herald.ox.ac.uk for the patch.
- Closes: #320049
* debian/rules: Fix typo that prevented execution of the test suite.
-- Martin Pitt <mpitt@debian.org> Thu, 6 Oct 2005 23:05:22 +0200
postgresql-7.4 (1:7.4.8-17) unstable; urgency=low
* Add debian/patches/22_mips_gcc4.patch:
- Add a proper test-and-set function for mips and mipsel. Thanks to Thiemo
Seufer for the patch and Aurelien Jarno for his help. This now also
works with gcc 4.
* debian/control, debian/rules: Revert the "gcc 3.3 on mips" hack again.
* Remove debian/patches/11_default_authmethod.patch and
debian/patches/13_postgresql.conf.patch: pg_createcluster now does the
default configuration; bump version dependency for p-common accordingly.
-- Martin Pitt <mpitt@debian.org> Tue, 23 Aug 2005 19:54:29 +0200
postgresql-7.4 (1:7.4.8-16) unstable; urgency=low
* Use gcc-3.3, not 3.4 on mips/mipsel since 3.4 fails as well. Grrr.
-- Martin Pitt <mpitt@debian.org> Tue, 16 Aug 2005 11:36:41 +0200
postgresql-7.4 (1:7.4.8-15) unstable; urgency=low
* Add debian/patches/21_krb5_check_hostname.patch:
- Check that the hostname is actually set before attempting a KRB5
authenticated remote connection; this avoids a segfault if hostname is
not set. Closes: #320805.
* debian/rules: Additionally call make install-all-headers to get server
include files and make postgresql-server-dev-7.4 actually useful.
* debian/rules, mips[el] build:
- Remove the --disable-spinlock setting for mips[el] again since this does
not work.
- Instead build with gcc-3.4 on these platforms.
- debian/control: Add build dependency gcc-3.4 on mips and mipsel.
-- Martin Pitt <mpitt@debian.org> Tue, 16 Aug 2005 00:08:57 +0200
postgresql-7.4 (1:7.4.8-14) unstable; urgency=low
* debian/postgresql-contrib-7.4.install: Ship pgxml_dom.so. Closes: #319107 * debian/rules: - Robustify log output in case of a failed test suite; also print out regression.diffs if it fails. Closes: #319209 - Don't run the test suite if DEB_BUILD_OPTIONS contains "nocheck".
-- Martin Pitt <mpitt@debian.org> Wed, 20 Jul 2005 00:24:19 +0200
postgresql-7.4 (1:7.4.8-13) unstable; urgency=low
* Add debian/patches/20_disable_root_check.patch: Disable "am I root" test
in initdb and postmaster to be able to run the test suite at build time.
This check is already done in pg_createcluster.
* debian/rules: Remove all the chown/setuid crack and simply call "make
check" now; print the log files if the test fails.
* debian/patches/19_testsuite_params.patch: Disable authentication in the
test suite db since ident authentication does not work with fakeroot.
-- Martin Pitt <mpitt@debian.org> Fri, 15 Jul 2005 11:06:01 +0300
postgresql-7.4 (1:7.4.8-12) unstable; urgency=low
* debian/rules: Use start-stop-daemon instead of su to call the test suite
since su requires a terminal.
* debian/rules: Disable spinlocks on mips and mipsel for now since they
FTBFS with gcc-4.0.
-- Martin Pitt <mpitt@debian.org> Wed, 13 Jul 2005 22:24:49 +0300
postgresql-7.4 (1:7.4.8-11) unstable; urgency=low
* postgresql-client-7.4: Now suggest postgresql-7.4; clarified the
description wrt the server package (see #313247).
* Fix README.Debian symlink.
* Add debian/patches/18_build_kfreebsd.patch: Fix configure[.in] to work on
GNU/kFreeBSD. Thanks to Aurelien Jarno for the patch. Closes: #317368
* Add debian/patches/19_testsuite_params.patch: Use /tmp as the socket
directory when running the test suite.
* debian/rules: Call the test suite when building the package. Since
creating databases as root is not permitted, do this as "nobody" if run by
root (as on the buildds); don't do it at all if run with fakeroot.
* Bump Standards-Version to 3.6.2.
-- Martin Pitt <mpitt@debian.org> Tue, 12 Jul 2005 21:40:50 +0300
postgresql-7.4 (1:7.4.8-10) unstable; urgency=low
* postgresql-server-dev-7.4: Ship /usr/lib/postgresql/7.4/bin/pg_config.
Closes: #314636
* debian/postgresql-7.4.init: autovac-* functions in postgresql-common were
renamed to autovac_* to comply to POSIX shell standard (see #315551).
Adapted dependencies.
-- Martin Pitt <mpitt@debian.org> Sun, 26 Jun 2005 14:34:16 +0200
postgresql-7.4 (1:7.4.8-9) unstable; urgency=low
* debian/rules: Fix POT file generation.
* Added debian/patches/16_libpq_defaultsocketdir.patch:
- Set default socket directory for libpq to /var/run/postgresql.
Closes: #313608
* Added debian/patches/17_garbage_error_messages.patch:
- src/port/thread.c: Return NULL instead of uninitialized buffer if
strerror_r() fails.
- This fixes garbage error messages on failed connections.
Closes: #264603, #277757
- Backported from 8.0 tree.
-- Martin Pitt <mpitt@debian.org> Tue, 14 Jun 2005 19:48:33 +0200
postgresql-7.4 (1:7.4.8-8) unstable; urgency=low
* debian/rules: Generate POT files to help translators.
* Added debian/postgresql-7.4.links: Symlink README.Debian from
postgresql-common.
* Added debian/patches/15_timezone_inttimestamps.patch (stolen from CVS
head): Fix integer timestamps in time zone handling.
(Bugs #249417, #311533; closed in 8.0 upload).
* debian/control: Now build with libreadline5.
* Added debian/postgresql-server-dev-7.4.install, which was forgotten to be
committed into the arch repository and caused an empty package.
-- Martin Pitt <mpitt@debian.org> Mon, 13 Jun 2005 13:11:13 +0200
postgresql-7.4 (1:7.4.8-7) unstable; urgency=low
* First unstable upload.
-- Martin Pitt <mpitt@debian.org> Tue, 7 Jun 2005 12:24:18 +0200
postgresql-7.4 (1:7.4.8-6) experimental; urgency=low
* postgresql-contrib-7.4.install: Correct paths to install missing shared
files and documentation. (See bug #311553, closed in 8.0 upload).
-- Martin Pitt <mpitt@debian.org> Mon, 6 Jun 2005 11:25:24 +0200
postgresql-7.4 (1:7.4.8-5) experimental; urgency=low
* debian/postgresql-7.4.install: Install pg_encoding to enable encodings
other than SQL_ASCII.
-- Martin Pitt <mpitt@debian.org> Wed, 1 Jun 2005 22:52:59 +0200
postgresql-7.4 (1:7.4.8-4) experimental; urgency=low
* Add CAN numbers to previous changelogs. * debian/patches/13_postgresql.conf.patch: Enable tcpip_socket by default.
-- Martin Pitt <mpitt@debian.org> Sun, 29 May 2005 22:49:17 +0200
postgresql-7.4 (1:7.4.8-3) experimental; urgency=low
* Skipping version 7.4.8-2 since this already exists in unstable from the
legacy packages.
* debian/rules: Fixed documentation path configure option. Closes: #308986
-- Martin Pitt <mpitt@debian.org> Thu, 19 May 2005 18:20:27 +0200
postgresql-7.4 (1:7.4.8-1) experimental; urgency=low
* New upstream version:
- Prevent calling conversion functions by users. [CAN-2005-1409]
- Prevent calling tsearch2 functions by users. [CAN-2005-1410]
- Fix buffer overflows in the PL/PGSQL parser in gram.y. [CAN-2005-0247]
* Removed patch debian/patches/50_CAN-2005-0247.patch (contained in new
upstream version).
* Added postgresql-server-dev-7.4 package.
-- Martin Pitt <mpitt@debian.org> Thu, 12 May 2005 23:47:00 +0200
postgresql-7.4 (1:7.4.7-5) experimental; urgency=low
* Ship reindexdb in -contrib.
* Added debian/patches/14_pager.patch: Use /usr/bin/pager instead of more as
default pager in psql. (Bug #304459)
* Added debian/postgresql-doc-7.4.doc-base: Register doc package in
doc-base.
-- Martin Pitt <mpitt@debian.org> Tue, 19 Apr 2005 21:24:21 +1000
postgresql-7.4 (1:7.4.7-4) experimental; urgency=low
* Do not install pg_config, client applications are supposed to use
libpq-dev from 8.0.
* debian/postgresql-7.4.init: Added autovacuum functions.
-- Martin Pitt <mpitt@debian.org> Tue, 5 Apr 2005 22:42:58 +0200
postgresql-7.4 (1:7.4.7-3) experimental; urgency=low
* Renamed packages pg-pl*-7.4 to postgresql-pl*-7.4 for consistency.
* -contrib: Only recommend, not depend on libpg-perl and libdbd-pg-perl.
* Added debian/patches/13_postgresql.conf.patch:
- Patch for Debian changes to the default configuration.
- Enable stats_row_level to allow pg_autovacuum to work.
-- Martin Pitt <mpitt@debian.org> Sat, 2 Apr 2005 18:28:12 +0200
postgresql-7.4 (1:7.4.7-2) experimental; urgency=low
* Corrected pg-pltcl-7.4 dependency from libtcl8.4 to tcl8.4
* Now depend on postgresql-common >= 3 which provides more maintainer script
functions.
* Call new common maintainer script functions in postinst/postrm scripts.
* Compress manpages.
-- Martin Pitt <mpitt@debian.org> Sun, 20 Mar 2005 21:21:20 +0100
postgresql-7.4 (1:7.4.7-1) experimental; urgency=low
* First release for the multiversion/multicluster architecture.
* This version is not vulnerable to the following security vulnerabilities:
. Load arbitrary shared libs, execute startup function [CAN-2005-0227]
. Execute functions with aggregate wrapper [CAN-2005-0244]
. Buffer overflow and 64-bit issues in contrib/intagg [CAN-2005-0246]
. Insecure temporary files in make_oidjoins_check [CAN-2004-0977]
* Introduced epoch "1" to force libpq3 from this new architecture to be
always newer than the version from the legacy package.
-- Martin Pitt <mpitt@debian.org> Sun, 20 Feb 2005 23:49:14 +0100