2009
postgresql-8.1 (8.1.18-0etch1) oldstable-security; urgency=high
* New upstream bug fix/security release:
- Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
security-definer functions.
This covers a case that was missed in the previous patch that
disallowed "SET ROLE" and "SET SESSION AUTHORIZATION" inside
security-definer functions. (See CVE-2007-6600)
- Fix handling of sub-SELECTs appearing in the arguments of an
outer-level aggregate function.
- Fix hash calculation for data type interval.
This corrects wrong results for hash joins on interval values. It
also changes the contents of hash indexes on interval columns. If
you have any such indexes, you must "REINDEX" them after updating.
- Treat to_char(..., 'TH') as an uppercase ordinal suffix with
'HH'/'HH12'
It was previously handled as 'th' (lowercase).
- Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
and integer datetimes are in use.
- Fix calculation of distance between a point and a line segment.
This led to incorrect results from a number of geometric operators.
- Fix money data type to work in locales where currency amounts have
no fractional digits, e.g. Japan.
- Properly round datetime input like
00:12:57.9999999999999999999999999999
- Fix poor choice of page split point in GiST R-tree operator classes
- Fix portability issues in plperl initialization
- Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
empty
- Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
number of parameters (twenty)
- Improve robustness of libpq's code to recover from errors during
"COPY FROM STDIN"
- Avoid including conflicting readline and editline header files when
both libraries are installed
-- Martin Pitt <mpitt@debian.org> Fri, 18 Sep 2009 14:56:49 +0200
postgresql-8.1 (8.1.17-0etch1) oldstable; urgency=low
* New upstream bug fix release 8.1.17:
- Prevent error recursion crashes when encoding conversion fails.
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that any error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation.
- Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function. This prevents one possible scenario for
encoding conversion failure. The previous change is a backstop to guard
against other kinds of failures in the same area.
- Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument.
- Fix decompilation of CASE WHEN with an implicit coercion.
- Fix possible misassignment of the owner of a TOAST table's rowtype.
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
- Clean up PL/pgSQL error status variables fully at block exit.
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
- Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations.
-- Martin Pitt <mpitt@debian.org> Sat, 14 Mar 2009 20:20:33 +0100
postgresql-8.1 (8.1.16-0etch1) stable; urgency=low
* New upstream bugfix release 8.1.16:
- Fix rare crash in autovacuum.
- Improve handling of URLs in headline() function.
- Improve handling of overlength headlines in headline() function.
- Prevent possible Assert failure or misconversion if an encoding
conversion is created with the wrong conversion function for the
specified pair of encodings.
- Avoid unnecessary locking of small tables in "VACUUM".
- Ensure that the contents of a holdable cursor don't depend on the
contents of TOAST tables. Previously, large field values in a
cursor result might be represented as TOAST pointers, which
would fail if the referenced table got dropped before the cursor
is read, or if the large value is deleted and then vacuumed
away. This cannot happen with an ordinary cursor, but it could
with a cursor that is held past its creating transaction.
- Fix uninitialized variables in "contrib/tsearch2"'s get_covers()
function.
- Make all documentation reference pgsql-bugs and/or pgsql-hackers as
appropriate, instead of the now-decommissioned pgsql-ports and
pgsql-patches mailing lists.
-- Martin Pitt <mpitt@debian.org> Fri, 06 Feb 2009 23:12:14 +0100
2008
postgresql-8.1 (8.1.15-0etch1) stable; urgency=low
* New upstream bugfix release 8.1.15:
- Fix GiST index corruption due to marking the wrong index entry
"dead" after a deletion. This would result in index searches failing to
find rows they should have found.
- Fix backend crash when the client encoding cannot represent a
localized error message.
- Fix possible crash when deeply nested functions are invoked from a
trigger.
- Fix mis-expansion of rule queries when a sub-SELECT appears in a
function call in FROM, a multi-row VALUES list, or a RETURNING list.
The usual symptom of this problem is an "unrecognized node type"
error.
- Ensure an error is reported when a newly-defined PL/pgSQL trigger
function is invoked as a normal function.
- Prevent possible collision of relfilenode numbers when moving a
table to another tablespace with "ALTER SET TABLESPACE".
The command tried to re-use the existing filename, instead of
picking one that is known unused in the destination directory.
- Fix incorrect tsearch2 headline generation when single query item
matches first word of text.
- Fix improper display of fractional seconds in interval values when
using a non-ISO datestyle in an "--enable-integer-datetimes" build.
- Ensure SPI_getvalue and SPI_getbinval behave correctly when the
passed tuple and tuple descriptor have different numbers of columns.
This situation is normal when a table has had columns added or
removed, but these two functions didn't handle it properly. The
only likely consequence is an incorrect error indication.
- Fix ecpg's parsing of "CREATE ROLE".
- Fix recent breakage of pg_ctl restart.
* New upstream bugfix release 8.1.14:
- Widen local lock counters from 32 to 64 bits. This responds to reports
that the counters could overflow in sufficiently long transactions,
leading to unexpected "lock is already held" errors.
- Fix possible duplicate output of tuples during a GiST index scan.
- Add checks in executor startup to ensure that the tuples produced
by an "INSERT" or "UPDATE" will match the target table's current
rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached
plan, could produce this type of situation. The check protects
against data corruption and/or crashes that could ensue.
- Fix AT TIME ZONE to first try to interpret its timezone argument as
a timezone abbreviation, and only try it as a full timezone name if
that fails, rather than the other way around as formerly. The timestamp
input functions have always resolved ambiguous zone names in this order.
Making AT TIME ZONE do so as well improves consistency, and fixes a
compatibility bug introduced in 8.1: in ambiguous cases we now behave
the same as 8.0 and before did, since in the older versions AT TIME ZONE
accepted -only* abbreviations.
- Fix datetime input functions to correctly detect integer overflow
when running on a 64-bit platform.
- Improve performance of writing very long log messages to syslog.
- Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON
query.
- Fix planner bug with nested sub-select expressions. If the outer
sub-select has no direct dependency on the parent query, but the inner
one does, the outer value might not get recalculated for new parent
query rows.
- Fix planner to estimate that GROUP BY expressions yielding boolean
results always result in two groups, regardless of the expressions'
contents. This is very substantially more accurate than the regular
GROUP BY estimate for certain boolean tests like "col" IS NULL.
- Fix PL/PgSQL to not fail when a FOR loop's target variable is a
record containing composite-type fields.
- Improve pg_dump and pg_restore's error reporting after failure to
send a SQL command.
- Fix pg_ctl to properly preserve postmaster command-line arguments
across a restart.
-- Martin Pitt <mpitt@debian.org> Fri, 31 Oct 2008 20:01:18 +0100
postgresql-8.1 (8.1.13-0etch1) stable; urgency=low
* New upstream bugfix release (please note that 8.1.12 was never released,
due to the discovery of another major bug):
- Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend.
This oversight could lead to problems if the aggregate was later
involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
- Fix "ALTER TABLE ADD COLUMN ... PRIMARY KEY" so that the new column
is correctly checked to see if it's been initialized to all
non-nulls. Previous versions neglected to check this requirement at
all.
- Fix possible "CREATE TABLE" failure when inheriting the "same"
constraint from multiple parent relations that inherited that
constraint from a common ancestor.
- Fix conversions between ISO-8859-5 and other encodings to handle
Cyrillic "Yo" characters (e and E with two dots).
- Fix a few datatype input functions that were allowing unused bytes
in their results to contain uninitialized, unpredictable values.
This could lead to failures in which two apparently identical
literal values were not seen as equal, resulting in the parser
complaining about unmatched ORDER BY and DISTINCT expressions.
- Fix a corner case in regular-expression substring matching.
- Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function.
- Fix core dump in "contrib/xml2"'s xpath_table() function when the
input query returns a NULL value.
- Fix longstanding "LISTEN"/"NOTIFY" race condition.
In rare cases a session that had just executed a "LISTEN" might not
get a notification, even though one would be expected because the
concurrent transaction executing "NOTIFY" was observed to commit
later.
A side effect of the fix is that a transaction that has executed a
not-yet-committed "LISTEN" command will not see any row in
pg_listener for the "LISTEN", should it choose to look; formerly it
would have. This behavior was never documented one way or the
other, but it is possible that some applications depend on the old
behavior.
- Disallow "LISTEN" and "UNLISTEN" within a prepared transaction.
This was formerly allowed but trying to do it had various
unpleasant consequences, notably that the originating backend could
not exit as long as an "UNLISTEN" remained uncommitted.
- Fix rare crash when an error occurs during a query using a hash
index.
- Fix input of datetime values for February 29 in years BC.
The former coding was mistaken about which years were leap years.
- Fix "unrecognized node type" error in some variants of "ALTER
OWNER".
- Fix pg_ctl to correctly extract the postmaster's port number from
command-line options.
Previously, pg_ctl start -w could try to contact the postmaster on
the wrong port, leading to bogus reports of startup failure.
- Fix display of constant expressions in ORDER BY and GROUP BY.
An explictly casted constant would be shown incorrectly. This could
for example lead to corruption of a view definition during dump and
reload.
- Fix libpq to handle NOTICE messages correctly during COPY OUT.
This failure has only been observed to occur when a user-defined
datatype's output routine issues a NOTICE, but there is no
guarantee it couldn't happen due to other causes.
-- Martin Pitt <mpitt@debian.org> Mon, 09 Jun 2008 19:02:17 +0200
postgresql-8.1 (8.1.11-0etch1) stable-security; urgency=low
* New upstream security/bugfix release:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix bugs in WAL replay for GIN indexes.
- Fix GIN index build to work properly when maintenance_work_mem is
4GB or more.
- Improve planner's handling of LIKE/regex estimation in non-C
locales.
- Fix planning-speed problem for deep outer-join nests, as well as
possible poor choice of join order.
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Make "CREATE TABLE ... SERIAL" and "ALTER SEQUENCE ... OWNED BY"
not change the currval() state of the sequence.
- Preserve the tablespace and storage parameters of indexes that are
rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
- Make archive recovery always start a new WAL timeline, rather than
only when a recovery stop time was used. This avoids a corner-case risk
of trying to overwrite an existing archived copy of the last WAL
segment, and seems simpler and cleaner than the original definition.
- Make "VACUUM" not use all of maintenance_work_mem when the table is
too small for it to be useful.
- Fix potential crash in translate() when using a multibyte database
encoding.
- Make corr() return the correct result for negative correlation
values.
- Fix overflow in extract(epoch from interval) for intervals
exceeding 68 years.
- Fix PL/Perl to not fail when a UTF-8 regular expression is used in
a trusted function.
- Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
(Marko Kreen)
- Fix PL/Python to not crash on long exception messages.
- Fix pg_dump to correctly handle inheritance child tables that have
default expressions different from their parent's.
- Fix libpq crash when PGPASSFILE refers to a file that is not a
plain file.
- ecpg parser fixes.
- Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly.
- Fix crash of to_tsvector() on huge input strings.
-- Martin Pitt <mpitt@debian.org> Fri, 11 Jan 2008 16:56:28 +0100
postgresql-8.1 (8.1.10-0etch1) stable; urgency=low
* New upstream bugfix release:
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
[CVE-2007-3278, CVE-2007-3280]
- Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
- Allow the interval data type to accept input consisting only of
milliseconds or microseconds.
- Speed up rtree index insertion.
- Fix excessive logging of SSL error messages.
- Fix logging so that log messages are never interleaved when using
the syslogger process.
- Fix crash when log_min_error_statement logging runs out of memory.
- Fix incorrect handling of some foreign-key corner cases.
- Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
process temporary tables of other sessions.
- Update the time zone database rules, particularly New Zealand's
upcoming changes. (Closes: #443360)
* Drop debian/patches/00upstream-01-polymorphic-functions.patch, upstream
now.
* Use the timezone database from the system tzdata instead of shipping our
own. (Closes: #458927, #454637)
- debian/patches/04-timezone-symlinks.patch: Drop previous
hardlink-to-symlink patch to zic, since that is irrelevant now. Replace
the patch with a Makefile change that just symlinks /usr/share/zoneinfo
to where postgresql previously installed its own tzdata copy.
- debian/control: Add tzdata dependency.
- debian/postgresql-8.1.install: Install the 'timezone' symlink, not the
files in the dereferenced directory.
- debian/postgresql-8.1.postinst: Replace the timezone directory with the
symlink on upgrades, since dpkg does not do that automatically. Without
this, we'd end up with an empty timezone directory.
-- Martin Pitt <mpitt@debian.org> Fri, 04 Jan 2008 13:30:54 +0100
2007
postgresql-8.1 (8.1.9-0etch2) stable; urgency=high
* Add debian/patches/00upstream-01-polymorphic-functions.patch:
- Fix regression introduced in 8.1.9: Polymorphic SQL functions with an
"anyelement" return value stopped working.
- Patch taken from 8.1 branch of upstream CVS:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.201.2.3&r2=1.201.2.4
- Also backported the test cases for this. They only affect build time,
not the built .debs, and verify that the fix works, so this should be in
a stable update, too. Taken from upstream CVS:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/polymorphism.out.diff?r1=1.7&r2=1.7.2.1
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/polymorphism.sql.diff?r1=1.1&r2=1.1.10.1
- Closes: #429696
-- Martin Pitt <mpitt@debian.org> Sat, 23 Jun 2007 18:54:57 +0200
postgresql-8.1 (8.1.9-0etch1) stable-security; urgency=low
* New upstream security/bugfix release:
- Support explicit placement of the temporary-table schema within
search_path, and disable searching it for functions and operators.
This is needed to allow a security-definer function to set a truly
secure value of search_path. Without it, an unprivileged SQL user
can use temporary objects to execute code with the privileges of
the security-definer function (CVE-2007-2138). See "CREATE
FUNCTION" for more information.
- "/contrib/tsearch2" crash fixes.
- Require "COMMIT PREPARED" to be executed in the same database as
the transaction was prepared in.
- Fix potential-data-corruption bug in how "VACUUM FULL" handles
"UPDATE" chains.
- Planner fixes, including improving outer join and bitmap scan
selection logic.
- Fix PANIC during enlargement of a hash index (bug introduced in
8.1.6).
- Fix POSIX-style timezone specs to follow new USA DST rules.
-- Martin Pitt <mpitt@debian.org> Fri, 20 Apr 2007 11:52:45 +0200
postgresql-8.1 (8.1.8-1) unstable; urgency=high
* New upstream bug fix release to fix regressions in 8.2.2:
- Remove overly-restrictive check for type length in constraints and
functional indexes.
- Fix optimization so MIN/MAX in subqueries can again use indexes.
* Urgency high: security relevant changes and critical bug fixes, 8.1.7-1
did not make it into testing due to the regressions in 8.1.7.
-- Martin Pitt <mpitt@debian.org> Thu, 8 Feb 2007 17:16:26 +0100
postgresql-8.1 (8.1.7-1) unstable; urgency=high
* New upstream security and bug fix release:
- Fix security vulnerabilities that allowed connected users to
read backend memory.
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
- Fix rare bug wherein btree index page splits could fail due to
choosing an infeasible split point.
- Improve "VACUUM" performance for databases with many tables.
- Fix autovacuum to avoid leaving non-permanent transaction IDs in
non-connectable databases.
- Fix for rare Assert() crash triggered by UNION.
- Tighten security of multi-byte character processing for UTF8
sequences over three bytes long.
- Fix possible crashes when an already-in-use pl/pgsql function is
updated.
* Urgency high: security relevant changes and critical bug fixes.
-- Martin Pitt <mpitt@debian.org> Sun, 4 Feb 2007 20:02:05 +0100
postgresql-8.1 (8.1.6-1) unstable; urgency=medium
* Urgency medium since this fixes some important bugs that should reach
Etch.
* New upstream bugfix release:
- Fix pg_restore to handle a tar-format backup that contains large
objects (blobs) with comments.
- Fix "failed to re-find parent key" errors in "VACUUM".
- Clean out "pg_internal.init" cache files during server restart.
This avoids a hazard that the cache files might contain stale data
after PITR recovery.
- Fix race condition for truncation of a large relation across a
gigabyte boundary by "VACUUM".
- Fix bug causing needless deadlock errors on row-level locks.
- Fix bugs affecting multi-gigabyte hash indexes.
- Fix error when constructing an ARRAY[] made up of multiple empty
elements.
- Fix ecpg memory leak during connection.
- to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for
new initdb installs. This is because lc_numeric can potentially change
the output of these functions.
- Improve index usage of regular expressions that use parentheses.
This improves psql \d performance also.
- Update timezone database to 2006p: This affects Australian and Canadian
daylight-savings rules in particular.
-- Martin Pitt <mpitt@debian.org> Mon, 8 Jan 2007 18:55:10 +0100
2006
postgresql-8.1 (8.1.5-2) unstable; urgency=medium
* Urgency medium because only trivial changes. * Add watch file. * debian/control: Fix spelling of 'Tcl'. Closes: #401191
-- Martin Pitt <mpitt@debian.org> Fri, 8 Dec 2006 22:33:41 +0100
postgresql-8.1 (8.1.5-1) unstable; urgency=low
* New upstream bugfix release:
- Disallow aggregate functions in "UPDATE" commands, except within
sub-SELECTs. The behavior of such an aggregate was unpredictable, and in
8.1.X could cause a crash, so it has been disabled. The SQL standard
does not allow this either. [CVE-2006-5540]
- Fix core dump when an untyped literal is taken as ANYARRAY.
[CVE-2006-5541]
- Fix core dump in duration logging for extended query protocol when
a "COMMIT" or "ROLLBACK" is executed. [CVE-2006-5542]
- Fix mishandling of AFTER triggers when query contains a SQL
function returning multiple rows.
- Fix "ALTER TABLE ... TYPE" to recheck NOT NULL for USING clause.
- Fix string_to_array() to handle overlapping matches for the
separator string. For example, string_to_array('123xx456xxx789', 'xx').
- Fix to_timestamp() for AM/PM formats.
- Fix autovacuum's calculation that decides whether "ANALYZE" is
needed (Alvaro).
- Fix corner cases in pattern matching for psql's \d commands.
- Fix index-corrupting bugs in /contrib/ltree.
- Numerous robustness fixes in ecpg.
- Fix backslash escaping in /contrib/dbmirror.
- Minor fixes in /contrib/dblink and /contrib/tsearch2.
- Efficiency improvements in hash tables and bitmap index scans.
* Remove debian/patches/54-contrib-dbmirror-quoteparsing.patch: Applied
upstream.
-- Martin Pitt <mpitt@debian.org> Sun, 15 Oct 2006 17:20:59 +0200
postgresql-8.1 (8.1.4-7) unstable; urgency=low
* debian/control: Update libpq4 package description, point out that it is
only compatible for servers up to 8.1 (8.2 got a new libpq soname).
* Add debian/patches/08-unnecessary-libs.patch: Remove all unnecessary -lfoo
library references from Makefiles to clean up unnecessary library
dependencies. Thanks to Christian Aichinger for his neat checklib system!
-- Martin Pitt <mpitt@debian.org> Wed, 27 Sep 2006 22:53:23 +0200
postgresql-8.1 (8.1.4-6) unstable; urgency=low
* debian/control: Drop heimdal-dev suggestion of libpq-dev. Closes: #379848 * debian/libpq-dev.install: Ship pg_wchar.h. Closes: #380047 * Transition for private python extension in p-plpython-8.1: - debian/control: + Bump cdbs/debhelper build dependency versions. + Add {XS,XB}-Python-Version attributes. - debian/compat: Use compat level 5. - Add debian/pycompat: Use compat level 2. - debian/rules: Call dh_pycentral and dh_python for p-plpython-8.1. - Closes: #380898 * debian/control: Change the order of records so that the libraries come first. With that, postgresql-client-8.1 and friends pick up the correct shlibs. Closes: #381211
-- Martin Pitt <mpitt@debian.org> Sun, 6 Aug 2006 12:31:37 +0200
postgresql-8.1 (8.1.4-5) unstable; urgency=low
* debian/rules: Install init script at priority 19, since Apache and web
applications usually reside on priority 20, but often require a running
database. This follows a recent change in the MySQL package, thanks to
Christian Hammers for pointing this out. Closes: #379276
* Add debian/patches/12-pg_restore-ignore-failing-tables.patch:
- pg_restore: Add option -X no-data-for-failed-tables to ignore TABLE DATA
objects if the corresponding TABLE could not be created. Necessary for
fixing #351571.
-- Martin Pitt <mpitt@debian.org> Sun, 23 Jul 2006 10:34:55 +0200
postgresql-8.1 (8.1.4-4) unstable; urgency=low
* debian/rules: Use -fPIC instead of -fpic to avoid FTBFS on sparc and m68k
(and maybe avoid the ICE on arm).
* debian/postgresql-8.1.init: Add LSB magic comment header (provide both
postgresql-8.1 and a generic postgresql service). Closes: #377882
-- Martin Pitt <mpitt@debian.org> Tue, 11 Jul 2006 22:28:07 +0200
postgresql-8.1 (8.1.4-3) unstable; urgency=low
* debian/control: Add missing comerr-dev and libkrb5-dev dependencies to
libpq-dev. Closes: #371158
* Add debian/patches/54-contrib-dbmirror-quoteparsing.patch: Fix parsing of
quotes escaped as '' in PendingData table. Closes: #375743
* Add debian/patches/55-contrib-admin.patch:
- Add the 'admin81' contrib module and build it. This provides
instrumentation functions for use with PgAdmin 3 and similar.
- http://www.postgresql.org/ftp/pgadmin3/release/v1.4.2/adminpacks/
- Closes: #354731
* debian/rules: Build with -fpic everywhere to improve the proactive
security effectivity of address space layout randomization. This has no
measurable performance impact on at least i386, amd64, and powerpc.
-- Martin Pitt <mpitt@debian.org> Fri, 7 Jul 2006 21:28:45 +0200
postgresql-8.1 (8.1.4-2) unstable; urgency=medium
* Add debian/libpq4.shlibs and bump it to >= 8.1.4, to respect the
introduction of PQescapeStringConn() and PQescapeByteaConn().
* debian/postgresql-8.1.postrm, clean_dir(): Do not use rmdir's
--ignore-fail-on-nonempty, since that still falls apart when the
directory is a mountpoint. Just ignore errors.
-- Martin Pitt <mpitt@debian.org> Fri, 2 Jun 2006 00:44:26 +0200
postgresql-8.1 (8.1.4-1) unstable; urgency=medium
* New upstream security and bug fix release:
- The server now rejects invalidly-encoded multibyte characters in all
cases to defend against SQL-injection attacks. [CVE-2006-2313]
- Reject unsafe uses of \' in string literals (for client encodings that
allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A
new configuration parameter backslash_quote is available to adjust this
behavior when needed. [CVE-2006-2314]
- Modify libpq's string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the security issues
described in CVE-2006-2313 and CVE-2006-2314, and also
future-proofs them against the planned changeover to SQL-standard
string literal syntax. Applications that use multiple PostgreSQL
connections concurrently should migrate to PQescapeStringConn() and
PQescapeByteaConn() to ensure that escaping is done correctly for
the settings in use in each database connection. Applications that
do string escaping "by hand" should be modified to rely on library
routines instead.
- Various bug fixes, see upstream changelog for details.
* Remove debian/patches/12-krb5-multiusers.patch: Fixed upstream.
* debian/postgresql-8.1.init: Add a comment to point out that environment
variables need to be set in the 'environment' file, not in the init
script.
* debian/postgresql-8.1.init, debian/postgresql-8.1.postinst: Do not fail if
init.d-functions/maintscripts-functions are not present, which happens if
postgresql-{8.1,common} are removed, but not purged. Closes: #362488
* Bump Standards-Version to 3.7.2.
-- Martin Pitt <mpitt@debian.org> Mon, 22 May 2006 10:33:20 +0200
postgresql-8.1 (8.1.3-4) unstable; urgency=low
* debian/rules:
- Put --as-needed into LDFLAGS instead of CFLAGS to avoid warnings when
building extension modules. Closes: #360759
- Fix a bashism.
* debian/control: Suggest oidentd | ident-server (oidentd prefered since it
works with IPv6). Closes: #359193
* libecpg-dev: Move manpage to /usr/share/man/man1 where it belongs to.
Closes: #360817
* debian/rules: Ship the tutorial's Makefile and ship the SQL *.source files
(not the generated *.sql files) to get the correct path to the built
libraries. Closes: #360469
* Add debian/patches/13-tutorial-README.patch: Remove confusing note about
make and point out that p-server-dev-8.1 is required for building the
tutorial.
* debian/postgresql-contrib-8.1.install, 50-contrib-oracle-enable.patch:
Move Ora2Pg.pm to /usr/share/postgresql/8.1 and adapt the library search
path in ora2pg.pl accordingly. Closes: #360818
-- Martin Pitt <mpitt@debian.org> Mon, 10 Apr 2006 22:43:11 +0200
postgresql-8.1 (8.1.3-3) unstable; urgency=low
* debian/postgresql-8.1.init: Use shell 'sh -e' instead of bash. * debian/postgresql-contrib-8.1.install: Ship ora2pg.pl and Ora2Pg.pm. * debian/control: Updated contrib package description. Closes: #355172 * debian/rules: Don't special-case HPPA for --enable-thread-safety-force; the current kernel seems to cope with threads quite well, so that the configure check does not hang any more. Closes: #315440 * debian/control: Build server packages on mips and mipsel again, even if they do not work. No need to block testing migration forever (the ftp-masters seem reluctant to remove the mips binaries, see #344487), and the bug is in binutils, not PostgreSQL itself (see #357603).
-- Martin Pitt <mpitt@debian.org> Sat, 1 Apr 2006 22:13:03 +0200
postgresql-8.1 (8.1.3-2) unstable; urgency=low
* Re-enable 'do not run as root' check from upstream:
- Move debian/patches/08-disable-root-check.patch to
debian/disable-root-check.patch.
- debian/rules: Move test suite to binary/predeb and apply
disable-root-check.patch manually right before calling the test suite.
Unapply debian/disable-root-check.patch after executing the
test suite to not break subsequent package builds.
- With this, the test suite can happily run as (fake)root during package
build without disabling the check in the actual packages.
* postgresql-doc-8.1: Ship tutorial C and SQL files.
(https://launchpad.net/bugs/30233)
* debian/control, postgresql-client-8.1: Depend on postgresql-client-common
instead of postgresql-common.
-- Martin Pitt <mpitt@debian.org> Sat, 18 Mar 2006 15:21:27 +0100
postgresql-8.1 (8.1.3-1) unstable; urgency=low
* New upstream security and bug fix release:
- Fix bug that allowed any logged-in user to "SET ROLE" to any other
database user id (CVE-2006-0553).
- See upstream changelog for detailled changes.
* Remove debian/patches/80-cvs-pg_restore-COPY.patch: Upstream now.
* debian/rules: Use --as-needed linker option to avoid excessive
library dependencies.
* debian/control: Remove unnecessary dependencies from PL/Python and PL/Tcl
packages.
-- Martin Pitt <mpitt@debian.org> Tue, 14 Feb 2006 17:46:31 +0100
postgresql-8.1 (8.1.2-2) unstable; urgency=low
* debian/patches/09-relax-sslkey-permscheck.patch: Do not check for any
particular group if the SSL key is group readable, to allow sharing a
common SSL certificate with other server processes.
* debian/control: Add ${shlibs:Depends} to packages which need it.
Closes: #348066
* debian/control, libecpg5: Remove obsolete Provides/Conflicts to ecpg.
* Add debian/patches/80-cvs-pg_restore-COPY.patch:
- Fix pg_restore to properly discard COPY data when trying to continue
after an error in a COPY statement. Formerly it thought the COPY data
was SQL commands, and got quite confused.
- Patch from Stephen Frost, taken from upstream CVS.
* Add debian/patches/12-krb5-multiusers.patch:
- Fix krb5 credential handling in libpq for multiple connections with
different users: Don't keep credentials in global variables, but pass
them around in a new krb5_info struct.
- Patch from Stephen Frost, proposed to be adopted upstream.
-- Martin Pitt <mpitt@debian.org> Mon, 6 Feb 2006 21:07:31 +0100
postgresql-8.1 (8.1.2-1) unstable; urgency=medium
* New upstream bugfix release:
- Fix bug introduced in 8.0 that could allow ReadBuffer to return an
already-used page as new, potentially causing loss of recently-committed
data.
- Fix for protocol-level Describe messages issued outside a
transaction or in a failed transaction.
- Fix character string comparison for locales that consider different
character combinations as equal, such as Hungarian.
This might require "REINDEX" to fix existing indexes on textual
columns.
- Set locale environment variables during postmaster startup to
ensure that plperl won't change the locale later. This fixes a problem
that occurred if the postmaster was started
with environment variables specifying a different locale than what
initdb had been told. Under these conditions, any use of plperl was
likely to lead to corrupt indexes. You may need "REINDEX" to fix
existing indexes on textual columns if this has happened to you.
(postgresql-common checks and aborts on this condition.)
- Allow more flexible relocation of installation directories.
Previous releases supported relocation only if all installation
directory paths were the same except for the last component.
This makes the test suite work with Debian's directory structure, so
that the horology test can find the timezones again and pass.
- Prevent crashes caused by the use of ISO-8859-5 and ISO-8859-9
encodings.
- Fix longstanding bug in strpos() and regular expression handling in
certain rarely used Asian multi-byte character sets.
- Fix bug where COPY CSV mode considered any \. to terminate the copy
data. The new code requires \. to appear alone on a line, as per
documentation.
- Make COPY CSV mode quote a literal data value of \. to ensure it
cannot be interpreted as the end-of-data marker.
- Various fixes for functions returning RECORDs.
- Fix processing of "postgresql.conf" so a final line with no newline
is processed properly.
- Fix bug in "/contrib/pgcrypto" gen_salt, which caused it not to use
all available salt space for MD5 and XDES algorithms. Salts for
Blowfish and standard DES are unaffected.
- Fix autovacuum crash when processing expression indexes.
- Fix "/contrib/dblink" to throw an error, rather than crashing, when
the number of columns specified is different from what's actually
returned by the query.
* Remove debian/patches/12-readline-prompt-ignore.patch: Adopted upstream.
* Bump postgresql-common dependencies to >= 39. This will ensure more
robust upgrades and other bug fixes.
-- Martin Pitt <mpitt@debian.org> Mon, 9 Jan 2006 18:34:31 +0100
2005
postgresql-8.1 (8.1.1-2) unstable; urgency=low
* Do not build postgresql-8.1, p-contrib-8.1, and the PL/ packages on mips
and mipsel, since the postmaster just SIGBUSes on these architectures and
nobody seems to be able to fix that.
* Add debian/patches/12-readline-prompt-ignore.patch: Do not prepend a
'\001' before the 'prompt ignore begin/end' readline commands; this is a
bash quirk, not a readline feature. Thanks to Aaron Schrab.
Closes: #343616
-- Martin Pitt <mpitt@debian.org> Thu, 22 Dec 2005 19:13:21 +0100
postgresql-8.1 (8.1.1-1) unstable; urgency=low
* New upstream bug fix release.
* Remove debian/patches/80_cvs_crash_deform_tuple.patch, upstream now.
* debian/postgresql-8.1.postrm: Also clean start.conf if purging without
pg_dropcluster.
* debian/postgresql-8.1.postrm: Check if a /etc/postgresql/8.1 subdirectory
is really a cluster directory before trying to remove it. Closes: #339810
* Ship upstream changelog.
-- Martin Pitt <mpitt@debian.org> Mon, 12 Dec 2005 17:27:57 +0100
postgresql-8.1 (8.1.0-3) unstable; urgency=low
* debian/rules: Remove superfluous R include path.
* debian/control: Version the libpq-dev dependency of -server-dev-8.1 to
avoid horrible breakage.
* Add debian/patches/80_cvs_crash_deform_tuple.patch:
- Fix crash in tuple deformator (stolen from CVS head).
- Closes: #339527
* Add debian/patches/52-contrib-dbase-enable-iconv.patch:
- Enable iconv support for 'dbf2pg' contrib module.
- Closes: #338645
-- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2005 17:01:53 +0100
postgresql-8.1 (8.1.0-2) unstable; urgency=low
* Do not install pg_config and its mo files into postgresql-server-dev-8.1
any more, since libpq-dev now ships it. Closes: #338231
* debian/control: Clean up contrib description. Closes: #338308
-- Martin Pitt <mpitt@debian.org> Wed, 9 Nov 2005 20:29:16 -0500
postgresql-8.1 (8.1.0-1) unstable; urgency=low
* Final 8.1.0 upstream release, first unstable upload.
* Build client libraries (-8.0 does not build them any more).
* Add debian/patches/11-server-includedir.patch: Change server include
directory to /usr/include/postgresql/8.1/server since we do want to
keep apart server include files.
-- Martin Pitt <mpitt@debian.org> Sat, 5 Nov 2005 18:57:00 -0500
postgresql-8.1 (8.0+8.1rc1-1) experimental; urgency=low
* Upgrade to 8.1rc1 release.
-- Martin Pitt <mpitt@debian.org> Mon, 31 Oct 2005 17:43:19 -0500
postgresql-8.1 (8.0+8.1beta4-2) experimental; urgency=low
* Clean up the installation path ./configure arguments.
- debian/rules: Use default libdir /usr/lib.
- Add debian/patches/10-pkglibdir.patch: Set pkglibdir to
/usr/lib/postgresql/8.1/lib instead of /usr/lib/postgresql.
-- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2005 20:45:02 +0100
postgresql-8.1 (8.0+8.1beta4-1) experimental; urgency=low
* Upgrade to 8.1beta4 release.
* Adopt patches to new upstream version:
- 09-relax-sslkey-permscheck.patch
* debian/postgresql-8.1.postrm: clean_dir(): Ensure that directory is not a
symbolic link before attempting to rmdir it. Closes: #333867
* debian/rules: Remove obsolete --disable-spinlocks build option for mips.
-- Martin Pitt <mpitt@debian.org> Mon, 24 Oct 2005 16:59:53 +0200
postgresql-8.1 (8.0+8.1beta3-1) experimental; urgency=low
* Upgrade to 8.1beta3 release.
* Drop debian/patches/81-beta2.patch: beta2->beta3 changes are too big to be
sensibly stuffed into a patch.
* Adopt patches to new upstream version:
- 03-gettext-domains.patch
* Remove patches which are upstream now:
- 52-contrib-dbf2pg-errorcheck.patch
- 53-contrib-dbf2pg-textfield
* debian/patches/09-relax-sslkey-permscheck.patch: Use effective rather than
real group id for checking the private SSL certificate permissions. It
does not make any practical difference, but is more consistent.
* Rename patch 01-top-makefile.patch to 01-build-contrib.patch to give a
better idea of what it does.
-- Martin Pitt <mpitt@debian.org> Thu, 13 Oct 2005 18:32:33 +0200
postgresql-8.1 (8.0+8.1beta-4) experimental; urgency=low
* Add debian/patches/09-relax-sslkey-permscheck.patch:
- Relax security check on private SSL key file: The file is also
considered safe if it has owner and/or group "root", and if it is
group-readable (unless the group is something other than root or the
database owner group).
- See bug #327901.
-- Martin Pitt <mpitt@debian.org> Wed, 21 Sep 2005 22:52:39 +0200
postgresql-8.1 (8.0+8.1beta-3) experimental; urgency=low
* Add debian/patches/81-beta2.patch: Upgrade to 8.1beta2 release. * Remove debian/patches/80-s_lock.h-m68k.patch: Included upstream now.
-- Martin Pitt <mpitt@debian.org> Mon, 19 Sep 2005 08:31:22 +0200
postgresql-8.1 (8.0+8.1beta-2) experimental; urgency=low
* debian/postgresql-8.1.postrm: Do not remove an empty /var/log/postgresql,
postgresql-common now cares for it to not break log rotation. (See
#325330)
* Remove debian/postgresql-server-dev-8.1.manpages: Do not install the
manpage, since it belongs to libpq-dev (which is currently built by
postgresql-8.0). Closes: #327379
* debian/postgresql-server-dev-8.1.install: Ship pg_config.
* Build-depend on libpq-dev to pull in libpq4 dependencies for binary
packages. This hack is necessary as long as we build libpq from
postgresql-8.0. Closes: #327765
-- Martin Pitt <mpitt@debian.org> Tue, 13 Sep 2005 22:04:54 +0200
postgresql-8.1 (8.0+8.1beta-1) experimental; urgency=low
* First public beta version.
-- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2005 09:00:47 +0200
postgresql-8.1 (8.0+8.1alpha-1) experimental; urgency=low
* New upstream snapshot release. The first beta is close to be released, and
I want to be prepared for that.
* Package based on postgresql-8.0 8.0.3-13; don't build client libraries yet
until 8.1 final is released.
-- Martin Pitt <mpitt@debian.org> Wed, 24 Aug 2005 08:34:00 +0200
postgresql-8.0 (8.0.3-13) unstable; urgency=low
* debian/control: Fix libpq4 description, it is compatible with servers
starting from 7.3.
* Move back client include files to /usr/include/postgresql/ for now to
not render all client packages unbuildable which have not yet converted
to pg_config:
- debian/rules: Configure with include dir /usr/include/postgresql.
- debian/libecpg-dev.install, debian/libpq-dev.install: Install files from
and to /usr/include/postgresql
- Add debian/patches/13_server_includedir.patch: Change server include
directory back to /usr/include/postgresql/8.0/server since we do want to
keep apart server include files.
- Closes: #322085
* Drop obsolete xml contrib module, build and ship xml2 instead:
- Remove debian/patches/51-contrib-xml-enable.patch
- Add debian/patches/51-contrib-xml2-enable.patch
- debian/control: Add build dependency libxslt1-dev.
- debian/postgresql-contrib-8.0.install: Ship pgxml.so, drop pgxml_dom.so.
- Closes: #322777
* Add debian/patches/14-mips-gcc4.patch:
- Add a proper test-and-set function for mips and mipsel. Thanks to Thiemo
Seufer for the patch and Aurelien Jarno for his help. This now also
works with gcc 4.
* debian/rules: Remove the --disable-spinlocks option for mips again, now
that we have a proper patch for that.
-- Martin Pitt <mpitt@debian.org> Sat, 20 Aug 2005 17:34:01 +0200
postgresql-8.0 (8.0.3-12) unstable; urgency=low
* debian/rules:
- Robustify log output in case of a failed test suite; also print out
regression.diffs if it fails. Closes: #319218
- Don't run the test suite if DEB_BUILD_OPTIONS contains "nocheck".
* Add debian/check_installed_files to check for upstream installed files
which are not shipped in any deb.
* debian/postgresql-contrib-8.0.install: Ship pgxml_dom.so. Closes: #318922
-- Martin Pitt <mpitt@debian.org> Sun, 24 Jul 2005 17:35:56 +0200
postgresql-8.0 (8.0.3-11) unstable; urgency=low
* Add debian/patches/12-disable-root-check.patch: Disable "am I root" test
in initdb and postmaster to be able to run the test suite at build time.
This check is already done in pg_createcluster.
* debian/rules: Remove all the chown/setuid crack and simply call "make
check" now; print the log files if the test fails.
* debian/patches/10-testsuite-params.patch: Disable authentication in the
test suite db since ident authentication does not work with fakeroot.
-- Martin Pitt <mpitt@debian.org> Fri, 15 Jul 2005 13:31:51 +0300
postgresql-8.0 (8.0.3-10) unstable; urgency=low
* debian/rules: If the test suite fails, don't let the build fail but rather
cat the log files. Once the test suite calling works reliably, the
previous behaviour can be restored.
-- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2005 14:19:30 +0300
postgresql-8.0 (8.0.3-9) unstable; urgency=low
* Bump Standards-Version to 3.6.2.
* debian/rules: Use start-stop-daemon instead of su to call the test suite
since su requires a terminal.
* debian/rules: Disable spinlocks on mips and mipsel for now since they
FTBFS with gcc-4.0.
-- Martin Pitt <mpitt@debian.org> Wed, 13 Jul 2005 22:22:59 +0300
postgresql-8.0 (8.0.3-8) unstable; urgency=low
* postgresql-client-8.0: Now suggest postgresql-8.0; clarified the
description wrt the server package (see #313247).
* Fix README.Debian symlink.
* Add debian/patches/10-testsuite-params.patch: Use /tmp as the socket
directory when running the test suite.
* debian/rules: Call the test suite when building the package. Since
creating databases as root is not permitted, do this as "nobody" if run by
root (as on the buildds); don't do it at all if run with fakeroot.
-- Martin Pitt <mpitt@debian.org> Tue, 12 Jul 2005 19:10:03 +0300
postgresql-8.0 (8.0.3-7) unstable; urgency=low
* Removed some redundant configure options which cdbs applies anyway.
* configure with --enable-thread-safety-force on HPPA since the configure
check triggers a kernel bug on the buildd. (See #315440)
* debian/postgresql-8.0.init: autovac-* functions in postgresql-common were
renamed to autovac_* to comply to POSIX shell standard (see #315551).
Adaped dependencies.
-- Martin Pitt <mpitt@debian.org> Sun, 26 Jun 2005 14:23:32 +0200
postgresql-8.0 (8.0.3-6) unstable; urgency=low
* Added debian/postgresql-8.0.links: Symlink README.Debian from
postgresql-common.
* Added debian/patches/08-timezone-inttimestamps.patch (stolen from CVS
head): Fix integer timestamps in time zone handling.
Closes: #249417, #311533.
* debian/rules: Fix POT file generation.
* Added debian/patches/09-libpq-defaultsocketdir.patch:
- Set default socket directory for libpq to /var/run/postgresql.
Closes: #313507, #313602
* Adjusted packages to follow upstream library SONAME change in 8.0.3:
libecpg4 -> libecpg5, libecpg-compat1 -> libecpg-compat2,
libpgtypes1 -> libpgtypes2. Closes: #313452, #313453, #313454
-- Martin Pitt <mpitt@debian.org> Tue, 14 Jun 2005 19:58:10 +0200
postgresql-8.0 (8.0.3-5) unstable; urgency=low
* debian/rules: Generate POT files to help translators.
* Added debian/libpq-dev.manpages: Install pg_wrapper(1) manpage.
Closes: #311671
* debian/control: Restrict libpq-dev conflict to postgresql-dev to
versions << 7.5. Closes: #312827
-- Martin Pitt <mpitt@debian.org> Fri, 10 Jun 2005 19:01:20 +0200
postgresql-8.0 (8.0.3-4) unstable; urgency=low
* First unstable upload. * debian/control: Now build with libreadline5-dev instead of version 4.
-- Martin Pitt <mpitt@debian.org> Tue, 7 Jun 2005 12:15:43 +0200
postgresql-8.0 (8.0.3-3) experimental; urgency=low
* Added libpq4 dependency to libpq-dev.
* postgresql-contrib-8.0.install: Correct paths to install missing shared
files and documentation. (Closes: #311553)
* libpq-dev.install: Install some more header files from server/ which are
required by client libraries.
-- Martin Pitt <mpitt@debian.org> Mon, 6 Jun 2005 12:24:57 +0200
postgresql-8.0 (8.0.3-2) experimental; urgency=low
* Added CAN numbers to previous changelog entries.
* debian/patches/07-postgresql.conf.patch: Enable listen_addresses = '*' by
default.
* debian/control, libpq-dev: Conflict to and replace postgresql-dev.
-- Martin Pitt <mpitt@debian.org> Tue, 31 May 2005 11:09:48 +0200
postgresql-8.0 (8.0.3-1) experimental; urgency=low
* New upstream release:
- Prevent calling conversion functions by users. [CAN-2005-1409]
- Prevent calling tsearch2 functions by users. [CAN-2005-1410]
* debian/libpq-dev.{install,links}: Install pg_config into
/usr/lib/postgresql/8.0/bin to make it print correct paths, and install a
symlink into /usr/bin instead. Closes: #305200
* debian/rules: Change include dir configure option to
/usr/include/postgresql/8.0, so that different versions of
postgresql-server-dev-<version> do not conflict with each other. Since
applications using the libpq-dev are supposed to use pg_config, this
should not break them either.
-- Martin Pitt <mpitt@debian.org> Thu, 12 May 2005 23:37:56 +0200
postgresql-8.0 (8.0.2-1) experimental; urgency=low
* New upstream release:
- Removed debian/patches/02-libpq-soname.patch, upstream adopted SONAME
change to libpq4.
* Ship "reindexdb" in -contrib.
* Added debian/patches/02_pager.patch: Use /usr/bin/pager as default pager
in psql. Closes: #304459
* Added debian/postgresql-doc-8.0.doc-base: Register doc package in
doc-base.
-- Martin Pitt <mpitt@debian.org> Tue, 19 Apr 2005 21:19:50 +1000
postgresql-8.0 (8.0.1-4) experimental; urgency=low
* Ship pg_config in libpq-dev instead of postgresql-8.0; added
proper package conflict. Closes: #303257
* Install pg_config in /usr/bin instead of 8.0-specific bin dir.
Closes: #302368
* debian/postgresql-8.0.init: Added autovacuum functions.
-- Martin Pitt <mpitt@debian.org> Tue, 5 Apr 2005 23:15:31 +0200
postgresql-8.0 (8.0.1-3) experimental; urgency=low
* Dropped pgxs package, the Makefiles are now part of postgresql-server-dev.
* -contrib: Only recommend, not depend on libpg-perl and libdbd-pg-perl.
* Renamed packages pg-pl*-8.0 to postgresql-pl*-8.0 for consistency.
* Added debian/patches/07-postgresql.conf.patch:
- Patch for Debian changes to the default configuration.
- Enable stats_row_level to allow pg_autovacuum to work.
-- Martin Pitt <mpitt@debian.org> Sat, 2 Apr 2005 18:21:57 +0200
postgresql-8.0 (8.0.1-2) experimental; urgency=low
* Changed dependency of pg-pltcl-8.0 from libtcl8.4 to tcl8.4
* Now depend on postgresql-common >= 3 which provides more maintainer script
functions.
* Compress manpages.
-- Martin Pitt <mpitt@debian.org> Sun, 20 Mar 2005 21:23:10 +0100
postgresql-8.0 (8.0.1-1) experimental; urgency=low
* New upstream release. Closes: #274043, #291350 - Ignores shell backticks with invalid meta-commands. Closes: #285844 - Fixes uninitialized error strings when connecting to a server which is down. Closes: #264603, #277757 - configure script supports GNU/Hurd and GNU/k*BSD. Closes: #262081 - Fixes comma splices in HTML documentation. Closes: #243781 - Now upper() and lower() work also for Unicode characters. Closes: #139389, #290118, #290399 - New configuration variable max_stack_depth which prevents DoS situations due to infinite recursion. Closes: #239811 - Reportedly works with Turkish locale. Closes: #305886 - This version is not vulnerable against the following security issues: . Load arbitrary shared libs, execute startup function [CAN-2005-0227] . Execute functions with aggregate wrapper [CAN-2005-0244] . Buffer overflow and 64-bit issues in contrib/intagg [CAN-2005-0246] . Buffer overflows in the PL/PGSQL parser in gram.y [CAN-2005-0247] . Insecure temporary files in make_oidjoins_check [CAN-2004-0977] * Splitted development package into libpq-dev and postgresql-server-dev. Closes: #280417 * Splitted libecpg4 into libecpg4, libecpg-compat1 and libpgtypes1. * Old libpgtcl package does not exist any more. The PL/TCL procedural language is now shipped in pg-pltcl8.0, the TCL client library is not shipped by PostgreSQL any more. Closes: #280418 * Now use /var/lib/postgresql/ as (default) data directory. Closes: #285929
-- Martin Pitt <mpitt@debian.org> Sun, 20 Feb 2005 19:17:17 +0100