-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 25 Sep 2011 13:40:58 +0200 Source: postgresql-8.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: powerpc Version: 8.3.16-0lenny1 Distribution: lenny-security Urgency: low Maintainer: powerpc Build Daemon (praetorius) Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.3 - object-relational SQL database, version 8.3 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.3 - front-end programs for PostgreSQL 8.3 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.3 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.3 - documentation for the PostgreSQL database management system postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming Changes: postgresql-8.3 (8.3.16-0lenny1) oldstable-security; urgency=low . * New upstream bug fix release 8.3.15: - Disallow including a composite type in itself. This prevents scenarios wherein the server could recurse infinitely while processing the composite type. While there are some possible uses for such a structure, they don't seem compelling enough to justify the effort required to make sure it always works safely. - Avoid potential deadlock during catalog cache initialization. In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order. - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when there was a concurrent update to the target tuple. This bug has been observed to result in intermittent "cannot extract system attribute from virtual tuple" failures while trying to do UPDATE RETURNING ctid. There is a very small probability of more serious errors, such as generating incorrect index entries for the updated tuple. - Disallow "DROP TABLE" when there are pending deferred trigger events for the table. Formerly the "DROP" would go through, leading to "could not open relation with OID nnn" errors when the triggers were eventually fired. - Fix PL/Python memory leak involving array slices. - Fix pg_restore to cope with long lines (over 1KB) in TOC files. - Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization. * New upstream bug fix release 8.3.16: - Fix bugs in indexing of in-doubt HOT-updated tuples. These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. - Fix multiple bugs in GiST index page split processing. The probability of occurrence was low, but these could lead to index corruption. - Fix possible buffer overrun in tsvector_concat(). The function could underestimate the amount of memory needed for its result, leading to server crashes. - Fix crash in xml_recv when processing a "standalone" parameter. - Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion. This fixes some very-low-probability server crash scenarios. - Fix race condition in relcache init file invalidation. There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. - Fix memory leak at end of a GiST index scan. Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. - Fix performance problem when constructing a large, lossy bitmap. - Fix array- and path-creating functions to ensure padding bytes are zeroes. This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. - Fix dump bug for VALUES in a view. - Disallow SELECT FOR UPDATE/SHARE on sequences. This operation doesn't work as expected and can lead to failures. - Defend against integer overflow when computing size of a hash table. - Fix cases where "CLUSTER" might attempt to access already-removed TOAST data. - Fix portability bugs in use of credentials control messages for "peer" authentication. - Fix SSPI login when multiple roundtrips are required. The typical symptom of this problem was "The function requested is not supported" errors during SSPI login. - Fix typo in pg_srand48 seed initialization. This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. - Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63. - Add overflow checks to int4 and int8 versions of generate_series(). - Fix trailing-zero removal in to_char(). In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63. - Fix psql's counting of script file line numbers during COPY from a different file. - Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. - Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code. - In libpq, avoid failures when using nonblocking I/O and an SSL connection. - Improve libpq's handling of failures during connection startup. In particular, the response to a server report of fork() failure during SSL connection startup is now saner. - Improve libpq's error reporting for SSL failures. - Make ecpglib write double values with 15 digits precision. - In ecpglib, be sure LC_NUMERIC setting is restored after an error. - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). "contrib/pg_crypto"'s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. - Fix memory leak in "contrib/seg". - Fix pgstatindex() to give consistent results for empty indexes. - Allow building with perl 5.14 (Alex Hunsaker) * Drop 00cvs-unregister-ssl-callbacks.patch, upstream now. Checksums-Sha1: ce27a491f87d9d413adddb4363b122073efc8446 492866 libpq-dev_8.3.16-0lenny1_powerpc.deb aabdafb681c219e3fcdc7ca154e5e2525cee09a8 427238 libpq5_8.3.16-0lenny1_powerpc.deb 11801c0f9a19d886d971b794101d030f4e6b12e4 318842 libecpg6_8.3.16-0lenny1_powerpc.deb cdacfe128cbe4294301f04b2454df8a50da3fab4 502684 libecpg-dev_8.3.16-0lenny1_powerpc.deb 3d26c5b7236ae22bb3749d4883d8de3d32727a1e 296436 libecpg-compat3_8.3.16-0lenny1_powerpc.deb 4d99dc3464c4835c8f5093ef6b916fb2c190fa68 320676 libpgtypes3_8.3.16-0lenny1_powerpc.deb c8a638bb544c4fc634b51688fd7049563239aada 5808000 postgresql-8.3_8.3.16-0lenny1_powerpc.deb 82b0a0d706f81d856a010e62d5f67f4b413f2004 1771312 postgresql-client-8.3_8.3.16-0lenny1_powerpc.deb 279f7f015ccdd351e73e1dd08d4772befdccd5f1 864318 postgresql-server-dev-8.3_8.3.16-0lenny1_powerpc.deb b4f27edf5312aaf751d04d23e2eaa79f16603e48 700412 postgresql-contrib-8.3_8.3.16-0lenny1_powerpc.deb 17d4ea50e9562b89ff72ec52ff9ddfad111273f5 319150 postgresql-plperl-8.3_8.3.16-0lenny1_powerpc.deb 87f90d67f8f89d58d59f1fd681e0aec502adbd2c 311316 postgresql-plpython-8.3_8.3.16-0lenny1_powerpc.deb faa24a5816dc08b70f3f907c42a5c8f6d087c5a4 309778 postgresql-pltcl-8.3_8.3.16-0lenny1_powerpc.deb Checksums-Sha256: 0d6211e3a2df77a10b665530bd88dfdec88acb373129e63cac51d10bf800d662 492866 libpq-dev_8.3.16-0lenny1_powerpc.deb f751677fbda9508a107ff4cec717fe41261e9c9cebbb28f755ad998a157c5cf5 427238 libpq5_8.3.16-0lenny1_powerpc.deb ab0ca636661ab10020f6aa4b9a51097e1487241214f31fe8b8c610c108deaadd 318842 libecpg6_8.3.16-0lenny1_powerpc.deb e4a519b9b663129d5637c3c0f28d757f9fee6ed3552a68812837e3f340f4cea7 502684 libecpg-dev_8.3.16-0lenny1_powerpc.deb ecdeed7a4e94b0f7bbd860bf6c0c477cf9b732bb8904183eb6b9c978d8999b83 296436 libecpg-compat3_8.3.16-0lenny1_powerpc.deb 700ca2ba881e36a8eaf04193995ec9de8afeb131d844ac879417bf832c185f87 320676 libpgtypes3_8.3.16-0lenny1_powerpc.deb e2ba2810f71590e832eb898dd5a5ec644da2168a1dca3543c6da6ee18a123942 5808000 postgresql-8.3_8.3.16-0lenny1_powerpc.deb 9e9f98905393a65e2932823defc49af2090c0ad50b40ca6fee4ab34d1f0c2999 1771312 postgresql-client-8.3_8.3.16-0lenny1_powerpc.deb 0f418392c8a861f6a6d7bf27640310265b1aacf59c0b9d1c54f995af378bd621 864318 postgresql-server-dev-8.3_8.3.16-0lenny1_powerpc.deb 411c6894c81f97763fbb060a1fb5b02b38de2cf7964c656dcfde61c1068e4ab0 700412 postgresql-contrib-8.3_8.3.16-0lenny1_powerpc.deb 9abeff2833adfbdec14cb37fce53508b4b992742153b7e84bfca9bd6b6364263 319150 postgresql-plperl-8.3_8.3.16-0lenny1_powerpc.deb a815dfd0f6daa2419e2bb23a131ae8f09f072f9cb54ec1a0cd22ff3c0a768662 311316 postgresql-plpython-8.3_8.3.16-0lenny1_powerpc.deb d5cad42ab0f57aaab5fe26b249edb81697dd4f7ae969df6a02103c882e285d62 309778 postgresql-pltcl-8.3_8.3.16-0lenny1_powerpc.deb Files: 5b061d83f7dcc52fe96126d39b306019 492866 libdevel optional libpq-dev_8.3.16-0lenny1_powerpc.deb 3773b084a05cf89e0e201d2449afd908 427238 libs optional libpq5_8.3.16-0lenny1_powerpc.deb 9c50194ac799153055ddec3e44dfa773 318842 libs optional libecpg6_8.3.16-0lenny1_powerpc.deb 52373784c4ae96e91e22b3a180f63f94 502684 libdevel optional libecpg-dev_8.3.16-0lenny1_powerpc.deb d357ca5e4a935a5209b583c9bd9cd330 296436 libs optional libecpg-compat3_8.3.16-0lenny1_powerpc.deb deb680608ef48fffe8b0d728858bd96f 320676 libs optional libpgtypes3_8.3.16-0lenny1_powerpc.deb 63c9e87424518b318f975ddb9bde686c 5808000 misc optional postgresql-8.3_8.3.16-0lenny1_powerpc.deb 5d8e224bd8dfc4f95c7ac037e3585172 1771312 misc optional postgresql-client-8.3_8.3.16-0lenny1_powerpc.deb d791d2db4e437c35efa69153ca34bd39 864318 libdevel optional postgresql-server-dev-8.3_8.3.16-0lenny1_powerpc.deb 758a70377bf29e16078963440f0049cf 700412 misc optional postgresql-contrib-8.3_8.3.16-0lenny1_powerpc.deb e7713be656ad569e3cd8c69c325c31b2 319150 misc optional postgresql-plperl-8.3_8.3.16-0lenny1_powerpc.deb 96e31bf152f4b92f6133a7d39f370ca1 311316 misc optional postgresql-plpython-8.3_8.3.16-0lenny1_powerpc.deb 3ea82a9a8181f3ae1ad6a4e144446d46 309778 misc optional postgresql-pltcl-8.3_8.3.16-0lenny1_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6cU0UACgkQXm3vHE4uylobcwCeKFi3wB23NaTZsXQUXCUtaew6 ZWQAoL96895s47DLcSq45vrc/1T8cDnh =Ne82 -----END PGP SIGNATURE-----