-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 25 Sep 2011 13:40:58 +0200 Source: postgresql-8.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: sparc Version: 8.3.16-0lenny1 Distribution: lenny-security Urgency: low Maintainer: sparc Build Daemon (spontini) Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.3 - object-relational SQL database, version 8.3 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.3 - front-end programs for PostgreSQL 8.3 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.3 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.3 - documentation for the PostgreSQL database management system postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming Changes: postgresql-8.3 (8.3.16-0lenny1) oldstable-security; urgency=low . * New upstream bug fix release 8.3.15: - Disallow including a composite type in itself. This prevents scenarios wherein the server could recurse infinitely while processing the composite type. While there are some possible uses for such a structure, they don't seem compelling enough to justify the effort required to make sure it always works safely. - Avoid potential deadlock during catalog cache initialization. In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order. - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when there was a concurrent update to the target tuple. This bug has been observed to result in intermittent "cannot extract system attribute from virtual tuple" failures while trying to do UPDATE RETURNING ctid. There is a very small probability of more serious errors, such as generating incorrect index entries for the updated tuple. - Disallow "DROP TABLE" when there are pending deferred trigger events for the table. Formerly the "DROP" would go through, leading to "could not open relation with OID nnn" errors when the triggers were eventually fired. - Fix PL/Python memory leak involving array slices. - Fix pg_restore to cope with long lines (over 1KB) in TOC files. - Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization. * New upstream bug fix release 8.3.16: - Fix bugs in indexing of in-doubt HOT-updated tuples. These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. - Fix multiple bugs in GiST index page split processing. The probability of occurrence was low, but these could lead to index corruption. - Fix possible buffer overrun in tsvector_concat(). The function could underestimate the amount of memory needed for its result, leading to server crashes. - Fix crash in xml_recv when processing a "standalone" parameter. - Avoid possibly accessing off the end of memory in "ANALYZE" and in SJIS-2004 encoding conversion. This fixes some very-low-probability server crash scenarios. - Fix race condition in relcache init file invalidation. There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. - Fix memory leak at end of a GiST index scan. Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. - Fix performance problem when constructing a large, lossy bitmap. - Fix array- and path-creating functions to ensure padding bytes are zeroes. This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. - Fix dump bug for VALUES in a view. - Disallow SELECT FOR UPDATE/SHARE on sequences. This operation doesn't work as expected and can lead to failures. - Defend against integer overflow when computing size of a hash table. - Fix cases where "CLUSTER" might attempt to access already-removed TOAST data. - Fix portability bugs in use of credentials control messages for "peer" authentication. - Fix SSPI login when multiple roundtrips are required. The typical symptom of this problem was "The function requested is not supported" errors during SSPI login. - Fix typo in pg_srand48 seed initialization. This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. - Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63. - Add overflow checks to int4 and int8 versions of generate_series(). - Fix trailing-zero removal in to_char(). In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63. - Fix psql's counting of script file line numbers during COPY from a different file. - Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. - Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code. - In libpq, avoid failures when using nonblocking I/O and an SSL connection. - Improve libpq's handling of failures during connection startup. In particular, the response to a server report of fork() failure during SSL connection startup is now saner. - Improve libpq's error reporting for SSL failures. - Make ecpglib write double values with 15 digits precision. - In ecpglib, be sure LC_NUMERIC setting is restored after an error. - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). "contrib/pg_crypto"'s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. - Fix memory leak in "contrib/seg". - Fix pgstatindex() to give consistent results for empty indexes. - Allow building with perl 5.14 (Alex Hunsaker) * Drop 00cvs-unregister-ssl-callbacks.patch, upstream now. Checksums-Sha1: cb8d02d09fd2d0861c659e3acc311b4f07ac3762 483236 libpq-dev_8.3.16-0lenny1_sparc.deb 6f2875e713171e7db44fae45ebcb4a2d8818a533 417048 libpq5_8.3.16-0lenny1_sparc.deb 2ace0a794ddf63c1c254f70d092b9044da69fb76 314648 libecpg6_8.3.16-0lenny1_sparc.deb dc3771b12777c9be85f61e8d4882dcf55d807e8d 487906 libecpg-dev_8.3.16-0lenny1_sparc.deb 50a1f20e2badad47d4ed98272c4e0286b47fa7b6 294922 libecpg-compat3_8.3.16-0lenny1_sparc.deb e2381ac82bfe5ed386df9e8e71f70768327c2eac 314348 libpgtypes3_8.3.16-0lenny1_sparc.deb bf329fd1fabf7042263d5c9a564a9d1f894db9c2 5543650 postgresql-8.3_8.3.16-0lenny1_sparc.deb 2e58a95f10cc068ae7a59b75cb40989623792b0a 1702498 postgresql-client-8.3_8.3.16-0lenny1_sparc.deb d8edd7c7b3fdc238fb14994f56e369660142fbdc 862614 postgresql-server-dev-8.3_8.3.16-0lenny1_sparc.deb e1ca37b7f2d454b74fe976f9ca0e430e4e44b306 612068 postgresql-contrib-8.3_8.3.16-0lenny1_sparc.deb 503c8954707db3a6fc15ab3049a56b42d5f6c256 314298 postgresql-plperl-8.3_8.3.16-0lenny1_sparc.deb 3781e17ba49bb38a5338b3d88d64fd7ac54f2d2b 307356 postgresql-plpython-8.3_8.3.16-0lenny1_sparc.deb 65e7850ff2a4db74419331d3d36da73a6ae116af 306530 postgresql-pltcl-8.3_8.3.16-0lenny1_sparc.deb Checksums-Sha256: ff46e230fcb7e34cf5625826b99df2da8278eddbea813a0eed200879f4a57fe0 483236 libpq-dev_8.3.16-0lenny1_sparc.deb 0178b44592ce2bfce197dd7159ea22fc5d9b3186012163d73b1899d775037452 417048 libpq5_8.3.16-0lenny1_sparc.deb 2c1f44b9d257ff0d4e657ff776a2c474c88fda6ed9b65d70e6be3b2e7472d8a5 314648 libecpg6_8.3.16-0lenny1_sparc.deb 18f0611e53df8dfef0a172b9d8b9b16c9d3dac8f9a06bc34922c6e7d28f54a8d 487906 libecpg-dev_8.3.16-0lenny1_sparc.deb e7261b10e0887f04f4326a4be4ab4ea91e1adaa2f80df0adfa3110f9b2c43910 294922 libecpg-compat3_8.3.16-0lenny1_sparc.deb 377d06bfd5d0fdabbee47d606c37bbfb6903b9d1399c04f8e48d145697ce9463 314348 libpgtypes3_8.3.16-0lenny1_sparc.deb 490d09070c053e05f6c5cd06c9d717784ca0e65a2e437a24a33b36df9ee8c88f 5543650 postgresql-8.3_8.3.16-0lenny1_sparc.deb 6d18e74906d4b53a7e36db3e2223c279f4a71e66a5b2748e688f06746add91ef 1702498 postgresql-client-8.3_8.3.16-0lenny1_sparc.deb 8176e91e847489ac123cf019ccb334d57348539c4d2304887a087ecbda8b7ec5 862614 postgresql-server-dev-8.3_8.3.16-0lenny1_sparc.deb d9aab958a1045d42cefc793a9e3d5cf9a327e8cfbaa9e817110e796dcbe5c74e 612068 postgresql-contrib-8.3_8.3.16-0lenny1_sparc.deb bd304930b3978aafa3a413567dad8b187fabe3b437e9bc0546e8bf9bfc712ace 314298 postgresql-plperl-8.3_8.3.16-0lenny1_sparc.deb 6dde0094a7caafcb2e15c5ca5e82df35b746cd4bc6bafac54f3c5b6a011a979b 307356 postgresql-plpython-8.3_8.3.16-0lenny1_sparc.deb 5a141b2838f6fe7c3a2054e9928278f7b7542859d6c6670e854cde270265c7f0 306530 postgresql-pltcl-8.3_8.3.16-0lenny1_sparc.deb Files: 47904fd73be166c23a8ab68e1881897d 483236 libdevel optional libpq-dev_8.3.16-0lenny1_sparc.deb 3692f65d0851a4fc1e2573685dc5117c 417048 libs optional libpq5_8.3.16-0lenny1_sparc.deb 647f31dbdc0d690b4f6effc961bd2939 314648 libs optional libecpg6_8.3.16-0lenny1_sparc.deb 840cdc47c0b58dceca9c9797787901de 487906 libdevel optional libecpg-dev_8.3.16-0lenny1_sparc.deb 642a78cf1c2af61111b6423ff4359385 294922 libs optional libecpg-compat3_8.3.16-0lenny1_sparc.deb b6ceaf4850bdf6d2d3a8dab3fd36f7b7 314348 libs optional libpgtypes3_8.3.16-0lenny1_sparc.deb 7103adef717477526a851fc65e78fb5f 5543650 misc optional postgresql-8.3_8.3.16-0lenny1_sparc.deb 3f5c5cba1b0115432021aa03af13f872 1702498 misc optional postgresql-client-8.3_8.3.16-0lenny1_sparc.deb 86761152a7b42a12cd05c8f725ab9b05 862614 libdevel optional postgresql-server-dev-8.3_8.3.16-0lenny1_sparc.deb 548d9defb44815a336274b39a3691f6f 612068 misc optional postgresql-contrib-8.3_8.3.16-0lenny1_sparc.deb 2923f53801358c45a792f87652c8a506 314298 misc optional postgresql-plperl-8.3_8.3.16-0lenny1_sparc.deb 2252e9a7818507f83d24dc91557c8f46 307356 misc optional postgresql-plpython-8.3_8.3.16-0lenny1_sparc.deb b78fe2804406a594ee98558c916a0d5e 306530 misc optional postgresql-pltcl-8.3_8.3.16-0lenny1_sparc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOm8ZfAAoJENyjz/lLKAaSc98P/iRDfbuU0AHEttZvDOImEy2T BS7Gp3HsotbP0JDm0CjGHOktSRLz+6P4OPpjBX264Wd4+ox6c/fHJjPniieXBUHg FUgNgxea3ozthhitQhEbPFVK4ptJLmRV72tCTsohYjQbTKxGRrPJzhiQxT6ywlHj n6UgF1TgkFPWanMk+QZRhq+mrbAb+MYHAC+SAKfBG+dnMWNWOEmyJKn+P8BMXSz7 mNm8uIkUJSQRwUn/6egwVyuP4x5S9MknhaPoEtejevrBaexco/TNVbuHR41YHEPN LujFqSPI2m/SsQgp+szKM+61GC61Rn4x69cPOjXGeYIqKDdmc4eiDYlQuckDoAJn G1g8Mhw/Awx/UHwySw5L44ulD4tdOpSrkmSxCeBEQ7pifr2VqqOKzvVDo7qWiJG3 gf7apOCOJMPkwdUxa6uPC/bwPSf5qd6pjzuma+2eJRU4oTPeSHb8EDiGIH1/kTWd 4dCmMj5qsHH7gTndeB4Jx5z7NHzRiALJyda3etclTBHlkd+AE5hYX0bckcJ8ALeS 6mjKMBRHUDhWPqG7M/fGdPBwMkYl32DV0Of3BS10QYnMG/f4VF22eQmNOMg8QiWk Gc/S15LyRBGNRYQtC97HH82v9i6CWlQ0jLTP2q/E41d9igz3Blz4tpseFrXhWGkB rYTDwx0cB7Fj06Aj0OI4 =h5+p -----END PGP SIGNATURE-----