lp://staging/ubuntu/saucy-proposed/postgresql-9.1

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/saucy-proposed/postgresql-9.1
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

33. By Martin Pitt

* New upstream bug fix release. See changelog.gz for details.
* Drop 00git-perl5.18.patch, applied upstream.
* Add 04-config-update.patch: Refresh config.{guess,sub} to latest version
  for enabling ports, in particular arm64 and the upcoming ppc64el.

32. By Christoph Berg

[ Christoph Berg ]
* Pull 82b0102650cf85268145a46f0ab488bacf6599a1 from upstream head to better
  support VPATH builds of PGXS modules, and make the install targets depend
  on installdirs.

[ Martin Pitt ]
* debian/rules: Still build the client-side libraries on Ubuntu.

31. By Martin Pitt

[ Martin Pitt ]
* debian/rules: Support multi-arch locations of {tcl,tk}-config.
* debian/rules: Don't build with kerberos and LDAP support for
  DEB_STAGE=stage1 to aid with bootstrapping.
* debian/tests/control: Add missing net-tools dependency (for ifconfig).
* Add 00git-aarch64.patch: Add ARM64 (aarch64) support to s_lock.h.
  Backported from upstream git.
* debian/rules: Call dh with --parallel.
* Add 00git-perl5.18.patch: Adjust PL/Perl test cases to also work for Perl
  5.18. Backported from upstream 9.1 stable branch.
* debian/rules: Don't build client-side libraries unless we have a pgdg
  version, as these are built by -9.3 now.

[ Christoph Berg ]
* Pull 6697aa2bc25c83b88d6165340348a31328c35de6 from upstream head to
  better support VPATH builds of PGXS modules.
* debian/rules, 60-pg_regress_socketdir: Remove the temporary patches from
  pg_regress, and teach pg_regress to support unix socket dirs in --host.
  Use a random port number as well.
* debian/rules: Use "make check-world" to run the regression tests. Thanks
  to Peter Eisentraut for the suggestion.
* 61-extra_regress_opts: Add EXTRA_REGRESS_OPTS in Makefile.global(.in) and
  in src/interfaces/ecpg/test/Makefile.

30. By Martin Pitt

Upload current Debian packaging bzr head (which generalized and applied the
recent Ubuntu delta) and fix FTBFS with gcc-4.8.

debian/rules: Support multi-arch locations of {tcl,tk}-config.

29. By Martin Pitt

* Urgency high because of critical remote data destruction vulnerability.
* New upstream security/bug fix release:
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899] (Closes: #704479)
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.
* Bump Standards-Version to 3.9.4 (no changes necessary).

28. By Christoph Berg

[ Martin Pitt ]
* Add autopkgtest, moved from postgresql-common.
* debian/rules: Only build the error codes and the plpython subtree for the
  "python3" flavor, to cut down build time.
* Add missing docbook build dependency. (Closes: #697618)

[ Christoph Berg ]
* New upstream version.
  + Prevent execution of enum_recv from SQL
    The function was misdeclared, allowing a simple SQL command to crash the
    server. In principle an attacker might be able to use it to examine the
    contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
    for reporting this issue. (CVE-2013-0255)

27. By Martin Pitt

* New upstream bug fix release. See HISTORY/changelog.gz for details.
* Add 03-python-includedirs.patch: Detect both python3.3 include locations.
  Thanks Dmitrijs Ledkovs!

26. By Martin Pitt

* Urgency medium because of data loss bug fix.
* New upstream bug fix release:
  - Fix persistence marking of shared buffers during WAL replay.
    This mistake can result in buffers not being written out during
    checkpoints, resulting in data corruption if the server later
    crashes without ever having written those buffers. Corruption can
    occur on any server following crash recovery, but it is
    significantly more likely to occur on standby slave servers since
    those perform much more WAL replay. There is a low probability of
    corruption of btree and GIN indexes. There is a much higher
    probability of corruption of table "visibility maps". Fortunately,
    visibility maps are non-critical data in 9.1, so the worst
    consequence of such corruption in 9.1 installations is transient
    inefficiency of vacuuming. Table data proper cannot be corrupted by
    this bug.
    While no index corruption due to this bug is known to have occurred
    in the field, as a precautionary measure it is recommended that
    production installations "REINDEX" all btree and GIN indexes at a
    convenient time after upgrading to 9.1.6.
    Also, if you intend to do an in-place upgrade to 9.2.X, before
    doing so it is recommended to perform a "VACUUM" of all tables
    while having vacuum_freeze_table_age set to zero. This will ensure
    that any lingering wrong data in the visibility maps is corrected
    before 9.2.X can depend on it. vacuum_cost_delay can be adjusted to
    reduce the performance impact of vacuuming, while causing it to
    take longer to finish.
  - See HISTORY/changelog.gz for the other bug fixes.
* debian/rules: Compress all binaries with xz. Thanks Cyril Brulebois!
  (Closes: #688678)

25. By Martin Pitt

* debian/rules: Re-enable hardening functions (regression from 9.1.3-2 when
  hardening-wrapper is not installed). Use "hardening=all", but disable
  "pie" (as that's not compatible with -fPIC) and add -pie to CFLAGS
  explicitly. Also drop the explicit "-Wl,-z,now" linker option, as this is
  now implied with "all". (LP: #1039618)
* Fix upgrades from older 9.1 releases in stable Ubuntu -updates/-security
  releasese. The strict "<< 9.1.4-2~" check for moving pg_basebackup.1.gz is
  not sufficient, as Ubuntu stables have newer upstream releases by now.
  - debian/control: Move Breaks/Replaces: from static version to
    ${binary:Version}.
  - debian/postgresql-9.1.preinst: Also fix the alternatives when upgrading
    from a -0something version.
  - (LP: #1043449)

24. By Martin Pitt

* Urgency medium due to security fixes and bug fixes which should reach
  Wheezy quickly.
* New upstream bug fix/security release:
  - Prevent access to external files/URLs via XML entity references.
    xml_parse() would attempt to fetch external files or URLs as needed
    to resolve DTD and entity references in an XML value, thus allowing
    unprivileged database users to attempt to fetch data with the
    privileges of the database server. While the external data wouldn't
    get returned directly to the user, portions of it could be exposed
    in error messages if the data didn't parse as valid XML; and in any
    case the mere ability to check existence of a file might be useful
    to an attacker. (CVE-2012-3489)
  - Prevent access to external files/URLs via "contrib/xml2"'s
    xslt_process().
    libxslt offers the ability to read and write both files and URLs
    through stylesheet commands, thus allowing unprivileged database
    users to both read and write data with the privileges of the
    database server. Disable that through proper use of libxslt's
    security options. (CVE-2012-3488)
    Also, remove xslt_process()'s ability to fetch documents and
    stylesheets from external files/URLs. While this was a documented
    "feature", it was long regarded as a bad idea. The fix for
    CVE-2012-3489 broke that capability, and rather than expend effort
    on trying to fix it, we're just going to summarily remove it.
  - Lots of other bug fixes, see HISTORY/changelog.gz.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/trusty/postgresql-9.1
This branch contains Public information 
Everyone can see this information.

Subscribers