lp://staging/ubuntu/trusty-updates/postgresql-9.3

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

29. By Martin Pitt on 2016-10-27

* New upstream bug fix release (LP: #1637236)
  - Fix WAL-logging of truncation of relation free space maps and visibility
    maps.
    It was possible for these files to not be correctly restored during
    crash recovery, or to be written incorrectly on a standby server. Bogus
    entries in a free space map could lead to attempts to access pages that
    have been truncated away from the relation itself, typically producing
    errors like "could not read block XXX: read only 0 of 8192 bytes".
    Checksum failures in the visibility map are also possible, if
    checksumming is enabled.

    Procedures for determining whether there is a problem and repairing it
    if so are discussed at
       https://wiki.postgresql.org/wiki/Free_Space_Map_Problems

  - Details about other changes:
    http://www.postgresql.org/docs/9.3/static/release-9-3-15.html

28. By Martin Pitt on 2016-08-17

* New upstream security/bug fix release (LP: #1614113):
  - Fix possible mis-evaluation of nested CASE-WHEN expressions
    A CASE expression appearing within the test value subexpression of
    another CASE could become confused about whether its own test value was
    null or not. Also, inlining of a SQL function implementing the equality
    operator used by a CASE expression could result in passing the wrong
    test value to functions called within a CASE expression in the SQL
    function's body. If the test values were of different data types, a
    crash might result; moreover such situations could be abused to allow
    disclosure of portions of server memory. (CVE-2016-5423)

  - Fix client programs' handling of special characters in database and role
    names
    Numerous places in vacuumdb and other client programs could become
    confused by database and role names containing double quotes or
    backslashes. Tighten up quoting rules to make that safe. Also, ensure
    that when a conninfo string is used as a database name parameter to
    these programs, it is correctly treated as such throughout.

    Fix handling of paired double quotes in psql's \connect and \password
    commands to match the documentation.

    Introduce a new -reuse-previous option in psql's \connect command to
    allow explicit control of whether to re-use connection parameters from a
    previous connection. (Without this, the choice is based on whether the
    database name looks like a conninfo string, as before.) This allows
    secure handling of database names containing special characters in
    pg_dumpall scripts.

    pg_dumpall now refuses to deal with database and role names containing
    carriage returns or newlines, as it seems impractical to quote those
    characters safely on Windows. In future we may reject such names on the
    server side, but that step has not been taken yet.

    These are considered security fixes because crafted object names
    containing special characters could have been used to execute commands
    with superuser privileges the next time a superuser executes pg_dumpall
    or other routine maintenance operations. (CVE-2016-5424)

  - Details: http://www.postgresql.org/docs/9.3/static/release-9-3-14.html

27. By Martin Pitt on 2016-05-12

* New upstream bug fix release. (LP: #1581016)
  - See http://www.postgresql.org/docs/9.3/static/release-9-3-13.html for
    details.

26. By Martin Pitt on 2016-03-31

* New upstream bug fix release. (LP: #1564268)
  - See http://www.postgresql.org/about/news/1656/ for details.

25. By Martin Pitt on 2016-02-11

* New upstream security/bug fix release: (LP: #1544576)
  - Fix infinite loops and buffer-overrun problems in regular expressions.
    Very large character ranges in bracket expressions could cause infinite
    loops in some cases, and memory overwrites in other cases.
    (CVE-2016-0773)
  - Prevent certain PL/Java parameters from being set by non-superusers.
    This change mitigates a PL/Java security bug (CVE-2016-0766), which was
    fixed in PL/Java by marking these parameters as superuser-only. To fix
    the security hazard for sites that update PostgreSQL more frequently
    than PL/Java, make the core code aware of them also.
  - See release notes for details about other fixes.

24. By Martin Pitt on 2015-10-08

* New upstream security/bug fix release: (LP: #1504132)
  - Guard against stack overflows in json parsing.
    If an application constructs PostgreSQL json or jsonb values from
    arbitrary user input, the application's users can reliably crash the
    PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)

  - Fix contrib/pgcrypto to detect and report too-short crypt() salts
    Certain invalid salt arguments crashed the server or disclosed a few
    bytes of server memory. We have not ruled out the viability of attacks
    that arrange for presence of confidential information in the disclosed
    bytes, but they seem unlikely. (CVE-2015-5288)

  - See release notes for details about other fixes.

23. By Martin Pitt on 2015-06-12

* New upstream bug fix release (LP: #1464669)
  - Fix possible failure to recover from an inconsistent database state
  - Fix rare failure to invalidate relation cache init file
  - See http://www.postgresql.org/about/news/1592/ for details.

22. By Martin Pitt on 2015-06-03

* New upstream bug fix release (LP: #1461425)
  - Avoid failures while fsync'ing data directory during crash restart.

    In the previous minor releases we added a patch to fsync everything in
    the data directory after a crash. Unfortunately its response to any
    error condition was to fail, thereby preventing the server from starting
    up, even when the problem was quite harmless. An example is that an
    unwritable file in the data directory would prevent restart on some
    platforms; but it is common to make SSL certificate files unwritable by
    the server. Revise this behavior so that permissions failures are
    ignored altogether, and other types of failures are logged but do not
    prevent continuing.

 - See release notes for details about other fixes.

21. By Martin Pitt on 2015-05-20

* New upstream security/bug fix release (LP: #1457093)
  - Avoid possible crash when client disconnects just before the
    authentication timeout expires.
    If the timeout interrupt fired partway through the session shutdown
    sequence, SSL-related state would be freed twice, typically causing a
    crash and hence denial of service to other sessions. Experimentation
    shows that an unauthenticated remote attacker could trigger the bug
    somewhat consistently, hence treat as security issue. (CVE-2015-3165)

  - Improve detection of system-call failures
    Our replacement implementation of snprintf() failed to check for errors
    reported by the underlying system library calls; the main case that
    might be missed is out-of-memory situations. In the worst case this
    might lead to information exposure, due to our code assuming that a
    buffer had been overwritten when it hadn't been. Also, there were a few
    places in which security-relevant calls of other system library
    functions did not check for failure.
    It remains possible that some calls of the *printf() family of functions
    are vulnerable to information disclosure if an out-of-memory error
    occurs at just the wrong time. We judge the risk to not be large, but
    will continue analysis in this area. (CVE-2015-3166)

  - In contrib/pgcrypto, uniformly report decryption failures as Wrong key
    or corrupt data
    Previously, some cases of decryption with an incorrect key could report
    other error message texts. It has been shown that such variance in
    error reports can aid attackers in recovering keys from other systems.
    While it's unknown whether pgcrypto's specific behaviors are likewise
    exploitable, it seems better to avoid the risk by using a
    one-size-fits-all message. (CVE-2015-3167)

  - Protect against wraparound of multixact member IDs
    Under certain usage patterns, the existing defenses against this might
    be insufficient, allowing pg_multixact/members files to be removed too
    early, resulting in data loss.
    The fix for this includes modifying the server to fail transactions that
    would result in overwriting old multixact member ID data, and improving
    autovacuum to ensure it will act proactively to prevent multixact member
    ID wraparound, as it does for transaction ID wraparound.

 - See release notes for details about other fixes.

20. By Martin Pitt on 2015-02-06

* New upstream security/bug fix release (LP: #1418928)
  - Fix buffer overruns in to_char() [CVE-2015-0241]
  - Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
  - Fix possible loss of frontend/backend protocol synchronization after an
    error [CVE-2015-0244]
  - Fix information leak via constraint-violation error messages
    [CVE-2014-8161]
  - See release notes for details about other fixes:
    http://www.postgresql.org/about/news/1569/