postgresql-8.3 8.3.11-0ubuntu9.04 source package in Ubuntu
Changelog
postgresql-8.3 (8.3.11-0ubuntu9.04) jaunty-security; urgency=low * New upstream security/bug fix release: - Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using "Safe.pm". Recent developments have convinced us that "Safe.pm" is too insecure to rely on for making plperl trustable. This change removes use of "Safe.pm" altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules. PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted "normal" Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) - Fix possible crash if a cache reset message is received during rebuild of a relcache entry. This error was introduced in 8.3.10 while fixing a related failure. - Apply per-function GUC settings while running the language validator for the function. This avoids failures if the function's code is invalid without the setting; an example is that SQL functions may not parse if the search_path is not correct. - Do not allow an unprivileged user to reset superuser-only parameter settings. Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the "ALTER" will only remove the parameters that the user has permission to change. - Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries. In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. - Ensure the archiver process responds to changes in archive_command as soon as possible. - Update pl/perl's "ppport.h" for modern Perl versions. - Fix assorted memory leaks in pl/python. - Prevent infinite recursion in psql when expanding a variable that refers to itself. - Fix psql's \copy to not add spaces around a dot within \copy (select ...). Addition of spaces around the decimal point in a numeric literal would result in a syntax error. - Fix unnecessary "GIN indexes do not support whole-index scans" errors for unsatisfiable queries using "contrib/intarray" operators. - Ensure that "contrib/pgstattuple" functions respond to cancel interrupts promptly. -- Martin Pitt <email address hidden> Sat, 15 May 2010 14:07:21 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Sponsored by:
- Jamie Strandboge
- Uploaded to:
- Jaunty
- Original maintainer:
- Martin Pitt
- Architectures:
- any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
postgresql-8.3_8.3.11.orig.tar.gz | 13.3 MiB | 37e3574a3bea89fcab18b352d2274c8c389b8edfd0863b54a042a86cafa40e93 |
postgresql-8.3_8.3.11-0ubuntu9.04.diff.gz | 68.5 KiB | 161ab22ea47eb227d6ef5a0af2777dd585bc167c4612209036efe5a2187ec617 |
postgresql-8.3_8.3.11-0ubuntu9.04.dsc | 1.6 KiB | bdfdf7a909a8870f3fc95ee2d7261fcef445c814e835f17b02db18c35f1a6eff |
Available diffs
Binary packages built by this source
- libecpg-compat3: No summary available for libecpg-compat3 in ubuntu jaunty.
No description available for libecpg-compat3 in ubuntu jaunty.
- libecpg-dev: No summary available for libecpg-dev in ubuntu jaunty.
No description available for libecpg-dev in ubuntu jaunty.
- libecpg6: No summary available for libecpg6 in ubuntu jaunty.
No description available for libecpg6 in ubuntu jaunty.
- libpgtypes3: No summary available for libpgtypes3 in ubuntu jaunty.
No description available for libpgtypes3 in ubuntu jaunty.
- libpq-dev: No summary available for libpq-dev in ubuntu jaunty.
No description available for libpq-dev in ubuntu jaunty.
- libpq5: No summary available for libpq5 in ubuntu jaunty.
No description available for libpq5 in ubuntu jaunty.
- postgresql: No summary available for postgresql in ubuntu jaunty.
No description available for postgresql in ubuntu jaunty.
- postgresql-8.3: No summary available for postgresql-8.3 in ubuntu jaunty.
No description available for postgresql-8.3 in ubuntu jaunty.
- postgresql-client: No summary available for postgresql-client in ubuntu jaunty.
No description available for postgresql-client in ubuntu jaunty.
- postgresql-client-8.3: No summary available for postgresql-client-8.3 in ubuntu jaunty.
No description available for postgresql-
client- 8.3 in ubuntu jaunty.
- postgresql-contrib: No summary available for postgresql-contrib in ubuntu jaunty.
No description available for postgresql-contrib in ubuntu jaunty.
- postgresql-contrib-8.3: No summary available for postgresql-contrib-8.3 in ubuntu jaunty.
No description available for postgresql-
contrib- 8.3 in ubuntu jaunty.
- postgresql-doc: No summary available for postgresql-doc in ubuntu jaunty.
No description available for postgresql-doc in ubuntu jaunty.
- postgresql-doc-8.3: No summary available for postgresql-doc-8.3 in ubuntu jaunty.
No description available for postgresql-doc-8.3 in ubuntu jaunty.
- postgresql-plperl-8.3: No summary available for postgresql-plperl-8.3 in ubuntu jaunty.
No description available for postgresql-
plperl- 8.3 in ubuntu jaunty.
- postgresql-plpython-8.3: No summary available for postgresql-plpython-8.3 in ubuntu jaunty.
No description available for postgresql-
plpython- 8.3 in ubuntu jaunty.
- postgresql-pltcl-8.3: No summary available for postgresql-pltcl-8.3 in ubuntu jaunty.
No description available for postgresql-
pltcl-8. 3 in ubuntu jaunty.
- postgresql-server-dev-8.3: No summary available for postgresql-server-dev-8.3 in ubuntu jaunty.
No description available for postgresql-
server- dev-8.3 in ubuntu jaunty.