-
postgresql-9.4 (9.4.4-0ubuntu0.14.10) utopic-proposed; urgency=medium
* New upstream bug fix release (LP: #1464669)
- Fix possible failure to recover from an inconsistent database state
- Fix rare failure to invalidate relation cache init file
- See http://www.postgresql.org/about/news/1592/ for details.
-- Martin Pitt <email address hidden> Fri, 12 Jun 2015 15:47:35 +0200
-
postgresql-9.4 (9.4.3-0ubuntu0.14.10.1) utopic-proposed; urgency=medium
* New upstream bug fix release (LP: #1461425)
- Avoid failures while fsync'ing data directory during crash restart.
In the previous minor releases we added a patch to fsync everything in
the data directory after a crash. Unfortunately its response to any
error condition was to fail, thereby preventing the server from starting
up, even when the problem was quite harmless. An example is that an
unwritable file in the data directory would prevent restart on some
platforms; but it is common to make SSL certificate files unwritable by
the server. Revise this behavior so that permissions failures are
ignored altogether, and other types of failures are logged but do not
prevent continuing.
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Wed, 03 Jun 2015 09:30:17 +0200
-
postgresql-9.4 (9.4.3-0ubuntu0.14.10) utopic-proposed; urgency=medium
* New upstream bug fix release (LP: #1461425)
- Avoid failures while fsync'ing data directory during crash restart.
In the previous minor releases we added a patch to fsync everything in
the data directory after a crash. Unfortunately its response to any
error condition was to fail, thereby preventing the server from starting
up, even when the problem was quite harmless. An example is that an
unwritable file in the data directory would prevent restart on some
platforms; but it is common to make SSL certificate files unwritable by
the server. Revise this behavior so that permissions failures are
ignored altogether, and other types of failures are logged but do not
prevent continuing.
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Wed, 03 Jun 2015 09:30:17 +0200
-
postgresql-9.4 (9.4.2-0ubuntu0.14.10) utopic-security; urgency=medium
* New upstream security/bug fix release (LP: #1457093)
- Avoid possible crash when client disconnects just before the
authentication timeout expires.
If the timeout interrupt fired partway through the session shutdown
sequence, SSL-related state would be freed twice, typically causing a
crash and hence denial of service to other sessions. Experimentation
shows that an unauthenticated remote attacker could trigger the bug
somewhat consistently, hence treat as security issue. (CVE-2015-3165)
- Improve detection of system-call failures
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
- In contrib/pgcrypto, uniformly report decryption failures as Wrong key
or corrupt data
Previously, some cases of decryption with an incorrect key could report
other error message texts. It has been shown that such variance in
error reports can aid attackers in recovering keys from other systems.
While it's unknown whether pgcrypto's specific behaviors are likewise
exploitable, it seems better to avoid the risk by using a
one-size-fits-all message. (CVE-2015-3167)
- Protect against wraparound of multixact member IDs
Under certain usage patterns, the existing defenses against this might
be insufficient, allowing pg_multixact/members files to be removed too
early, resulting in data loss.
The fix for this includes modifying the server to fail transactions that
would result in overwriting old multixact member ID data, and improving
autovacuum to ensure it will act proactively to prevent multixact member
ID wraparound, as it does for transaction ID wraparound.
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Wed, 20 May 2015 23:01:00 +0200
-
postgresql-9.4 (9.4.1-0ubuntu0.14.10) utopic-security; urgency=medium
* New upstream security/bug fix release (LP: #1418928)
- Fix buffer overruns in to_char() [CVE-2015-0241]
- Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
- Fix possible loss of frontend/backend protocol synchronization after an
error [CVE-2015-0244]
- Fix information leak via constraint-violation error messages
[CVE-2014-8161]
- See release notes for details about other fixes:
http://www.postgresql.org/about/news/1569/
-- Martin Pitt <email address hidden> Fri, 06 Feb 2015 12:31:46 +0100
-
postgresql-9.4 (9.4.0-1~0ubuntu0.14.10) utopic-proposed; urgency=medium
* Backport final version to Ubuntu 14.10. (LP: #1404260)
postgresql-9.4 (9.4.0-1) unstable; urgency=medium
* 9.4 released.
* libpq5.symbols: PQhostaddr removed; it was new in 9.4.
-- Martin Pitt <email address hidden> Fri, 19 Dec 2014 15:28:32 +0100
-
postgresql-9.4 (9.4~rc1-1~0ubuntu0.14.10) utopic-proposed; urgency=medium
* Backport first release candidate to Ubuntu 14.10. (LP: #1396107)
-- Martin Pitt <email address hidden> Tue, 25 Nov 2014 12:53:02 +0100
-
postgresql-9.4 (9.4~beta3-2) unstable; urgency=medium
* postgresql-9.4.preinst: Output detailed dump-reload instructions when
refusing the package upgrade, and also add a NEWS item about it.
(Closes: #764705)
* Add libipc-run-perl for the regression tests which otherwise skip large
parts.
* Update Standards-Version.
-- Christoph Berg <email address hidden> Wed, 15 Oct 2014 19:44:43 +0200
-
postgresql-9.4 (9.4~beta3-1) unstable; urgency=medium
* New upstream beta version.
+ Catalog version number changed, older 9.4 clusters need to be dumped and
reloaded.
+ Regexp regression fixed. (Closes: #760564)
+ CACHE_LINE_SIZE definition renamed to mitigate conflict on *BSD.
(Closes: #763098)
[ Martin Pitt ]
* Add missing logrotate test dependency.
[ Christoph Berg ]
* Set Multi-Arch: foreign in postgresql-client-9.4 and postgresql-doc-9.4.
(Closes: #757520; do it even on non-multiarch dists, it doesn't hurt.)
* Fix postgresql_fdw in description, spotted by Andrei Popescu, thanks!
(Closes: #762389)
-- Christoph Berg <email address hidden> Tue, 07 Oct 2014 20:39:57 +0200
-
postgresql-9.4 (9.4~beta2-1build1) utopic; urgency=medium
* Rebuild for Perl 5.20.0.
-- Colin Watson <email address hidden> Thu, 21 Aug 2014 13:47:13 +0100
-
postgresql-9.4 (9.4~beta2-1) unstable; urgency=low
* New upstream beta version.
+ Secure Unix-domain sockets of temporary postmasters started during make
check (Noah Misch)
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
* postgresql-9.4.preinst: Fail upgrade when upgrading from beta1, the
catalog version changed. People should dump/remove their old clusters
first.
* Use util-linux' uuid lib as backend for the uuid-ossp extension
(--with-uuid=e2fs).
* Enable sepgsql (--with-selinux). On systems with libselinux1-dev < 2.1.10,
this is automatically disabled.
* Revert multiarch for libpq-dev and libecpg-dev. (Closes: #750111, #750112)
* Remove our pg_regress patches to support --host=/path. Implemented
upstream as fix for CVE-2014-0067.
* debian/copyright: Say that there are various copyright holders for the
contrib modules. (Hello Lintian!)
* Update Vcs URLs.
-- Christoph Berg <email address hidden> Mon, 21 Jul 2014 22:26:24 +0200
