Debian Bug report logs - #517405
postgresql-8.3: Server crashes if using wrong (mismatch) conversion

version graph

Package: postgresql-8.3; Maintainer for postgresql-8.3 is (unknown);

Reported by: Afonin Denis <vadm@itkm.ru>

Date: Fri, 27 Feb 2009 14:00:02 UTC

Severity: important

Tags: security, upstream

Found in version postgresql-8.3/8.3.6-1

Fixed in versions postgresql-8.3/8.3.7-1, postgresql-8.3/8.3.7-0lenny1

Done: Martin Pitt <mpitt@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Martin Pitt <mpitt@debian.org>:
Bug#517405; Package postgresql-8.3. (Fri, 27 Feb 2009 14:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Afonin Denis <vadm@itkm.ru>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Martin Pitt <mpitt@debian.org>. (Fri, 27 Feb 2009 14:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Afonin Denis <vadm@itkm.ru>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: postgresql-8.3: Server crashes if using wrong (mismatch) conversion
Date: Fri, 27 Feb 2009 16:57:25 +0300
Package: postgresql-8.3
Version: 8.3.6-1
Severity: serious
Tags: security
Justification: must

As reported in http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
using conversion functions width mismatched specified and database codepages causes postgresql to segfault.
A serious issue is that a regular user can do that and bring down the whole system.

Upstream came up with a patch just hours after the report, and it seems 
to be slated for 8.3.6: 
http://archives.postgresql.org/pgsql-bugs/2009-02/msg00176.php


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18+openvz (SMP w/8 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/bash

Versions of packages postgresql-8.3 depends on:
ii  libc6                 2.7-18             GNU C Library: Shared libraries
ii  libcomerr2            1.41.3-1           common error description library
ii  libkrb53              1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii  libldap-2.4-2         2.4.11-1           OpenLDAP libraries
ii  libpam0g              1.0.1-5            Pluggable Authentication Modules l
ii  libpq5                8.3.6-1            PostgreSQL C client library
ii  libssl0.9.8           0.9.8g-15          SSL shared libraries
ii  libxml2               2.6.32.dfsg-5      GNOME XML library
ii  locales               2.7-18             GNU C Library: National Language (
ii  postgresql-client-8.3 8.3.6-1            front-end programs for PostgreSQL 
ii  postgresql-common     94lenny1           PostgreSQL database-cluster manage
ii  ssl-cert              1.0.23             simple debconf wrapper for OpenSSL
ii  tzdata                2008h-2            time zone and daylight-saving time

postgresql-8.3 recommends no packages.

Versions of packages postgresql-8.3 suggests:
ii  pidentd [ident-server]      3.0.19.ds1-4 TCP/IP IDENT protocol server with 

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#517405; Package postgresql-8.3. (Sat, 28 Feb 2009 13:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <mpitt@debian.org>:
Extra info received and forwarded to list. (Sat, 28 Feb 2009 13:33:02 GMT) Full text and rfc822 format available.

Message #10 received at 517405@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: Afonin Denis <vadm@itkm.ru>, 517405@bugs.debian.org
Subject: Re: Bug#517405: postgresql-8.3: Server crashes if using wrong (mismatch) conversion
Date: Sat, 28 Feb 2009 14:32:09 +0100
[Message part 1 (text/plain, inline)]
severity 517405 important
tag 517405 upstream
forwarded 517405 http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
thanks

Afonin Denis [2009-02-27 16:57 +0300]:
> As reported in http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
> using conversion functions width mismatched specified and database codepages causes postgresql to segfault.
> A serious issue is that a regular user can do that and bring down the whole system.
> 
> Upstream came up with a patch just hours after the report, and it seems 
> to be slated for 8.3.6: 

I assume you mean 8.3.7 :)

Anyway, it seems that the patch is still under discussion and hasn't
been committed yet. I'll let upstream decide on the right approach,
and then the fix will trickle into Debian with 8.3.7. We'll also put
8.3.7 into lenny-updates.

Thank you for your report!

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
[signature.asc (application/pgp-signature, inline)]

Severity set to `important' from `serious' Request was from Martin Pitt <mpitt@debian.org> to control@bugs.debian.org. (Sat, 28 Feb 2009 13:33:03 GMT) Full text and rfc822 format available.

Tags added: upstream Request was from Martin Pitt <mpitt@debian.org> to control@bugs.debian.org. (Sat, 28 Feb 2009 13:33:04 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php. Request was from Martin Pitt <mpitt@debian.org> to control@bugs.debian.org. (Sat, 28 Feb 2009 13:33:05 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Martin Pitt <mpitt@debian.org> to control@bugs.debian.org. (Sat, 14 Mar 2009 18:33:09 GMT) Full text and rfc822 format available.

Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. (Wed, 18 Mar 2009 08:06:04 GMT) Full text and rfc822 format available.

Notification sent to Afonin Denis <vadm@itkm.ru>:
Bug acknowledged by developer. (Wed, 18 Mar 2009 08:06:04 GMT) Full text and rfc822 format available.

Message #23 received at 517405-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 517405-close@bugs.debian.org
Subject: Bug#517405: fixed in postgresql-8.3 8.3.7-1
Date: Wed, 18 Mar 2009 07:47:17 +0000
Source: postgresql-8.3
Source-Version: 8.3.7-1

We believe that the bug you reported is fixed in the latest version of
postgresql-8.3, which is due to be installed in the Debian FTP archive:

libecpg-compat3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-1_i386.deb
libecpg-dev_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-1_i386.deb
libecpg6_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg6_8.3.7-1_i386.deb
libpgtypes3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-1_i386.deb
libpq-dev_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libpq-dev_8.3.7-1_i386.deb
libpq5_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/libpq5_8.3.7-1_i386.deb
postgresql-8.3_8.3.7-1.diff.gz
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-1.diff.gz
postgresql-8.3_8.3.7-1.dsc
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-1.dsc
postgresql-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-1_i386.deb
postgresql-8.3_8.3.7.orig.tar.gz
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7.orig.tar.gz
postgresql-client-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-1_i386.deb
postgresql-client_8.3.7-1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-client_8.3.7-1_all.deb
postgresql-contrib-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-1_i386.deb
postgresql-contrib_8.3.7-1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-1_all.deb
postgresql-doc-8.3_8.3.7-1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-1_all.deb
postgresql-doc_8.3.7-1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-1_all.deb
postgresql-plperl-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-1_i386.deb
postgresql-plpython-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-1_i386.deb
postgresql-pltcl-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-1_i386.deb
postgresql-server-dev-8.3_8.3.7-1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-1_i386.deb
postgresql_8.3.7-1_all.deb
  to pool/main/p/postgresql-8.3/postgresql_8.3.7-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 517405@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated postgresql-8.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 14 Mar 2009 20:11:20 +0100
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all i386
Version: 8.3.7-1
Distribution: unstable
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 517405 519582
Changes: 
 postgresql-8.3 (8.3.7-1) unstable; urgency=low
 .
   * New upstream bug fix release:
      - Prevent error recursion crashes when encoding conversion fails.
        This change extends fixes made in the last two minor releases for
        related failure scenarios. The previous fixes were narrowly
        tailored for the original problem reports, but we have now
        recognized that *any* error thrown by an encoding conversion
        function could potentially lead to infinite recursion while trying
        to report the error. The solution therefore is to disable
        translation and encoding conversion and report the plain-ASCII form
        of any error message, if we find we have gotten into a recursive
        error reporting situation. (Closes: #517405)
      - Disallow "CREATE CONVERSION" with the wrong encodings for the
        specified conversion function. This prevents one possible scenario for
        encoding conversion failure. The previous change is a backstop to guard
        against other kinds of failures in the same area.
      - Fix xpath() to not modify the path expression unless necessary, and
        to make a saner attempt at it when necessary.
        The SQL standard suggests that xpath should work on data that is a
        document fragment, but libxml doesn't support that, and indeed it's
        not clear that this is sensible according to the XPath standard.
        xpath attempted to work around this mismatch by modifying both the
        data and the path expression, but the modification was buggy and
        could cause valid searches to fail. Now, xpath checks whether the
        data is in fact a well-formed document, and if so invokes libxml
        with no change to the data or path expression. Otherwise, a
        different modification method that is somewhat less likely to fail
        is used.
        Note: The new modification method is still not 100% satisfactory,
        and it seems likely that no real solution is possible. This patch
        should therefore be viewed as a band-aid to keep from breaking
        existing applications unnecessarily. It is likely that PostgreSQL
        8.4 will simply reject use of xpath on data that is not a
        well-formed document.
      - Fix core dump when to_char() is given format codes that are
        inappropriate for the type of the data argument.
      - Fix extreme inefficiency in text search parser's handling of an
        email-like string containing multiple @ characters.
      - Fix planner problem with sub-"SELECT" in the output list of a
        larger subquery.
      - Fix decompilation of CASE WHEN with an implicit coercion.
      - Fix possible misassignment of the owner of a TOAST table's rowtype.
        If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
        by someone other than the table owner, the pg_type entry for the
        table's TOAST table would end up marked as owned by that someone.
        This caused no immediate problems, since the permissions on the
        TOAST rowtype aren't examined by any ordinary database operation.
        However, it could lead to unexpected failures if one later tried to
        drop the role that issued the command (in 8.1 or 8.2), or "owner of
        data type appears to be invalid" warnings from pg_dump after having
        done so (in 8.3).
      - Change "UNLISTEN" to exit quickly if the current session has never
        executed any "LISTEN" command.
        Most of the time this is not a particularly useful optimization,
        but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
        caused a substantial performance problem for applications that made
        heavy use of "DISCARD ALL".
      - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
        clause anywhere in the string, not only at the start; in
        particular, don't fail for "INSERT INTO" within "CREATE RULE".
      - Clean up PL/pgSQL error status variables fully at block exit.
        This is not a problem for PL/pgSQL itself, but the omission could
        cause the PL/pgSQL Debugger to crash while examining the state of a
        function.
      - Add MUST (Mauritius Island Summer Time) to the default list of
        known timezone abbreviations (Xavier Bugaud)
   * debian/postgresql-8.3.init: Drop obsolete autovac-* commands.
     (Closes: #519582)
   * debian/rules: Enable build hardening on Debian now. Drop lsb-release build
     dependency, since we do not need it any more.
Checksums-Sha1: 
 8a2d4355c0ae6e957a57eaa966db4bc67104f436 1628 postgresql-8.3_8.3.7-1.dsc
 2e6b29bcafa27964990228522363a2dcf3d6c960 13814173 postgresql-8.3_8.3.7.orig.tar.gz
 89fdb037bdbbb172e6c566c79581bc73c2348b7d 65003 postgresql-8.3_8.3.7-1.diff.gz
 a7b7b851515b428a9f4c67b1b716176ee782da51 2125580 postgresql-doc-8.3_8.3.7-1_all.deb
 06f8bd0c6434ae60cceaad0042ed436ebb7e1ee2 234718 postgresql_8.3.7-1_all.deb
 c8923b06068cbc7a9de923e9f5eab473ef270561 234682 postgresql-client_8.3.7-1_all.deb
 a6c9233236500dbdc6921e2a6e06e68258ed4a1a 234524 postgresql-doc_8.3.7-1_all.deb
 76faa0f34771e413df01eb424aa7caef51564723 234580 postgresql-contrib_8.3.7-1_all.deb
 24af5fa0228edfa3ecc3ccdeacf3da568286b6a5 430202 libpq-dev_8.3.7-1_i386.deb
 f2eac368a638b6238884772e80e42b8284545414 364388 libpq5_8.3.7-1_i386.deb
 ed3a30074c343334a87a789d421ae067b3d537e8 262880 libecpg6_8.3.7-1_i386.deb
 d0728a7d68538e39065b6460dffa861534f1385c 446916 libecpg-dev_8.3.7-1_i386.deb
 5579831be88026a6dece81fce7ec0d11b30fae0e 241748 libecpg-compat3_8.3.7-1_i386.deb
 3fe9c842ab450be0b23525e6d2097739341889e1 263810 libpgtypes3_8.3.7-1_i386.deb
 b8022dbf96238870c1e19d15cdfa54d247f75da8 5234546 postgresql-8.3_8.3.7-1_i386.deb
 672e95dcdfda4c3b7f0d7abe51283474f8bd246f 1671434 postgresql-client-8.3_8.3.7-1_i386.deb
 6e1d9379d1ad33fc5f7db7e8df2446f1fd20c4d6 807078 postgresql-server-dev-8.3_8.3.7-1_i386.deb
 2e93b78c0bba6dc5582c07f7f04b21076be6bd7f 565180 postgresql-contrib-8.3_8.3.7-1_i386.deb
 6c049815ffa45b9e4366395c6216c37989c5ec71 260360 postgresql-plperl-8.3_8.3.7-1_i386.deb
 44222e7a44adec88996f2390f40ef603f26f83a2 253408 postgresql-plpython-8.3_8.3.7-1_i386.deb
 47a584205e8dfa39e9bd9bdd534160112a94d540 252468 postgresql-pltcl-8.3_8.3.7-1_i386.deb
Checksums-Sha256: 
 c9aae99fb5a5d71d9ef2c1a74c4a28053c4a53309ce36445073e7f781495235d 1628 postgresql-8.3_8.3.7-1.dsc
 b476ff30ff01a2b93449a22d55cd39b450742f1dd49d22fa765d869a2fc08368 13814173 postgresql-8.3_8.3.7.orig.tar.gz
 e719524cb53ff6d411b9ca39657c181deab00bf8725e1999065325f38e9ec168 65003 postgresql-8.3_8.3.7-1.diff.gz
 79e51d17fc9c547b89749a11ea861c318576f89e06694be843f5ee4d1dd7fd7a 2125580 postgresql-doc-8.3_8.3.7-1_all.deb
 942bd4f6b5a54f2fef3d90402abb88d4f2414107347d001c9b3020f569963af6 234718 postgresql_8.3.7-1_all.deb
 bf2cc7bdbdda401c89ddd7d9416384269f2e244e7f92cfdab26947c4febfda62 234682 postgresql-client_8.3.7-1_all.deb
 676e819d9e3e3fc913c9f28c1110c17ed2a3389fa5b5277516fb70507a7a8050 234524 postgresql-doc_8.3.7-1_all.deb
 d7c7346cb94439f324282be571522b897c3d0127389cbe47702399043bb4f8b0 234580 postgresql-contrib_8.3.7-1_all.deb
 272ca149d59e1e64b9339ca1e0b69270edc7116278759ac4e2cdedade8eca077 430202 libpq-dev_8.3.7-1_i386.deb
 2c060cc14ce28b1a86ba2c872ce45f28eb737857d083def88d321685997b690f 364388 libpq5_8.3.7-1_i386.deb
 a2402eddba260e6f27810ad8b3325e00f54eaffb8166cdbc5aa12d874a67fda1 262880 libecpg6_8.3.7-1_i386.deb
 9881e92c30be6a4bbe8d8c9a1b3237742cb663b6f683062b36ad08b11711fc61 446916 libecpg-dev_8.3.7-1_i386.deb
 c63bc8fea9af80e4bc69b85e3771ab6d156d41c4500f5f9cf55d189db045f722 241748 libecpg-compat3_8.3.7-1_i386.deb
 42549a9d32aaca403703d569529f665d217a4bbdd04a83b037b37ed86dab6f15 263810 libpgtypes3_8.3.7-1_i386.deb
 7d36ef19e7780c66fe5f399e11bec73d4b1e9f13815eae023222dd2856a3f4f7 5234546 postgresql-8.3_8.3.7-1_i386.deb
 37be62a67e26742a494bb4e58e1a7a3a2860a8298dea39cd77ddecc2fa995182 1671434 postgresql-client-8.3_8.3.7-1_i386.deb
 a133f2eaa218bb0cab671fa8bc578464321991eca686c28d3ddeab95a24d39c0 807078 postgresql-server-dev-8.3_8.3.7-1_i386.deb
 113f741020918dfd1a1926758012ff308eb85ba2714e97e775ef09cd45b28d4e 565180 postgresql-contrib-8.3_8.3.7-1_i386.deb
 fb8f9930a36e5670cfe60cceafe1cf6c8131219013c40017c182565d952d7827 260360 postgresql-plperl-8.3_8.3.7-1_i386.deb
 034160d192d541422c855199cee526825ba3ab738b2f3ee274fb8c998a43839a 253408 postgresql-plpython-8.3_8.3.7-1_i386.deb
 7dfc7eee4427997d0cc23343acdf7c734534572251626e006643a9e439b21d63 252468 postgresql-pltcl-8.3_8.3.7-1_i386.deb
Files: 
 f6169a277d571bde073886b0518f7ace 1628 misc optional postgresql-8.3_8.3.7-1.dsc
 850f5e17f2d0a8272214ed75da4befc7 13814173 misc optional postgresql-8.3_8.3.7.orig.tar.gz
 47052919959817c00bebde24cabf9723 65003 misc optional postgresql-8.3_8.3.7-1.diff.gz
 3564a7994b8ef7cda49e6726c2b28e55 2125580 doc optional postgresql-doc-8.3_8.3.7-1_all.deb
 fe2f70b1ef01c6f7e0c6c01384463e34 234718 misc optional postgresql_8.3.7-1_all.deb
 7e3f79dd41154e9b686935981e3ddcea 234682 misc optional postgresql-client_8.3.7-1_all.deb
 376cfd82076fdc4a3f837d59a2388db4 234524 doc optional postgresql-doc_8.3.7-1_all.deb
 bbc11f2445f3395992b8534aff58ee96 234580 misc optional postgresql-contrib_8.3.7-1_all.deb
 da1d717769ad38c2a31846c048962abe 430202 libdevel optional libpq-dev_8.3.7-1_i386.deb
 664948a71de4c8fac15066c8b938c0c1 364388 libs optional libpq5_8.3.7-1_i386.deb
 f75a00f2e7f3e4924524ec7e5a88ab04 262880 libs optional libecpg6_8.3.7-1_i386.deb
 c01c139c49cc9f3ef7242ede2bbd4f0c 446916 libdevel optional libecpg-dev_8.3.7-1_i386.deb
 bf77f941b7f165d7385c112f3ebbf7a2 241748 libs optional libecpg-compat3_8.3.7-1_i386.deb
 edd749dcfbe7a7b08189f9ecad53c938 263810 libs optional libpgtypes3_8.3.7-1_i386.deb
 8fdd68334bbb1603277448e353686459 5234546 misc optional postgresql-8.3_8.3.7-1_i386.deb
 c21606073fc75b318310a60a456c5ee7 1671434 misc optional postgresql-client-8.3_8.3.7-1_i386.deb
 80f246395db3ff5b1e9006b6efb69a52 807078 libdevel optional postgresql-server-dev-8.3_8.3.7-1_i386.deb
 b631ed267fbb32921359d4ab98356108 565180 misc optional postgresql-contrib-8.3_8.3.7-1_i386.deb
 96451156137cff9ca02ce739f32338cf 260360 misc optional postgresql-plperl-8.3_8.3.7-1_i386.deb
 23619d0cae5f0001161d79bb92b87b8d 253408 misc optional postgresql-plpython-8.3_8.3.7-1_i386.deb
 fa440d7293417c89571a0302ddf8aab1 252468 misc optional postgresql-pltcl-8.3_8.3.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm8EecACgkQDecnbV4Fd/K40gCgnVN/2lI1w36GAfBHUqWZcNHj
zVcAn0DdDht+vdecHXC3HbxvygL7jHfe
=eu9s
-----END PGP SIGNATURE-----





Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. (Wed, 25 Mar 2009 14:12:06 GMT) Full text and rfc822 format available.

Notification sent to Afonin Denis <vadm@itkm.ru>:
Bug acknowledged by developer. (Wed, 25 Mar 2009 14:12:06 GMT) Full text and rfc822 format available.

Message #28 received at 517405-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 517405-close@bugs.debian.org
Subject: Bug#517405: fixed in postgresql-8.3 8.3.7-0lenny1
Date: Wed, 25 Mar 2009 13:53:34 +0000
Source: postgresql-8.3
Source-Version: 8.3.7-0lenny1

We believe that the bug you reported is fixed in the latest version of
postgresql-8.3, which is due to be installed in the Debian FTP archive:

libecpg-compat3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0lenny1_i386.deb
libecpg-dev_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0lenny1_i386.deb
libecpg6_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg6_8.3.7-0lenny1_i386.deb
libpgtypes3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0lenny1_i386.deb
libpq-dev_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0lenny1_i386.deb
libpq5_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpq5_8.3.7-0lenny1_i386.deb
postgresql-8.3_8.3.7-0lenny1.diff.gz
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.diff.gz
postgresql-8.3_8.3.7-0lenny1.dsc
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.dsc
postgresql-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1_i386.deb
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0lenny1_i386.deb
postgresql-client_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-client_8.3.7-0lenny1_all.deb
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
postgresql-contrib_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-0lenny1_all.deb
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-0lenny1_all.deb
postgresql-doc_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-0lenny1_all.deb
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
postgresql_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql_8.3.7-0lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 517405@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated postgresql-8.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 14 Mar 2009 19:17:23 +0100
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all i386
Version: 8.3.7-0lenny1
Distribution: stable
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 517405
Changes: 
 postgresql-8.3 (8.3.7-0lenny1) stable; urgency=low
 .
   * New upstream bug fix release:
      - Prevent error recursion crashes when encoding conversion fails.
        This change extends fixes made in the last two minor releases for
        related failure scenarios. The previous fixes were narrowly
        tailored for the original problem reports, but we have now
        recognized that *any* error thrown by an encoding conversion
        function could potentially lead to infinite recursion while trying
        to report the error. The solution therefore is to disable
        translation and encoding conversion and report the plain-ASCII form
        of any error message, if we find we have gotten into a recursive
        error reporting situation. (Closes: #517405)
      - Disallow "CREATE CONVERSION" with the wrong encodings for the
        specified conversion function. This prevents one possible scenario for
        encoding conversion failure. The previous change is a backstop to guard
        against other kinds of failures in the same area.
      - Fix xpath() to not modify the path expression unless necessary, and
        to make a saner attempt at it when necessary.
        The SQL standard suggests that xpath should work on data that is a
        document fragment, but libxml doesn't support that, and indeed it's
        not clear that this is sensible according to the XPath standard.
        xpath attempted to work around this mismatch by modifying both the
        data and the path expression, but the modification was buggy and
        could cause valid searches to fail. Now, xpath checks whether the
        data is in fact a well-formed document, and if so invokes libxml
        with no change to the data or path expression. Otherwise, a
        different modification method that is somewhat less likely to fail
        is used.
        Note: The new modification method is still not 100% satisfactory,
        and it seems likely that no real solution is possible. This patch
        should therefore be viewed as a band-aid to keep from breaking
        existing applications unnecessarily. It is likely that PostgreSQL
        8.4 will simply reject use of xpath on data that is not a
        well-formed document.
      - Fix core dump when to_char() is given format codes that are
        inappropriate for the type of the data argument.
      - Fix extreme inefficiency in text search parser's handling of an
        email-like string containing multiple @ characters.
      - Fix planner problem with sub-"SELECT" in the output list of a
        larger subquery.
      - Fix decompilation of CASE WHEN with an implicit coercion.
      - Fix possible misassignment of the owner of a TOAST table's rowtype.
        If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
        by someone other than the table owner, the pg_type entry for the
        table's TOAST table would end up marked as owned by that someone.
        This caused no immediate problems, since the permissions on the
        TOAST rowtype aren't examined by any ordinary database operation.
        However, it could lead to unexpected failures if one later tried to
        drop the role that issued the command (in 8.1 or 8.2), or "owner of
        data type appears to be invalid" warnings from pg_dump after having
        done so (in 8.3).
      - Change "UNLISTEN" to exit quickly if the current session has never
        executed any "LISTEN" command.
        Most of the time this is not a particularly useful optimization,
        but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
        caused a substantial performance problem for applications that made
        heavy use of "DISCARD ALL".
      - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
        clause anywhere in the string, not only at the start; in
        particular, don't fail for "INSERT INTO" within "CREATE RULE".
      - Clean up PL/pgSQL error status variables fully at block exit.
        This is not a problem for PL/pgSQL itself, but the omission could
        cause the PL/pgSQL Debugger to crash while examining the state of a
        function.
      - Add MUST (Mauritius Island Summer Time) to the default list of
        known timezone abbreviations (Xavier Bugaud)
Checksums-Sha1: 
 3421d4d9a2e6a8dda6104ea3abdbefe5e987d32e 1665 postgresql-8.3_8.3.7-0lenny1.dsc
 a4aada6f9d6ed25c8e99b691dd9796dec95eb074 42746 postgresql-8.3_8.3.7-0lenny1.diff.gz
 a693f108496cd37832f64c8a2c39a778b9313985 2125832 postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 918c337d68e412531996689555f587ff52dc0d3f 234668 postgresql_8.3.7-0lenny1_all.deb
 f1b8d8a92445e56cb896d11cf8619a07bc00e2b1 234638 postgresql-client_8.3.7-0lenny1_all.deb
 b0024740228b3622ecece2f1626ca41d5d27f065 234476 postgresql-doc_8.3.7-0lenny1_all.deb
 68680e7e4a20d5a2a2de61158089d17251991983 234534 postgresql-contrib_8.3.7-0lenny1_all.deb
 43963f9a5d0fa54ffb1d2c8d828a34912945bf85 428056 libpq-dev_8.3.7-0lenny1_i386.deb
 1c141364b3d86cdc7846f94a6a5d9f96c5b34a9c 363392 libpq5_8.3.7-0lenny1_i386.deb
 81f32e5ce561c19ac54dcb7b62682541ef0d5ba5 262644 libecpg6_8.3.7-0lenny1_i386.deb
 697f21c3d3fd803c35ba4bc42e635ddc7e397172 444342 libecpg-dev_8.3.7-0lenny1_i386.deb
 7ea08e861b9e57fc84dd2a8d541fa997095043ec 241714 libecpg-compat3_8.3.7-0lenny1_i386.deb
 27162aa5a80875cddeeabf91e67b0abc7dfda281 263282 libpgtypes3_8.3.7-0lenny1_i386.deb
 8699da70c00b41fb7633ac97683aa4ade8346f30 5208078 postgresql-8.3_8.3.7-0lenny1_i386.deb
 afe5d58b9d5c53f141b84e83d117e2b24522be7b 1650982 postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 562e6dc56d030c0c9a1af8e926247392455e86ca 805600 postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 c032d20e692e32a8079fb636560d1f68506464a2 560160 postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 e969c875ecbde3e68dd26c40cbd66cebba9340ef 260242 postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 3c4a916cf58dcfc318468c25f5b76b9d9d13aecd 253226 postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 1ca7eac014dc4432b9b89fe9886996886bff8a21 252194 postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Checksums-Sha256: 
 c34564519d51cfcc801d3db961e174e336a86ee18251c0443147c3f10e0bc0aa 1665 postgresql-8.3_8.3.7-0lenny1.dsc
 05b6010864698d31683d64333462740c75cc185fc53322c10f7d76286d045646 42746 postgresql-8.3_8.3.7-0lenny1.diff.gz
 864c8bc3f2ab49fcad0e56a67481978497458b554f9e06eac1a76f18b91af0c3 2125832 postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 3dd184a80fc3ab1b18ea6ea11445effe441db6598cd1434abbf78498d2f4bece 234668 postgresql_8.3.7-0lenny1_all.deb
 06b328460c7012c2a81d93af04b3d8462052fc5e71bd5d40900b114bd28793fe 234638 postgresql-client_8.3.7-0lenny1_all.deb
 2f63d39c2324c402fd2148bd5f982d55b9dbc9717b93d1942c2429afbd4370cb 234476 postgresql-doc_8.3.7-0lenny1_all.deb
 be3882a85497923e01f59fefd800e5243b3ae8d8f4e2b9f9f98fea8fb12fdcf9 234534 postgresql-contrib_8.3.7-0lenny1_all.deb
 136528d3b80f9c4c96b694a373ab1120c3a36365a0a96d522a245806813ecfb9 428056 libpq-dev_8.3.7-0lenny1_i386.deb
 279c6b4ea9d8a03d5e008d7c4a7a1acdfdf1b36b4b31cb0a7c74c62c25097994 363392 libpq5_8.3.7-0lenny1_i386.deb
 44af5f7830a2beb664c6509ef41f192cf8ab9f2e13c49b8ee0c39022ea0db246 262644 libecpg6_8.3.7-0lenny1_i386.deb
 a136930d3f004a0bd46264e51892d460cb08061d44e9a5c375fbed10e3d8cbff 444342 libecpg-dev_8.3.7-0lenny1_i386.deb
 2ecf645c6bc958d1fd3c6543f18fd59ac473184d29a985f078e6f2cca14c2eaa 241714 libecpg-compat3_8.3.7-0lenny1_i386.deb
 b0c911a15f98b3e66b511bb68f3e29c5f554b8642544776c91a748703d6a40b5 263282 libpgtypes3_8.3.7-0lenny1_i386.deb
 f15be2931bfb11b0e382e3c68de92c6e94e7eae58bbdea490404b15a83753877 5208078 postgresql-8.3_8.3.7-0lenny1_i386.deb
 6afd86292f02f98b991868be190840b61358ab1bf24a2a2d157bad5db05d8e9c 1650982 postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 999e4e0fee8d78ed6082133a396c45d449fb0223da3557c4ff9e8c68511fb8cb 805600 postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 06bc3b5584e4d0a45f859a11bd8bc91121e595449b289f10fd336a089ea040d2 560160 postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 711c385e773fe5faf9084138821fd5c9f5ca605a2db4398e29dcb81350b2e9f7 260242 postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 20307c0d7ed1a574167e89e23c23cfa52fdf5ebb895f029a1ab4d2d344277534 253226 postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 e11c7b4ed3819ff7cc81bdf5dabd1a5cebf70d332b7816f768f12c113769ba24 252194 postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Files: 
 cefb47755f7d0c43200cfd2970fa84b7 1665 misc optional postgresql-8.3_8.3.7-0lenny1.dsc
 246bf61b49bb1c9d759a8693f1675596 42746 misc optional postgresql-8.3_8.3.7-0lenny1.diff.gz
 c38a66535e5b31ce4d3f960b6d01a81f 2125832 doc optional postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 ae91c989c4b798311ec054c5d01a4425 234668 misc optional postgresql_8.3.7-0lenny1_all.deb
 5c64a75504182179863a4c2b2741adde 234638 misc optional postgresql-client_8.3.7-0lenny1_all.deb
 2092d673e25728521e9bace3865bc606 234476 doc optional postgresql-doc_8.3.7-0lenny1_all.deb
 2936998bfad471c3374eabf703ee3324 234534 misc optional postgresql-contrib_8.3.7-0lenny1_all.deb
 ea4e58987dcc5921e33d5440f7567ee0 428056 libdevel optional libpq-dev_8.3.7-0lenny1_i386.deb
 d68a6d2476cd5bded4ba3a285e8390ae 363392 libs optional libpq5_8.3.7-0lenny1_i386.deb
 fd2837f56ac826b269c4d09358485cc3 262644 libs optional libecpg6_8.3.7-0lenny1_i386.deb
 6fe82e511d77c9fb47912b0b7657e3c8 444342 libdevel optional libecpg-dev_8.3.7-0lenny1_i386.deb
 d93f76b8a38932d54fb3bf228bc7092b 241714 libs optional libecpg-compat3_8.3.7-0lenny1_i386.deb
 bb47de1ba28b4d0347f4b8d74f1190ec 263282 libs optional libpgtypes3_8.3.7-0lenny1_i386.deb
 d6663908aa5a8e430e9ea769bf979998 5208078 misc optional postgresql-8.3_8.3.7-0lenny1_i386.deb
 de0a4f9ab42168fb0af86b31491dd2bf 1650982 misc optional postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 a7634cf632f0a9e4f6e9c6be0b96e88f 805600 libdevel optional postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 59a01cd7e7cbaee0c64e10387280664d 560160 misc optional postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 f9ecf02f71a75dc71b4672fcab110269 260242 misc optional postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 85e1c6d77a136826272154ebfb96b9c7 253226 misc optional postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 bc06674c47df8eb5b31473c5b006c035 252194 misc optional postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknA59IACgkQDecnbV4Fd/IkGACgmXubPbdcI5QgoCNDQmOp5N3P
MiEAoMdwApdYYPUPREcz77N0Zhumu5tE
=LZKW
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Martin Pitt <mpitt@debian.org>:
Bug#517405; Package postgresql-8.3. (Tue, 07 Apr 2009 21:54:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Martin Pitt <mpitt@debian.org>. (Tue, 07 Apr 2009 21:54:06 GMT) Full text and rfc822 format available.

Message #33 received at 517405@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 517405@bugs.debian.org
Subject: stable updates needed
Date: Tue, 7 Apr 2009 17:23:52 -0400
hello,

thanks for fixing this security issue.  please coordinate with the
security team (team@security.debian.org) to prepare new packages for the
stable releases. thank you.




Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. (Sat, 11 Apr 2009 17:21:13 GMT) Full text and rfc822 format available.

Notification sent to Afonin Denis <vadm@itkm.ru>:
Bug acknowledged by developer. (Sat, 11 Apr 2009 17:21:13 GMT) Full text and rfc822 format available.

Message #38 received at 517405-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 517405-close@bugs.debian.org
Subject: Bug#517405: fixed in postgresql-8.3 8.3.7-0lenny1
Date: Sat, 11 Apr 2009 16:47:38 +0000
Source: postgresql-8.3
Source-Version: 8.3.7-0lenny1

We believe that the bug you reported is fixed in the latest version of
postgresql-8.3, which is due to be installed in the Debian FTP archive:

libecpg-compat3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0lenny1_i386.deb
libecpg-dev_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0lenny1_i386.deb
libecpg6_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libecpg6_8.3.7-0lenny1_i386.deb
libpgtypes3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0lenny1_i386.deb
libpq-dev_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0lenny1_i386.deb
libpq5_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/libpq5_8.3.7-0lenny1_i386.deb
postgresql-8.3_8.3.7-0lenny1.diff.gz
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.diff.gz
postgresql-8.3_8.3.7-0lenny1.dsc
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.dsc
postgresql-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1_i386.deb
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0lenny1_i386.deb
postgresql-client_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-client_8.3.7-0lenny1_all.deb
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
postgresql-contrib_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-0lenny1_all.deb
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-0lenny1_all.deb
postgresql-doc_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-0lenny1_all.deb
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
  to pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
postgresql_8.3.7-0lenny1_all.deb
  to pool/main/p/postgresql-8.3/postgresql_8.3.7-0lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 517405@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated postgresql-8.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 14 Mar 2009 19:17:23 +0100
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all i386
Version: 8.3.7-0lenny1
Distribution: stable
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 517405
Changes: 
 postgresql-8.3 (8.3.7-0lenny1) stable; urgency=low
 .
   * New upstream bug fix release:
      - Prevent error recursion crashes when encoding conversion fails.
        This change extends fixes made in the last two minor releases for
        related failure scenarios. The previous fixes were narrowly
        tailored for the original problem reports, but we have now
        recognized that *any* error thrown by an encoding conversion
        function could potentially lead to infinite recursion while trying
        to report the error. The solution therefore is to disable
        translation and encoding conversion and report the plain-ASCII form
        of any error message, if we find we have gotten into a recursive
        error reporting situation. (Closes: #517405)
      - Disallow "CREATE CONVERSION" with the wrong encodings for the
        specified conversion function. This prevents one possible scenario for
        encoding conversion failure. The previous change is a backstop to guard
        against other kinds of failures in the same area.
      - Fix xpath() to not modify the path expression unless necessary, and
        to make a saner attempt at it when necessary.
        The SQL standard suggests that xpath should work on data that is a
        document fragment, but libxml doesn't support that, and indeed it's
        not clear that this is sensible according to the XPath standard.
        xpath attempted to work around this mismatch by modifying both the
        data and the path expression, but the modification was buggy and
        could cause valid searches to fail. Now, xpath checks whether the
        data is in fact a well-formed document, and if so invokes libxml
        with no change to the data or path expression. Otherwise, a
        different modification method that is somewhat less likely to fail
        is used.
        Note: The new modification method is still not 100% satisfactory,
        and it seems likely that no real solution is possible. This patch
        should therefore be viewed as a band-aid to keep from breaking
        existing applications unnecessarily. It is likely that PostgreSQL
        8.4 will simply reject use of xpath on data that is not a
        well-formed document.
      - Fix core dump when to_char() is given format codes that are
        inappropriate for the type of the data argument.
      - Fix extreme inefficiency in text search parser's handling of an
        email-like string containing multiple @ characters.
      - Fix planner problem with sub-"SELECT" in the output list of a
        larger subquery.
      - Fix decompilation of CASE WHEN with an implicit coercion.
      - Fix possible misassignment of the owner of a TOAST table's rowtype.
        If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
        by someone other than the table owner, the pg_type entry for the
        table's TOAST table would end up marked as owned by that someone.
        This caused no immediate problems, since the permissions on the
        TOAST rowtype aren't examined by any ordinary database operation.
        However, it could lead to unexpected failures if one later tried to
        drop the role that issued the command (in 8.1 or 8.2), or "owner of
        data type appears to be invalid" warnings from pg_dump after having
        done so (in 8.3).
      - Change "UNLISTEN" to exit quickly if the current session has never
        executed any "LISTEN" command.
        Most of the time this is not a particularly useful optimization,
        but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
        caused a substantial performance problem for applications that made
        heavy use of "DISCARD ALL".
      - Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
        clause anywhere in the string, not only at the start; in
        particular, don't fail for "INSERT INTO" within "CREATE RULE".
      - Clean up PL/pgSQL error status variables fully at block exit.
        This is not a problem for PL/pgSQL itself, but the omission could
        cause the PL/pgSQL Debugger to crash while examining the state of a
        function.
      - Add MUST (Mauritius Island Summer Time) to the default list of
        known timezone abbreviations (Xavier Bugaud)
Checksums-Sha1: 
 3421d4d9a2e6a8dda6104ea3abdbefe5e987d32e 1665 postgresql-8.3_8.3.7-0lenny1.dsc
 a4aada6f9d6ed25c8e99b691dd9796dec95eb074 42746 postgresql-8.3_8.3.7-0lenny1.diff.gz
 a693f108496cd37832f64c8a2c39a778b9313985 2125832 postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 918c337d68e412531996689555f587ff52dc0d3f 234668 postgresql_8.3.7-0lenny1_all.deb
 f1b8d8a92445e56cb896d11cf8619a07bc00e2b1 234638 postgresql-client_8.3.7-0lenny1_all.deb
 b0024740228b3622ecece2f1626ca41d5d27f065 234476 postgresql-doc_8.3.7-0lenny1_all.deb
 68680e7e4a20d5a2a2de61158089d17251991983 234534 postgresql-contrib_8.3.7-0lenny1_all.deb
 43963f9a5d0fa54ffb1d2c8d828a34912945bf85 428056 libpq-dev_8.3.7-0lenny1_i386.deb
 1c141364b3d86cdc7846f94a6a5d9f96c5b34a9c 363392 libpq5_8.3.7-0lenny1_i386.deb
 81f32e5ce561c19ac54dcb7b62682541ef0d5ba5 262644 libecpg6_8.3.7-0lenny1_i386.deb
 697f21c3d3fd803c35ba4bc42e635ddc7e397172 444342 libecpg-dev_8.3.7-0lenny1_i386.deb
 7ea08e861b9e57fc84dd2a8d541fa997095043ec 241714 libecpg-compat3_8.3.7-0lenny1_i386.deb
 27162aa5a80875cddeeabf91e67b0abc7dfda281 263282 libpgtypes3_8.3.7-0lenny1_i386.deb
 8699da70c00b41fb7633ac97683aa4ade8346f30 5208078 postgresql-8.3_8.3.7-0lenny1_i386.deb
 afe5d58b9d5c53f141b84e83d117e2b24522be7b 1650982 postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 562e6dc56d030c0c9a1af8e926247392455e86ca 805600 postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 c032d20e692e32a8079fb636560d1f68506464a2 560160 postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 e969c875ecbde3e68dd26c40cbd66cebba9340ef 260242 postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 3c4a916cf58dcfc318468c25f5b76b9d9d13aecd 253226 postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 1ca7eac014dc4432b9b89fe9886996886bff8a21 252194 postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Checksums-Sha256: 
 c34564519d51cfcc801d3db961e174e336a86ee18251c0443147c3f10e0bc0aa 1665 postgresql-8.3_8.3.7-0lenny1.dsc
 05b6010864698d31683d64333462740c75cc185fc53322c10f7d76286d045646 42746 postgresql-8.3_8.3.7-0lenny1.diff.gz
 864c8bc3f2ab49fcad0e56a67481978497458b554f9e06eac1a76f18b91af0c3 2125832 postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 3dd184a80fc3ab1b18ea6ea11445effe441db6598cd1434abbf78498d2f4bece 234668 postgresql_8.3.7-0lenny1_all.deb
 06b328460c7012c2a81d93af04b3d8462052fc5e71bd5d40900b114bd28793fe 234638 postgresql-client_8.3.7-0lenny1_all.deb
 2f63d39c2324c402fd2148bd5f982d55b9dbc9717b93d1942c2429afbd4370cb 234476 postgresql-doc_8.3.7-0lenny1_all.deb
 be3882a85497923e01f59fefd800e5243b3ae8d8f4e2b9f9f98fea8fb12fdcf9 234534 postgresql-contrib_8.3.7-0lenny1_all.deb
 136528d3b80f9c4c96b694a373ab1120c3a36365a0a96d522a245806813ecfb9 428056 libpq-dev_8.3.7-0lenny1_i386.deb
 279c6b4ea9d8a03d5e008d7c4a7a1acdfdf1b36b4b31cb0a7c74c62c25097994 363392 libpq5_8.3.7-0lenny1_i386.deb
 44af5f7830a2beb664c6509ef41f192cf8ab9f2e13c49b8ee0c39022ea0db246 262644 libecpg6_8.3.7-0lenny1_i386.deb
 a136930d3f004a0bd46264e51892d460cb08061d44e9a5c375fbed10e3d8cbff 444342 libecpg-dev_8.3.7-0lenny1_i386.deb
 2ecf645c6bc958d1fd3c6543f18fd59ac473184d29a985f078e6f2cca14c2eaa 241714 libecpg-compat3_8.3.7-0lenny1_i386.deb
 b0c911a15f98b3e66b511bb68f3e29c5f554b8642544776c91a748703d6a40b5 263282 libpgtypes3_8.3.7-0lenny1_i386.deb
 f15be2931bfb11b0e382e3c68de92c6e94e7eae58bbdea490404b15a83753877 5208078 postgresql-8.3_8.3.7-0lenny1_i386.deb
 6afd86292f02f98b991868be190840b61358ab1bf24a2a2d157bad5db05d8e9c 1650982 postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 999e4e0fee8d78ed6082133a396c45d449fb0223da3557c4ff9e8c68511fb8cb 805600 postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 06bc3b5584e4d0a45f859a11bd8bc91121e595449b289f10fd336a089ea040d2 560160 postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 711c385e773fe5faf9084138821fd5c9f5ca605a2db4398e29dcb81350b2e9f7 260242 postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 20307c0d7ed1a574167e89e23c23cfa52fdf5ebb895f029a1ab4d2d344277534 253226 postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 e11c7b4ed3819ff7cc81bdf5dabd1a5cebf70d332b7816f768f12c113769ba24 252194 postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Files: 
 cefb47755f7d0c43200cfd2970fa84b7 1665 misc optional postgresql-8.3_8.3.7-0lenny1.dsc
 246bf61b49bb1c9d759a8693f1675596 42746 misc optional postgresql-8.3_8.3.7-0lenny1.diff.gz
 c38a66535e5b31ce4d3f960b6d01a81f 2125832 doc optional postgresql-doc-8.3_8.3.7-0lenny1_all.deb
 ae91c989c4b798311ec054c5d01a4425 234668 misc optional postgresql_8.3.7-0lenny1_all.deb
 5c64a75504182179863a4c2b2741adde 234638 misc optional postgresql-client_8.3.7-0lenny1_all.deb
 2092d673e25728521e9bace3865bc606 234476 doc optional postgresql-doc_8.3.7-0lenny1_all.deb
 2936998bfad471c3374eabf703ee3324 234534 misc optional postgresql-contrib_8.3.7-0lenny1_all.deb
 ea4e58987dcc5921e33d5440f7567ee0 428056 libdevel optional libpq-dev_8.3.7-0lenny1_i386.deb
 d68a6d2476cd5bded4ba3a285e8390ae 363392 libs optional libpq5_8.3.7-0lenny1_i386.deb
 fd2837f56ac826b269c4d09358485cc3 262644 libs optional libecpg6_8.3.7-0lenny1_i386.deb
 6fe82e511d77c9fb47912b0b7657e3c8 444342 libdevel optional libecpg-dev_8.3.7-0lenny1_i386.deb
 d93f76b8a38932d54fb3bf228bc7092b 241714 libs optional libecpg-compat3_8.3.7-0lenny1_i386.deb
 bb47de1ba28b4d0347f4b8d74f1190ec 263282 libs optional libpgtypes3_8.3.7-0lenny1_i386.deb
 d6663908aa5a8e430e9ea769bf979998 5208078 misc optional postgresql-8.3_8.3.7-0lenny1_i386.deb
 de0a4f9ab42168fb0af86b31491dd2bf 1650982 misc optional postgresql-client-8.3_8.3.7-0lenny1_i386.deb
 a7634cf632f0a9e4f6e9c6be0b96e88f 805600 libdevel optional postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
 59a01cd7e7cbaee0c64e10387280664d 560160 misc optional postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
 f9ecf02f71a75dc71b4672fcab110269 260242 misc optional postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
 85e1c6d77a136826272154ebfb96b9c7 253226 misc optional postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
 bc06674c47df8eb5b31473c5b006c035 252194 misc optional postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknA59IACgkQDecnbV4Fd/IkGACgmXubPbdcI5QgoCNDQmOp5N3P
MiEAoMdwApdYYPUPREcz77N0Zhumu5tE
=LZKW
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 10 May 2009 07:25:58 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:22:55 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.