-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2010-04-07 19:25:03 UTC
-
mfrom:
(1.1.14 upstream)
-
Revision ID:
james.westby@ubuntu.com-20100407192503-eksxp9newge20f91
Tags: 8.1.20-0ubuntu0.6.06
* New upstream bug fix release: (LP: #557408)
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.