-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2009-12-15 16:01:10 UTC
-
mfrom:
(1.1.13 upstream)
-
Revision ID:
james.westby@ubuntu.com-20091215160110-k16n95okdixq986s
Tags: 8.1.19-0ubuntu0.6.06
* New upstream bug fix/security release: (LP: #496923)
- Protect against indirect security threats caused by index functions
changing session-local state. This change prevents allegedly-immutable
index functions from possibly subverting a superuser's session
(CVE-2009-4136).
- Reject SSL certificates containing an embedded null byte in the
common name (CN) field. This prevents unintended matching of a
certificate to a server or client name during SSL validation
(CVE-2009-4034).
- Fix possible crash during backend-startup-time cache initialization.
- Prevent signals from interrupting VACUUM at unsafe times.
- Fix possible crash due to integer overflow in hash table size
calculation.
- Fix very rare crash in inet/cidr comparisons.
- Ensure that shared tuple-level locks held by prepared transactions
are not ignored.
- Fix premature drop of temporary files used for a cursor that is
accessed within a subtransaction.
- Fix PAM password processing to be more robust. The previous code is
known to fail with the combination of the Linux pam_krb5 PAM module with
Microsoft Active Directory as the domain controller. It might have
problems elsewhere too, since it was making unjustified assumptions about
what arguments the PAM stack would pass to it.
- Fix processing of ownership dependencies during CREATE OR REPLACE
FUNCTION.
- Ensure that Perl arrays are properly converted to PostgreSQL arrays
when returned by a set-returning PL/Perl function.
This worked correctly already for non-set-returning functions.
- Fix rare crash in exception processing in PL/Python.
- Make the postmaster ignore any application_name parameter in
connection request packets, to improve compatibility with future
libpq versions.