[Pkg-postgresql-public] postgresql-9.5_9.5.2-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Mar 31 16:26:47 UTC 2016


Hash: SHA256

Format: 1.8
Date: Tue, 29 Mar 2016 12:22:08 +0200
Source: postgresql-9.5
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5
Architecture: source
Version: 9.5.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <myon at debian.org>
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.5 - object-relational SQL database, version 9.5 server
 postgresql-9.5-dbg - debug symbols for postgresql-9.5
 postgresql-client-9.5 - front-end programs for PostgreSQL 9.5
 postgresql-contrib-9.5 - additional facilities for PostgreSQL
 postgresql-doc-9.5 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5
 postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5
 postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5
 postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5
 postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming
 postgresql-9.5 (9.5.2-1) unstable; urgency=medium
   * New upstream version.
     + Disable abbreviated keys for string sorting in non-C locales
       (Robert Haas)
       PostgreSQL 9.5 introduced logic for speeding up comparisons of string
       data types by using the standard C library function strxfrm() as a
       substitute for strcoll().  It now emerges that most versions of glibc
       (Linux's implementation of the C library) have buggy implementations of
       strxfrm() that, in some locales, can produce string comparison results
       that do not match strcoll().  Until this problem can be better
       characterized, disable the optimization in all non-C locales.  (C locale
       is safe since it uses neither strcoll() nor strxfrm().)
       Unfortunately, this problem affects not only sorting but also entry
       ordering in B-tree indexes, which means that B-tree indexes on text,
       varchar, or char columns may now be corrupt if they sort according to an
       affected locale and were built or modified under PostgreSQL 9.5.0 or
       9.5.1. Users should REINDEX indexes that might be affected.
       It is not possible at this time to give an exhaustive list of
       known-affected locales.  C locale is known safe, and there is no
       evidence of trouble in English-based locales such as en_US, but some
       other popular locales such as de_DE are affected in most glibc versions.
     + Maintain row-security status properly in cached plans (Stephen Frost)
       In a session that performs queries as more than one role, the plan cache
       might incorrectly re-use a plan that was generated for another role ID,
       thus possibly applying the wrong set of policies when row-level security
       (RLS) is in use. (CVE-2016-2193)
     + Add must-be-superuser checks to some new contrib/pageinspect functions
       (Andreas Seltenreich)
       Most functions in the pageinspect extension that inspect bytea values
       disallow calls by non-superusers, but brin_page_type() and
       brin_metapage_info() failed to do so.  Passing contrived bytea values to
       them might crash the server or disclose a few bytes of server memory.
       Add the missing permissions checks to prevent misuse. (CVE-2016-3065)
   * 02-relax-sslkey-permscheck.patch: Replace with what went upstream in 9.6.
   * Stop suggesting the use of identd.
   * Modernize server package description.
   * Recommend sysstat.
 75c136aa2fc4455889395276476e2a86fc04e6d6 3518 postgresql-9.5_9.5.2-1.dsc
 e139e5607fafd96926463123f7751086adaad724 18446616 postgresql-9.5_9.5.2.orig.tar.bz2
 ad550bf524d221ad926310d5e39c99fdb2ac3b54 21012 postgresql-9.5_9.5.2-1.debian.tar.xz
 7e01c1f1578ec22815202beb5c08a1b3346408f9f27eac1e146647d5856c7cc5 3518 postgresql-9.5_9.5.2-1.dsc
 f8d132e464506b551ef498719f18cfe9d777709c7a1589dc360afc0b20e47c41 18446616 postgresql-9.5_9.5.2.orig.tar.bz2
 dd78464d9dcd195d4b0075897a60aebfe64f3ea2794423f104722e7a3a0b222a 21012 postgresql-9.5_9.5.2-1.debian.tar.xz
 bafa3bc45f47c4d2b7a579756a84a6c5 3518 database optional postgresql-9.5_9.5.2-1.dsc
 c3f829b50f0351208debc79af3c946f9 18446616 database optional postgresql-9.5_9.5.2.orig.tar.bz2
 64619bcd583a49d78e9c5b7e9b3cc130 21012 database optional postgresql-9.5_9.5.2-1.debian.tar.xz

Version: GnuPG v1


Thank you for your contribution to Debian.

More information about the Pkg-postgresql-public mailing list