1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
|
postgresql-13 (13.4-3) unstable; urgency=medium
* Cherry-pick riscv spinlocks patch from upstream. (Closes: #993217)
-- Christoph Berg <myon@debian.org> Tue, 31 Aug 2021 11:59:29 +0200
postgresql-13 (13.4-2) unstable; urgency=medium
* Enable spinlocks on riscv64.
* Fix awk to be mawk, spotted by Yangfl. (Closes: #987786)
* B-D on autoconf2.69. (Closes: #978886)
* Spanish debconf translation by Jonathan Bustillos, thanks!
(Closes: #986775)
* Flatten debian/*.lintian-overrides symlinks.
-- Christoph Berg <myon@debian.org> Thu, 26 Aug 2021 15:34:27 +0200
postgresql-13 (13.4-1) unstable; urgency=medium
* New upstream version.
+ Fix mis-planning of repeated application of a projection step (Tom Lane)
The planner could create an incorrect plan in cases where two
ProjectionPaths were stacked on top of each other. The only known way
to trigger that situation involves parallel sort operations, but there
may be other instances. The result would be crashes or incorrect query
results. Disclosure of server memory contents is also possible.
(CVE-2021-3677)
+ Disallow SSL renegotiation more completely (Michael Paquier)
SSL renegotiation has been disabled for some time, but the server would
still cooperate with a client-initiated renegotiation request. A
maliciously crafted renegotiation request could result in a server crash
(see OpenSSL issue CVE-2021-3449). Disable the feature altogether on
OpenSSL versions that permit doing so, which are 1.1.0h and newer.
* Remove obsolete #dbg# and #PIE# code.
-- Christoph Berg <myon@debian.org> Tue, 18 May 2021 13:56:18 +0200
postgresql-13 (13.3-1) unstable; urgency=medium
* New upstream version.
+ Prevent integer overflows in array subscripting calculations (Tom Lane)
The array code previously did not complain about cases where an array's
lower bound plus length overflows an integer. This resulted in later
entries in the array becoming inaccessible (since their subscripts could
not be written as integers), but more importantly it confused subsequent
assignment operations. This could lead to memory overwrites, with
ensuing crashes or unwanted data modifications. (CVE-2021-32027)
+ Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
target lists (Tom Lane)
If the UPDATE list contains any multi-column sub-selects (which give
rise to junk columns in addition to the results proper), the UPDATE path
would end up storing tuples that include the values of the extra junk
columns. That's fairly harmless in the short run, but if new columns are
added to the table then the values would become accessible, possibly
leading to malfunctions if they don't match the datatypes of the added
columns.
In addition, in versions supporting cross-partition updates, a
cross-partition update triggered by such a case had the reverse problem:
the junk columns were removed from the target list, typically causing an
immediate crash due to malfunction of the multi-column sub-select
mechanism. (CVE-2021-32028)
+ Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for
joined cross-partition updates (Amit Langote, Etsuro Fujita)
If an UPDATE for a partitioned table caused a row to be moved to another
partition with a physically different row type (for example, one with a
different set of dropped columns), computation of RETURNING results for
that row could produce errors or wrong answers. No error is observed
unless the UPDATE involves other tables being joined to the target
table. (CVE-2021-32029)
* Mark libio-pty-perl and libipc-run-perl as <!nocheck>. (Closes: #988121)
-- Christoph Berg <myon@debian.org> Tue, 11 May 2021 22:10:35 +0200
postgresql-13 (13.2-1) unstable; urgency=medium
* New upstream version.
+ Fix failure to check per-column SELECT privileges in some join queries
(Tom Lane)
In some cases involving joins, the parser failed to record all the
columns read by a query in the column-usage bitmaps that are used for
permissions checking. Although the executor would still insist on some
sort of SELECT privilege to run the query, this meant that a user having
SELECT privilege on only one column of a table could nonetheless read
all its columns through a suitably crafted query.
A stored view that is subject to this problem will have incomplete
column-usage bitmaps, and thus permissions will still not be enforced
properly on the view after updating. In installations that depend on
column-level permissions for security, it is recommended to CREATE OR
REPLACE all user-defined views to cause them to be re-parsed.
The PostgreSQL Project thanks Sven Klemm for reporting this problem.
(CVE-2021-20229)
+ Fix information leakage in constraint-violation error messages
(Heikki Linnakangas)
If an UPDATE command attempts to move a row to a different partition but
finds that it violates some constraint on the new partition, and the
columns in that partition are in different physical positions than in
the parent table, the error message could reveal the contents of columns
that the user does not have SELECT privilege on. (CVE-2021-3393)
+ Fix incorrect detection of concurrent page splits while inserting into a
GiST index (Heikki Linnakangas)
Concurrent insertions could lead to a corrupt index with entries placed
in the wrong pages. It's recommended to reindex any GiST index that's
been subject to concurrent insertions.
+ Fix CREATE INDEX CONCURRENTLY to wait for concurrent prepared
transactions (Andrey Borodin)
At the point where CREATE INDEX CONCURRENTLY waits for all concurrent
transactions to complete so that it can see rows they inserted, it must
also wait for all prepared transactions to complete, for the same
reason. Its failure to do so meant that rows inserted by prepared
transactions might be omitted from the new index, causing queries
relying on the index to miss such rows. In installations that have
enabled prepared transactions (max_prepared_transactions > 0), it's
recommended to reindex any concurrently-built indexes in case this
problem occurred when they were built.
[ Christoph Berg ]
* Remove obsolete --enable-integer-datetimes configure option.
(Closes: #974988)
* Modernize server package description.
* Use xsltproc --nonet.
* run-testsuite: Test only this version.
[ Helmut Grohne ]
* Reduce Build-Depends: (Closes: #979456)
+ gdb is only used for testing.
-- Christoph Berg <myon@debian.org> Wed, 10 Feb 2021 17:33:55 +0100
postgresql-13 (13.1-1) unstable; urgency=medium
* New upstream version.
+ Fixes timetz regression test failures. (Closes: #974063)
+ Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers
within index expressions and materialized view queries (Noah Misch)
This is essentially a leak in the security restricted operation sandbox
mechanism. An attacker having permission to create non-temporary SQL
objects could parlay this leak to execute arbitrary SQL code as a
superuser.
The PostgreSQL Project thanks Etienne Stalmans for reporting this
problem. (CVE-2020-25695)
+ Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)
The -d parameter of pg_dump and pg_restore, or the --maintenance-db
parameter of the other programs mentioned, can be a connection string
containing multiple connection parameters rather than just a database
name. In cases where these programs need to initiate additional
connections, such as parallel processing or processing of multiple
databases, the connection string was forgotten and just the basic
connection parameters (database name, host, port, and username) were
used for the additional connections. This could lead to connection
failures if the connection string included any other essential
information, such as non-default SSL or GSS parameters. Worse, the
connection might succeed but not be encrypted as intended, or be
vulnerable to man-in-the-middle attacks that the intended connection
parameters would have prevented. (CVE-2020-25694)
+ When psql's \connect command re-uses connection parameters, ensure that
all non-overridden parameters from a previous connection string are
re-used (Tom Lane)
This avoids cases where reconnection might fail due to omission of
relevant parameters, such as non-default SSL or GSS options. Worse, the
reconnection might succeed but not be encrypted as intended, or be
vulnerable to man-in-the-middle attacks that the intended connection
parameters would have prevented. This is largely the same problem as
just cited for pg_dump et al, although psql's behavior is more complex
since the user may intentionally override some connection parameters.
(CVE-2020-25694)
+ Prevent psql's \gset command from modifying specially-treated variables
(Noah Misch)
\gset without a prefix would overwrite whatever variables the server
told it to. Thus, a compromised server could set specially-treated
variables such as PROMPT1, giving the ability to execute arbitrary shell
code in the user's session.
The PostgreSQL Project thanks Nick Cleaton for reporting this problem.
(CVE-2020-25696)
* Show only log files on failure.
-- Christoph Berg <myon@debian.org> Tue, 10 Nov 2020 13:45:55 +0100
postgresql-13 (13.0-6) unstable; urgency=medium
* Use readline instead of libedit in psql. OpenSSL is considered a system
library now which voids the GPL-2 linking conflict.
http://meetbot.debian.net/debian-ftp/2020/debian-ftp.2020-03-13-20.02.html
* Disable JIT on powerpc riscv64 sparc64 again.
-- Christoph Berg <myon@debian.org> Tue, 20 Oct 2020 10:51:32 +0200
postgresql-13 (13.0-5) unstable; urgency=medium
* Bump LLVM version to 11.
* Enable JIT on powerpc riscv64 s390x sparc64.
* Cherry-pick upstream llvmjit fixes, thanks Andres!
-- Christoph Berg <myon@debian.org> Fri, 16 Oct 2020 11:07:06 +0200
postgresql-13 (13.0-4) unstable; urgency=medium
* Add extension_destdir to postgresql.conf.sample file.
* R³: no.
-- Christoph Berg <myon@debian.org> Tue, 13 Oct 2020 22:05:47 +0200
postgresql-13 (13.0-3) unstable; urgency=medium
* extension_destdir: Allow ALTER EXTENSION ... UPDATE;
-- Christoph Berg <myon@debian.org> Thu, 08 Oct 2020 00:16:33 +0200
postgresql-13 (13.0-2) unstable; urgency=medium
* Force JITing of all queries at test time.
* Disable JIT on s390x, it's broken with LLVM 10.
https://www.postgresql.org/message-id/20200925152907.GI293907%40msg.df7cb.de
-- Christoph Berg <myon@debian.org> Fri, 25 Sep 2020 23:43:22 +0200
postgresql-13 (13.0-1) unstable; urgency=medium
* First PostgreSQL 13 stable release.
* Update extension_destdir to look both in destdir and original location.
* Drop build-time kerberos test, too unstable.
-- Christoph Berg <myon@debian.org> Thu, 24 Sep 2020 12:00:45 +0200
postgresql-13 (13~rc1-1) experimental; urgency=medium
* Release candidate.
* New GUC extension_destdir: Path to prepend for extension loading
This directory is prepended to paths when loading extensions (control
and SQL files), and to the '$libdir' directive when loading modules that
back functions. The location is made configurable to allow build-time
testing of extensions that do not have been installed to their proper
location yet.
-- Christoph Berg <myon@debian.org> Tue, 15 Sep 2020 22:56:40 +0200
postgresql-13 (13~beta3-1) experimental; urgency=medium
* New beta release.
* Extend lintian overrides to client, plperl, and pltcl.
-- Christoph Berg <myon@debian.org> Thu, 16 Jul 2020 13:23:46 +0200
postgresql-13 (13~beta2-2) experimental; urgency=medium
* Drop ldap-utils and slapd from build-dependencies while the "extra" ldap
test isn't run.
* Print backtrace from coredumps at build-time when tests crash.
-- Christoph Berg <myon@debian.org> Wed, 15 Jul 2020 17:14:45 +0200
postgresql-13 (13~beta2-1) experimental; urgency=medium
* New beta release.
-- Christoph Berg <myon@debian.org> Wed, 24 Jun 2020 16:19:12 +0200
postgresql-13 (13~beta1-1) experimental; urgency=medium
* New major upstream version 13; packaging based on postgresql-12.
-- Christoph Berg <myon@debian.org> Tue, 19 May 2020 15:22:03 +0200
|
