diff options
Diffstat (limited to '')
-rw-r--r-- | debian/changelog | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..9e0e440 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,191 @@ +postgresql-14 (14.5-3) unstable; urgency=medium + + * Stop building lib packages, postgresql-15 is already in unstable.. + (Closes: #1022152) + + -- Christoph Berg <myon@debian.org> Sat, 22 Oct 2022 14:48:48 +0200 + +postgresql-14 (14.5-2) unstable; urgency=medium + + * Test-Depend on locales-all instead of locales. + * Add Italian debconf translation by Ceppo, thanks! (Closes: #1019162) + + -- Christoph Berg <myon@debian.org> Fri, 09 Sep 2022 22:23:26 +0200 + +postgresql-14 (14.5-1) unstable; urgency=medium + + * New upstream version. + + + Do not let extension scripts replace objects not already belonging to + the extension (Tom Lane) (CVE-2022-2625) + + This change prevents extension scripts from doing CREATE OR REPLACE if + there is an existing object that does not belong to the extension. It + also prevents CREATE IF NOT EXISTS in the same situation. This prevents + a form of trojan-horse attack in which a hostile database user could + become the owner of an extension object and then modify it to compromise + future uses of the object by other users. As a side benefit, it also + reduces the risk of accidentally replacing objects one did not mean to. + + The PostgreSQL Project thanks Sven Klemm for reporting this problem. + + * Update lintian overrides. + + -- Christoph Berg <myon@debian.org> Wed, 10 Aug 2022 14:45:40 +0200 + +postgresql-14 (14.4-1) unstable; urgency=medium + + * New upstream release. + + + Prevent possible corruption of indexes created or rebuilt with the + CONCURRENTLY option (Álvaro Herrera) + + An optimization added in v14 caused CREATE INDEX ... CONCURRENTLY and + REINDEX ... CONCURRENTLY to sometimes miss indexing rows that were + updated during the index build. Revert that optimization. It is + recommended that any indexes made with the CONCURRENTLY option be + rebuilt after installing this update. (Alternatively, rebuild them + without CONCURRENTLY.) + + -- Christoph Berg <myon@debian.org> Tue, 14 Jun 2022 09:49:41 +0200 + +postgresql-14 (14.3-1) unstable; urgency=medium + + * New upstream release. + + * Confine additional operations within security restricted operation + sandboxes (Sergey Shinderuk, Noah Misch) + + Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, + and pg_amcheck activated the security restricted operation protection + mechanism too late, or even not at all in some code paths. A user having + permission to create non-temporary objects within a database could + define an object that would execute arbitrary SQL code with superuser + permissions the next time that autovacuum processed the object, or that + some superuser ran one of the affected commands against it. + + The PostgreSQL Project thanks Alexander Lakhin for reporting this + problem. (CVE-2022-1552) + + * Fix default signature length for gist_ltree_ops indexes + (Tomas Vondra, Alexander Korotkov) + + The default signature length (hash size) for GiST indexes on ltree + columns was accidentally changed while upgrading that operator class to + support operator class parameters. If any operations had been done on + such an index without first upgrading the ltree extension to version + 1.2, they were done assuming that the signature length was 28 bytes + rather than the intended 8. This means it is very likely that such + indexes are now corrupt. For safety we recommend re-indexing all GiST + indexes on ltree columns after installing this update. (Note that GiST + indexes on ltree[] columns, that is arrays of ltree, are not affected.) + + -- Christoph Berg <myon@debian.org> Tue, 10 May 2022 10:34:28 +0200 + +postgresql-14 (14.2-1) unstable; urgency=medium + + * New upstream release. + + -- Christoph Berg <myon@debian.org> Wed, 09 Feb 2022 10:39:43 +0100 + +postgresql-14 (14.1-5) unstable; urgency=medium + + * Provide postgresql-14-jit-llvm (= ${llvm:Version}) so extensions can + depend on a matching llvm version. + + -- Christoph Berg <myon@debian.org> Mon, 03 Jan 2022 16:08:18 +0100 + +postgresql-14 (14.1-4) unstable; urgency=medium + + [ Christoph Berg ] + * Disable LLVM JIT on s390x for now. (See #1002029) + + [ Christian Ehrhardt ] + * postgresql-common/server/postgresql.mk: avoid gcc 11 ICE on armhf and + armel. + + -- Christoph Berg <myon@debian.org> Mon, 20 Dec 2021 18:21:21 +0100 + +postgresql-14 (14.1-3) unstable; urgency=medium + + * Use system default clang/llvm version. (Closes: #1000915) + * Use centralized debian/rules logic in postgresql-common. + + -- Christoph Berg <myon@debian.org> Fri, 03 Dec 2021 09:56:49 +0100 + +postgresql-14 (14.1-2) unstable; urgency=medium + + * Enable outline-atomics on arm64 (affects Ubuntu focal only). + + -- Christoph Berg <myon@debian.org> Tue, 16 Nov 2021 11:56:37 +0100 + +postgresql-14 (14.1-1) unstable; urgency=medium + + * New upstream release. + + + Make the server and libpq reject extraneous data after an SSL or GSS + encryption handshake (Tom Lane) + + A man-in-the-middle with the ability to inject data into the TCP + connection could stuff some cleartext data into the start of a + supposedly encryption-protected database session. + + This could be abused to send faked SQL commands to the server, although + that would only work if the server did not demand any authentication + data. (However, a server relying on SSL certificate authentication + might well not do so.) (CVE-2021-23214) + + This could probably be abused to inject faked responses to the client's + first few queries, although other details of libpq's behavior make that + harder than it sounds. A different line of attack is to exfiltrate the + client's password, or other sensitive data that might be sent early in + the session. That has been shown to be possible with a server + vulnerable to CVE-2021-23214. (CVE-2021-23222) + + The PostgreSQL Project thanks Jacob Champion for reporting these + problems. + + * libpq-dev: Depend on libssl-dev, `pkg-config --exists libpq` requires it. + + -- Christoph Berg <myon@debian.org> Fri, 05 Nov 2021 12:05:46 +0100 + +postgresql-14 (14.0-1) unstable; urgency=medium + + * First PG14 release. + * Depend on postgresql-common 229 for scram-sha-256 authentication by + default. + + -- Christoph Berg <myon@debian.org> Tue, 28 Sep 2021 13:56:00 +0200 + +postgresql-14 (14~rc1-1) experimental; urgency=medium + + * First PG14 release candidate. + * Enable spinlocks on riscv64. + * Fix awk to be mawk, spotted by Yangfl. (Closes: #987786) + * configure.ac: Remove check for autoconf 2.69. + * Spanish debconf translation by Jonathan Bustillos, thanks! + (Closes: #986775) + * Flatten debian/*.lintian-overrides symlinks. + + -- Christoph Berg <myon@debian.org> Thu, 23 Sep 2021 12:39:42 +0200 + +postgresql-14 (14~beta3-1) experimental; urgency=medium + + * New beta version. + * libpq5.symbols: Add PQsendFlushRequest. + + -- Christoph Berg <myon@debian.org> Tue, 10 Aug 2021 13:11:12 +0200 + +postgresql-14 (14~beta2-1) experimental; urgency=medium + + * New beta version. + * libpq5.symbols: Add PQmblenBounded, PQsetTraceFlags, remove PQtraceSetFlags. + * debian/tests/installcheck: Use --make-testtablespace-dir. + + -- Christoph Berg <myon@debian.org> Wed, 23 Jun 2021 11:03:06 +0200 + +postgresql-14 (14~beta1-1) experimental; urgency=medium + + * New major upstream version 14; packaging based on postgresql-13. + + -- Christoph Berg <myon@debian.org> Tue, 18 May 2021 13:40:56 +0200 |