Your message dated Wed, 25 Mar 2009 13:53:34 +0000
with message-id <[email protected]>
and subject line Bug#517405: fixed in postgresql-8.3 8.3.7-0lenny1
has caused the Debian Bug report #517405,
regarding postgresql-8.3: Server crashes if using wrong (mismatch) conversion
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
517405: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postgresql-8.3
Version: 8.3.6-1
Severity: serious
Tags: security
Justification: must
As reported in http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
using conversion functions width mismatched specified and database codepages
causes postgresql to segfault.
A serious issue is that a regular user can do that and bring down the whole
system.
Upstream came up with a patch just hours after the report, and it seems
to be slated for 8.3.6:
http://archives.postgresql.org/pgsql-bugs/2009-02/msg00176.php
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18+openvz (SMP w/8 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/bash
Versions of packages postgresql-8.3 depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam0g 1.0.1-5 Pluggable Authentication Modules l
ii libpq5 8.3.6-1 PostgreSQL C client library
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii locales 2.7-18 GNU C Library: National Language (
ii postgresql-client-8.3 8.3.6-1 front-end programs for PostgreSQL
ii postgresql-common 94lenny1 PostgreSQL database-cluster manage
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
ii tzdata 2008h-2 time zone and daylight-saving time
postgresql-8.3 recommends no packages.
Versions of packages postgresql-8.3 suggests:
ii pidentd [ident-server] 3.0.19.ds1-4 TCP/IP IDENT protocol server with
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: postgresql-8.3
Source-Version: 8.3.7-0lenny1
We believe that the bug you reported is fixed in the latest version of
postgresql-8.3, which is due to be installed in the Debian FTP archive:
libecpg-compat3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libecpg-compat3_8.3.7-0lenny1_i386.deb
libecpg-dev_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libecpg-dev_8.3.7-0lenny1_i386.deb
libecpg6_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libecpg6_8.3.7-0lenny1_i386.deb
libpgtypes3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libpgtypes3_8.3.7-0lenny1_i386.deb
libpq-dev_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libpq-dev_8.3.7-0lenny1_i386.deb
libpq5_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/libpq5_8.3.7-0lenny1_i386.deb
postgresql-8.3_8.3.7-0lenny1.diff.gz
to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.diff.gz
postgresql-8.3_8.3.7-0lenny1.dsc
to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1.dsc
postgresql-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-8.3_8.3.7-0lenny1_i386.deb
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.7-0lenny1_i386.deb
postgresql-client_8.3.7-0lenny1_all.deb
to pool/main/p/postgresql-8.3/postgresql-client_8.3.7-0lenny1_all.deb
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
postgresql-contrib_8.3.7-0lenny1_all.deb
to pool/main/p/postgresql-8.3/postgresql-contrib_8.3.7-0lenny1_all.deb
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
to pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.7-0lenny1_all.deb
postgresql-doc_8.3.7-0lenny1_all.deb
to pool/main/p/postgresql-8.3/postgresql-doc_8.3.7-0lenny1_all.deb
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
to pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
postgresql_8.3.7-0lenny1_all.deb
to pool/main/p/postgresql-8.3/postgresql_8.3.7-0lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[email protected]> (supplier of updated postgresql-8.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 14 Mar 2009 19:17:23 +0100
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3
postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3
postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client
postgresql-doc postgresql-contrib
Architecture: source all i386
Version: 8.3.7-0lenny1
Distribution: stable
Urgency: low
Maintainer: Martin Pitt <[email protected]>
Changed-By: Martin Pitt <[email protected]>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.3 - object-relational SQL database, version 8.3 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.3 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.3 - documentation for the PostgreSQL database management
system
postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side
programming
Closes: 517405
Changes:
postgresql-8.3 (8.3.7-0lenny1) stable; urgency=low
.
* New upstream bug fix release:
- Prevent error recursion crashes when encoding conversion fails.
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly
tailored for the original problem reports, but we have now
recognized that *any* error thrown by an encoding conversion
function could potentially lead to infinite recursion while trying
to report the error. The solution therefore is to disable
translation and encoding conversion and report the plain-ASCII form
of any error message, if we find we have gotten into a recursive
error reporting situation. (Closes: #517405)
- Disallow "CREATE CONVERSION" with the wrong encodings for the
specified conversion function. This prevents one possible scenario for
encoding conversion failure. The previous change is a backstop to guard
against other kinds of failures in the same area.
- Fix xpath() to not modify the path expression unless necessary, and
to make a saner attempt at it when necessary.
The SQL standard suggests that xpath should work on data that is a
document fragment, but libxml doesn't support that, and indeed it's
not clear that this is sensible according to the XPath standard.
xpath attempted to work around this mismatch by modifying both the
data and the path expression, but the modification was buggy and
could cause valid searches to fail. Now, xpath checks whether the
data is in fact a well-formed document, and if so invokes libxml
with no change to the data or path expression. Otherwise, a
different modification method that is somewhat less likely to fail
is used.
Note: The new modification method is still not 100% satisfactory,
and it seems likely that no real solution is possible. This patch
should therefore be viewed as a band-aid to keep from breaking
existing applications unnecessarily. It is likely that PostgreSQL
8.4 will simply reject use of xpath on data that is not a
well-formed document.
- Fix core dump when to_char() is given format codes that are
inappropriate for the type of the data argument.
- Fix extreme inefficiency in text search parser's handling of an
email-like string containing multiple @ characters.
- Fix planner problem with sub-"SELECT" in the output list of a
larger subquery.
- Fix decompilation of CASE WHEN with an implicit coercion.
- Fix possible misassignment of the owner of a TOAST table's rowtype.
If "CLUSTER" or a rewriting variant of "ALTER TABLE" were executed
by someone other than the table owner, the pg_type entry for the
table's TOAST table would end up marked as owned by that someone.
This caused no immediate problems, since the permissions on the
TOAST rowtype aren't examined by any ordinary database operation.
However, it could lead to unexpected failures if one later tried to
drop the role that issued the command (in 8.1 or 8.2), or "owner of
data type appears to be invalid" warnings from pg_dump after having
done so (in 8.3).
- Change "UNLISTEN" to exit quickly if the current session has never
executed any "LISTEN" command.
Most of the time this is not a particularly useful optimization,
but since "DISCARD ALL" invokes "UNLISTEN", the previous coding
caused a substantial performance problem for applications that made
heavy use of "DISCARD ALL".
- Fix PL/pgSQL to not treat INTO after "INSERT" as an INTO-variables
clause anywhere in the string, not only at the start; in
particular, don't fail for "INSERT INTO" within "CREATE RULE".
- Clean up PL/pgSQL error status variables fully at block exit.
This is not a problem for PL/pgSQL itself, but the omission could
cause the PL/pgSQL Debugger to crash while examining the state of a
function.
- Add MUST (Mauritius Island Summer Time) to the default list of
known timezone abbreviations (Xavier Bugaud)
Checksums-Sha1:
3421d4d9a2e6a8dda6104ea3abdbefe5e987d32e 1665 postgresql-8.3_8.3.7-0lenny1.dsc
a4aada6f9d6ed25c8e99b691dd9796dec95eb074 42746
postgresql-8.3_8.3.7-0lenny1.diff.gz
a693f108496cd37832f64c8a2c39a778b9313985 2125832
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
918c337d68e412531996689555f587ff52dc0d3f 234668
postgresql_8.3.7-0lenny1_all.deb
f1b8d8a92445e56cb896d11cf8619a07bc00e2b1 234638
postgresql-client_8.3.7-0lenny1_all.deb
b0024740228b3622ecece2f1626ca41d5d27f065 234476
postgresql-doc_8.3.7-0lenny1_all.deb
68680e7e4a20d5a2a2de61158089d17251991983 234534
postgresql-contrib_8.3.7-0lenny1_all.deb
43963f9a5d0fa54ffb1d2c8d828a34912945bf85 428056
libpq-dev_8.3.7-0lenny1_i386.deb
1c141364b3d86cdc7846f94a6a5d9f96c5b34a9c 363392 libpq5_8.3.7-0lenny1_i386.deb
81f32e5ce561c19ac54dcb7b62682541ef0d5ba5 262644 libecpg6_8.3.7-0lenny1_i386.deb
697f21c3d3fd803c35ba4bc42e635ddc7e397172 444342
libecpg-dev_8.3.7-0lenny1_i386.deb
7ea08e861b9e57fc84dd2a8d541fa997095043ec 241714
libecpg-compat3_8.3.7-0lenny1_i386.deb
27162aa5a80875cddeeabf91e67b0abc7dfda281 263282
libpgtypes3_8.3.7-0lenny1_i386.deb
8699da70c00b41fb7633ac97683aa4ade8346f30 5208078
postgresql-8.3_8.3.7-0lenny1_i386.deb
afe5d58b9d5c53f141b84e83d117e2b24522be7b 1650982
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
562e6dc56d030c0c9a1af8e926247392455e86ca 805600
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
c032d20e692e32a8079fb636560d1f68506464a2 560160
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
e969c875ecbde3e68dd26c40cbd66cebba9340ef 260242
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
3c4a916cf58dcfc318468c25f5b76b9d9d13aecd 253226
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
1ca7eac014dc4432b9b89fe9886996886bff8a21 252194
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Checksums-Sha256:
c34564519d51cfcc801d3db961e174e336a86ee18251c0443147c3f10e0bc0aa 1665
postgresql-8.3_8.3.7-0lenny1.dsc
05b6010864698d31683d64333462740c75cc185fc53322c10f7d76286d045646 42746
postgresql-8.3_8.3.7-0lenny1.diff.gz
864c8bc3f2ab49fcad0e56a67481978497458b554f9e06eac1a76f18b91af0c3 2125832
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
3dd184a80fc3ab1b18ea6ea11445effe441db6598cd1434abbf78498d2f4bece 234668
postgresql_8.3.7-0lenny1_all.deb
06b328460c7012c2a81d93af04b3d8462052fc5e71bd5d40900b114bd28793fe 234638
postgresql-client_8.3.7-0lenny1_all.deb
2f63d39c2324c402fd2148bd5f982d55b9dbc9717b93d1942c2429afbd4370cb 234476
postgresql-doc_8.3.7-0lenny1_all.deb
be3882a85497923e01f59fefd800e5243b3ae8d8f4e2b9f9f98fea8fb12fdcf9 234534
postgresql-contrib_8.3.7-0lenny1_all.deb
136528d3b80f9c4c96b694a373ab1120c3a36365a0a96d522a245806813ecfb9 428056
libpq-dev_8.3.7-0lenny1_i386.deb
279c6b4ea9d8a03d5e008d7c4a7a1acdfdf1b36b4b31cb0a7c74c62c25097994 363392
libpq5_8.3.7-0lenny1_i386.deb
44af5f7830a2beb664c6509ef41f192cf8ab9f2e13c49b8ee0c39022ea0db246 262644
libecpg6_8.3.7-0lenny1_i386.deb
a136930d3f004a0bd46264e51892d460cb08061d44e9a5c375fbed10e3d8cbff 444342
libecpg-dev_8.3.7-0lenny1_i386.deb
2ecf645c6bc958d1fd3c6543f18fd59ac473184d29a985f078e6f2cca14c2eaa 241714
libecpg-compat3_8.3.7-0lenny1_i386.deb
b0c911a15f98b3e66b511bb68f3e29c5f554b8642544776c91a748703d6a40b5 263282
libpgtypes3_8.3.7-0lenny1_i386.deb
f15be2931bfb11b0e382e3c68de92c6e94e7eae58bbdea490404b15a83753877 5208078
postgresql-8.3_8.3.7-0lenny1_i386.deb
6afd86292f02f98b991868be190840b61358ab1bf24a2a2d157bad5db05d8e9c 1650982
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
999e4e0fee8d78ed6082133a396c45d449fb0223da3557c4ff9e8c68511fb8cb 805600
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
06bc3b5584e4d0a45f859a11bd8bc91121e595449b289f10fd336a089ea040d2 560160
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
711c385e773fe5faf9084138821fd5c9f5ca605a2db4398e29dcb81350b2e9f7 260242
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
20307c0d7ed1a574167e89e23c23cfa52fdf5ebb895f029a1ab4d2d344277534 253226
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
e11c7b4ed3819ff7cc81bdf5dabd1a5cebf70d332b7816f768f12c113769ba24 252194
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
Files:
cefb47755f7d0c43200cfd2970fa84b7 1665 misc optional
postgresql-8.3_8.3.7-0lenny1.dsc
246bf61b49bb1c9d759a8693f1675596 42746 misc optional
postgresql-8.3_8.3.7-0lenny1.diff.gz
c38a66535e5b31ce4d3f960b6d01a81f 2125832 doc optional
postgresql-doc-8.3_8.3.7-0lenny1_all.deb
ae91c989c4b798311ec054c5d01a4425 234668 misc optional
postgresql_8.3.7-0lenny1_all.deb
5c64a75504182179863a4c2b2741adde 234638 misc optional
postgresql-client_8.3.7-0lenny1_all.deb
2092d673e25728521e9bace3865bc606 234476 doc optional
postgresql-doc_8.3.7-0lenny1_all.deb
2936998bfad471c3374eabf703ee3324 234534 misc optional
postgresql-contrib_8.3.7-0lenny1_all.deb
ea4e58987dcc5921e33d5440f7567ee0 428056 libdevel optional
libpq-dev_8.3.7-0lenny1_i386.deb
d68a6d2476cd5bded4ba3a285e8390ae 363392 libs optional
libpq5_8.3.7-0lenny1_i386.deb
fd2837f56ac826b269c4d09358485cc3 262644 libs optional
libecpg6_8.3.7-0lenny1_i386.deb
6fe82e511d77c9fb47912b0b7657e3c8 444342 libdevel optional
libecpg-dev_8.3.7-0lenny1_i386.deb
d93f76b8a38932d54fb3bf228bc7092b 241714 libs optional
libecpg-compat3_8.3.7-0lenny1_i386.deb
bb47de1ba28b4d0347f4b8d74f1190ec 263282 libs optional
libpgtypes3_8.3.7-0lenny1_i386.deb
d6663908aa5a8e430e9ea769bf979998 5208078 misc optional
postgresql-8.3_8.3.7-0lenny1_i386.deb
de0a4f9ab42168fb0af86b31491dd2bf 1650982 misc optional
postgresql-client-8.3_8.3.7-0lenny1_i386.deb
a7634cf632f0a9e4f6e9c6be0b96e88f 805600 libdevel optional
postgresql-server-dev-8.3_8.3.7-0lenny1_i386.deb
59a01cd7e7cbaee0c64e10387280664d 560160 misc optional
postgresql-contrib-8.3_8.3.7-0lenny1_i386.deb
f9ecf02f71a75dc71b4672fcab110269 260242 misc optional
postgresql-plperl-8.3_8.3.7-0lenny1_i386.deb
85e1c6d77a136826272154ebfb96b9c7 253226 misc optional
postgresql-plpython-8.3_8.3.7-0lenny1_i386.deb
bc06674c47df8eb5b31473c5b006c035 252194 misc optional
postgresql-pltcl-8.3_8.3.7-0lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknA59IACgkQDecnbV4Fd/IkGACgmXubPbdcI5QgoCNDQmOp5N3P
MiEAoMdwApdYYPUPREcz77N0Zhumu5tE
=LZKW
-----END PGP SIGNATURE-----
--- End Message ---
