Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc/databases
From: Matthias Scheler
Date: 2012-07-03 01:06:56
Message id: 20120702230657.270C7175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3842 - requested by morr
databases/postgresql83-adminpack: security update
databases/postgresql83-client: security update
databases/postgresql83-plperl: security update
databases/postgresql83-pltcl: security update
databases/postgresql83-server: security update
databases/postgresql83-uuid: security update
databases/postgresql83: security update

Revisions pulled up:
- databases/postgresql83-adminpack/Makefile                     1.10
- databases/postgresql83-client/Makefile                        1.27
- databases/postgresql83-client/PLIST                           1.21
- databases/postgresql83-plperl/Makefile                        1.16
- databases/postgresql83-plpython/Makefile                      1.14
- databases/postgresql83-pltcl/Makefile                         1.10
- databases/postgresql83-server/Makefile                        1.19
- databases/postgresql83-server/PLIST                           1.18
- databases/postgresql83-uuid/Makefile                          1.3
- databases/postgresql83/Makefile                               1.8
- databases/postgresql83/Makefile.common                        1.24
- databases/postgresql83/distinfo                               1.22

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Jul  1 19:19:42 UTC 2012

   Modified Files:
   	pkgsrc/databases/postgresql83: Makefile.common distinfo
   	pkgsrc/databases/postgresql83-client: PLIST
   	pkgsrc/databases/postgresql83-plpython: Makefile
   	pkgsrc/databases/postgresql83-server: PLIST

   Log Message:
   Security update to version 8.3.19.

   Changes:

   * Fix incorrect password transformation in contrib/pgcrypto's DES crypt() \ 
function (Solar Designer)
   * If a password string contained the byte value 0x80, the remainder of the \ 
password was ignored, causing the password to be much weaker than it appeared. \ 
With this fix, the rest of the string is properly included in the DES hash. Any \ 
stored password values that are affected by this bug will thus no longer match, \ 
so the stored values may need to be updated. (CVE-2012-2143)
   * Ignore SECURITY DEFINER and SET attributes for a procedural language's call \ 
handler (Tom Lane)
   * Applying such attributes to a call handler could crash the server. \ 
(CVE-2012-2655)
   * Allow numeric timezone offsets in timestamp input to be up to 16 hours away \ 
from UTC (Tom Lane)
   * Some historical time zones have offsets larger than 15 hours, the previous \ 
limit. This could result in dumped data values being rejected during reload.
   * Fix timestamp conversion to cope when the given time is exactly the last \ 
DST transition time for the current timezone (Tom Lane)
   * This oversight has been there a long time, but was not noticed previously \ 
because most DST-using zones are presumed to have an indefinite sequence of \ 
future DST transitions.
   * Fix text to name and char to name casts to perform string truncation \ 
correctly in multibyte encodings (Karl Schnaitter)
   * Fix memory copying bug in to_tsquery() (Heikki Linnakangas)
   * Fix slow session startup when pg_attribute is very large (Tom Lane)
   * If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code \ 
that is sometimes needed during session start would trigger the \ 
synchronized-scan logic, causing it to take many times longer than normal. The \ 
problem was particularly acute if many new sessions were starting at once.
   * Ensure sequential scans check for query cancel reasonably often (Merlin Moncure)
   * A scan encountering many consecutive pages that contain no live tuples \ 
would not respond to interrupts meanwhile.
   * Ensure the Windows implementation of PGSemaphoreLock() clears \ 
ImmediateInterruptOK before returning (Tom Lane)
   * This oversight meant that a query-cancel interrupt received later in the \ 
same query could be accepted at an unsafe time, with unpredictable but not good \ 
consequences.
   * Show whole-row variables safely when printing views or rules (Abbas Butt, \ 
Tom Lane)
   * Corner cases involving ambiguous names (that is, the name could be either a \ 
table or column name of the query) were printed in an ambiguous way, risking \ 
that the view or rule would be interpreted differently after dump and reload. \ 
Avoid the ambiguous case by attaching a no-op cast.
   * Ensure autovacuum worker processes perform stack depth checking properly \ 
(Heikki Linnakangas)
   * Previously, infinite recursion in a function invoked by auto-ANALYZE could \ 
crash worker processes.
   * Fix logging collector to not lose log coherency under high load (Andrew Dunstan)
   * The collector previously could fail to reassemble large messages if it got \ 
too busy.
   * Fix logging collector to ensure it will restart file rotation after \ 
receiving SIGHUP (Tom Lane)
   * Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's \ 
first variable (Tom Lane)
   * Fix several performance problems in pg_dump when the database contains many \ 
objects (Jeff Janes, Tom Lane)
   * pg_dump could get very slow if the database contained many schemas, or if \ 
many objects are in dependency loops, or if there are many owned sequences.
   * Fix contrib/dblink's dblink_exec() to not leak temporary database \ 
connections upon error (Tom Lane)
   * Update time zone data files to tzdata release 2012c for DST law changes in \ 
Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, \ 
Morocco, Syria, and Tokelau Islands; also historical corrections for Canada.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Jul  1 19:21:14 UTC 2012

   Modified Files:
           pkgsrc/databases/postgresql83: Makefile
           pkgsrc/databases/postgresql83-adminpack: Makefile
           pkgsrc/databases/postgresql83-client: Makefile
           pkgsrc/databases/postgresql83-plperl: Makefile
           pkgsrc/databases/postgresql83-pltcl: Makefile
           pkgsrc/databases/postgresql83-server: Makefile
           pkgsrc/databases/postgresql83-uuid: Makefile

   Log Message:
   Remove PKGREVISION

Files:
RevisionActionfile
1.7.2.1modifypkgsrc/databases/postgresql83/Makefile
1.23.4.1modifypkgsrc/databases/postgresql83/Makefile.common
1.21.4.1modifypkgsrc/databases/postgresql83/distinfo
1.9.2.1modifypkgsrc/databases/postgresql83-adminpack/Makefile
1.26.2.1modifypkgsrc/databases/postgresql83-client/Makefile
1.20.4.1modifypkgsrc/databases/postgresql83-client/PLIST
1.15.2.1modifypkgsrc/databases/postgresql83-plperl/Makefile
1.13.2.1modifypkgsrc/databases/postgresql83-plpython/Makefile
1.9.2.1modifypkgsrc/databases/postgresql83-pltcl/Makefile
1.18.2.1modifypkgsrc/databases/postgresql83-server/Makefile
1.17.6.1modifypkgsrc/databases/postgresql83-server/PLIST
1.2.10.1modifypkgsrc/databases/postgresql83-uuid/Makefile