Yesterday PostgreSQL released new security/bug fix microreleases 8.4.2, 8.3.9, and 8.1.19, which fix two security issues and a whole bunch of bugs.
Updates for all supported Ubuntu releases are built in the ubuntu-security-proposed PPA. They pass the upstream and postgresql-common test suites, but more testing is heavily appreciated! Please give feedback in bug LP#496923.
Thanks!
Tags: announcement, postgresql, proposed, QA, security, testing
PostgreSQL recently published new point releases which fix the usual range of important bugs (data loss/wrong results, etc.) and additionally fix another case of insecure “security definer” functions (the analogon to setuid programs in file system space for SQL functions) (CVE-2007-6600). Please see the complete changes for 8.1.18 (Ubuntu 6.06 LTS), 8.3.8 (Ubuntu 8.04 LTS, 8.10, and 9.04), and 8.4.1 (Ubuntu 9.10).
8.4.1 is already in Ubuntu 9.10 and in my PostgreSQL Backports PPA for Ubuntu 8.04 LTS and 9.04. Updates for the other supported Ubuntu releases are currently in -proposed, waiting for testing feedback.
If you use PostgreSQL, please give the -proposed packages some testing and report back in Ubuntu bug #430544. Thanks!
Tags: postgresql, proposed, security, testing, update
Some days ago, the first public beta of PostgreSQL 8.4 was announced. I uploaded a CVS snapshot to Debian experimental two weeks ago, but it didn’t make it out of NEW yet.
Packaging the actual 8.4 bits was actually pretty easy, just took me half a day to adapt the 8.3 packaging and eventually figuring out how to build the entire documentation from SGML sources with Debian/Ubuntu’s broken docbook-utils.
I spent much more work work on supporting 8.4 in postgresql-common, especially with the new per-database locales, migrating changed postgresql.conf parameters in pg_upgradecluster, and so on. Now almost all of the > 1000 tests pass, so I believe it is pretty solid now.
The only exception is the changed behaviour in verifying the server side’s SSL certificate from the client side. At first I thought it was a bug, and reported it to upstream, but it evolved into a pretty lengthy and interesting discussion about the right defaults for SSL verification. I’ll work on better defaults, and the test suite to pass 100% soon.
I invite you give the beta a good beating. Packages for Ubuntu 8.04 LTS and 9.04 are in my
postgresql PPA. Due to postgresql-common, you can safely run 8.4 in parallel with existing 8.3 instances, test-upgrade your 8.3 ones to 8.4 and compare them, etc.
Feedback appreciated!
Tags: debian, postgresql, testing, ubuntu
Arclite Theme von digitalnature | powered by WordPress