postgresql-9.4 (9.4.26-13.pgdg22.04+1) jammy-pgdg; urgency=medium

  * Rebuild for jammy-pgdg.
  * Changes applied by generate-pgdg-source:
    + Moving lib packages to component 9.4.
    + Remove tzdata-legacy from build and test dependencies.

 -- PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian@lists.postgresql.org>  Mon, 20 Jan 2025 21:54:01 +0100

postgresql-9.4 (9.4.26-13) unstable; urgency=medium

  * Cherry-pick tzdata 2025a fix from upstream.

 -- Christoph Berg <myon@debian.org>  Mon, 20 Jan 2025 21:54:01 +0100

postgresql-9.4 (9.4.26-12) unstable; urgency=medium

  * Run regression tests with TZ America/Los_Angeles.
  * Catch plperl output variation with perl 5.40 on unstable.

 -- Christoph Berg <myon@debian.org>  Thu, 31 Oct 2024 18:08:32 +0100

postgresql-9.4 (9.4.26-11) unstable; urgency=medium

  * B-D on python3-setuptools, we need distutils.
  * Cherry-pick 400928b83 from master to fix xml build.

 -- Christoph Berg <myon@debian.org>  Sun, 28 Jul 2024 17:20:56 +0000

postgresql-9.4 (9.4.26-10) unstable; urgency=medium

  * Fix doc install when postgresql-client-common is not present.
  * DH 13 and autoreconf at build time.
  * Fix config/c-compiler.m4 for new compiler warnings.

 -- Christoph Berg <myon@debian.org>  Fri, 24 May 2024 21:42:58 +0200

postgresql-9.4 (9.4.26-9) unstable; urgency=medium

  * Add Build-Profile nopython.
  * B-D on dh-exec.

 -- Christoph Berg <myon@debian.org>  Fri, 26 Apr 2024 15:28:43 +0000

postgresql-9.4 (9.4.26-8) unstable; urgency=medium

  * Test-Depend on tzdata-legacy | tzdata (<< 2023c-8).

 -- Christoph Berg <myon@debian.org>  Thu, 10 Aug 2023 22:25:38 +0200

postgresql-9.4 (9.4.26-7) unstable; urgency=medium

  * Fix update-alternatives when doc package is installed stand-alone.

 -- Christoph Berg <myon@debian.org>  Mon, 27 Feb 2023 10:22:22 +0100

postgresql-9.4 (9.4.26-6) unstable; urgency=medium

  * Fix plpython3 for Python 3.11 (upstream 4339e10f).

 -- Christoph Berg <myon@debian.org>  Mon, 20 Feb 2023 17:49:36 +0100

postgresql-9.4 (9.4.26-5) unstable; urgency=medium

  * Fix pl/perl test case so it will still work under Perl 5.36.

 -- Christoph Berg <myon@debian.org>  Tue, 01 Nov 2022 15:48:32 +0100

postgresql-9.4 (9.4.26-4) unstable; urgency=medium

  * Support Python 3.10 in plpython tests.

 -- Christoph Berg <myon@debian.org>  Sun, 15 May 2022 20:59:57 +0200

postgresql-9.4 (9.4.26-3) unstable; urgency=medium

  * R³: no.
  * run-testsuite: Test only this version.

 -- Christoph Berg <myon@debian.org>  Fri, 05 Feb 2021 13:22:03 +0100

postgresql-9.4 (9.4.26-2) unstable; urgency=medium

  * Make server-dev -> client dependency versioned.
  * Mark client as "Replaces" all server-dev versions.

 -- Christoph Berg <myon@debian.org>  Thu, 20 Feb 2020 13:11:33 +0100

postgresql-9.4 (9.4.26-1) unstable; urgency=medium

  * New upstream version.
    + Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.

      Marking an object as dependent on an extension did not have any
      privilege check whatsoever.  This oversight allowed any user to mark
      routines, triggers, materialized views, or indexes as droppable by
      anyone able to drop an extension.  Require that the calling user own the
      specified object (and hence have privilege to drop it). (CVE-2020-1720)

    + This is the last release of the 9.4 branch. Upgrade your systems to a
      newer version.

  * Move pg_config and pgxs to postgresql-client package to be able to test
    extension packages using only their native dependencies. (Closes: #944457)
  * Set PROVE_FLAGS="--verbose".

 -- Christoph Berg <myon@debian.org>  Tue, 11 Feb 2020 12:59:00 +0100

postgresql-9.4 (9.4.25-1) unstable; urgency=medium

  * New upstream version.

 -- Christoph Berg <myon@debian.org>  Tue, 12 Nov 2019 11:48:43 +0100

postgresql-9.4 (9.4.24-2) unstable; urgency=medium

  * debian/tests/installcheck: Ignore context missing from plpgsql output.
  * Disable building plpython2 by default. (Closes: #937310)
  * Add debian/gitlab-ci.yml.
  * Fix binary all build.

 -- Christoph Berg <myon@debian.org>  Wed, 09 Oct 2019 15:01:52 +0200

postgresql-9.4 (9.4.24-1) unstable; urgency=medium

  * New upstream version.

    + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247)

    + Require schema qualification to cast to a temporary type when using
      functional cast syntax (Noah Misch)

      We have long required invocations of temporary functions to explicitly
      specify the temporary schema, that is pg_temp.func_name(args). Require
      this as well for casting to temporary types using functional notation,
      for example pg_temp.type_name(arg). Otherwise it's possible to capture a
      function call using a temporary object, allowing privilege escalation in
      much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)

  * debian/pycompat: Obsolete, remove.
  * debian/patches: Add missing patch documentation.
  * debian/*.symbols: Add Build-Depends-Package information.
  * debian/tests: Also run regression tests.
  * debian/tests/control: Add fakeroot to dependencies.

 -- Christoph Berg <myon@debian.org>  Wed, 07 Aug 2019 15:29:07 +0200

postgresql-9.4 (9.4.23-1) unstable; urgency=medium

  * New upstream version.

 -- Christoph Berg <myon@debian.org>  Tue, 18 Jun 2019 11:14:11 +0200

postgresql-9.4 (9.4.22-1) unstable; urgency=medium

  * New upstream version.
    + The PostgreSQL community will stop releasing updates for the 9.4.X
      release series in February 2020. Users are encouraged to update to a
      newer release branch soon.

 -- Christoph Berg <myon@debian.org>  Tue, 07 May 2019 12:54:35 +0200

postgresql-9.4 (9.4.21-1) unstable; urgency=medium

  * New upstream version.
  * Drop explicit xz compression for .debs.
  * Depend on locales | locales-all. Suggested by Elrond, thanks!
    (Closes: #916655)
  * Build-Depend on tcl-dev instead of on a specific version.
  * initdb doesn't like LANG and LC_ALL to contradict, unset LANG and
    LC_CTYPE at test time. (Closes: #917764)
  * On purge, ask the user if they want to remove clusters. (Closes: #911940)

 -- Christoph Berg <christoph.berg@credativ.de>  Thu, 14 Feb 2019 15:25:21 +0100

postgresql-9.4 (9.4.20-1) unstable; urgency=medium

  * New upstream version.
  * Enable dtrace support.
  * psql uses sensible-editor, depend on sensible-utils.
  * Add lintian overrides for plugins that link no external libraries.
  * configure: Hard-code paths to /bin/mkdir -p and /bin/tar.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 06 Nov 2018 15:14:18 +0100

postgresql-9.4 (9.4.19-1) unstable; urgency=medium

  * New upstream version.
    + Fix failure to reset libpq's state fully between connection attempts

      An unprivileged user of dblink or postgres_fdw could bypass the checks
      intended to prevent use of server-side credentials, such as a ~/.pgpass
      file owned by the operating-system user running the server.  Servers
      allowing peer authentication on local connections are particularly
      vulnerable.  Other attacks such as SQL injection into a postgres_fdw
      session are also possible. Attacking postgres_fdw in this way requires
      the ability to create a foreign server object with selected connection
      parameters, but any user with access to dblink could exploit the
      problem. In general, an attacker with the ability to select the
      connection parameters for a libpq-using application could cause
      mischief, though other plausible attack scenarios are harder to think
      of. Our thanks to Andrew Krasichkov for reporting this issue.
      (CVE-2018-10915)

  * debian/rules: Set DEB_HOST_* via /usr/share/dpkg/architecture.mk.
  * Drop support for tcl8.5.
  * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
  * Refactor testsuite failure handling.
  * Use dh_auto_configure to correctly seed the build architecture.
  * Add new pgtypes header and symbol.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 07 Aug 2018 13:55:50 +0200

postgresql-9.4 (9.4.18-2) unstable; urgency=medium

  * Update libpq_pgport in Makefile.global to find libpgcommon/libpgport in
    pkglibdir.

 -- Christoph Berg <myon@debian.org>  Sun, 20 May 2018 20:05:19 +0200

postgresql-9.4 (9.4.18-1) unstable; urgency=medium

  * New upstream version.
    + Fix incorrect volatility markings on a few built-in functions.

  * Move libpgport.a and libpgcommon.a from libdir to pkglibdir.

 -- Christoph Berg <myon@debian.org>  Tue, 08 May 2018 20:37:04 +0200

postgresql-9.4 (9.4.17-1) unstable; urgency=medium

  * New upstream version.

    If you run an installation in which not all users are mutually
    trusting, or if you maintain an application or extension that is
    intended for use in arbitrary situations, it is strongly recommended
    that you read the documentation changes described in the first changelog
    entry below, and take suitable steps to ensure that your installation or
    code is secure.

    Also, the changes described in the second changelog entry below may
    cause functions used in index expressions or materialized views to fail
    during auto-analyze, or when reloading from a dump.  After upgrading,
    monitor the server logs for such problems, and fix affected functions.

    + Document how to configure installations and applications to guard
      against search-path-dependent trojan-horse attacks from other users

      Using a search_path setting that includes any schemas writable by a
      hostile user enables that user to capture control of queries and then
      run arbitrary SQL code with the permissions of the attacked user.  While
      it is possible to write queries that are proof against such hijacking,
      it is notationally tedious, and it's very easy to overlook holes.
      Therefore, we now recommend configurations in which no untrusted schemas
      appear in one's search path.
      (CVE-2018-1058)

    + Avoid use of insecure search_path settings in pg_dump and other client
      programs

      pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
      were themselves vulnerable to the type of hijacking described in the
      previous changelog entry; since these applications are commonly run by
      superusers, they present particularly attractive targets.  To make them
      secure whether or not the installation as a whole has been secured,
      modify them to include only the pg_catalog schema in their search_path
      settings. Autovacuum worker processes now do the same, as well.

      In cases where user-provided functions are indirectly executed by these
      programs -- for example, user-provided functions in index expressions --
      the tighter search_path may result in errors, which will need to be
      corrected by adjusting those user-provided functions to not assume
      anything about what search path they are invoked under.  That has always
      been good practice, but now it will be necessary for correct behavior.
      (CVE-2018-1058)

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 27 Feb 2018 13:20:22 +0100

postgresql-9.4 (9.4.16-1) unstable; urgency=medium

  * New upstream version.
    + Ensure that all temporary files made by pg_upgrade are
      non-world-readable (CVE-2018-1053)

  * Show package version number in version().
  * Remove actual build path from Makefile.global for reproducibility.

 -- Christoph Berg <myon@debian.org>  Sat, 02 Dec 2017 21:31:24 +0100

postgresql-9.4 (9.4.15-1) unstable; urgency=medium

  * New upstream version.

    + Fix crash due to rowtype mismatch in json{b}_populate_recordset()
      (Michael Paquier, Tom Lane)

      These functions used the result rowtype specified in the FROM ... AS
      clause without checking that it matched the actual rowtype of the
      supplied tuple value.  If it didn't, that would usually result in a
      crash, though disclosure of server memory contents seems possible as
      well. (CVE-2017-15098)

  * Remove empty conf.d directory on purge, even when postgresql-common
    was already removed. (Closes: #877264)

 -- Christoph Berg <myon@debian.org>  Sun, 29 Oct 2017 22:00:12 +0100

postgresql-9.4 (9.4.14-1) unstable; urgency=medium

  * New upstream version.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 29 Aug 2017 15:49:17 +0200

postgresql-9.4 (9.4.13-1) unstable; urgency=medium

  * New upstream version.

    + Further restrict visibility of pg_user_mappings.umoptions, to protect
      passwords stored as user mapping options. See the release notes for
      instructions for applying the fix to existing database clusters.
      (CVE-2017-7547; extends fix for CVE-2017-7484)
    + Disallow empty passwords in all password-based authentication methods.
      (CVE-2017-7546)
    + Make lo_put() check for UPDATE privilege on the target large object.
      (CVE-2017-7548)

  * On regression test failure, show newest three log files instead of relying
    on file age = 0 min.
  * debian/rules: Unconditionally use DEB_BUILD_MAINT_OPTIONS=hardening=+all.
    The old logic is kept around for compiling on older distributions.
  * Remove long obsolete --with-krb5 and move c/ldflags to configure switches.

 -- Christoph Berg <myon@debian.org>  Wed, 09 Aug 2017 20:05:39 +0200

postgresql-9.4 (9.4.12-1) unstable; urgency=medium

  * Team upload.
  * New upstream version.

    + Restrict visibility of pg_user_mappings.umoptions, to protect passwords
      stored as user mapping options (CVE-2017-7486)
    + Prevent exposure of statistical information via leaky operators
      (CVE-2017-7484)
    + Restore libpq's recognition of the PGREQUIRESSL environment variable
      (CVE-2017-7485)

  * debian/rules: Add stub to enable cassert builds (disabled by default).
  * Use OpenSSL 1.1 for building on stretch/sid.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 09 May 2017 15:23:56 +0200

postgresql-9.4 (9.4.11-1) unstable; urgency=medium

  * Team upload.
  * New upstream version.

    + Fix a race condition that could cause indexes built with CREATE INDEX
      CONCURRENTLY to be corrupt (Pavan Deolasee, Tom Lane)

      If CREATE INDEX CONCURRENTLY was used to build an index that depends on
      a column not previously indexed, then rows inserted or updated by
      transactions that ran concurrently with the CREATE INDEX command could
      have received incorrect index entries.  If you suspect this may have
      happened, the most reliable solution is to rebuild affected indexes
      after installing this update.

  * libpq-dev: Remove dependency on libssl-dev (and comerr-dev and
    krb5-multidev) to unbreak co-installation with libssl1.0-dev.
  * Use OpenSSL 1.0 for building on stretch/sid.
  * Add missing perl test dependency (for Test::More).
  * Update watch file to use https.
  * Drop hardening-wrapper.
  * Explicitly disable PIE on 32 architectures. Previously we were just not
    enabling it, but it's on by default now in unstable. Closes: #842752.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 07 Feb 2017 12:17:35 +0100

postgresql-9.4 (9.4.10-1) unstable; urgency=medium

  * New upstream version.

    If your installation has been affected by the bug described in the first
    changelog entry below, then after updating you may need to take action to
    repair corrupted free space maps.

    + Fix WAL-logging of truncation of relation free space maps and visibility
      maps (Pavan Deolasee, Heikki Linnakangas)

      It was possible for these files to not be correctly restored during
      crash recovery, or to be written incorrectly on a standby server. Bogus
      entries in a free space map could lead to attempts to access pages that
      have been truncated away from the relation itself, typically producing
      errors like could not read block XXX: read only 0 of 8192 bytes.
      Checksum failures in the visibility map are also possible, if
      checksumming is enabled.

      Procedures for determining whether there is a problem and repairing it
      if so are discussed at
      https://wiki.postgresql.org/wiki/Free_Space_Map_Problems.

 -- Christoph Berg <myon@debian.org>  Tue, 25 Oct 2016 12:57:45 +0200

postgresql-9.4 (9.4.9-1) unstable; urgency=medium

  * New upstream version.

    + Fix possible mis-evaluation of nested CASE-WHEN expressions
      (Heikki Linnakangas, Michael Paquier, Tom Lane)

      A CASE expression appearing within the test value subexpression of
      another CASE could become confused about whether its own test value was
      null or not.  Also, inlining of a SQL function implementing the equality
      operator used by a CASE expression could result in passing the wrong
      test value to functions called within a CASE expression in the SQL
      function's body.  If the test values were of different data types, a
      crash might result; moreover such situations could be abused to allow
      disclosure of portions of server memory.  (CVE-2016-5423)

    + Fix client programs' handling of special characters in database and role
      names (Noah Misch, Nathan Bossart, Michael Paquier)

      Numerous places in vacuumdb and other client programs could become
      confused by database and role names containing double quotes or
      backslashes.  Tighten up quoting rules to make that safe. Also, ensure
      that when a conninfo string is used as a database name parameter to
      these programs, it is correctly treated as such throughout.

      Fix handling of paired double quotes in psql's \connect and \password
      commands to match the documentation.

      Introduce a new -reuse-previous option in psql's \connect command to
      allow explicit control of whether to re-use connection parameters from a
      previous connection.  (Without this, the choice is based on whether the
      database name looks like a conninfo string, as before.)  This allows
      secure handling of database names containing special characters in
      pg_dumpall scripts.

      pg_dumpall now refuses to deal with database and role names containing
      carriage returns or newlines, as it seems impractical to quote those
      characters safely on Windows.  In future we may reject such names on the
      server side, but that step has not been taken yet.

      These are considered security fixes because crafted object names
      containing special characters could have been used to execute commands
      with superuser privileges the next time a superuser executes pg_dumpall
      or other routine maintenance operations.  (CVE-2016-5424)

  * Remove conditional multi-arch compilation, all supported dists are
    multi-arched now.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 09 Aug 2016 17:39:11 +0200

postgresql-9.4 (9.4.8-1) unstable; urgency=medium

  * New upstream version.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 10 May 2016 10:17:44 +0200

postgresql-9.4 (9.4.7-1) unstable; urgency=medium

  * New upstream version.
  * 02-relax-sslkey-permscheck.patch: Replace with what went upstream in 9.6.
  * Stop suggesting the use of identd.
  * Modernize server package description.
  * Recommend sysstat.

 -- Christoph Berg <myon@debian.org>  Tue, 29 Mar 2016 12:34:20 +0200

postgresql-9.4 (9.4.6-1) unstable; urgency=medium

  * New upstream version.
    + Fix infinite loops and buffer-overrun problems in regular expressions.
      Very large character ranges in bracket expressions could cause infinite
      loops in some cases, and memory overwrites in other cases.
      (CVE-2016-0773)

  * src/bin/pg_xlogdump/Makefile: Sort list of objects to make build
    reproducible.

 -- Christoph Berg <christoph.berg@credativ.de>  Wed, 10 Feb 2016 13:22:16 +0100

postgresql-9.4 (9.4.5-2) unstable; urgency=medium

  * 64-pg_upgrade-sockdir: Fix off-by-one error in max path length.
  * 90-libmxl-808325: Work around regression in libxml2 2.9.3+dfsg1-1 which
    provides less context in error messages, breaking the xml regression
    tests.  Analysis by Niko Tyni, thanks!  (Closes: #808325)

 -- Christoph Berg <myon@debian.org>  Sat, 19 Dec 2015 10:08:51 +0100

postgresql-9.4 (9.4.5-1) unstable; urgency=medium

  * New upstream version.

    + Guard against stack overflows in json parsing (Oskari Saarenmaa)

      If an application constructs PostgreSQL json or jsonb values from
      arbitrary user input, the application's users can reliably crash the
      PostgreSQL server, causing momentary denial of service.  (CVE-2015-5289)

    + Fix contrib/pgcrypto to detect and report too-short crypt() salts
      (Josh Kupershmidt)

      Certain invalid salt arguments crashed the server or disclosed a few
      bytes of server memory.  We have not ruled out the viability of attacks
      that arrange for presence of confidential information in the disclosed
      bytes, but they seem unlikely.  (CVE-2015-5288)

  * debian/rules: Call dh without --parallel, it's not supported upstream.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 06 Oct 2015 11:02:48 +0200

postgresql-9.4 (9.4.4-2) unstable; urgency=medium

  * Add docbook-xml to build-depends.
  * debian/rules: Remove broken "generate POT files for translators" code.
  * Import patch from upstream to fix compatibility with perl 5.22.
    (Closes: #787468)
  * Fix memory read barrier on alpha, thanks to Michael Cree for the patch!
    (Closes: #756368)
  * postgresql postrm: Don't clean {/etc,/var/lib,/var/log}/postgresql on
    purge.  (Closes: #793861)

 -- Christoph Berg <christoph.berg@credativ.de>  Fri, 28 Aug 2015 16:06:39 +0200

postgresql-9.4 (9.4.4-1) unstable; urgency=medium

  * New upstream version.
    + Fix possible failure to recover from an inconsistent database state
    + Fix rare failure to invalidate relation cache init file

 -- Christoph Berg <christoph.berg@credativ.de>  Wed, 10 Jun 2015 13:48:09 +0200

postgresql-9.4 (9.4.3-1) unstable; urgency=medium

  * New upstream version:
    Avoid failures while fsync'ing data directory during crash restart
    (Abhijit Menon-Sen, Tom Lane; Closes: #786874)

 -- Christoph Berg <christoph.berg@credativ.de>  Wed, 03 Jun 2015 11:53:43 +0200

postgresql-9.4 (9.4.2-1) unstable; urgency=medium

  * New upstream version.

    + Avoid possible crash when client disconnects just before the
      authentication timeout expires (Benkocs Norbert Attila)

      If the timeout interrupt fired partway through the session shutdown
      sequence, SSL-related state would be freed twice, typically causing a
      crash and hence denial of service to other sessions.  Experimentation
      shows that an unauthenticated remote attacker could trigger the bug
      somewhat consistently, hence treat as security issue. (CVE-2015-3165)

    + Improve detection of system-call failures (Noah Misch)

      Our replacement implementation of snprintf() failed to check for errors
      reported by the underlying system library calls; the main case that
      might be missed is out-of-memory situations. In the worst case this
      might lead to information exposure, due to our code assuming that a
      buffer had been overwritten when it hadn't been. Also, there were a few
      places in which security-relevant calls of other system library
      functions did not check for failure.

      It remains possible that some calls of the *printf() family of functions
      are vulnerable to information disclosure if an out-of-memory error
      occurs at just the wrong time.  We judge the risk to not be large, but
      will continue analysis in this area. (CVE-2015-3166)

    + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
      or corrupt data (Noah Misch)

      Previously, some cases of decryption with an incorrect key could report
      other error message texts.  It has been shown that such variance in
      error reports can aid attackers in recovering keys from other systems.
      While it's unknown whether pgcrypto's specific behaviors are likewise
      exploitable, it seems better to avoid the risk by using a
      one-size-fits-all message. (CVE-2015-3167)

    + Protect against wraparound of multixact member IDs
      (Álvaro Herrera, Robert Haas, Thomas Munro)

      Under certain usage patterns, the existing defenses against this might
      be insufficient, allowing pg_multixact/members files to be removed too
      early, resulting in data loss.
      The fix for this includes modifying the server to fail transactions that
      would result in overwriting old multixact member ID data, and improving
      autovacuum to ensure it will act proactively to prevent multixact member
      ID wraparound, as it does for transaction ID wraparound.

    + pg_dump -Fd -Z compression level fixed. (Closes: #781361)

  * Make postgresql-9.4 Recommends: postgresql-contrib-9.4.
  * Enable TAP tests.
  * Repository moved to git, update Vcs headers.

 -- Christoph Berg <christoph.berg@credativ.de>  Wed, 20 May 2015 10:50:22 +0200

postgresql-9.4 (9.4.1-1) unstable; urgency=medium

  * New upstream version.
    + libpq5: Name lookups fixed in minimal chroots (Closes: #756627)
    + Fix buffer overruns in to_char() (CVE-2015-0241)
    + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
    + Fix possible loss of frontend/backend protocol synchronization after an
      error (CVE-2015-0244)
    + Fix information leak via constraint-violation error messages
      (CVE-2014-8161)

 -- Christoph Berg <myon@debian.org>  Wed, 04 Feb 2015 17:55:28 +0100

postgresql-9.4 (9.4.0-1) unstable; urgency=medium

  * 9.4 released.
  * libpq5.symbols: PQhostaddr removed; it was new in 9.4.

 -- Christoph Berg <myon@debian.org>  Wed, 17 Dec 2014 22:21:22 +0100

postgresql-9.4 (9.4~rc1-1) unstable; urgency=medium

  * First 9.4 RC release.
  * Update psql call in dump-reload instructions.
  * Reenable 010_pg_basebackup.t tests, fixed upstream.

 -- Christoph Berg <myon@debian.org>  Tue, 18 Nov 2014 09:49:04 +0100

postgresql-9.4 (9.4~beta3-3) unstable; urgency=medium

  * Temporarily disable failing test in 010_pg_basebackup.t.

 -- Christoph Berg <myon@debian.org>  Thu, 16 Oct 2014 09:32:06 +0200

postgresql-9.4 (9.4~beta3-2) unstable; urgency=medium

  * postgresql-9.4.preinst: Output detailed dump-reload instructions when
    refusing the package upgrade, and also add a NEWS item about it.
    (Closes: #764705)
  * Add libipc-run-perl for the regression tests which otherwise skip large
    parts.
  * Update Standards-Version.

 -- Christoph Berg <myon@debian.org>  Wed, 15 Oct 2014 19:44:43 +0200

postgresql-9.4 (9.4~beta3-1) unstable; urgency=medium

  * New upstream beta version.
    + Catalog version number changed, older 9.4 clusters need to be dumped and
      reloaded.
    + Regexp regression fixed. (Closes: #760564)
    + CACHE_LINE_SIZE definition renamed to mitigate conflict on *BSD.
      (Closes: #763098)

  [ Martin Pitt ]
  * Add missing logrotate test dependency.

  [ Christoph Berg ]
  * Set Multi-Arch: foreign in postgresql-client-9.4 and postgresql-doc-9.4.
    (Closes: #757520; do it even on non-multiarch dists, it doesn't hurt.)
  * Fix postgresql_fdw in description, spotted by Zack Weinberg, thanks!
    (Closes: #762389)

 -- Christoph Berg <myon@debian.org>  Tue, 07 Oct 2014 20:39:57 +0200

postgresql-9.4 (9.4~beta2-1) unstable; urgency=low

  * New upstream beta version.
    + Secure Unix-domain sockets of temporary postmasters started during make
      check (Noah Misch)

      Any local user able to access the socket file could connect as the
      server's bootstrap superuser, then proceed to execute arbitrary code as
      the operating-system user running the test, as we previously noted in
      CVE-2014-0067. This change defends against that risk by placing the
      server's socket in a temporary, mode 0700 subdirectory of /tmp.

  * postgresql-9.4.preinst: Fail upgrade when upgrading from beta1, the
    catalog version changed. People should dump/remove their old clusters
    first.
  * Use util-linux' uuid lib as backend for the uuid-ossp extension
    (--with-uuid=e2fs).
  * Enable sepgsql (--with-selinux). On systems with libselinux1-dev < 2.1.10,
    this is automatically disabled.
  * Revert multiarch for libpq-dev and libecpg-dev. (Closes: #750111, #750112)
  * Remove our pg_regress patches to support --host=/path. Implemented
    upstream as fix for CVE-2014-0067.
  * debian/copyright: Say that there are various copyright holders for the
    contrib modules. (Hello Lintian!)
  * Update Vcs URLs.

 -- Christoph Berg <myon@debian.org>  Mon, 21 Jul 2014 22:26:24 +0200

postgresql-9.4 (9.4~beta1-2) experimental; urgency=medium

  * Update watch file for 9.4.
  * Enable multiarch support in libpq and friends. (Closes: #706849)
    Support is automatically disabled when the distribution does not support
    it.
  * Stop providing postgresql-dbg in postgresql-9.4-dbg. Its only purpose was
    to conflict with other postgresql-*-dbg packages, and that's no longer
    needed with build-id debug symbols.
  * Skip -pie on 32bit archs for performance and stability reasons.
    Closes: #749686; details at
    http://www.postgresql.org/message-id/20140519115318.GB7296@msgid.df7cb.de
  * Update contrib copyright statements, and move them to a separate file.
    Thanks to Thorsten Alteholz for reviewing the package.

 -- Christoph Berg <myon@debian.org>  Fri, 30 May 2014 20:09:50 +0200

postgresql-9.4 (9.4~beta1-1) experimental; urgency=low

  * Update for 9.4. Packaging based on 9.3 branch.
  * Bump to debhelper 9 to get debug symbol files based on build-ids.

 -- Christoph Berg <myon@debian.org>  Mon, 12 May 2014 22:08:37 +0200
