>
> [ Checklist ]
> [x] attach debian/ diff against the package in testing
Now for real.
Christoph
diff --git a/debian/changelog b/debian/changelog
index 2f18705..38aedbf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,47 @@
+postgresql-13 (13.3-1) unstable; urgency=medium
+
+ * New upstream version.
+
++ Prevent integer overflows in array subscripting calculations (Tom Lane)
+
+ The array code previously did not complain about cases where an array's
+ lower bound plus length overflows an integer. This resulted in later
+ entries in the array becoming inaccessible (since their subscripts could
+ not be written as integers), but more importantly it confused subsequent
+ assignment operations. This could lead to memory overwrites, with
+ ensuing crashes or unwanted data modifications. (CVE-2021-32027)
+
++ Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
+ target lists (Tom Lane)
+
+ If the UPDATE list contains any multi-column sub-selects (which give
+ rise to junk columns in addition to the results proper), the UPDATE path
+ would end up storing tuples that include the values of the extra junk
+ columns. That's fairly harmless in the short run, but if new columns are
+ added to the table then the values would become accessible, possibly
+ leading to malfunctions if they don't match the datatypes of the added
+ columns.
+
+ In addition, in versions supporting cross-partition updates, a
+ cross-partition update triggered by such a case had the reverse problem:
+ the junk columns were removed from the target list, typically causing an
+ immediate crash due to malfunction of the multi-column sub-select
+ mechanism. (CVE-2021-32028)
+
++ Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for
+ joined cross-partition updates (Amit Langote, Etsuro Fujita)
+
+ If an UPDATE for a partitioned table caused a row to be moved to another
+ partition with a physically different row type (for example, one with a
+ different set of dropped columns), computation of RETURNING results for
+ that row could produce errors or wrong answers. No error is observed
+ unless the UPDATE involves other tables being joined to the target
+ table. (CVE-2021-32029)
+
+ * Mark libio-pty-perl and libipc-run-perl as . (Closes: #988121)
+
+ -- Christoph Berg Tue, 11 May 2021 22:10:35 +0200
+
postgresql-13 (13.2-1) unstable; urgency=medium
* New upstream version.
diff --git a/debian/control b/debian/control
index ee5acf8..8913183 100644
--- a/debian/control
+++ b/debian/control
@@ -20,8 +20,8 @@ Build-Depends:
gdb ,
gettext,
libicu-dev,
- libio-pty-perl,
- libipc-run-perl,
+ libio-pty-perl ,
+ libipc-run-perl ,
libkrb5-dev,
libldap2-dev,
libpam0g-dev | libpam-dev,
diff --git a/debian/rules b/debian/rules
index c115945..e70a10e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -76,6 +76,7 @@ COMMON_CONFIGURE_FLAGS= \
$(SELINUX_FLAGS) \
$(SPINLOCK_FLAGS) \
MKDIR_P='/bin/mkdir -p' \
+ PROVE='/usr/bin/prove' \
TAR='/bin/tar' \
XSLTPROC='xsltproc --nonet' \
CFLAGS='$(CFLAGS)' \
