pgbouncer (1.5.2-4+deb7u1) wheezy; urgency=medium * Fix remote crash - invalid packet order causes lookup of NULL pointer. Not exploitable, just DoS. (CVE-2015-4054) Cherry-picked from upstream 1.5.5. -- Christoph Berg Sat, 23 May 2015 22:58:29 +0200 pgbouncer (1.5.2-4) unstable; urgency=medium * Cherry-pick from 1.5.3: Closes: #692103. http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525 Thanks to Markus Wanner for helping fix this. = Critical fix = * Too long database names can lead to crash, which is remotely triggerable if autodbs are enabled. The original checks assumed all names come from config files, thus using fatal() was fine, but when autodbs are enabled - by '*' in [databases] section - the database name can come from network thus making remote shutdown possible. -- Christoph Berg Fri, 02 Nov 2012 10:05:27 +0100 pgbouncer (1.5.2-3) unstable; urgency=low * Re-add check for START=0 in the init script. Spotted by Sergey Burladyan. Closes: #687577. * Repository moved to git. -- Christoph Berg Sun, 07 Oct 2012 19:16:34 +0200 pgbouncer (1.5.2-2) unstable; urgency=low * Init script: Use --oknodo. Closes: #681978. Create /var/run/postgresql when missing. Closes: #681372. -- Christoph Berg Thu, 26 Jul 2012 13:12:23 +0200 pgbouncer (1.5.2-1) unstable; urgency=low * New upstream release. -- Christoph Berg Mon, 11 Jun 2012 17:52:32 +0200 pgbouncer (1.5.1-1) unstable; urgency=low [ Peter Eisentraut ] * Remove duplicate userlist.txt from doc directory [ Christoph Berg ] * Replace lsb init functions with plain echo. Spotted by Alexey Potehin. * Refresh debian-changes patch, most of our changes went upstream. -- Christoph Berg Mon, 30 Apr 2012 14:31:35 +0200 pgbouncer (1.5-1) unstable; urgency=low [ Peter Eisentraut ] * Update watch file to allow .tar.gz in addition to .tgz * Remove obsolete README.source and repack support in watch file [ Christoph Berg ] * New upstream release. * Use start-stop-daemon for stopping the daemon. Closes: #641568. * Use pgbouncer -R to restart in place, thanks Cody Cutrer for the patch. Closes: #657204. * Update URL in README.Debian. Closes: #655283. -- Christoph Berg Fri, 27 Jan 2012 17:40:22 +0100 pgbouncer (1.4.2-2) unstable; urgency=low * Honor START=0 for the restart action. Patch by Chris Lamb, thanks! Closes: #640796. -- Christoph Berg Thu, 08 Sep 2011 09:45:23 +0200 pgbouncer (1.4.2-1) unstable; urgency=low * New upstream release. -- Christoph Berg Fri, 17 Jun 2011 15:41:53 +0200 pgbouncer (1.4.1-1) unstable; urgency=low * New upstream release. * Remove the endian patch, implemented upstream. * Use source format 3.0 (quilt) because the upstream tarball has its own debian/ dir. Ignore lib/usual/config.h in source/options. -- Christoph Berg Tue, 12 Apr 2011 13:42:40 +0200 pgbouncer (1.4-2) unstable; urgency=low * Add myself as maintainer. * Use the system endian.h on *bsd. Closes: #619676 * Add quilt to Build-Depends. * Move debian/config.patch to quilt and comment out example databases in config file. * Update long description. -- Christoph Berg Wed, 30 Mar 2011 17:29:39 +0200 pgbouncer (1.4-1) unstable; urgency=low * New upstream release. * Remove .orig file after patching pgbouncer.ini -- Bernd Zeimetz Mon, 14 Feb 2011 13:26:29 +0100 pgbouncer (1.3.3-2) unstable; urgency=low * Added myself to uploaders * Fixed debian/copyright to match reality * Updated standards version * Install configuration files with more secure permissions (closes: #548887) -- Peter Eisentraut Thu, 05 Aug 2010 21:57:00 +0300 pgbouncer (1.3.3-1) unstable; urgency=low * New upstream version. * Bumping Standards-Version to 3.8.4, no changes needed. * Removing dpatch - no patches needed anymore since several releases. * Use source format 1.0 for easy backporting. -- Bernd Zeimetz Sun, 16 May 2010 03:15:41 +0200 pgbouncer (1.3.2-1) unstable; urgency=low * New upstream version. -- Bernd Zeimetz Wed, 24 Mar 2010 23:10:02 +0100 pgbouncer (1.3.1-3) unstable; urgency=low * Really change the init script now - unfortunately the old one found its way back into the package. -- Bernd Zeimetz Sun, 24 Jan 2010 12:24:34 +0100 pgbouncer (1.3.1-2) unstable; urgency=low * Chaging Section to database, which is the new section for database related tools. * Require $remote_fs on start/stop in the init script. (Lintian: init.d-script-missing-dependency-on-remote_fs) * Use pgbouncer as the name the init script provides instead of pgbouncer2. (Lintian: init.d-script-does-not-provide-itself) -- Bernd Zeimetz Sun, 24 Jan 2010 00:55:35 +0100 pgbouncer (1.3.1-1) unstable; urgency=low * New upstream release. * debian/init: Use reload instead of restart when force-reload was called, thanks to Peter Eisentraut for the bug report. Closes: #538006 * Ensure that pgbounce stops, even if clients are connected. Thanks to Cyril Bouthors for the patch. Closes: #523066 * Bumping Standards-Version to 3.8.2, no changes needed. -- Bernd Zeimetz Thu, 23 Jul 2009 16:23:52 +0200 pgbouncer (1.3-1) unstable; urgency=low [ Fernando Ike de Oliveira ] * New upstream release. * debian/init: - pgbouncer.log and start script duplicated start message were removed. - patch that change pgbouncer to port 6432 (default upstream) was removed * debian/config.patch. - pgbouncer.ini patch new version was fixed. * win32 directory was removed from the original source code. [ Bernd Zeimetz ] * debian/watch, debian/uscan-repack.sh: Adding script to repackage upstream source with uscan automatically. The included debian and win32 dir will be removed. -- Bernd Zeimetz Sun, 01 Mar 2009 03:48:18 +0100 pgbouncer (1.2.3-2) unstable; urgency=low * debian/control: - pgbouncer needs a versioned dependency on libevent-dev (>= 1.3b). * debian/init: - Implementing reload by sending SIGHUP to the daemon. - Better start/stop log messages. * debian/default: - Explain how to change the daemon options. -- Bernd Zeimetz Tue, 30 Sep 2008 10:42:06 +0200 pgbouncer (1.2.3-1) unstable; urgency=low [ Fernando Ike de Oliveira ] * New upstream Release. * Change listen port to 5433. * Added fields Enhances and Conflicts. [ Bernd Zeimetz ] * Changes done by Fernando Ike de Oliveira, but without a proper changelog entry: - The new upstream release closes: #499531 - debian/control: Depend on postgresql-common to make sure the postgres user exists (Closes: #499521). - Fixed init script, not using -n option anymore (Closes: #499522) - Bumping Standards-Version to 3.8.0 * Adding myself to Uploaders. * The following changes are a general cleanup of the package, unfortunately these things were never detected by the former sponsor. Sorry Fernando, but I also have to revert some of your recent changes. - debian/control: * Fixing the long description, removing the copy of the short description from it and switch to a better indenting. * Adding python as Build-Dependency, upstream is using it to fix the generated manpages. * Removing extra blank lines. * pgbouncer supports PostgreSQL versions 7.4 and higher, changing the Enhances field accordingly. * Dropping Conflicts field again. It's not a problem to install pgpool/pgpool2 on the same machine with pgbouncer. * Lowering the Dependency on lsb-base, 3.1 is enough to support the new init script. - debian/rules: * Don't gzip examples manually, dh_compress will handle it according to the policy. * Dropping DEB_INSTALL_MANPAGES_pgbouncer definition, upstream installs the manpages into the right place. * Don't include /usr/share/cdbs/1/rules/utils.mk and /usr/share/cdbs/1/rules/buildcore.mk, cdbs takes care of that. * DEB_UPDATE_RCD_PARAMS: pgbouncer should start *after* PostgreSQL and needs to stop before it. Changing to 'defaults 20 18' therefore. * Don't install pgbouncer.ini.examples in the doc directory, use dh_installexamples to install into the examples directory instead. * Create an empty userlist.txt in /etc/pgbouncer - debian/pgbouncer.8: * Dropping file, upstream provides a manpage. - debian/init: * renaming debian/init.d to debian/init - that's the filename dh_installinit takes care of. * Respect the setting of 'START' in /etc/default/pgbouncer. The option was ignored completely. - debian/install: * Renamed from pgbouncer.install. * Don't install an example userlist to /etc. File will be touched in debian/rules. Install it as example instead. - debian/examples: * Adding file, installing ini-file and userlist example. - debian/config.patch, debian/patches/default-port.dpatch: * Changing default port to 6432 as upstream's default conflicts with X11. 5433 is also a bad choice as postgres instances may use this port dynamically. - debian/patches/01_configtxt: * Dropping patch, not needed anymore. - debian/patches/00list: * Updated accordingly. - debian/README.source: * Adding file to make the package conform to Standards Version 3.8.0. - debian/default: * Adding short explanation. - debian/README.Debian * Several spelling fixes. -- Bernd Zeimetz Fri, 26 Sep 2008 18:47:34 +0200 pgbouncer (1.1.2.1-1) unstable; urgency=low * Change section contrib to main and regenerate .orig.tar.gz.(Closes: #474288) * Fix error in script pgbouncer.prerm changed init.d to similar pgpool2. (Closes: #471114) * Change dependency to "$shlibs:Depends". (Closes: #461383) * Build instead postgresql-8.3 (Closes: #474283) * Added suggest dependency postgresql package. -- Fernando Ike de Oliveira Tue, 05 Aug 2008 14:31:58 -0300 pgbouncer (1.1.2-1) unstable; urgency=low * Initial Release. (Closes: #427238) -- Fernando Ike de Oliveira Wed, 12 Dec 2007 16:22:15 -0200