diff --git a/postgresql-13.18.tar.bz2 b/postgresql-13.18.tar.bz2 deleted file mode 100644 index 565cf74..0000000 --- a/postgresql-13.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 -size 21687645 diff --git a/postgresql-13.18.tar.bz2.sha256 b/postgresql-13.18.tar.bz2.sha256 deleted file mode 100644 index beac328..0000000 --- a/postgresql-13.18.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 postgresql-13.18.tar.bz2 diff --git a/postgresql-13.20.tar.bz2 b/postgresql-13.20.tar.bz2 new file mode 100644 index 0000000..cd1432e --- /dev/null +++ b/postgresql-13.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +size 21730844 diff --git a/postgresql-13.20.tar.bz2.sha256 b/postgresql-13.20.tar.bz2.sha256 new file mode 100644 index 0000000..addc627 --- /dev/null +++ b/postgresql-13.20.tar.bz2.sha256 @@ -0,0 +1 @@ +8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 postgresql-13.20.tar.bz2 diff --git a/postgresql13.changes b/postgresql13.changes index 45ae371..c81b16b 100644 --- a/postgresql13.changes +++ b/postgresql13.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max + +- Upgrade to 13.20: + * Improve behavior of libpq's quoting functions: + The changes made for CVE-2025-1094 had one serious oversight: + PQescapeLiteral() and PQescapeIdentifier() failed to honor + their string length parameter, instead always reading to the + input string's trailing null. This resulted in including + unwanted text in the output, if the caller intended to + truncate the string via the length parameter. With very bad + luck it could cause a crash due to reading off the end of + memory. + In addition, modify all these quoting functions so that when + invalid encoding is detected, an invalid sequence is + substituted for just the first byte of the presumed + character, not all of it. This reduces the risk of problems + if a calling application performs additional processing on + the quoted string. + * Fix small memory leak in pg_createsubscriber. + * https://www.postgresql.org/docs/release/13.20/ + +------------------------------------------------------------------- +Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max + +- Upgrade to 13.19: + * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied + functions against invalidly-encoded input strings. + * obsoletes postgresql-tzdata2025a.patch + * https://www.postgresql.org/docs/release/13.19/ + * https://www.postgresql.org/about/news/-3015/ +- Disable LLVM JIT on loongarch64 + +------------------------------------------------------------------- +Tue Jan 28 12:23:29 UTC 2025 - Reinhard Max + +- Fix build, add postgresql-tzdata2025a.patch + ------------------------------------------------------------------- Tue Nov 19 14:17:26 UTC 2024 - Reinhard Max @@ -9,6 +47,7 @@ Tue Nov 19 14:17:26 UTC 2024 - Reinhard Max views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. + * https://www.postgresql.org/about/news/p-2965/ * https://www.postgresql.org/docs/release/13.18/ ------------------------------------------------------------------- diff --git a/postgresql13.spec b/postgresql13.spec index 0d7cac0..d876e18 100644 --- a/postgresql13.spec +++ b/postgresql13.spec @@ -1,7 +1,7 @@ # # spec file for package postgresql13 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define pgversion 13.18 +%define pgversion 13.20 %define pgmajor 13 %define buildlibs 0 %define tarversion %{pgversion} @@ -115,7 +115,7 @@ BuildRequires: %libpq %endif %if 0%{?suse_version} >= 1500 && %pgmajor >= 11 -%ifarch riscv64 +%ifarch riscv64 loongarch64 %bcond_with llvm %else %bcond_without llvm