java-packages/postgresql-jdbc
SHA256
6
0
Fork 0
forked from pool/postgresql-jdbc
Code Pull Requests Activity
Files
main
postgresql-jdbc/postgresql-jdbc.changes
Michael Calmer 74f335cccb - Upgrade to upstream version 42.7.7 
- security: Client Allows Fallback to Insecure Authentication Despite
    channelBinding=require configuration - CVE-2025-49146 (bsc#1244490)
  - fix: ensure Connection.isValid() returns true even if prepared
    statements deallocate
  - fix: isValid incorrectly called execute, instead of executeWithFlags
  - add the ability to turn off automatic LSN flush
  - Handle protocol 3.2 and wider cancel keys
  - Use query to find the current catalog instead of relying on the
    database in the connection URL or connection properties as this
    could be different if connected through a pooler or proxy
  - fix: ArrayIndexOutOfBounds when write big object into GSS enabled
    connection, make GSSInputStream robust in face of streams that
    produce incomplete reads
  - fix: EOFException on PreparedStatement#toString with unset bytea
    parameter

OBS-URL: https://build.opensuse.org/package/show/Java:packages/postgresql-jdbc?expand=0&rev=45
2025-06-12 10:49:44 +00:00

172 lines
6.4 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Thu Jun 12 09:15:13 UTC 2025 - Michael Calmer <mc@suse.com>
- Upgrade to upstream version 42.7.7
- security: Client Allows Fallback to Insecure Authentication Despite
channelBinding=require configuration - CVE-2025-49146 (bsc#1244490)
- fix: ensure Connection.isValid() returns true even if prepared
statements deallocate
- fix: isValid incorrectly called execute, instead of executeWithFlags
- add the ability to turn off automatic LSN flush
- Handle protocol 3.2 and wider cancel keys
- Use query to find the current catalog instead of relying on the
database in the connection URL or connection properties as this
could be different if connected through a pooler or proxy
- fix: ArrayIndexOutOfBounds when write big object into GSS enabled
connection, make GSSInputStream robust in face of streams that
produce incomplete reads
- fix: EOFException on PreparedStatement#toString with unset bytea
parameter
-------------------------------------------------------------------
Tue Apr 1 13:14:03 UTC 2025 - Michael Calmer <mc@suse.com>
- Upgrade to upstream version 42.7.5
- fix: PgDatabaseMetaData implementation of catalog as param and return value
- fix: Support default GSS credentials in the Java Postgres client
- fix: return only the transactions accessible by the current_user in XAResource.recover
- feat: dont force send extra_float_digits for PostgreSQL >= 12 fix
- fix: exclude “include columns” from the list of primary keys
- perf: Enhance the meta query performance by specifying the oid
- feat: support getObject(int, byte[].class) for bytea
- fix: Added way to check for major server version, fixed check for RULE
- fix: Reuse buffers and reduce allocations in GSSInputStream addresses
- fix: getSchemas()
- fix: Update rpm postgresql-jdbc.spec.tpl with scram-client
- fix: Clearing thisRow and rowBuffer on close() of ResultSet
- fix: As of version 18 the RULE privilege has been removed
- fix: use buffered inputstream to create GSSInputStream
- fix: boolean types not handled in SimpleQuery mode
-------------------------------------------------------------------
Thu Feb 29 16:40:26 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 42.7.2
* Security fix:
+ CVE-2024-1597 (bsc#1220644) postgresql vulnerable to SQL
Injection via line comment generation
* Other changes:
+ perf: avoid autoboxing bind indexes
+ add: Add PasswordUtil for encrypting passwords client side
+ refactor: document that encodePassword will zero out the
password array, and remove driver's default encodePassword
+ change: Use simple query for isValid. Using Extended query
sends two messages
- Removed patches:
* CVE-2022-26520.patch
* fix-SQL-Injection-CVE-2022-31197.patch
* fix-createTempFile-vulnerability-CVE-2022-41946.patch
+ issues fixed by upstream before this version
-------------------------------------------------------------------
Wed Feb 21 10:53:23 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Sun Jan 8 17:54:43 UTC 2023 - Michael Calmer <mc@suse.com>
- fix createTempFile vulnerability - CVE-2022-41946 (bsc#1206921)
* Added: fix-createTempFile-vulnerability-CVE-2022-41946.patch
-------------------------------------------------------------------
Tue Sep 27 14:35:20 UTC 2022 - Michael Calmer <mc@suse.com>
- Address SQL Injection Vulnerability CVE-2022-31197
(bsc#1202170)
* Add: fix-SQL-Injection-CVE-2022-31197.patch
-------------------------------------------------------------------
Fri Jun 3 10:34:36 UTC 2022 - Michael Calmer <mc@suse.com>
- Address arbitrary File Write Vulnerability CVE-2022-26520
(bsc#1197356)
* Add: CVE-2022-26520.patch
-------------------------------------------------------------------
Thu Mar 3 16:01:03 UTC 2022 - Michael Calmer <mc@suse.com>
- Upgrade to upstream version 42.2.25
* uses SASLprep normalization for SCRAM authentication fixing
some issues with spaces in passwords. (bsc#1196693)
(jsc#SLE-23993, jsc#SLE-23994)
* https://jdbc.postgresql.org/documentation/changelog.html
-------------------------------------------------------------------
Fri Aug 28 15:14:36 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 42.2.16
* building with maven
- Removed patch:
* jdbc-postgresql-9.4_p1201-remove-sspi.patch
- not needed any more
-------------------------------------------------------------------
Tue Sep 19 08:47:08 UTC 2017 - fstrba@suse.com
- Build with java compatibility 1.6
- Modified file:
* build.xml
+ Detect correctly java 9
-------------------------------------------------------------------
Mon Jul 6 11:37:30 UTC 2015 - dmacvicar@suse.de
- update to version 9.4-1200 (fate#318788)
* https://jdbc.postgresql.org/documentation/changelog.html
- Add patch:
* jdbc-postgresql-9.4_p1201-remove-sspi.patch
-------------------------------------------------------------------
Fri Jul 11 13:52:03 UTC 2014 - tchvatal@suse.com
- Do not version java docdir.
-------------------------------------------------------------------
Tue Jul 8 10:34:41 UTC 2014 - tchvatal@suse.com
- Do not depend on ant-trax.
-------------------------------------------------------------------
Fri Jun 27 12:49:44 UTC 2014 - tchvatal@suse.com
- Fix build on SLE11
-------------------------------------------------------------------
Fri Jun 27 11:58:20 UTC 2014 - tchvatal@suse.com
- Version bump to latest release 9.3:
* Various fixes
* Better integration with pgsql9.3
- Cleanup with spec-cleaner
-------------------------------------------------------------------
Mon Sep 9 11:06:17 UTC 2013 - tchvatal@suse.com
- Move from jpackage-utils to javapackage-tools
-------------------------------------------------------------------
Thu Mar 28 15:56:58 UTC 2013 - darin@darins.net
- Set the correct license
-------------------------------------------------------------------
Tue Mar 26 16:55:12 UTC 2013 - darin@darins.net
- Update license
- rpmlint cleanup
-------------------------------------------------------------------
Thu Feb 21 10:16:34 UTC 2013 - darin@darins.net
- Update to 9.2
- cleaned up .spec
- moved %changelog to .changes
-------------------------------------------------------------------
Thu Mar 3 00:00:00 UTC 2011 - vlado.paskov@gmail.com
- Initial package release.
View Git Blame Copy Permalink