Accepting request 848146 from server:database:postgresql

- Upgrade to version 12.5:
  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
    and firing of deferred triggers within index expressions and
    materialized view queries.
  * CVE-2020-25694, bsc#1178667:
    a) Fix usage of complex connection-string parameters in pg_dump,
    pg_restore, clusterdb, reindexdb, and vacuumdb.
    b) When psql's \connect command re-uses connection parameters,
    ensure that all non-overridden parameters from a previous
    connection string are re-used.
  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
    modifying specially-treated variables.
  * Fix recently-added timetz test case so it works when the USA
    is not observing daylight savings time.
    (obsoletes postgresql-timetz.patch)
  * https://www.postgresql.org/about/news/2111/
  * https://www.postgresql.org/docs/12/release-12-5.html

OBS-URL: https://build.opensuse.org/request/show/848146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=9

postgresql-12.4.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc
-size 20669776

postgresql-12.4.tar.bz2.sha256

@@ -1 +0,0 @@
-bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc  postgresql-12.4.tar.bz2

postgresql-12.5.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95
+size 20729654

postgresql-12.5.tar.bz2.sha256

@@ -0,0 +1 @@
+bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95  postgresql-12.5.tar.bz2

postgresql-timetz.patch

@@ -1,109 +0,0 @@
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Thu, 29 Oct 2020 19:28:14 +0000 (-0400)
-Subject: Stabilize timetz test across DST transitions.
-X-Git-Url: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff_plain;h=4a071afbd056282746a5bc9362e87f579a56402d;hp=f90149e6285aaae6b48559afce1bd638ee26c33e
-
-Stabilize timetz test across DST transitions.
-
-The timetz test cases I added in commit a9632830b were unintentionally
-sensitive to whether or not DST is active in the PST8PDT time zone.
-Thus, they'll start failing this coming weekend, as reported by
-Bernhard M. Wiedemann in bug #16689.  Fortunately, DST-awareness is
-not significant to the purpose of these test cases, so we can just
-force them all to PDT (DST hours) to preserve stability of the
-results.
-
-Back-patch to v10, as the prior patch was.
-
-Discussion: https://postgr.es/m/16689-57701daa23b377bf@postgresql.org
----
-
---- src/test/regress/expected/timetz.out.orig
-+++ src/test/regress/expected/timetz.out
-@@ -91,45 +91,45 @@ SELECT f1 AS "Ten" FROM TIMETZ_TBL WHERE
- (12 rows)
- 
- -- Check edge cases
--SELECT '23:59:59.999999'::timetz;
-+SELECT '23:59:59.999999 PDT'::timetz;
-        timetz       
- --------------------
-  23:59:59.999999-07
- (1 row)
- 
--SELECT '23:59:59.9999999'::timetz;  -- rounds up
-+SELECT '23:59:59.9999999 PDT'::timetz;  -- rounds up
-    timetz    
- -------------
-  24:00:00-07
- (1 row)
- 
--SELECT '23:59:60'::timetz;  -- rounds up
-+SELECT '23:59:60 PDT'::timetz;  -- rounds up
-    timetz    
- -------------
-  24:00:00-07
- (1 row)
- 
--SELECT '24:00:00'::timetz;  -- allowed
-+SELECT '24:00:00 PDT'::timetz;  -- allowed
-    timetz    
- -------------
-  24:00:00-07
- (1 row)
- 
--SELECT '24:00:00.01'::timetz;  -- not allowed
--ERROR:  date/time field value out of range: "24:00:00.01"
--LINE 1: SELECT '24:00:00.01'::timetz;
-+SELECT '24:00:00.01 PDT'::timetz;  -- not allowed
-+ERROR:  date/time field value out of range: "24:00:00.01 PDT"
-+LINE 1: SELECT '24:00:00.01 PDT'::timetz;
-                ^
--SELECT '23:59:60.01'::timetz;  -- not allowed
--ERROR:  date/time field value out of range: "23:59:60.01"
--LINE 1: SELECT '23:59:60.01'::timetz;
-+SELECT '23:59:60.01 PDT'::timetz;  -- not allowed
-+ERROR:  date/time field value out of range: "23:59:60.01 PDT"
-+LINE 1: SELECT '23:59:60.01 PDT'::timetz;
-                ^
--SELECT '24:01:00'::timetz;  -- not allowed
--ERROR:  date/time field value out of range: "24:01:00"
--LINE 1: SELECT '24:01:00'::timetz;
-+SELECT '24:01:00 PDT'::timetz;  -- not allowed
-+ERROR:  date/time field value out of range: "24:01:00 PDT"
-+LINE 1: SELECT '24:01:00 PDT'::timetz;
-                ^
--SELECT '25:00:00'::timetz;  -- not allowed
--ERROR:  date/time field value out of range: "25:00:00"
--LINE 1: SELECT '25:00:00'::timetz;
-+SELECT '25:00:00 PDT'::timetz;  -- not allowed
-+ERROR:  date/time field value out of range: "25:00:00 PDT"
-+LINE 1: SELECT '25:00:00 PDT'::timetz;
-                ^
- --
- -- TIME simple math
---- src/test/regress/sql/timetz.sql.orig
-+++ src/test/regress/sql/timetz.sql
-@@ -36,14 +36,14 @@ SELECT f1 AS "None" FROM TIMETZ_TBL WHER
- SELECT f1 AS "Ten" FROM TIMETZ_TBL WHERE f1 >= '00:00-07';
- 
- -- Check edge cases
--SELECT '23:59:59.999999'::timetz;
--SELECT '23:59:59.9999999'::timetz;  -- rounds up
--SELECT '23:59:60'::timetz;  -- rounds up
--SELECT '24:00:00'::timetz;  -- allowed
--SELECT '24:00:00.01'::timetz;  -- not allowed
--SELECT '23:59:60.01'::timetz;  -- not allowed
--SELECT '24:01:00'::timetz;  -- not allowed
--SELECT '25:00:00'::timetz;  -- not allowed
-+SELECT '23:59:59.999999 PDT'::timetz;
-+SELECT '23:59:59.9999999 PDT'::timetz;  -- rounds up
-+SELECT '23:59:60 PDT'::timetz;  -- rounds up
-+SELECT '24:00:00 PDT'::timetz;  -- allowed
-+SELECT '24:00:00.01 PDT'::timetz;  -- not allowed
-+SELECT '23:59:60.01 PDT'::timetz;  -- not allowed
-+SELECT '24:01:00 PDT'::timetz;  -- not allowed
-+SELECT '25:00:00 PDT'::timetz;  -- not allowed
- 
- --
- -- TIME simple math

postgresql12.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Nov 11 12:04:35 UTC 2020 - Reinhard Max <max@suse.com>
+
+- Upgrade to version 12.5:
+  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
+    and firing of deferred triggers within index expressions and
+    materialized view queries.
+  * CVE-2020-25694, bsc#1178667:
+    a) Fix usage of complex connection-string parameters in pg_dump,
+    pg_restore, clusterdb, reindexdb, and vacuumdb.
+    b) When psql's \connect command re-uses connection parameters,
+    ensure that all non-overridden parameters from a previous
+    connection string are re-used.
+  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
+    modifying specially-treated variables.
+  * Fix recently-added timetz test case so it works when the USA
+    is not observing daylight savings time.
+    (obsoletes postgresql-timetz.patch)
+  * https://www.postgresql.org/about/news/2111/
+  * https://www.postgresql.org/docs/12/release-12-5.html
+
 -------------------------------------------------------------------
 Tue Nov  3 13:54:38 UTC 2020 - Reinhard Max <max@suse.com>
 

postgresql12.spec

@@ -16,7 +16,7 @@
 #
 
 
-%define pgversion 12.4
+%define pgversion 12.5
 %define pgmajor 12
 %define pgsuffix %pgmajor
 %define buildlibs 0
@@ -141,7 +141,6 @@ Patch4:         postgresql-plperl-keep-rpath.patch
 Patch6:         postgresql-testsuite-int8.sql.patch
 Patch8:         postgresql-testsuite-keep-results-file.patch
 Patch9:         postgresql-var-run-socket.patch
-Patch10:        postgresql-timetz.patch
 URL:            https://www.postgresql.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Provides:       postgresql = %version-%release
@@ -449,7 +448,6 @@ touch -r configure tmp
 %patch6
 %patch8 -p1
 %patch9
-%patch10
 touch -r tmp configure
 rm tmp
 find src/test/ -name '*.orig' -delete
@@ -623,20 +621,23 @@ genlists main \
 	vacuumdb \
 	reindexdb \
 	pg_basebackup \
-%if %pgsuffix < 90
-	pg_receivewal \
-%else
+	pg_isready \
+	pg_recvlogical \
+%if %pgsuffix >= 90
 	createlang \
 	droplang \
 	pg_receivexlog \
-%endif
-	pg_isready \
-	pg_recvlogical \
+%else
+	pg_receivewal \
 %if %pgsuffix == 11
 	pg_verify_checksums \
 %endif
-%if %pgsuffix == 12
-	pg_checksums
+%if %pgsuffix >= 12
+	pg_checksums \
+%endif
+%if %pgsuffix >= 13
+	pg_verifybackup
+%endif
 %endif
 
 %find_lang plpgsql-$VLANG main.files