Commit Graph

101 Commits

Author SHA256 Message Date
Ana Guerrero
69db83cf17 Accepting request 1145273 from server:database:postgresql
- Upgrade to 12.18:
  * bsc#1219679, CVE-2024-0985: Tighten security restrictions
    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
    One step of a concurrent refresh command was run under weak
    security restrictions. If a materialized view's owner could
    persuade a superuser or other high-privileged user to perform a
    concurrent refresh on that view, the view's owner could control
    code executed with the privileges of the user running REFRESH.
    Fix things so that all user-determined code is run as the
    view's owner, as expected
  * If you use GIN indexes, you may need to reindex after updating
    to this release.
  * LLVM 18 is now supported.
  * https://www.postgresql.org/docs/release/12.18/

- Update to 12.17:
  * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
    arguments in DISTINCT "any" aggregate functions. This error led
    to a text-type value being interpreted as an unknown-type value
    (that is, a zero-terminated string) at runtime. This could
    result in disclosure of server memory following the text value.
  * bsc#1216961, CVE-2023-5869: Detect integer overflow while
    computing new array dimensions. When assigning new elements to
    array subscripts that are outside the current array bounds, an
    undetected integer overflow could occur in edge cases. Memory
    stomps that are potentially exploitable for arbitrary code
    execution are possible, and so is disclosure of server memory.
  * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
    from signalling background workers and autovacuum processes.
    The documentation says that pg_signal_backend cannot issue

OBS-URL: https://build.opensuse.org/request/show/1145273
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=32
2024-02-09 22:52:58 +00:00
Reinhard Max
2e2b4a38db - Upgrade to 12.18:
* bsc#1219679, CVE-2024-0985: Tighten security restrictions
    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
    One step of a concurrent refresh command was run under weak
    security restrictions. If a materialized view's owner could
    persuade a superuser or other high-privileged user to perform a
    concurrent refresh on that view, the view's owner could control
    code executed with the privileges of the user running REFRESH.
    Fix things so that all user-determined code is run as the
    view's owner, as expected
  * If you use GIN indexes, you may need to reindex after updating
    to this release.
  * LLVM 18 is now supported.
  * https://www.postgresql.org/docs/release/12.18/

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=94
2024-02-08 15:26:36 +00:00
Reinhard Max
6923d19d72 November 2023 Security Updates
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=93
2023-11-09 14:43:25 +00:00
Ana Guerrero
9535d3dc2f Accepting request 1121432 from server:database:postgresql
Revert last change and make the devel package independend

OBS-URL: https://build.opensuse.org/request/show/1121432
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=31
2023-10-31 19:26:30 +00:00
Reinhard Max
9e5cf987b7 - boo#1216734: Revert the last change and make the devel package
independend of all other subpackages except for the libs.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=91
2023-10-31 11:05:07 +00:00
Ana Guerrero
b4ae1bfbbc Accepting request 1120253 from server:database:postgresql
- boo#1216022: Call install-alternatives from the devel subpackage
  as well, otherwise the symlink for ecpg might be missing.

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

OBS-URL: https://build.opensuse.org/request/show/1120253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=30
2023-10-25 16:04:49 +00:00
Reinhard Max
70f264061c OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=89 2023-10-10 14:54:09 +00:00
Reinhard Max
1a20e3016b - boo#1216022: Call install-alternatives from the devel subpackage
as well, otherwise the symlink for ecpg might be missing.

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=88
2023-10-10 13:13:29 +00:00
Dominique Leuenberger
527f9ebcd6 Accepting request 1103350 from server:database:postgresql
- Update to 12.16:
  * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * https://www.postgresql.org/docs/12/release-12-16.html

- Restore the independence of mini builds from the main build after
  the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.

- Overhaul postgresql-README.SUSE and move it from the binary
  package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.

OBS-URL: https://build.opensuse.org/request/show/1103350
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=29
2023-08-11 13:55:42 +00:00
Reinhard Max
0c9821a301 - Update to 12.16:
* bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * https://www.postgresql.org/docs/12/release-12-16.html

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=86
2023-08-10 15:25:53 +00:00
Reinhard Max
383c21ac44 - Restore the independence of mini builds from the main build after
the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=85
2023-05-26 12:03:32 +00:00
Reinhard Max
581cdd5cc5 - Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=84
2023-05-15 14:55:37 +00:00
Dominique Leuenberger
f082e4eca2 Accepting request 1086557 from server:database:postgresql
- Update to 12.15:
  * bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/about/news/2637/
  * https://www.postgresql.org/docs/12/release-12-15.html

OBS-URL: https://build.opensuse.org/request/show/1086557
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=28
2023-05-12 18:37:16 +00:00
Reinhard Max
6ae799d8be - Update to 12.15:
* bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/about/news/2637/
  * https://www.postgresql.org/docs/12/release-12-15.html

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=82
2023-05-11 13:19:45 +00:00
Dominique Leuenberger
0143c2463f Accepting request 1081148 from server:database:postgresql
- bsc#1210303: Stop using the obsolete internal %_restart_on_update
  macro and drop support for sysv init to simplify the scriptlets.

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.

OBS-URL: https://build.opensuse.org/request/show/1081148
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=27
2023-04-21 12:17:48 +00:00
Reinhard Max
fde8e83a71 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=80 2023-04-19 13:27:02 +00:00
Reinhard Max
79bc144101 - bsc#1210303: Stop using the obsolete internal %_restart_on_update
macro and drop support for sysv init to simplify the scriptlets.

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=79
2023-04-18 14:04:58 +00:00
Dominique Leuenberger
8f75499fa8 Accepting request 1064057 from server:database:postgresql
- Update to 12.14:
  * CVE-2022-41862, bsc#1208102: memory leak in libpq
  * https://www.postgresql.org/about/news/2592/
  * https://www.postgresql.org/docs/12/release-12-14.html
- Bump latest_supported_llvm_ver to 15.

OBS-URL: https://build.opensuse.org/request/show/1064057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=26
2023-02-10 13:33:54 +00:00
Reinhard Max
9da35c824e - Update to 12.14:
* CVE-2022-41862, bsc#1208102: memory leak in libpq
  * https://www.postgresql.org/about/news/2592/
  * https://www.postgresql.org/docs/12/release-12-14.html
- Bump latest_supported_llvm_ver to 15.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=77
2023-02-09 14:39:22 +00:00
Dominique Leuenberger
4a707c7267 Accepting request 1035216 from server:database:postgresql
- bsc#1205300: Update to 12.13:
  * https://www.postgresql.org/about/news/2543/
  * https://www.postgresql.org/docs/12/release-12-13.html
- Sync spec file with postgresql15.

OBS-URL: https://build.opensuse.org/request/show/1035216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=25
2022-11-12 16:40:39 +00:00
Reinhard Max
290ea0293c - bsc#1205300: Update to 12.13:
* https://www.postgresql.org/about/news/2543/
  * https://www.postgresql.org/docs/12/release-12-13.html
- Sync spec file with postgresql15.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=75
2022-11-10 16:35:13 +00:00
Richard Brown
6d8dfc2516 Accepting request 1006685 from server:database:postgresql
- Create mechanism to specify the latest supported LLVM version.
  Automatically pin to that version if the distribution has a newer
  unsupported default version.
- Sync spec file with postgresql15.
- Disable LLVM JIT on riscv64

OBS-URL: https://build.opensuse.org/request/show/1006685
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=24
2022-10-04 18:37:28 +00:00
Reinhard Max
5224d7ae28 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=73 2022-09-23 16:03:25 +00:00
Reinhard Max
9aed76975f - Sync spec file with postgresql15.
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=72
2022-09-23 14:12:50 +00:00
Reinhard Max
9805c47fe5 - Add generic mechanism to pin to latest supported LLVM version.
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=71
2022-09-23 12:44:56 +00:00
Reinhard Max
bf8c3b5bee Accepting request 1003030 from openSUSE:Factory:RISCV
- Disable LLVM JIT on riscv64

OBS-URL: https://build.opensuse.org/request/show/1003030
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=70
2022-09-13 11:52:41 +00:00
Dominique Leuenberger
8e9558be49 Accepting request 995183 from server:database:postgresql
- - Update to 12.12:
  * bsc#1202368, CVE-2022-2625: Extension scripts replace objects
    not belonging to the extension.
  * https://www.postgresql.org/docs/release/12.12/

OBS-URL: https://build.opensuse.org/request/show/995183
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=23
2022-08-16 15:06:42 +00:00
Reinhard Max
8bb87708c2 - - Update to 12.12:
* bsc#1202368, CVE-2022-2625: Extension scripts replace objects
    not belonging to the extension.
  * https://www.postgresql.org/docs/release/12.12/

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=68
2022-08-15 09:56:25 +00:00
Dominique Leuenberger
004b297213 Accepting request 977047 from server:database:postgresql
- Update to 12.11:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "security restricted operation" sandboxes.
  * https://www.postgresql.org/docs/12/release-12-11.html

OBS-URL: https://build.opensuse.org/request/show/977047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=22
2022-05-14 20:54:44 +00:00
Reinhard Max
bd272e6ae4 - Update to 12.11:
* bsc#1199475, CVE-2022-1552: Confine additional operations
    within "security restricted operation" sandboxes.
  * https://www.postgresql.org/docs/12/release-12-11.html
  * https://www.postgresql.org/docs/12/release-12-9.html

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=66
2022-05-12 14:52:46 +00:00
Dominique Leuenberger
7ae7d8348d Accepting request 969863 from server:database:postgresql
- bsc#1198166: Pin to llvm13 until the next patchlevel update.

- bsc#1195680: Upgrade to 12.10:
  * https://www.postgresql.org/docs/12/release-12-10.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.
- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround

OBS-URL: https://build.opensuse.org/request/show/969863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=21
2022-04-14 15:23:00 +00:00
Reinhard Max
897680f1c8 - bsc#1198166: Pin to llvm13 until the next patchlevel update.
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=64
2022-04-13 12:22:11 +00:00
Reinhard Max
132983986f - bsc#1195680: Upgrade to 12.10:
* https://www.postgresql.org/docs/12/release-12-10.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.
- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=63
2022-02-10 15:27:35 +00:00
Dominique Leuenberger
0df12f1a0c Accepting request 935206 from server:database:postgresql
- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions. 
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.

OBS-URL: https://build.opensuse.org/request/show/935206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=20
2021-12-06 22:59:25 +00:00
Reinhard Max
98305df086 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=62 2021-12-02 13:44:40 +00:00
Reinhard Max
5c98a5fbfa OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=61 2021-11-30 19:04:11 +00:00
Reinhard Max
f45f54fc58 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=60 2021-11-30 17:13:25 +00:00
Reinhard Max
b438339ef4 - Add a llvmjit-devel subpackage to pull in the right versions
of clang and llvm for building extensions.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=59
2021-11-30 16:50:45 +00:00
Dominique Leuenberger
e5a3caf233 Accepting request 930951 from server:database:postgresql
- bsc#1192516: Upgrade to version 12.9:
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/12/release-12-0.html

OBS-URL: https://build.opensuse.org/request/show/930951
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=19
2021-11-13 21:48:10 +00:00
Reinhard Max
34f0cffed2 - bsc#1192516: Upgrade to version 12.9:
* Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/12/release-12-0.html

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=58
2021-11-11 14:44:37 +00:00
Reinhard Max
160833f625 - boo#1190740: Add constraints file with 8GB memory for s390x as
a workaround for a memory issue with LLVM

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=57
2021-10-21 15:49:58 +00:00
Dominique Leuenberger
24230bb91f Accepting request 923704 from server:database:postgresql
- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
  is unclear. This affects only the test subpackage.

OBS-URL: https://build.opensuse.org/request/show/923704
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=18
2021-10-12 19:48:02 +00:00
Reinhard Max
7421b994f5 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=56 2021-10-05 12:23:17 +00:00
Reinhard Max
56e55fb99e OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=55 2021-10-05 11:43:41 +00:00
Reinhard Max
5e0b2cbf48 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=54 2021-10-05 11:27:36 +00:00
Reinhard Max
a14408b01b - Let genlists skip non-existing binaries to avoid lots of version
conditionals in the file lists.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=53
2021-09-27 14:16:03 +00:00
Dominique Leuenberger
54827c9569 Accepting request 917541 from server:database:postgresql
- bsc#1185952: fix build with llvm12 on s390x.
  0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch 
- bsc#1179945: Re-enable icu for PostgreSQL 10.

- Upgrade to version 12.8:
  * https://www.postgresql.org/docs/12/release-12-8.html
  * CVE-2021-3677 (boo#1189748)
    The planner could create an incorrect plan in cases where two
    ProjectionPaths were stacked on top of each other. The only
    known way to trigger that situation involves parallel sort
    operations, but there may be other instances. The result would
    be crashes or incorrect query results. Disclosure of server
    memory contents is also possible.

- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
  llvm and clang optional (postgresql-llvm-optional.patch).

OBS-URL: https://build.opensuse.org/request/show/917541
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql12?expand=0&rev=17
2021-09-13 14:24:17 +00:00
Reinhard Max
f596acf83c OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=52 2021-08-31 16:14:13 +00:00
Reinhard Max
9728ec8991 - bsc#1179945: Re-enable icu for PostgreSQL 10.
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=51
2021-08-31 14:26:25 +00:00
Reinhard Max
8d6c053616 - bsc#1185952: fix build with llvm12 on s390x.
0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=50
2021-08-31 11:46:19 +00:00