dd867a2851
- Pull upstream patch to fix tests with timezone 2024b * postgresql-testsuite-timezone-fix.patch OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=107
466 lines
20 KiB
Plaintext
466 lines
20 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Nov 5 14:02:55 UTC 2024 - Reinhard Max <max@suse.com>
|
|
|
|
- Sync spec file from postgresql17.
|
|
- Pull upstream patch to fix tests with timezone 2024b
|
|
* postgresql-testsuite-timezone-fix.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 10 14:14:40 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Upgrade to 12.20 (bsc#1229013):
|
|
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
|
|
during pg_dump executes arbitrary SQL
|
|
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
|
|
* https://www.postgresql.org/docs/release/12.20/
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 8 14:16:55 UTC 2024 - Reinhard Max <max@suse.com>
|
|
|
|
- Upgrade to 12.19 (bsc#1224051):
|
|
* Fix incompatibility with LLVM 18.
|
|
* https://www.postgresql.org/docs/release/12.19/
|
|
- Prepare for PostgreSQL 17.
|
|
- Make sure all compilation and doc generation happens in %build.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>
|
|
|
|
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 7 15:04:40 UTC 2024 - Sarah Kriesch <sarah.kriesch@opensuse.org>
|
|
|
|
- Remove constraints file because improved memory usage for s390x
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 29 14:38:15 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Use %patch -P N instead of deprecated %patchN.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 8 14:32:50 UTC 2024 - Reinhard Max <max@suse.com>
|
|
|
|
- Upgrade to 12.18:
|
|
* bsc#1219679, CVE-2024-0985: Tighten security restrictions
|
|
within REFRESH MATERIALIZED VIEW CONCURRENTLY.
|
|
One step of a concurrent refresh command was run under weak
|
|
security restrictions. If a materialized view's owner could
|
|
persuade a superuser or other high-privileged user to perform a
|
|
concurrent refresh on that view, the view's owner could control
|
|
code executed with the privileges of the user running REFRESH.
|
|
Fix things so that all user-determined code is run as the
|
|
view's owner, as expected
|
|
* If you use GIN indexes, you may need to reindex after updating
|
|
to this release.
|
|
* LLVM 18 is now supported.
|
|
* https://www.postgresql.org/docs/release/12.18/
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 8 14:37:39 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Update to 12.17:
|
|
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
|
|
arguments in DISTINCT "any" aggregate functions. This error led
|
|
to a text-type value being interpreted as an unknown-type value
|
|
(that is, a zero-terminated string) at runtime. This could
|
|
result in disclosure of server memory following the text value.
|
|
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
|
|
computing new array dimensions. When assigning new elements to
|
|
array subscripts that are outside the current array bounds, an
|
|
undetected integer overflow could occur in edge cases. Memory
|
|
stomps that are potentially exploitable for arbitrary code
|
|
execution are possible, and so is disclosure of server memory.
|
|
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
|
|
from signalling background workers and autovacuum processes.
|
|
The documentation says that pg_signal_backend cannot issue
|
|
signals to superuser-owned processes. It was able to signal
|
|
these background processes, though, because they advertise a
|
|
role OID of zero. Treat that as indicating superuser ownership.
|
|
The security implications of cancelling one of these process
|
|
types are fairly small so far as the core code goes (we'll just
|
|
start another one), but extensions might add background workers
|
|
that are more vulnerable.
|
|
Also ensure that the is_superuser parameter is set correctly in
|
|
such processes. No specific security consequences are known for
|
|
that oversight, but it might be significant for some extensions.
|
|
* Add support for LLVM 16 and 17
|
|
* https://www.postgresql.org/docs/12/release-12-17.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- boo#1216734: Revert the last change and make the devel package
|
|
independend of all other subpackages except for the libs.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 10 12:49:02 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- boo#1216022: Call install-alternatives from the devel subpackage
|
|
as well, otherwise the symlink for ecpg might be missing.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 18 15:24:14 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Also buildignore the postgresql*-implementation symbols: this is
|
|
needed in order to bootstrap when no postgresql version currently
|
|
has valid symbols provided. Once the packages are built, OBS
|
|
could translate this to the pgname-* packages and accept the
|
|
ignores; during bootstrap though, there is nothing providing the
|
|
symbol and the existing buildignores do not suffice.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 9 10:25:49 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Update to 12.16:
|
|
* bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
|
|
owner name into an extension script if the name contains a
|
|
quote, backslash, or dollar sign.
|
|
* https://www.postgresql.org/docs/12/release-12-16.html
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 26 11:48:38 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Restore the independence of mini builds from the main build after
|
|
the -mini name change from April 4, 2023.
|
|
- Adjust icu handling to prepare for PostgreSQL 16.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 15 14:22:59 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Overhaul postgresql-README.SUSE and move it from the binary
|
|
package to the noarch wrapper package.
|
|
- Change the unix domain socket location from /var/run to /run.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 10 13:05:58 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Update to 12.15:
|
|
* bsc#1211228, CVE-2023-2454:
|
|
Prevent CREATE SCHEMA from defeating changes in search_path
|
|
* bsc#1211229, CVE-2023-2455: Enforce row-level security
|
|
policies correctly after inlining a set-returning function
|
|
* https://www.postgresql.org/about/news/2637/
|
|
* https://www.postgresql.org/docs/12/release-12-15.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 18 09:05:09 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1210303: Stop using the obsolete internal %_restart_on_update
|
|
macro and drop support for sysv init to simplify the scriptlets.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 4 10:57:41 UTC 2023 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
- Include -mini in Name: to avoid conflicts in the source package
|
|
name and OBS internal dependency tracking.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 9 12:03:07 UTC 2023 - Reinhard Max <max@suse.com>
|
|
|
|
- Update to 12.14:
|
|
* CVE-2022-41862, bsc#1208102: memory leak in libpq
|
|
* https://www.postgresql.org/about/news/2592/
|
|
* https://www.postgresql.org/docs/12/release-12-14.html
|
|
- Bump latest_supported_llvm_ver to 15.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 10 16:29:10 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1205300: Update to 12.13:
|
|
* https://www.postgresql.org/about/news/2543/
|
|
* https://www.postgresql.org/docs/12/release-12-13.html
|
|
- Sync spec file with postgresql15.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 22 21:26:36 UTC 2022 - Aaron Puchert <aaronpuchert@alice-dsl.net>
|
|
|
|
- Create mechanism to specify the latest supported LLVM version.
|
|
Automatically pin to that version if the distribution has a newer
|
|
unsupported default version.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 13 12:37:53 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- Sync spec file with postgresql15.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 12 07:52:42 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
|
|
|
- Disable LLVM JIT on riscv64
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 12 11:12:47 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- - Update to 12.12:
|
|
* bsc#1202368, CVE-2022-2625: Extension scripts replace objects
|
|
not belonging to the extension.
|
|
* https://www.postgresql.org/docs/release/12.12/
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 10:55:58 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- Update to 12.11:
|
|
* bsc#1199475, CVE-2022-1552: Confine additional operations
|
|
within "security restricted operation" sandboxes.
|
|
* https://www.postgresql.org/docs/12/release-12-11.html
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 13 12:17:48 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1198166: Pin to llvm13 until the next patchlevel update.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 8 15:18:19 UTC 2022 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1195680: Upgrade to 12.10:
|
|
* https://www.postgresql.org/docs/12/release-12-10.html
|
|
* Reindexing might be needed after applying this upgrade, so
|
|
please read the release notes carefully.
|
|
- boo#1190740: Add constraints file with 12GB of memory for s390x
|
|
as a workaround
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 25 11:02:15 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- Add a llvmjit-devel subpackage to pull in the right versions
|
|
of clang and llvm for building extensions.
|
|
- Fix some mistakes in the interdependencies between the
|
|
implementation packages and their noarch counterpart.
|
|
- Update the BuildIgnore section.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 10 18:07:22 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1192516: Upgrade to version 12.9:
|
|
* Make the server reject extraneous data after an SSL or GSS
|
|
encryption handshake (CVE-2021-23214).
|
|
* Make libpq reject extraneous data after an SSL or GSS
|
|
encryption handshake (CVE-2021-23222).
|
|
* https://www.postgresql.org/docs/12/release-12-9.html
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 27 14:15:20 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- Let genlists skip non-existing binaries to avoid lots of version
|
|
conditionals in the file lists.
|
|
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
|
|
is unclear. This affects only the test subpackage.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 31 11:14:53 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1185952: fix build with llvm12 on s390x.
|
|
0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
|
|
- bsc#1179945: Re-enable icu for PostgreSQL 10.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 24 13:01:54 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Upgrade to version 12.8:
|
|
* https://www.postgresql.org/docs/12/release-12-8.html
|
|
* CVE-2021-3677 (boo#1189748)
|
|
The planner could create an incorrect plan in cases where two
|
|
ProjectionPaths were stacked on top of each other. The only
|
|
known way to trigger that situation involves parallel sort
|
|
operations, but there may be other instances. The result would
|
|
be crashes or incorrect query results. Disclosure of server
|
|
memory contents is also possible.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 2 07:47:15 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
|
|
llvm and clang optional (postgresql-llvm-optional.patch).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 19 15:24:24 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
|
|
Use llvm11 as a workaround.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 11 16:19:19 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- Upgrade to version 12.7:
|
|
* https://www.postgresql.org/docs/12/release-12-7.html
|
|
* CVE-2021-32027, bsc#1185924:
|
|
Prevent integer overflows in array subscripting calculations.
|
|
* CVE-2021-32028, bsc#1185925: Fix mishandling of “junk”
|
|
columns in INSERT ... ON CONFLICT ... UPDATE target lists.
|
|
* CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
|
|
computation of UPDATE ... RETURNING
|
|
"pg_psql_temporary_savepoint" does not exist”.
|
|
|
|
- Don't use %_stop_on_removal, because it was meant to be private
|
|
and got removed from openSUSE. %_restart_on_update is also
|
|
private, but still supported and needed for now (bsc#1183168).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- Re-enable build of the llvmjit subpackage on SLE, but it will
|
|
only be delivered on PackageHub for now (boo#1183118).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 9 13:52:19 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- Remove leftover PreReq on chkconfig, we stopped using it long
|
|
time ago.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 19 15:30:08 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 10 13:32:07 UTC 2021 - Reinhard Max <max@suse.com>
|
|
|
|
Upgrade to version 12.6:
|
|
* https://www.postgresql.org/docs/12/release-12-6.html
|
|
* Reindexing might be needed after applying this update.
|
|
* CVE-2021-3393, bsc#1182040: Fix information leakage in
|
|
constraint-violation error messages.
|
|
* Obsoletes postgresql-icu68.patch.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 14 16:19:33 UTC 2020 - Callum Farmer <gmbr3@opensuse.org>
|
|
|
|
- Add postgresql-icu68.patch: fix build with ICU 68
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 20 11:51:37 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
|
|
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
|
|
them to avoid dangling symlinks in the devel package.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 11 12:04:35 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Upgrade to version 12.5:
|
|
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
|
|
and firing of deferred triggers within index expressions and
|
|
materialized view queries.
|
|
* CVE-2020-25694, bsc#1178667:
|
|
a) Fix usage of complex connection-string parameters in pg_dump,
|
|
pg_restore, clusterdb, reindexdb, and vacuumdb.
|
|
b) When psql's \connect command re-uses connection parameters,
|
|
ensure that all non-overridden parameters from a previous
|
|
connection string are re-used.
|
|
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
|
|
modifying specially-treated variables.
|
|
* Fix recently-added timetz test case so it works when the USA
|
|
is not observing daylight savings time.
|
|
(obsoletes postgresql-timetz.patch)
|
|
* https://www.postgresql.org/about/news/2111/
|
|
* https://www.postgresql.org/docs/12/release-12-5.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 3 13:54:38 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Fix a DST problem in the test suite: postgresql-timetz.patch
|
|
https://postgr.es/m/16689-57701daa23b377bf@postgresql.org
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 25 07:34:28 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Stop building the mini and lib packages as they are now coming
|
|
from postgresql13.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 13 12:01:34 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- update to 12.4:
|
|
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
|
|
logical replication walsenders and apply workers
|
|
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
|
|
scripts more secure.
|
|
* https://www.postgresql.org/docs/12/release-12-4.html
|
|
- Remove postgresql-regress.patch, it does not apply anymore and
|
|
it does not seem to be needed anymore.
|
|
- Pack the /usr/lib/postgresql symlink only into the main package.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 16 12:21:43 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get
|
|
a clean and complete cutover to the new packaging schema.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 3 17:36:27 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- update to 12.3 (bsc#1171924).
|
|
https://www.postgresql.org/about/news/2038/
|
|
https://www.postgresql.org/docs/12/release-12-3.html
|
|
- Unify the spec file to work across all current PostgreSQL
|
|
versions to simplify future maintenance.
|
|
- Move from the "libs" build flavour to a "mini" package that will
|
|
only be used inside the build service and not get shipped, to
|
|
avoid confusion with the debuginfo packages (bsc#1148643).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 15 10:13:58 UTC 2020 - Namor Barcode <z1trus@gmx.com>
|
|
|
|
- update to 12.3
|
|
https://www.postgresql.org/about/news/2038/
|
|
https://www.postgresql.org/docs/12/release-12-3.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 31 14:23:52 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Temporarily disable JIT support on SLE until support status of
|
|
clang has been clarified.
|
|
- We only need clang for LLVM, not clang-devel.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 27 08:58:37 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Fix a few mistakes in the spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 15 03:02:07 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 12.2 (CVE-2020-1720)
|
|
https://www.postgresql.org/about/news/2011/
|
|
https://www.postgresql.org/docs/12/release-12-2.html
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 14 07:53:46 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Disable explicitly armv8 CRC for %arm, as we use some armv8
|
|
workers for armv6/7 builds which is confusing configure script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 11 04:15:40 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
|
|
|
- Avoid the dependency from the devel package to the main package.
|
|
devel packages are exclusive, thus ecpg does not require
|
|
update-alternatives.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 6 17:13:41 UTC 2020 - Reinhard Max <max@suse.com>
|
|
|
|
- Remove unused build dependencies from the client libs package:
|
|
LVM, icu, selinux, systemd.
|
|
- Drop conditionals for suse_version 1110/1120.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 20 14:46:29 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 12.1
|
|
https://www.postgresql.org/docs/12/release-12-1.html
|
|
https://www.postgresql.org/about/news/1994/
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 22 16:50:55 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- add requires to the server-devel package for the libs that are
|
|
returned by pg_config --libs
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 7 09:03:24 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- initial package for the postgresql 12 branch
|
|
https://www.postgresql.org/about/news/1976/
|