From c7efb1704c68071c106e29cbefa79fc044d94b73e6cf4a1e236e44410d6895c3 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 14 Apr 2021 14:18:20 +0000 Subject: [PATCH 1/4] Add bug reference OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=20 --- postgresql13.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postgresql13.changes b/postgresql13.changes index 2734564..4857e6e 100644 --- a/postgresql13.changes +++ b/postgresql13.changes @@ -2,7 +2,7 @@ Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max - Re-enable build of the llvmjit subpackage on SLE, but it will - only be delivered on PackageHub for now. + only be delivered on PackageHub for now (boo#1183118). ------------------------------------------------------------------- Tue Mar 9 13:52:19 UTC 2021 - Reinhard Max From 910ec4bedb059d866ee0b4ffcb4de603cd9fc82390d82389045a888638461e1d Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 22 Apr 2021 16:03:18 +0000 Subject: [PATCH 2/4] Updating link to change in openSUSE:Factory/postgresql13 revision 8.0 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=21e8b93c147efa4220d2904167292f0d --- postgresql13.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/postgresql13.changes b/postgresql13.changes index 4857e6e..6fb9c7d 100644 --- a/postgresql13.changes +++ b/postgresql13.changes @@ -1,6 +1,12 @@ ------------------------------------------------------------------- Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max +- Re-enable build of the llvmjit subpackage on SLE, but it will + only be delivered on PackageHub for now. + +------------------------------------------------------------------- +Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max + - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (boo#1183118). From 11a5e058a076bf3995a3c889c3fc93bf55d6abd5c7c8ca3c5eb866332a94a823 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 22 Apr 2021 16:03:18 +0000 Subject: [PATCH 3/4] Accepting request 885325 from server:database:postgresql baserev update by copy to link target OBS-URL: https://build.opensuse.org/request/show/885325 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=21 --- postgresql13.changes | 6 ------ 1 file changed, 6 deletions(-) diff --git a/postgresql13.changes b/postgresql13.changes index 6fb9c7d..4857e6e 100644 --- a/postgresql13.changes +++ b/postgresql13.changes @@ -1,12 +1,6 @@ ------------------------------------------------------------------- Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max -- Re-enable build of the llvmjit subpackage on SLE, but it will - only be delivered on PackageHub for now. - -------------------------------------------------------------------- -Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max - - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (boo#1183118). From 87942f240c1078852e536b67f7b91fe18c5389d05946958ee21b8fef81d4d98e Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Fri, 14 May 2021 11:51:10 +0000 Subject: [PATCH 4/4] =?UTF-8?q?-=20Upgrade=20to=20version=2013.3:=20=20=20?= =?UTF-8?q?*=20https://www.postgresql.org/docs/13/release-13-3.html=20=20?= =?UTF-8?q?=20*=20CVE-2021-32027,=20bsc#1185924:=20=20=20=20=20Prevent=20i?= =?UTF-8?q?nteger=20overflows=20in=20array=20subscripting=20calculations.?= =?UTF-8?q?=20=20=20*=20CVE-2021-32028,=20bsc#1185925:=20Fix=20mishandling?= =?UTF-8?q?=20of=20=E2=80=9Cjunk=E2=80=9D=20=20=20=20=20columns=20in=20INS?= =?UTF-8?q?ERT=20...=20ON=20CONFLICT=20...=20UPDATE=20target=20lists.=20?= =?UTF-8?q?=20=20*=20CVE-2021-32029,=20bsc#1185926:=20Fix=20possibly-incor?= =?UTF-8?q?rect=20=20=20=20=20computation=20of=20UPDATE=20...=20RETURNING?= =?UTF-8?q?=20=20=20=20=20"pg=5Fpsql=5Ftemporary=5Fsavepoint"=20does=20not?= =?UTF-8?q?=20exist=E2=80=9D.=20-=20Don't=20use=20%=5Fstop=5Fon=5Fremoval,?= =?UTF-8?q?=20because=20it=20was=20meant=20to=20be=20private=20=20=20and?= =?UTF-8?q?=20got=20removed=20from=20openSUSE.=20%=5Frestart=5Fon=5Fupdate?= =?UTF-8?q?=20is=20also=20=20=20private,=20but=20still=20supported=20and?= =?UTF-8?q?=20needed=20for=20now=20(bsc#1183168).?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=22 --- postgresql-13.2.tar.bz2 | 3 --- postgresql-13.2.tar.bz2.sha256 | 1 - postgresql-13.3.tar.bz2 | 3 +++ postgresql-13.3.tar.bz2.sha256 | 1 + postgresql13.changes | 17 +++++++++++++++++ postgresql13.spec | 8 ++++---- 6 files changed, 25 insertions(+), 8 deletions(-) delete mode 100644 postgresql-13.2.tar.bz2 delete mode 100644 postgresql-13.2.tar.bz2.sha256 create mode 100644 postgresql-13.3.tar.bz2 create mode 100644 postgresql-13.3.tar.bz2.sha256 diff --git a/postgresql-13.2.tar.bz2 b/postgresql-13.2.tar.bz2 deleted file mode 100644 index 14d2e2a..0000000 --- a/postgresql-13.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc -size 21057276 diff --git a/postgresql-13.2.tar.bz2.sha256 b/postgresql-13.2.tar.bz2.sha256 deleted file mode 100644 index f00521c..0000000 --- a/postgresql-13.2.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc postgresql-13.2.tar.bz2 diff --git a/postgresql-13.3.tar.bz2 b/postgresql-13.3.tar.bz2 new file mode 100644 index 0000000..27ec868 --- /dev/null +++ b/postgresql-13.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 +size 21119109 diff --git a/postgresql-13.3.tar.bz2.sha256 b/postgresql-13.3.tar.bz2.sha256 new file mode 100644 index 0000000..946d56e --- /dev/null +++ b/postgresql-13.3.tar.bz2.sha256 @@ -0,0 +1 @@ +3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 postgresql-13.3.tar.bz2 diff --git a/postgresql13.changes b/postgresql13.changes index 4857e6e..e75b3e4 100644 --- a/postgresql13.changes +++ b/postgresql13.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue May 11 13:50:14 UTC 2021 - Reinhard Max + +- Upgrade to version 13.3: + * https://www.postgresql.org/docs/13/release-13-3.html + * CVE-2021-32027, bsc#1185924: + Prevent integer overflows in array subscripting calculations. + * CVE-2021-32028, bsc#1185925: Fix mishandling of “junk” + columns in INSERT ... ON CONFLICT ... UPDATE target lists. + * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect + computation of UPDATE ... RETURNING + "pg_psql_temporary_savepoint" does not exist”. + +- Don't use %_stop_on_removal, because it was meant to be private + and got removed from openSUSE. %_restart_on_update is also + private, but still supported and needed for now (bsc#1183168). + ------------------------------------------------------------------- Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max diff --git a/postgresql13.spec b/postgresql13.spec index d72134b..d697b5d 100644 --- a/postgresql13.spec +++ b/postgresql13.spec @@ -16,7 +16,7 @@ # -%define pgversion 13.2 +%define pgversion 13.3 %define pgmajor 13 %define pgsuffix %pgmajor %define buildlibs 1 @@ -764,10 +764,10 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x %preun server # Stop only when we are uninstalling the currently running version test -n "$FIRST_ARG" || FIRST_ARG="$1" -if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then +if [ "$FIRST_ARG" -eq 0 ]; then %if %{with systemd} - %define stop %_stop_on_removal postgresql.service - eval $(systemctl show postgresql --property=MainPID) + %define stop systemctl stop postgresql.service + eval $(systemctl show postgresql.service --property=MainPID) %else %define stop /sbin/init.d postgresql stop MainPID=$(pidof -s postgres) || :