------------------------------------------------------------------- Fri Aug 12 11:16:34 UTC 2022 - Reinhard Max - Update to 13.8: * bsc#1202368, CVE-2022-2625: Extension scripts replace objects not belonging to the extension. * https://www.postgresql.org/docs/release/13.8/ ------------------------------------------------------------------- Thu May 12 10:45:07 UTC 2022 - Reinhard Max - Upgrade to 13.7: * bsc#1199475, CVE-2022-1552: Confine additional operations within "security restricted operation" sandboxes. * https://www.postgresql.org/docs/13/release-13-7.html ------------------------------------------------------------------- Wed Apr 13 12:17:48 UTC 2022 - Reinhard Max - bsc#1198166: Pin to llvm13 until the next patchlevel update. ------------------------------------------------------------------- Tue Feb 8 14:23:38 UTC 2022 - Reinhard Max - bsc#1195680: Upgrade to 13.6: * https://www.postgresql.org/docs/13/release-13-6.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - boo#1190740: Add constraints file with 12GB of memory for s390x as a workaround ------------------------------------------------------------------- Thu Nov 25 11:02:15 UTC 2021 - Reinhard Max - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ------------------------------------------------------------------- Wed Nov 10 18:04:28 UTC 2021 - Reinhard Max - bsc#1192516: Upgrade to 13.5: * Make the server reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23214). * Make libpq reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23222). * https://www.postgresql.org/docs/13/release-13-5.html ------------------------------------------------------------------- Mon Sep 27 13:58:17 UTC 2021 - Reinhard Max - Stop building the mini and lib packages as they are now coming from postgresql14. - Let genlists skip non-existing binaries to avoid lots of version conditionals in the file lists. - Remove postgresql-testsuite-int8.sql.patch, because its purpose is unclear. This affects only the test subpackage. ------------------------------------------------------------------- Tue Aug 31 11:14:53 UTC 2021 - Reinhard Max - bsc#1185952: fix build with llvm12 on s390x. 0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch - bsc#1179945: Re-enable icu for PostgreSQL 10. ------------------------------------------------------------------- Tue Aug 24 12:45:53 UTC 2021 - Marcus Rueckert - Upgrade to version 13.4: https://www.postgresql.org/docs/13/release-13-4.html * CVE-2021-3677 (boo#1189748) The planner could create an incorrect plan in cases where two ProjectionPaths were stacked on top of each other. The only known way to trigger that situation involves parallel sort operations, but there may be other instances. The result would be crashes or incorrect query results. Disclosure of server memory contents is also possible. ------------------------------------------------------------------- Mon Jun 28 10:00:46 UTC 2021 - Reinhard Max - bsc#1187751: Make the dependency of postgresqlXX-server-devel on llvm and clang optional (postgresql-llvm-optional.patch). ------------------------------------------------------------------- Wed May 19 15:24:24 UTC 2021 - Reinhard Max - bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround. ------------------------------------------------------------------- Tue May 11 13:50:14 UTC 2021 - Reinhard Max - Upgrade to version 13.3: * https://www.postgresql.org/docs/13/release-13-3.html * CVE-2021-32027, bsc#1185924: Prevent integer overflows in array subscripting calculations. * CVE-2021-32028, bsc#1185925: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists. * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect computation of UPDATE ... RETURNING "pg_psql_temporary_savepoint" does not exist”. - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). ------------------------------------------------------------------- Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (boo#1183118). ------------------------------------------------------------------- Tue Mar 9 13:52:19 UTC 2021 - Reinhard Max - Remove leftover PreReq on chkconfig, we stopped using it long time ago. ------------------------------------------------------------------- Fri Feb 19 15:30:08 UTC 2021 - Reinhard Max - boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW. ------------------------------------------------------------------- Wed Feb 10 13:16:32 UTC 2021 - Reinhard Max - Upgrade to version 13.2: * https://www.postgresql.org/docs/13/release-13-2.html * Updating stored views and reindexing might be needed after applying this update. * CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. * CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries. * Obsoletes postgresql-icu68.patch. ------------------------------------------------------------------- Mon Dec 14 16:19:05 UTC 2020 - Callum Farmer - Add postgresql-icu68.patch: fix build with ICU 68 ------------------------------------------------------------------- Fri Nov 20 11:51:37 UTC 2020 - Reinhard Max - bsc#1178961: %ghost the symlinks to pg_config and ecpg. - boo#1179765: BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. ------------------------------------------------------------------- Wed Nov 11 11:36:01 UTC 2020 - Reinhard Max - Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html ------------------------------------------------------------------- Tue Nov 3 13:54:38 UTC 2020 - Reinhard Max - Fix a DST problem in the test suite: postgresql-timetz.patch https://postgr.es/m/16689-57701daa23b377bf@postgresql.org ------------------------------------------------------------------- Fri Sep 25 06:57:55 UTC 2020 - Reinhard Max - Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html