pool/postgresql14
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1247460 from server:database:postgresql

Browse Source 
- Upgrade to 14.17:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/14.17/
  * https://www.postgresql.org/about/news/p-3018/

OBS-URL: https://build.opensuse.org/request/show/1247460
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=24
This commit is contained in:
Ana Guerrero 2025-02-20 18:46:46 +00:00 committed by Git OBS Bridge
commit 9b97a7785f
6 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postgresql-14.16.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c
size 22491073

1
postgresql-14.16.tar.bz2.sha256
View File

@ -1 +0,0 @@
673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c postgresql-14.16.tar.bz2

BIN
postgresql-14.17.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

1
postgresql-14.17.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 postgresql-14.17.tar.bz2

23
postgresql14.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <max@suse.com>
- Upgrade to 14.17:
* Improve behavior of libpq's quoting functions:
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor
their string length parameter, instead always reading to the
input string's trailing null. This resulted in including
unwanted text in the output, if the caller intended to
truncate the string via the length parameter. With very bad
luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when
invalid encoding is detected, an invalid sequence is
substituted for just the first byte of the presumed
character, not all of it. This reduces the risk of problems
if a calling application performs additional processing on
the quoted string.
* Fix small memory leak in pg_createsubscriber.
* https://www.postgresql.org/docs/release/14.17/
* https://www.postgresql.org/about/news/p-3018/
-------------------------------------------------------------------
Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max <max@suse.com>

2
postgresql14.spec
View File

@ -16,7 +16,7 @@
#
%define pgversion 14.16
%define pgversion 14.17
%define pgmajor 14
%define buildlibs 0
%define tarversion %{pgversion}