- Upgrade to 14.12 (bsc#1224051):

* bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=69
This commit is contained in:
Reinhard Max 2024-05-09 15:30:26 +00:00 committed by Git OBS Bridge
parent 393de042f2
commit afc973174f
2 changed files with 29 additions and 27 deletions

View File

@ -1,27 +1,15 @@
-------------------------------------------------------------------
Thu May 9 14:07:26 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
Wed May 8 12:07:46 UTC 2024 - Reinhard Max <max@suse.com>
- Upgrade to 14.12:
CVE-2024-4317: Restrict visibility of pg_stats_ext and
pg_stats_ext_exprs entries to the table owner
Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg_stats_ext_exprs allows an unprivileged database user to
read most common values and other statistics from CREATE
STATISTICS commands of other users. The most common values may
reveal column values the eavesdropper could not otherwise read or
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql14/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/14.12/
- Upgrade to 14.12 (bsc#1224051):
* bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
and pg_stats_ext_exprs entries to the table owner. See the
release notes for the steps that have to be taken to fix
existing PostgreSQL instances.
* Fix incompatibility with LLVM 18.
* https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.
-------------------------------------------------------------------
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>

View File

@ -20,7 +20,7 @@
%define pgmajor 14
%define buildlibs 0
%define tarversion %{pgversion}
%define latest_supported_llvm_ver 17
%define latest_supported_llvm_ver 18
### CUT HERE ###
%define pgname postgresql%pgmajor
@ -59,6 +59,12 @@ Name: %pgname
%define python python
%endif
%if %pgmajor >= 17
%bcond_with dreived
%else
%bcond_without derived
%endif
%if 0%{?suse_version} >= 1500
%bcond_without liblz4
%endif
@ -88,6 +94,12 @@ BuildRequires: zlib-devel
%if %{with liblz4}
BuildRequires: pkgconfig(liblz4)
%endif
%if %{without derived}
BuildRequires: bison
BuildRequires: docbook-xsl-stylesheets
BuildRequires: flex
BuildRequires: perl
%endif
%if %{with libzstd}
BuildRequires: pkgconfig(libzstd)
@ -573,7 +585,7 @@ PACKAGE_TARNAME=%pgname %configure \
%if %mini
make -C src/interfaces %{?_smp_mflags} PACKAGE_TARNAME=%pgname
%else
make %{?_smp_mflags} PACKAGE_TARNAME=%pgname
make %{?_smp_mflags} PACKAGE_TARNAME=%pgname world
%if %{with check}
@ -641,9 +653,9 @@ find %buildroot -type f -cnewer flag -printf "/%%P\n" |
> contrib.files
rm flag
install -d -m 750 %buildroot/var/lib/pgsql
install -d -m755 %buildroot%pgdocdir
install -d -m 755 %buildroot%pgdocdir
cp doc/KNOWN_BUGS doc/MISSING_FEATURES COPYRIGHT \
README HISTORY %buildroot%pgdocdir
README* HISTORY %buildroot%pgdocdir
# Use versioned names for the man pages:
for f in %buildroot%pgmandir/man*/*; do
mv $f ${f}pg%pgmajor
@ -701,6 +713,7 @@ genlists main \
pg_receivewal \
pg_verify_checksums \
pg_checksums \
pg_combinebackup \
pg_verifybackup
%find_lang plpgsql-$VLANG main.files
@ -711,6 +724,8 @@ genlists server \
pg_ctl \
pg_controldata \
pg_resetwal \
pg_createsubscriber \
pg_walsummary \
pg_waldump \
pg_resetxlog \
%if %pgmajor >= 15
@ -924,7 +939,6 @@ fi
%files llvmjit-devel
%defattr(-,root,root)
%doc README
%files pltcl -f pltcl.lang
%defattr(-,root,root)