postgresql14

2 Commits 2 Branches 0 Tags

Author	SHA256	Message	Date
Reinhard Max	986d9d08ef	- Upgrade to 14.17: * Improve behavior of libpq's quoting functions: The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string. * Fix small memory leak in pg_createsubscriber. * https://www.postgresql.org/docs/release/14.17/ * https://www.postgresql.org/about/news/p-3018/ OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=85	2025-02-20 16:33:34 +00:00
Reinhard Max	9c8647e685	- Upgrade to 14.16: * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings. * obsoletes postgresql-tzdata2025a.patch * https://www.postgresql.org/docs/release/14.16/ * https://www.postgresql.org/about/news/-3015/ - Disable LLVM JIT on loongarch64 OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=83	2025-02-13 14:50:05 +00:00

Author

SHA256

Message

Date

Reinhard Max

986d9d08ef

- Upgrade to 14.17:

* Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/14.17/
  * https://www.postgresql.org/about/news/p-3018/

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=85

2025-02-20 16:33:34 +00:00

Reinhard Max

9c8647e685

- Upgrade to 14.16:

* bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
    functions against invalidly-encoded input strings.
  * obsoletes postgresql-tzdata2025a.patch
  * https://www.postgresql.org/docs/release/14.16/
  * https://www.postgresql.org/about/news/-3015/
- Disable LLVM JIT on loongarch64

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=83

2025-02-13 14:50:05 +00:00