- Upgrade to 14.17:
* Improve behavior of libpq's quoting functions:
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor
their string length parameter, instead always reading to the
input string's trailing null. This resulted in including
unwanted text in the output, if the caller intended to
truncate the string via the length parameter. With very bad
luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when
invalid encoding is detected, an invalid sequence is
substituted for just the first byte of the presumed
character, not all of it. This reduces the risk of problems
if a calling application performs additional processing on
the quoted string.
* Fix small memory leak in pg_createsubscriber.
* https://www.postgresql.org/docs/release/14.17/
* https://www.postgresql.org/about/news/p-3018/
OBS-URL: https://build.opensuse.org/request/show/1247460
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=24
* Improve behavior of libpq's quoting functions:
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor
their string length parameter, instead always reading to the
input string's trailing null. This resulted in including
unwanted text in the output, if the caller intended to
truncate the string via the length parameter. With very bad
luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when
invalid encoding is detected, an invalid sequence is
substituted for just the first byte of the presumed
character, not all of it. This reduces the risk of problems
if a calling application performs additional processing on
the quoted string.
* Fix small memory leak in pg_createsubscriber.
* https://www.postgresql.org/docs/release/14.17/
* https://www.postgresql.org/about/news/p-3018/
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=85
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/about/news/p-2965/
* https://www.postgresql.org/docs/release/14.15/
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=78
- Upgrade to 14.12 (bsc#1224051):
* bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
and pg_stats_ext_exprs entries to the table owner. See the
release notes for the steps that have to be taken to fix
existing PostgreSQL instances.
* Fix incompatibility with LLVM 18.
* https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
- Remove constraints file because improved memory usage for s390x
OBS-URL: https://build.opensuse.org/request/show/1172962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=18
- Upgrade to 14.11:
* bsc#1219679, CVE-2024-0985: Tighten security restrictions
within REFRESH MATERIALIZED VIEW CONCURRENTLY.
One step of a concurrent refresh command was run under weak
security restrictions. If a materialized view's owner could
persuade a superuser or other high-privileged user to perform a
concurrent refresh on that view, the view's owner could control
code executed with the privileges of the user running REFRESH.
Fix things so that all user-determined code is run as the
view's owner, as expected
* If you use GIN indexes, you may need to reindex after updating
to this release.
* LLVM 18 is now supported.
* https://www.postgresql.org/docs/release/14.11/
OBS-URL: https://build.opensuse.org/request/show/1145270
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=16
* bsc#1219679, CVE-2024-0985: Tighten security restrictions
within REFRESH MATERIALIZED VIEW CONCURRENTLY.
One step of a concurrent refresh command was run under weak
security restrictions. If a materialized view's owner could
persuade a superuser or other high-privileged user to perform a
concurrent refresh on that view, the view's owner could control
code executed with the privileges of the user running REFRESH.
Fix things so that all user-determined code is run as the
view's owner, as expected
* If you use GIN indexes, you may need to reindex after updating
to this release.
* LLVM 18 is now supported.
* https://www.postgresql.org/docs/release/14.11/
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=62
- boo#1216022: Call install-alternatives from the devel subpackage
as well, otherwise the symlink for ecpg might be missing.
- Also buildignore the postgresql*-implementation symbols: this is
needed in order to bootstrap when no postgresql version currently
has valid symbols provided. Once the packages are built, OBS
could translate this to the pgname-* packages and accept the
ignores; during bootstrap though, there is nothing providing the
symbol and the existing buildignores do not suffice.
- Update to 14.9:
* bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
owner name into an extension script if the name contains a
quote, backslash, or dollar sign.
* https://www.postgresql.org/docs/14/release-14-9.html
- Restore the independence of mini builds from the main build after
the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
OBS-URL: https://build.opensuse.org/request/show/1120251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=13
as well, otherwise the symlink for ecpg might be missing.
- Also buildignore the postgresql*-implementation symbols: this is
needed in order to bootstrap when no postgresql version currently
has valid symbols provided. Once the packages are built, OBS
could translate this to the pgname-* packages and accept the
ignores; during bootstrap though, there is nothing providing the
symbol and the existing buildignores do not suffice.
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql14?expand=0&rev=56
