diff --git a/postgresql-15.4.tar.bz2 b/postgresql-15.4.tar.bz2 deleted file mode 100644 index 8409bfb..0000000 --- a/postgresql-15.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 -size 22850355 diff --git a/postgresql-15.4.tar.bz2.sha256 b/postgresql-15.4.tar.bz2.sha256 deleted file mode 100644 index 0038621..0000000 --- a/postgresql-15.4.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 postgresql-15.4.tar.bz2 diff --git a/postgresql-15.5.tar.bz2 b/postgresql-15.5.tar.bz2 new file mode 100644 index 0000000..abd24db --- /dev/null +++ b/postgresql-15.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +size 23091780 diff --git a/postgresql-15.5.tar.bz2.sha256 b/postgresql-15.5.tar.bz2.sha256 new file mode 100644 index 0000000..bf99560 --- /dev/null +++ b/postgresql-15.5.tar.bz2.sha256 @@ -0,0 +1 @@ +8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 postgresql-15.5.tar.bz2 diff --git a/postgresql15.changes b/postgresql15.changes index 7acbe8c..6bebbbc 100644 --- a/postgresql15.changes +++ b/postgresql15.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Wed Nov 8 14:26:51 UTC 2023 - Reinhard Max + +- Upgrade to 15.5: + * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type + arguments in DISTINCT "any" aggregate functions. This error led + to a text-type value being interpreted as an unknown-type value + (that is, a zero-terminated string) at runtime. This could + result in disclosure of server memory following the text value. + * bsc#1216961, CVE-2023-5869: Detect integer overflow while + computing new array dimensions. When assigning new elements to + array subscripts that are outside the current array bounds, an + undetected integer overflow could occur in edge cases. Memory + stomps that are potentially exploitable for arbitrary code + execution are possible, and so is disclosure of server memory. + * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role + from signalling background workers and autovacuum processes. + The documentation says that pg_signal_backend cannot issue + signals to superuser-owned processes. It was able to signal + these background processes, though, because they advertise a + role OID of zero. Treat that as indicating superuser ownership. + The security implications of cancelling one of these process + types are fairly small so far as the core code goes (we'll just + start another one), but extensions might add background workers + that are more vulnerable. + Also ensure that the is_superuser parameter is set correctly in + such processes. No specific security consequences are known for + that oversight, but it might be significant for some extensions. + * Add support for LLVM 16 and 17 + * https://www.postgresql.org/about/news/2749 + * https://www.postgresql.org/docs/15/release-15-5.html + ------------------------------------------------------------------- Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max diff --git a/postgresql15.spec b/postgresql15.spec index 5e27072..721b328 100644 --- a/postgresql15.spec +++ b/postgresql15.spec @@ -16,11 +16,11 @@ # -%define pgversion 15.4 +%define pgversion 15.5 %define pgmajor 15 %define buildlibs 0 %define tarversion %{pgversion} -%define latest_supported_llvm_ver 15 +%define latest_supported_llvm_ver 17 ### CUT HERE ### %define pgname postgresql%pgmajor @@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x %post -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %postun -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %if %{with server_devel} %post server-devel