- Upgrade to 15.7 (bsc#1224051):

* bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/15.7/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.


- Remove constraints file because improved memory usage for s390x

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql15?expand=0&rev=50
This commit is contained in:
Reinhard Max 2024-05-09 15:29:37 +00:00 committed by Git OBS Bridge
parent 227dfddf97
commit dab7b2d21c
3 changed files with 35 additions and 41 deletions

View File

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<constraints>
<overwrite>
<conditions>
<arch>s390x</arch>
</conditions>
<hardware>
<memory>
<size unit="G">12</size>
</memory>
</hardware>
</overwrite>
</constraints>

View File

@ -1,33 +1,26 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 9 14:06:24 UTC 2024 - Marcus Rueckert <mrueckert@suse.de> Wed May 8 12:05:25 UTC 2024 - Reinhard Max <max@suse.com>
- Upgrade to 15.7: - Upgrade to 15.7 (bsc#1224051):
CVE-2024-4317: Restrict visibility of pg_stats_ext and * bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
pg_stats_ext_exprs entries to the table owner and pg_stats_ext_exprs entries to the table owner. See the
release notes for the steps that have to be taken to fix
Missing authorization in PostgreSQL built-in views pg_stats_ext existing PostgreSQL instances.
and pg_stats_ext_exprs allows an unprivileged database user to * Fix incompatibility with LLVM 18.
read most common values and other statistics from CREATE * https://www.postgresql.org/docs/release/15.7/
STATISTICS commands of other users. The most common values may - Prepare for PostgreSQL 17.
reveal column values the eavesdropper could not otherwise read or - Make sure all compilation and doc generation happens in %build.
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql15/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/15.7/
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net> Tue Mar 12 22:48:41 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
-------------------------------------------------------------------
Thu Mar 7 15:04:40 UTC 2024 - Sarah Kriesch <sarah.kriesch@opensuse.org>
- Remove constraints file because improved memory usage for s390x
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 29 14:36:57 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> Thu Feb 29 14:36:57 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -20,7 +20,7 @@
%define pgmajor 15 %define pgmajor 15
%define buildlibs 0 %define buildlibs 0
%define tarversion %{pgversion} %define tarversion %{pgversion}
%define latest_supported_llvm_ver 17 %define latest_supported_llvm_ver 18
### CUT HERE ### ### CUT HERE ###
%define pgname postgresql%pgmajor %define pgname postgresql%pgmajor
@ -59,6 +59,12 @@ Name: %pgname
%define python python %define python python
%endif %endif
%if %pgmajor >= 17
%bcond_with dreived
%else
%bcond_without derived
%endif
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
%bcond_without liblz4 %bcond_without liblz4
%endif %endif
@ -88,6 +94,12 @@ BuildRequires: zlib-devel
%if %{with liblz4} %if %{with liblz4}
BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblz4)
%endif %endif
%if %{without derived}
BuildRequires: bison
BuildRequires: docbook-xsl-stylesheets
BuildRequires: flex
BuildRequires: perl
%endif
%if %{with libzstd} %if %{with libzstd}
BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(libzstd)
@ -573,7 +585,7 @@ PACKAGE_TARNAME=%pgname %configure \
%if %mini %if %mini
make -C src/interfaces %{?_smp_mflags} PACKAGE_TARNAME=%pgname make -C src/interfaces %{?_smp_mflags} PACKAGE_TARNAME=%pgname
%else %else
make %{?_smp_mflags} PACKAGE_TARNAME=%pgname make %{?_smp_mflags} PACKAGE_TARNAME=%pgname world
%if %{with check} %if %{with check}
@ -643,7 +655,7 @@ rm flag
install -d -m 750 %buildroot/var/lib/pgsql install -d -m 750 %buildroot/var/lib/pgsql
install -d -m 755 %buildroot%pgdocdir install -d -m 755 %buildroot%pgdocdir
cp doc/KNOWN_BUGS doc/MISSING_FEATURES COPYRIGHT \ cp doc/KNOWN_BUGS doc/MISSING_FEATURES COPYRIGHT \
README HISTORY %buildroot%pgdocdir README* HISTORY %buildroot%pgdocdir
# Use versioned names for the man pages: # Use versioned names for the man pages:
for f in %buildroot%pgmandir/man*/*; do for f in %buildroot%pgmandir/man*/*; do
mv $f ${f}pg%pgmajor mv $f ${f}pg%pgmajor
@ -701,6 +713,7 @@ genlists main \
pg_receivewal \ pg_receivewal \
pg_verify_checksums \ pg_verify_checksums \
pg_checksums \ pg_checksums \
pg_combinebackup \
pg_verifybackup pg_verifybackup
%find_lang plpgsql-$VLANG main.files %find_lang plpgsql-$VLANG main.files
@ -711,6 +724,8 @@ genlists server \
pg_ctl \ pg_ctl \
pg_controldata \ pg_controldata \
pg_resetwal \ pg_resetwal \
pg_createsubscriber \
pg_walsummary \
pg_waldump \ pg_waldump \
pg_resetxlog \ pg_resetxlog \
%if %pgmajor >= 15 %if %pgmajor >= 15
@ -924,7 +939,6 @@ fi
%files llvmjit-devel %files llvmjit-devel
%defattr(-,root,root) %defattr(-,root,root)
%doc README
%files pltcl -f pltcl.lang %files pltcl -f pltcl.lang
%defattr(-,root,root) %defattr(-,root,root)