postgresql15/postgresql15.changes

422 lines
18 KiB
Plaintext

-------------------------------------------------------------------
Thu Feb 29 14:36:57 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Thu Feb 8 14:04:50 UTC 2024 - Reinhard Max <max@suse.com>
- Upgrade to 15.6:
* bsc#1219679, CVE-2024-0985: Tighten security restrictions
within REFRESH MATERIALIZED VIEW CONCURRENTLY.
One step of a concurrent refresh command was run under weak
security restrictions. If a materialized view's owner could
persuade a superuser or other high-privileged user to perform a
concurrent refresh on that view, the view's owner could control
code executed with the privileges of the user running REFRESH.
Fix things so that all user-determined code is run as the
view's owner, as expected
* If you use GIN indexes, you may need to reindex after updating
to this release.
* LLVM 18 is now supported.
* https://www.postgresql.org/docs/release/15.6/
-------------------------------------------------------------------
Wed Nov 8 14:26:51 UTC 2023 - Reinhard Max <max@suse.com>
- Upgrade to 15.5:
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
arguments in DISTINCT "any" aggregate functions. This error led
to a text-type value being interpreted as an unknown-type value
(that is, a zero-terminated string) at runtime. This could
result in disclosure of server memory following the text value.
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
computing new array dimensions. When assigning new elements to
array subscripts that are outside the current array bounds, an
undetected integer overflow could occur in edge cases. Memory
stomps that are potentially exploitable for arbitrary code
execution are possible, and so is disclosure of server memory.
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
from signalling background workers and autovacuum processes.
The documentation says that pg_signal_backend cannot issue
signals to superuser-owned processes. It was able to signal
these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process
types are fairly small so far as the core code goes (we'll just
start another one), but extensions might add background workers
that are more vulnerable.
Also ensure that the is_superuser parameter is set correctly in
such processes. No specific security consequences are known for
that oversight, but it might be significant for some extensions.
* Add support for LLVM 16 and 17
* https://www.postgresql.org/docs/15/release-15-5.html
-------------------------------------------------------------------
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
- boo#1216734: Revert the last change and make the devel package
independend of all other subpackages except for the libs.
-------------------------------------------------------------------
Tue Oct 10 12:49:02 UTC 2023 - Reinhard Max <max@suse.com>
- boo#1216022: Call install-alternatives from the devel subpackage
as well, otherwise the symlink for ecpg might be missing.
-------------------------------------------------------------------
Mon Sep 18 15:24:14 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Also buildignore the postgresql*-implementation symbols: this is
needed in order to bootstrap when no postgresql version currently
has valid symbols provided. Once the packages are built, OBS
could translate this to the pgname-* packages and accept the
ignores; during bootstrap though, there is nothing providing the
symbol and the existing buildignores do not suffice.
-------------------------------------------------------------------
Thu Sep 14 12:18:06 UTC 2023 - Reinhard Max <max@suse.com>
- The libs and mini package are now provided by postgresql16.
-------------------------------------------------------------------
Wed Aug 9 09:14:59 UTC 2023 - Reinhard Max <max@suse.com>
- Update to 15.4:
* bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
owner name into an extension script if the name contains a
quote, backslash, or dollar sign.
* bsc#1214061, CVE-2023-39418: Fix MERGE to enforce row security
policies properly.
* https://www.postgresql.org/docs/15/release-15-4.html
-------------------------------------------------------------------
Fri May 26 11:48:38 UTC 2023 - Reinhard Max <max@suse.com>
- Restore the independence of mini builds from the main build after
the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.
-------------------------------------------------------------------
Mon May 15 14:20:25 UTC 2023 - Reinhard Max <max@suse.com>
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
-------------------------------------------------------------------
Tue May 9 11:07:48 UTC 2023 - Reinhard Max <max@suse.com>
- Update to 15.3:
* bsc#1211228, CVE-2023-2454:
Prevent CREATE SCHEMA from defeating changes in search_path
* bsc#1211229, CVE-2023-2455: Enforce row-level security
policies correctly after inlining a set-returning function
* https://www.postgresql.org/about/news/2637/
* https://www.postgresql.org/docs/15/release-15-3.html
-------------------------------------------------------------------
Tue Apr 18 09:05:09 UTC 2023 - Reinhard Max <max@suse.com>
- bsc#1210303: Stop using the obsolete internal %_restart_on_update
macro and drop support for sysv init to simplify the scriptlets.
-------------------------------------------------------------------
Tue Apr 4 10:57:41 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Include -mini in Name: to avoid conflicts in the source package
name and OBS internal dependency tracking.
-------------------------------------------------------------------
Thu Feb 9 11:38:35 UTC 2023 - Reinhard Max <max@suse.com>
- Update to 15.2:
* CVE-2022-41862, bsc#1208102: memory leak in libpq
* https://www.postgresql.org/about/news/2592/
* https://www.postgresql.org/docs/15/release-15-2.html
- Bump latest_supported_llvm_ver to 15.
-------------------------------------------------------------------
Thu Nov 10 14:35:02 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15.1:
* https://www.postgresql.org/about/news/2543/
* https://www.postgresql.org/docs/15/release-15-1.html
-------------------------------------------------------------------
Thu Oct 13 14:03:27 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15.0:
* https://www.postgresql.org/about/news/p-2526/
* https://www.postgresql.org/docs/15/release-15.html
- Move pg_upgrade from *-contrib to *-server.
- Drop support for the 9.x versioning scheme.
-------------------------------------------------------------------
Thu Oct 6 13:20:57 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15~rc2
* https://www.postgresql.org/about/news/p-2521/
* Reverting the "optimized order of GROUP BY keys" feature.
-------------------------------------------------------------------
Fri Sep 30 10:43:09 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Fix source URLs
-------------------------------------------------------------------
Thu Sep 29 14:02:38 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15~rc1
https://www.postgresql.org/about/news/p-2516/
-------------------------------------------------------------------
Thu Sep 22 21:26:36 UTC 2022 - Aaron Puchert <aaronpuchert@alice-dsl.net>
- Create mechanism to specify the latest supported LLVM version.
Automatically pin to that version if the distribution has a newer
unsupported default version.
-------------------------------------------------------------------
Mon Sep 12 09:25:30 UTC 2022 - Andreas Schwab <schwab@suse.de>
- Disable LLVM JIT on riscv64
-------------------------------------------------------------------
Thu Sep 8 13:37:01 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15~beta4
https://www.postgresql.org/about/news/p-2507/
-------------------------------------------------------------------
Mon Sep 5 09:20:34 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 15~beta3
https://www.postgresql.org/about/news/p-2496/
-------------------------------------------------------------------
Sat May 21 20:48:45 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- use %version requires for the contrib package for now as
15~beta1 is actually smaller than 15.
-------------------------------------------------------------------
Sat May 21 15:25:26 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- Add proper conditionals for lz4 and zstd
-------------------------------------------------------------------
Sat May 21 15:07:19 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 15~beta1
https://www.postgresql.org/about/news/postgresql-15-beta-1-released-2453/
https://www.postgresql.org/docs/15/release-15.html
- Refreshed patches to apply cleanly again:
0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
postgresql-conf.patch
postgresql-llvm-optional.patch
postgresql-plperl-keep-rpath.patch
postgresql-testsuite-keep-results-file.patch
postgresql-var-run-socket.patch
- Add buildrequires for lz4 and zstd support
-------------------------------------------------------------------
Sat May 21 14:39:42 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- fork package for postgresql 15
-------------------------------------------------------------------
Thu May 12 10:33:20 UTC 2022 - Reinhard Max <max@suse.com>
- Upgrade to 14.3:
* bsc#1199475, CVE-2022-1552: Confine additional operations
within "security restricted operation" sandboxes.
* https://www.postgresql.org/docs/14/release-14-3.html
-------------------------------------------------------------------
Wed Apr 13 12:17:48 UTC 2022 - Reinhard Max <max@suse.com>
- bsc#1198166: Pin to llvm13 until the next patchlevel update.
-------------------------------------------------------------------
Tue Feb 8 14:01:56 UTC 2022 - Reinhard Max <max@suse.com>
- bsc#1195680: Upgrade to 14.2:
* https://www.postgresql.org/docs/14/release-14-2.html
* Reindexing might be needed after applying this upgrade, so
please read the release notes carefully.
-------------------------------------------------------------------
Sat Dec 11 17:27:53 UTC 2021 - Sarah Kriesch <ada.lovelace@gmx.de>
- boo#1190740: Add constraints file with 12GB of memory for s390x
as a workaround
-------------------------------------------------------------------
Thu Nov 25 11:02:15 UTC 2021 - Reinhard Max <max@suse.com>
- Add a llvmjit-devel subpackage to pull in the right versions
of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
implementation packages and their noarch counterpart.
- Update the BuildIgnore section.
-------------------------------------------------------------------
Wed Nov 10 16:56:57 UTC 2021 - Reinhard Max <max@suse.com>
- bsc#1192516: Upgrade to 14.1
* Make the server reject extraneous data after an SSL or GSS
encryption handshake (CVE-2021-23214).
* Make libpq reject extraneous data after an SSL or GSS
encryption handshake (CVE-2021-23222).
* https://www.postgresql.org/docs/14/release-14-1.html
-------------------------------------------------------------------
Wed Oct 20 15:21:53 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1191782: Let rpmlint ignore shlib-policy-name-error.
-------------------------------------------------------------------
Tue Oct 5 11:34:50 UTC 2021 - Reinhard Max <max@suse.com>
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
is unclear. This affects only the test subpackage.
-------------------------------------------------------------------
Thu Sep 30 17:28:37 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 14.0
https://www.postgresql.org/about/news/postgresql-14-released-2318/
https://www.postgresql.org/docs/14/release-14.html
-------------------------------------------------------------------
Mon Sep 27 14:04:01 UTC 2021 - Reinhard Max <max@suse.com>
- Let genlists skip non-existing binaries to avoid lots of version
conditionals in the file lists.
-------------------------------------------------------------------
Sat Sep 25 00:34:52 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 14~rc1
https://www.postgresql.org/about/news/postgresql-14-rc-1-released-2309/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
-------------------------------------------------------------------
Fri Jun 25 01:45:20 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 14~beta2
https://www.postgresql.org/about/news/postgresql-14-beta-2-released-2249/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
-------------------------------------------------------------------
Fri May 21 22:48:32 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 14~beta1
https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- disable postgresql-testsuite-int8.sql.patch:
it seems it is not needed anymore, need to be double checked.
-------------------------------------------------------------------
Wed May 19 15:24:24 UTC 2021 - Reinhard Max <max@suse.com>
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
Use llvm11 as a workaround.
-------------------------------------------------------------------
Tue May 11 13:50:14 UTC 2021 - Reinhard Max <max@suse.com>
- Upgrade to version 13.3:
* https://www.postgresql.org/docs/13/release-13-3.html
* CVE-2021-32027, bsc#1185924:
Prevent integer overflows in array subscripting calculations.
* CVE-2021-32028, bsc#1185925: Fix mishandling of “junk”
columns in INSERT ... ON CONFLICT ... UPDATE target lists.
* CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
computation of UPDATE ... RETURNING
"pg_psql_temporary_savepoint" does not exist”.
- Don't use %_stop_on_removal, because it was meant to be private
and got removed from openSUSE. %_restart_on_update is also
private, but still supported and needed for now (bsc#1183168).
-------------------------------------------------------------------
Mon Mar 15 19:29:39 UTC 2021 - Reinhard Max <max@suse.com>
- Re-enable build of the llvmjit subpackage on SLE, but it will
only be delivered on PackageHub for now (boo#1183118).
-------------------------------------------------------------------
Tue Mar 9 13:52:19 UTC 2021 - Reinhard Max <max@suse.com>
- Remove leftover PreReq on chkconfig, we stopped using it long
time ago.
-------------------------------------------------------------------
Fri Feb 19 15:30:08 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
-------------------------------------------------------------------
Wed Feb 10 13:16:32 UTC 2021 - Reinhard Max <max@suse.com>
- Upgrade to version 13.2:
* https://www.postgresql.org/docs/13/release-13-2.html
* Updating stored views and reindexing might be needed after
applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in
constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column
SELECT privileges in some join queries.
* Obsoletes postgresql-icu68.patch.
-------------------------------------------------------------------
Mon Dec 14 16:19:05 UTC 2020 - Callum Farmer <gmbr3@opensuse.org>
- Add postgresql-icu68.patch: fix build with ICU 68
-------------------------------------------------------------------
Fri Nov 20 11:51:37 UTC 2020 - Reinhard Max <max@suse.com>
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
them to avoid dangling symlinks in the devel package.
-------------------------------------------------------------------
Wed Nov 11 11:36:01 UTC 2020 - Reinhard Max <max@suse.com>
- Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
-------------------------------------------------------------------
Tue Nov 3 13:54:38 UTC 2020 - Reinhard Max <max@suse.com>
- Fix a DST problem in the test suite: postgresql-timetz.patch
https://postgr.es/m/16689-57701daa23b377bf@postgresql.org
-------------------------------------------------------------------
Fri Sep 25 06:57:55 UTC 2020 - Reinhard Max <max@suse.com>
- Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html