From a8fd7e2803b80b6151c58e8b33dc40b4f7d4265d167f7f7d80ac85f16d6cc223 Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Thu, 9 Nov 2023 14:43:52 +0000
Subject: [PATCH] November 2023 Security Updates

OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql16?expand=0&rev=15
---
 postgresql-16.0.tar.bz2        |  3 ---
 postgresql-16.0.tar.bz2.sha256 |  1 -
 postgresql-16.1.tar.bz2        |  3 +++
 postgresql-16.1.tar.bz2.sha256 |  1 +
 postgresql16.changes           | 32 ++++++++++++++++++++++++++++++++
 postgresql16.spec              |  6 ++----
 6 files changed, 38 insertions(+), 8 deletions(-)
 delete mode 100644 postgresql-16.0.tar.bz2
 delete mode 100644 postgresql-16.0.tar.bz2.sha256
 create mode 100644 postgresql-16.1.tar.bz2
 create mode 100644 postgresql-16.1.tar.bz2.sha256

diff --git a/postgresql-16.0.tar.bz2 b/postgresql-16.0.tar.bz2
deleted file mode 100644
index f83eec3..0000000
--- a/postgresql-16.0.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99
-size 24528207
diff --git a/postgresql-16.0.tar.bz2.sha256 b/postgresql-16.0.tar.bz2.sha256
deleted file mode 100644
index bdebbdf..0000000
--- a/postgresql-16.0.tar.bz2.sha256
+++ /dev/null
@@ -1 +0,0 @@
-df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99  postgresql-16.0.tar.bz2
diff --git a/postgresql-16.1.tar.bz2 b/postgresql-16.1.tar.bz2
new file mode 100644
index 0000000..6708b1d
--- /dev/null
+++ b/postgresql-16.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec
+size 24605482
diff --git a/postgresql-16.1.tar.bz2.sha256 b/postgresql-16.1.tar.bz2.sha256
new file mode 100644
index 0000000..8c99c3a
--- /dev/null
+++ b/postgresql-16.1.tar.bz2.sha256
@@ -0,0 +1 @@
+ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec  postgresql-16.1.tar.bz2
diff --git a/postgresql16.changes b/postgresql16.changes
index adcb3dc..2acff5e 100644
--- a/postgresql16.changes
+++ b/postgresql16.changes
@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Wed Nov  8 14:09:29 UTC 2023 - Reinhard Max <max@suse.com>
+
+- Upgrade to 16.1:
+  * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
+    arguments in DISTINCT "any" aggregate functions. This error led
+    to a text-type value being interpreted as an unknown-type value
+    (that is, a zero-terminated string) at runtime. This could
+    result in disclosure of server memory following the text value.
+  * bsc#1216961, CVE-2023-5869: Detect integer overflow while
+    computing new array dimensions. When assigning new elements to
+    array subscripts that are outside the current array bounds, an
+    undetected integer overflow could occur in edge cases. Memory
+    stomps that are potentially exploitable for arbitrary code
+    execution are possible, and so is disclosure of server memory.
+  * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
+    from signalling background workers and autovacuum processes.
+    The documentation says that pg_signal_backend cannot issue
+    signals to superuser-owned processes. It was able to signal
+    these background  processes, though, because they advertise a
+    role OID of zero. Treat that as indicating superuser ownership.
+    The security implications of cancelling one of these process
+    types are fairly small so far as the core code goes (we'll just
+    start another one), but extensions might add background workers
+    that are more vulnerable.
+    Also ensure that the is_superuser parameter is set correctly in
+    such processes. No specific security consequences are known for
+    that oversight, but it might be significant for some extensions.
+  * Add support for LLVM 16 and 17
+  * https://www.postgresql.org/about/news/2749
+  * https://www.postgresql.org/docs/16/release-16-1.html
+  
 -------------------------------------------------------------------
 Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
 
diff --git a/postgresql16.spec b/postgresql16.spec
index 8e296cf..8cba5d2 100644
--- a/postgresql16.spec
+++ b/postgresql16.spec
@@ -16,11 +16,11 @@
 #
 
 
-%define pgversion 16.0
+%define pgversion 16.1
 %define pgmajor 16
 %define buildlibs 1
 %define tarversion %{pgversion}
-%define latest_supported_llvm_ver 15
+%define latest_supported_llvm_ver 17
 
 ### CUT HERE ###
 %define pgname postgresql%pgmajor
@@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x
 
 %post -n %pgname-%devel
 /sbin/ldconfig
-/usr/share/postgresql/install-alternatives %pgmajor
 
 %postun -n %pgname-%devel
 /sbin/ldconfig
-/usr/share/postgresql/install-alternatives %pgmajor
 
 %if %{with server_devel}
 %post server-devel