From 2e2b4a38dbe0de137edfd302295cce64814ee5a3c77cba49d14acd2435e8284d Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 8 Feb 2024 15:26:36 +0000 Subject: [PATCH] - Upgrade to 12.18: * bsc#1219679, CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY. One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected * If you use GIN indexes, you may need to reindex after updating to this release. * LLVM 18 is now supported. * https://www.postgresql.org/docs/release/12.18/ OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql12?expand=0&rev=94 --- postgresql-12.16.tar.bz2 | 3 --- postgresql-12.16.tar.bz2.sha256 | 1 - postgresql-12.17.tar.bz2 | 3 --- postgresql-12.17.tar.bz2.sha256 | 1 - postgresql-12.18.tar.bz2 | 3 +++ postgresql-12.18.tar.bz2.sha256 | 1 + postgresql12.changes | 19 ++++++++++++++++++- postgresql12.spec | 20 ++++++++++---------- 8 files changed, 32 insertions(+), 19 deletions(-) delete mode 100644 postgresql-12.16.tar.bz2 delete mode 100644 postgresql-12.16.tar.bz2.sha256 delete mode 100644 postgresql-12.17.tar.bz2 delete mode 100644 postgresql-12.17.tar.bz2.sha256 create mode 100644 postgresql-12.18.tar.bz2 create mode 100644 postgresql-12.18.tar.bz2.sha256 diff --git a/postgresql-12.16.tar.bz2 b/postgresql-12.16.tar.bz2 deleted file mode 100644 index b4bd60a..0000000 --- a/postgresql-12.16.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 -size 21140532 diff --git a/postgresql-12.16.tar.bz2.sha256 b/postgresql-12.16.tar.bz2.sha256 deleted file mode 100644 index 664fb34..0000000 --- a/postgresql-12.16.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 postgresql-12.16.tar.bz2 diff --git a/postgresql-12.17.tar.bz2 b/postgresql-12.17.tar.bz2 deleted file mode 100644 index d7788ec..0000000 --- a/postgresql-12.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 -size 21181616 diff --git a/postgresql-12.17.tar.bz2.sha256 b/postgresql-12.17.tar.bz2.sha256 deleted file mode 100644 index 12fa333..0000000 --- a/postgresql-12.17.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 postgresql-12.17.tar.bz2 diff --git a/postgresql-12.18.tar.bz2 b/postgresql-12.18.tar.bz2 new file mode 100644 index 0000000..4823ce1 --- /dev/null +++ b/postgresql-12.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +size 21208935 diff --git a/postgresql-12.18.tar.bz2.sha256 b/postgresql-12.18.tar.bz2.sha256 new file mode 100644 index 0000000..4e9c3e4 --- /dev/null +++ b/postgresql-12.18.tar.bz2.sha256 @@ -0,0 +1 @@ +4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a postgresql-12.18.tar.bz2 diff --git a/postgresql12.changes b/postgresql12.changes index b809862..9ed9bde 100644 --- a/postgresql12.changes +++ b/postgresql12.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Thu Feb 8 14:32:50 UTC 2024 - Reinhard Max + +- Upgrade to 12.18: + * bsc#1219679, CVE-2024-0985: Tighten security restrictions + within REFRESH MATERIALIZED VIEW CONCURRENTLY. + One step of a concurrent refresh command was run under weak + security restrictions. If a materialized view's owner could + persuade a superuser or other high-privileged user to perform a + concurrent refresh on that view, the view's owner could control + code executed with the privileges of the user running REFRESH. + Fix things so that all user-determined code is run as the + view's owner, as expected + * If you use GIN indexes, you may need to reindex after updating + to this release. + * LLVM 18 is now supported. + * https://www.postgresql.org/docs/release/12.18/ + ------------------------------------------------------------------- Wed Nov 8 14:37:39 UTC 2023 - Reinhard Max @@ -27,7 +45,6 @@ Wed Nov 8 14:37:39 UTC 2023 - Reinhard Max such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. * Add support for LLVM 16 and 17 - * https://www.postgresql.org/about/news/2749 * https://www.postgresql.org/docs/12/release-12-17.html ------------------------------------------------------------------- diff --git a/postgresql12.spec b/postgresql12.spec index ed749a8..c5132bd 100644 --- a/postgresql12.spec +++ b/postgresql12.spec @@ -1,7 +1,7 @@ # -# spec file +# spec file for package postgresql12 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,11 +16,11 @@ # -%define pgversion 12.17 +%define pgversion 12.18 %define pgmajor 12 %define buildlibs 0 %define tarversion %{pgversion} -%define latest_supported_llvm_ver 15 +%define latest_supported_llvm_ver 18 ### CUT HERE ### %define pgname postgresql%pgmajor @@ -187,7 +187,7 @@ Provides: postgresql = %version-%release Provides: postgresql-implementation = %version-%release Requires: %libpq >= %version Requires(post): postgresql-noarch >= %pgmajor -Requires(postun):postgresql-noarch >= %pgmajor +Requires(postun): postgresql-noarch >= %pgmajor # At this point we changed the package layout on SLE and conflict with # older releases to get a clean cut. Conflicts: postgresql-noarch < 12.0.1 @@ -277,7 +277,7 @@ Provides: %pgname-server-devel = %version-%release Provides: postgresql-server-devel = %version-%release Provides: postgresql-server-devel-implementation = %version-%release Requires(post): postgresql-server-devel-noarch >= %pgmajor -Requires(postun):postgresql-server-devel-noarch >= %pgmajor +Requires(postun): postgresql-server-devel-noarch >= %pgmajor Requires: %pgname-devel = %version Requires: %pgname-server = %version-%release # Installation of postgresql??-devel is exclusive @@ -335,10 +335,10 @@ Recommends: %{name}-llvmjit Provides: postgresql-server-implementation = %version-%release Requires: %libpq >= %version Requires(pre): postgresql-server-noarch >= %pgmajor -Requires(preun):postgresql-server-noarch >= %pgmajor -Requires(postun):postgresql-server-noarch >= %pgmajor +Requires(preun): postgresql-server-noarch >= %pgmajor +Requires(postun): postgresql-server-noarch >= %pgmajor Requires(post): postgresql-noarch >= %pgmajor -Requires(postun):postgresql-noarch >= %pgmajor +Requires(postun): postgresql-noarch >= %pgmajor %description server PostgreSQL is an advanced object-relational database management system @@ -377,7 +377,7 @@ Requires: %pgname-server-devel = %version %if %{with llvm} Requires: %pgname-llvmjit = %version Requires(post): postgresql-llvmjit-devel-noarch >= %pgmajor -Requires(postun):postgresql-llvmjit-devel-noarch >= %pgmajor +Requires(postun): postgresql-llvmjit-devel-noarch >= %pgmajor %requires_file %_bindir/llc %requires_file %_bindir/clang %endif