rpm/postgresql13
SHA256
1
0
Fork 0
forked from pool/postgresql13
Code Pull Requests Activity

Accepting request 1247461 from server:database:postgresql

Browse Source 
- Upgrade to 13.20:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/13.20/
  * https://www.postgresql.org/about/news/p-3018/

OBS-URL: https://build.opensuse.org/request/show/1247461
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql13?expand=0&rev=35
This commit is contained in:
Ana Guerrero
2025-02-20 18:46:48 +00:00
committed by Git OBS Bridge
parent 496a4fcd5a 377d923e40
commit 492777a08d
6 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
postgresql-13.19.tar.bz2
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea
size 21729020

1
postgresql-13.19.tar.bz2.sha256
View File

@@ -1 +0,0 @@
482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea postgresql-13.19.tar.bz2

BIN
postgresql-13.20.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

1
postgresql-13.20.tar.bz2.sha256 Normal file
View File

@@ -0,0 +1 @@
8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 postgresql-13.20.tar.bz2

23
postgresql13.changes
View File

@@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <max@suse.com>
- Upgrade to 13.20:
* Improve behavior of libpq's quoting functions:
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor
their string length parameter, instead always reading to the
input string's trailing null. This resulted in including
unwanted text in the output, if the caller intended to
truncate the string via the length parameter. With very bad
luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when
invalid encoding is detected, an invalid sequence is
substituted for just the first byte of the presumed
character, not all of it. This reduces the risk of problems
if a calling application performs additional processing on
the quoted string.
* Fix small memory leak in pg_createsubscriber.
* https://www.postgresql.org/docs/release/13.20/
* https://www.postgresql.org/about/news/p-3018/
-------------------------------------------------------------------
Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max <max@suse.com>

2
postgresql13.spec
View File

@@ -16,7 +16,7 @@
#
%define pgversion 13.19
%define pgversion 13.20
%define pgmajor 13
%define buildlibs 0
%define tarversion %{pgversion}