Accepting request 1247461 from server:database:postgresql

- Upgrade to 13.20:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/13.20/
  * https://www.postgresql.org/about/news/p-3018/

OBS-URL: https://build.opensuse.org/request/show/1247461
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql13?expand=0&rev=35

postgresql-13.15.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925
-size 21597871

postgresql-13.15.tar.bz2.sha256

@@ -1 +0,0 @@
-42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925  postgresql-13.15.tar.bz2

postgresql-13.20.tar.bz2.sha256

@@ -0,0 +1 @@
+8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288  postgresql-13.20.tar.bz2

postgresql13.changes

@@ -1,3 +1,86 @@
+-------------------------------------------------------------------
+Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 13.20:
+  * Improve behavior of libpq's quoting functions:
+    The changes made for CVE-2025-1094 had one serious oversight:
+    PQescapeLiteral() and PQescapeIdentifier() failed to honor
+    their string length parameter, instead always reading to the
+    input string's trailing null. This resulted in including
+    unwanted text in the output, if the caller intended to
+    truncate the string via the length parameter. With very bad
+    luck it could cause a crash due to reading off the end of
+    memory.
+    In addition, modify all these quoting functions so that when
+    invalid encoding is detected, an invalid sequence is
+    substituted for just the first byte of the presumed
+    character, not all of it. This reduces the risk of problems
+    if a calling application performs additional processing on
+    the quoted string.
+  * Fix small memory leak in pg_createsubscriber.
+  * https://www.postgresql.org/docs/release/13.20/
+  * https://www.postgresql.org/about/news/p-3018/
+
+-------------------------------------------------------------------
+Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 13.19:
+  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
+    functions against invalidly-encoded input strings.
+  * obsoletes postgresql-tzdata2025a.patch
+  * https://www.postgresql.org/docs/release/13.19/
+  * https://www.postgresql.org/about/news/-3015/
+- Disable LLVM JIT on loongarch64
+
+-------------------------------------------------------------------
+Tue Jan 28 12:23:29 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Fix build, add postgresql-tzdata2025a.patch
+
+-------------------------------------------------------------------
+Tue Nov 19 14:17:26 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 13.18:
+  * Restore functionality of ALTER {ROLE|DATABASE} SET role.
+  * Fix cases where a logical replication slot's restart_lsn could
+    go backwards.
+  * Count index scans in contrib/bloom indexes in the statistics
+    views, such as the pg_stat_user_indexes.idx_scan counter.
+  * Fix crash when checking to see if an index's opclass options
+    have changed.
+  * https://www.postgresql.org/about/news/p-2965/
+  * https://www.postgresql.org/docs/release/13.18/
+
+-------------------------------------------------------------------
+Wed Nov 13 13:30:13 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 13.17:
+  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
+    dependent on the calling role when RLS applies to a
+    non-top-level table reference.
+  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
+    received during SSL or GSS protocol negotiation.
+  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
+    between SET SESSION AUTHORIZATION and SET ROLE
+  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
+    changing environment variables.
+  * https://www.postgresql.org/about/news/p-2955/
+  * https://www.postgresql.org/docs/release/13.17/
+
+-------------------------------------------------------------------
+Tue Nov  5 14:00:20 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Sync spec file from postgresql17.
+
+-------------------------------------------------------------------
+Sat Aug 10 14:13:54 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Upgrade to 13.16 (bsc#1229013):
+  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
+    during pg_dump executes arbitrary SQL
+  * https://www.postgresql.org/about/news/p-2910/
+  * https://www.postgresql.org/docs/release/13.16/
+
 -------------------------------------------------------------------
 Wed May  8 14:10:27 UTC 2024 - Reinhard Max <max@suse.com>
 

postgresql13.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package postgresql13
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,13 @@
 #
 
 
-%define pgversion 13.15
+%define pgversion 13.20
 %define pgmajor 13
 %define buildlibs 0
 %define tarversion %{pgversion}
-%define latest_supported_llvm_ver 17
+%define oldest_supported_llvm_ver 10
+# To be able to use cmake(LLVM) < ...
+%define latest_supported_llvm_ver_plus_one 19
 
 ### CUT HERE ###
 %define pgname postgresql%pgmajor
@@ -60,7 +62,7 @@ Name:           %pgname
 %endif
 
 %if %pgmajor >= 17
-%bcond_with dreived
+%bcond_with derived
 %else
 %bcond_without derived
 %endif
@@ -73,6 +75,12 @@ Name:           %pgname
 %bcond_without libzstd
 %endif
 
+%if %{without derived}
+BuildRequires:  bison
+BuildRequires:  docbook-xsl-stylesheets
+BuildRequires:  flex
+BuildRequires:  perl
+%endif
 %if %mini
 %bcond_with  selinux
 %if %pgmajor >= 16
@@ -94,12 +102,6 @@ BuildRequires:  zlib-devel
 %if %{with liblz4}
 BuildRequires:  pkgconfig(liblz4)
 %endif
-%if %{without derived}
-BuildRequires:  bison
-BuildRequires:  docbook-xsl-stylesheets
-BuildRequires:  flex
-BuildRequires:  perl
-%endif
 
 %if %{with libzstd}
 BuildRequires:  pkgconfig(libzstd)
@@ -113,7 +115,7 @@ BuildRequires:  %libpq
 %endif
 
 %if 0%{?suse_version} >= 1500 && %pgmajor >= 11
-%ifarch riscv64
+%ifarch riscv64 loongarch64
 %bcond_with     llvm
 %else
 %bcond_without  llvm
@@ -144,13 +146,8 @@ BuildRequires:  libselinux-devel
 %endif
 %if %{with llvm}
 BuildRequires:  gcc-c++
-%if 0%{?product_libs_llvm_ver} > %{latest_supported_llvm_ver}
-BuildRequires:  clang%{latest_supported_llvm_ver}
-BuildRequires:  llvm%{latest_supported_llvm_ver}-devel
-%else
-BuildRequires:  clang
-BuildRequires:  llvm-devel
-%endif
+BuildRequires:  (cmake(Clang) >= %{oldest_supported_llvm_ver} with cmake(Clang) < %{latest_supported_llvm_ver_plus_one})
+BuildRequires:  (cmake(LLVM)  >= %{oldest_supported_llvm_ver} with cmake(LLVM)  < %{latest_supported_llvm_ver_plus_one})
 %endif
 BuildRequires:  libxslt-devel
 BuildRequires:  openldap2-devel
@@ -610,6 +607,7 @@ VLANG=%pgmajor
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/include install
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/interfaces install
 rm -rf %buildroot%pgincludedir/server
+rm -rf %buildroot%pgdatadir
 %else
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname install install-docs
 %if 0
@@ -772,8 +770,6 @@ done
 %endif
 popd
 
-mkdir -p %buildroot%pgmandir/man1
-cp -a doc/src/sgml/man1/ecpg.1 %buildroot%pgmandir/man1/ecpg.1pg%pgmajor
 %find_lang ecpg-$VLANG devel.files
 # The devel subpackage is exclusive across versions
 # and not handled by update-alternatives.
@@ -791,8 +787,10 @@ cat server-devel.files >> devel.files
 # Build up the file lists for the libpq and libecpg packages
 cat > libpq.files <<EOF
 %defattr(-,root,root)
+%if !%mini
 %dir %pgdatadir
 %pgdatadir/pg_service.conf.sample
+%endif
 EOF
 find %buildroot -name 'libpq*.so.*' -printf '/%%P\n' >> libpq.files
 %find_lang libpq5-$VLANG libpq.files
@@ -978,12 +976,13 @@ fi
 %_libdir/pkgconfig/*
 %_libdir/lib*.so
 %pgincludedir
+
 %if %{with server_devel}
 %exclude %pgincludedir/server
 %endif
-%doc %pgmandir/man1/ecpg.1*
 
 %if !%mini
+%doc %pgmandir/man1/ecpg.1*
 %if %{with server_devel}
 %files server-devel -f server-devel.files
 %endif