Accepting request 1247460 from server:database:postgresql

- Upgrade to 14.17:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/14.17/
  * https://www.postgresql.org/about/news/p-3018/

OBS-URL: https://build.opensuse.org/request/show/1247460
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=24

postgresql-14.12.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923
-size 22390865

postgresql-14.12.tar.bz2.sha256

@@ -1 +0,0 @@
-6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923  postgresql-14.12.tar.bz2

postgresql-14.17.tar.bz2.sha256

@@ -0,0 +1 @@
+6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1  postgresql-14.17.tar.bz2

postgresql14.changes

@@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.17:
+  * Improve behavior of libpq's quoting functions:
+    The changes made for CVE-2025-1094 had one serious oversight:
+    PQescapeLiteral() and PQescapeIdentifier() failed to honor
+    their string length parameter, instead always reading to the
+    input string's trailing null. This resulted in including
+    unwanted text in the output, if the caller intended to
+    truncate the string via the length parameter. With very bad
+    luck it could cause a crash due to reading off the end of
+    memory.
+    In addition, modify all these quoting functions so that when
+    invalid encoding is detected, an invalid sequence is
+    substituted for just the first byte of the presumed
+    character, not all of it. This reduces the risk of problems
+    if a calling application performs additional processing on
+    the quoted string.
+  * Fix small memory leak in pg_createsubscriber.
+  * https://www.postgresql.org/docs/release/14.17/
+  * https://www.postgresql.org/about/news/p-3018/
+
+-------------------------------------------------------------------
+Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.16:
+  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
+    functions against invalidly-encoded input strings.
+  * obsoletes postgresql-tzdata2025a.patch
+  * https://www.postgresql.org/docs/release/14.16/
+  * https://www.postgresql.org/about/news/-3015/
+- Disable LLVM JIT on loongarch64
+
+-------------------------------------------------------------------
+Tue Jan 28 12:23:29 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Fix build, add postgresql-tzdata2025a.patch
+
+-------------------------------------------------------------------
+Tue Nov 19 14:20:46 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.15:
+  * Repair ABI break for extensions that work with struct
+    ResultRelInfo.
+  * Restore functionality of ALTER {ROLE|DATABASE} SET role
+  * Fix cases where a logical replication slot's restart_lsn could
+    go backwards.
+  * Avoid deleting still-needed WAL files during pg_rewind.
+  * Count index scans in contrib/bloom indexes in the statistics
+    views, such as the pg_stat_user_indexes.idx_scan counter.
+  * Fix crash when checking to see if an index's opclass options
+    have changed.
+  * Avoid assertion failure caused by disconnected NFA sub-graphs
+    in regular expression parsing.
+  * https://www.postgresql.org/about/news/p-2965/
+  * https://www.postgresql.org/docs/release/14.15/
+
+-------------------------------------------------------------------
+Wed Nov 13 13:52:49 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.14:
+  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
+    dependent on the calling role when RLS applies to a
+    non-top-level table reference.
+  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
+    received during SSL or GSS protocol negotiation.
+  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
+    between SET SESSION AUTHORIZATION and SET ROLE
+  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
+    changing environment variables.
+  * https://www.postgresql.org/about/news/p-2955/
+  * https://www.postgresql.org/docs/release/14.14/
+
+-------------------------------------------------------------------
+Tue Nov  5 13:56:30 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Sync spec file from postgresql17.
+
+-------------------------------------------------------------------
+Sat Aug 10 14:13:04 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Upgrade to 14.13 (bsc#1229013):
+  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
+    during pg_dump executes arbitrary SQL
+  * https://www.postgresql.org/about/news/p-2910/
+  * https://www.postgresql.org/docs/release/14.13/
+
 -------------------------------------------------------------------
 Wed May  8 12:07:46 UTC 2024 - Reinhard Max <max@suse.com>
 

postgresql14.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package postgresql14
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,13 @@
 #
 
 
-%define pgversion 14.12
+%define pgversion 14.17
 %define pgmajor 14
 %define buildlibs 0
 %define tarversion %{pgversion}
-%define latest_supported_llvm_ver 18
+%define oldest_supported_llvm_ver 10
+# To be able to use cmake(LLVM) < ...
+%define latest_supported_llvm_ver_plus_one 19
 
 ### CUT HERE ###
 %define pgname postgresql%pgmajor
@@ -60,7 +62,7 @@ Name:           %pgname
 %endif
 
 %if %pgmajor >= 17
-%bcond_with dreived
+%bcond_with derived
 %else
 %bcond_without derived
 %endif
@@ -73,6 +75,12 @@ Name:           %pgname
 %bcond_without libzstd
 %endif
 
+%if %{without derived}
+BuildRequires:  bison
+BuildRequires:  docbook-xsl-stylesheets
+BuildRequires:  flex
+BuildRequires:  perl
+%endif
 %if %mini
 %bcond_with  selinux
 %if %pgmajor >= 16
@@ -94,12 +102,6 @@ BuildRequires:  zlib-devel
 %if %{with liblz4}
 BuildRequires:  pkgconfig(liblz4)
 %endif
-%if %{without derived}
-BuildRequires:  bison
-BuildRequires:  docbook-xsl-stylesheets
-BuildRequires:  flex
-BuildRequires:  perl
-%endif
 
 %if %{with libzstd}
 BuildRequires:  pkgconfig(libzstd)
@@ -113,7 +115,7 @@ BuildRequires:  %libpq
 %endif
 
 %if 0%{?suse_version} >= 1500 && %pgmajor >= 11
-%ifarch riscv64
+%ifarch riscv64 loongarch64
 %bcond_with     llvm
 %else
 %bcond_without  llvm
@@ -144,13 +146,8 @@ BuildRequires:  libselinux-devel
 %endif
 %if %{with llvm}
 BuildRequires:  gcc-c++
-%if 0%{?product_libs_llvm_ver} > %{latest_supported_llvm_ver}
-BuildRequires:  clang%{latest_supported_llvm_ver}
-BuildRequires:  llvm%{latest_supported_llvm_ver}-devel
-%else
-BuildRequires:  clang
-BuildRequires:  llvm-devel
-%endif
+BuildRequires:  (cmake(Clang) >= %{oldest_supported_llvm_ver} with cmake(Clang) < %{latest_supported_llvm_ver_plus_one})
+BuildRequires:  (cmake(LLVM)  >= %{oldest_supported_llvm_ver} with cmake(LLVM)  < %{latest_supported_llvm_ver_plus_one})
 %endif
 BuildRequires:  libxslt-devel
 BuildRequires:  openldap2-devel
@@ -610,6 +607,7 @@ VLANG=%pgmajor
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/include install
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/interfaces install
 rm -rf %buildroot%pgincludedir/server
+rm -rf %buildroot%pgdatadir
 %else
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname install install-docs
 %if 0
@@ -772,8 +770,6 @@ done
 %endif
 popd
 
-mkdir -p %buildroot%pgmandir/man1
-cp -a doc/src/sgml/man1/ecpg.1 %buildroot%pgmandir/man1/ecpg.1pg%pgmajor
 %find_lang ecpg-$VLANG devel.files
 # The devel subpackage is exclusive across versions
 # and not handled by update-alternatives.
@@ -791,8 +787,10 @@ cat server-devel.files >> devel.files
 # Build up the file lists for the libpq and libecpg packages
 cat > libpq.files <<EOF
 %defattr(-,root,root)
+%if !%mini
 %dir %pgdatadir
 %pgdatadir/pg_service.conf.sample
+%endif
 EOF
 find %buildroot -name 'libpq*.so.*' -printf '/%%P\n' >> libpq.files
 %find_lang libpq5-$VLANG libpq.files
@@ -978,12 +976,13 @@ fi
 %_libdir/pkgconfig/*
 %_libdir/lib*.so
 %pgincludedir
+
 %if %{with server_devel}
 %exclude %pgincludedir/server
 %endif
-%doc %pgmandir/man1/ecpg.1*
 
 %if !%mini
+%doc %pgmandir/man1/ecpg.1*
 %if %{with server_devel}
 %files server-devel -f server-devel.files
 %endif