Accepting request 1278026 from server:database:postgresql

- Upgrade to 14.18:
  * bsc#1242931, CVE-2025-4207: postgresql: PostgreSQL GB18030
    encoding validation can read one byte past end of allocation
    for text that fails validation.
  * https://www.postgresql.org/docs/release/14.18/
  * https://www.postgresql.org/about/news/p-3072/
- Add postresql-pg_config_paths.patch to fix a race condition
  while generating pg_config_paths.h.

OBS-URL: https://build.opensuse.org/request/show/1278026
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postgresql14?expand=0&rev=25

postgresql-14.12.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923
-size 22390865

postgresql-14.12.tar.bz2.sha256

@@ -1 +0,0 @@
-6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923  postgresql-14.12.tar.bz2

postgresql-14.18.tar.bz2.sha256

@@ -0,0 +1 @@
+83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e  postgresql-14.18.tar.bz2

postgresql14.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Fri May  9 11:54:41 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.18:
+  * bsc#1242931, CVE-2025-4207: postgresql: PostgreSQL GB18030
+    encoding validation can read one byte past end of allocation
+    for text that fails validation.
+  * https://www.postgresql.org/docs/release/14.18/
+  * https://www.postgresql.org/about/news/p-3072/
+- Add postresql-pg_config_paths.patch to fix a race condition
+  while generating pg_config_paths.h.
+
+-------------------------------------------------------------------
+Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.17:
+  * Improve behavior of libpq's quoting functions:
+    The changes made for CVE-2025-1094 had one serious oversight:
+    PQescapeLiteral() and PQescapeIdentifier() failed to honor
+    their string length parameter, instead always reading to the
+    input string's trailing null. This resulted in including
+    unwanted text in the output, if the caller intended to
+    truncate the string via the length parameter. With very bad
+    luck it could cause a crash due to reading off the end of
+    memory.
+    In addition, modify all these quoting functions so that when
+    invalid encoding is detected, an invalid sequence is
+    substituted for just the first byte of the presumed
+    character, not all of it. This reduces the risk of problems
+    if a calling application performs additional processing on
+    the quoted string.
+  * Fix small memory leak in pg_createsubscriber.
+  * https://www.postgresql.org/docs/release/14.17/
+  * https://www.postgresql.org/about/news/p-3018/
+
+-------------------------------------------------------------------
+Tue Feb 11 14:27:58 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.16:
+  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
+    functions against invalidly-encoded input strings.
+  * obsoletes postgresql-tzdata2025a.patch
+  * https://www.postgresql.org/docs/release/14.16/
+  * https://www.postgresql.org/about/news/-3015/
+- Disable LLVM JIT on loongarch64
+
+-------------------------------------------------------------------
+Tue Jan 28 12:23:29 UTC 2025 - Reinhard Max <max@suse.com>
+
+- Fix build, add postgresql-tzdata2025a.patch
+
+-------------------------------------------------------------------
+Tue Nov 19 14:20:46 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.15:
+  * Repair ABI break for extensions that work with struct
+    ResultRelInfo.
+  * Restore functionality of ALTER {ROLE|DATABASE} SET role
+  * Fix cases where a logical replication slot's restart_lsn could
+    go backwards.
+  * Avoid deleting still-needed WAL files during pg_rewind.
+  * Count index scans in contrib/bloom indexes in the statistics
+    views, such as the pg_stat_user_indexes.idx_scan counter.
+  * Fix crash when checking to see if an index's opclass options
+    have changed.
+  * Avoid assertion failure caused by disconnected NFA sub-graphs
+    in regular expression parsing.
+  * https://www.postgresql.org/about/news/p-2965/
+  * https://www.postgresql.org/docs/release/14.15/
+
+-------------------------------------------------------------------
+Wed Nov 13 13:52:49 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Upgrade to 14.14:
+  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
+    dependent on the calling role when RLS applies to a
+    non-top-level table reference.
+  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
+    received during SSL or GSS protocol negotiation.
+  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
+    between SET SESSION AUTHORIZATION and SET ROLE
+  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
+    changing environment variables.
+  * https://www.postgresql.org/about/news/p-2955/
+  * https://www.postgresql.org/docs/release/14.14/
+
+-------------------------------------------------------------------
+Tue Nov  5 13:56:30 UTC 2024 - Reinhard Max <max@suse.com>
+
+- Sync spec file from postgresql17.
+
+-------------------------------------------------------------------
+Sat Aug 10 14:13:04 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Upgrade to 14.13 (bsc#1229013):
+  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
+    during pg_dump executes arbitrary SQL
+  * https://www.postgresql.org/about/news/p-2910/
+  * https://www.postgresql.org/docs/release/14.13/
+
 -------------------------------------------------------------------
 Wed May  8 12:07:46 UTC 2024 - Reinhard Max <max@suse.com>
 

postgresql14.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package postgresql14
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,13 @@
 #
 
 
-%define pgversion 14.12
+%define pgversion 14.18
 %define pgmajor 14
 %define buildlibs 0
 %define tarversion %{pgversion}
-%define latest_supported_llvm_ver 18
+%define oldest_supported_llvm_ver 10
+# To be able to use cmake(LLVM) < ...
+%define latest_supported_llvm_ver_plus_one 19
 
 ### CUT HERE ###
 %define pgname postgresql%pgmajor
@@ -60,7 +62,7 @@ Name:           %pgname
 %endif
 
 %if %pgmajor >= 17
-%bcond_with dreived
+%bcond_with derived
 %else
 %bcond_without derived
 %endif
@@ -73,6 +75,12 @@ Name:           %pgname
 %bcond_without libzstd
 %endif
 
+%if %{without derived}
+BuildRequires:  bison
+BuildRequires:  docbook-xsl-stylesheets
+BuildRequires:  flex
+BuildRequires:  perl
+%endif
 %if %mini
 %bcond_with  selinux
 %if %pgmajor >= 16
@@ -94,12 +102,6 @@ BuildRequires:  zlib-devel
 %if %{with liblz4}
 BuildRequires:  pkgconfig(liblz4)
 %endif
-%if %{without derived}
-BuildRequires:  bison
-BuildRequires:  docbook-xsl-stylesheets
-BuildRequires:  flex
-BuildRequires:  perl
-%endif
 
 %if %{with libzstd}
 BuildRequires:  pkgconfig(libzstd)
@@ -113,7 +115,7 @@ BuildRequires:  %libpq
 %endif
 
 %if 0%{?suse_version} >= 1500 && %pgmajor >= 11
-%ifarch riscv64
+%ifarch riscv64 loongarch64
 %bcond_with     llvm
 %else
 %bcond_without  llvm
@@ -144,13 +146,8 @@ BuildRequires:  libselinux-devel
 %endif
 %if %{with llvm}
 BuildRequires:  gcc-c++
-%if 0%{?product_libs_llvm_ver} > %{latest_supported_llvm_ver}
-BuildRequires:  clang%{latest_supported_llvm_ver}
-BuildRequires:  llvm%{latest_supported_llvm_ver}-devel
-%else
-BuildRequires:  clang
-BuildRequires:  llvm-devel
-%endif
+BuildRequires:  (cmake(Clang) >= %{oldest_supported_llvm_ver} with cmake(Clang) < %{latest_supported_llvm_ver_plus_one})
+BuildRequires:  (cmake(LLVM)  >= %{oldest_supported_llvm_ver} with cmake(LLVM)  < %{latest_supported_llvm_ver_plus_one})
 %endif
 BuildRequires:  libxslt-devel
 BuildRequires:  openldap2-devel
@@ -185,6 +182,7 @@ Source1:        https://ftp.postgresql.org/pub/source/v%{tarversion}/postgresql-
 Source2:        baselibs.conf
 Source17:       postgresql-rpmlintrc
 Patch1:         postgresql-conf.patch
+Patch2:         postresql-pg_config_paths.patch
 # PL/Perl needs to be linked with rpath (bsc#578053)
 Patch4:         postgresql-plperl-keep-rpath.patch
 Patch8:         postgresql-testsuite-keep-results-file.patch
@@ -520,6 +518,7 @@ included in the postgresql-server package.
 # confuse PostgreSQL's build system
 touch -r configure tmp
 %patch -P 1
+%patch -P 2
 %patch -P 4
 %patch -P 8
 %patch -P 9
@@ -610,6 +609,7 @@ VLANG=%pgmajor
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/include install
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname -C src/interfaces install
 rm -rf %buildroot%pgincludedir/server
+rm -rf %buildroot%pgdatadir
 %else
 make DESTDIR=%buildroot PACKAGE_TARNAME=%pgname install install-docs
 %if 0
@@ -772,8 +772,6 @@ done
 %endif
 popd
 
-mkdir -p %buildroot%pgmandir/man1
-cp -a doc/src/sgml/man1/ecpg.1 %buildroot%pgmandir/man1/ecpg.1pg%pgmajor
 %find_lang ecpg-$VLANG devel.files
 # The devel subpackage is exclusive across versions
 # and not handled by update-alternatives.
@@ -791,8 +789,10 @@ cat server-devel.files >> devel.files
 # Build up the file lists for the libpq and libecpg packages
 cat > libpq.files <<EOF
 %defattr(-,root,root)
+%if !%mini
 %dir %pgdatadir
 %pgdatadir/pg_service.conf.sample
+%endif
 EOF
 find %buildroot -name 'libpq*.so.*' -printf '/%%P\n' >> libpq.files
 %find_lang libpq5-$VLANG libpq.files
@@ -978,12 +978,13 @@ fi
 %_libdir/pkgconfig/*
 %_libdir/lib*.so
 %pgincludedir
+
 %if %{with server_devel}
 %exclude %pgincludedir/server
 %endif
-%doc %pgmandir/man1/ecpg.1*
 
 %if !%mini
+%doc %pgmandir/man1/ecpg.1*
 %if %{with server_devel}
 %files server-devel -f server-devel.files
 %endif

postresql-pg_config_paths.patch

@@ -0,0 +1,35 @@
+--- src/port/Makefile.orig
++++ src/port/Makefile
+@@ -145,18 +145,20 @@ path_srv.o: path.c pg_config_paths.h
+ # because many of these values come from makefiles and are not
+ # available to configure.
+ pg_config_paths.h: $(top_builddir)/src/Makefile.global
+-	echo "#define PGBINDIR \"$(bindir)\"" >$@
+-	echo "#define PGSHAREDIR \"$(datadir)\"" >>$@
+-	echo "#define SYSCONFDIR \"$(sysconfdir)\"" >>$@
+-	echo "#define INCLUDEDIR \"$(includedir)\"" >>$@
+-	echo "#define PKGINCLUDEDIR \"$(pkgincludedir)\"" >>$@
+-	echo "#define INCLUDEDIRSERVER \"$(includedir_server)\"" >>$@
+-	echo "#define LIBDIR \"$(libdir)\"" >>$@
+-	echo "#define PKGLIBDIR \"$(pkglibdir)\"" >>$@
+-	echo "#define LOCALEDIR \"$(localedir)\"" >>$@
+-	echo "#define DOCDIR \"$(docdir)\"" >>$@
+-	echo "#define HTMLDIR \"$(htmldir)\"" >>$@
+-	echo "#define MANDIR \"$(mandir)\"" >>$@
++	T=`mktemp -p .`; \
++	echo "#define PGBINDIR \"$(bindir)\"" >>$$T; \
++	echo "#define PGSHAREDIR \"$(datadir)\"" >>$$T; \
++	echo "#define SYSCONFDIR \"$(sysconfdir)\"" >>$$T; \
++	echo "#define INCLUDEDIR \"$(includedir)\"" >>$$T; \
++	echo "#define PKGINCLUDEDIR \"$(pkgincludedir)\"" >>$$T; \
++	echo "#define INCLUDEDIRSERVER \"$(includedir_server)\"" >>$$T; \
++	echo "#define LIBDIR \"$(libdir)\"" >>$$T; \
++	echo "#define PKGLIBDIR \"$(pkglibdir)\"" >>$$T; \
++	echo "#define LOCALEDIR \"$(localedir)\"" >>$$T; \
++	echo "#define DOCDIR \"$(docdir)\"" >>$$T; \
++	echo "#define HTMLDIR \"$(htmldir)\"" >>$$T; \
++	echo "#define MANDIR \"$(mandir)\"" >>$$T; \
++	mv $$T $@
+ 
+ clean distclean maintainer-clean:
+ 	rm -f libpgport.a libpgport_shlib.a libpgport_srv.a