Changelog for
postgresql10-10.23-150100.8.53.1.x86_64.rpm :
* Thu Nov 10 2022 maxAATTsuse.com- bsc#1205300: Update to 10.23:
* https://www.postgresql.org/about/news/2543/
* https://www.postgresql.org/docs/10/release-10-23.html- Sync spec file with postgresql15.
* Fri Sep 23 2022 maxAATTsuse.com- Sync spec file with postgresql15.
* Fri Aug 12 2022 maxAATTsuse.com- Update to 10.22:
* bsc#1202368, CVE-2022-2625: Extension scripts replace objects not belonging to the extension.
* https://www.postgresql.org/docs/release/10.22/
* Thu May 12 2022 maxAATTsuse.com- Update to 10.21:
* bsc#1199475, CVE-2022-1552: Confine additional operations within \"security restricted operation\" sandboxes.
* https://www.postgresql.org/docs/10/release-10-21.html
* Tue Feb 08 2022 maxAATTsuse.com- bsc#1195680: Upgrade to 10.20:
* https://www.postgresql.org/docs/10/release-10-20.html
* Reindexing might be needed after applying this upgrade, so please read the release notes carefully.- boo#1190740: Add constraints file with 12GB of memory for s390x as a workaround
* Thu Nov 25 2021 maxAATTsuse.com- Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions.- Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart.- Update the BuildIgnore section.
* Wed Nov 10 2021 maxAATTsuse.com- bsc#1192516: Upgrade to 10.19:
* Make the server reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23214).
* Make libpq reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23222).
* https://www.postgresql.org/docs/10/release-10-19.html
* Tue Oct 05 2021 maxAATTsuse.com- Let genlists skip non-existing binaries to avoid lots of version conditionals in the file lists.- Remove postgresql-testsuite-int8.sql.patch, because its purpose is unclear. This affects only the test subpackage.
* Tue Aug 31 2021 maxAATTsuse.com- bsc#1185952: fix build with llvm12 on s390x. 0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch- bsc#1179945: Re-enable icu for PostgreSQL 10.- bsc#1187751: Make the dependency of postgresqlXX-server-devel on llvm and clang optional (postgresql-llvm-optional.patch).
* Tue Aug 24 2021 mrueckertAATTsuse.de- bsc#1190177: Upgrade to version 10.18:
* https://www.postgresql.org/docs/10/release-10-18.html
* Tue May 11 2021 maxAATTsuse.com- Upgrade to version 10.17:
* https://www.postgresql.org/docs/10/release-10-17.html
* CVE-2021-32027, bsc#1185924: Prevent integer overflows in array subscripting calculations.
* CVE-2021-32028, bsc#1185925: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists.- Don\'t use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
* Mon Mar 15 2021 maxAATTsuse.com- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (boo#1183118).
* Tue Mar 09 2021 maxAATTsuse.com- Remove leftover PreReq on chkconfig, we stopped using it long time ago.
* Fri Feb 19 2021 maxAATTsuse.com- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
* Wed Feb 10 2021 maxAATTsuse.com- Upgrade to version 10.16:
* https://www.postgresql.org/docs/10/release-10-16.html
* Reindexing might be needed after applying this update.
* Fri Nov 20 2020 maxAATTsuse.com- bsc#1178961: %ghost the symlinks to pg_config and ecpg.- boo#1179765: BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package.
* Wed Nov 11 2020 maxAATTsuse.com- Upgrade to version 10.15:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
* CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql\'s \\connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql\'s \\gset command from modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/10/release-10-15.html
* Tue Nov 03 2020 maxAATTsuse.com- Fix a DST problem in the test suite: postgresql-timetz.patch https://postgr.es/m/16689-57701daa23b377bfAATTpostgresql.org
* Thu Aug 13 2020 maxAATTsuse.com- update to 10.14:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules\' installation scripts more secure.
* https://www.postgresql.org/docs/10/release-10-14.html- Remove postgresql-regress.patch, it does not apply anymore and it does not seem to be needed anymore.- Pack the /usr/lib/postgresql symlink only into the main package.
* Tue Jun 16 2020 maxAATTsuse.com- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.
* Wed Jun 03 2020 maxAATTsuse.com- update to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html- Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance.- Move from the \"libs\" build flavour to a \"mini\" package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (bsc#1148643).
* Sat Feb 15 2020 mrueckertAATTsuse.de- update to 10.12 (CVE-2020-1720, bsc#1163985) https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/10/release-10-12.html
* Sun Dec 29 2019 larsAATTlinux-schulserver.de- use (and package) sha256 checksum file for source
* Fri Dec 20 2019 mrueckertAATTsuse.de- update to 10.11: https://www.postgresql.org/about/news/1994/ https://www.postgresql.org/docs/10/release-10-11.html
* Tue Oct 22 2019 mrueckertAATTsuse.de- add requires to the devel package for the libs that are returned by pg_config --libs
* Mon Aug 12 2019 maxAATTsuse.com- Update to 10.10:
* https://www.postgresql.org/about/news/1960/
* https://www.postgresql.org/docs/10/release-10-10.html
* CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution.
* Fri Aug 02 2019 mliskaAATTsuse.cz- Use FAT LTO objects in order to provide proper static library.
* Fri Jun 21 2019 mrueckertAATTsuse.de- Update to 10.9:
* https://www.postgresql.org/docs/10/release-10-9.html
* https://www.postgresql.org/about/news/1949/
* CVE-2019-10164 bsc#1138034: Stack-based buffer overflow via setting a password
* Fri May 10 2019 maxAATTsuse.com- Update to 10.8:
* https://www.postgresql.org/docs/10/release-10-8.html
* https://www.postgresql.org/about/news/1939/
* CVE-2019-10130, bsc#1134689: Prevent row-level security policies from being bypassed via selectivity estimators.
* Mon Feb 25 2019 maxAATTsuse.com- Update to 10.7:
* https://www.postgresql.org/docs/10/release-10-7.html
* https://www.postgresql.org/about/news/1920/
* By default, panic instead of retrying after fsync() failure, to avoid possible data corruption.
* Ensure that NOT NULL constraints of a partitioned table are honored within its partitions.
* Numerous other bug fixes.- Overhaul README.SUSE- Make the server-devel package exclusive across versions.
* Fri Nov 09 2018 maxAATTsuse.com- Update to 10.6:
* CVE-2018-16850, bsc#1114837: Improper quoting of transition table names when pg_dump emits CREATE TRIGGER can cause privilege escalation
* Numerous bug fixes, see the release notes: https://www.postgresql.org/docs/10/release-10-6.html
* Remove unneeded library dependencies from PGXS.
* Mon Oct 22 2018 maxAATTsuse.com- Stop building the client libraries as they will henceforth be provided by PostgreSQL 11.
* Wed Oct 17 2018 mrueckertAATTsuse.de- add provides for the new server-devel package that will be introduced in postgresql 11
* Fri Aug 10 2018 maxAATTsuse.com- Update to 10.5: https://www.postgresql.org/docs/current/static/release-10-5.html
* CVE-2018-10915, bsc#1104199: Fix failure to reset libpq\'s state fully between connection attempts.
* CVE-2018-10925, bsc#1104202: Fix INSERT ... ON CONFLICT UPDATE through a view that isn\'t just SELECT
* FROM ...
* Tue May 08 2018 maxAATTsuse.com- Update to 10.4: https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-10-4.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs.
* CVE-2018-1115, bsc#1091610: Remove public execute privilege from contrib/adminpack\'s pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed.
* Fix incorrect volatility markings on a few built-in functions
* Fix incorrect parallel-safety markings on a few built-in functions.
* Wed May 02 2018 maxAATTsuse.com- bsc#1091412: server prerequires server-noarch to make sure that the postgresql user and group exist.
* Fri Mar 09 2018 mrueckertAATTsuse.de- Update to 10.3
* https://www.postgresql.org/docs/current/static/release-10-3.html A dump/restore is not required for those running 10.X. However, if you run an installation in which not all users are mutually trusting, or if you maintain an application or extension that is intended for use in arbitrary situations, it is strongly recommended that you read the documentation changes described in the first changelog entry in the link above, and take suitable steps to ensure that your installation or code is secure. Also, the changes described in the second changelog entry in the link above may cause functions used in index expressions or materialized views to fail during auto-analyze, or when reloading from a dump. After upgrading, monitor the server logs for such problems, and fix affected functions.
* CVE-2018-1058 bsc#1081925 Uncontrolled search path element in pg_dump and other client applications
* Fri Feb 09 2018 maxAATTsuse.com- Update to PostgreSQL 10.2
* https://www.postgresql.org/docs/10/static/release-10-2.html
* CVE-2018-1052, bsc#1080253: Fix processing of partition keys containing multiple expressions.
* CVE-2018-1053, bsc#1077983: Ensure that all temporary files made by pg_upgrade are non-world-readable.
* bsc#1079757: Rename pg_rewind\'s copy_file_range function to avoid conflict with new Linux system call of that name.
* Fri Jan 19 2018 maxAATTsuse.com- Use Python 3 for building PL/Python (boo#1067699).- Don\'t %config the symlinks to /etc/alternatives to avoid rpmlint warnings.
* Thu Dec 14 2017 mrueckertAATTsuse.de- also package %define pgcontribdir %pgdatadir/contrib
* Thu Dec 14 2017 mrueckertAATTsuse.de- enable support for ICU (new BR: libicu-devel)- enable support for selinux (new BR: libselinux-devel)- enable support for systemd (new BR: pkgconfig(libsystemd))
* Thu Dec 14 2017 mrueckertAATTsuse.de- make sure that also the server gets at least its own version of libpq5- also change all libpq requires to >= %version instead of just %pgmajor
* Thu Nov 23 2017 mrueckertAATTsuse.de- port /usr/share/postgresql/install-alternatives usage to the new scheme
* Thu Nov 23 2017 mrueckertAATTsuse.de- update to 10.1
* Security Issues - CVE-2017-15098: Memory disclosure in JSON functions - CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Prior to this release, the \"INSERT ... ON CONFLICT DO UPDATE\" would not check to see if the executing user had permission to perform a \"SELECT\" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the \"INSERT ... ON CONFLICT DO UPDATE\" would not check the SELECT policies for that table before performing the update. This fix ensures that \"INSERT ... ON CONFLICT DO UPDATE\" checks against table permissions and RLS policies before executing.
* Bug Fixes and Improvements This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 10, but many affect all supported versions: - Fix a race condition in BRIN indexing that could cause some rows to not be included in the indexing. - Fix crash when logical decoding is invoked from a PL language function. - Several fixes for logical replication. - Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to pre-version 10. - Prevent low-probability crash in processing of nested trigger firings. - Do not evaluate an aggregate function\'s argument expressions when the conditions in the FILTER clause evaluate to FALSE. This complies with SQL-standard behavior. - Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable. - Fix memory leak over the lifespan of a query when evaluating a set-returning function from the target list in a SELECT. - Several fixes for parallel query execution, including fixing a crash in the parallel execution of certain queries that contain a certain type of bitmap scan. - Fix json_build_array(), json_build_object(), jsonb_build_array(), and jsonb_build_object() to handle explicit VARIADIC arguments correctly. - Prevent infinite float values from being casted to the numeric type. - Fix autovacuum\'s “work item” logic to prevent possible crashes and silent loss of work items. - Several fixes for VIEWs around adding columns to the end of a view. - Fix for hashability detection of range data types that are created by a user. - Improvements on using extended statistics on columns for the purposes of query planning. - Prevent idle_in_transaction_session_timeout from being ignored when a statement_timeout occurred earlier. - Fix low-probability loss of NOTIFY messages due more than 2 billion transactions processing before any queries are executed in the session. - Several file system interaction fixes. - Correctly restore the umask setting when file creation fails in COPY or lo_export(). - Fix pg_dump to ensure that it emits GRANT commands in a valid order. - Fix pg_basebackup\'s matching of tablespace paths to canonicalize both paths before comparing to help improve Windows compatibility. - Fix libpq to not require user\'s home directory to exist when trying to read the \"~/.pgpass\" file. - Several fixes for ecpg. - This update also contains tzdata release 2017c, with updates for Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago. For more details see: https://www.postgresql.org/docs/current/static/release-10-1.html
* Fri Nov 03 2017 maxAATTsuse.com- Use /usr/share/postgresql/install-alternatives in the respective scriptlets.- Fix the logic around restart on upgrade and stop on removal. We bring the binaries, but we don\'t own the unit file.
* Thu Oct 05 2017 maxAATTsuse.com- Update to the final 10.0 release. Major enhancements include:
* Logical replication using publish/subscribe
* Declarative table partitioning
* Improved query parallelism
* Significant general performance improvements
* Stronger password authentication based on SCRAM-SHA-256
* Improved monitoring and control A dump/restore using pg_dumpall, or use of pg_upgrade, is required for those wishing to migrate data from any previous release. Version 10 contains a number of changes that may affect compatibility with previous releases. See the release notes for details: https://www.postgresql.org/docs/10/static/release-10.html- Reduce the number of version-related macros in the spec file.
* Mon Oct 02 2017 maxAATTsuse.com- Break a build dependency loop in the server packages that led to bootstrap problems.
* Fri Sep 22 2017 maxAATTsuse.com- Update to 10rc1 PostgreSQL 10 RC 1 requires an upgrade from beta 4, or earlier either using pg_dump / pg_restore or pg_upgrade. Changes since beta4 include:
* Add psql variables showing server version and psql version.
* Several fixes for partitioning
* Several fixes for logical replication
* Several fixes for transition tables
* Fix for query that could end up in an uninterruptible state- Adjust dependencies to the new packaging schema.
* Fri Sep 08 2017 mrueckertAATTsuse.de- update to 10beta4 PostgreSQL 10 beta 4 requires an upgrade from beta 3, or earlier either using pg_dump / pg_restore or pg_upgrade. Any bugfixes applied to 9.6 or earlier that also affected 10 are included in beta 4. Our users and contributors also reported bugs against 10 beta 3, and many of them have been fixed in this release. We urge our community to re-test to ensure that these bugs are actually fixed, including: - Show foreign tables in information_schema.table_privileges view. This fix applies to new databases, see the release notes for the procedure to apply the fix to an existing database. - Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM) that occurs while trying to execute a ROLLBACK of a failed transaction - Remove assertion that could trigger during a fatal exit - Correctly identify columns that are of a range type or domain type over a composite type or domain type being searched for - Prevent crash when passing fixed-length pass-by-reference data types to parallel worker processes - Fix crash in pg_restore when using parallel mode and using a list file to select a subset of items to restore - Change ecpg’s parser to allow RETURNING clauses without attached C variables - Change ecpg’s parser to recognize backslash continuation of C preprocessor command lines - Improve selection of compiler flags for PL/Perl on Windows - Fix make check to behave correctly when invoked via a non-GNU make program Note that some known issues remain unfixed. Before reporting a bug in the beta, please check the Open Items page. https://wiki.postgresql.org/wiki/PostgreSQL_10_Open_Items
* Thu Aug 10 2017 mrueckertAATTsuse.de- update to 10beta3 - hash: Fix write-ahead logging bugs related to init forks - Fix oddity in error handling of constraint violation in ExecConstraints for partitioned tables - Use a real RT index when setting up partition tuple routing - Fix serious performance problems in json(b) to_tsvector() - Fix problems defining multi-column range partition bounds - Fix partitioning crashes during error reporting - Fix race conditions in replication slot operations - Fix very minor memory leaks in psql\'s command.c - PL/Perl portability fix: avoid including XSUB.h in plperl.c - Fix inadequate stack depth checking in the wake of expression execution changes - Allow creation of C/POSIX collations without depending on libc behavior - Fix OBJECT_TYPE/OBJECT_DOMAIN confusion - Remove duplicate setting of SSL_OP_SINGLE_DH_USE option - Fix crash with logical replication on a function index - Teach map_partition_varattnos to handle whole-row expressions - Fix lock upgrade hazard in ATExecAttachPartition - Apply ALTER ... SET NOT NULL recursively in ALTER ... ADD PRIMARY KEY - hash: Increase the number of possible overflow bitmaps by 8x - Only kill sync workers at commit time in subscription DDL - Fix bug in deciding whether to scan newly-attached partition - Make pg_stop_backup\'s wait_for_archive flag work on standbys - Fix handling of dropped columns in logical replication - Fix local/remote attribute mix-up in logical replication
* Fri Aug 04 2017 mrueckertAATTsuse.de- bump version in update-alternatives call
* Fri Aug 04 2017 mrueckertAATTsuse.de- use multibuild
* Thu Aug 03 2017 mrueckertAATTsuse.de- initial package