Changelog for
postgresql16-server-16.3-2.3.x86_64.rpm :
* Wed May 08 2024 maxAATTsuse.com- Upgrade to 16.3 (bsc#1224051):
* bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances.
* Fix incompatibility with LLVM 18.
* https://www.postgresql.org/docs/release/16.3/- Prepare for PostgreSQL 17.- Make sure all compilation and doc generation happens in %build.
* Tue Mar 12 2024 aaronpuchertAATTalice-dsl.net- Require LLVM <= 17 for now, because LLVM 18 doesn\'t seem to work.
* Thu Mar 07 2024 sarah.krieschAATTopensuse.org- Remove constraints file because improved memory usage for s390x
* Thu Feb 29 2024 dimstarAATTopensuse.org- Use %patch -P N instead of deprecated %patchN.
* Thu Feb 08 2024 maxAATTsuse.com- Upgrade to 16.2:
* bsc#1219679, CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY. One step of a concurrent refresh command was run under weak security restrictions. If a materialized view\'s owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view\'s owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view\'s owner, as expected
* If you use GIN indexes, you may need to reindex after updating to this release.
* LLVM 18 is now supported.
* https://www.postgresql.org/docs/release/16.2/
* Wed Nov 08 2023 maxAATTsuse.com- Upgrade to 16.1:
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT \"any\" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value.
* bsc#1216961, CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory.
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we\'ll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions.
* Add support for LLVM 16 and 17
* https://www.postgresql.org/docs/16/release-16-1.html
* Tue Oct 31 2023 maxAATTsuse.com- boo#1216734: Revert the last change and make the devel package independend of all other subpackages except for the libs.
* Tue Oct 10 2023 maxAATTsuse.com- boo#1216022: Call install-alternatives from the devel subpackage as well, otherwise the symlink for ecpg might be missing.
* Mon Sep 18 2023 dimstarAATTopensuse.org- Also buildignore the postgresql
*-implementation symbols: this is needed in order to bootstrap when no postgresql version currently has valid symbols provided. Once the packages are built, OBS could translate this to the pgname-
* packages and accept the ignores; during bootstrap though, there is nothing providing the symbol and the existing buildignores do not suffice.
* Thu Sep 14 2023 maxAATTsuse.com- Upgrade to 16.0:
* https://www.postgresql.org/about/news/2715
* https://www.postgresql.org/docs/16/release-16.html
* Mon Sep 04 2023 mrueckertAATTsuse.de- Upgrade to 16rc1:
* https://www.postgresql.org/about/news/2702/
* Thu Aug 10 2023 maxAATTsuse.com- Upgrade too v16beta3.
* Mon Aug 07 2023 maxAATTsuse.com- Copy postgresql15 to postgresql16 and upgrade to v16beta2.- Don\'t create a unix domain socket under /tmp anymore.
* Fri May 26 2023 maxAATTsuse.com- Restore the independence of mini builds from the main build after the -mini name change from April 4, 2023.- Adjust icu handling to prepare for PostgreSQL 16.
* Mon May 15 2023 maxAATTsuse.com- Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package.- Change the unix domain socket location from /var/run to /run.
* Tue May 09 2023 maxAATTsuse.com- Update to 15.3:
* bsc#1211228, CVE-2023-2454: Prevent CREATE SCHEMA from defeating changes in search_path
* bsc#1211229, CVE-2023-2455: Enforce row-level security policies correctly after inlining a set-returning function
* https://www.postgresql.org/about/news/2637/
* https://www.postgresql.org/docs/15/release-15-3.html
* Tue Apr 18 2023 maxAATTsuse.com- bsc#1210303: Stop using the obsolete internal %_restart_on_update macro and drop support for sysv init to simplify the scriptlets.
* Tue Apr 04 2023 fvogtAATTsuse.com- Include -mini in Name: to avoid conflicts in the source package name and OBS internal dependency tracking.
* Thu Feb 09 2023 maxAATTsuse.com- Update to 15.2:
* CVE-2022-41862, bsc#1208102: memory leak in libpq
* https://www.postgresql.org/about/news/2592/
* https://www.postgresql.org/docs/15/release-15-2.html- Bump latest_supported_llvm_ver to 15.
* Thu Nov 10 2022 maxAATTsuse.com- Update to 15.1:
* https://www.postgresql.org/about/news/2543/
* https://www.postgresql.org/docs/15/release-15-1.html
* Thu Oct 13 2022 maxAATTsuse.com- Update to 15.0:
* https://www.postgresql.org/about/news/p-2526/
* https://www.postgresql.org/docs/15/release-15.html- Move pg_upgrade from
*-contrib to
*-server.- Drop support for the 9.x versioning scheme.
* Thu Oct 06 2022 maxAATTsuse.com- Update to 15~rc2
* https://www.postgresql.org/about/news/p-2521/
* Reverting the \"optimized order of GROUP BY keys\" feature.
* Fri Sep 30 2022 fvogtAATTsuse.com- Fix source URLs
* Thu Sep 29 2022 maxAATTsuse.com- Update to 15~rc1 https://www.postgresql.org/about/news/p-2516/
* Thu Sep 22 2022 aaronpuchertAATTalice-dsl.net- Create mechanism to specify the latest supported LLVM version. Automatically pin to that version if the distribution has a newer unsupported default version.
* Mon Sep 12 2022 schwabAATTsuse.de- Disable LLVM JIT on riscv64
* Thu Sep 08 2022 maxAATTsuse.com- Update to 15~beta4 https://www.postgresql.org/about/news/p-2507/
* Mon Sep 05 2022 maxAATTsuse.com- Update to 15~beta3 https://www.postgresql.org/about/news/p-2496/
* Sat May 21 2022 mrueckertAATTsuse.de- use %version requires for the contrib package for now as 15~beta1 is actually smaller than 15.
* Sat May 21 2022 mrueckertAATTsuse.de- Add proper conditionals for lz4 and zstd
* Sat May 21 2022 mrueckertAATTsuse.de- Upgrade to 15~beta1 https://www.postgresql.org/about/news/postgresql-15-beta-1-released-2453/ https://www.postgresql.org/docs/15/release-15.html- Refreshed patches to apply cleanly again: 0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch postgresql-conf.patch postgresql-llvm-optional.patch postgresql-plperl-keep-rpath.patch postgresql-testsuite-keep-results-file.patch postgresql-var-run-socket.patch- Add buildrequires for lz4 and zstd support
* Sat May 21 2022 mrueckertAATTsuse.de- fork package for postgresql 15
* Thu May 12 2022 maxAATTsuse.com- Upgrade to 14.3:
* bsc#1199475, CVE-2022-1552: Confine additional operations within \"security restricted operation\" sandboxes.
* https://www.postgresql.org/docs/14/release-14-3.html
* Wed Apr 13 2022 maxAATTsuse.com- bsc#1198166: Pin to llvm13 until the next patchlevel update.
* Tue Feb 08 2022 maxAATTsuse.com- bsc#1195680: Upgrade to 14.2:
* https://www.postgresql.org/docs/14/release-14-2.html
* Reindexing might be needed after applying this upgrade, so please read the release notes carefully.
* Sat Dec 11 2021 ada.lovelaceAATTgmx.de- boo#1190740: Add constraints file with 12GB of memory for s390x as a workaround
* Thu Nov 25 2021 maxAATTsuse.com- Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions.- Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart.- Update the BuildIgnore section.
* Wed Nov 10 2021 maxAATTsuse.com- bsc#1192516: Upgrade to 14.1
* Make the server reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23214).
* Make libpq reject extraneous data after an SSL or GSS encryption handshake (CVE-2021-23222).
* https://www.postgresql.org/docs/14/release-14-1.html
* Wed Oct 20 2021 maxAATTsuse.com- boo#1191782: Let rpmlint ignore shlib-policy-name-error.
* Tue Oct 05 2021 maxAATTsuse.com- Remove postgresql-testsuite-int8.sql.patch, because its purpose is unclear. This affects only the test subpackage.
* Thu Sep 30 2021 mrueckertAATTsuse.de- Upgrade to 14.0 https://www.postgresql.org/about/news/postgresql-14-released-2318/ https://www.postgresql.org/docs/14/release-14.html
* Mon Sep 27 2021 maxAATTsuse.com- Let genlists skip non-existing binaries to avoid lots of version conditionals in the file lists.
* Sat Sep 25 2021 mrueckertAATTsuse.de- Upgrade to 14~rc1 https://www.postgresql.org/about/news/postgresql-14-rc-1-released-2309/ https://www.postgresql.org/docs/14/release-14.html https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
* Fri Jun 25 2021 mrueckertAATTsuse.de- Upgrade to 14~beta2 https://www.postgresql.org/about/news/postgresql-14-beta-2-released-2249/ https://www.postgresql.org/docs/14/release-14.html https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
* Fri May 21 2021 mrueckertAATTsuse.de- Upgrade to 14~beta1 https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/ https://www.postgresql.org/docs/14/release-14.html https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items- disable postgresql-testsuite-int8.sql.patch: it seems it is not needed anymore, need to be double checked.
* Wed May 19 2021 maxAATTsuse.com- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround.
* Tue May 11 2021 maxAATTsuse.com- Upgrade to version 13.3:
* https://www.postgresql.org/docs/13/release-13-3.html
* CVE-2021-32027, bsc#1185924: Prevent integer overflows in array subscripting calculations.
* CVE-2021-32028, bsc#1185925: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists.
* CVE-2021-32029, bsc#1185926: Fix possibly-incorrect computation of UPDATE ... RETURNING \"pg_psql_temporary_savepoint\" does not exist”.- Don\'t use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
* Mon Mar 15 2021 maxAATTsuse.com- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (boo#1183118).
* Tue Mar 09 2021 maxAATTsuse.com- Remove leftover PreReq on chkconfig, we stopped using it long time ago.
* Fri Feb 19 2021 maxAATTsuse.com- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
* Wed Feb 10 2021 maxAATTsuse.com- Upgrade to version 13.2:
* https://www.postgresql.org/docs/13/release-13-2.html
* Updating stored views and reindexing might be needed after applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.
* Obsoletes postgresql-icu68.patch.
* Mon Dec 14 2020 gmbr3AATTopensuse.org- Add postgresql-icu68.patch: fix build with ICU 68
* Fri Nov 20 2020 maxAATTsuse.com- bsc#1178961: %ghost the symlinks to pg_config and ecpg.- boo#1179765: BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package.
* Wed Nov 11 2020 maxAATTsuse.com- Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
* CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql\'s \\connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql\'s \\gset command from modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
* Tue Nov 03 2020 maxAATTsuse.com- Fix a DST problem in the test suite: postgresql-timetz.patch https://postgr.es/m/16689-57701daa23b377bfAATTpostgresql.org
* Fri Sep 25 2020 maxAATTsuse.com- Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html