SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for postgresql94-server-9.4.26-lp152.24.5.4.x86_64.rpm :

* Wed Aug 12 2020 Reinhard Max - Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance.
* Tue Feb 18 2020 Reinhard Max - PostgreSQL 9.4 is EOL now: https://www.postgresql.org/support/versioning/- Update to 9.4.26: https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/9.4/release-9-4-26.html- Update to 9.4.25: https://www.postgresql.org/about/news/1994/ https://www.postgresql.org/docs/9.4/release-9-4-25.html
* Tue Aug 13 2019 Reinhard Max - Update to 9.4.24:
* https://www.postgresql.org/about/news/1960/
* https://www.postgresql.org/docs/9.4/release-9-4-24.html
* CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution.- Update to 9.4.23:
* https://www.postgresql.org/docs/9.4/release-9-4-23.html- Update to 9.4.22:
* https://www.postgresql.org/docs/9.4/release-9-4-22.html
* https://www.postgresql.org/about/news/1939/- Update to 9.4.21:
* https://www.postgresql.org/docs/9.4/release-9-4-21.html
* https://www.postgresql.org/about/news/1920/
* By default, panic instead of retrying after fsync() failure, to avoid possible data corruption.
* Numerous other bug fixes.- Update to 9.4.20:
* Numerous bug fixes, see the release notes: https://www.postgresql.org/docs/9.4/release-9-4-20.html
* Wed Aug 08 2018 maxAATTsuse.com- Update to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html
* CVE-2018-10915, bsc#1104199: Fix failure to reset libpq\'s state fully between connection attempts.
* Wed May 16 2018 maxAATTsuse.com- Update to 9.4.18: https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs.
* Fix incorrect volatility markings on a few built-in functions
* Thu Mar 15 2018 maxAATTsuse.com- Update to version 9.4.17:
* https://www.postgresql.org/docs/9.4/static/release-9-4-17.html
* CVE-2018-1058, bsc#1081925: Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users.
* CVE-2018-1058: Avoid use of insecure search_path settings in pg_dump and other client programs.
* Fix misbehavior of concurrent-update rechecks with CTE references appearing in subplans.
* Fix planner failures with overlapping mergejoin clauses in an outer join.
* Repair pg_upgrade\'s failure to preserve relfrozenxid for materialized views.
* Fix incorrect reporting of PL/Python function names in error CONTEXT stacks.
* Allow contrib/auto_explain\'s log_min_duration setting to range up to INT_MAX, or about 24 days instead of 35 minutes.
* Wed Feb 07 2018 maxAATTsuse.com- Update to version 9.4.16:
* https://www.postgresql.org/docs/9.4/static/release-9-4-16.html
* CVE-2018-1053, bsc#1077983: Ensure that all temporary files made by pg_upgrade are non-world-readable.
* Fri Dec 08 2017 maxAATTsuse.com- Update to version 9.4.15
* https://www.postgresql.org/docs/9.4/static/release-9-4-15.html
* https://www.postgresql.org/docs/9.4/static/release-9-4-14.html
* CVE-2017-15098, bsc#1067844: Fix crash due to rowtype mismatch in json{b}_populate_recordset().
* CVE-2017-12172, bsc#1062538 does not affect SUSE.
* Tue Aug 08 2017 maxAATTsuse.com- Update to version 9.4.13
* https://www.postgresql.org/docs/9.4/static/release-9-4-13.html
* CVE-2017-7547, bsc#1051685: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options.
* CVE-2017-7546, bsc#1051684: Disallow empty passwords in all password-based authentication methods.
* CVE-2017-7548, bsc#1053259: lo_put() function ignores ACLs.
* Tue May 09 2017 maxAATTsuse.com- Update to version 9.4.12:
* https://www.postgresql.org/docs/9.4/static/release-9-4-12.html
* CVE-2017-7486, bsc#1037624: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. !!! Manual action is needed to fix this in existing databases !!! See upstream release notes for details.
* CVE-2017-7485, bsc#1038293: recognize PGREQUIRESSL variable again.
* CVE-2017-7484, bsc#1037603: Prevent exposure of statistical information via leaky operators.
* Obsoletes postgresql-9.4.11-fix-timezone-tests.patch- Move the timezone requirement to the server package as it was originally intended.- Stop building libpq and libecpg on SLE-12 in preparation of the submission of version 9.6.- Sync spec file with postgresql96.- Merge Factory and SLE-12.
* Wed Mar 15 2017 astiegerAATTsuse.com- fix tests with timezone 2017a bsc#1029547 postgresql-9.4.11-fix-timezone-tests.patch
* Thu Feb 09 2017 mrueckertAATTsuse.de- Update to version 9.4.11: - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability For the full release notes, see: https://www.postgresql.org/docs/9.4/static/release-9-4-11.html
* Thu Dec 08 2016 fweissAATTsuse.com- Update to version 9.4.10:
* Fix WAL-logging of truncation of relation free space maps and visibility maps
* Fix incorrect creation of GIN index WAL records on big-endian machines
* Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction
* Fix EvalPlanQual rechecks involving CTE scans
* Fix improper repetition of previous results from hashed aggregation in a subquery
* For the other bug fixes, see the release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-10.html
* Thu Sep 15 2016 fweissAATTsuse.com- Added \"Requires: timezone\" to Server Package (bsc#973660)
* Fri Aug 12 2016 fweissAATTsuse.com- Update to version 9.4.9:
* Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, bsc#993454)
* Fix client programs\' handling of special characters in database and role names (CVE-2016-5424, bsc#993453)
* Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values
* Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields
* Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates
* Fix several one-byte buffer over-reads in to_number()
* Avoid unsafe intermediate state during expensive paths through heap_update()
* For the other bug fixes, see the release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-9.html
* Mon May 23 2016 maxAATTsuse.com- The libs are now built in 9.5, so disable them here and remove baselibs.conf.
* Thu May 19 2016 mrueckertAATTsuse.de- Bugfix release to 9.4.8 This update fixes several problems which caused downtime for users, including: - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers - Fixed the \"failed to build N-way joins\" planner error - Fixed incorrect handling of equivalence in multilevel nestloop query plans, which could emit rows which didn\'t match the WHERE clause. - Prevented two memory leaks with using GIN indexes, including a potential index corruption risk. The release also includes many other bug fixes for reported issues, many of which affect all supported versions: - Fix corner-case parser failures occurring when operator_precedence_warning is turned on - Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp() - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect - Disallow newlines in ALTER SYSTEM parameter values - Avoid possible misbehavior after failing to remove a tablespace symlink - Fix crash in logical decoding on alignment-picky platforms - Avoid repeated requests for feedback from receiver while shutting down walsender - Multiple fixes for pg_upgrade - Support building with Visual Studio 2015 - This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk. http://www.postgresql.org/docs/current/static/release-9-4-8.html
* Wed May 04 2016 mrueckertAATTsuse.de- Bugfix release 9.4.7: - Fix two bugs in indexed ROW() comparisons - Avoid data loss due to renaming files - Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE - Fix bugs in multiple json_ and jsonb_ functions - Log lock waits for INSERT ON CONFLICT correctly - Ignore recovery_min_apply_delay until reaching a consistent state - Fix issue with pg_subtrans XID wraparound - Fix assorted bugs in Logical Decoding - Fix planner error with nested security barrier views - Prevent memory leak in GIN indexes - Fix two issues with ispell dictionaries - Avoid a crash on old Windows versions - Skip creating an erroneous delete script in pg_upgrade - Correctly translate empty arrays into PL/Perl - Make PL/Python cope with identifier names- For the full release notes, see: http://www.postgresql.org/docs/9.4/static/release-9-4-7.html
* Fri Feb 12 2016 maxAATTsuse.com- Security and bugfix release 9.4.6:
*
*
*
* IMPORTANT
*
*
* Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries.
* Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436).
* Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772).
* Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435).
* Fix many issues in pg_dump with specific object types
* Prevent over-eager pushdown of HAVING clauses for GROUPING SETS
* Fix deparsing error with ON CONFLICT ... WHERE clauses
* Fix tableoid errors for postgres_fdw
* Prevent floating-point exceptions in pgbench
* Make \\det search Foreign Table names consistently
* Fix quoting of domain constraint names in pg_dump
* Prevent putting expanded objects into Const nodes
* Allow compile of PL/Java on Windows
* Fix \"unresolved symbol\" errors in PL/Python execution
* Allow Python2 and Python3 to be used in the same database
* Add support for Python 3.5 in PL/Python
* Fix issue with subdirectory creation during initdb
* Make pg_ctl report status correctly on Windows
* Suppress confusing error when using pg_receivexlog with older servers
* Multiple documentation corrections and additions
* Fix erroneous hash calculations in gin_extract_jsonb_path()- For the full release notes, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html
* Tue Feb 09 2016 maxAATTsuse.com- PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch
* Mon Oct 12 2015 maxAATTsuse.com- Security and bugfix release 9.4.5:
* CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
* CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.- For the full release notes, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html- Move systemd related stuff and user creation to postgresql-init.- Remove some obsolete %suse_version conditionals- Adjust build time dependencies.- Fix some more rpmlint warnings.- Relax dependency on libpq to major version.
* Thu Oct 08 2015 maxAATTsuse.com- Make sure that plpgsql.h gets installed, because pldebugger needs it.
* Mon Sep 28 2015 maxAATTsuse.com- Move ~postgres/.bash_profile to postgresql-server to avoid a file conflict between the versioned server packages.
* Tue Jul 21 2015 maxAATTsuse.com- Bring PostgreSQL 9.4 to SLE12 (fate#319049).
* Fri Jun 26 2015 maxAATTsuse.com- Switch from ossp-uuid to libuuid from e2fsprogs.- Re-enable running the test suite during build.- Bugfix release 9.4.4:
* Fix possible failure to recover from an inconsistent database state.
* Fix rare failure to invalidate relation cache init file.
* Avoid deadlock between incoming sessions and CREATE/DROP DATABASE.
* Improve planner\'s cost estimates for semi-joins and anti-joins with inner indexscans- Bugfix release 9.4.3:
* Avoid failures while fsync\'ing data directory during crash restart.
* Fix pg_get_functiondef() to show functions\' LEAKPROOF property, if set.
* Fix pushJsonbValue() to unpack jbvBinary objects.- Security and bugfix release 9.4.2:
* CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires.
* CVE-2015-3166, bsc#931973: Consistently check for failure of the
*printf() family of functions.
* CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as \"Wrong key or corrupt data\".
* Protect against wraparound of multixact member IDs.- For the full release notes, see: http://www.postgresql.org/docs/9.4/static/release-9-4-2.html http://www.postgresql.org/docs/9.4/static/release-9-4-3.html http://www.postgresql.org/docs/9.4/static/release-9-4-4.html
* Thu Feb 19 2015 maxAATTsuse.com- Align spec file with 9.3 package.- Require systemd only where available and only for the main package.- bnc#888564: Move the server socket from /tmp to /var/run to avoid problems with clients that use PrivateTmp. postgresql-var-run-socket.patch
* Wed Feb 18 2015 maxAATTsuse.com- Switch over to 9.4 by building the libs package and disable it on 9.3.- Remove obsolete patches:
* postgresql-sle10-timestamptz.patch
* postgresql-plperl.patch
* Thu Feb 12 2015 mrueckertAATTsuse.de- majorversion should only be 9.4
* Fri Feb 06 2015 darinAATTdarins.net- Update to 9.4.1
* Fix buffer overruns in to_char()
* Fix buffer overrun in replacement
*printf() functions
* Fix buffer overruns in contrib/pgcrypto
* Fix possible loss of frontend/backend protocol synchronization after an error
* Fix information leak via constraint-violation error messages
* Lock down regression testing\'s temporary installations on Windows
* Cope with the Windows locale named \"Norwegian (Bokmål)\"
* Fix use-of-already-freed-memory problem in EvalPlanQual processing
* Avoid possible deadlock while trying to acquire tuple locks in EvalPlanQual processing
* Improve performance of EXPLAIN with large range tables
* Fix jsonb Unicode escape processing, and in consequence disallow \\u0000
* Fix namespace handling in xpath()
* Fix assorted oversights in range-operator selectivity estimation
* Revert unintended reduction in maximum size of a GIN index item
* Fix query-duration memory leak during repeated GIN index rescans
* Fix possible crash when using nonzero gin_fuzzy_search_limit
* Assorted fixes for logical decoding
* Fix incorrect replay of WAL parameter change records that report changes in the wal_log_hints setting
* Change \"pgstat wait timeout\" warning message to be LOG level, and rephrase it to be more understandable
* Warn if OS X\'s setlocale() starts an unwanted extra thread inside the postmaster
* Fix libpq\'s behavior when /etc/passwd isn\'t readable
* Improve consistency of parsing of psql\'s special variables
* Fix pg_dump to handle comments on event triggers without failing
* Allow parallel pg_dump to use --serializable-deferrable
* Prevent WAL files created by pg_basebackup -x/-X from being archived again when the standby is promoted
* Handle unexpected query results, especially NULLs, safely in contrib/tablefunc\'s connectby()
* Numerous cleanups of warnings from Coverity static code analyzer
* Allow CFLAGS from configure\'s environment to override automatically-supplied CFLAGS
* Make pg_regress remove any temporary installation it created upon successful exit
* Add CST (China Standard Time) to our lists of timezone abbreviations
* Update time zone data files to tzdata release 2015a for DST law changes in Chile and Mexico, plus historical changes in Iceland.
* Fri Jan 16 2015 darinAATTdarins.net- removed %pgbasedir from contrib and server package
* Tue Dec 23 2014 darinAATTdarins.net- Update to 9.4.0 Major enhancements in PostgreSQL 9.4 include:
* Add jsonb, a more capable and efficient data type for storing JSON data
* Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries
* Reduce lock strength for some ALTER TABLE commands
* Allow materialized views to be refreshed without blocking concurrent reads
* Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format
* Allow background worker processes to be dynamically registered, started and terminated
* See release notes for a full list of changes: http://www.postgresql.org/docs/9.4/static/release-9-4.html
  
ICM