Package Release Info

postgresql13-13.3-5.10.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1785
Available in Package Hub : 15 SP3 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

postgresql13-test

Change Logs

* Tue May 11 2021 max@suse.com

- Upgrade to version 13.3:
  * https://www.postgresql.org/docs/13/release-13-3.html
  * CVE-2021-32027, bsc#1185924:
    Prevent integer overflows in array subscripting calculations.
  * CVE-2021-32028, bsc#1185925: Fix mishandling of ?junk?
    columns in INSERT ... ON CONFLICT ... UPDATE target lists.
  * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
    computation of UPDATE ... RETURNING
    "pg_psql_temporary_savepoint" does not exist?.
- Don't use %_stop_on_removal, because it was meant to be private
  and got removed from openSUSE. %_restart_on_update is also
  private, but still supported and needed for now (bsc#1183168).

* Mon Mar 15 2021 max@suse.com

- Re-enable build of the llvmjit subpackage on SLE, but it will
  only be delivered on PackageHub for now (boo#1183118).

* Tue Mar 09 2021 max@suse.com

- Remove leftover PreReq on chkconfig, we stopped using it long
  time ago.

* Fri Feb 19 2021 max@suse.com

- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.

Version: 13.22-160000.1.2

* Thu Aug 14 2025 mrueckert@suse.de

- Upgrade to 13.22:
  * https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
  * https://www.postgresql.org/docs/release/13.22/
  Security Issues
  * CVE-2025-8713: PostgreSQL optimizer statistics can expose
    sampled data within a view, partition, or child table
    (boo#1248120)
  * CVE-2025-8714: PostgreSQL pg_dump lets superuser of origin
    server execute arbitrary code in psql client (boo#1248122)
  * CVE-2025-8715: PostgreSQL pg_dump newline in object name
    executes arbitrary code in psql client and in restore target
    server (boo#1248119)

* Fri May 09 2025 max@suse.com

- Upgrade to 13.21:
  * bsc#1242931, CVE-2025-4207: postgresql: PostgreSQL GB18030
    encoding validation can read one byte past end of allocation
    for text that fails validation.
  * https://www.postgresql.org/docs/release/13.21/
  * https://www.postgresql.org/about/news/p-3072/
- Add postresql-pg_config_paths.patch to fix a race condition
  while generating pg_config_paths.h.

* Tue Feb 18 2025 max@suse.com

- Upgrade to 13.20:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/13.20/
  * https://www.postgresql.org/about/news/p-3018/

* Tue Feb 11 2025 max@suse.com

- Upgrade to 13.19:
  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
    functions against invalidly-encoded input strings.
  * obsoletes postgresql-tzdata2025a.patch
  * https://www.postgresql.org/docs/release/13.19/
  * https://www.postgresql.org/about/news/-3015/
- Disable LLVM JIT on loongarch64

* Tue Jan 28 2025 max@suse.com

- Fix build, add postgresql-tzdata2025a.patch

* Tue Nov 19 2024 max@suse.com

- Upgrade to 13.18:
  * Restore functionality of ALTER {ROLE|DATABASE} SET role.
  * Fix cases where a logical replication slot's restart_lsn could
    go backwards.
  * Count index scans in contrib/bloom indexes in the statistics
    views, such as the pg_stat_user_indexes.idx_scan counter.
  * Fix crash when checking to see if an index's opclass options
    have changed.
  * https://www.postgresql.org/about/news/p-2965/
  * https://www.postgresql.org/docs/release/13.18/

* Wed Nov 13 2024 max@suse.com

- Upgrade to 13.17:
  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
    dependent on the calling role when RLS applies to a
    non-top-level table reference.
  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
    received during SSL or GSS protocol negotiation.
  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
    between SET SESSION AUTHORIZATION and SET ROLE
  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
    changing environment variables.
  * https://www.postgresql.org/about/news/p-2955/
  * https://www.postgresql.org/docs/release/13.17/

* Tue Nov 05 2024 max@suse.com

- Sync spec file from postgresql17.

* Sat Aug 10 2024 mrueckert@suse.de

- Upgrade to 13.16 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/p-2910/
  * https://www.postgresql.org/docs/release/13.16/

* Wed May 08 2024 max@suse.com

- Upgrade to 13.15 (bsc#1224051):
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/13.15/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

Version: 13.2-5.6.1

* Wed Feb 10 2021 max@suse.com

- Upgrade to version 13.2:
  * https://www.postgresql.org/docs/13/release-13-2.html
  * Updating stored views and reindexing might be needed after
    applying this update.
  * CVE-2021-3393, bsc#1182040: Fix information leakage in
    constraint-violation error messages.
  * CVE-2021-20229, bsc#1182039: Fix failure to check per-column
    SELECT privileges in some join queries.
  * Obsoletes postgresql-icu68.patch.

* Mon Dec 14 2020 gmbr3@opensuse.org

- Add postgresql-icu68.patch: fix build with ICU 68

Version: 13.1-5.3.15

* Fri Nov 20 2020 max@suse.com

- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
  them to avoid dangling symlinks in the devel package.

* Wed Nov 11 2020 max@suse.com

- Upgrade to version 13.1:
  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
    and firing of deferred triggers within index expressions and
    materialized view queries.
  * CVE-2020-25694, bsc#1178667:
    a) Fix usage of complex connection-string parameters in pg_dump,
    pg_restore, clusterdb, reindexdb, and vacuumdb.
    b) When psql's \connect command re-uses connection parameters,
    ensure that all non-overridden parameters from a previous
    connection string are re-used.
  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
    modifying specially-treated variables.
  * Fix recently-added timetz test case so it works when the USA
    is not observing daylight savings time.
    (obsoletes postgresql-timetz.patch)
  * https://www.postgresql.org/about/news/2111/
  * https://www.postgresql.org/docs/13/release-13-1.html

* Tue Nov 03 2020 max@suse.com

- Fix a DST problem in the test suite: postgresql-timetz.patch
  https://postgr.es/m/16689-57701daa23b377bf@postgresql.org

* Fri Sep 25 2020 max@suse.com

- Initial packaging of PostgreSQL 13:
  * https://www.postgresql.org/about/news/2077/
  * https://www.postgresql.org/docs/13/release-13.html