postgresql14-14.3-150200.5.12.2

- Upgrade to 14.3:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "security restricted operation" sandboxes.
  * https://www.postgresql.org/docs/14/release-14-3.html

- Upgrade to 14.12 (bsc#1224051):
  * bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.

- Remove constraints file because improved memory usage for s390x

- Use %patch -P N instead of deprecated %patchN.

- Upgrade to 14.11:
  * bsc#1219679, CVE-2024-0985: Tighten security restrictions
    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
    One step of a concurrent refresh command was run under weak
    security restrictions. If a materialized view's owner could
    persuade a superuser or other high-privileged user to perform a
    concurrent refresh on that view, the view's owner could control
    code executed with the privileges of the user running REFRESH.
    Fix things so that all user-determined code is run as the
    view's owner, as expected
  * If you use GIN indexes, you may need to reindex after updating
    to this release.
  * LLVM 18 is now supported.
  * https://www.postgresql.org/docs/release/14.11/

- Update to 14.10:
  * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
    arguments in DISTINCT "any" aggregate functions. This error led
    to a text-type value being interpreted as an unknown-type value
    (that is, a zero-terminated string) at runtime. This could
    result in disclosure of server memory following the text value.
  * bsc#1216961, CVE-2023-5869: Detect integer overflow while
    computing new array dimensions. When assigning new elements to
    array subscripts that are outside the current array bounds, an
    undetected integer overflow could occur in edge cases. Memory
    stomps that are potentially exploitable for arbitrary code
    execution are possible, and so is disclosure of server memory.
  * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
    from signalling background workers and autovacuum processes.
    The documentation says that pg_signal_backend cannot issue
    signals to superuser-owned processes. It was able to signal
    these background  processes, though, because they advertise a
    role OID of zero. Treat that as indicating superuser ownership.
    The security implications of cancelling one of these process
    types are fairly small so far as the core code goes (we'll just
    start another one), but extensions might add background workers
    that are more vulnerable.
    Also ensure that the is_superuser parameter is set correctly in
    such processes. No specific security consequences are known for
    that oversight, but it might be significant for some extensions.
  * Add support for LLVM 16 and 17
  * https://www.postgresql.org/docs/14/release-14-10.html

- boo#1216734: Revert the last change and make the devel package
  independend of all other subpackages except for the libs.

- boo#1216022: Call install-alternatives from the devel subpackage
  as well, otherwise the symlink for ecpg might be missing.

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

- Restore the independence of mini builds from the main build after
  the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.

- Overhaul postgresql-README.SUSE and move it from the binary
  package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.

- bsc#1195680: Upgrade to 14.2:
  * https://www.postgresql.org/docs/14/release-14-2.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.

- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround

- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.

- bsc#1192516: Upgrade to 14.1
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/14/release-14-1.html

- boo#1191782: Let rpmlint ignore shlib-policy-name-error.

- Remove postgresql-testsuite-int8.sql.patch, because its purpose
  is unclear. This affects only the test subpackage.

- Upgrade to 14.0
  https://www.postgresql.org/about/news/postgresql-14-released-2318/
  https://www.postgresql.org/docs/14/release-14.html

- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.

- Upgrade to 14~rc1
  https://www.postgresql.org/about/news/postgresql-14-rc-1-released-2309/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items

- Upgrade to 14~beta2
  https://www.postgresql.org/about/news/postgresql-14-beta-2-released-2249/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items

- Upgrade to 14~beta1
  https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- disable postgresql-testsuite-int8.sql.patch:
  it seems it is not needed anymore, need to be double checked.

- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
  Use llvm11 as a workaround.

- Upgrade to version 13.3:
  * https://www.postgresql.org/docs/13/release-13-3.html
  * CVE-2021-32027, bsc#1185924:
    Prevent integer overflows in array subscripting calculations.
  * CVE-2021-32028, bsc#1185925: Fix mishandling of ?junk?
    columns in INSERT ... ON CONFLICT ... UPDATE target lists.
  * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
    computation of UPDATE ... RETURNING
    "pg_psql_temporary_savepoint" does not exist?.
- Don't use %_stop_on_removal, because it was meant to be private
  and got removed from openSUSE. %_restart_on_update is also
  private, but still supported and needed for now (bsc#1183168).

- Re-enable build of the llvmjit subpackage on SLE, but it will
  only be delivered on PackageHub for now (boo#1183118).

- Remove leftover PreReq on chkconfig, we stopped using it long
  time ago.

- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.

- Upgrade to version 13.2:
  * https://www.postgresql.org/docs/13/release-13-2.html
  * Updating stored views and reindexing might be needed after
    applying this update.
  * CVE-2021-3393, bsc#1182040: Fix information leakage in
    constraint-violation error messages.
  * CVE-2021-20229, bsc#1182039: Fix failure to check per-column
    SELECT privileges in some join queries.
  * Obsoletes postgresql-icu68.patch.

- Add postgresql-icu68.patch: fix build with ICU 68

- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
  them to avoid dangling symlinks in the devel package.

- Upgrade to version 13.1:
  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
    and firing of deferred triggers within index expressions and
    materialized view queries.
  * CVE-2020-25694, bsc#1178667:
    a) Fix usage of complex connection-string parameters in pg_dump,
    pg_restore, clusterdb, reindexdb, and vacuumdb.
    b) When psql's \connect command re-uses connection parameters,
    ensure that all non-overridden parameters from a previous
    connection string are re-used.
  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
    modifying specially-treated variables.
  * Fix recently-added timetz test case so it works when the USA
    is not observing daylight savings time.
    (obsoletes postgresql-timetz.patch)
  * https://www.postgresql.org/about/news/2111/
  * https://www.postgresql.org/docs/13/release-13-1.html

- Fix a DST problem in the test suite: postgresql-timetz.patch
  https://postgr.es/m/16689-57701daa23b377bf@postgresql.org

- Initial packaging of PostgreSQL 13:
  * https://www.postgresql.org/about/news/2077/
  * https://www.postgresql.org/docs/13/release-13.html