Package Release Info

postgresql15-15.5-150200.5.19.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2024-106
Available in Package Hub : 15 SP4 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

postgresql15-llvmjit

postgresql15-llvmjit-devel

postgresql15-test

Change Logs

* Wed Nov 08 2023 max@suse.com

- Upgrade to 15.5:
  * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
    arguments in DISTINCT "any" aggregate functions. This error led
    to a text-type value being interpreted as an unknown-type value
    (that is, a zero-terminated string) at runtime. This could
    result in disclosure of server memory following the text value.
  * bsc#1216961, CVE-2023-5869: Detect integer overflow while
    computing new array dimensions. When assigning new elements to
    array subscripts that are outside the current array bounds, an
    undetected integer overflow could occur in edge cases. Memory
    stomps that are potentially exploitable for arbitrary code
    execution are possible, and so is disclosure of server memory.
  * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
    from signalling background workers and autovacuum processes.
    The documentation says that pg_signal_backend cannot issue
    signals to superuser-owned processes. It was able to signal
    these background  processes, though, because they advertise a
    role OID of zero. Treat that as indicating superuser ownership.
    The security implications of cancelling one of these process
    types are fairly small so far as the core code goes (we'll just
    start another one), but extensions might add background workers
    that are more vulnerable.
    Also ensure that the is_superuser parameter is set correctly in
    such processes. No specific security consequences are known for
    that oversight, but it might be significant for some extensions.
  * Add support for LLVM 16 and 17
  * https://www.postgresql.org/docs/15/release-15-5.html

* Tue Oct 31 2023 max@suse.com

- boo#1216734: Revert the last change and make the devel package
  independend of all other subpackages except for the libs.

* Tue Oct 10 2023 max@suse.com

- boo#1216022: Call install-alternatives from the devel subpackage
  as well, otherwise the symlink for ecpg might be missing.

* Mon Sep 18 2023 dimstar@opensuse.org

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

* Thu Sep 14 2023 max@suse.com

- The libs and mini package are now provided by postgresql16.

* Fri May 26 2023 max@suse.com

- Restore the independence of mini builds from the main build after
  the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.

* Mon May 15 2023 max@suse.com

- Overhaul postgresql-README.SUSE and move it from the binary
  package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.

Version: 15.4-150200.5.12.1

* Wed Aug 09 2023 max@suse.com

- Update to 15.4:
  * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * bsc#1214061, CVE-2023-39418: Fix MERGE to enforce row security
    policies properly.
  * https://www.postgresql.org/docs/15/release-15-4.html

Version: 15.3-150200.5.9.1

* Tue May 09 2023 max@suse.com

- Update to 15.3:
  * bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/about/news/2637/
  * https://www.postgresql.org/docs/15/release-15-3.html

* Tue Apr 18 2023 max@suse.com

- bsc#1210303: Stop using the obsolete internal %_restart_on_update
  macro and drop support for sysv init to simplify the scriptlets.

* Tue Apr 04 2023 fvogt@suse.com

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.

Version: 15.2-150200.5.6.1

* Thu Feb 09 2023 max@suse.com

- Update to 15.2:
  * CVE-2022-41862, bsc#1208102: memory leak in libpq
  * https://www.postgresql.org/about/news/2592/
  * https://www.postgresql.org/docs/15/release-15-2.html
- Bump latest_supported_llvm_ver to 15.

Version: 15.1-150200.5.3.2

* Thu Nov 10 2022 max@suse.com

- Update to 15.1:
  * https://www.postgresql.org/about/news/2543/
  * https://www.postgresql.org/docs/15/release-15-1.html

* Thu Oct 13 2022 max@suse.com

- Update to 15.0:
  * https://www.postgresql.org/about/news/p-2526/
  * https://www.postgresql.org/docs/15/release-15.html
- Move pg_upgrade from *-contrib to *-server.
- Drop support for the 9.x versioning scheme.

* Thu Oct 06 2022 max@suse.com

- Update to 15~rc2
  * https://www.postgresql.org/about/news/p-2521/
  * Reverting the "optimized order of GROUP BY keys" feature.

* Fri Sep 30 2022 fvogt@suse.com

- Fix source URLs

* Thu Sep 29 2022 max@suse.com

- Update to 15~rc1
  https://www.postgresql.org/about/news/p-2516/

* Thu Sep 22 2022 aaronpuchert@alice-dsl.net

- Create mechanism to specify the latest supported LLVM version.
  Automatically pin to that version if the distribution has a newer
  unsupported default version.

* Mon Sep 12 2022 schwab@suse.de

- Disable LLVM JIT on riscv64

* Thu Sep 08 2022 max@suse.com

- Update to 15~beta4
  https://www.postgresql.org/about/news/p-2507/

* Mon Sep 05 2022 max@suse.com

- Update to 15~beta3
  https://www.postgresql.org/about/news/p-2496/

* Sat May 21 2022 mrueckert@suse.de

- use %version requires for the contrib package for now as
  15~beta1 is actually smaller than 15.

* Sat May 21 2022 mrueckert@suse.de

- Add proper conditionals for lz4 and zstd

* Sat May 21 2022 mrueckert@suse.de

- Upgrade to 15~beta1
  https://www.postgresql.org/about/news/postgresql-15-beta-1-released-2453/
  https://www.postgresql.org/docs/15/release-15.html
- Refreshed patches to apply cleanly again:
  0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
  postgresql-conf.patch
  postgresql-llvm-optional.patch
  postgresql-plperl-keep-rpath.patch
  postgresql-testsuite-keep-results-file.patch
  postgresql-var-run-socket.patch
- Add buildrequires for lz4 and zstd support

* Sat May 21 2022 mrueckert@suse.de

- fork package for postgresql 15

* Thu May 12 2022 max@suse.com

- Upgrade to 14.3:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "security restricted operation" sandboxes.
  * https://www.postgresql.org/docs/14/release-14-3.html

* Wed Apr 13 2022 max@suse.com

- bsc#1198166: Pin to llvm13 until the next patchlevel update.

* Tue Feb 08 2022 max@suse.com

- bsc#1195680: Upgrade to 14.2:
  * https://www.postgresql.org/docs/14/release-14-2.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.

* Sat Dec 11 2021 ada.lovelace@gmx.de

- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround

* Thu Nov 25 2021 max@suse.com

- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.

* Wed Nov 10 2021 max@suse.com

- bsc#1192516: Upgrade to 14.1
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/14/release-14-1.html

* Wed Oct 20 2021 max@suse.com

- boo#1191782: Let rpmlint ignore shlib-policy-name-error.