* Mon Nov 24 2025 max@suse.com
- Fix build with uring for post SLE15 code streams.
* Fri Nov 14 2025 max@suse.com
- Use %product_libs_llvm_ver to determine the LLVM version.
- Remove conditionals for obsolete PostgreSQL releases.
* Wed Nov 12 2025 max@suse.com
- Update to 18.1:
* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/18.1/
* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
* Thu Sep 25 2025 mrueckert@suse.de
- pg_config --libs returns -lnuma so we need to require it.
* Tue Sep 23 2025 max@suse.com
- Update to 18.0.
* https://www.postgresql.org/about/news/p-3142/
* https://www.postgresql.org/docs/18/release-18.html
* Thu Sep 04 2025 max@suse.com
- Update to 18 RC1.
* https://www.postgresql.org/about/news/p-3130/
* Tue Aug 19 2025 mrueckert@suse.de
- move libpq-oauth into the libpq5 package. it is a plugin that
will be loaded via dlopen() if libpq encounters an oauth workflow
during a connection.
* Mon Aug 18 2025 mrueckert@suse.de
- In the symlinking loop for *.so files only handle symlinks and
not also files.
This allows us to enable oauth support
* Mon Aug 18 2025 mrueckert@suse.de
- enable liburing and libnuma support
- prepare oauth support. but it creates broken symlinks at the
moment
* Thu Aug 14 2025 mrueckert@suse.de
- Update to 18~beta3
* https://www.postgresql.org/about/news/p-3118/
Security Issues
* CVE-2025-8713: PostgreSQL optimizer statistics can expose
sampled data within a view, partition, or child table
(boo#1248120)
* CVE-2025-8714: PostgreSQL pg_dump lets superuser of origin
server execute arbitrary code in psql client (boo#1248122)
* CVE-2025-8715: PostgreSQL pg_dump newline in object name
executes arbitrary code in psql client and in restore target
server (boo#1248119)
* Wed Jul 23 2025 mrueckert@suse.de
- Update to 18~beta2
https://www.postgresql.org/about/news/p-3103/
* Fri May 09 2025 mrueckert@suse.de
- Fork package for postgresql 18
https://www.postgresql.org/about/news/p-3070/
* Fri May 09 2025 max@suse.com
- Upgrade to 17.5:
* bsc#1242931, CVE-2025-4207: postgresql: PostgreSQL GB18030
encoding validation can read one byte past end of allocation
for text that fails validation.
* https://www.postgresql.org/docs/release/17.5/
* https://www.postgresql.org/about/news/p-3072/
- Add postresql-pg_config_paths.patch to Fix a race condition
while generating pg_config_paths.h.
* Tue Feb 18 2025 max@suse.com
- Upgrade to 17.4:
* Improve behavior of libpq's quoting functions:
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor
their string length parameter, instead always reading to the
input string's trailing null. This resulted in including
unwanted text in the output, if the caller intended to
truncate the string via the length parameter. With very bad
luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when
invalid encoding is detected, an invalid sequence is
substituted for just the first byte of the presumed
character, not all of it. This reduces the risk of problems
if a calling application performs additional processing on
the quoted string.
* Fix small memory leak in pg_createsubscriber.
* https://www.postgresql.org/docs/release/17.4/
* https://www.postgresql.org/about/news/p-3018/
* Tue Feb 11 2025 max@suse.com
- Upgrade to 17.3:
* bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
functions against invalidly-encoded input strings.
* obsoletes postgresql-tzdata2025a.patch
* https://www.postgresql.org/docs/release/17.3/
* https://www.postgresql.org/about/news/-3015/
* Wed Jan 29 2025 obs.coke518@passinbox.com
- Apply postgresql-tzdata2025a.patch regardless of
whether LLVM JIT is enabled
* Tue Jan 28 2025 max@suse.com
- Fix build, add postgresql-tzdata2025a.patch
* Thu Dec 26 2024 obs.coke518@passinbox.com
- Disable LLVM JIT on loongarch64
* Tue Nov 19 2024 max@suse.com
- Upgrade to 17.2:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/about/news/p-2965/
* https://www.postgresql.org/docs/release/17.2/
* Wed Nov 13 2024 max@suse.com
- Upgrade to 17.1:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* obsoletes postgresql17-jsonb_jsonpath.patch
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/17.1/