- Upgrade to 14.14:
  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
    dependent on the calling role when RLS applies to a
    non-top-level table reference.
  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
    received during SSL or GSS protocol negotiation.
  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
    between SET SESSION AUTHORIZATION and SET ROLE
  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
    changing environment variables.
  * https://www.postgresql.org/about/news/p-2955/
  * https://www.postgresql.org/docs/release/14.14/

- Sync spec file from postgresql17.

  * https://www.postgresql.org/about/news/p-2910/

• Files Changed
• Browse Source

- Upgrade to 14.13 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
  * https://www.postgresql.org/docs/release/14.13/

• Files Changed
• Browse Source

- Upgrade to 14.12 (bsc#1224051):
  * bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.

- Remove constraints file because improved memory usage for s390x

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Upgrade to 14.11:
  * bsc#1219679, CVE-2024-0985: Tighten security restrictions
    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
    One step of a concurrent refresh command was run under weak
    security restrictions. If a materialized view's owner could
    persuade a superuser or other high-privileged user to perform a
    concurrent refresh on that view, the view's owner could control
    code executed with the privileges of the user running REFRESH.
    Fix things so that all user-determined code is run as the
    view's owner, as expected
  * If you use GIN indexes, you may need to reindex after updating
    to this release.
  * LLVM 18 is now supported.
  * https://www.postgresql.org/docs/release/14.11/

• Files Changed
• Browse Source

November 2023 Security Updates

• Files Changed
• Browse Source

Revert last change and make the devel package independend

• Files Changed
• Browse Source

- boo#1216022: Call install-alternatives from the devel subpackage
  as well, otherwise the symlink for ecpg might be missing.

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

- Update to 14.9:
  * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * https://www.postgresql.org/docs/14/release-14-9.html

- Restore the independence of mini builds from the main build after
  the -mini name change from April 4, 2023.
- Adjust icu handling to prepare for PostgreSQL 16.

- Overhaul postgresql-README.SUSE and move it from the binary
  package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.

• Files Changed
• Browse Source

- Update to 14.8:
  * bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/about/news/2637/
  * https://www.postgresql.org/docs/14/release-14-8.html

• Files Changed
• Browse Source

- bsc#1210303: Stop using the obsolete internal %_restart_on_update
  macro and drop support for sysv init to simplify the scriptlets.

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.

• Files Changed
• Browse Source

- Update to 14.7:
  * CVE-2022-41862, bsc#1208102: memory leak in libpq
  * https://www.postgresql.org/about/news/2592/
  * https://www.postgresql.org/docs/14/release-14-7.html
- Bump latest_supported_llvm_ver to 15.

• Files Changed
• Browse Source

- bsc#1205300: Update to 14.6:
  * https://www.postgresql.org/about/news/2543/
  * https://www.postgresql.org/docs/14/release-14-6.html
- Sync spec file with postgresql15.

• Files Changed
• Browse Source

- Create mechanism to specify the latest supported LLVM version.
  Automatically pin to that version if the distribution has a newer
  unsupported default version.

- Sync spec file with postgresql15.

- Disable LLVM JIT on riscv64

• Files Changed
• Browse Source

-  Update to 14.5:
  * bsc#1202368, CVE-2022-2625: Extension scripts replace objects
    not belonging to the extension.
  * https://www.postgresql.org/docs/release/14.5/

• Files Changed
• Browse Source

- bsc#1200437: Upgrade to 14.4:
  * Prevent possible corruption of indexes created or rebuilt with 
    the CONCURRENTLY option.
  * https://www.postgresql.org/docs/release/14.4/
  * https://www.postgresql.org/about/news/p-2470/

• Files Changed
• Browse Source

- Upgrade to 14.3:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "security restricted operation" sandboxes.
  * https://www.postgresql.org/docs/14/release-14-3.html

• Files Changed
• Browse Source

- bsc#1198166: Pin to llvm13 until the next patchlevel update.

- bsc#1195680: Upgrade to 14.2:
  * https://www.postgresql.org/docs/14/release-14-2.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.

- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround

• Files Changed
• Browse Source

- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.

• Files Changed
• Browse Source

- bsc#1192516: Upgrade to 14.1
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/14/release-14-1.html

- boo#1191782: Let rpmlint ignore shlib-policy-name-error.

- remove a duplicate .changes entry

• Files Changed
• Browse Source

New package: postgresql14
Needs adjustments in prjconf to become the new default.
Related submits for postgresql13 and postgresql are also on the way.
Also for older PostgreSQL versions to keep the packaging consistent.

• Browse Source