Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postgresql17 for openSUSE:Factory checked in at 2025-02-21 21:35:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postgresql17 (Old) and /work/SRC/openSUSE:Factory/.postgresql17.new.1873 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgresql17" Fri Feb 21 21:35:03 2025 rev:10 rq:1247457 version:17.4 Changes: -------- --- /work/SRC/openSUSE:Factory/postgresql17/postgresql17.changes 2025-02-14 19:19:56.116305429 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql17.new.1873/postgresql17.changes 2025-02-21 21:35:16.293500306 +0100 @@ -1,0 +2,23 @@ +Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <m...@suse.com> + +- Upgrade to 17.4: + * Improve behavior of libpq's quoting functions: + The changes made for CVE-2025-1094 had one serious oversight: + PQescapeLiteral() and PQescapeIdentifier() failed to honor + their string length parameter, instead always reading to the + input string's trailing null. This resulted in including + unwanted text in the output, if the caller intended to + truncate the string via the length parameter. With very bad + luck it could cause a crash due to reading off the end of + memory. + In addition, modify all these quoting functions so that when + invalid encoding is detected, an invalid sequence is + substituted for just the first byte of the presumed + character, not all of it. This reduces the risk of problems + if a calling application performs additional processing on + the quoted string. + * Fix small memory leak in pg_createsubscriber. + * https://www.postgresql.org/docs/release/17.4/ + * https://www.postgresql.org/about/news/p-3018/ + +------------------------------------------------------------------- Old: ---- postgresql-17.3.tar.bz2 postgresql-17.3.tar.bz2.sha256 New: ---- postgresql-17.4.tar.bz2 postgresql-17.4.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql17.spec ++++++ --- /var/tmp/diff_new_pack.OwbTFH/_old 2025-02-21 21:35:17.653556934 +0100 +++ /var/tmp/diff_new_pack.OwbTFH/_new 2025-02-21 21:35:17.657557101 +0100 @@ -16,7 +16,7 @@ # -%define pgversion 17.3 +%define pgversion 17.4 %define pgmajor 17 %define buildlibs 1 %define tarversion %{pgversion} ++++++ postgresql-17.3.tar.bz2 -> postgresql-17.4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/postgresql17/postgresql-17.3.tar.bz2 /work/SRC/openSUSE:Factory/.postgresql17.new.1873/postgresql-17.4.tar.bz2 differ: char 11, line 1 ++++++ postgresql-17.3.tar.bz2.sha256 -> postgresql-17.4.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/postgresql17/postgresql-17.3.tar.bz2.sha256 2025-02-14 19:19:56.104304933 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql17.new.1873/postgresql-17.4.tar.bz2.sha256 2025-02-21 21:35:16.101492312 +0100 @@ -1 +1 @@ -13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea postgresql-17.3.tar.bz2 +c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 postgresql-17.4.tar.bz2
