Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postgresql14 for openSUSE:Factory checked in at 2023-11-09 21:36:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postgresql14 (Old) and /work/SRC/openSUSE:Factory/.postgresql14.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgresql14" Thu Nov 9 21:36:15 2023 rev:15 rq:1124707 version:14.10 Changes: -------- --- /work/SRC/openSUSE:Factory/postgresql14/postgresql14.changes 2023-10-31 20:26:50.344450871 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql14.new.17445/postgresql14.changes 2023-11-09 21:36:33.815467479 +0100 @@ -1,0 +2,32 @@ +Wed Nov 8 14:32:26 UTC 2023 - Reinhard Max <m...@suse.com> + +- Update to 14.10: + * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type + arguments in DISTINCT "any" aggregate functions. This error led + to a text-type value being interpreted as an unknown-type value + (that is, a zero-terminated string) at runtime. This could + result in disclosure of server memory following the text value. + * bsc#1216961, CVE-2023-5869: Detect integer overflow while + computing new array dimensions. When assigning new elements to + array subscripts that are outside the current array bounds, an + undetected integer overflow could occur in edge cases. Memory + stomps that are potentially exploitable for arbitrary code + execution are possible, and so is disclosure of server memory. + * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role + from signalling background workers and autovacuum processes. + The documentation says that pg_signal_backend cannot issue + signals to superuser-owned processes. It was able to signal + these background processes, though, because they advertise a + role OID of zero. Treat that as indicating superuser ownership. + The security implications of cancelling one of these process + types are fairly small so far as the core code goes (we'll just + start another one), but extensions might add background workers + that are more vulnerable. + Also ensure that the is_superuser parameter is set correctly in + such processes. No specific security consequences are known for + that oversight, but it might be significant for some extensions. + * Add support for LLVM 16 and 17 + * https://www.postgresql.org/about/news/2749 + * https://www.postgresql.org/docs/14/release-14-10.html + +------------------------------------------------------------------- Old: ---- postgresql-14.9.tar.bz2 postgresql-14.9.tar.bz2.sha256 New: ---- postgresql-14.10.tar.bz2 postgresql-14.10.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql14.spec ++++++ --- /var/tmp/diff_new_pack.r88YSr/_old 2023-11-09 21:36:34.559494950 +0100 +++ /var/tmp/diff_new_pack.r88YSr/_new 2023-11-09 21:36:34.559494950 +0100 @@ -16,11 +16,11 @@ # -%define pgversion 14.9 +%define pgversion 14.10 %define pgmajor 14 %define buildlibs 0 %define tarversion %{pgversion} -%define latest_supported_llvm_ver 15 +%define latest_supported_llvm_ver 17 ### CUT HERE ### %define pgname postgresql%pgmajor @@ -797,11 +797,9 @@ %post -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %postun -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %if %{with server_devel} %post server-devel ++++++ postgresql-14.9.tar.bz2 -> postgresql-14.10.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/postgresql14/postgresql-14.9.tar.bz2 /work/SRC/openSUSE:Factory/.postgresql14.new.17445/postgresql-14.10.tar.bz2 differ: char 11, line 1 ++++++ postgresql-14.9.tar.bz2.sha256 -> postgresql-14.10.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/postgresql14/postgresql-14.9.tar.bz2.sha256 2023-10-25 18:05:36.536065373 +0200 +++ /work/SRC/openSUSE:Factory/.postgresql14.new.17445/postgresql-14.10.tar.bz2.sha256 2023-11-09 21:36:33.807467184 +0100 @@ -1 +1 @@ -b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef postgresql-14.9.tar.bz2 +c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 postgresql-14.10.tar.bz2
