Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postgresql12 for openSUSE:Factory checked in at 2024-02-09 23:52:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postgresql12 (Old) and /work/SRC/openSUSE:Factory/.postgresql12.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgresql12" Fri Feb 9 23:52:58 2024 rev:32 rq:1145273 version:12.18 Changes: -------- --- /work/SRC/openSUSE:Factory/postgresql12/postgresql12.changes 2023-10-31 20:26:48.312376233 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql12.new.1815/postgresql12.changes 2024-02-09 23:53:20.213162674 +0100 @@ -1,0 +2,49 @@ +Thu Feb 8 14:32:50 UTC 2024 - Reinhard Max <[email protected]> + +- Upgrade to 12.18: + * bsc#1219679, CVE-2024-0985: Tighten security restrictions + within REFRESH MATERIALIZED VIEW CONCURRENTLY. + One step of a concurrent refresh command was run under weak + security restrictions. If a materialized view's owner could + persuade a superuser or other high-privileged user to perform a + concurrent refresh on that view, the view's owner could control + code executed with the privileges of the user running REFRESH. + Fix things so that all user-determined code is run as the + view's owner, as expected + * If you use GIN indexes, you may need to reindex after updating + to this release. + * LLVM 18 is now supported. + * https://www.postgresql.org/docs/release/12.18/ + +------------------------------------------------------------------- +Wed Nov 8 14:37:39 UTC 2023 - Reinhard Max <[email protected]> + +- Update to 12.17: + * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type + arguments in DISTINCT "any" aggregate functions. This error led + to a text-type value being interpreted as an unknown-type value + (that is, a zero-terminated string) at runtime. This could + result in disclosure of server memory following the text value. + * bsc#1216961, CVE-2023-5869: Detect integer overflow while + computing new array dimensions. When assigning new elements to + array subscripts that are outside the current array bounds, an + undetected integer overflow could occur in edge cases. Memory + stomps that are potentially exploitable for arbitrary code + execution are possible, and so is disclosure of server memory. + * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role + from signalling background workers and autovacuum processes. + The documentation says that pg_signal_backend cannot issue + signals to superuser-owned processes. It was able to signal + these background processes, though, because they advertise a + role OID of zero. Treat that as indicating superuser ownership. + The security implications of cancelling one of these process + types are fairly small so far as the core code goes (we'll just + start another one), but extensions might add background workers + that are more vulnerable. + Also ensure that the is_superuser parameter is set correctly in + such processes. No specific security consequences are known for + that oversight, but it might be significant for some extensions. + * Add support for LLVM 16 and 17 + * https://www.postgresql.org/docs/12/release-12-17.html + +------------------------------------------------------------------- Old: ---- postgresql-12.16.tar.bz2 postgresql-12.16.tar.bz2.sha256 New: ---- postgresql-12.18.tar.bz2 postgresql-12.18.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql12.spec ++++++ --- /var/tmp/diff_new_pack.Zp8cCy/_old 2024-02-09 23:53:20.905187611 +0100 +++ /var/tmp/diff_new_pack.Zp8cCy/_new 2024-02-09 23:53:20.905187611 +0100 @@ -1,7 +1,7 @@ # -# spec file +# spec file for package postgresql12 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,11 +16,11 @@ # -%define pgversion 12.16 +%define pgversion 12.18 %define pgmajor 12 %define buildlibs 0 %define tarversion %{pgversion} -%define latest_supported_llvm_ver 15 +%define latest_supported_llvm_ver 18 ### CUT HERE ### %define pgname postgresql%pgmajor @@ -187,7 +187,7 @@ Provides: postgresql-implementation = %version-%release Requires: %libpq >= %version Requires(post): postgresql-noarch >= %pgmajor -Requires(postun):postgresql-noarch >= %pgmajor +Requires(postun): postgresql-noarch >= %pgmajor # At this point we changed the package layout on SLE and conflict with # older releases to get a clean cut. Conflicts: postgresql-noarch < 12.0.1 @@ -277,7 +277,7 @@ Provides: postgresql-server-devel = %version-%release Provides: postgresql-server-devel-implementation = %version-%release Requires(post): postgresql-server-devel-noarch >= %pgmajor -Requires(postun):postgresql-server-devel-noarch >= %pgmajor +Requires(postun): postgresql-server-devel-noarch >= %pgmajor Requires: %pgname-devel = %version Requires: %pgname-server = %version-%release # Installation of postgresql??-devel is exclusive @@ -335,10 +335,10 @@ Provides: postgresql-server-implementation = %version-%release Requires: %libpq >= %version Requires(pre): postgresql-server-noarch >= %pgmajor -Requires(preun):postgresql-server-noarch >= %pgmajor -Requires(postun):postgresql-server-noarch >= %pgmajor +Requires(preun): postgresql-server-noarch >= %pgmajor +Requires(postun): postgresql-server-noarch >= %pgmajor Requires(post): postgresql-noarch >= %pgmajor -Requires(postun):postgresql-noarch >= %pgmajor +Requires(postun): postgresql-noarch >= %pgmajor %description server PostgreSQL is an advanced object-relational database management system @@ -377,7 +377,7 @@ %if %{with llvm} Requires: %pgname-llvmjit = %version Requires(post): postgresql-llvmjit-devel-noarch >= %pgmajor -Requires(postun):postgresql-llvmjit-devel-noarch >= %pgmajor +Requires(postun): postgresql-llvmjit-devel-noarch >= %pgmajor %requires_file %_bindir/llc %requires_file %_bindir/clang %endif @@ -797,11 +797,9 @@ %post -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %postun -n %pgname-%devel /sbin/ldconfig -/usr/share/postgresql/install-alternatives %pgmajor %if %{with server_devel} %post server-devel ++++++ 0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch ++++++ --- /var/tmp/diff_new_pack.Zp8cCy/_old 2024-02-09 23:53:20.925188332 +0100 +++ /var/tmp/diff_new_pack.Zp8cCy/_new 2024-02-09 23:53:20.929188476 +0100 @@ -14,21 +14,13 @@ --- src/backend/jit/llvm/llvmjit.c.orig +++ src/backend/jit/llvm/llvmjit.c -@@ -101,6 +101,7 @@ LLVMValueRef FuncExecEvalSysVar; - LLVMValueRef FuncExecAggTransReparent; - LLVMValueRef FuncExecAggInitGroup; - -+LLVMModuleRef mod = NULL; - - static bool llvm_session_initialized = false; - static size_t llvm_generation = 0; -@@ -742,6 +743,35 @@ llvm_compile_module(LLVMJitContext *cont +@@ -736,6 +736,35 @@ llvm_compile_module(LLVMJitContext *cont } /* + * For the systemz target, LLVM uses a different datalayout for z13 and newer + * CPUs than it does for older CPUs. This can cause a mismatch in datalayouts -+ * in the case where the llvm_types_module (mod) is compiled with a pre-z13 CPU ++ * in the case where the llvm_types_module is compiled with a pre-z13 CPU + * and the JIT is running on z13 or newer. + * See computeDataLayout() function in + * llvm/lib/Target/SystemZ/SystemZTargetMachine.cpp for information on the @@ -46,7 +38,7 @@ + return false; + } + -+ llvm_context = LLVMGetModuleContext(mod); ++ llvm_context = LLVMGetModuleContext(llvm_types_module); + vec_type = LLVMVectorType(LLVMIntTypeInContext(llvm_context, 32), 4); + llvm_layoutref = LLVMCreateTargetData(llvm_layout); + ret = (LLVMABIAlignmentOfType(llvm_layoutref, vec_type) == 16); @@ -58,7 +50,7 @@ * Per session initialization. */ static void -@@ -750,6 +780,7 @@ llvm_session_initialize(void) +@@ -744,6 +773,7 @@ llvm_session_initialize(void) MemoryContext oldcontext; char *error = NULL; char *cpu = NULL; @@ -66,7 +58,7 @@ char *features = NULL; LLVMTargetMachineRef opt0_tm; LLVMTargetMachineRef opt3_tm; -@@ -781,10 +812,17 @@ llvm_session_initialize(void) +@@ -775,10 +805,17 @@ llvm_session_initialize(void) * features not all CPUs have (weird, huh). */ cpu = LLVMGetHostCPUName(); @@ -85,7 +77,7 @@ opt0_tm = LLVMCreateTargetMachine(llvm_targetref, llvm_triple, cpu, features, LLVMCodeGenLevelNone, -@@ -798,8 +836,13 @@ llvm_session_initialize(void) +@@ -792,8 +829,13 @@ llvm_session_initialize(void) LLVMDisposeMessage(cpu); cpu = NULL; @@ -100,12 +92,4 @@ /* force symbols in main binary to be loaded */ LLVMLoadLibraryPermanently(NULL); -@@ -952,7 +995,6 @@ llvm_create_types(void) - char path[MAXPGPATH]; - LLVMMemoryBufferRef buf; - char *msg; -- LLVMModuleRef mod = NULL; - - snprintf(path, MAXPGPATH, "%s/%s", pkglib_path, "llvmjit_types.bc"); - ++++++ postgresql-12.16.tar.bz2 -> postgresql-12.18.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/postgresql12/postgresql-12.16.tar.bz2 /work/SRC/openSUSE:Factory/.postgresql12.new.1815/postgresql-12.18.tar.bz2 differ: char 11, line 1 ++++++ postgresql-12.16.tar.bz2.sha256 -> postgresql-12.18.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/postgresql12/postgresql-12.16.tar.bz2.sha256 2023-08-11 15:55:52.311883762 +0200 +++ /work/SRC/openSUSE:Factory/.postgresql12.new.1815/postgresql-12.18.tar.bz2.sha256 2024-02-09 23:53:20.197162098 +0100 @@ -1 +1 @@ -c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 postgresql-12.16.tar.bz2 +4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a postgresql-12.18.tar.bz2
