Public bug reported: Upstream: tbd Debian: 14.2-1 Ubuntu: 14.2-1ubuntu1
Debian typically updates postgresql-14 every 1 months on average, but it was last updated 22.02 and looks overdue. Check back in on this monthly. ### New Debian Changes ### postgresql-14 (14.2-1) unstable; urgency=medium * New upstream release. -- Christoph Berg <[email protected]> Wed, 09 Feb 2022 10:39:43 +0100 postgresql-14 (14.1-5) unstable; urgency=medium * Provide postgresql-14-jit-llvm (= ${llvm:Version}) so extensions can depend on a matching llvm version. -- Christoph Berg <[email protected]> Mon, 03 Jan 2022 16:08:18 +0100 postgresql-14 (14.1-4) unstable; urgency=medium [ Christoph Berg ] * Disable LLVM JIT on s390x for now. (See #1002029) [ Christian Ehrhardt ] * postgresql-common/server/postgresql.mk: avoid gcc 11 ICE on armhf and armel. -- Christoph Berg <[email protected]> Mon, 20 Dec 2021 18:21:21 +0100 postgresql-14 (14.1-3) unstable; urgency=medium * Use system default clang/llvm version. (Closes: #1000915) * Use centralized debian/rules logic in postgresql-common. -- Christoph Berg <[email protected]> Fri, 03 Dec 2021 09:56:49 +0100 postgresql-14 (14.1-2) unstable; urgency=medium * Enable outline-atomics on arm64 (affects Ubuntu focal only). -- Christoph Berg <[email protected]> Tue, 16 Nov 2021 11:56:37 +0100 postgresql-14 (14.1-1) unstable; urgency=medium * New upstream release. + Make the server and libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane) A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) (CVE-2021-23214) This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214. (CVE-2021-23222) The PostgreSQL Project thanks Jacob Champion for reporting these problems. * libpq-dev: Depend on libssl-dev, `pkg-config --exists libpq` requires it. -- Christoph Berg <[email protected]> Fri, 05 Nov 2021 12:05:46 +0100 postgresql-14 (14.0-1) unstable; urgency=medium * First PG14 release. * Depend on postgresql-common 229 for scram-sha-256 authentication by default. -- Christoph Berg <[email protected]> Tue, 28 Sep 2021 13:56:00 +0200 postgresql-14 (14~rc1-1) experimental; urgency=medium * First PG14 release candidate. * Enable spinlocks on riscv64. * Fix awk to be mawk, spotted by Yangfl. (Closes: #987786) * configure.ac: Remove check for autoconf 2.69. * Spanish debconf translation by Jonathan Bustillos, thanks! (Closes: #986775) * Flatten debian/*.lintian-overrides symlinks. -- Christoph Berg <[email protected]> Thu, 23 Sep 2021 12:39:42 +0200 postgresql-14 (14~beta3-1) experimental; urgency=medium * New beta version. * libpq5.symbols: Add PQsendFlushRequest. -- Christoph Berg <[email protected]> Tue, 10 Aug 2021 13:11:12 +0200 postgresql-14 (14~beta2-1) experimental; urgency=medium * New beta version. * libpq5.symbols: Add PQmblenBounded, PQsetTraceFlags, remove PQtraceSetFlags. * debian/tests/installcheck: Use --make-testtablespace-dir. ### Old Ubuntu Delta ### postgresql-14 (14.2-1ubuntu1) jammy; urgency=medium * d/p/llvm14-support.patch: fix FTBFS with llvm-14 (LP: #1966319) -- Andreas Hasenack <[email protected]> Fri, 25 Mar 2022 11:34:41 -0300 ** Affects: postgresql-14 (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: postgresql-14 (Ubuntu) Status: New => Incomplete ** Changed in: postgresql-14 (Ubuntu) Milestone: None => ubuntu-22.06 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971313 Title: Merge postgresql-14 from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-14/+bug/1971313/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
