Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postgresql16 for openSUSE:Factory checked in at 2025-02-20 19:46:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postgresql16 (Old) and /work/SRC/openSUSE:Factory/.postgresql16.new.1873 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgresql16" Thu Feb 20 19:46:45 2025 rev:15 rq:1247459 version:16.8 Changes: -------- --- /work/SRC/openSUSE:Factory/postgresql16/postgresql16.changes 2025-02-13 18:41:04.573211137 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql16.new.1873/postgresql16.changes 2025-02-20 19:46:47.868879529 +0100 @@ -1,0 +2,23 @@ +Tue Feb 18 11:36:44 UTC 2025 - Reinhard Max <[email protected]> + +- Upgrade to 16.8: + * Improve behavior of libpq's quoting functions: + The changes made for CVE-2025-1094 had one serious oversight: + PQescapeLiteral() and PQescapeIdentifier() failed to honor + their string length parameter, instead always reading to the + input string's trailing null. This resulted in including + unwanted text in the output, if the caller intended to + truncate the string via the length parameter. With very bad + luck it could cause a crash due to reading off the end of + memory. + In addition, modify all these quoting functions so that when + invalid encoding is detected, an invalid sequence is + substituted for just the first byte of the presumed + character, not all of it. This reduces the risk of problems + if a calling application performs additional processing on + the quoted string. + * Fix small memory leak in pg_createsubscriber. + * https://www.postgresql.org/docs/release/16.8/ + * https://www.postgresql.org/about/news/p-3018/ + +------------------------------------------------------------------- Old: ---- postgresql-16.7.tar.bz2 postgresql-16.7.tar.bz2.sha256 New: ---- postgresql-16.8.tar.bz2 postgresql-16.8.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql16.spec ++++++ --- /var/tmp/diff_new_pack.TSnKq0/_old 2025-02-20 19:46:51.209019127 +0100 +++ /var/tmp/diff_new_pack.TSnKq0/_new 2025-02-20 19:46:51.233020130 +0100 @@ -16,7 +16,7 @@ # -%define pgversion 16.7 +%define pgversion 16.8 %define pgmajor 16 %define buildlibs 0 %define tarversion %{pgversion} ++++++ postgresql-16.7.tar.bz2 -> postgresql-16.8.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/postgresql16/postgresql-16.7.tar.bz2 /work/SRC/openSUSE:Factory/.postgresql16.new.1873/postgresql-16.8.tar.bz2 differ: char 11, line 1 ++++++ postgresql-16.7.tar.bz2.sha256 -> postgresql-16.8.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/postgresql16/postgresql-16.7.tar.bz2.sha256 2025-02-13 18:41:04.565210805 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql16.new.1873/postgresql-16.8.tar.bz2.sha256 2025-02-20 19:46:47.700872507 +0100 @@ -1 +1 @@ -62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe postgresql-16.7.tar.bz2 +9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 postgresql-16.8.tar.bz2
