Overview

File _patchinfo of Package patchinfo.900

<patchinfo incident="900">
  <category>optional</category>
  <issue id="950486" tracker="bnc">postgresql does not start due to missing /var/run/postgresql</issue>
  <issue id="949669" tracker="bnc">VUL-0: CVE-2015-5288: postgresql: Memory leak in crypt() function</issue>
  <issue id="949670" tracker="bnc">VUL-0: CVE-2015-5289: postgresql: Unchecked JSON input can crash the server</issue>
  <issue tracker="bnc" id="941886"/>
  <issue tracker="bnc" id="945706"/>
  <issue tracker="cve" id="CVE-2015-5289"/>
  <issue tracker="cve" id="CVE-2015-5288"/>
  <issue tracker="fate" id="319049"/>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
This update delivers PostgreSQL 9.4.5 to the SUSE Linux Enterprise 12 codebase.

Major enhancements:

* Security and bugfix release 9.4.5:
  * CVE-2015-5289, bsc#949670: json or jsonb input values
    constructed from arbitrary user input can crash the PostgreSQL
    server and cause a denial of service.
  * CVE-2015-5288, bsc#949669: The crypt() function included with
    the optional pgCrypto extension could be exploited to read a
    few additional bytes of memory. No working exploit for this
    issue has been developed.

* Add jsonb, a more capable and efficient data type for storing JSON data
* Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries
* Reduce lock strength for some ALTER TABLE commands
* Allow materialized views to be refreshed without blocking concurrent reads
* Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format
* Allow background worker processes to be dynamically registered, started and terminated
* For the full release notse, see:
  http://www.postgresql.org/docs/current/static/release-9-4-5.html
* Move systemd related stuff and user creation to postgresql-init (bsc#950486)
* Remove some obsolete %suse_version conditionals
* Adjust build time dependencies.
* Fix some more rpmlint warnings.
* Relax dependency on libpq to major version.
* Make sure that plpgsql.h gets installed, because pldebugger
  needs it.
* Move ~postgres/.bash_profile to postgresql-server to avoid a
  file conflict between the versioned server packages.

Full release notes can be found here:
http://www.postgresql.org/docs/9.4/static/release-9-4.html


The existing client libraries libecpg6 and libpq5 are now taken from the postgresql94 build instgead
of the postgresql93 build.
</description>
  <summary>Optional update for postgresql94</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places