Adding debian version 16.2-1.debian/16.2-1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 146 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..db6092b
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,146 @@
+postgresql-16 (16.2-1) unstable; urgency=medium
+
+  * New upstream version.
+
+    * Tighten security restrictions within REFRESH MATERIALIZED VIEW
+      CONCURRENTLY (Heikki Linnakangas)
+
+      One step of a concurrent refresh command was run under weak security
+      restrictions.  If a materialized view's owner could persuade a superuser
+      or other high-privileged user to perform a concurrent refresh on that
+      view, the view's owner could control code executed with the privileges
+      of the user running REFRESH. Fix things so that all user-determined code
+      is run as the view's owner, as expected.
+
+      The only known exploit for this error does not work in PostgreSQL 16.0
+      and later, so it may be that v16 is not vulnerable in practice.
+
+      The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
+      (CVE-2024-0985)
+
+  * Add Swedish debconf translation by Martin Bagge and Anders Jonsson.
+    Thanks! (Closes: #1059170)
+
+ -- Christoph Berg <myon@debian.org>  Tue, 06 Feb 2024 13:27:57 +0100
+
+postgresql-16 (16.1-1) unstable; urgency=medium
+
+  * New upstream version.
+
+    * Fix handling of unknown-type arguments in DISTINCT "any" aggregate
+      functions (Tom Lane)
+
+      This error led to a text-type value being interpreted as an unknown-type
+      value (that is, a zero-terminated string) at runtime.  This could result
+      in disclosure of server memory following the text value.
+
+      The PostgreSQL Project thanks Jingzhou Fu for reporting this problem.
+      (CVE-2023-5868)
+
+    * Detect integer overflow while computing new array dimensions
+      (Tom Lane)
+
+      When assigning new elements to array subscripts that are outside the
+      current array bounds, an undetected integer overflow could occur in edge
+      cases.  Memory stomps that are potentially exploitable for arbitrary
+      code execution are possible, and so is disclosure of server memory.
+
+      The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
+      (CVE-2023-5869)
+
+    * Prevent the pg_signal_backend role from signalling background workers
+      and autovacuum processes (Noah Misch, Jelte Fennema-Nio)
+
+      The documentation says that pg_signal_backend
+      cannot issue signals to superuser-owned processes.  It was able to
+      signal these background processes, though, because they advertise a
+      role OID of zero.  Treat that as indicating superuser ownership.
+      The security implications of cancelling one of these process types
+      are fairly small so far as the core code goes (we'll just start
+      another one), but extensions might add background workers that are
+      more vulnerable.
+
+      Also ensure that the is_superuser parameter is set correctly in such
+      processes.  No specific security consequences are known for that
+      oversight, but it might be significant for some extensions.
+
+      The PostgreSQL Project thanks Hemanth Sandrana and Mahendrakar
+      Srinivasarao for reporting this problem. (CVE-2023-5870)
+
+    * Fix misbehavior during recursive page split in GiST index build
+      (Heikki Linnakangas)
+
+      Fix a case where the location of a page downlink was incorrectly
+      tracked, and introduce some logic to allow recovering from such
+      situations rather than silently doing the wrong thing.  This error could
+      result in incorrect answers from subsequent index searches. It may be
+      advisable to reindex all GiST indexes after installing this update.
+
+    * Prevent de-duplication of btree index entries for interval columns
+
+      There are interval values that are distinguishable but compare equal,
+      for example 24:00:00 and 1 day.  This breaks assumptions made by btree
+      de-duplication, so interval columns need to be excluded from
+      de-duplication.  This oversight can cause incorrect results from
+      index-only scans.  Moreover, after updating amcheck will report an error
+      for almost all such indexes.  Users should reindex any btree indexes on
+      interval columns.
+
+  * Use default LLVM version; package is now compatible with LLVM 16.
+  * Rebase debian/patches/libpgport-pkglibdir.
+
+ -- Christoph Berg <myon@debian.org>  Tue, 07 Nov 2023 14:18:31 +0100
+
+postgresql-16 (16.0-2) unstable; urgency=medium
+
+  * Use LLVM 15 for JIT support, 16 is not supported yet. (Closes: #1051881)
+
+ -- Christoph Berg <myon@debian.org>  Thu, 14 Sep 2023 09:13:57 +0200
+
+postgresql-16 (16.0-1) unstable; urgency=medium
+
+  * First PostgreSQL 16 release.
+
+ -- Christoph Berg <myon@debian.org>  Mon, 11 Sep 2023 22:41:53 +0200
+
+postgresql-16 (16~rc1-2) experimental; urgency=medium
+
+  * Disable jit on loong64; PG does not support LLVM 16 yet while LLVM
+    versions before 16 do not support loong64. (Closes: #1051385)
+  * Introduce build profile pkg.postgresql.nolibpkgs.
+  * Cherry-pick WIP patches to stabilize tests on s390x.
+
+ -- Christoph Berg <myon@debian.org>  Thu, 07 Sep 2023 14:14:52 +0200
+
+postgresql-16 (16~rc1-1) experimental; urgency=medium
+
+  * New release candidate version.
+
+ -- Christoph Berg <myon@debian.org>  Tue, 29 Aug 2023 15:58:19 +0200
+
+postgresql-16 (16~beta3-1) experimental; urgency=medium
+
+  * New beta version.
+  * Bump postgresql-common dependency to 252, required for alternatives.
+  * Test-Depend on tzdata-legacy | tzdata (<< 2023c-8).
+
+ -- Christoph Berg <myon@debian.org>  Thu, 10 Aug 2023 13:57:07 +0200
+
+postgresql-16 (16~beta2-1) experimental; urgency=medium
+
+  * New beta version.
+
+ -- Christoph Berg <myon@debian.org>  Wed, 28 Jun 2023 15:41:55 +0200
+
+postgresql-16 (16~beta1-2) experimental; urgency=medium
+
+  * Bump postgresql-common B-D to 250 to ignore test failures on alpha et al.
+  * Define IOV_MAX on hurd-i386.
+
+ -- Christoph Berg <myon@debian.org>  Wed, 24 May 2023 11:11:53 +0200
+
+postgresql-16 (16~beta1-1) experimental; urgency=medium
+
+  * New major upstream version 16; packaging based on postgresql-15.
+
+ -- Christoph Berg <myon@debian.org>  Tue, 23 May 2023 14:05:19 +0200