Security update for postgresql, postgresql96, postgresql10, postgresql12 (moderate)

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for postgresql, postgresql96, postgresql10, postgresql12 fixes
the following issues:

Postgresql12 was updated to 12.3 (bsc#1171924).

• https://www.postgresql.org/about/news/2038/

• https://www.postgresql.org/docs/12/release-12-3.html

• Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
  and complete cutover to the new packaging schema.

Also changed in the postgresql wrapper package:

• Bump version to 12.0.1, so that the binary packages also have a
  cut-point to conflict with.

• Conflict with versions of the binary packages prior to the May 2020
  update, because we changed the package layout at that point and need a
  clean cutover.

• Bump package version to 12, but leave default at 10 for SLE-15 and
  SLE-15-SP1.

postgresql11 was updated to 11.9:

• CVE-2020-14349, bsc#1175193: Set a secure search_path in logical
  replication walsenders and apply workers
• CVE-2020-14350, bsc#1175194: Make contrib modules’ installation scripts
  more secure.
• https://www.postgresql.org/docs/11/release-11-9.html

• Pack the /usr/lib/postgresql symlink only into the main package.

postgresql11 was updated to 11.8 (bsc#1171924).

• https://www.postgresql.org/about/news/2038/
• https://www.postgresql.org/docs/11/release-11-8.html

• Unify the spec file to work across all current PostgreSQL versions to
  simplify future maintenance.
• Move from the “libs” build flavour to a “mini” package that will
  only be used inside the build service and not get shipped, to avoid
  confusion with the debuginfo packages (bsc#1148643).

postgresql10 was updated to 10.13 (bsc#1171924).

• https://www.postgresql.org/about/news/2038/

• https://www.postgresql.org/docs/10/release-10-13.html

• Unify the spec file to work across all current PostgreSQL versions to
  simplify future maintenance.

• Move from the “libs” build flavour to a “mini” package that will
  only be used inside the build service and not get shipped, to avoid
  confusion with the debuginfo packages (bsc#1148643).

postgresql96 was updated to 9.6.19:

 * CVE-2020-14350, boo#1175194: Make contrib modules' installation
   scripts more secure.
 * https://www.postgresql.org/docs/9.6/release-9-6-19.html

• Pack the /usr/lib/postgresql symlink only into the main package.

• Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
  and complete cutover to the new packaging schema.

• update to 9.6.18 (boo#1171924).
  https://www.postgresql.org/about/news/2038/
  https://www.postgresql.org/docs/9.6/release-9-6-18.html

• Unify the spec file to work across all current PostgreSQL versions to
  simplify future maintenance.

• Move from the “libs” build flavour to a “mini” package that will
  only be used inside the build service and not get shipped, to avoid
  confusion with the debuginfo packages (boo#1148643).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2020-1228=1