postgresql-18 (18.3-1) unstable; urgency=medium

  * New upstream version 18.3.

    + Fix failure after replaying a multixid truncation record from WAL that
      was generated by an older minor version (Heikki Linnakangas)

      Erroneous logic for coping with the way that previous versions handled
      multixid wraparound led to replay failure, with messages like "could not
      access status of transaction". A typical scenario in which this could
      occur is a standby server of the latest minor version consuming WAL from
      a primary server of an older version.

    + Avoid incorrect complaint of invalid encoding when substring() is
      applied to toasted data (Noah Misch)

      The fix for CVE-2026-2006 was too aggressive and could raise an error
      about an incomplete character in cases that are actually valid.

    + Fix oversight in the fix for CVE-2026-2007 (Zsolt Parragi)

      If the bounds array needed to be expanded, because the input contained
      more trigrams than the initial guess, generate_trgm_only didn't return
      the modified array pointer to its caller.  That would lead to incorrect
      output from strict_word_similarity() and related functions, or in rare
      cases a crash.  The faulty code is reached if the input string becomes
      longer when it's converted to lower case. The only known instances of
      that occur when an ICU locale is used with certain single-byte
      encodings.

    + Fix the volatility marking of json_strip_nulls() and jsonb_strip_nulls()
      (Andrew Dunstan)

      These functions have always been considered immutable, but refactoring
      in version 18 accidentally marked them stable instead. That prevents
      their use in index expressions and could cause unnecessary repeat
      evaluations in queries.  This fix corrects the marking in
      newly-initialized database clusters (including clusters that are
      pg_upgrade'd to 18.3 or later). However it will not help existing
      clusters made using 18.0 through 18.2.

      If this mistake affects your usage of these functions, the recommended
      fix for an existing cluster is a manual catalog update. As superuser,
      perform

      UPDATE pg_catalog.pg_proc SET provolatile = 'i' WHERE oid IN ('3261','3262');

      in each affected database.  Update template0 and template1 as well, so
      that databases made in future will have the fix.

 -- Christoph Berg <myon@debian.org>  Tue, 24 Feb 2026 12:48:56 +0100

postgresql-18 (18.2-1) unstable; urgency=medium

  * New upstream version 18.2.

    + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)

      These data types are expected to be 1-dimensional arrays containing no
      nulls, but there are cast pathways that permit violating those
      expectations.  Add checks to some functions that were depending on those
      expectations without verifying them, and could misbehave in consequence.

      The PostgreSQL Project thanks Altan Birler for reporting this problem.
      (CVE-2026-2003)

    + Harden selectivity estimators against being attached to operators that
      accept unexpected data types (Tom Lane)

      contrib/intarray contained a selectivity estimation function that could
      be abused for arbitrary code execution, because it did not check that
      its input was of the expected data type.  Third-party extensions should
      check for similar hazards and add defenses using the technique intarray
      now uses. Since such extension fixes will take time, we now require
      superuser privilege to attach a non-built-in selectivity estimator to an
      operator.

      The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
      for reporting this problem. (CVE-2026-2004)

    + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
      (Michael Paquier)

      Decrypting a crafted message with an overlength session key caused a
      buffer overrun, with consequences as bad as arbitrary code execution.

      The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
      for reporting this problem. (CVE-2026-2005)

    + Fix inadequate validation of multibyte character lengths
      (Thomas Munro, Noah Misch)

      Assorted bugs allowed an attacker able to issue crafted SQL to overrun
      string buffers, with consequences as bad as arbitrary code execution.
      After these fixes, applications may observe invalid byte sequence for
      encoding errors when string functions process invalid text that has been
      stored in the database.

      The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
      zeroday.cloud, for reporting this problem. (CVE-2026-2006)

    + Harden contrib/pg_trgm against changes in string lowercasing behavior
      (Heikki Linnakangas)

      Fix potential buffer overruns arising from the fact that in some locales
      lower-casing a string can produce more characters (not bytes) than were
      in the original.  That behavior is new in version 18, and so is the bug.

      The PostgreSQL Project thanks Heikki Linnakangas for reporting this
      problem. (CVE-2026-2007)

  * Remove pg_numa_init and LLVM 21 patches, merged upstream.

 -- Christoph Berg <myon@debian.org>  Tue, 10 Feb 2026 11:26:19 +0100

postgresql-18 (18.1-2) unstable; urgency=medium

  * Fix build with LLVM 21.

 -- Christoph Berg <myon@debian.org>  Thu, 11 Dec 2025 17:37:16 +0100

postgresql-18 (18.1-1) unstable; urgency=medium

  * New upstream version 18.1.

    + Check for CREATE privileges on the schema in CREATE STATISTICS
      (Jelte Fennema-Nio)

      This omission allowed table owners to create statistics in any schema,
      potentially leading to unexpected naming conflicts.

      The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
      problem. (CVE-2025-12817)

    + Avoid integer overflow in allocation-size calculations within libpq
      (Jacob Champion)

      Several places in libpq were not sufficiently careful about computing
      the required size of a memory allocation.  Sufficiently large inputs
      could cause integer overflow, resulting in an undersized buffer, which
      would then lead to writing past the end of the buffer.

      The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies
      for reporting this problem. (CVE-2025-12818)

  * Handle EPERM in pg_numa_init.
  * Test-Depend on postgresql-common-dev.

 -- Christoph Berg <myon@debian.org>  Tue, 11 Nov 2025 13:05:55 +0100

postgresql-18 (18.0-1) unstable; urgency=medium

  * PostgreSQL 18.0.
  * B-D on openssl.

 -- Christoph Berg <myon@debian.org>  Tue, 23 Sep 2025 21:46:05 +0200

postgresql-18 (18~rc1-3) unstable; urgency=medium

  * libpq.pc: Drop libcurl from Requires.private.

 -- Christoph Berg <myon@debian.org>  Tue, 23 Sep 2025 17:12:07 +0200

postgresql-18 (18~rc1-2) unstable; urgency=medium

  * Upload to unstable in preparation of 18.0 release.
  * B-D on postgresql-common-dev instead of -common.
  * Drop move-pages32 patch, upstream had a different fix already.

 -- Christoph Berg <myon@debian.org>  Mon, 22 Sep 2025 12:37:17 +0200

postgresql-18 (18~rc1-1) experimental; urgency=medium

  * New upstream version 18rc1.
  * libpq-oauth.lintian-overrides: Package is a plugin.

 -- Christoph Berg <myon@debian.org>  Wed, 13 Aug 2025 23:37:10 +0200

postgresql-18 (18~beta3-1) experimental; urgency=medium

  * New upstream version 18beta3.
  * Drop obsolete patches: focal-arm64-outline-atomics, jit-s390x.

 -- Christoph Berg <myon@debian.org>  Tue, 12 Aug 2025 12:08:31 +0200

postgresql-18 (18~beta2-1) experimental; urgency=medium

  * New upstream version 18beta2.
  * Drop hurd-iovec patch, implemented upstream.
  * debian/libpq5.symbols: Remove PQservice (introduced earlier in 18).

 -- Christoph Berg <myon@debian.org>  Fri, 18 Jul 2025 12:48:48 +0200

postgresql-18 (18~beta1+20250701-1) experimental; urgency=medium

  * New upstream snapshot.

 -- Christoph Berg <myon@debian.org>  Tue, 01 Jul 2025 11:36:41 +0200

postgresql-18 (18~beta1+20250624-1) experimental; urgency=medium

  * New upstream snapshot.
  * Restrict libpq-oauth and B-D: libnuma-dev to [linux-any].
  * Work around a Linux 32-bit bug in move_pages on 64-bit kernels.
  * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984)
  * Add Catalan debconf translation by Carles Pina i Estany, thanks!

 -- Christoph Berg <myon@debian.org>  Mon, 23 Jun 2025 14:37:14 +0200

postgresql-18 (18~beta1+20250612-1) experimental; urgency=medium

  * New upstream snapshot.
  * Add B-D on libnuma-dev.

 -- Christoph Berg <myon@debian.org>  Fri, 06 Jun 2025 14:29:17 +0200

postgresql-18 (18~beta1-1) experimental; urgency=medium

  * First beta version.

 -- Christoph Berg <myon@debian.org>  Tue, 06 May 2025 20:28:58 +0200

postgresql-18 (18~~devel.20250502-1) experimental; urgency=medium

  * Split libpq-oauth into a separate package so libpq5 does not have to
    depend on libcurl.

 -- Christoph Berg <myon@debian.org>  Fri, 02 May 2025 10:39:45 +0200

postgresql-18 (18~~devel.20250421-1) experimental; urgency=medium

  * New upstream snapshot.

 -- Christoph Berg <myon@debian.org>  Mon, 21 Apr 2025 21:07:47 +0200

postgresql-18 (18~~devel.20250405-1) experimental; urgency=medium

  * New upstream snapshot.
  * B-D on liburing-dev.

 -- Christoph Berg <myon@debian.org>  Wed, 02 Apr 2025 15:15:38 +0200

postgresql-18 (18~~devel.20250331-1) experimental; urgency=medium

  * New upstream snapshot.
  * Drop extension_destdir patch, implemented upstream as
    extension_control_path.
  * Disable JIT on loong64 and riscv64 again, still segfaulting.

 -- Christoph Berg <myon@debian.org>  Wed, 19 Mar 2025 15:47:26 +0100

postgresql-18 (18~~devel.20250318+g4078da6c478-1) experimental; urgency=medium

  * New major upstream version 18; packaging based on postgresql-17.
  * Move JIT to new postgresql-18-jit package. (Closes: #927182)
  * Enable JIT only on 64-bit architectures.

 -- Christoph Berg <myon@debian.org>  Tue, 18 Mar 2025 16:43:43 +0100