From a58dc92700bec82e82bd4855b67f3260a3b89d74 Mon Sep 17 00:00:00 2001
From: Filip Janus <fjanus@redhat.com>
Date: Mon, 1 Dec 2025 16:37:27 +0000
Subject: [PATCH] Rebase to upstream release 16.11

- Fix CVE-2025-12818: libpq undersizes allocations, via integer wraparound
  Integer wraparound in PostgreSQL libpq client library functions allows
  an application input provider or network peer to cause libpq to undersize
  an allocation and write out-of-bounds by hundreds of megabytes, resulting
  in segmentation fault.

Resolves: RHEL-131267
---
 libpq.spec | 7 +++++--
 sources    | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/libpq.spec b/libpq.spec
index c3aa2d6..edebebf 100644
--- a/libpq.spec
+++ b/libpq.spec
@@ -3,8 +3,8 @@
 
 Summary: PostgreSQL client library
 Name: libpq
-Version: %{majorversion}.8
-Release: 2%{?dist}
+Version: %{majorversion}.11
+Release: 1%{?dist}
 
 License: PostgreSQL
 Url: http://www.postgresql.org/
@@ -140,6 +140,9 @@ find_lang_bins %name-devel.lst  pg_config
 %_libdir/pkgconfig/libpq.pc
 
 %changelog
+* Mon Dec 01 2025 Filip Janus <fjanus@redhat.com> - 16.11-1
+- Rebase to upstream release 16.11
+
 * Wed Mar 5 2025 Ales Nezbeda <anezbeda@redhat.com> 16.8-2
 - Bump release for rebuild
 
diff --git a/sources b/sources
index 620f35c..0ed21ca 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (postgresql-16.8.tar.bz2) = f44fdfe01fbf82f3ffe4c9fc860bd27e06dddfe43b6bd6d1c6e267d64086eb5517e23cc1b2b8895cb73e63fce76779993ea9785a97e6e348ed91b4c08bb0492d
-SHA512 (postgresql-16.8.tar.bz2.sha256) = 878f5b5d71a10de9416bdd74bef034efade87cc9d6fad6ce1491842ab6415f897c715a2817552f627744ab23cf2a8287010d5e2e2f1c9206e563a1d0e26d39cc
+SHA512 (postgresql-16.11.tar.bz2) = f11f8f3e5855cfce27108a1bd2122c5a7a1ff37c6d9366d7a96a041aab67a4e4a31e54f0757b6b97c72d841acdcaa97d3eaa765213d4899b2cf7047c549012b8
+SHA512 (postgresql-16.11.tar.bz2.sha256) = 3c07dc85608f8cee5071bd7d404feff1c767afb468a8f41225b73d5df05334dca9a3465e16307a3b5b21c1a44684deab0c496fbd03b9d061e4a9559684876671