Rebase to upstream release 13.23

- Fix CVE-2025-12818: libpq undersizes allocations, via integer wraparound Integer wraparound in PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes, resulting in segmentation fault. Resolves: RHEL-131269
2025-12-01 16:34:35 +00:00 · 2025-12-01 16:34:35 +00:00 · eb0f069934
commit eb0f069934
parent d3b3280786
3 changed files with 9 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,5 @@ SOURCES/postgresql-13.11.tar.bz2
 /postgresql-13.11.tar.bz2
 /postgresql-13.20.tar.bz2
 /postgresql-13.20.tar.bz2.sha256
+/postgresql-13.23.tar.bz2
+/postgresql-13.23.tar.bz2.sha256
--- a/libpq.spec
+++ b/libpq.spec
@ -3,7 +3,7 @@

 Summary: PostgreSQL client library
 Name: libpq
-Version: %{majorversion}.20
+Version: %{majorversion}.23
 Release: 1%{?dist}

 License: PostgreSQL
@ -130,6 +130,10 @@ find_lang_bins %name-devel.lst  pg_config


 %changelog
+* Mon Dec 01 2025 Filip Janus <fjanus@redhat.com> - 13.23-1
+- Rebase to upstream release 13.23
+- Resolves: RHEL-131269 (CVE-2025-12818)
+
 * Tue Feb 18 2025 Ales Nezbeda <anezbeda@redhat.com> - 13.20-1
 - Update to 13.20

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (postgresql-13.20.tar.bz2) = 884ee8327b803c66679238525e7d51320ea537b41138d7fe8fd7e725631f734a61e53646d9cec78154f3f05a3b50e90508793a56a8f0f76699a53773930cb1d0
-SHA512 (postgresql-13.20.tar.bz2.sha256) = 515b8021b0f70c95908e3b993fef71a9e6d6b27553eb69af1b707e77921d00992b5fad089d604fb565e463bd059c266ee9479082711f68cd5d570662b586cbf2
+SHA512 (postgresql-13.23.tar.bz2) = 9589fe26d874eb91244b7325d997d5e54e93d61a13f63b7e9ef247c0ca6c8ade420487303295010b0c45d7775b64da076a2af14bdcb7a03702d06b5edf159c39
+SHA512 (postgresql-13.23.tar.bz2.sha256) = f4ef1da9ffbce1db074d2a76c87710d57139f013c8c43b7045eb986ec0c11219c5b72227fdc3765073733b694bcb25637797905c171003912944bb8110d322e5