From eb0f0699343eccc854c7b59a0262899a5e4789a7 Mon Sep 17 00:00:00 2001
From: Filip Janus <fjanus@redhat.com>
Date: Mon, 1 Dec 2025 16:34:35 +0000
Subject: [PATCH] Rebase to upstream release 13.23

- Fix CVE-2025-12818: libpq undersizes allocations, via integer wraparound
  Integer wraparound in PostgreSQL libpq client library functions allows
  an application input provider or network peer to cause libpq to undersize
  an allocation and write out-of-bounds by hundreds of megabytes, resulting
  in segmentation fault.

Resolves: RHEL-131269
---
 .gitignore | 2 ++
 libpq.spec | 6 +++++-
 sources    | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 03886af..25c2c73 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@ SOURCES/postgresql-13.11.tar.bz2
 /postgresql-13.11.tar.bz2
 /postgresql-13.20.tar.bz2
 /postgresql-13.20.tar.bz2.sha256
+/postgresql-13.23.tar.bz2
+/postgresql-13.23.tar.bz2.sha256
diff --git a/libpq.spec b/libpq.spec
index 98b7c39..24a121f 100644
--- a/libpq.spec
+++ b/libpq.spec
@@ -3,7 +3,7 @@
 
 Summary: PostgreSQL client library
 Name: libpq
-Version: %{majorversion}.20
+Version: %{majorversion}.23
 Release: 1%{?dist}
 
 License: PostgreSQL
@@ -130,6 +130,10 @@ find_lang_bins %name-devel.lst  pg_config
 
 
 %changelog
+* Mon Dec 01 2025 Filip Janus <fjanus@redhat.com> - 13.23-1
+- Rebase to upstream release 13.23
+- Resolves: RHEL-131269 (CVE-2025-12818)
+
 * Tue Feb 18 2025 Ales Nezbeda <anezbeda@redhat.com> - 13.20-1
 - Update to 13.20
 
diff --git a/sources b/sources
index d5d8e59..71e44eb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (postgresql-13.20.tar.bz2) = 884ee8327b803c66679238525e7d51320ea537b41138d7fe8fd7e725631f734a61e53646d9cec78154f3f05a3b50e90508793a56a8f0f76699a53773930cb1d0
-SHA512 (postgresql-13.20.tar.bz2.sha256) = 515b8021b0f70c95908e3b993fef71a9e6d6b27553eb69af1b707e77921d00992b5fad089d604fb565e463bd059c266ee9479082711f68cd5d570662b586cbf2
+SHA512 (postgresql-13.23.tar.bz2) = 9589fe26d874eb91244b7325d997d5e54e93d61a13f63b7e9ef247c0ca6c8ade420487303295010b0c45d7775b64da076a2af14bdcb7a03702d06b5edf159c39
+SHA512 (postgresql-13.23.tar.bz2.sha256) = f4ef1da9ffbce1db074d2a76c87710d57139f013c8c43b7045eb986ec0c11219c5b72227fdc3765073733b694bcb25637797905c171003912944bb8110d322e5