Compare commits

...

No commits in common. "c10s" and "c8" have entirely different histories.
c10s ... c8

14 changed files with 178 additions and 420 deletions

View File

@ -1 +0,0 @@
1

3
.gitignore vendored Executable file → Normal file
View File

@ -1,2 +1 @@
/postgresql-*.tar.bz2* SOURCES/postgresql-13.11.tar.bz2
/rpms

View File

@ -1,3 +0,0 @@
# libpq
The libpq package

View File

@ -7,11 +7,11 @@ directory whose path happens to include "postgres" or "pgsql" already.
However, datadir and sysconfdir are already set up in the specfile's However, datadir and sysconfdir are already set up in the specfile's
configure call, so we do not have to append anything to them. configure call, so we do not have to append anything to them.
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 9a6265b3a0..c9371a07c4 100644 diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Makefile.global.in
--- a/src/Makefile.global.in --- postgresql-9.0.1.orig/src/Makefile.global.in 2010-10-01 10:25:44.000000000 -0400
+++ b/src/Makefile.global.in +++ postgresql-9.0.1/src/Makefile.global.in 2010-10-11 11:52:05.224975308 -0400
@@ -82,8 +82,7 @@ vpathsearch = `for f in $(addsuffix /$(1),$(subst :, ,. $(VPATH))); do test -r $ @@ -55,8 +55,7 @@
# Installation directories # Installation directories
# #
# These are set by the equivalent --xxxdir configure options. We # These are set by the equivalent --xxxdir configure options. We
@ -21,7 +21,7 @@ index 9a6265b3a0..c9371a07c4 100644
# #
# In a PGXS build, we cannot use the values inserted into Makefile.global # In a PGXS build, we cannot use the values inserted into Makefile.global
# by configure, since the installation tree may have been relocated. # by configure, since the installation tree may have been relocated.
@@ -101,45 +100,23 @@ datarootdir := @datarootdir@ @@ -74,45 +73,23 @@
bindir := @bindir@ bindir := @bindir@
datadir := @datadir@ datadir := @datadir@

View File

@ -0,0 +1,53 @@
Change the built-in default socket directory to be /var/run/postgresql.
For backwards compatibility with (probably non-libpq-based) clients that
might still expect to find the socket in /tmp, also create a socket in
/tmp. This is to resolve communication problems with clients operating
under systemd's PrivateTmp environment, which won't be using the same
global /tmp directory as the server; see bug #825448.
Note that we apply the socket directory change at the level of the
hard-wired defaults in the C code, not by just twiddling the setting in
postgresql.conf.sample; this is so that the change will take effect on
server package update, without requiring any existing postgresql.conf
to be updated. (Of course, a user who dislikes this behavior can still
override it via postgresql.conf.)
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 9481f2d..75532c7 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -3196,7 +3196,7 @@ static struct config_string ConfigureNamesString[] =
},
&Unix_socket_directories,
#ifdef HAVE_UNIX_SOCKETS
- DEFAULT_PGSOCKET_DIR,
+ DEFAULT_PGSOCKET_DIR ", /tmp",
#else
"",
#endif
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index feeff9e..3e3d784 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -1234,7 +1234,7 @@ setup_config(void)
#ifdef HAVE_UNIX_SOCKETS
snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'",
- DEFAULT_PGSOCKET_DIR);
+ DEFAULT_PGSOCKET_DIR ", /tmp");
#else
snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''");
#endif
diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h
index e278fa0..9ee15d4 100644
--- a/src/include/pg_config_manual.h
+++ b/src/include/pg_config_manual.h
@@ -201,7 +201,7 @@
* support them yet.
*/
#ifndef WIN32
-#define DEFAULT_PGSOCKET_DIR "/tmp"
+#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql"
#else
#define DEFAULT_PGSOCKET_DIR ""
#endif

View File

@ -0,0 +1,96 @@
- The libpq package is supposed to be used for all the PostgreSQL modules
- available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
- depend on appropriate libpq ABI version (picked at build-time).
diff --git a/config/Makefile b/config/Makefile
index 67e7998f55..86612a42c3 100644
--- a/config/Makefile
+++ b/config/Makefile
@@ -8,6 +8,7 @@ include $(top_builddir)/src/Makefile.global
install: all installdirs
$(INSTALL_SCRIPT) $(srcdir)/install-sh '$(DESTDIR)$(pgxsdir)/config/install-sh'
$(INSTALL_SCRIPT) $(srcdir)/missing '$(DESTDIR)$(pgxsdir)/config/missing'
+ $(INSTALL_SCRIPT) $(srcdir)/build-exports-gnu-ld '$(DESTDIR)$(pgxsdir)/config/build-exports-gnu-ld'
installdirs:
$(MKDIR_P) '$(DESTDIR)$(pgxsdir)/config'
diff --git a/config/build-exports-gnu-ld b/config/build-exports-gnu-ld
new file mode 100755
index 0000000000..84c48e3ade
--- /dev/null
+++ b/config/build-exports-gnu-ld
@@ -0,0 +1,41 @@
+#! /bin/sh
+
+# by default use PG_ prefix
+: "${SYMBOL_VERSION_PREFIX=PG_}"
+
+# we started symbol versioning since v10
+: "${SYMBOL_VERSION_START=9.6}"
+
+version=$SYMBOL_VERSION_START
+version_prev=
+first=:
+
+open_block ()
+{
+ $first || echo
+ first=false
+ echo "${SYMBOL_VERSION_PREFIX}$version {"
+ echo "global:"
+}
+
+close_block ()
+{
+ echo "}${version_prev:+ $SYMBOL_VERSION_PREFIX$version_prev};"
+ version_prev=$version
+ version=$1
+}
+
+open_block
+while read -r symbol _ new_version
+do
+ case $symbol in '#'*) continue ;; esac
+ if test -n "$new_version" && test "$new_version" != "$version"; then
+ close_block "$new_version"
+ open_block
+ fi
+ echo " $symbol;"
+done
+
+echo "local:"
+echo " *;"
+close_block
diff --git a/src/Makefile.shlib b/src/Makefile.shlib
index 373d73caef..d5bd5468cd 100644
--- a/src/Makefile.shlib
+++ b/src/Makefile.shlib
@@ -231,7 +231,7 @@ ifeq ($(PORTNAME), linux)
ifdef soname
LINK.shared += -Wl,-soname,$(soname)
endif
- BUILD.exports = ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
+ BUILD.exports = $(SHELL) $(top_srcdir)/config/build-exports-gnu-ld < $< > $@
exports_file = $(SHLIB_EXPORTS:%.txt=%.list)
ifneq (,$(exports_file))
LINK.shared += -Wl,--version-script=$(exports_file)
diff --git a/src/interfaces/libpq/exports.txt b/src/interfaces/libpq/exports.txt
index ccec59919b..4c2be8b7d5 100644
--- a/src/interfaces/libpq/exports.txt
+++ b/src/interfaces/libpq/exports.txt
@@ -171,11 +171,11 @@
PQsslAttribute 169
PQsetErrorContextVisibility 170
PQresultVerboseErrorMessage 171
-PQencryptPasswordConn 172
-PQresultMemorySize 173
+PQencryptPasswordConn 172 10
+PQresultMemorySize 173 12
PQhostaddr 174
PQgssEncInUse 175
PQgetgssctx 176
-PQsetSSLKeyPassHook_OpenSSL 177
+PQsetSSLKeyPassHook_OpenSSL 177 13
PQgetSSLKeyPassHook_OpenSSL 178
PQdefaultSSLKeyPassHook_OpenSSL 179

View File

@ -0,0 +1 @@
4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb postgresql-13.11.tar.bz2

View File

@ -1,10 +1,10 @@
%global majorversion 16 %global majorversion 13
%global obsoletes_version %( echo $(( %majorversion + 1 )) ) %global obsoletes_version %( echo $(( %majorversion + 1 )) )
Summary: PostgreSQL client library Summary: PostgreSQL client library
Name: libpq Name: libpq
Version: %{majorversion}.1 Version: %{majorversion}.11
Release: 8%{?dist} Release: 1%{?dist}.alma.1
License: PostgreSQL License: PostgreSQL
Url: http://www.postgresql.org/ Url: http://www.postgresql.org/
@ -16,8 +16,7 @@ Source1: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}
# Comments for these patches are in the patch files. # Comments for these patches are in the patch files.
Patch1: libpq-10.3-rpm-pgsql.patch Patch1: libpq-10.3-rpm-pgsql.patch
Patch2: libpq-10.3-var-run-socket.patch Patch2: libpq-10.3-var-run-socket.patch
Patch3: libpq-12.1-symbol-versioning.patch Patch3: libpq-13.1-symbol-versioning.patch
Patch4: postgresql-openssl32.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: glibc-devel bison flex gawk BuildRequires: glibc-devel bison flex gawk
@ -27,8 +26,6 @@ BuildRequires: krb5-devel
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: gettext BuildRequires: gettext
BuildRequires: multilib-rpm-config BuildRequires: multilib-rpm-config
BuildRequires: make
BuildRequires: libicu-devel
Obsoletes: postgresql-libs < %obsoletes_version Obsoletes: postgresql-libs < %obsoletes_version
Provides: postgresql-libs = %version-%release Provides: postgresql-libs = %version-%release
@ -68,9 +65,6 @@ find . -type f -name .gitignore | xargs rm
%build %build
# complements symbol-versioning patch # complements symbol-versioning patch
export SYMBOL_VERSION_PREFIX=RHPG_ export SYMBOL_VERSION_PREFIX=RHPG_
# Disable ENGINE_API
CFLAGS="$CFLAGS -DOPENSSL_NO_ENGINE"
export CFLAGS
# We don't build server nor client (e.g. /bin/psql) binaries in this package, so # We don't build server nor client (e.g. /bin/psql) binaries in this package, so
# we can disable some configure options. # we can disable some configure options.
@ -102,13 +96,7 @@ done
# remove files not to be packaged # remove files not to be packaged
find $RPM_BUILD_ROOT -name '*.a' -delete find $RPM_BUILD_ROOT -name '*.a' -delete
# preserve just errcodes.h
mv $RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils/errcodes.h \
$RPM_BUILD_ROOT%{_includedir}/pgsql
rm -r $RPM_BUILD_ROOT%_includedir/pgsql/server rm -r $RPM_BUILD_ROOT%_includedir/pgsql/server
mkdir -p $RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils
mv $RPM_BUILD_ROOT%{_includedir}/pgsql/errcodes.h \
$RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils
%multilib_fix_c_header --file "%_includedir/pg_config.h" %multilib_fix_c_header --file "%_includedir/pg_config.h"
%multilib_fix_c_header --file "%_includedir/pg_config_ext.h" %multilib_fix_c_header --file "%_includedir/pg_config_ext.h"
@ -129,7 +117,7 @@ find_lang_bins %name-devel.lst pg_config
%files -f %name.lst %files -f %name.lst
%license COPYRIGHT %license COPYRIGHT
%_libdir/libpq.so.5* %_libdir/libpq.so.*
%dir %_datadir/pgsql %dir %_datadir/pgsql
%doc %_datadir/pgsql/pg_service.conf.sample %doc %_datadir/pgsql/pg_service.conf.sample
@ -140,78 +128,28 @@ find_lang_bins %name-devel.lst pg_config
%_libdir/libpq.so %_libdir/libpq.so
%_libdir/pkgconfig/libpq.pc %_libdir/pkgconfig/libpq.pc
%changelog %changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 16.1-8 * Mon May 29 2023 Dominik Rehák <drehak@redhat.com> - 13.11-1.alma.1
- Bump release for October 2024 mass rebuild: - Revert to el8
Resolves: RHEL-64018
* Wed Jul 3 2024 Filip Janus <fjanus@redhat.com> - 16.1-7 * Mon May 29 2023 Dominik Rehák <drehak@redhat.com> - 13.11-1
- Disable openssl ENGINE_API - Update to 13.11
Resolves: #2171370
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 16.1-6 * Tue Nov 16 2021 Marek Kulik <mkulik@redhat.com> - 13.5-1
- Bump release for June 2024 mass rebuild - Update to 13.5
* Tue Jun 18 2024 Filip Janus <fjanus@redhat.com> - 16.1-5 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-4
- Ship errcodes.h in -devel package (kea package requires errorcodes) - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Feb 20 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 16.1-4 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-3
- Backport OpenSSL 3.2 fix from upstream master - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 16.1-3 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 5 2023 Filip Janus <fjanus@redhat.com> - 16.1-1
- Update to 16.1
- Build with ICU by default - new upstream feature
* Wed Aug 2 2023 Filip Janus <fjanus@redhat.com> - 15.3-1
- Update to the latest upstream version
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 15.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 15.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 05 2022 Filip Janus <fjansu@redhat.com> - 15.0-2
- Revert versioning patch
- There are no new symbols in libpq 15
* Tue Sep 27 2022 Ondrej Sloup <osloup@redhat.com> - 15.0-1
- Update to v15
- Update patches
- Resolves: https://fedoraproject.org/wiki/Changes/PostgreSQL_15
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 14.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Filip Januš <fjanus@redhat.com> - 14.3-1
- Update to 14.3
* Tue Feb 22 2022 Filip Januš <fjanus@redhat.com> - 14.2-1
- Update to 14.2
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 14.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Jan 03 2022 Filip Januš <fjanus@redhat.com> - 14.1-1
- Update to v14
- Resolves: https://fedoraproject.org/wiki/Changes/PostgreSQL_14
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 13.4-2
- Rebuilt with OpenSSL 3.0.0
* Thu Aug 12 2021 Filip Januš <fjanus@rehdat.com> - 13.4-1
- Update to 13.4
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 13.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon May 17 2021 Filip Januš <fjanus@redhat.com> - 13.3-1
- Update to 13.3
* Tue Feb 16 2021 Honza Horak <hhorak@redhat.com> - 13.2-1 * Tue Feb 16 2021 Honza Horak <hhorak@redhat.com> - 13.2-1
- Update to 13.2 - Update to 13.2

12
ci.fmf
View File

@ -1,12 +0,0 @@
/test:
summary:
Basic set of quick tests for libpq. Since libpq is client library and
part of postgresql. Postgresql testsuite is used.
discover:
- name: fedora
how: fmf
url: "https://src.fedoraproject.org/tests/postgresql.git"
ref: main
filter: tag:libpq
execute:
how: tmt

View File

@ -1,12 +0,0 @@
#! /bin/sh
rm sources
set -e
spectool -S *.spec | cut -d' ' -f2 \
| grep -E -e 'postgresql-.*\.tar\.*' -e 'postgresql.*\.pdf' | sort | \
while read line
do
base=`basename "$line"`
echo " * handling $base"
sha512sum --tag "$base" >> sources
done

View File

@ -1,51 +0,0 @@
Change the built-in default socket directory to be /var/run/postgresql.
For backwards compatibility with (probably non-libpq-based) clients that
might still expect to find the socket in /tmp, also create a socket in
/tmp. This is to resolve communication problems with clients operating
under systemd's PrivateTmp environment, which won't be using the same
global /tmp directory as the server; see bug #825448.
Note that we apply the socket directory change at the level of the
hard-wired defaults in the C code, not by just twiddling the setting in
postgresql.conf.sample; this is so that the change will take effect on
server package update, without requiring any existing postgresql.conf
to be updated. (Of course, a user who dislikes this behavior can still
override it via postgresql.conf.)
diff -ur postgresql-16.1/src/backend/utils/misc/guc_tables.c pg_patched/src/backend/utils/misc/guc_tables.c
--- postgresql-16.1/src/backend/utils/misc/guc_tables.c 2023-11-06 23:04:27.000000000 +0100
+++ pg_patched/src/backend/utils/misc/guc_tables.c 2023-12-05 12:02:46.000000000 +0100
@@ -4271,7 +4271,7 @@
GUC_LIST_INPUT | GUC_LIST_QUOTE | GUC_SUPERUSER_ONLY
},
&Unix_socket_directories,
- DEFAULT_PGSOCKET_DIR,
+ DEFAULT_PGSOCKET_DIR ", /tmp",
NULL, NULL, NULL
},
diff -ur postgresql-16.1/src/bin/initdb/initdb.c pg_patched/src/bin/initdb/initdb.c
--- postgresql-16.1/src/bin/initdb/initdb.c 2023-11-06 23:04:27.000000000 +0100
+++ pg_patched/src/bin/initdb/initdb.c 2023-12-05 12:04:19.000000000 +0100
@@ -1287,7 +1287,7 @@
* these are indeed defaults, keep the postgresql.conf lines commented.
*/
conflines = replace_guc_value(conflines, "unix_socket_directories",
- DEFAULT_PGSOCKET_DIR, true);
+ DEFAULT_PGSOCKET_DIR ", /tmp", true);
conflines = replace_guc_value(conflines, "port",
DEF_PGPORT_STR, true);
diff -ur postgresql-16.1/src/include/pg_config_manual.h pg_patched/src/include/pg_config_manual.h
--- postgresql-16.1/src/include/pg_config_manual.h 2023-11-06 23:04:27.000000000 +0100
+++ pg_patched/src/include/pg_config_manual.h 2023-12-05 11:45:20.000000000 +0100
@@ -206,7 +206,7 @@
* support them yet.
*/
#ifndef WIN32
-#define DEFAULT_PGSOCKET_DIR "/tmp"
+#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql"
#else
#define DEFAULT_PGSOCKET_DIR ""
#endif

View File

@ -1,106 +0,0 @@
commit 75040c3388d9a7dd5ad2bee53cbcc8bf3d35cd17
Author: Honza Horak <hhorak@redhat.com>
Date: Fri Oct 30 20:16:50 2020 +0100
The libpq package is supposed to be used for all the PostgreSQL modules
available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
depend on appropriate libpq ABI version (picked at build-time).
diff -ur postgresql-16.1/config/Makefile postgresql_patched/config/Makefile
--- postgresql-16.1/config/Makefile 2023-11-06 23:04:27.000000000 +0100
+++ postgresql_patched/config/Makefile 2023-12-05 10:43:19.733619095 +0100
@@ -8,6 +8,7 @@
install: all installdirs
$(INSTALL_SCRIPT) $(srcdir)/install-sh '$(DESTDIR)$(pgxsdir)/config/install-sh'
$(INSTALL_SCRIPT) $(srcdir)/missing '$(DESTDIR)$(pgxsdir)/config/missing'
+ $(INSTALL_SCRIPT) $(srcdir)/build-exports-gnu-ld '$(DESTDIR)$(pgxsdir)/config/build-exports-gnu-ld'
installdirs:
$(MKDIR_P) '$(DESTDIR)$(pgxsdir)/config'
diff -ur postgresql-16.1/src/interfaces/libpq/exports.txt postgresql_patched/src/interfaces/libpq/exports.txt
--- postgresql-16.1/src/interfaces/libpq/exports.txt 2023-11-06 23:04:27.000000000 +0100
+++ postgresql_patched/src/interfaces/libpq/exports.txt 2023-12-05 10:48:24.627604638 +0100
@@ -171,19 +171,19 @@
PQsslAttribute 169
PQsetErrorContextVisibility 170
PQresultVerboseErrorMessage 171
-PQencryptPasswordConn 172
-PQresultMemorySize 173
+PQencryptPasswordConn 172 10
+PQresultMemorySize 173 12
PQhostaddr 174
PQgssEncInUse 175
PQgetgssctx 176
-PQsetSSLKeyPassHook_OpenSSL 177
+PQsetSSLKeyPassHook_OpenSSL 177 13
PQgetSSLKeyPassHook_OpenSSL 178
PQdefaultSSLKeyPassHook_OpenSSL 179
-PQenterPipelineMode 180
+PQenterPipelineMode 180 14
PQexitPipelineMode 181
PQpipelineSync 182
PQpipelineStatus 183
PQsetTraceFlags 184
PQmblenBounded 185
PQsendFlushRequest 186
-PQconnectionUsedGSSAPI 187
+PQconnectionUsedGSSAPI 187 16
diff -ur postgresql-16.1/src/Makefile.shlib postgresql_patched/src/Makefile.shlib
--- postgresql-16.1/src/Makefile.shlib 2023-11-06 23:04:27.000000000 +0100
+++ postgresql_patched/src/Makefile.shlib 2023-12-05 10:43:19.739634021 +0100
@@ -185,7 +185,7 @@
ifdef soname
LINK.shared += -Wl,-soname,$(soname)
endif
- BUILD.exports = ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
+ BUILD.exports = $(SHELL) $(top_srcdir)/config/build-exports-gnu-ld < $< > $@
exports_file = $(SHLIB_EXPORTS:%.txt=%.list)
ifneq (,$(exports_file))
LINK.shared += -Wl,--version-script=$(exports_file)
diff --git a/config/build-exports-gnu-ld b/config/build-exports-gnu-ld
new file mode 100755
index 0000000000..84c48e3ade
--- /dev/null
+++ b/config/build-exports-gnu-ld
@@ -0,0 +1,41 @@
+#! /bin/sh
+
+# by default use PG_ prefix
+: "${SYMBOL_VERSION_PREFIX=PG_}"
+
+# we started symbol versioning since v10
+: "${SYMBOL_VERSION_START=9.6}"
+
+version=$SYMBOL_VERSION_START
+version_prev=
+first=:
+
+open_block ()
+{
+ $first || echo
+ first=false
+ echo "${SYMBOL_VERSION_PREFIX}$version {"
+ echo "global:"
+}
+
+close_block ()
+{
+ echo "}${version_prev:+ $SYMBOL_VERSION_PREFIX$version_prev};"
+ version_prev=$version
+ version=$1
+}
+
+open_block
+while read -r symbol _ new_version
+do
+ case $symbol in '#'*) continue ;; esac
+ if test -n "$new_version" && test "$new_version" != "$version"; then
+ close_block "$new_version"
+ open_block
+ fi
+ echo " $symbol;"
+done
+
+echo "local:"
+echo " *;"
+close_block

View File

@ -1,142 +0,0 @@
Backport of commit b2b1f12882fb561c7d474b834044dd8ed570bfea to 16.1
Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
We should have done it this way all along, but we accidentally got
away with using the wrong BIO field up until OpenSSL 3.2. There,
the library's BIO routines that we rely on use the "data" field
for their own purposes, and our conflicting use causes assorted
weird behaviors up to and including core dumps when SSL connections
are attempted. Switch to using the approved field for the purpose,
i.e. app_data.
While at it, remove our configure probes for BIO_get_data as well
as the fallback implementation. BIO_{get,set}_app_data have been
there since long before any OpenSSL version that we still support,
even in the back branches.
Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
change in an error message spelling that evidently came in with 3.2.
Tristan Partin and Bo Andreson. Back-patch to all supported branches.
Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
---
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 31b6a6eacdf0..1b8b32c5b39e 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -842,11 +842,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
* to retry; do we need to adopt their logic for that?
*/
-#ifndef HAVE_BIO_GET_DATA
-#define BIO_get_data(bio) (bio->ptr)
-#define BIO_set_data(bio, data) (bio->ptr = data)
-#endif
-
static BIO_METHOD *my_bio_methods = NULL;
static int
@@ -856,7 +851,7 @@ my_sock_read(BIO *h, char *buf, int size)
if (buf != NULL)
{
- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
BIO_clear_retry_flags(h);
if (res <= 0)
{
@@ -876,7 +871,7 @@ my_sock_write(BIO *h, const char *buf, int size)
{
int res = 0;
- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
BIO_clear_retry_flags(h);
if (res <= 0)
{
@@ -952,7 +947,7 @@ my_SSL_set_fd(Port *port, int fd)
SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
goto err;
}
- BIO_set_data(bio, port);
+ BIO_set_app_data(bio, port);
BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set_bio(port->ssl, bio, bio);
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 4aeaf08312ce..e669bdbf1d2d 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
* to retry; do we need to adopt their logic for that?
*/
-#ifndef HAVE_BIO_GET_DATA
-#define BIO_get_data(bio) (bio->ptr)
-#define BIO_set_data(bio, data) (bio->ptr = data)
-#endif
-
static BIO_METHOD *my_bio_methods;
static int
@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size)
{
int res;
- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
BIO_clear_retry_flags(h);
if (res < 0)
{
@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size)
{
int res;
- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
BIO_clear_retry_flags(h);
if (res < 0)
{
@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
goto err;
}
- BIO_set_data(bio, conn);
+ BIO_set_app_data(bio, conn);
SSL_set_bio(conn->ssl, bio, bio);
BIO_set_fd(bio, fd, BIO_NOCLOSE);
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index a049fd2ff03a..d921f1dde9fa 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -776,7 +776,7 @@ sub switch_server_cert
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
. sslkey('client-revoked.key'),
"certificate authorization fails with revoked client cert",
- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
# temporarily(?) skip this check due to timing issue
# log_like => [
# qr{Client certificate verification failed at depth 0: certificate revoked},
@@ -881,7 +881,7 @@ sub switch_server_cert
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
. sslkey('client-revoked.key'),
"certificate authorization fails with revoked client cert with server-side CRL directory",
- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
# temporarily(?) skip this check due to timing issue
# log_like => [
# qr{Client certificate verification failed at depth 0: certificate revoked},
@@ -894,7 +894,7 @@ sub switch_server_cert
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
. sslkey('client-revoked-utf8.key'),
"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
# temporarily(?) skip this check due to timing issue
# log_like => [
# qr{Client certificate verification failed at depth 0: certificate revoked},

View File

@ -1,2 +0,0 @@
SHA512 (postgresql-16.1.tar.bz2) = 69f4635e5841452599f13b47df41ce2425ab34b4e4582fd2c635bc78d561fa36c5b03eccb4ae6569872dc74775be1b5a62dee20c9a4f12a43339250128352918
SHA512 (postgresql-16.1.tar.bz2.sha256) = 3f573d81a7af02dea2a3eee180d4e465546fc4d283dde5b6627d25af0be4a546ffd3ae914dd3490e45264d1a43cf143e829e14e5cd9c6bd8f179b6eae4fd6ff1