From 55240a7cc3e82f8955e266068a0622eaafd79e47 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 21 Dec 2023 12:33:30 +0300 Subject: [PATCH 1/2] import OL ostgresql-12.17-1.0.1.module+el8.9.0+90107+c48bae1a --- ...gresql-service-network-binding-issue.patch | 38 +++++++++++++++++++ SOURCES/postgresql-12.15.tar.bz2.sha256 | 1 - SOURCES/postgresql-12.17.tar.bz2.sha256 | 1 + SOURCES/postgresql-external-libpq.patch | 16 +++++--- SPECS/postgresql.spec | 22 ++++++++--- 5 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch delete mode 100644 SOURCES/postgresql-12.15.tar.bz2.sha256 create mode 100644 SOURCES/postgresql-12.17.tar.bz2.sha256 diff --git a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch new file mode 100644 index 0000000..deca076 --- /dev/null +++ b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch @@ -0,0 +1,38 @@ +From df5ba865eb8a42147d23100b37322921ad98248a Mon Sep 17 00:00:00 2001 +From: sagar sagar +Date: Thu, 11 May 2023 15:49:37 +0530 +Subject: [PATCH] Fixed postgresql service network binding issue during bootup + +During the bootup, the postgresql service requires port bind to network +address to assign configured in /var/lib/pgsql/data/postgresql.conf but the +service is not able to do if the network service has not yet assigned an IP +address to the network interface. +By using "network-online.target" parameter in +/usr/lib/systemd/system/postgresql.service we are postponing the postgresql +service to run until we have not got the IP address assinged. + +For more info :- +https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ +Orabug: 35103668 + +Signed-off-by: sagar sagar +--- + postgresql-setup-8.7/postgresql.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/postgresql-setup-8.7/postgresql.service.in b/postgresql-setup-8.7/postgresql.service.in +index c73c42a..893e6fa 100644 +--- a/postgresql-setup-8.7/postgresql.service.in ++++ b/postgresql-setup-8.7/postgresql.service.in +@@ -6,7 +6,7 @@ + + [Unit] + Description=PostgreSQL database server +-After=network.target ++After=network-online.target + + [Service] + Type=notify +-- +2.31.1 + diff --git a/SOURCES/postgresql-12.15.tar.bz2.sha256 b/SOURCES/postgresql-12.15.tar.bz2.sha256 deleted file mode 100644 index bd3cc87..0000000 --- a/SOURCES/postgresql-12.15.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 postgresql-12.15.tar.bz2 diff --git a/SOURCES/postgresql-12.17.tar.bz2.sha256 b/SOURCES/postgresql-12.17.tar.bz2.sha256 new file mode 100644 index 0000000..f1d6073 --- /dev/null +++ b/SOURCES/postgresql-12.17.tar.bz2.sha256 @@ -0,0 +1 @@ +93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 postgresql-12.17.tar.bz2 diff --git a/SOURCES/postgresql-external-libpq.patch b/SOURCES/postgresql-external-libpq.patch index ba7ef73..22b2b62 100644 --- a/SOURCES/postgresql-external-libpq.patch +++ b/SOURCES/postgresql-external-libpq.patch @@ -4,6 +4,12 @@ This patch is used on two places; postgresql.spec and libecpg.spec -- keep those in sync! Related: rhbz#1618698 +Signed-Off-By: Tianyue Lan + +--- + src/Makefile | 1 - + src/Makefile.global.in | 3 +-- + 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Makefile b/src/Makefile index bcdbd95..4bea236 100644 @@ -18,10 +24,10 @@ index bcdbd95..4bea236 100644 backend/replication/pgoutput \ fe_utils \ diff --git a/src/Makefile.global.in b/src/Makefile.global.in -index b9d86ac..29df69f 100644 +index a05f7ce..36be499 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in -@@ -549,7 +549,7 @@ endif +@@ -546,7 +546,7 @@ endif # How to link to libpq. (This macro may be used as-is by backend extensions. # Client-side code should go through libpq_pgport or libpq_pgport_shlib, # instead.) @@ -29,8 +35,8 @@ index b9d86ac..29df69f 100644 +libpq = -lpq # libpq_pgport is for use by client executables (not libraries) that use libpq. - # We force clients to pull symbols from the non-shared libraries libpgport -@@ -579,7 +579,6 @@ endif + # We want clients to pull symbols from the non-shared libraries libpgport +@@ -589,7 +589,6 @@ endif # Commonly used submake targets submake-libpq: | submake-generated-headers @@ -39,5 +45,5 @@ index b9d86ac..29df69f 100644 submake-libpgport: | submake-generated-headers $(MAKE) -C $(top_builddir)/src/port all -- -2.21.0 +2.39.3 diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec index 3bd90c0..ab710e2 100644 --- a/SPECS/postgresql.spec +++ b/SPECS/postgresql.spec @@ -59,8 +59,8 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 12 -Version: %{majorversion}.15 -Release: 1%{?dist} +Version: %{majorversion}.17 +Release: 1.0.1%{?dist} # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -76,7 +76,7 @@ Url: http://www.postgresql.org/ %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global precise_version %{?epoch:%epoch:}%version-%release -%global setup_version 8.6 +%global setup_version 8.7 %global service_name postgresql.service @@ -110,6 +110,9 @@ Patch8: postgresql-external-libpq.patch Patch9: postgresql-server-pg_config.patch Patch10: postgresql-12.5-contrib-dblink-expected-out.patch +#Oracle Patches +Patch1001: 1001-Fixed-postgresql-service-network-binding-issue.patch + BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk BuildRequires: perl(ExtUtils::Embed), perl-devel @@ -371,6 +374,8 @@ benchmarks. %patch9 -p1 %patch10 -p1 +%patch1001 -p1 + # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -1225,10 +1230,15 @@ make -C postgresql-setup-%{setup_version} check %changelog -* Tue Jul 11 2023 Dominik Rehák - 12.15-2 -- Fix PostgreSQL 10 version used in specfile +* Fri Dec 15 2023 Tianyue Lan - 12.17-1.0.1 +- Update to version 12.17 +- Resolves: Fix: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417 -* Mon Jun 12 2023 Dominik Rehák - 12.15-1 +* Tue Aug 08 2023 David Sloboda - 12.15-1.0.1 +- Fixed postgresql port binding issue during bootup [Orabug: 35103668] + +* Tue Aug 08 2023 David Sloboda - 12.15-1 +- Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35) - Resolves: #2207932 - Update to version 12.15 From cae5e8066a6cea9812df52b26547383a9bd28e84 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 21 Dec 2023 12:36:26 +0300 Subject: [PATCH 2/2] Revert OL changes --- .gitignore | 6 +-- .postgresql.metadata | 6 +-- ...gresql-service-network-binding-issue.patch | 38 ------------------- SPECS/postgresql.spec | 9 +---- 4 files changed, 8 insertions(+), 51 deletions(-) delete mode 100644 SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch diff --git a/.gitignore b/.gitignore index ca9b1e8..b44b7ec 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ SOURCES/postgresql-10.23.tar.bz2 -SOURCES/postgresql-12.15-US.pdf -SOURCES/postgresql-12.15.tar.bz2 -SOURCES/postgresql-setup-8.6.tar.gz +SOURCES/postgresql-12.17-US.pdf +SOURCES/postgresql-12.17.tar.bz2 +SOURCES/postgresql-setup-8.7.tar.gz diff --git a/.postgresql.metadata b/.postgresql.metadata index 71802ef..8cb290b 100644 --- a/.postgresql.metadata +++ b/.postgresql.metadata @@ -1,4 +1,4 @@ 2df7b4b3751112f3cb543c3ea81e45531bebc7a1 SOURCES/postgresql-10.23.tar.bz2 -76418f35de2b232cdd807bd3e6a7595136a161a0 SOURCES/postgresql-12.15-US.pdf -7c643aa8a57b8926158345da9881fc2cb0fd2d1f SOURCES/postgresql-12.15.tar.bz2 -9e12ee26bf41d3831f83049b51ae5da76de2ce12 SOURCES/postgresql-setup-8.6.tar.gz +7cc63d1d9c026cd0b5731f5e015c63c611ed5388 SOURCES/postgresql-12.17-US.pdf +2fc3eda69a9d4b4f215428b77d70da0b83586f0d SOURCES/postgresql-12.17.tar.bz2 +fb97095dc9648f9c31d58fcb406831da5e419ddf SOURCES/postgresql-setup-8.7.tar.gz diff --git a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch deleted file mode 100644 index deca076..0000000 --- a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch +++ /dev/null @@ -1,38 +0,0 @@ -From df5ba865eb8a42147d23100b37322921ad98248a Mon Sep 17 00:00:00 2001 -From: sagar sagar -Date: Thu, 11 May 2023 15:49:37 +0530 -Subject: [PATCH] Fixed postgresql service network binding issue during bootup - -During the bootup, the postgresql service requires port bind to network -address to assign configured in /var/lib/pgsql/data/postgresql.conf but the -service is not able to do if the network service has not yet assigned an IP -address to the network interface. -By using "network-online.target" parameter in -/usr/lib/systemd/system/postgresql.service we are postponing the postgresql -service to run until we have not got the IP address assinged. - -For more info :- -https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ -Orabug: 35103668 - -Signed-off-by: sagar sagar ---- - postgresql-setup-8.7/postgresql.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/postgresql-setup-8.7/postgresql.service.in b/postgresql-setup-8.7/postgresql.service.in -index c73c42a..893e6fa 100644 ---- a/postgresql-setup-8.7/postgresql.service.in -+++ b/postgresql-setup-8.7/postgresql.service.in -@@ -6,7 +6,7 @@ - - [Unit] - Description=PostgreSQL database server --After=network.target -+After=network-online.target - - [Service] - Type=notify --- -2.31.1 - diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec index ab710e2..6ea7b8f 100644 --- a/SPECS/postgresql.spec +++ b/SPECS/postgresql.spec @@ -60,7 +60,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 12 Version: %{majorversion}.17 -Release: 1.0.1%{?dist} +Release: 1%{?dist} # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -110,9 +110,6 @@ Patch8: postgresql-external-libpq.patch Patch9: postgresql-server-pg_config.patch Patch10: postgresql-12.5-contrib-dblink-expected-out.patch -#Oracle Patches -Patch1001: 1001-Fixed-postgresql-service-network-binding-issue.patch - BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk BuildRequires: perl(ExtUtils::Embed), perl-devel @@ -374,8 +371,6 @@ benchmarks. %patch9 -p1 %patch10 -p1 -%patch1001 -p1 - # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -1230,7 +1225,7 @@ make -C postgresql-setup-%{setup_version} check %changelog -* Fri Dec 15 2023 Tianyue Lan - 12.17-1.0.1 +* Fri Dec 15 2023 Tianyue Lan - 12.17-1 - Update to version 12.17 - Resolves: Fix: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417