import postgresql-13.3-10.el9

This commit is contained in:
CentOS Sources 2021-12-07 11:52:42 -05:00 committed by Stepan Oksanichenko
parent f88966cb52
commit 69a75f3678
4 changed files with 152 additions and 29 deletions

View File

@ -1,26 +0,0 @@
diff -up postgresql-13.3/contrib/pgcrypto/Makefile.ssl30-tests-off postgresql-13.3/contrib/pgcrypto/Makefile
--- postgresql-13.3/contrib/pgcrypto/Makefile.ssl30-tests-off 2021-06-29 16:08:03.203650968 +0200
+++ postgresql-13.3/contrib/pgcrypto/Makefile 2021-06-30 08:58:01.665202733 +0200
@@ -5,7 +5,7 @@ INT_SRCS = md5.c sha1.c internal.c inter
INT_TESTS = sha2
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
-OSSL_TESTS = sha2 des 3des cast5
+OSSL_TESTS = sha2
ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED
@@ -49,11 +49,10 @@ DATA = pgcrypto--1.3.sql pgcrypto--1.2--
pgcrypto--1.0--1.1.sql
PGFILEDESC = "pgcrypto - cryptographic functions"
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 \
$(CF_TESTS) \
crypt-des crypt-md5 crypt-blowfish crypt-xdes \
- pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
- pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
+ pgp-armor $(CF_PGP_TESTS)
EXTRA_CLEAN = gen-rtab

View File

@ -0,0 +1,33 @@
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad
author Daniel Gustafsson <dgustafsson@postgresql.org>
The PX layer in pgcrypto is handling digest padding on its own uniformly
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
doesn't flush the last block in case padding is enabled so explicitly
disable it as we don't use it.
This will be backpatched to all supported version once there is sufficient
testing in the buildfarm of OpenSSL 3.
diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c
--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400
+++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400
@@ -379,6 +379,8 @@
{
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
@@ -403,6 +405,8 @@
{
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))

View File

@ -0,0 +1,102 @@
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400
@@ -4,20 +4,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
- pgp_sym_decrypt
------------------
- Secret message.
-(1 row)
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400
@@ -594,13 +594,6 @@
(1 row)
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
- pgp_pub_decrypt
------------------
- Secret msg
-(1 row)
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
pgp_pub_decrypt
-----------------
diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile
--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400
@@ -5,7 +5,7 @@
INT_TESTS = sha2
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
-OSSL_TESTS = sha2 des 3des cast5
+OSSL_TESTS = sha2
ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED
@@ -49,12 +49,13 @@
pgcrypto--1.0--1.1.sql
PGFILEDESC = "pgcrypto - cryptographic functions"
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \
$(CF_TESTS) \
- crypt-des crypt-md5 crypt-blowfish crypt-xdes \
+ crypt-md5 \
pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
+#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \
EXTRA_CLEAN = gen-rtab
ifdef USE_PGXS
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400
@@ -5,16 +5,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400
@@ -606,9 +606,6 @@
from keytbl, encdata where keytbl.id=1 and encdata.id=1;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))

View File

@ -63,7 +63,7 @@ Summary: PostgreSQL client programs
Name: postgresql
%global majorversion 13
Version: %{majorversion}.3
Release: 8%{?dist}
Release: 10%{?dist}
# The PostgreSQL license is very similar to other MIT licenses, but the OSI
# recognizes it as an independent license, so we do as well.
@ -111,7 +111,8 @@ Patch5: postgresql-var-run-socket.patch
Patch8: postgresql-external-libpq.patch
Patch9: postgresql-server-pg_config.patch
Patch12: postgresql-no-libecpg.patch
Patch13: postgresql-openssl3-tests.patch
Patch13: postgresql-pgcrypto-openssl3-init.patch
Patch14: postgresql-pgcrypto-openssl3-tests.patch
BuildRequires: make
BuildRequires: gcc
@ -427,6 +428,7 @@ goal of accelerating analytics queries.
%endif
%patch9 -p1
%patch13 -p1
%patch14 -p1
# We used to run autoconf here, but there's no longer any real need to,
# since Postgres ships with a reasonably modern configure script.
@ -1219,6 +1221,18 @@ make -C postgresql-setup-%{setup_version} check
%changelog
* Wed Oct 13 2021 Ondrej Dubaj <odubaj@redhat.com> - 13.3-10
- Release bum due to gating configuration
* Tue Sep 21 2021 Filip Januš <fjanus@redhat.com> - 13.3-9
- Remove tests failing with openssl3, now pgp is tested only with
supported ciphers
Add postgresql-pgcrypto-openssl3-init.patch - Correctly init ciphers
Add postgresql-pgcrypto-openssl3-tests.patch - disable unsupported
ciphers in the test suite
Related discussion: #2008773
Resolves: #1964848
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
@ -1297,7 +1311,7 @@ make -C postgresql-setup-%{setup_version} check
Fixes CVE-2020-25695
Fixes CVE-2020-25696
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 12.4-5
* Wed Jan 13 2021 Fedora Release Engineering <releng@fedoraproject.org> - 12.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Nov 16 2020 Honza Horak <hhorak@redhat.com> - 12.4-4