import postgresql-13.3-10.el9
This commit is contained in:
parent
f88966cb52
commit
69a75f3678
@ -1,26 +0,0 @@
|
|||||||
diff -up postgresql-13.3/contrib/pgcrypto/Makefile.ssl30-tests-off postgresql-13.3/contrib/pgcrypto/Makefile
|
|
||||||
--- postgresql-13.3/contrib/pgcrypto/Makefile.ssl30-tests-off 2021-06-29 16:08:03.203650968 +0200
|
|
||||||
+++ postgresql-13.3/contrib/pgcrypto/Makefile 2021-06-30 08:58:01.665202733 +0200
|
|
||||||
@@ -5,7 +5,7 @@ INT_SRCS = md5.c sha1.c internal.c inter
|
|
||||||
INT_TESTS = sha2
|
|
||||||
|
|
||||||
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
|
|
||||||
-OSSL_TESTS = sha2 des 3des cast5
|
|
||||||
+OSSL_TESTS = sha2
|
|
||||||
|
|
||||||
ZLIB_TST = pgp-compression
|
|
||||||
ZLIB_OFF_TST = pgp-zlib-DISABLED
|
|
||||||
@@ -49,11 +49,10 @@ DATA = pgcrypto--1.3.sql pgcrypto--1.2--
|
|
||||||
pgcrypto--1.0--1.1.sql
|
|
||||||
PGFILEDESC = "pgcrypto - cryptographic functions"
|
|
||||||
|
|
||||||
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
|
|
||||||
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 \
|
|
||||||
$(CF_TESTS) \
|
|
||||||
crypt-des crypt-md5 crypt-blowfish crypt-xdes \
|
|
||||||
- pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
|
|
||||||
- pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
|
|
||||||
+ pgp-armor $(CF_PGP_TESTS)
|
|
||||||
|
|
||||||
EXTRA_CLEAN = gen-rtab
|
|
||||||
|
|
33
SOURCES/postgresql-pgcrypto-openssl3-init.patch
Normal file
33
SOURCES/postgresql-pgcrypto-openssl3-init.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad
|
||||||
|
author Daniel Gustafsson <dgustafsson@postgresql.org>
|
||||||
|
|
||||||
|
The PX layer in pgcrypto is handling digest padding on its own uniformly
|
||||||
|
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
|
||||||
|
doesn't flush the last block in case padding is enabled so explicitly
|
||||||
|
disable it as we don't use it.
|
||||||
|
|
||||||
|
This will be backpatched to all supported version once there is sufficient
|
||||||
|
testing in the buildfarm of OpenSSL 3.
|
||||||
|
|
||||||
|
diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c
|
||||||
|
--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400
|
||||||
|
+++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400
|
||||||
|
@@ -379,6 +379,8 @@
|
||||||
|
{
|
||||||
|
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
||||||
|
+ return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
||||||
|
@@ -403,6 +405,8 @@
|
||||||
|
{
|
||||||
|
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
||||||
|
+ return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
||||||
|
|
102
SOURCES/postgresql-pgcrypto-openssl3-tests.patch
Normal file
102
SOURCES/postgresql-pgcrypto-openssl3-tests.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out
|
||||||
|
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400
|
||||||
|
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400
|
||||||
|
@@ -4,20 +4,6 @@
|
||||||
|
-- Checking ciphers
|
||||||
|
select pgp_sym_decrypt(dearmor('
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
|
||||||
|
-
|
||||||
|
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
|
||||||
|
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
|
||||||
|
-=JcP+
|
||||||
|
------END PGP MESSAGE-----
|
||||||
|
-'), 'foobar');
|
||||||
|
- pgp_sym_decrypt
|
||||||
|
------------------
|
||||||
|
- Secret message.
|
||||||
|
-(1 row)
|
||||||
|
-
|
||||||
|
-select pgp_sym_decrypt(dearmor('
|
||||||
|
------BEGIN PGP MESSAGE-----
|
||||||
|
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||||
|
|
||||||
|
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
|
||||||
|
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
|
||||||
|
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400
|
||||||
|
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400
|
||||||
|
@@ -594,13 +594,6 @@
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
|
||||||
|
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
|
||||||
|
- pgp_pub_decrypt
|
||||||
|
------------------
|
||||||
|
- Secret msg
|
||||||
|
-(1 row)
|
||||||
|
-
|
||||||
|
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
|
||||||
|
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
|
||||||
|
pgp_pub_decrypt
|
||||||
|
-----------------
|
||||||
|
diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile
|
||||||
|
--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400
|
||||||
|
+++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400
|
||||||
|
@@ -5,7 +5,7 @@
|
||||||
|
INT_TESTS = sha2
|
||||||
|
|
||||||
|
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
|
||||||
|
-OSSL_TESTS = sha2 des 3des cast5
|
||||||
|
+OSSL_TESTS = sha2
|
||||||
|
|
||||||
|
ZLIB_TST = pgp-compression
|
||||||
|
ZLIB_OFF_TST = pgp-zlib-DISABLED
|
||||||
|
@@ -49,12 +49,13 @@
|
||||||
|
pgcrypto--1.0--1.1.sql
|
||||||
|
PGFILEDESC = "pgcrypto - cryptographic functions"
|
||||||
|
|
||||||
|
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
|
||||||
|
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \
|
||||||
|
$(CF_TESTS) \
|
||||||
|
- crypt-des crypt-md5 crypt-blowfish crypt-xdes \
|
||||||
|
+ crypt-md5 \
|
||||||
|
pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
|
||||||
|
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
|
||||||
|
|
||||||
|
+#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \
|
||||||
|
EXTRA_CLEAN = gen-rtab
|
||||||
|
|
||||||
|
ifdef USE_PGXS
|
||||||
|
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql
|
||||||
|
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
|
||||||
|
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400
|
||||||
|
@@ -5,16 +5,6 @@
|
||||||
|
-- Checking ciphers
|
||||||
|
select pgp_sym_decrypt(dearmor('
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
|
||||||
|
-
|
||||||
|
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
|
||||||
|
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
|
||||||
|
-=JcP+
|
||||||
|
------END PGP MESSAGE-----
|
||||||
|
-'), 'foobar');
|
||||||
|
-
|
||||||
|
-select pgp_sym_decrypt(dearmor('
|
||||||
|
------BEGIN PGP MESSAGE-----
|
||||||
|
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||||
|
|
||||||
|
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
|
||||||
|
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
|
||||||
|
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
|
||||||
|
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400
|
||||||
|
@@ -606,9 +606,6 @@
|
||||||
|
from keytbl, encdata where keytbl.id=1 and encdata.id=1;
|
||||||
|
|
||||||
|
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
|
||||||
|
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
|
||||||
|
-
|
||||||
|
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
|
||||||
|
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
|
||||||
|
|
||||||
|
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
|
@ -63,7 +63,7 @@ Summary: PostgreSQL client programs
|
|||||||
Name: postgresql
|
Name: postgresql
|
||||||
%global majorversion 13
|
%global majorversion 13
|
||||||
Version: %{majorversion}.3
|
Version: %{majorversion}.3
|
||||||
Release: 8%{?dist}
|
Release: 10%{?dist}
|
||||||
|
|
||||||
# The PostgreSQL license is very similar to other MIT licenses, but the OSI
|
# The PostgreSQL license is very similar to other MIT licenses, but the OSI
|
||||||
# recognizes it as an independent license, so we do as well.
|
# recognizes it as an independent license, so we do as well.
|
||||||
@ -111,7 +111,8 @@ Patch5: postgresql-var-run-socket.patch
|
|||||||
Patch8: postgresql-external-libpq.patch
|
Patch8: postgresql-external-libpq.patch
|
||||||
Patch9: postgresql-server-pg_config.patch
|
Patch9: postgresql-server-pg_config.patch
|
||||||
Patch12: postgresql-no-libecpg.patch
|
Patch12: postgresql-no-libecpg.patch
|
||||||
Patch13: postgresql-openssl3-tests.patch
|
Patch13: postgresql-pgcrypto-openssl3-init.patch
|
||||||
|
Patch14: postgresql-pgcrypto-openssl3-tests.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -427,6 +428,7 @@ goal of accelerating analytics queries.
|
|||||||
%endif
|
%endif
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
|
||||||
# We used to run autoconf here, but there's no longer any real need to,
|
# We used to run autoconf here, but there's no longer any real need to,
|
||||||
# since Postgres ships with a reasonably modern configure script.
|
# since Postgres ships with a reasonably modern configure script.
|
||||||
@ -1219,6 +1221,18 @@ make -C postgresql-setup-%{setup_version} check
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 13 2021 Ondrej Dubaj <odubaj@redhat.com> - 13.3-10
|
||||||
|
- Release bum due to gating configuration
|
||||||
|
|
||||||
|
* Tue Sep 21 2021 Filip Januš <fjanus@redhat.com> - 13.3-9
|
||||||
|
- Remove tests failing with openssl3, now pgp is tested only with
|
||||||
|
supported ciphers
|
||||||
|
Add postgresql-pgcrypto-openssl3-init.patch - Correctly init ciphers
|
||||||
|
Add postgresql-pgcrypto-openssl3-tests.patch - disable unsupported
|
||||||
|
ciphers in the test suite
|
||||||
|
Related discussion: #2008773
|
||||||
|
Resolves: #1964848
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com>
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com>
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
@ -1297,7 +1311,7 @@ make -C postgresql-setup-%{setup_version} check
|
|||||||
Fixes CVE-2020-25695
|
Fixes CVE-2020-25695
|
||||||
Fixes CVE-2020-25696
|
Fixes CVE-2020-25696
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 12.4-5
|
* Wed Jan 13 2021 Fedora Release Engineering <releng@fedoraproject.org> - 12.4-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
* Mon Nov 16 2020 Honza Horak <hhorak@redhat.com> - 12.4-4
|
* Mon Nov 16 2020 Honza Horak <hhorak@redhat.com> - 12.4-4
|
||||||
|
Loading…
Reference in New Issue
Block a user