diff --git a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch new file mode 100644 index 0000000..deca076 --- /dev/null +++ b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch @@ -0,0 +1,38 @@ +From df5ba865eb8a42147d23100b37322921ad98248a Mon Sep 17 00:00:00 2001 +From: sagar sagar +Date: Thu, 11 May 2023 15:49:37 +0530 +Subject: [PATCH] Fixed postgresql service network binding issue during bootup + +During the bootup, the postgresql service requires port bind to network +address to assign configured in /var/lib/pgsql/data/postgresql.conf but the +service is not able to do if the network service has not yet assigned an IP +address to the network interface. +By using "network-online.target" parameter in +/usr/lib/systemd/system/postgresql.service we are postponing the postgresql +service to run until we have not got the IP address assinged. + +For more info :- +https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ +Orabug: 35103668 + +Signed-off-by: sagar sagar +--- + postgresql-setup-8.7/postgresql.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/postgresql-setup-8.7/postgresql.service.in b/postgresql-setup-8.7/postgresql.service.in +index c73c42a..893e6fa 100644 +--- a/postgresql-setup-8.7/postgresql.service.in ++++ b/postgresql-setup-8.7/postgresql.service.in +@@ -6,7 +6,7 @@ + + [Unit] + Description=PostgreSQL database server +-After=network.target ++After=network-online.target + + [Service] + Type=notify +-- +2.31.1 + diff --git a/SOURCES/postgresql-10.23-CVE-2023-5869.patch b/SOURCES/postgresql-10.23-CVE-2023-5869.patch new file mode 100644 index 0000000..804a634 --- /dev/null +++ b/SOURCES/postgresql-10.23-CVE-2023-5869.patch @@ -0,0 +1,576 @@ +From d267cea24ea346c739c85bf7bccbd8e8f59da6b3 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Mon, 6 Nov 2023 10:56:43 -0500 +Subject: [PATCH 1/1] Detect integer overflow while computing new array + dimensions. + +array_set_element() and related functions allow an array to be +enlarged by assigning to subscripts outside the current array bounds. +While these places were careful to check that the new bounds are +allowable, they neglected to consider the risk of integer overflow +in computing the new bounds. In edge cases, we could compute new +bounds that are invalid but get past the subsequent checks, +allowing bad things to happen. Memory stomps that are potentially +exploitable for arbitrary code execution are possible, and so is +disclosure of server memory. + +To fix, perform the hazardous computations using overflow-detecting +arithmetic routines, which fortunately exist in all still-supported +branches. + +The test cases added for this generate (after patching) errors that +mention the value of MaxArraySize, which is platform-dependent. +Rather than introduce multiple expected-files, use psql's VERBOSITY +parameter to suppress the printing of the message text. v11 psql +lacks that parameter, so omit the tests in that branch. + +Our thanks to Pedro Gallegos for reporting this problem. + +Security: CVE-2023-5869 +Sign-Off-By: Tianyue Lan + +--- + src/backend/utils/adt/arrayfuncs.c | 85 ++++++++++++++++++++++------ + src/backend/utils/adt/arrayutils.c | 6 -- + src/include/utils/array.h | 7 +++ + src/test/regress/expected/arrays.out | 17 ++++++ + src/test/regress/sql/arrays.sql | 19 +++++++ + src/include/common/int.h | 273 +++++++++++++++++++++++++++++++++++++++ + create mode 100644 src/include/common/int.h + 6 files changed, 383 insertions(+), 24 deletions(-) + +diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c +index 553c517..7363893 100644 +--- a/src/backend/utils/adt/arrayfuncs.c ++++ b/src/backend/utils/adt/arrayfuncs.c +@@ -22,6 +22,7 @@ + + #include "access/htup_details.h" + #include "catalog/pg_type.h" ++#include "common/int.h" + #include "funcapi.h" + #include "libpq/pqformat.h" + #include "utils/array.h" +@@ -2309,22 +2310,38 @@ array_set_element(Datum arraydatum, + addedbefore = addedafter = 0; + + /* +- * Check subscripts ++ * Check subscripts. We assume the existing subscripts passed ++ * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without ++ * overflow. But we must beware of other overflows in our calculations of ++ * new dim[] values. + */ + if (ndim == 1) + { + if (indx[0] < lb[0]) + { +- addedbefore = lb[0] - indx[0]; +- dim[0] += addedbefore; ++ /* addedbefore = lb[0] - indx[0]; */ ++ /* dim[0] += addedbefore; */ ++ if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) || ++ pg_add_s32_overflow(dim[0], addedbefore, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); + lb[0] = indx[0]; + if (addedbefore > 1) + newhasnulls = true; /* will insert nulls */ + } + if (indx[0] >= (dim[0] + lb[0])) + { +- addedafter = indx[0] - (dim[0] + lb[0]) + 1; +- dim[0] += addedafter; ++ /* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */ ++ /* dim[0] += addedafter; */ ++ if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) || ++ pg_add_s32_overflow(addedafter, 1, &addedafter) || ++ pg_add_s32_overflow(dim[0], addedafter, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); + if (addedafter > 1) + newhasnulls = true; /* will insert nulls */ + } +@@ -2568,14 +2585,23 @@ array_set_element_expanded(Datum arraydatum, + addedbefore = addedafter = 0; + + /* +- * Check subscripts (this logic matches original array_set_element) ++ * Check subscripts (this logic must match array_set_element). We assume ++ * the existing subscripts passed ArrayCheckBounds, so that dim[i] + lb[i] ++ * can be computed without overflow. But we must beware of other ++ * overflows in our calculations of new dim[] values. + */ + if (ndim == 1) + { + if (indx[0] < lb[0]) + { +- addedbefore = lb[0] - indx[0]; +- dim[0] += addedbefore; ++ /* addedbefore = lb[0] - indx[0]; */ ++ /* dim[0] += addedbefore; */ ++ if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) || ++ pg_add_s32_overflow(dim[0], addedbefore, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); + lb[0] = indx[0]; + dimschanged = true; + if (addedbefore > 1) +@@ -2583,8 +2609,15 @@ array_set_element_expanded(Datum arraydatum, + } + if (indx[0] >= (dim[0] + lb[0])) + { +- addedafter = indx[0] - (dim[0] + lb[0]) + 1; +- dim[0] += addedafter; ++ /* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */ ++ /* dim[0] += addedafter; */ ++ if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) || ++ pg_add_s32_overflow(addedafter, 1, &addedafter) || ++ pg_add_s32_overflow(dim[0], addedafter, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); + dimschanged = true; + if (addedafter > 1) + newhasnulls = true; /* will insert nulls */ +@@ -2866,7 +2899,10 @@ array_set_slice(Datum arraydatum, + addedbefore = addedafter = 0; + + /* +- * Check subscripts ++ * Check subscripts. We assume the existing subscripts passed ++ * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without ++ * overflow. But we must beware of other overflows in our calculations of ++ * new dim[] values. + */ + if (ndim == 1) + { +@@ -2881,18 +2917,31 @@ array_set_slice(Datum arraydatum, + errmsg("upper bound cannot be less than lower bound"))); + if (lowerIndx[0] < lb[0]) + { +- if (upperIndx[0] < lb[0] - 1) +- newhasnulls = true; /* will insert nulls */ +- addedbefore = lb[0] - lowerIndx[0]; +- dim[0] += addedbefore; ++ /* addedbefore = lb[0] - lowerIndx[0]; */ ++ /* dim[0] += addedbefore; */ ++ if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) || ++ pg_add_s32_overflow(dim[0], addedbefore, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); + lb[0] = lowerIndx[0]; ++ if (addedbefore > 1) ++ newhasnulls = true; /* will insert nulls */ + } + if (upperIndx[0] >= (dim[0] + lb[0])) + { +- if (lowerIndx[0] > (dim[0] + lb[0])) ++ /* addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; */ ++ /* dim[0] += addedafter; */ ++ if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) || ++ pg_add_s32_overflow(addedafter, 1, &addedafter) || ++ pg_add_s32_overflow(dim[0], addedafter, &dim[0])) ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("array size exceeds the maximum allowed (%d)", ++ (int) MaxArraySize))); ++ if (addedafter > 1) + newhasnulls = true; /* will insert nulls */ +- addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; +- dim[0] += addedafter; + } + } + else +diff --git a/src/backend/utils/adt/arrayutils.c b/src/backend/utils/adt/arrayutils.c +index f7c6a51..eb5f2a0 100644 +--- a/src/backend/utils/adt/arrayutils.c ++++ b/src/backend/utils/adt/arrayutils.c +@@ -63,10 +63,6 @@ ArrayGetOffset0(int n, const int *tup, const int *scale) + * This must do overflow checking, since it is used to validate that a user + * dimensionality request doesn't overflow what we can handle. + * +- * We limit array sizes to at most about a quarter billion elements, +- * so that it's not necessary to check for overflow in quite so many +- * places --- for instance when palloc'ing Datum arrays. +- * + * The multiplication overflow check only works on machines that have int64 + * arithmetic, but that is nearly all platforms these days, and doing check + * divides for those that don't seems way too expensive. +@@ -77,8 +73,6 @@ ArrayGetNItems(int ndim, const int *dims) + int32 ret; + int i; + +-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum))) +- + if (ndim <= 0) + return 0; + ret = 1; +diff --git a/src/include/utils/array.h b/src/include/utils/array.h +index 905f6b0..3e4c09d 100644 +--- a/src/include/utils/array.h ++++ b/src/include/utils/array.h +@@ -65,6 +65,13 @@ + #include "utils/expandeddatum.h" + + ++/* ++ * Maximum number of elements in an array. We limit this to at most about a ++ * quarter billion elements, so that it's not necessary to check for overflow ++ * in quite so many places --- for instance when palloc'ing Datum arrays. ++ */ ++#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum))) ++ + /* + * Arrays are varlena objects, so must meet the varlena convention that + * the first int32 of the object contains the total object size in bytes. +diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out +index c730563..e4ec394 100644 +--- a/src/test/regress/expected/arrays.out ++++ b/src/test/regress/expected/arrays.out +@@ -1347,6 +1347,23 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk) + -- then you didn't get an indexscan plan, and something is busted. + reset enable_seqscan; + reset enable_bitmapscan; ++-- test subscript overflow detection ++-- The normal error message includes a platform-dependent limit, ++-- so suppress it to avoid needing multiple expected-files. ++\set VERBOSITY terse ++insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}'); ++update arr_pk_tbl set f1[2147483647] = 42 where pk = 10; ++ERROR: array size exceeds the maximum allowed (134217727) ++update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10; ++ERROR: array size exceeds the maximum allowed (134217727) ++-- also exercise the expanded-array case ++do $$ declare a int[]; ++begin ++ a := '[-2147483648:-2147483647]={1,2}'::int[]; ++ a[2147483647] := 42; ++end $$; ++ERROR: array size exceeds the maximum allowed (134217727) ++\set VERBOSITY default + -- test [not] (like|ilike) (any|all) (...) + select 'foo' like any (array['%a', '%o']); -- t + ?column? +diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql +index 25dd4e2..4ad6e55 100644 +--- a/src/test/regress/sql/arrays.sql ++++ b/src/test/regress/sql/arrays.sql +@@ -407,6 +407,25 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk) + reset enable_seqscan; + reset enable_bitmapscan; + ++-- test subscript overflow detection ++ ++-- The normal error message includes a platform-dependent limit, ++-- so suppress it to avoid needing multiple expected-files. ++\set VERBOSITY terse ++ ++insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}'); ++update arr_pk_tbl set f1[2147483647] = 42 where pk = 10; ++update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10; ++ ++-- also exercise the expanded-array case ++do $$ declare a int[]; ++begin ++ a := '[-2147483648:-2147483647]={1,2}'::int[]; ++ a[2147483647] := 42; ++end $$; ++ ++\set VERBOSITY default ++ + -- test [not] (like|ilike) (any|all) (...) + select 'foo' like any (array['%a', '%o']); -- t + select 'foo' like any (array['%a', '%b']); -- f + +diff --git a/src/include/common/int.h b/src/include/common/int.h +new file mode 100644 +index 0000000..d754798 +--- /dev/null ++++ b/src/include/common/int.h +@@ -0,0 +1,273 @@ ++/*------------------------------------------------------------------------- ++ * ++ * int.h ++ * Routines to perform integer math, while checking for overflows. ++ * ++ * The routines in this file are intended to be well defined C, without ++ * relying on compiler flags like -fwrapv. ++ * ++ * To reduce the overhead of these routines try to use compiler intrinsics ++ * where available. That's not that important for the 16, 32 bit cases, but ++ * the 64 bit cases can be considerably faster with intrinsics. In case no ++ * intrinsics are available 128 bit math is used where available. ++ * ++ * Copyright (c) 2017-2019, PostgreSQL Global Development Group ++ * ++ * src/include/common/int.h ++ * ++ *------------------------------------------------------------------------- ++ */ ++#ifndef COMMON_INT_H ++#define COMMON_INT_H ++ ++/* ++ * If a + b overflows, return true, otherwise store the result of a + b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_add_s16_overflow(int16 a, int16 b, int16 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_add_overflow(a, b, result); ++#else ++ int32 res = (int32) a + (int32) b; ++ ++ if (res > PG_INT16_MAX || res < PG_INT16_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int16) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a - b overflows, return true, otherwise store the result of a - b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_sub_s16_overflow(int16 a, int16 b, int16 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_sub_overflow(a, b, result); ++#else ++ int32 res = (int32) a - (int32) b; ++ ++ if (res > PG_INT16_MAX || res < PG_INT16_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int16) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a * b overflows, return true, otherwise store the result of a * b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_mul_s16_overflow(int16 a, int16 b, int16 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_mul_overflow(a, b, result); ++#else ++ int32 res = (int32) a * (int32) b; ++ ++ if (res > PG_INT16_MAX || res < PG_INT16_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int16) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a + b overflows, return true, otherwise store the result of a + b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_add_s32_overflow(int32 a, int32 b, int32 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_add_overflow(a, b, result); ++#else ++ int64 res = (int64) a + (int64) b; ++ ++ if (res > PG_INT32_MAX || res < PG_INT32_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int32) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a - b overflows, return true, otherwise store the result of a - b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_sub_s32_overflow(int32 a, int32 b, int32 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_sub_overflow(a, b, result); ++#else ++ int64 res = (int64) a - (int64) b; ++ ++ if (res > PG_INT32_MAX || res < PG_INT32_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int32) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a * b overflows, return true, otherwise store the result of a * b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_mul_s32_overflow(int32 a, int32 b, int32 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_mul_overflow(a, b, result); ++#else ++ int64 res = (int64) a * (int64) b; ++ ++ if (res > PG_INT32_MAX || res < PG_INT32_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int32) res; ++ return false; ++#endif ++} ++ ++/* ++ * If a + b overflows, return true, otherwise store the result of a + b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_add_s64_overflow(int64 a, int64 b, int64 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_add_overflow(a, b, result); ++#elif defined(HAVE_INT128) ++ int128 res = (int128) a + (int128) b; ++ ++ if (res > PG_INT64_MAX || res < PG_INT64_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int64) res; ++ return false; ++#else ++ if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) || ++ (a < 0 && b < 0 && a < PG_INT64_MIN - b)) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = a + b; ++ return false; ++#endif ++} ++ ++/* ++ * If a - b overflows, return true, otherwise store the result of a - b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_sub_s64_overflow(int64 a, int64 b, int64 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_sub_overflow(a, b, result); ++#elif defined(HAVE_INT128) ++ int128 res = (int128) a - (int128) b; ++ ++ if (res > PG_INT64_MAX || res < PG_INT64_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int64) res; ++ return false; ++#else ++ if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) || ++ (a > 0 && b < 0 && a > PG_INT64_MAX + b)) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = a - b; ++ return false; ++#endif ++} ++ ++/* ++ * If a * b overflows, return true, otherwise store the result of a * b into ++ * *result. The content of *result is implementation defined in case of ++ * overflow. ++ */ ++static inline bool ++pg_mul_s64_overflow(int64 a, int64 b, int64 *result) ++{ ++#if defined(HAVE__BUILTIN_OP_OVERFLOW) ++ return __builtin_mul_overflow(a, b, result); ++#elif defined(HAVE_INT128) ++ int128 res = (int128) a * (int128) b; ++ ++ if (res > PG_INT64_MAX || res < PG_INT64_MIN) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = (int64) res; ++ return false; ++#else ++ /* ++ * Overflow can only happen if at least one value is outside the range ++ * sqrt(min)..sqrt(max) so check that first as the division can be quite a ++ * bit more expensive than the multiplication. ++ * ++ * Multiplying by 0 or 1 can't overflow of course and checking for 0 ++ * separately avoids any risk of dividing by 0. Be careful about dividing ++ * INT_MIN by -1 also, note reversing the a and b to ensure we're always ++ * dividing it by a positive value. ++ * ++ */ ++ if ((a > PG_INT32_MAX || a < PG_INT32_MIN || ++ b > PG_INT32_MAX || b < PG_INT32_MIN) && ++ a != 0 && a != 1 && b != 0 && b != 1 && ++ ((a > 0 && b > 0 && a > PG_INT64_MAX / b) || ++ (a > 0 && b < 0 && b < PG_INT64_MIN / a) || ++ (a < 0 && b > 0 && a < PG_INT64_MIN / b) || ++ (a < 0 && b < 0 && a < PG_INT64_MAX / b))) ++ { ++ *result = 0x5EED; /* to avoid spurious warnings */ ++ return true; ++ } ++ *result = a * b; ++ return false; ++#endif ++} ++ ++#endif /* COMMON_INT_H */ +-- +2.39.3 + diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec index e5c828a..0dd3286 100644 --- a/SPECS/postgresql.spec +++ b/SPECS/postgresql.spec @@ -59,7 +59,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 10 Version: %{majorversion}.23 -Release: 2%{?dist} +Release: 3.0.1%{?dist} # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -110,6 +110,10 @@ Patch9: postgresql-server-pg_config.patch Patch10: postgresql-10.15-contrib-dblink-expected-out.patch Patch11: postgresql-10.23-CVE-2023-2454.patch Patch12: postgresql-10.23-CVE-2023-2455.patch +Patch13: postgresql-10.23-CVE-2023-5869.patch + +#Oracle Patches +Patch1001: 1001-Fixed-postgresql-service-network-binding-issue.patch BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk @@ -371,6 +375,9 @@ benchmarks. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 + +%patch1001 -p1 # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -1175,6 +1182,12 @@ make -C postgresql-setup-%{setup_version} check %changelog +* Mon Dec 18 2023 Lubos Kloucek - 10.23-3.0.1 +- Resolves: CVE-2023-5869 + +* Tue Aug 08 2023 David Sloboda - 10.23-2.0.1 +- Fixed postgresql port binding issue during bootup [Orabug: 35103668] + * Wed Jul 19 2023 Dominik Rehák - 10.23-2 - Backport fixes for CVE-2023-2454 and CVE-2023-2455 - Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)