From f9279fcfb347520754a88b8aa4742e76b9a49b4b Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Thu, 21 Dec 2023 12:14:22 +0300
Subject: [PATCH] import OL
 postgresql-10.23-3.0.1.module+el8.9.0+90108+1bfb5b17

---
 ...gresql-service-network-binding-issue.patch |  38 ++
 SOURCES/postgresql-10.23-CVE-2023-5869.patch  | 576 ++++++++++++++++++
 SPECS/postgresql.spec                         |  15 +-
 3 files changed, 628 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch
 create mode 100644 SOURCES/postgresql-10.23-CVE-2023-5869.patch

diff --git a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch
new file mode 100644
index 0000000..deca076
--- /dev/null
+++ b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch
@@ -0,0 +1,38 @@
+From df5ba865eb8a42147d23100b37322921ad98248a Mon Sep 17 00:00:00 2001
+From: sagar sagar <sagar.sagar@oracle.com>
+Date: Thu, 11 May 2023 15:49:37 +0530
+Subject: [PATCH] Fixed postgresql service network binding issue during bootup
+
+During the bootup, the postgresql service requires port bind to network
+address to assign configured in /var/lib/pgsql/data/postgresql.conf but the
+service is not able to do if the network service has not yet assigned an IP
+address to the network interface.
+By using "network-online.target" parameter in
+/usr/lib/systemd/system/postgresql.service we are postponing the postgresql
+service to run until we have not got the IP address assinged.
+
+For more info :-
+https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+Orabug: 35103668
+
+Signed-off-by: sagar sagar <sagar.sagar@oracle.com>
+---
+ postgresql-setup-8.7/postgresql.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/postgresql-setup-8.7/postgresql.service.in b/postgresql-setup-8.7/postgresql.service.in
+index c73c42a..893e6fa 100644
+--- a/postgresql-setup-8.7/postgresql.service.in
++++ b/postgresql-setup-8.7/postgresql.service.in
+@@ -6,7 +6,7 @@
+ 
+ [Unit]
+ Description=PostgreSQL database server
+-After=network.target
++After=network-online.target
+ 
+ [Service]
+ Type=notify
+-- 
+2.31.1
+
diff --git a/SOURCES/postgresql-10.23-CVE-2023-5869.patch b/SOURCES/postgresql-10.23-CVE-2023-5869.patch
new file mode 100644
index 0000000..804a634
--- /dev/null
+++ b/SOURCES/postgresql-10.23-CVE-2023-5869.patch
@@ -0,0 +1,576 @@
+From d267cea24ea346c739c85bf7bccbd8e8f59da6b3 Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 6 Nov 2023 10:56:43 -0500
+Subject: [PATCH 1/1] Detect integer overflow while computing new array
+ dimensions.
+
+array_set_element() and related functions allow an array to be
+enlarged by assigning to subscripts outside the current array bounds.
+While these places were careful to check that the new bounds are
+allowable, they neglected to consider the risk of integer overflow
+in computing the new bounds.  In edge cases, we could compute new
+bounds that are invalid but get past the subsequent checks,
+allowing bad things to happen.  Memory stomps that are potentially
+exploitable for arbitrary code execution are possible, and so is
+disclosure of server memory.
+
+To fix, perform the hazardous computations using overflow-detecting
+arithmetic routines, which fortunately exist in all still-supported
+branches.
+
+The test cases added for this generate (after patching) errors that
+mention the value of MaxArraySize, which is platform-dependent.
+Rather than introduce multiple expected-files, use psql's VERBOSITY
+parameter to suppress the printing of the message text.  v11 psql
+lacks that parameter, so omit the tests in that branch.
+
+Our thanks to Pedro Gallegos for reporting this problem.
+
+Security: CVE-2023-5869
+Sign-Off-By: Tianyue Lan <tianyue.lan@oracle.com>
+
+---
+ src/backend/utils/adt/arrayfuncs.c   | 85 ++++++++++++++++++++++------
+ src/backend/utils/adt/arrayutils.c   |  6 --
+ src/include/utils/array.h            |  7 +++
+ src/test/regress/expected/arrays.out | 17 ++++++
+ src/test/regress/sql/arrays.sql      | 19 +++++++
+ src/include/common/int.h | 273 +++++++++++++++++++++++++++++++++++++++
+ create mode 100644 src/include/common/int.h
+ 6 files changed, 383 insertions(+), 24 deletions(-)
+
+diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
+index 553c517..7363893 100644
+--- a/src/backend/utils/adt/arrayfuncs.c
++++ b/src/backend/utils/adt/arrayfuncs.c
+@@ -22,6 +22,7 @@
+ 
+ #include "access/htup_details.h"
+ #include "catalog/pg_type.h"
++#include "common/int.h"
+ #include "funcapi.h"
+ #include "libpq/pqformat.h"
+ #include "utils/array.h"
+@@ -2309,22 +2310,38 @@ array_set_element(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
++	 * Check subscripts.  We assume the existing subscripts passed
++	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
++	 * overflow.  But we must beware of other overflows in our calculations of
++	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
++			/* addedbefore = lb[0] - indx[0]; */
++			/* dim[0] += addedbefore; */
++			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
++				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			if (addedbefore > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
++			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
++			/* dim[0] += addedafter; */
++			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
++				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
++				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+@@ -2568,14 +2585,23 @@ array_set_element_expanded(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts (this logic matches original array_set_element)
++	 * Check subscripts (this logic must match array_set_element).  We assume
++	 * the existing subscripts passed ArrayCheckBounds, so that dim[i] + lb[i]
++	 * can be computed without overflow.  But we must beware of other
++	 * overflows in our calculations of new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
++			/* addedbefore = lb[0] - indx[0]; */
++			/* dim[0] += addedbefore; */
++			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
++				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			dimschanged = true;
+ 			if (addedbefore > 1)
+@@ -2583,8 +2609,15 @@ array_set_element_expanded(Datum arraydatum,
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
++			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
++			/* dim[0] += addedafter; */
++			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
++				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
++				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
+ 			dimschanged = true;
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+@@ -2866,7 +2899,10 @@ array_set_slice(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
++	 * Check subscripts.  We assume the existing subscripts passed
++	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
++	 * overflow.  But we must beware of other overflows in our calculations of
++	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+@@ -2881,18 +2917,31 @@ array_set_slice(Datum arraydatum,
+ 					 errmsg("upper bound cannot be less than lower bound")));
+ 		if (lowerIndx[0] < lb[0])
+ 		{
+-			if (upperIndx[0] < lb[0] - 1)
+-				newhasnulls = true; /* will insert nulls */
+-			addedbefore = lb[0] - lowerIndx[0];
+-			dim[0] += addedbefore;
++			/* addedbefore = lb[0] - lowerIndx[0]; */
++			/* dim[0] += addedbefore; */
++			if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) ||
++				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
+ 			lb[0] = lowerIndx[0];
++			if (addedbefore > 1)
++				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (upperIndx[0] >= (dim[0] + lb[0]))
+ 		{
+-			if (lowerIndx[0] > (dim[0] + lb[0]))
++			/* addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; */
++			/* dim[0] += addedafter; */
++			if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) ||
++				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
++				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
++				ereport(ERROR,
++						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						 errmsg("array size exceeds the maximum allowed (%d)",
++								(int) MaxArraySize)));
++			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+-			addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+ 		}
+ 	}
+ 	else
+diff --git a/src/backend/utils/adt/arrayutils.c b/src/backend/utils/adt/arrayutils.c
+index f7c6a51..eb5f2a0 100644
+--- a/src/backend/utils/adt/arrayutils.c
++++ b/src/backend/utils/adt/arrayutils.c
+@@ -63,10 +63,6 @@ ArrayGetOffset0(int n, const int *tup, const int *scale)
+  * This must do overflow checking, since it is used to validate that a user
+  * dimensionality request doesn't overflow what we can handle.
+  *
+- * We limit array sizes to at most about a quarter billion elements,
+- * so that it's not necessary to check for overflow in quite so many
+- * places --- for instance when palloc'ing Datum arrays.
+- *
+  * The multiplication overflow check only works on machines that have int64
+  * arithmetic, but that is nearly all platforms these days, and doing check
+  * divides for those that don't seems way too expensive.
+@@ -77,8 +73,6 @@ ArrayGetNItems(int ndim, const int *dims)
+ 	int32		ret;
+ 	int			i;
+ 
+-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+-
+ 	if (ndim <= 0)
+ 		return 0;
+ 	ret = 1;
+diff --git a/src/include/utils/array.h b/src/include/utils/array.h
+index 905f6b0..3e4c09d 100644
+--- a/src/include/utils/array.h
++++ b/src/include/utils/array.h
+@@ -65,6 +65,13 @@
+ #include "utils/expandeddatum.h"
+ 
+ 
++/*
++ * Maximum number of elements in an array.  We limit this to at most about a
++ * quarter billion elements, so that it's not necessary to check for overflow
++ * in quite so many places --- for instance when palloc'ing Datum arrays.
++ */
++#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
++
+ /*
+  * Arrays are varlena objects, so must meet the varlena convention that
+  * the first int32 of the object contains the total object size in bytes.
+diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
+index c730563..e4ec394 100644
+--- a/src/test/regress/expected/arrays.out
++++ b/src/test/regress/expected/arrays.out
+@@ -1347,6 +1347,23 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ -- then you didn't get an indexscan plan, and something is busted.
+ reset enable_seqscan;
+ reset enable_bitmapscan;
++-- test subscript overflow detection
++-- The normal error message includes a platform-dependent limit,
++-- so suppress it to avoid needing multiple expected-files.
++\set VERBOSITY terse
++insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
++update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
++ERROR:  array size exceeds the maximum allowed (134217727)
++update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
++ERROR:  array size exceeds the maximum allowed (134217727)
++-- also exercise the expanded-array case
++do $$ declare a int[];
++begin
++  a := '[-2147483648:-2147483647]={1,2}'::int[];
++  a[2147483647] := 42;
++end $$;
++ERROR:  array size exceeds the maximum allowed (134217727)
++\set VERBOSITY default
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+  ?column? 
+diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
+index 25dd4e2..4ad6e55 100644
+--- a/src/test/regress/sql/arrays.sql
++++ b/src/test/regress/sql/arrays.sql
+@@ -407,6 +407,25 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ reset enable_seqscan;
+ reset enable_bitmapscan;
+ 
++-- test subscript overflow detection
++
++-- The normal error message includes a platform-dependent limit,
++-- so suppress it to avoid needing multiple expected-files.
++\set VERBOSITY terse
++
++insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
++update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
++update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
++
++-- also exercise the expanded-array case
++do $$ declare a int[];
++begin
++  a := '[-2147483648:-2147483647]={1,2}'::int[];
++  a[2147483647] := 42;
++end $$;
++
++\set VERBOSITY default
++
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+ select 'foo' like any (array['%a', '%b']); -- f
+
+diff --git a/src/include/common/int.h b/src/include/common/int.h
+new file mode 100644
+index 0000000..d754798
+--- /dev/null
++++ b/src/include/common/int.h
+@@ -0,0 +1,273 @@
++/*-------------------------------------------------------------------------
++ *
++ * int.h
++ *	  Routines to perform integer math, while checking for overflows.
++ *
++ * The routines in this file are intended to be well defined C, without
++ * relying on compiler flags like -fwrapv.
++ *
++ * To reduce the overhead of these routines try to use compiler intrinsics
++ * where available. That's not that important for the 16, 32 bit cases, but
++ * the 64 bit cases can be considerably faster with intrinsics. In case no
++ * intrinsics are available 128 bit math is used where available.
++ *
++ * Copyright (c) 2017-2019, PostgreSQL Global Development Group
++ *
++ * src/include/common/int.h
++ *
++ *-------------------------------------------------------------------------
++ */
++#ifndef COMMON_INT_H
++#define COMMON_INT_H
++
++/*
++ * If a + b overflows, return true, otherwise store the result of a + b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_add_s16_overflow(int16 a, int16 b, int16 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_add_overflow(a, b, result);
++#else
++	int32		res = (int32) a + (int32) b;
++
++	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int16) res;
++	return false;
++#endif
++}
++
++/*
++ * If a - b overflows, return true, otherwise store the result of a - b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_sub_s16_overflow(int16 a, int16 b, int16 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_sub_overflow(a, b, result);
++#else
++	int32		res = (int32) a - (int32) b;
++
++	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int16) res;
++	return false;
++#endif
++}
++
++/*
++ * If a * b overflows, return true, otherwise store the result of a * b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_mul_s16_overflow(int16 a, int16 b, int16 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_mul_overflow(a, b, result);
++#else
++	int32		res = (int32) a * (int32) b;
++
++	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int16) res;
++	return false;
++#endif
++}
++
++/*
++ * If a + b overflows, return true, otherwise store the result of a + b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_add_s32_overflow(int32 a, int32 b, int32 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_add_overflow(a, b, result);
++#else
++	int64		res = (int64) a + (int64) b;
++
++	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int32) res;
++	return false;
++#endif
++}
++
++/*
++ * If a - b overflows, return true, otherwise store the result of a - b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_sub_s32_overflow(int32 a, int32 b, int32 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_sub_overflow(a, b, result);
++#else
++	int64		res = (int64) a - (int64) b;
++
++	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int32) res;
++	return false;
++#endif
++}
++
++/*
++ * If a * b overflows, return true, otherwise store the result of a * b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_mul_s32_overflow(int32 a, int32 b, int32 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_mul_overflow(a, b, result);
++#else
++	int64		res = (int64) a * (int64) b;
++
++	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int32) res;
++	return false;
++#endif
++}
++
++/*
++ * If a + b overflows, return true, otherwise store the result of a + b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_add_s64_overflow(int64 a, int64 b, int64 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_add_overflow(a, b, result);
++#elif defined(HAVE_INT128)
++	int128		res = (int128) a + (int128) b;
++
++	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int64) res;
++	return false;
++#else
++	if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) ||
++		(a < 0 && b < 0 && a < PG_INT64_MIN - b))
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = a + b;
++	return false;
++#endif
++}
++
++/*
++ * If a - b overflows, return true, otherwise store the result of a - b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_sub_s64_overflow(int64 a, int64 b, int64 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_sub_overflow(a, b, result);
++#elif defined(HAVE_INT128)
++	int128		res = (int128) a - (int128) b;
++
++	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int64) res;
++	return false;
++#else
++	if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) ||
++		(a > 0 && b < 0 && a > PG_INT64_MAX + b))
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = a - b;
++	return false;
++#endif
++}
++
++/*
++ * If a * b overflows, return true, otherwise store the result of a * b into
++ * *result. The content of *result is implementation defined in case of
++ * overflow.
++ */
++static inline bool
++pg_mul_s64_overflow(int64 a, int64 b, int64 *result)
++{
++#if defined(HAVE__BUILTIN_OP_OVERFLOW)
++	return __builtin_mul_overflow(a, b, result);
++#elif defined(HAVE_INT128)
++	int128		res = (int128) a * (int128) b;
++
++	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = (int64) res;
++	return false;
++#else
++	/*
++	 * Overflow can only happen if at least one value is outside the range
++	 * sqrt(min)..sqrt(max) so check that first as the division can be quite a
++	 * bit more expensive than the multiplication.
++	 *
++	 * Multiplying by 0 or 1 can't overflow of course and checking for 0
++	 * separately avoids any risk of dividing by 0.  Be careful about dividing
++	 * INT_MIN by -1 also, note reversing the a and b to ensure we're always
++	 * dividing it by a positive value.
++	 *
++	 */
++	if ((a > PG_INT32_MAX || a < PG_INT32_MIN ||
++		 b > PG_INT32_MAX || b < PG_INT32_MIN) &&
++		a != 0 && a != 1 && b != 0 && b != 1 &&
++		((a > 0 && b > 0 && a > PG_INT64_MAX / b) ||
++		 (a > 0 && b < 0 && b < PG_INT64_MIN / a) ||
++		 (a < 0 && b > 0 && a < PG_INT64_MIN / b) ||
++		 (a < 0 && b < 0 && a < PG_INT64_MAX / b)))
++	{
++		*result = 0x5EED;		/* to avoid spurious warnings */
++		return true;
++	}
++	*result = a * b;
++	return false;
++#endif
++}
++
++#endif							/* COMMON_INT_H */
+-- 
+2.39.3
+
diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec
index e5c828a..0dd3286 100644
--- a/SPECS/postgresql.spec
+++ b/SPECS/postgresql.spec
@@ -59,7 +59,7 @@ Summary: PostgreSQL client programs
 Name: postgresql
 %global majorversion 10
 Version: %{majorversion}.23
-Release: 2%{?dist}
+Release: 3.0.1%{?dist}
 
 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@@ -110,6 +110,10 @@ Patch9: postgresql-server-pg_config.patch
 Patch10: postgresql-10.15-contrib-dblink-expected-out.patch
 Patch11: postgresql-10.23-CVE-2023-2454.patch
 Patch12: postgresql-10.23-CVE-2023-2455.patch
+Patch13: postgresql-10.23-CVE-2023-5869.patch
+
+#Oracle Patches 
+Patch1001: 1001-Fixed-postgresql-service-network-binding-issue.patch
 
 BuildRequires: gcc
 BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk
@@ -371,6 +375,9 @@ benchmarks.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
+
+%patch1001 -p1
 
 # We used to run autoconf here, but there's no longer any real need to,
 # since Postgres ships with a reasonably modern configure script.
@@ -1175,6 +1182,12 @@ make -C postgresql-setup-%{setup_version} check
 
 
 %changelog
+* Mon Dec 18 2023 Lubos Kloucek <lubos.kloucek@oracle.com> - 10.23-3.0.1
+- Resolves: CVE-2023-5869
+
+* Tue Aug 08 2023 David Sloboda <david.x.sloboda@oracle.com> - 10.23-2.0.1
+- Fixed postgresql port binding issue during bootup [Orabug: 35103668]
+
 * Wed Jul 19 2023 Dominik Rehák <drehak@redhat.com> - 10.23-2
 - Backport fixes for CVE-2023-2454 and CVE-2023-2455
 - Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)