import OL postgresql-10.23-3.0.1.module+el8.9.0+90108+1bfb5b17

2023-12-21 12:14:22 +03:00 · 2023-12-21 12:14:22 +03:00 · f9279fcfb3
commit f9279fcfb3
parent 52521430de
3 changed files with 628 additions and 1 deletions
--- a/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch
+++ b/SOURCES/1001-Fixed-postgresql-service-network-binding-issue.patch
@ -0,0 +1,38 @@
+From df5ba865eb8a42147d23100b37322921ad98248a Mon Sep 17 00:00:00 2001
+From: sagar sagar <sagar.sagar@oracle.com>
+Date: Thu, 11 May 2023 15:49:37 +0530
+Subject: [PATCH] Fixed postgresql service network binding issue during bootup
+
+During the bootup, the postgresql service requires port bind to network
+address to assign configured in /var/lib/pgsql/data/postgresql.conf but the
+service is not able to do if the network service has not yet assigned an IP
+address to the network interface.
+By using "network-online.target" parameter in
+/usr/lib/systemd/system/postgresql.service we are postponing the postgresql
+service to run until we have not got the IP address assinged.
+
+For more info :-
+https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+Orabug: 35103668
+
+Signed-off-by: sagar sagar <sagar.sagar@oracle.com>
+---
+ postgresql-setup-8.7/postgresql.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/postgresql-setup-8.7/postgresql.service.in b/postgresql-setup-8.7/postgresql.service.in
+index c73c42a..893e6fa 100644
+--- a/postgresql-setup-8.7/postgresql.service.in
+++ b/postgresql-setup-8.7/postgresql.service.in
+@@ -6,7 +6,7 @@
+ 
+ [Unit]
+ Description=PostgreSQL database server
+-After=network.target
+After=network-online.target
+ 
+ [Service]
+ Type=notify
+-- 
+2.31.1
+
--- a/SOURCES/postgresql-10.23-CVE-2023-5869.patch
+++ b/SOURCES/postgresql-10.23-CVE-2023-5869.patch
@ -0,0 +1,576 @@
+From d267cea24ea346c739c85bf7bccbd8e8f59da6b3 Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 6 Nov 2023 10:56:43 -0500
+Subject: [PATCH 1/1] Detect integer overflow while computing new array
+ dimensions.
+
+array_set_element() and related functions allow an array to be
+enlarged by assigning to subscripts outside the current array bounds.
+While these places were careful to check that the new bounds are
+allowable, they neglected to consider the risk of integer overflow
+in computing the new bounds.  In edge cases, we could compute new
+bounds that are invalid but get past the subsequent checks,
+allowing bad things to happen.  Memory stomps that are potentially
+exploitable for arbitrary code execution are possible, and so is
+disclosure of server memory.
+
+To fix, perform the hazardous computations using overflow-detecting
+arithmetic routines, which fortunately exist in all still-supported
+branches.
+
+The test cases added for this generate (after patching) errors that
+mention the value of MaxArraySize, which is platform-dependent.
+Rather than introduce multiple expected-files, use psql's VERBOSITY
+parameter to suppress the printing of the message text.  v11 psql
+lacks that parameter, so omit the tests in that branch.
+
+Our thanks to Pedro Gallegos for reporting this problem.
+
+Security: CVE-2023-5869
+Sign-Off-By: Tianyue Lan <tianyue.lan@oracle.com>
+
+---
+ src/backend/utils/adt/arrayfuncs.c   | 85 ++++++++++++++++++++++------
+ src/backend/utils/adt/arrayutils.c   |  6 --
+ src/include/utils/array.h            |  7 +++
+ src/test/regress/expected/arrays.out | 17 ++++++
+ src/test/regress/sql/arrays.sql      | 19 +++++++
+ src/include/common/int.h | 273 +++++++++++++++++++++++++++++++++++++++
+ create mode 100644 src/include/common/int.h
+ 6 files changed, 383 insertions(+), 24 deletions(-)
+
+diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
+index 553c517..7363893 100644
+--- a/src/backend/utils/adt/arrayfuncs.c
+++ b/src/backend/utils/adt/arrayfuncs.c
+@@ -22,6 +22,7 @@
+ 
+ #include "access/htup_details.h"
+ #include "catalog/pg_type.h"
+#include "common/int.h"
+ #include "funcapi.h"
+ #include "libpq/pqformat.h"
+ #include "utils/array.h"
+@@ -2309,22 +2310,38 @@ array_set_element(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
+	 * Check subscripts.  We assume the existing subscripts passed
+	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+	 * overflow.  But we must beware of other overflows in our calculations of
+	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - indx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			if (addedbefore > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+@@ -2568,14 +2585,23 @@ array_set_element_expanded(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts (this logic matches original array_set_element)
+	 * Check subscripts (this logic must match array_set_element).  We assume
+	 * the existing subscripts passed ArrayCheckBounds, so that dim[i] + lb[i]
+	 * can be computed without overflow.  But we must beware of other
+	 * overflows in our calculations of new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - indx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			dimschanged = true;
+ 			if (addedbefore > 1)
+@@ -2583,8 +2609,15 @@ array_set_element_expanded(Datum arraydatum,
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			dimschanged = true;
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+@@ -2866,7 +2899,10 @@ array_set_slice(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
+	 * Check subscripts.  We assume the existing subscripts passed
+	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+	 * overflow.  But we must beware of other overflows in our calculations of
+	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+@@ -2881,18 +2917,31 @@ array_set_slice(Datum arraydatum,
+ 					 errmsg("upper bound cannot be less than lower bound")));
+ 		if (lowerIndx[0] < lb[0])
+ 		{
+-			if (upperIndx[0] < lb[0] - 1)
+-				newhasnulls = true; /* will insert nulls */
+-			addedbefore = lb[0] - lowerIndx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - lowerIndx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = lowerIndx[0];
+			if (addedbefore > 1)
+				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (upperIndx[0] >= (dim[0] + lb[0]))
+ 		{
+-			if (lowerIndx[0] > (dim[0] + lb[0]))
+			/* addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+-			addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+ 		}
+ 	}
+ 	else
+diff --git a/src/backend/utils/adt/arrayutils.c b/src/backend/utils/adt/arrayutils.c
+index f7c6a51..eb5f2a0 100644
+--- a/src/backend/utils/adt/arrayutils.c
+++ b/src/backend/utils/adt/arrayutils.c
+@@ -63,10 +63,6 @@ ArrayGetOffset0(int n, const int *tup, const int *scale)
+  * This must do overflow checking, since it is used to validate that a user
+  * dimensionality request doesn't overflow what we can handle.
+  *
+- * We limit array sizes to at most about a quarter billion elements,
+- * so that it's not necessary to check for overflow in quite so many
+- * places --- for instance when palloc'ing Datum arrays.
+- *
+  * The multiplication overflow check only works on machines that have int64
+  * arithmetic, but that is nearly all platforms these days, and doing check
+  * divides for those that don't seems way too expensive.
+@@ -77,8 +73,6 @@ ArrayGetNItems(int ndim, const int *dims)
+ 	int32		ret;
+ 	int			i;
+ 
+-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+-
+ 	if (ndim <= 0)
+ 		return 0;
+ 	ret = 1;
+diff --git a/src/include/utils/array.h b/src/include/utils/array.h
+index 905f6b0..3e4c09d 100644
+--- a/src/include/utils/array.h
+++ b/src/include/utils/array.h
+@@ -65,6 +65,13 @@
+ #include "utils/expandeddatum.h"
+ 
+ 
+/*
+ * Maximum number of elements in an array.  We limit this to at most about a
+ * quarter billion elements, so that it's not necessary to check for overflow
+ * in quite so many places --- for instance when palloc'ing Datum arrays.
+ */
+#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+
+ /*
+  * Arrays are varlena objects, so must meet the varlena convention that
+  * the first int32 of the object contains the total object size in bytes.
+diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
+index c730563..e4ec394 100644
+--- a/src/test/regress/expected/arrays.out
+++ b/src/test/regress/expected/arrays.out
+@@ -1347,6 +1347,23 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ -- then you didn't get an indexscan plan, and something is busted.
+ reset enable_seqscan;
+ reset enable_bitmapscan;
+-- test subscript overflow detection
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+ERROR:  array size exceeds the maximum allowed (134217727)
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+ERROR:  array size exceeds the maximum allowed (134217727)
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+  a := '[-2147483648:-2147483647]={1,2}'::int[];
+  a[2147483647] := 42;
+end $$;
+ERROR:  array size exceeds the maximum allowed (134217727)
+\set VERBOSITY default
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+  ?column? 
+diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
+index 25dd4e2..4ad6e55 100644
+--- a/src/test/regress/sql/arrays.sql
+++ b/src/test/regress/sql/arrays.sql
+@@ -407,6 +407,25 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ reset enable_seqscan;
+ reset enable_bitmapscan;
+ 
+-- test subscript overflow detection
+
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+  a := '[-2147483648:-2147483647]={1,2}'::int[];
+  a[2147483647] := 42;
+end $$;
+
+\set VERBOSITY default
+
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+ select 'foo' like any (array['%a', '%b']); -- f
+
+diff --git a/src/include/common/int.h b/src/include/common/int.h
+new file mode 100644
+index 0000000..d754798
+--- /dev/null
+++ b/src/include/common/int.h
+@@ -0,0 +1,273 @@
+/*-------------------------------------------------------------------------
+ *
+ * int.h
+ *	  Routines to perform integer math, while checking for overflows.
+ *
+ * The routines in this file are intended to be well defined C, without
+ * relying on compiler flags like -fwrapv.
+ *
+ * To reduce the overhead of these routines try to use compiler intrinsics
+ * where available. That's not that important for the 16, 32 bit cases, but
+ * the 64 bit cases can be considerably faster with intrinsics. In case no
+ * intrinsics are available 128 bit math is used where available.
+ *
+ * Copyright (c) 2017-2019, PostgreSQL Global Development Group
+ *
+ * src/include/common/int.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef COMMON_INT_H
+#define COMMON_INT_H
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#else
+	int32		res = (int32) a + (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#else
+	int32		res = (int32) a - (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#else
+	int32		res = (int32) a * (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#else
+	int64		res = (int64) a + (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#else
+	int64		res = (int64) a - (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#else
+	int64		res = (int64) a * (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a + (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) ||
+		(a < 0 && b < 0 && a < PG_INT64_MIN - b))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a + b;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a - (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) ||
+		(a > 0 && b < 0 && a > PG_INT64_MAX + b))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a - b;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a * (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	/*
+	 * Overflow can only happen if at least one value is outside the range
+	 * sqrt(min)..sqrt(max) so check that first as the division can be quite a
+	 * bit more expensive than the multiplication.
+	 *
+	 * Multiplying by 0 or 1 can't overflow of course and checking for 0
+	 * separately avoids any risk of dividing by 0.  Be careful about dividing
+	 * INT_MIN by -1 also, note reversing the a and b to ensure we're always
+	 * dividing it by a positive value.
+	 *
+	 */
+	if ((a > PG_INT32_MAX || a < PG_INT32_MIN ||
+		 b > PG_INT32_MAX || b < PG_INT32_MIN) &&
+		a != 0 && a != 1 && b != 0 && b != 1 &&
+		((a > 0 && b > 0 && a > PG_INT64_MAX / b) ||
+		 (a > 0 && b < 0 && b < PG_INT64_MIN / a) ||
+		 (a < 0 && b > 0 && a < PG_INT64_MIN / b) ||
+		 (a < 0 && b < 0 && a < PG_INT64_MAX / b)))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a * b;
+	return false;
+#endif
+}
+
+#endif							/* COMMON_INT_H */
+-- 
+2.39.3
+
--- a/SPECS/postgresql.spec
+++ b/SPECS/postgresql.spec
@ -59,7 +59,7 @@ Summary: PostgreSQL client programs
 Name: postgresql
 %global majorversion 10
 Version: %{majorversion}.23
-Release: 2%{?dist}
+Release: 3.0.1%{?dist}

 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@ -110,6 +110,10 @@ Patch9: postgresql-server-pg_config.patch
 Patch10: postgresql-10.15-contrib-dblink-expected-out.patch
 Patch11: postgresql-10.23-CVE-2023-2454.patch
 Patch12: postgresql-10.23-CVE-2023-2455.patch
+Patch13: postgresql-10.23-CVE-2023-5869.patch
+
+#Oracle Patches 
+Patch1001: 1001-Fixed-postgresql-service-network-binding-issue.patch

 BuildRequires: gcc
 BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk
@ -371,6 +375,9 @@ benchmarks.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
+
+%patch1001 -p1

 # We used to run autoconf here, but there's no longer any real need to,
 # since Postgres ships with a reasonably modern configure script.
@ -1175,6 +1182,12 @@ make -C postgresql-setup-%{setup_version} check


 %changelog
+* Mon Dec 18 2023 Lubos Kloucek <lubos.kloucek@oracle.com> - 10.23-3.0.1
+- Resolves: CVE-2023-5869
+
+* Tue Aug 08 2023 David Sloboda <david.x.sloboda@oracle.com> - 10.23-2.0.1
+- Fixed postgresql port binding issue during bootup [Orabug: 35103668]
+
 * Wed Jul 19 2023 Dominik Rehák <drehak@redhat.com> - 10.23-2
 - Backport fixes for CVE-2023-2454 and CVE-2023-2455
 - Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)