Compare commits

..

No commits in common. "c8-stream-10" and "stream-postgresql-9.6-rhel-8.9.0" have entirely different histories.

24 changed files with 295 additions and 1091 deletions

18
.gitignore vendored
View File

@ -1,4 +1,14 @@
SOURCES/postgresql-10.23-US.pdf /postgresql-9.6.10.tar.bz2
SOURCES/postgresql-10.23.tar.bz2 /postgresql-9.6.10.tar.bz2.sha256
SOURCES/postgresql-9.2.24.tar.bz2 /postgresql-setup-8.2.tar.gz
SOURCES/postgresql-setup-8.7.tar.gz /postgresql-9.6.10-US.pdf
/postgresql-10.5-US.pdf
/postgresql-9.6.19-US.pdf
/postgresql-9.6.19.tar.bz2
/postgresql-9.6.19.tar.bz2.sha256
/postgresql-9.6.20.tar.bz2
/postgresql-9.6.20.tar.bz2.sha256
/postgresql-9.6.20-US.pdf
/postgresql-9.6.22.tar.bz2
/postgresql-9.6.22.tar.bz2.sha256
/postgresql-9.6.22-US.pdf

View File

@ -1,4 +0,0 @@
a416c245ff0815fbde534bc49b0a07ffdd373894 SOURCES/postgresql-10.23-US.pdf
2df7b4b3751112f3cb543c3ea81e45531bebc7a1 SOURCES/postgresql-10.23.tar.bz2
63d6966ccdbab6aae1f9754fdb8e341ada1ef653 SOURCES/postgresql-9.2.24.tar.bz2
fb97095dc9648f9c31d58fcb406831da5e419ddf SOURCES/postgresql-setup-8.7.tar.gz

View File

@ -1,249 +0,0 @@
From 681d9e4621aac0a9c71364b6f54f00f6d8c4337f Mon Sep 17 00:00:00 2001
From 8d525d7b9545884a3e0d79adcd61543f9ae2ae28 Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Mon, 8 May 2023 06:14:07 -0700
Subject: Replace last PushOverrideSearchPath() call with
set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as the bootstrap superuser. While that particular attack
requires v13+ for the trusted extension attribute, other attacks are
feasible in all supported versions.
Standardize on the combination of NewGUCNestLevel() and
set_config_option("search_path", ...). It is newer than
PushOverrideSearchPath(), more-prevalent, and has no known
disadvantages. The "override" mechanism remains for now, for
compatibility with out-of-tree code. Users should update such code,
which likely suffers from the same sort of vulnerability closed here.
Back-patch to v11 (all supported versions).
Alexander Lakhin. Reported by Alexander Lakhin.
Security: CVE-2023-2454
---
contrib/seg/Makefile | 2 +-
contrib/seg/expected/security.out | 32 ++++++++++++++++++
contrib/seg/sql/security.sql | 32 ++++++++++++++++++
src/backend/catalog/namespace.c | 4 +++
src/backend/commands/schemacmds.c | 37 ++++++++++++++------
src/test/regress/expected/namespace.out | 45 +++++++++++++++++++++++++
src/test/regress/sql/namespace.sql | 24 +++++++++++++
7 files changed, 165 insertions(+), 11 deletions(-)
create mode 100644 contrib/seg/expected/security.out
create mode 100644 contrib/seg/sql/security.sql
diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
index 14e57adee2..73ddb67882 100644
--- a/src/backend/catalog/namespace.c
+++ b/src/backend/catalog/namespace.c
@@ -3515,6 +3515,10 @@ OverrideSearchPathMatchesCurrent(OverrideSearchPath *path)
/*
* PushOverrideSearchPath - temporarily override the search path
*
+ * Do not use this function; almost any usage introduces a security
+ * vulnerability. It exists for the benefit of legacy code running in
+ * non-security-sensitive environments.
+ *
* We allow nested overrides, hence the push/pop terminology. The GUC
* search_path variable is ignored while an override is active.
*
diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
index 48590247f8..b6a71154a8 100644
--- a/src/backend/commands/schemacmds.c
+++ b/src/backend/commands/schemacmds.c
@@ -30,6 +30,7 @@
#include "commands/schemacmds.h"
#include "miscadmin.h"
#include "parser/parse_utilcmd.h"
+#include "parser/scansup.h"
#include "tcop/utility.h"
#include "utils/acl.h"
#include "utils/builtins.h"
@@ -53,14 +54,16 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
{
const char *schemaName = stmt->schemaname;
Oid namespaceId;
- OverrideSearchPath *overridePath;
List *parsetree_list;
ListCell *parsetree_item;
Oid owner_uid;
Oid saved_uid;
int save_sec_context;
+ int save_nestlevel;
+ char *nsp = namespace_search_path;
AclResult aclresult;
ObjectAddress address;
+ StringInfoData pathbuf;
GetUserIdAndSecContext(&saved_uid, &save_sec_context);
@@ -153,14 +156,26 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
CommandCounterIncrement();
/*
- * Temporarily make the new namespace be the front of the search path, as
- * well as the default creation target namespace. This will be undone at
- * the end of this routine, or upon error.
+ * Prepend the new schema to the current search path.
+ *
+ * We use the equivalent of a function SET option to allow the setting to
+ * persist for exactly the duration of the schema creation. guc.c also
+ * takes care of undoing the setting on error.
*/
- overridePath = GetOverrideSearchPath(CurrentMemoryContext);
- overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas);
- /* XXX should we clear overridePath->useTemp? */
- PushOverrideSearchPath(overridePath);
+ save_nestlevel = NewGUCNestLevel();
+
+ initStringInfo(&pathbuf);
+ appendStringInfoString(&pathbuf, quote_identifier(schemaName));
+
+ while (scanner_isspace(*nsp))
+ nsp++;
+
+ if (*nsp != '\0')
+ appendStringInfo(&pathbuf, ", %s", nsp);
+
+ (void) set_config_option("search_path", pathbuf.data,
+ PGC_USERSET, PGC_S_SESSION,
+ GUC_ACTION_SAVE, true, 0, false);
/*
* Report the new schema to possibly interested event triggers. Note we
@@ -215,8 +230,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
CommandCounterIncrement();
}
- /* Reset search path to normal state */
- PopOverrideSearchPath();
+ /*
+ * Restore the GUC variable search_path we set above.
+ */
+ AtEOXact_GUC(true, save_nestlevel);
/* Reset current user and security context */
SetUserIdAndSecContext(saved_uid, save_sec_context);
diff --git a/src/test/regress/expected/namespace.out b/src/test/regress/expected/namespace.out
index 2564d1b080..a62fd8ded0 100644
--- a/src/test/regress/expected/namespace.out
+++ b/src/test/regress/expected/namespace.out
@@ -1,6 +1,14 @@
--
-- Regression tests for schemas (namespaces)
--
+-- set the whitespace-only search_path to test that the
+-- GUC list syntax is preserved during a schema creation
+SELECT pg_catalog.set_config('search_path', ' ', false);
+ set_config
+------------
+
+(1 row)
+
CREATE SCHEMA test_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
CREATE VIEW abc_view AS
@@ -9,6 +17,43 @@ CREATE SCHEMA test_schema_1
a serial,
b int UNIQUE
);
+-- verify that the correct search_path restored on abort
+SET search_path to public;
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+ CREATE VIEW abc_view AS SELECT c FROM abc;
+ERROR: column "c" does not exist
+LINE 2: CREATE VIEW abc_view AS SELECT c FROM abc;
+ ^
+COMMIT;
+SHOW search_path;
+ search_path
+-------------
+ public
+(1 row)
+
+-- verify that the correct search_path preserved
+-- after creating the schema and on commit
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+ CREATE VIEW abc_view AS SELECT a FROM abc;
+SHOW search_path;
+ search_path
+-----------------------
+ public, test_schema_1
+(1 row)
+
+COMMIT;
+SHOW search_path;
+ search_path
+-----------------------
+ public, test_schema_1
+(1 row)
+
+DROP SCHEMA test_schema_2 CASCADE;
+NOTICE: drop cascades to view test_schema_2.abc_view
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
diff --git a/src/test/regress/sql/namespace.sql b/src/test/regress/sql/namespace.sql
index 6b12c96193..3474f5ecf4 100644
--- a/src/test/regress/sql/namespace.sql
+++ b/src/test/regress/sql/namespace.sql
@@ -2,6 +2,10 @@
-- Regression tests for schemas (namespaces)
--
+-- set the whitespace-only search_path to test that the
+-- GUC list syntax is preserved during a schema creation
+SELECT pg_catalog.set_config('search_path', ' ', false);
+
CREATE SCHEMA test_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
@@ -13,6 +17,26 @@ CREATE SCHEMA test_schema_1
b int UNIQUE
);
+-- verify that the correct search_path restored on abort
+SET search_path to public;
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+ CREATE VIEW abc_view AS SELECT c FROM abc;
+COMMIT;
+SHOW search_path;
+
+-- verify that the correct search_path preserved
+-- after creating the schema and on commit
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+ CREATE VIEW abc_view AS SELECT a FROM abc;
+SHOW search_path;
+COMMIT;
+SHOW search_path;
+DROP SCHEMA test_schema_2 CASCADE;
+
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
diff --git a/contrib/sepgsql/expected/ddl.out b/contrib/sepgsql/expected/ddl.out
index e8da587564..15d2b9c5e7 100644
--- a/contrib/sepgsql/expected/ddl.out
+++ b/contrib/sepgsql/expected/ddl.out
@@ -24,7 +24,6 @@ LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:sepgsql_reg
CREATE USER regress_sepgsql_test_user;
CREATE SCHEMA regtest_schema;
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="regtest_schema"
-LOG: SELinux: allowed { search } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=system_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="public"
GRANT ALL ON SCHEMA regtest_schema TO regress_sepgsql_test_user;
SET search_path = regtest_schema, public;
CREATE TABLE regtest_table (x serial primary key, y text);
--
2.41.0

View File

@ -1,114 +0,0 @@
From ca73753b090c33bc69ce299b4d7fff891a77b8ad Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 8 May 2023 10:12:44 -0400
Subject: Handle RLS dependencies in inlined set-returning
functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could lead to later executions in the
same session returning or hiding rows that should have been hidden
or returned instead.
Our thanks to Wolfgang Walther for reporting this problem.
Stephen Frost and Tom Lane
Security: CVE-2023-2455
---
src/backend/optimizer/util/clauses.c | 7 ++++++
src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 20 +++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c
index a9c7bc342e..11269fee3e 100644
--- a/src/backend/optimizer/util/clauses.c
+++ b/src/backend/optimizer/util/clauses.c
@@ -5205,6 +5205,13 @@ inline_set_returning_function(PlannerInfo *root, RangeTblEntry *rte)
*/
record_plan_function_dependency(root, func_oid);
+ /*
+ * We must also notice if the inserted query adds a dependency on the
+ * calling role due to RLS quals.
+ */
+ if (querytree->hasRowSecurity)
+ root->glob->dependsOnRole = true;
+
return querytree;
/* Here if func is not inlinable: release temp memory and return NULL */
diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
index 38f53ed486..e278346420 100644
--- a/src/test/regress/expected/rowsecurity.out
+++ b/src/test/regress/expected/rowsecurity.out
@@ -4427,6 +4427,33 @@ SELECT * FROM rls_tbl;
DROP TABLE rls_tbl;
RESET SESSION AUTHORIZATION;
+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency
+create table rls_t (c text);
+insert into rls_t values ('invisible to bob');
+alter table rls_t enable row level security;
+grant select on rls_t to regress_rls_alice, regress_rls_bob;
+create policy p1 on rls_t for select to regress_rls_alice using (true);
+create policy p2 on rls_t for select to regress_rls_bob using (false);
+create function rls_f () returns setof rls_t
+ stable language sql
+ as $$ select * from rls_t $$;
+prepare q as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute q;
+ current_user | c
+-------------------+------------------
+ regress_rls_alice | invisible to bob
+(1 row)
+
+set role regress_rls_bob;
+execute q;
+ current_user | c
+--------------+---
+(0 rows)
+
+RESET ROLE;
+DROP FUNCTION rls_f();
+DROP TABLE rls_t;
--
-- Clean up objects
--
diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql
index 0fd0cded7d..3d664538a6 100644
--- a/src/test/regress/sql/rowsecurity.sql
+++ b/src/test/regress/sql/rowsecurity.sql
@@ -2127,6 +2127,26 @@ SELECT * FROM rls_tbl;
DROP TABLE rls_tbl;
RESET SESSION AUTHORIZATION;
+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency
+create table rls_t (c text);
+insert into rls_t values ('invisible to bob');
+alter table rls_t enable row level security;
+grant select on rls_t to regress_rls_alice, regress_rls_bob;
+create policy p1 on rls_t for select to regress_rls_alice using (true);
+create policy p2 on rls_t for select to regress_rls_bob using (false);
+create function rls_f () returns setof rls_t
+ stable language sql
+ as $$ select * from rls_t $$;
+prepare q as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute q;
+set role regress_rls_bob;
+execute q;
+
+RESET ROLE;
+DROP FUNCTION rls_f();
+DROP TABLE rls_t;
+
--
-- Clean up objects
--
--
2.41.0

View File

@ -1,576 +0,0 @@
From d267cea24ea346c739c85bf7bccbd8e8f59da6b3 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 6 Nov 2023 10:56:43 -0500
Subject: [PATCH 1/1] Detect integer overflow while computing new array
dimensions.
array_set_element() and related functions allow an array to be
enlarged by assigning to subscripts outside the current array bounds.
While these places were careful to check that the new bounds are
allowable, they neglected to consider the risk of integer overflow
in computing the new bounds. In edge cases, we could compute new
bounds that are invalid but get past the subsequent checks,
allowing bad things to happen. Memory stomps that are potentially
exploitable for arbitrary code execution are possible, and so is
disclosure of server memory.
To fix, perform the hazardous computations using overflow-detecting
arithmetic routines, which fortunately exist in all still-supported
branches.
The test cases added for this generate (after patching) errors that
mention the value of MaxArraySize, which is platform-dependent.
Rather than introduce multiple expected-files, use psql's VERBOSITY
parameter to suppress the printing of the message text. v11 psql
lacks that parameter, so omit the tests in that branch.
Our thanks to Pedro Gallegos for reporting this problem.
Security: CVE-2023-5869
Sign-Off-By: Tianyue Lan <tianyue.lan@oracle.com>
---
src/backend/utils/adt/arrayfuncs.c | 85 ++++++++++++++++++++++------
src/backend/utils/adt/arrayutils.c | 6 --
src/include/utils/array.h | 7 +++
src/test/regress/expected/arrays.out | 17 ++++++
src/test/regress/sql/arrays.sql | 19 +++++++
src/include/common/int.h | 273 +++++++++++++++++++++++++++++++++++++++
create mode 100644 src/include/common/int.h
6 files changed, 383 insertions(+), 24 deletions(-)
diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
index 553c517..7363893 100644
--- a/src/backend/utils/adt/arrayfuncs.c
+++ b/src/backend/utils/adt/arrayfuncs.c
@@ -22,6 +22,7 @@
#include "access/htup_details.h"
#include "catalog/pg_type.h"
+#include "common/int.h"
#include "funcapi.h"
#include "libpq/pqformat.h"
#include "utils/array.h"
@@ -2309,22 +2310,38 @@ array_set_element(Datum arraydatum,
addedbefore = addedafter = 0;
/*
- * Check subscripts
+ * Check subscripts. We assume the existing subscripts passed
+ * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+ * overflow. But we must beware of other overflows in our calculations of
+ * new dim[] values.
*/
if (ndim == 1)
{
if (indx[0] < lb[0])
{
- addedbefore = lb[0] - indx[0];
- dim[0] += addedbefore;
+ /* addedbefore = lb[0] - indx[0]; */
+ /* dim[0] += addedbefore; */
+ if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+ pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
lb[0] = indx[0];
if (addedbefore > 1)
newhasnulls = true; /* will insert nulls */
}
if (indx[0] >= (dim[0] + lb[0]))
{
- addedafter = indx[0] - (dim[0] + lb[0]) + 1;
- dim[0] += addedafter;
+ /* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+ /* dim[0] += addedafter; */
+ if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+ pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+ pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
if (addedafter > 1)
newhasnulls = true; /* will insert nulls */
}
@@ -2568,14 +2585,23 @@ array_set_element_expanded(Datum arraydatum,
addedbefore = addedafter = 0;
/*
- * Check subscripts (this logic matches original array_set_element)
+ * Check subscripts (this logic must match array_set_element). We assume
+ * the existing subscripts passed ArrayCheckBounds, so that dim[i] + lb[i]
+ * can be computed without overflow. But we must beware of other
+ * overflows in our calculations of new dim[] values.
*/
if (ndim == 1)
{
if (indx[0] < lb[0])
{
- addedbefore = lb[0] - indx[0];
- dim[0] += addedbefore;
+ /* addedbefore = lb[0] - indx[0]; */
+ /* dim[0] += addedbefore; */
+ if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+ pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
lb[0] = indx[0];
dimschanged = true;
if (addedbefore > 1)
@@ -2583,8 +2609,15 @@ array_set_element_expanded(Datum arraydatum,
}
if (indx[0] >= (dim[0] + lb[0]))
{
- addedafter = indx[0] - (dim[0] + lb[0]) + 1;
- dim[0] += addedafter;
+ /* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+ /* dim[0] += addedafter; */
+ if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+ pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+ pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
dimschanged = true;
if (addedafter > 1)
newhasnulls = true; /* will insert nulls */
@@ -2866,7 +2899,10 @@ array_set_slice(Datum arraydatum,
addedbefore = addedafter = 0;
/*
- * Check subscripts
+ * Check subscripts. We assume the existing subscripts passed
+ * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+ * overflow. But we must beware of other overflows in our calculations of
+ * new dim[] values.
*/
if (ndim == 1)
{
@@ -2881,18 +2917,31 @@ array_set_slice(Datum arraydatum,
errmsg("upper bound cannot be less than lower bound")));
if (lowerIndx[0] < lb[0])
{
- if (upperIndx[0] < lb[0] - 1)
- newhasnulls = true; /* will insert nulls */
- addedbefore = lb[0] - lowerIndx[0];
- dim[0] += addedbefore;
+ /* addedbefore = lb[0] - lowerIndx[0]; */
+ /* dim[0] += addedbefore; */
+ if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) ||
+ pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
lb[0] = lowerIndx[0];
+ if (addedbefore > 1)
+ newhasnulls = true; /* will insert nulls */
}
if (upperIndx[0] >= (dim[0] + lb[0]))
{
- if (lowerIndx[0] > (dim[0] + lb[0]))
+ /* addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; */
+ /* dim[0] += addedafter; */
+ if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) ||
+ pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+ pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
+ if (addedafter > 1)
newhasnulls = true; /* will insert nulls */
- addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;
- dim[0] += addedafter;
}
}
else
diff --git a/src/backend/utils/adt/arrayutils.c b/src/backend/utils/adt/arrayutils.c
index f7c6a51..eb5f2a0 100644
--- a/src/backend/utils/adt/arrayutils.c
+++ b/src/backend/utils/adt/arrayutils.c
@@ -63,10 +63,6 @@ ArrayGetOffset0(int n, const int *tup, const int *scale)
* This must do overflow checking, since it is used to validate that a user
* dimensionality request doesn't overflow what we can handle.
*
- * We limit array sizes to at most about a quarter billion elements,
- * so that it's not necessary to check for overflow in quite so many
- * places --- for instance when palloc'ing Datum arrays.
- *
* The multiplication overflow check only works on machines that have int64
* arithmetic, but that is nearly all platforms these days, and doing check
* divides for those that don't seems way too expensive.
@@ -77,8 +73,6 @@ ArrayGetNItems(int ndim, const int *dims)
int32 ret;
int i;
-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
-
if (ndim <= 0)
return 0;
ret = 1;
diff --git a/src/include/utils/array.h b/src/include/utils/array.h
index 905f6b0..3e4c09d 100644
--- a/src/include/utils/array.h
+++ b/src/include/utils/array.h
@@ -65,6 +65,13 @@
#include "utils/expandeddatum.h"
+/*
+ * Maximum number of elements in an array. We limit this to at most about a
+ * quarter billion elements, so that it's not necessary to check for overflow
+ * in quite so many places --- for instance when palloc'ing Datum arrays.
+ */
+#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+
/*
* Arrays are varlena objects, so must meet the varlena convention that
* the first int32 of the object contains the total object size in bytes.
diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
index c730563..e4ec394 100644
--- a/src/test/regress/expected/arrays.out
+++ b/src/test/regress/expected/arrays.out
@@ -1347,6 +1347,23 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
-- then you didn't get an indexscan plan, and something is busted.
reset enable_seqscan;
reset enable_bitmapscan;
+-- test subscript overflow detection
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+ERROR: array size exceeds the maximum allowed (134217727)
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+ERROR: array size exceeds the maximum allowed (134217727)
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+ a := '[-2147483648:-2147483647]={1,2}'::int[];
+ a[2147483647] := 42;
+end $$;
+ERROR: array size exceeds the maximum allowed (134217727)
+\set VERBOSITY default
-- test [not] (like|ilike) (any|all) (...)
select 'foo' like any (array['%a', '%o']); -- t
?column?
diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
index 25dd4e2..4ad6e55 100644
--- a/src/test/regress/sql/arrays.sql
+++ b/src/test/regress/sql/arrays.sql
@@ -407,6 +407,25 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
reset enable_seqscan;
reset enable_bitmapscan;
+-- test subscript overflow detection
+
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+ a := '[-2147483648:-2147483647]={1,2}'::int[];
+ a[2147483647] := 42;
+end $$;
+
+\set VERBOSITY default
+
-- test [not] (like|ilike) (any|all) (...)
select 'foo' like any (array['%a', '%o']); -- t
select 'foo' like any (array['%a', '%b']); -- f
diff --git a/src/include/common/int.h b/src/include/common/int.h
new file mode 100644
index 0000000..d754798
--- /dev/null
+++ b/src/include/common/int.h
@@ -0,0 +1,273 @@
+/*-------------------------------------------------------------------------
+ *
+ * int.h
+ * Routines to perform integer math, while checking for overflows.
+ *
+ * The routines in this file are intended to be well defined C, without
+ * relying on compiler flags like -fwrapv.
+ *
+ * To reduce the overhead of these routines try to use compiler intrinsics
+ * where available. That's not that important for the 16, 32 bit cases, but
+ * the 64 bit cases can be considerably faster with intrinsics. In case no
+ * intrinsics are available 128 bit math is used where available.
+ *
+ * Copyright (c) 2017-2019, PostgreSQL Global Development Group
+ *
+ * src/include/common/int.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef COMMON_INT_H
+#define COMMON_INT_H
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_add_overflow(a, b, result);
+#else
+ int32 res = (int32) a + (int32) b;
+
+ if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int16) res;
+ return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_sub_overflow(a, b, result);
+#else
+ int32 res = (int32) a - (int32) b;
+
+ if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int16) res;
+ return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_mul_overflow(a, b, result);
+#else
+ int32 res = (int32) a * (int32) b;
+
+ if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int16) res;
+ return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_add_overflow(a, b, result);
+#else
+ int64 res = (int64) a + (int64) b;
+
+ if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int32) res;
+ return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_sub_overflow(a, b, result);
+#else
+ int64 res = (int64) a - (int64) b;
+
+ if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int32) res;
+ return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_mul_overflow(a, b, result);
+#else
+ int64 res = (int64) a * (int64) b;
+
+ if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int32) res;
+ return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_add_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+ int128 res = (int128) a + (int128) b;
+
+ if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int64) res;
+ return false;
+#else
+ if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) ||
+ (a < 0 && b < 0 && a < PG_INT64_MIN - b))
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = a + b;
+ return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_sub_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+ int128 res = (int128) a - (int128) b;
+
+ if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int64) res;
+ return false;
+#else
+ if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) ||
+ (a > 0 && b < 0 && a > PG_INT64_MAX + b))
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = a - b;
+ return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+ return __builtin_mul_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+ int128 res = (int128) a * (int128) b;
+
+ if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = (int64) res;
+ return false;
+#else
+ /*
+ * Overflow can only happen if at least one value is outside the range
+ * sqrt(min)..sqrt(max) so check that first as the division can be quite a
+ * bit more expensive than the multiplication.
+ *
+ * Multiplying by 0 or 1 can't overflow of course and checking for 0
+ * separately avoids any risk of dividing by 0. Be careful about dividing
+ * INT_MIN by -1 also, note reversing the a and b to ensure we're always
+ * dividing it by a positive value.
+ *
+ */
+ if ((a > PG_INT32_MAX || a < PG_INT32_MIN ||
+ b > PG_INT32_MAX || b < PG_INT32_MIN) &&
+ a != 0 && a != 1 && b != 0 && b != 1 &&
+ ((a > 0 && b > 0 && a > PG_INT64_MAX / b) ||
+ (a > 0 && b < 0 && b < PG_INT64_MIN / a) ||
+ (a < 0 && b > 0 && a < PG_INT64_MIN / b) ||
+ (a < 0 && b < 0 && a < PG_INT64_MAX / b)))
+ {
+ *result = 0x5EED; /* to avoid spurious warnings */
+ return true;
+ }
+ *result = a * b;
+ return false;
+#endif
+}
+
+#endif /* COMMON_INT_H */
--
2.39.3

View File

@ -1 +0,0 @@
94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 postgresql-10.23.tar.bz2

View File

@ -1 +0,0 @@
a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 postgresql-9.2.24.tar.bz2

View File

@ -1 +0,0 @@
d /run/postgresql 0755 postgres postgres -

View File

@ -0,0 +1,13 @@
#! /bin/sh
rm sources .gitignore
set -e
spectool -S *.spec | cut -d' ' -f2 \
| grep -E -e 'postgresql-.*\.tar\.*' -e 'postgresql.*\.pdf' | sort | \
while read line
do
base=`basename "$line"`
echo " * handling $base"
sha512sum --tag "$base" >> sources
echo "/$base" >> .gitignore
done

View File

@ -0,0 +1,192 @@
From 69db3b0cfccc0687dfbdf56afcfb2f8e536053c6 Mon Sep 17 00:00:00 2001
From: Andrew Dunstan <andrew@dunslane.net>
Date: Sun, 14 May 2017 01:10:18 -0400
Subject: [PATCH] Suppress indentation from Data::Dumper in regression tests
Ultra-modern versions of the perl Data::Dumper module have apparently
changed how they indent output. Instead of trying to keep up we choose
to tell it to supporess all indentation in the hstore_plperl regression
tests.
Backpatch to 9.5 where this feature was introduced.
---
contrib/hstore_plperl/expected/hstore_plperlu.out | 44 ++++++-----------------
contrib/hstore_plperl/sql/hstore_plperlu.sql | 6 ++++
2 files changed, 17 insertions(+), 33 deletions(-)
diff --git a/contrib/hstore_plperl/expected/hstore_plperlu.out b/contrib/hstore_plperl/expected/hstore_plperlu.out
index b09fb78..d719d29 100644
--- a/contrib/hstore_plperl/expected/hstore_plperlu.out
+++ b/contrib/hstore_plperl/expected/hstore_plperlu.out
@@ -20,15 +20,12 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
SELECT test1('aa=>bb, cc=>NULL'::hstore);
-INFO: $VAR1 = {
- 'aa' => 'bb',
- 'cc' => undef
- };
-
+INFO: $VAR1 = {'aa' => 'bb','cc' => undef};
test1
-------
2
@@ -39,12 +36,12 @@ LANGUAGE plperlu
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
SELECT test1none('aa=>bb, cc=>NULL'::hstore);
INFO: $VAR1 = '"aa"=>"bb", "cc"=>NULL';
-
test1none
-----------
0
@@ -56,15 +53,12 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
SELECT test1list('aa=>bb, cc=>NULL'::hstore);
-INFO: $VAR1 = {
- 'aa' => 'bb',
- 'cc' => undef
- };
-
+INFO: $VAR1 = {'aa' => 'bb','cc' => undef};
test1list
-----------
2
@@ -77,18 +71,12 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]->[0], $_[0]->[1]));
return scalar(keys %{$_[0]});
$$;
SELECT test1arr(array['aa=>bb, cc=>NULL'::hstore, 'dd=>ee']);
-INFO: $VAR1 = {
- 'aa' => 'bb',
- 'cc' => undef
- };
-$VAR2 = {
- 'dd' => 'ee'
- };
-
+INFO: $VAR1 = {'aa' => 'bb','cc' => undef};$VAR2 = {'dd' => 'ee'};
test1arr
----------
2
@@ -101,6 +89,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
$rv = spi_exec_query(q{SELECT 'aa=>bb, cc=>NULL'::hstore AS col1});
elog(INFO, Dumper($rv->{rows}[0]->{col1}));
@@ -111,13 +100,8 @@ $rv = spi_exec_prepared($plan, {}, $val);
elog(INFO, Dumper($rv->{rows}[0]->{col1}));
$$;
SELECT test3();
-INFO: $VAR1 = {
- 'aa' => 'bb',
- 'cc' => undef
- };
-
+INFO: $VAR1 = {'aa' => 'bb','cc' => undef};
INFO: $VAR1 = '"a"=>"1", "b"=>"boo", "c"=>NULL';
-
test3
-------
@@ -138,6 +122,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_TD->{new}));
if ($_TD->{new}{a} == 1) {
$_TD->{new}{b} = {a => 1, b => 'boo', c => undef};
@@ -147,14 +132,7 @@ return "MODIFY";
$$;
CREATE TRIGGER test4 BEFORE UPDATE ON test1 FOR EACH ROW EXECUTE PROCEDURE test4();
UPDATE test1 SET a = a;
-INFO: $VAR1 = {
- 'a' => '1',
- 'b' => {
- 'aa' => 'bb',
- 'cc' => undef
- }
- };
-
+INFO: $VAR1 = {'a' => '1','b' => {'aa' => 'bb','cc' => undef}};
SELECT * FROM test1;
a | b
---+---------------------------------
diff --git a/contrib/hstore_plperl/sql/hstore_plperlu.sql b/contrib/hstore_plperl/sql/hstore_plperlu.sql
index 8d8508c..c714b35 100644
--- a/contrib/hstore_plperl/sql/hstore_plperlu.sql
+++ b/contrib/hstore_plperl/sql/hstore_plperlu.sql
@@ -15,6 +15,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
@@ -26,6 +27,7 @@ LANGUAGE plperlu
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
@@ -38,6 +40,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]));
return scalar(keys %{$_[0]});
$$;
@@ -52,6 +55,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_[0]->[0], $_[0]->[1]));
return scalar(keys %{$_[0]});
$$;
@@ -66,6 +70,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
$rv = spi_exec_query(q{SELECT 'aa=>bb, cc=>NULL'::hstore AS col1});
elog(INFO, Dumper($rv->{rows}[0]->{col1}));
@@ -90,6 +95,7 @@ TRANSFORM FOR TYPE hstore
AS $$
use Data::Dumper;
$Data::Dumper::Sortkeys = 1;
+$Data::Dumper::Indent = 0;
elog(INFO, Dumper($_TD->{new}));
if ($_TD->{new}{a} == 1) {
$_TD->{new}{b} = {a => 1, b => 'boo', c => undef};
--
2.1.4

View File

@ -13,9 +13,9 @@ diff -Naur postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample
# into log files. Required to be on for # into log files. Required to be on for
# csvlogs. # csvlogs.
# (change requires restart) # (change requires restart)
@@ -355,11 +355,11 @@ @@ -287,11 +287,11 @@
# These are only used if logging_collector is on: # These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written, #log_directory = 'pg_log' # directory where log files are written,
# can be absolute or relative to PGDATA # can be absolute or relative to PGDATA
-#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, -#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
+log_filename = 'postgresql-%a.log' # log file name pattern, +log_filename = 'postgresql-%a.log' # log file name pattern,
@ -27,7 +27,7 @@ diff -Naur postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample
# same name as the new log file will be # same name as the new log file will be
# truncated rather than appended to. # truncated rather than appended to.
# But such truncation only occurs on # But such truncation only occurs on
@@ -367,9 +367,9 @@ @@ -299,9 +299,9 @@
# or size-driven rotation. Default is # or size-driven rotation. Default is
# off, meaning append to existing files # off, meaning append to existing files
# in all cases. # in all cases.

View File

@ -1,5 +1,5 @@
diff --git a/src/Makefile b/src/Makefile diff --git a/src/Makefile b/src/Makefile
index febbced..9737b55 100644 index 977f80b..3d3b679 100644
--- a/src/Makefile --- a/src/Makefile
+++ b/src/Makefile +++ b/src/Makefile
@@ -20,7 +20,6 @@ SUBDIRS = \ @@ -20,7 +20,6 @@ SUBDIRS = \
@ -8,13 +8,13 @@ index febbced..9737b55 100644
include \ include \
- interfaces \ - interfaces \
backend/replication/libpqwalreceiver \ backend/replication/libpqwalreceiver \
backend/replication/pgoutput \
fe_utils \ fe_utils \
bin \
diff --git a/src/Makefile.global.in b/src/Makefile.global.in diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 4ed5174..d0e0dae 100644 index d280a2d..724f3cf 100644
--- a/src/Makefile.global.in --- a/src/Makefile.global.in
+++ b/src/Makefile.global.in +++ b/src/Makefile.global.in
@@ -457,7 +457,7 @@ endif @@ -454,7 +454,7 @@ endif
# This macro is for use by libraries linking to libpq. (Because libpgport # This macro is for use by libraries linking to libpq. (Because libpgport
# isn't created with the same link flags as libpq, it can't be used.) # isn't created with the same link flags as libpq, it can't be used.)
@ -23,7 +23,7 @@ index 4ed5174..d0e0dae 100644
# This macro is for use by client executables (not libraries) that use libpq. # This macro is for use by client executables (not libraries) that use libpq.
# We force clients to pull symbols from the non-shared libraries libpgport # We force clients to pull symbols from the non-shared libraries libpgport
@@ -483,7 +483,6 @@ endif @@ -480,7 +480,6 @@ endif
# Commonly used submake targets # Commonly used submake targets
submake-libpq: submake-libpq:

View File

@ -47,5 +47,5 @@ index 1d41f90ee0..0f34f371cc 100644
# src/bin/pg_config/nls.mk # src/bin/pg_config/nls.mk
-CATALOG_NAME = pg_config -CATALOG_NAME = pg_config
+CATALOG_NAME = pg_server_config +CATALOG_NAME = pg_server_config
AVAIL_LANGUAGES = cs de es fr he it ja ko nb pl pt_BR ro ru sv ta tr zh_CN zh_TW AVAIL_LANGUAGES = cs de es fr it ja ko nb pl pt_BR ro ru sv ta tr zh_CN zh_TW
GETTEXT_FILES = pg_config.c ../../common/config_info.c ../../common/exec.c GETTEXT_FILES = pg_config.c ../../common/config_info.c ../../common/exec.c

View File

@ -32,7 +32,7 @@
%{!?beta:%global beta 0} %{!?beta:%global beta 0}
%{!?test:%global test 1} %{!?test:%global test 1}
%{!?upgrade:%global upgrade 1} %{!?upgrade:%global upgrade 0}
%{!?plpython:%global plpython 0} %{!?plpython:%global plpython 0}
%{!?plpython3:%global plpython3 1} %{!?plpython3:%global plpython3 1}
%{!?pltcl:%global pltcl 1} %{!?pltcl:%global pltcl 1}
@ -57,9 +57,9 @@
Summary: PostgreSQL client programs Summary: PostgreSQL client programs
Name: postgresql Name: postgresql
%global majorversion 10 %global majorversion 9.6
Version: %{majorversion}.23 Version: %{majorversion}.22
Release: 3%{?dist} Release: 1%{?dist}
# The PostgreSQL license is very similar to other MIT licenses, but the OSI # The PostgreSQL license is very similar to other MIT licenses, but the OSI
# recognizes it as an independent license, so we do as well. # recognizes it as an independent license, so we do as well.
@ -71,12 +71,12 @@ Url: http://www.postgresql.org/
# in-place upgrade of an old database. In most cases it will not be critical # in-place upgrade of an old database. In most cases it will not be critical
# that this be kept up with the latest minor release of the previous series; # that this be kept up with the latest minor release of the previous series;
# but update when bugs affecting pg_dump output are fixed. # but update when bugs affecting pg_dump output are fixed.
%global prevversion 9.2.24 %global prevmajorversion 9.5
%global prevmajorversion 9.2 %global prevversion %{prevmajorversion}.24
%global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
%global precise_version %{?epoch:%epoch:}%version-%release %global precise_version %{?epoch:%epoch:}%version-%release
%global setup_version 8.7 %global setup_version 8.2
%global service_name postgresql.service %global service_name postgresql.service
Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
@ -84,7 +84,6 @@ Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}
Source1: postgresql-%{version}-US.pdf Source1: postgresql-%{version}-US.pdf
# generate-pdf.sh is not used during RPM build, but include for documentation # generate-pdf.sh is not used during RPM build, but include for documentation
Source2: generate-pdf.sh Source2: generate-pdf.sh
Source3: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2
Source4: Makefile.regress Source4: Makefile.regress
Source9: postgresql.tmpfiles.d Source9: postgresql.tmpfiles.d
Source10: postgresql.pam Source10: postgresql.pam
@ -98,7 +97,6 @@ Source12: https://github.com/devexp-db/postgresql-setup/releases/download/v%{set
# correctly. Also, this allows us check that packagers-only tarballs do not # correctly. Also, this allows us check that packagers-only tarballs do not
# differ with publicly released ones. # differ with publicly released ones.
Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256 Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256
Source17: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2.sha256
# Comments for these patches are in the patch files. # Comments for these patches are in the patch files.
Patch1: rpm-pgsql.patch Patch1: rpm-pgsql.patch
@ -107,10 +105,7 @@ Patch5: postgresql-var-run-socket.patch
Patch6: postgresql-man.patch Patch6: postgresql-man.patch
Patch8: postgresql-no-libs.patch Patch8: postgresql-no-libs.patch
Patch9: postgresql-server-pg_config.patch Patch9: postgresql-server-pg_config.patch
Patch10: postgresql-10.15-contrib-dblink-expected-out.patch Patch10: postgresql-9.6.20-contrib-dblink-expected-out.patch
Patch11: postgresql-10.23-CVE-2023-2454.patch
Patch12: postgresql-10.23-CVE-2023-2455.patch
Patch13: postgresql-10.23-CVE-2023-5869.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk
@ -361,7 +356,7 @@ benchmarks.
%prep %prep
( cd %_sourcedir; sha256sum -c %{SOURCE16}; sha256sum -c %{SOURCE17} ) ( cd %_sourcedir; sha256sum -c %{SOURCE16} )
%setup -q -a 12 %setup -q -a 12
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
@ -370,9 +365,6 @@ benchmarks.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
# We used to run autoconf here, but there's no longer any real need to, # We used to run autoconf here, but there's no longer any real need to,
# since Postgres ships with a reasonably modern configure script. # since Postgres ships with a reasonably modern configure script.
@ -603,9 +595,6 @@ upgrade_configure ()
%endif %endif
%if %pltcl %if %pltcl
--with-tcl \ --with-tcl \
%endif
%if %ssl
--with-openssl \
%endif %endif
--with-tclconfig=%_libdir \ --with-tclconfig=%_libdir \
--with-system-tzdata=/usr/share/zoneinfo \ --with-system-tzdata=/usr/share/zoneinfo \
@ -800,7 +789,6 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plpython2.so
# initialize file lists # initialize file lists
cp /dev/null main.lst cp /dev/null main.lst
cp /dev/null server.lst cp /dev/null server.lst
cp /dev/null contrib.lst
cp /dev/null plperl.lst cp /dev/null plperl.lst
cp /dev/null pltcl.lst cp /dev/null pltcl.lst
cp /dev/null plpython.lst cp /dev/null plpython.lst
@ -817,11 +805,9 @@ find_lang_bins ()
} }
find_lang_bins devel.lst pg_server_config find_lang_bins devel.lst pg_server_config
find_lang_bins server.lst \ find_lang_bins server.lst \
initdb pg_basebackup pg_controldata pg_ctl pg_resetwal pg_rewind plpgsql postgres initdb pg_basebackup pg_controldata pg_ctl pg_resetxlog pg_rewind plpgsql postgres
find_lang_bins contrib.lst \
pg_archivecleanup pg_test_fsync pg_test_timing pg_waldump
find_lang_bins main.lst \ find_lang_bins main.lst \
pg_dump pg_upgrade pgscripts psql pg_dump pgscripts psql
%if %plperl %if %plperl
find_lang_bins plperl.lst plperl find_lang_bins plperl.lst plperl
%endif %endif
@ -870,8 +856,10 @@ make -C postgresql-setup-%{setup_version} check
%doc README.rpm-dist %doc README.rpm-dist
%{_bindir}/clusterdb %{_bindir}/clusterdb
%{_bindir}/createdb %{_bindir}/createdb
%{_bindir}/createlang
%{_bindir}/createuser %{_bindir}/createuser
%{_bindir}/dropdb %{_bindir}/dropdb
%{_bindir}/droplang
%{_bindir}/dropuser %{_bindir}/dropuser
%{_bindir}/pg_dump %{_bindir}/pg_dump
%{_bindir}/pg_dumpall %{_bindir}/pg_dumpall
@ -881,10 +869,13 @@ make -C postgresql-setup-%{setup_version} check
%{_bindir}/psql %{_bindir}/psql
%{_bindir}/reindexdb %{_bindir}/reindexdb
%{_bindir}/vacuumdb %{_bindir}/vacuumdb
%dir %{_libdir}/pgsql
%{_mandir}/man1/clusterdb.* %{_mandir}/man1/clusterdb.*
%{_mandir}/man1/createdb.* %{_mandir}/man1/createdb.*
%{_mandir}/man1/createlang.*
%{_mandir}/man1/createuser.* %{_mandir}/man1/createuser.*
%{_mandir}/man1/dropdb.* %{_mandir}/man1/dropdb.*
%{_mandir}/man1/droplang.*
%{_mandir}/man1/dropuser.* %{_mandir}/man1/dropuser.*
%{_mandir}/man1/pg_dump.* %{_mandir}/man1/pg_dump.*
%{_mandir}/man1/pg_dumpall.* %{_mandir}/man1/pg_dumpall.*
@ -903,18 +894,17 @@ make -C postgresql-setup-%{setup_version} check
%{_libdir}/pgsql/tutorial/ %{_libdir}/pgsql/tutorial/
%files contrib -f contrib.lst %files contrib
%doc contrib/spi/*.example %doc contrib/spi/*.example
%{_bindir}/oid2name %{_bindir}/oid2name
%{_bindir}/pg_archivecleanup %{_bindir}/pg_archivecleanup
%{_bindir}/pg_standby %{_bindir}/pg_standby
%{_bindir}/pg_test_fsync %{_bindir}/pg_test_fsync
%{_bindir}/pg_test_timing %{_bindir}/pg_test_timing
%{_bindir}/pg_waldump %{_bindir}/pg_xlogdump
%{_bindir}/pgbench %{_bindir}/pgbench
%{_bindir}/vacuumlo %{_bindir}/vacuumlo
%{_datadir}/pgsql/extension/adminpack* %{_datadir}/pgsql/extension/adminpack*
%{_datadir}/pgsql/extension/amcheck*
%{_datadir}/pgsql/extension/autoinc* %{_datadir}/pgsql/extension/autoinc*
%{_datadir}/pgsql/extension/bloom* %{_datadir}/pgsql/extension/bloom*
%{_datadir}/pgsql/extension/btree_gin* %{_datadir}/pgsql/extension/btree_gin*
@ -952,12 +942,12 @@ make -C postgresql-setup-%{setup_version} check
%{_datadir}/pgsql/extension/tablefunc* %{_datadir}/pgsql/extension/tablefunc*
%{_datadir}/pgsql/extension/tcn* %{_datadir}/pgsql/extension/tcn*
%{_datadir}/pgsql/extension/timetravel* %{_datadir}/pgsql/extension/timetravel*
%{_datadir}/pgsql/extension/tsearch2*
%{_datadir}/pgsql/extension/tsm_system_rows* %{_datadir}/pgsql/extension/tsm_system_rows*
%{_datadir}/pgsql/extension/tsm_system_time* %{_datadir}/pgsql/extension/tsm_system_time*
%{_datadir}/pgsql/extension/unaccent* %{_datadir}/pgsql/extension/unaccent*
%{_libdir}/pgsql/_int.so %{_libdir}/pgsql/_int.so
%{_libdir}/pgsql/adminpack.so %{_libdir}/pgsql/adminpack.so
%{_libdir}/pgsql/amcheck.so
%{_libdir}/pgsql/auth_delay.so %{_libdir}/pgsql/auth_delay.so
%{_libdir}/pgsql/auto_explain.so %{_libdir}/pgsql/auto_explain.so
%{_libdir}/pgsql/autoinc.so %{_libdir}/pgsql/autoinc.so
@ -1005,6 +995,7 @@ make -C postgresql-setup-%{setup_version} check
%{_libdir}/pgsql/tcn.so %{_libdir}/pgsql/tcn.so
%{_libdir}/pgsql/test_decoding.so %{_libdir}/pgsql/test_decoding.so
%{_libdir}/pgsql/timetravel.so %{_libdir}/pgsql/timetravel.so
%{_libdir}/pgsql/tsearch2.so
%{_libdir}/pgsql/tsm_system_rows.so %{_libdir}/pgsql/tsm_system_rows.so
%{_libdir}/pgsql/tsm_system_time.so %{_libdir}/pgsql/tsm_system_time.so
%{_libdir}/pgsql/unaccent.so %{_libdir}/pgsql/unaccent.so
@ -1014,7 +1005,7 @@ make -C postgresql-setup-%{setup_version} check
%{_mandir}/man1/pg_standby.* %{_mandir}/man1/pg_standby.*
%{_mandir}/man1/pg_test_fsync.* %{_mandir}/man1/pg_test_fsync.*
%{_mandir}/man1/pg_test_timing.* %{_mandir}/man1/pg_test_timing.*
%{_mandir}/man1/pg_waldump.* %{_mandir}/man1/pg_xlogdump.*
%{_mandir}/man1/pgbench.* %{_mandir}/man1/pgbench.*
%{_mandir}/man1/vacuumlo.* %{_mandir}/man1/vacuumlo.*
%{_mandir}/man3/dblink* %{_mandir}/man3/dblink*
@ -1040,13 +1031,12 @@ make -C postgresql-setup-%{setup_version} check
%{_bindir}/pg_basebackup %{_bindir}/pg_basebackup
%{_bindir}/pg_controldata %{_bindir}/pg_controldata
%{_bindir}/pg_ctl %{_bindir}/pg_ctl
%{_bindir}/pg_receivewal %{_bindir}/pg_receivexlog
%{_bindir}/pg_recvlogical %{_bindir}/pg_recvlogical
%{_bindir}/pg_resetwal %{_bindir}/pg_resetxlog
%{_bindir}/pg_rewind %{_bindir}/pg_rewind
%{_bindir}/postgres %{_bindir}/postgres
%{_bindir}/postgresql-setup %{_bindir}/postgresql-setup
%{_bindir}/postgresql-upgrade
%{_bindir}/postmaster %{_bindir}/postmaster
%dir %{_datadir}/pgsql %dir %{_datadir}/pgsql
%{_datadir}/pgsql/*.sample %{_datadir}/pgsql/*.sample
@ -1070,7 +1060,6 @@ make -C postgresql-setup-%{setup_version} check
%{_libdir}/pgsql/euc2004_sjis2004.so %{_libdir}/pgsql/euc2004_sjis2004.so
%{_libdir}/pgsql/libpqwalreceiver.so %{_libdir}/pgsql/libpqwalreceiver.so
%{_libdir}/pgsql/pg_prewarm.so %{_libdir}/pgsql/pg_prewarm.so
%{_libdir}/pgsql/pgoutput.so
%{_libdir}/pgsql/plpgsql.so %{_libdir}/pgsql/plpgsql.so
%dir %{_libexecdir}/initscripts/legacy-actions/postgresql %dir %{_libexecdir}/initscripts/legacy-actions/postgresql
%{_libexecdir}/initscripts/legacy-actions/postgresql/* %{_libexecdir}/initscripts/legacy-actions/postgresql/*
@ -1082,14 +1071,13 @@ make -C postgresql-setup-%{setup_version} check
%{_mandir}/man1/pg_basebackup.* %{_mandir}/man1/pg_basebackup.*
%{_mandir}/man1/pg_controldata.* %{_mandir}/man1/pg_controldata.*
%{_mandir}/man1/pg_ctl.* %{_mandir}/man1/pg_ctl.*
%{_mandir}/man1/pg_receivewal.* %{_mandir}/man1/pg_receivexlog.*
%{_mandir}/man1/pg_resetwal.* %{_mandir}/man1/pg_resetxlog.*
%{_mandir}/man1/pg_rewind.* %{_mandir}/man1/pg_rewind.*
%{_mandir}/man1/postgres.* %{_mandir}/man1/postgres.*
%{_mandir}/man1/postgresql-new-systemd-unit.* %{_mandir}/man1/postgresql-new-systemd-unit.*
%{_mandir}/man1/postgresql-setup.* %{_mandir}/man1/postgresql-setup.*
%{_mandir}/man1/postmaster.* %{_mandir}/man1/postmaster.*
%{_mandir}/man1/postgresql-upgrade.*
%{_sbindir}/postgresql-new-systemd-unit %{_sbindir}/postgresql-new-systemd-unit
%{_tmpfilesdir}/postgresql.conf %{_tmpfilesdir}/postgresql.conf
%{_unitdir}/*postgresql*.service %{_unitdir}/*postgresql*.service
@ -1150,7 +1138,11 @@ make -C postgresql-setup-%{setup_version} check
%if %pltcl %if %pltcl
%files pltcl -f pltcl.lst %files pltcl -f pltcl.lst
%{_bindir}/pltcl_delmod
%{_bindir}/pltcl_listmod
%{_bindir}/pltcl_loadmod
%{_datadir}/pgsql/extension/pltcl* %{_datadir}/pgsql/extension/pltcl*
%{_datadir}/pgsql/unknown.pltcl
%{_libdir}/pgsql/pltcl.so %{_libdir}/pgsql/pltcl.so
%endif %endif
@ -1177,114 +1169,52 @@ make -C postgresql-setup-%{setup_version} check
%changelog %changelog
* Mon Dec 18 2023 Lubos Kloucek <lubos.kloucek@oracle.com> - 10.23-3 * Mon May 31 2021 Filip Januš <fjanus@redhat.com> - 9.6.22-1
- Resolves: CVE-2023-5869 - Rebase to 9.6.22
Resolves: #1964517
* Tue Aug 08 2023 David Sloboda <david.x.sloboda@oracle.com> - 10.23-2.0.1
- Fixed postgresql port binding issue during bootup [Orabug: 35103668]
* Wed Jul 19 2023 Dominik Rehák <drehak@redhat.com> - 10.23-2
- Backport fixes for CVE-2023-2454 and CVE-2023-2455
- Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)
- Resolves: #2207931
* Wed Nov 16 2022 Filip Januš <fjanus@redhat.com> - 10.23-1
- Resolves: CVE-2022-2625
- Rebase to 10.23
* Mon May 16 2022 Filip Januš <fjanus@redhat.com> - 10.21-1
- Resolves: CVE-2022-1552
- Update to 10.21
- Release notes: https://www.postgresql.org/docs/release/10.21/
* Mon Dec 13 2021 Filip Januš <fjanus@redhat.com> - 10.19-2
- Add missing files into file section of server package
postgresql-setup v8.6 newly provides postgresql-upgrade
* Mon Dec 06 2021 Filip Januš <fjanus@redhat.com> - 10.19-1
- Update to 10.19
- Resolves: CVE-2021-23214
* Mon Nov 29 2021 Marek Kulik <mkulik@redhat.com> - 10.17-4
- Update postgresql-setup to 8.6 (#2024568)
* Wed Nov 03 2021 Filip Januš <fjanus@redhat.com> - 10.17-3
- Fix tmp files deprecated path
- Resolves: #1992263
* Wed Jul 14 2021 Filip Januš <fjanus@redhat.com> - 10.17-2
- Enable ssl for upgrade server
Resolves: #1982701
* Tue Jun 1 2021 Filip Januš <fjanus@redhat.com> - 10.17-1
- Update to 10.17
Resolves: #1964521
Fix: CVE-2021-32027, CVE-2021-32028 Fix: CVE-2021-32027, CVE-2021-32028
* Wed Nov 18 2020 Patrik Novotný <panovotn@redhat.com> - 10.15-1 * Thu Nov 19 2020 Patrik Novotný <panovotn@redhat.com> - 9.6.20-1
- Rebase to upstream release 10.15 - Rebase to upstream release 9.6.20
Resolves: rhbz#1898214 Resolves: rhbz#1898246
Resolves: rhbz#1898342 Resolves: rhbz#1898219
Resolves: rhbz#1898248 Resolves: rhbz#1898335
* Tue Aug 11 2020 Patrik Novotný <panovotn@redhat.com> - 10.14-1 * Mon Aug 24 2020 Honza Horak <hhorak@redhat.com> - 9.6.19-1
- Rebase to upstream release 10.14 - Rebase to 9.6.19
Fixes RHBZ#1727803 Also fixes: CVE-2019-10208, CVE-2020-14350, CVE-2019-10130
Fixes RHBZ#1741489 Resolves: #1741490
Fixes RHBZ#1709196 Resolves: #1867111
Resolves: #1845074
* Tue May 12 2020 Patrik Novotný <panovotn@redhat.com> - 10.13-1 * Fri Aug 10 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.10-1
- Rebase to upstream release 10.13 - update to the latest 9.6 release
Fixes RHBZ#1727803
Fixes RHBZ#1741489
Fixes RHBZ#1709196
* Thu Nov 15 2018 Pavel Raiskup <praiskup@redhat.com> - 10.6-1 * Fri Jul 13 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.9-1
- update to 10.6 per release notes: - update to the latest 9.6 release
https://www.postgresql.org/docs/10/release-10-6.html
* Fri Aug 10 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-1 * Thu Apr 26 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-5
- update to 10.5 per release notes:
https://www.postgresql.org/docs/10/static/release-10-5.html
* Thu Aug 02 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-4
- new postgresql-setup, the %%postgresql_tests* macros now start
the build-time server on random port number
* Wed Aug 01 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-3
- gcc is fixed (rhbz#1600395), dropping the workaround patch
* Thu Jul 12 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-2
- fix pg_config-*.mo collision with libpq-devel
* Thu Jul 12 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-1
- sync with fedora rawhide
* Thu Apr 26 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-5
- pltcl: drop tcl-pltcl dependency (rhbz#1571181) - pltcl: drop tcl-pltcl dependency (rhbz#1571181)
* Thu Apr 19 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-4 * Mon Apr 23 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-4
- fix upgrade subpackage (sync with F28+) - sync with branch arb-10
* Wed Apr 18 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-3 * Tue Apr 17 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-3
- missing *-devel => *-server-devel* changes (rhbz#1569041) - build with sd_notify, too (required by modern service files)
* Fri Apr 13 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-2 * Fri Apr 13 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-2
- sync with stream 10
* Fri Apr 06 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-1.3
- don't build *-libs subpackage - don't build *-libs subpackage
- don't collide with libpq{,-devel} - don't collide with libpq{,-devel}
- sync with fedora rawhide
* Thu Mar 01 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-1 * Fri Apr 06 2018 Pavel Raiskup <praiskup@redhat.com> - 9.6.8-1
- update to 10.3 per release notes: - update to 9.6.8 per release notes:
https://www.postgresql.org/docs/10/static/release-10-3.html https://www.postgresql.org/docs/9.6/static/release-9-6-8.html
https://www.postgresql.org/docs/9.6/static/release-9-6-7.html
* Tue Dec 19 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-2 https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
- build plpython3 subpackage - rebase to new postgresql-setup 6.0 version, to fix CVE-2017-15097
* Tue Dec 19 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-1
- sync with Fedora 28 state
- fix prevmajorversion to 9.2 (RHEL7 version)
- reset Release to 1, for RHEL8 purposes
* Tue Aug 29 2017 Pavel Raiskup <praiskup@redhat.com> - 9.6.5-1 * Tue Aug 29 2017 Pavel Raiskup <praiskup@redhat.com> - 9.6.5-1
- update to 9.6.5 per release notes: - update to 9.6.5 per release notes:

1
postgresql.tmpfiles.d Normal file
View File

@ -0,0 +1 @@
d /var/run/postgresql 0755 postgres postgres -

4
sources Normal file
View File

@ -0,0 +1,4 @@
SHA512 (postgresql-9.6.22.tar.bz2) = 371f85f2d02a8a3b888396440149e9b432f91e106a7feb8a163b275a0586843683124281a0965abf3c1215cb68e2002976913f88c75e35e52ac5f78d4145fd7b
SHA512 (postgresql-9.6.22.tar.bz2.sha256) = f2e84dc64753f4233ba7a1976d5a85c62f905018516c5597d94c5a430b6ecf82d4e240cf340b009544a517688b6b05f209ce761422a9f6e3e368896e338aad5f
SHA512 (postgresql-setup-8.2.tar.gz) = b21ec508e207074ae1f5259479415f99301ae58a766d476a16fec620b7778ef6e5d32fa1d2cc0060cbfc5eee328a9495182500a8f2f8573ef20c359c290d8430
SHA512 (postgresql-9.6.22-US.pdf) = a591d44a6a25bbbbda7ca1ab284fce8fd2cde25651d36442c13f669e9678f2db605a8f81febb8058bee30b7668b6b9b0165fed7afc83444c0ec7629244aa0a8d