15 changed files with 1145 additions and 378 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/postgresql-10.21.tar.bz2
-SOURCES/postgresql-12.12-US.pdf
-SOURCES/postgresql-12.12.tar.bz2
-SOURCES/postgresql-setup-8.6.tar.gz
+SOURCES/postgresql-10.23-US.pdf
+SOURCES/postgresql-10.23.tar.bz2
+SOURCES/postgresql-9.2.24.tar.bz2
+SOURCES/postgresql-setup-8.7.tar.gz
--- a/.postgresql.metadata
+++ b/.postgresql.metadata
@ -1,4 +1,4 @@
-8ecd9d4592f91a6f36bf8e1ab4b1054f38fbe340 SOURCES/postgresql-10.21.tar.bz2
-99183ea965141d4324d7c6fee1d1124219537369 SOURCES/postgresql-12.12-US.pdf
-3535af833fd0045b65f4bd3914bfab9ecc7fc35d SOURCES/postgresql-12.12.tar.bz2
-9e12ee26bf41d3831f83049b51ae5da76de2ce12 SOURCES/postgresql-setup-8.6.tar.gz
+a416c245ff0815fbde534bc49b0a07ffdd373894 SOURCES/postgresql-10.23-US.pdf
+2df7b4b3751112f3cb543c3ea81e45531bebc7a1 SOURCES/postgresql-10.23.tar.bz2
+63d6966ccdbab6aae1f9754fdb8e341ada1ef653 SOURCES/postgresql-9.2.24.tar.bz2
+fb97095dc9648f9c31d58fcb406831da5e419ddf SOURCES/postgresql-setup-8.7.tar.gz
--- a/SOURCES/Makefile.regress
+++ b/SOURCES/Makefile.regress
@ -47,9 +47,7 @@ installcheck-parallel: cleandirs
 cleandirs:
 	-rm -rf testtablespace results
 	mkdir testtablespace results
-	if test -x /usr/bin/chcon && ! test -f /.dockerenv; then \
-	    /usr/bin/chcon -u system_u -r object_r -t postgresql_db_t testtablespace results ; \
-	fi
+	[ -x /usr/bin/chcon ] && /usr/bin/chcon -u system_u -r object_r -t postgresql_db_t testtablespace results

 # old interfaces follow...

--- a/SOURCES/postgresql-10.15-contrib-dblink-expected-out.patch
+++ b/SOURCES/postgresql-10.15-contrib-dblink-expected-out.patch
--- a/SOURCES/postgresql-10.21.tar.bz2.sha256
+++ b/SOURCES/postgresql-10.21.tar.bz2.sha256
@ -1 +0,0 @@
-d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1  postgresql-10.21.tar.bz2
--- a/SOURCES/postgresql-10.23-CVE-2023-2454.patch
+++ b/SOURCES/postgresql-10.23-CVE-2023-2454.patch
@ -0,0 +1,249 @@
+From 681d9e4621aac0a9c71364b6f54f00f6d8c4337f Mon Sep 17 00:00:00 2001
+From 8d525d7b9545884a3e0d79adcd61543f9ae2ae28 Mon Sep 17 00:00:00 2001
+From: Noah Misch <noah@leadboat.com>
+Date: Mon, 8 May 2023 06:14:07 -0700
+Subject: Replace last PushOverrideSearchPath() call with
+ set_config_option().
+
+The two methods don't cooperate, so set_config_option("search_path",
+...) has been ineffective under non-empty overrideStack.  This defect
+enabled an attacker having database-level CREATE privilege to execute
+arbitrary code as the bootstrap superuser.  While that particular attack
+requires v13+ for the trusted extension attribute, other attacks are
+feasible in all supported versions.
+
+Standardize on the combination of NewGUCNestLevel() and
+set_config_option("search_path", ...).  It is newer than
+PushOverrideSearchPath(), more-prevalent, and has no known
+disadvantages.  The "override" mechanism remains for now, for
+compatibility with out-of-tree code.  Users should update such code,
+which likely suffers from the same sort of vulnerability closed here.
+Back-patch to v11 (all supported versions).
+
+Alexander Lakhin.  Reported by Alexander Lakhin.
+
+Security: CVE-2023-2454
+---
+ contrib/seg/Makefile                    |  2 +-
+ contrib/seg/expected/security.out       | 32 ++++++++++++++++++
+ contrib/seg/sql/security.sql            | 32 ++++++++++++++++++
+ src/backend/catalog/namespace.c         |  4 +++
+ src/backend/commands/schemacmds.c       | 37 ++++++++++++++------
+ src/test/regress/expected/namespace.out | 45 +++++++++++++++++++++++++
+ src/test/regress/sql/namespace.sql      | 24 +++++++++++++
+ 7 files changed, 165 insertions(+), 11 deletions(-)
+ create mode 100644 contrib/seg/expected/security.out
+ create mode 100644 contrib/seg/sql/security.sql
+
+diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
+index 14e57adee2..73ddb67882 100644
+--- a/src/backend/catalog/namespace.c
+++ b/src/backend/catalog/namespace.c
+@@ -3515,6 +3515,10 @@ OverrideSearchPathMatchesCurrent(OverrideSearchPath *path)
+ /*
+  * PushOverrideSearchPath - temporarily override the search path
+  *
+ * Do not use this function; almost any usage introduces a security
+ * vulnerability.  It exists for the benefit of legacy code running in
+ * non-security-sensitive environments.
+ *
+  * We allow nested overrides, hence the push/pop terminology.  The GUC
+  * search_path variable is ignored while an override is active.
+  *
+diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
+index 48590247f8..b6a71154a8 100644
+--- a/src/backend/commands/schemacmds.c
+++ b/src/backend/commands/schemacmds.c
+@@ -30,6 +30,7 @@
+ #include "commands/schemacmds.h"
+ #include "miscadmin.h"
+ #include "parser/parse_utilcmd.h"
+#include "parser/scansup.h"
+ #include "tcop/utility.h"
+ #include "utils/acl.h"
+ #include "utils/builtins.h"
+@@ -53,14 +54,16 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
+ {
+ 	const char *schemaName = stmt->schemaname;
+ 	Oid			namespaceId;
+-	OverrideSearchPath *overridePath;
+ 	List	   *parsetree_list;
+ 	ListCell   *parsetree_item;
+ 	Oid			owner_uid;
+ 	Oid			saved_uid;
+ 	int			save_sec_context;
+	int			save_nestlevel;
+	char	   *nsp = namespace_search_path;
+ 	AclResult	aclresult;
+ 	ObjectAddress address;
+	StringInfoData pathbuf;
+ 
+ 	GetUserIdAndSecContext(&saved_uid, &save_sec_context);
+ 
+@@ -153,14 +156,26 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
+ 	CommandCounterIncrement();
+ 
+ 	/*
+-	 * Temporarily make the new namespace be the front of the search path, as
+-	 * well as the default creation target namespace.  This will be undone at
+-	 * the end of this routine, or upon error.
+	 * Prepend the new schema to the current search path.
+	 *
+	 * We use the equivalent of a function SET option to allow the setting to
+	 * persist for exactly the duration of the schema creation.  guc.c also
+	 * takes care of undoing the setting on error.
+ 	 */
+-	overridePath = GetOverrideSearchPath(CurrentMemoryContext);
+-	overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas);
+-	/* XXX should we clear overridePath->useTemp? */
+-	PushOverrideSearchPath(overridePath);
+	save_nestlevel = NewGUCNestLevel();
+
+	initStringInfo(&pathbuf);
+	appendStringInfoString(&pathbuf, quote_identifier(schemaName));
+
+	while (scanner_isspace(*nsp))
+		nsp++;
+
+	if (*nsp != '\0')
+		appendStringInfo(&pathbuf, ", %s", nsp);
+
+	(void) set_config_option("search_path", pathbuf.data,
+							 PGC_USERSET, PGC_S_SESSION,
+							 GUC_ACTION_SAVE, true, 0, false);
+ 
+ 	/*
+ 	 * Report the new schema to possibly interested event triggers.  Note we
+@@ -215,8 +230,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
+ 		CommandCounterIncrement();
+ 	}
+ 
+-	/* Reset search path to normal state */
+-	PopOverrideSearchPath();
+	/*
+	 * Restore the GUC variable search_path we set above.
+	 */
+	AtEOXact_GUC(true, save_nestlevel);
+ 
+ 	/* Reset current user and security context */
+ 	SetUserIdAndSecContext(saved_uid, save_sec_context);
+diff --git a/src/test/regress/expected/namespace.out b/src/test/regress/expected/namespace.out
+index 2564d1b080..a62fd8ded0 100644
+--- a/src/test/regress/expected/namespace.out
+++ b/src/test/regress/expected/namespace.out
+@@ -1,6 +1,14 @@
+ --
+ -- Regression tests for schemas (namespaces)
+ --
+-- set the whitespace-only search_path to test that the
+-- GUC list syntax is preserved during a schema creation
+SELECT pg_catalog.set_config('search_path', ' ', false);
+ set_config 
+------------
+  
+(1 row)
+
+ CREATE SCHEMA test_schema_1
+        CREATE UNIQUE INDEX abc_a_idx ON abc (a)
+        CREATE VIEW abc_view AS
+@@ -9,6 +17,43 @@ CREATE SCHEMA test_schema_1
+               a serial,
+               b int UNIQUE
+        );
+-- verify that the correct search_path restored on abort
+SET search_path to public;
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+       CREATE VIEW abc_view AS SELECT c FROM abc;
+ERROR:  column "c" does not exist
+LINE 2:        CREATE VIEW abc_view AS SELECT c FROM abc;
+                                              ^
+COMMIT;
+SHOW search_path;
+ search_path 
+-------------
+ public
+(1 row)
+
+-- verify that the correct search_path preserved
+-- after creating the schema and on commit
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+       CREATE VIEW abc_view AS SELECT a FROM abc;
+SHOW search_path;
+      search_path      
+-----------------------
+ public, test_schema_1
+(1 row)
+
+COMMIT;
+SHOW search_path;
+      search_path      
+-----------------------
+ public, test_schema_1
+(1 row)
+
+DROP SCHEMA test_schema_2 CASCADE;
+NOTICE:  drop cascades to view test_schema_2.abc_view
+ -- verify that the objects were created
+ SELECT COUNT(*) FROM pg_class WHERE relnamespace =
+     (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+diff --git a/src/test/regress/sql/namespace.sql b/src/test/regress/sql/namespace.sql
+index 6b12c96193..3474f5ecf4 100644
+--- a/src/test/regress/sql/namespace.sql
+++ b/src/test/regress/sql/namespace.sql
+@@ -2,6 +2,10 @@
+ -- Regression tests for schemas (namespaces)
+ --
+ 
+-- set the whitespace-only search_path to test that the
+-- GUC list syntax is preserved during a schema creation
+SELECT pg_catalog.set_config('search_path', ' ', false);
+
+ CREATE SCHEMA test_schema_1
+        CREATE UNIQUE INDEX abc_a_idx ON abc (a)
+ 
+@@ -13,6 +17,26 @@ CREATE SCHEMA test_schema_1
+               b int UNIQUE
+        );
+ 
+-- verify that the correct search_path restored on abort
+SET search_path to public;
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+       CREATE VIEW abc_view AS SELECT c FROM abc;
+COMMIT;
+SHOW search_path;
+
+-- verify that the correct search_path preserved
+-- after creating the schema and on commit
+BEGIN;
+SET search_path to public, test_schema_1;
+CREATE SCHEMA test_schema_2
+       CREATE VIEW abc_view AS SELECT a FROM abc;
+SHOW search_path;
+COMMIT;
+SHOW search_path;
+DROP SCHEMA test_schema_2 CASCADE;
+
+ -- verify that the objects were created
+ SELECT COUNT(*) FROM pg_class WHERE relnamespace =
+     (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+diff --git a/contrib/sepgsql/expected/ddl.out b/contrib/sepgsql/expected/ddl.out
+index e8da587564..15d2b9c5e7 100644
+--- a/contrib/sepgsql/expected/ddl.out
+++ b/contrib/sepgsql/expected/ddl.out
+@@ -24,7 +24,6 @@ LOG:  SELinux: allowed { create } scontext=unconfined_u:unconfined_r:sepgsql_reg
+ CREATE USER regress_sepgsql_test_user;
+ CREATE SCHEMA regtest_schema;
+ LOG:  SELinux: allowed { create } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="regtest_schema"
+-LOG:  SELinux: allowed { search } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=system_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="public"
+ GRANT ALL ON SCHEMA regtest_schema TO regress_sepgsql_test_user;
+ SET search_path = regtest_schema, public;
+ CREATE TABLE regtest_table (x serial primary key, y text);
+-- 
+2.41.0
+
--- a/SOURCES/postgresql-10.23-CVE-2023-2455.patch
+++ b/SOURCES/postgresql-10.23-CVE-2023-2455.patch
@ -0,0 +1,114 @@
+From ca73753b090c33bc69ce299b4d7fff891a77b8ad Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 8 May 2023 10:12:44 -0400
+Subject: Handle RLS dependencies in inlined set-returning
+ functions properly.
+
+If an SRF in the FROM clause references a table having row-level
+security policies, and we inline that SRF into the calling query,
+we neglected to mark the plan as potentially dependent on which
+role is executing it.  This could lead to later executions in the
+same session returning or hiding rows that should have been hidden
+or returned instead.
+
+Our thanks to Wolfgang Walther for reporting this problem.
+
+Stephen Frost and Tom Lane
+
+Security: CVE-2023-2455
+---
+ src/backend/optimizer/util/clauses.c      |  7 ++++++
+ src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++
+ src/test/regress/sql/rowsecurity.sql      | 20 +++++++++++++++++
+ 3 files changed, 54 insertions(+)
+
+diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c
+index a9c7bc342e..11269fee3e 100644
+--- a/src/backend/optimizer/util/clauses.c
+++ b/src/backend/optimizer/util/clauses.c
+@@ -5205,6 +5205,13 @@ inline_set_returning_function(PlannerInfo *root, RangeTblEntry *rte)
+ 	 */
+ 	record_plan_function_dependency(root, func_oid);
+ 
+	/*
+	 * We must also notice if the inserted query adds a dependency on the
+	 * calling role due to RLS quals.
+	 */
+	if (querytree->hasRowSecurity)
+		root->glob->dependsOnRole = true;
+
+ 	return querytree;
+ 
+ 	/* Here if func is not inlinable: release temp memory and return NULL */
+diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
+index 38f53ed486..e278346420 100644
+--- a/src/test/regress/expected/rowsecurity.out
+++ b/src/test/regress/expected/rowsecurity.out
+@@ -4427,6 +4427,33 @@ SELECT * FROM rls_tbl;
+ 
+ DROP TABLE rls_tbl;
+ RESET SESSION AUTHORIZATION;
+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency
+create table rls_t (c text);
+insert into rls_t values ('invisible to bob');
+alter table rls_t enable row level security;
+grant select on rls_t to regress_rls_alice, regress_rls_bob;
+create policy p1 on rls_t for select to regress_rls_alice using (true);
+create policy p2 on rls_t for select to regress_rls_bob using (false);
+create function rls_f () returns setof rls_t
+  stable language sql
+  as $$ select * from rls_t $$;
+prepare q as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute q;
+   current_user    |        c         
+-------------------+------------------
+ regress_rls_alice | invisible to bob
+(1 row)
+
+set role regress_rls_bob;
+execute q;
+ current_user | c 
+--------------+---
+(0 rows)
+
+RESET ROLE;
+DROP FUNCTION rls_f();
+DROP TABLE rls_t;
+ --
+ -- Clean up objects
+ --
+diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql
+index 0fd0cded7d..3d664538a6 100644
+--- a/src/test/regress/sql/rowsecurity.sql
+++ b/src/test/regress/sql/rowsecurity.sql
+@@ -2127,6 +2127,26 @@ SELECT * FROM rls_tbl;
+ DROP TABLE rls_tbl;
+ RESET SESSION AUTHORIZATION;
+ 
+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency
+create table rls_t (c text);
+insert into rls_t values ('invisible to bob');
+alter table rls_t enable row level security;
+grant select on rls_t to regress_rls_alice, regress_rls_bob;
+create policy p1 on rls_t for select to regress_rls_alice using (true);
+create policy p2 on rls_t for select to regress_rls_bob using (false);
+create function rls_f () returns setof rls_t
+  stable language sql
+  as $$ select * from rls_t $$;
+prepare q as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute q;
+set role regress_rls_bob;
+execute q;
+
+RESET ROLE;
+DROP FUNCTION rls_f();
+DROP TABLE rls_t;
+
+ --
+ -- Clean up objects
+ --
+-- 
+2.41.0
+
--- a/SOURCES/postgresql-10.23-CVE-2023-5869.patch
+++ b/SOURCES/postgresql-10.23-CVE-2023-5869.patch
@ -0,0 +1,576 @@
+From d267cea24ea346c739c85bf7bccbd8e8f59da6b3 Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 6 Nov 2023 10:56:43 -0500
+Subject: [PATCH 1/1] Detect integer overflow while computing new array
+ dimensions.
+
+array_set_element() and related functions allow an array to be
+enlarged by assigning to subscripts outside the current array bounds.
+While these places were careful to check that the new bounds are
+allowable, they neglected to consider the risk of integer overflow
+in computing the new bounds.  In edge cases, we could compute new
+bounds that are invalid but get past the subsequent checks,
+allowing bad things to happen.  Memory stomps that are potentially
+exploitable for arbitrary code execution are possible, and so is
+disclosure of server memory.
+
+To fix, perform the hazardous computations using overflow-detecting
+arithmetic routines, which fortunately exist in all still-supported
+branches.
+
+The test cases added for this generate (after patching) errors that
+mention the value of MaxArraySize, which is platform-dependent.
+Rather than introduce multiple expected-files, use psql's VERBOSITY
+parameter to suppress the printing of the message text.  v11 psql
+lacks that parameter, so omit the tests in that branch.
+
+Our thanks to Pedro Gallegos for reporting this problem.
+
+Security: CVE-2023-5869
+Sign-Off-By: Tianyue Lan <tianyue.lan@oracle.com>
+
+---
+ src/backend/utils/adt/arrayfuncs.c   | 85 ++++++++++++++++++++++------
+ src/backend/utils/adt/arrayutils.c   |  6 --
+ src/include/utils/array.h            |  7 +++
+ src/test/regress/expected/arrays.out | 17 ++++++
+ src/test/regress/sql/arrays.sql      | 19 +++++++
+ src/include/common/int.h | 273 +++++++++++++++++++++++++++++++++++++++
+ create mode 100644 src/include/common/int.h
+ 6 files changed, 383 insertions(+), 24 deletions(-)
+
+diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
+index 553c517..7363893 100644
+--- a/src/backend/utils/adt/arrayfuncs.c
+++ b/src/backend/utils/adt/arrayfuncs.c
+@@ -22,6 +22,7 @@
+ 
+ #include "access/htup_details.h"
+ #include "catalog/pg_type.h"
+#include "common/int.h"
+ #include "funcapi.h"
+ #include "libpq/pqformat.h"
+ #include "utils/array.h"
+@@ -2309,22 +2310,38 @@ array_set_element(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
+	 * Check subscripts.  We assume the existing subscripts passed
+	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+	 * overflow.  But we must beware of other overflows in our calculations of
+	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - indx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			if (addedbefore > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+ 		}
+@@ -2568,14 +2585,23 @@ array_set_element_expanded(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts (this logic matches original array_set_element)
+	 * Check subscripts (this logic must match array_set_element).  We assume
+	 * the existing subscripts passed ArrayCheckBounds, so that dim[i] + lb[i]
+	 * can be computed without overflow.  But we must beware of other
+	 * overflows in our calculations of new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+ 		if (indx[0] < lb[0])
+ 		{
+-			addedbefore = lb[0] - indx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - indx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = indx[0];
+ 			dimschanged = true;
+ 			if (addedbefore > 1)
+@@ -2583,8 +2609,15 @@ array_set_element_expanded(Datum arraydatum,
+ 		}
+ 		if (indx[0] >= (dim[0] + lb[0]))
+ 		{
+-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+			/* addedafter = indx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			dimschanged = true;
+ 			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+@@ -2866,7 +2899,10 @@ array_set_slice(Datum arraydatum,
+ 	addedbefore = addedafter = 0;
+ 
+ 	/*
+-	 * Check subscripts
+	 * Check subscripts.  We assume the existing subscripts passed
+	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without
+	 * overflow.  But we must beware of other overflows in our calculations of
+	 * new dim[] values.
+ 	 */
+ 	if (ndim == 1)
+ 	{
+@@ -2881,18 +2917,31 @@ array_set_slice(Datum arraydatum,
+ 					 errmsg("upper bound cannot be less than lower bound")));
+ 		if (lowerIndx[0] < lb[0])
+ 		{
+-			if (upperIndx[0] < lb[0] - 1)
+-				newhasnulls = true; /* will insert nulls */
+-			addedbefore = lb[0] - lowerIndx[0];
+-			dim[0] += addedbefore;
+			/* addedbefore = lb[0] - lowerIndx[0]; */
+			/* dim[0] += addedbefore; */
+			if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) ||
+				pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+ 			lb[0] = lowerIndx[0];
+			if (addedbefore > 1)
+				newhasnulls = true; /* will insert nulls */
+ 		}
+ 		if (upperIndx[0] >= (dim[0] + lb[0]))
+ 		{
+-			if (lowerIndx[0] > (dim[0] + lb[0]))
+			/* addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1; */
+			/* dim[0] += addedafter; */
+			if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) ||
+				pg_add_s32_overflow(addedafter, 1, &addedafter) ||
+				pg_add_s32_overflow(dim[0], addedafter, &dim[0]))
+				ereport(ERROR,
+						(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+						 errmsg("array size exceeds the maximum allowed (%d)",
+								(int) MaxArraySize)));
+			if (addedafter > 1)
+ 				newhasnulls = true; /* will insert nulls */
+-			addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;
+-			dim[0] += addedafter;
+ 		}
+ 	}
+ 	else
+diff --git a/src/backend/utils/adt/arrayutils.c b/src/backend/utils/adt/arrayutils.c
+index f7c6a51..eb5f2a0 100644
+--- a/src/backend/utils/adt/arrayutils.c
+++ b/src/backend/utils/adt/arrayutils.c
+@@ -63,10 +63,6 @@ ArrayGetOffset0(int n, const int *tup, const int *scale)
+  * This must do overflow checking, since it is used to validate that a user
+  * dimensionality request doesn't overflow what we can handle.
+  *
+- * We limit array sizes to at most about a quarter billion elements,
+- * so that it's not necessary to check for overflow in quite so many
+- * places --- for instance when palloc'ing Datum arrays.
+- *
+  * The multiplication overflow check only works on machines that have int64
+  * arithmetic, but that is nearly all platforms these days, and doing check
+  * divides for those that don't seems way too expensive.
+@@ -77,8 +73,6 @@ ArrayGetNItems(int ndim, const int *dims)
+ 	int32		ret;
+ 	int			i;
+ 
+-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+-
+ 	if (ndim <= 0)
+ 		return 0;
+ 	ret = 1;
+diff --git a/src/include/utils/array.h b/src/include/utils/array.h
+index 905f6b0..3e4c09d 100644
+--- a/src/include/utils/array.h
+++ b/src/include/utils/array.h
+@@ -65,6 +65,13 @@
+ #include "utils/expandeddatum.h"
+ 
+ 
+/*
+ * Maximum number of elements in an array.  We limit this to at most about a
+ * quarter billion elements, so that it's not necessary to check for overflow
+ * in quite so many places --- for instance when palloc'ing Datum arrays.
+ */
+#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))
+
+ /*
+  * Arrays are varlena objects, so must meet the varlena convention that
+  * the first int32 of the object contains the total object size in bytes.
+diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
+index c730563..e4ec394 100644
+--- a/src/test/regress/expected/arrays.out
+++ b/src/test/regress/expected/arrays.out
+@@ -1347,6 +1347,23 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ -- then you didn't get an indexscan plan, and something is busted.
+ reset enable_seqscan;
+ reset enable_bitmapscan;
+-- test subscript overflow detection
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+ERROR:  array size exceeds the maximum allowed (134217727)
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+ERROR:  array size exceeds the maximum allowed (134217727)
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+  a := '[-2147483648:-2147483647]={1,2}'::int[];
+  a[2147483647] := 42;
+end $$;
+ERROR:  array size exceeds the maximum allowed (134217727)
+\set VERBOSITY default
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+  ?column? 
+diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
+index 25dd4e2..4ad6e55 100644
+--- a/src/test/regress/sql/arrays.sql
+++ b/src/test/regress/sql/arrays.sql
+@@ -407,6 +407,25 @@ insert into arr_pk_tbl(pk, f1[1:2]) values (1, '{6,7,8}') on conflict (pk)
+ reset enable_seqscan;
+ reset enable_bitmapscan;
+ 
+-- test subscript overflow detection
+
+-- The normal error message includes a platform-dependent limit,
+-- so suppress it to avoid needing multiple expected-files.
+\set VERBOSITY terse
+
+insert into arr_pk_tbl values(10, '[-2147483648:-2147483647]={1,2}');
+update arr_pk_tbl set f1[2147483647] = 42 where pk = 10;
+update arr_pk_tbl set f1[2147483646:2147483647] = array[4,2] where pk = 10;
+
+-- also exercise the expanded-array case
+do $$ declare a int[];
+begin
+  a := '[-2147483648:-2147483647]={1,2}'::int[];
+  a[2147483647] := 42;
+end $$;
+
+\set VERBOSITY default
+
+ -- test [not] (like|ilike) (any|all) (...)
+ select 'foo' like any (array['%a', '%o']); -- t
+ select 'foo' like any (array['%a', '%b']); -- f
+
+diff --git a/src/include/common/int.h b/src/include/common/int.h
+new file mode 100644
+index 0000000..d754798
+--- /dev/null
+++ b/src/include/common/int.h
+@@ -0,0 +1,273 @@
+/*-------------------------------------------------------------------------
+ *
+ * int.h
+ *	  Routines to perform integer math, while checking for overflows.
+ *
+ * The routines in this file are intended to be well defined C, without
+ * relying on compiler flags like -fwrapv.
+ *
+ * To reduce the overhead of these routines try to use compiler intrinsics
+ * where available. That's not that important for the 16, 32 bit cases, but
+ * the 64 bit cases can be considerably faster with intrinsics. In case no
+ * intrinsics are available 128 bit math is used where available.
+ *
+ * Copyright (c) 2017-2019, PostgreSQL Global Development Group
+ *
+ * src/include/common/int.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef COMMON_INT_H
+#define COMMON_INT_H
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#else
+	int32		res = (int32) a + (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#else
+	int32		res = (int32) a - (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s16_overflow(int16 a, int16 b, int16 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#else
+	int32		res = (int32) a * (int32) b;
+
+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int16) res;
+	return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#else
+	int64		res = (int64) a + (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#else
+	int64		res = (int64) a - (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s32_overflow(int32 a, int32 b, int32 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#else
+	int64		res = (int64) a * (int64) b;
+
+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int32) res;
+	return false;
+#endif
+}
+
+/*
+ * If a + b overflows, return true, otherwise store the result of a + b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_add_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_add_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a + (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) ||
+		(a < 0 && b < 0 && a < PG_INT64_MIN - b))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a + b;
+	return false;
+#endif
+}
+
+/*
+ * If a - b overflows, return true, otherwise store the result of a - b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_sub_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_sub_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a - (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) ||
+		(a > 0 && b < 0 && a > PG_INT64_MAX + b))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a - b;
+	return false;
+#endif
+}
+
+/*
+ * If a * b overflows, return true, otherwise store the result of a * b into
+ * *result. The content of *result is implementation defined in case of
+ * overflow.
+ */
+static inline bool
+pg_mul_s64_overflow(int64 a, int64 b, int64 *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+	return __builtin_mul_overflow(a, b, result);
+#elif defined(HAVE_INT128)
+	int128		res = (int128) a * (int128) b;
+
+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = (int64) res;
+	return false;
+#else
+	/*
+	 * Overflow can only happen if at least one value is outside the range
+	 * sqrt(min)..sqrt(max) so check that first as the division can be quite a
+	 * bit more expensive than the multiplication.
+	 *
+	 * Multiplying by 0 or 1 can't overflow of course and checking for 0
+	 * separately avoids any risk of dividing by 0.  Be careful about dividing
+	 * INT_MIN by -1 also, note reversing the a and b to ensure we're always
+	 * dividing it by a positive value.
+	 *
+	 */
+	if ((a > PG_INT32_MAX || a < PG_INT32_MIN ||
+		 b > PG_INT32_MAX || b < PG_INT32_MIN) &&
+		a != 0 && a != 1 && b != 0 && b != 1 &&
+		((a > 0 && b > 0 && a > PG_INT64_MAX / b) ||
+		 (a > 0 && b < 0 && b < PG_INT64_MIN / a) ||
+		 (a < 0 && b > 0 && a < PG_INT64_MIN / b) ||
+		 (a < 0 && b < 0 && a < PG_INT64_MAX / b)))
+	{
+		*result = 0x5EED;		/* to avoid spurious warnings */
+		return true;
+	}
+	*result = a * b;
+	return false;
+#endif
+}
+
+#endif							/* COMMON_INT_H */
+-- 
+2.39.3
+
--- a/SOURCES/postgresql-10.23.tar.bz2.sha256
+++ b/SOURCES/postgresql-10.23.tar.bz2.sha256
@ -0,0 +1 @@
+94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9  postgresql-10.23.tar.bz2
--- a/SOURCES/postgresql-12.12.tar.bz2.sha256
+++ b/SOURCES/postgresql-12.12.tar.bz2.sha256
@ -1 +0,0 @@
-34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c  postgresql-12.12.tar.bz2
--- a/SOURCES/postgresql-9.2.24.tar.bz2.sha256
+++ b/SOURCES/postgresql-9.2.24.tar.bz2.sha256
@ -0,0 +1 @@
+a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126  postgresql-9.2.24.tar.bz2
--- a/SOURCES/postgresql-external-libpq.patch
+++ b/SOURCES/postgresql-external-libpq.patch
@ -1,43 +0,0 @@
-We don't build/install interfaces by upstream's implicit rules.
-
-This patch is used on two places; postgresql.spec and libecpg.spec -- keep those
-in sync!
-
-Related: rhbz#1618698
-
-diff --git a/src/Makefile b/src/Makefile
-index bcdbd95..4bea236 100644
--- a/src/Makefile
-+++ b/src/Makefile
-@@ -20,7 +20,6 @@ SUBDIRS = \
- 	backend/utils/mb/conversion_procs \
- 	backend/snowball \
- 	include \
-	interfaces \
- 	backend/replication/libpqwalreceiver \
- 	backend/replication/pgoutput \
- 	fe_utils \
-diff --git a/src/Makefile.global.in b/src/Makefile.global.in
-index b9d86ac..29df69f 100644
--- a/src/Makefile.global.in
-+++ b/src/Makefile.global.in
-@@ -549,7 +549,7 @@ endif
- # How to link to libpq.  (This macro may be used as-is by backend extensions.
- # Client-side code should go through libpq_pgport or libpq_pgport_shlib,
- # instead.)
-libpq = -L$(libpq_builddir) -lpq
-+libpq = -lpq
- 
- # libpq_pgport is for use by client executables (not libraries) that use libpq.
- # We force clients to pull symbols from the non-shared libraries libpgport
-@@ -579,7 +579,6 @@ endif
- # Commonly used submake targets
- 
- submake-libpq: | submake-generated-headers
-	$(MAKE) -C $(libpq_builddir) all
- 
- submake-libpgport: | submake-generated-headers
- 	$(MAKE) -C $(top_builddir)/src/port all
-- 
-2.21.0
-
--- a/SOURCES/postgresql-no-libs.patch
+++ b/SOURCES/postgresql-no-libs.patch
@ -0,0 +1,33 @@
+diff --git a/src/Makefile b/src/Makefile
+index febbced..9737b55 100644
+--- a/src/Makefile
+++ b/src/Makefile
+@@ -20,7 +20,6 @@ SUBDIRS = \
+ 	backend/utils/mb/conversion_procs \
+ 	backend/snowball \
+ 	include \
+-	interfaces \
+ 	backend/replication/libpqwalreceiver \
+ 	backend/replication/pgoutput \
+ 	fe_utils \
+diff --git a/src/Makefile.global.in b/src/Makefile.global.in
+index 4ed5174..d0e0dae 100644
+--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
+@@ -457,7 +457,7 @@ endif
+ 
+ # This macro is for use by libraries linking to libpq.  (Because libpgport
+ # isn't created with the same link flags as libpq, it can't be used.)
+-libpq = -L$(libpq_builddir) -lpq
+libpq = -lpq
+ 
+ # This macro is for use by client executables (not libraries) that use libpq.
+ # We force clients to pull symbols from the non-shared libraries libpgport
+@@ -483,7 +483,6 @@ endif
+ # Commonly used submake targets
+ 
+ submake-libpq:
+-	$(MAKE) -C $(libpq_builddir) all
+ 
+ submake-libpgport:
+ 	$(MAKE) -C $(top_builddir)/src/port all
--- a/SOURCES/postgresql-server-pg_config.patch
+++ b/SOURCES/postgresql-server-pg_config.patch
@ -1,13 +1,5 @@
-We should ideally provide '/bin/pg_config' in postgresql-server-devel, and
-provide no pg_config binary in libpq package.  But most of the Fedora packages
-that use pg_config actually only build against PG libraries (and
-postgresql-server-devel isn't needed).  So.., to avoid the initial rush around
-rhbz#1618698 change, rather provide pg_server_config binary, which int urn means
-that we'll have to fix only a minimal set of packages which really build
-PostgreSQL server modules.
-
 diff --git a/src/bin/pg_config/Makefile b/src/bin/pg_config/Makefile
-index 02e6f9d..f7c844f 100644
+index c410087..e546b7b 100644
 --- a/src/bin/pg_config/Makefile
 +++ b/src/bin/pg_config/Makefile
@@ -11,28 +11,30 @@
@ -48,12 +40,12 @@ index 02e6f9d..f7c844f 100644
 
 check:
 diff --git a/src/bin/pg_config/nls.mk b/src/bin/pg_config/nls.mk
-index 1d41f90..0f34f37 100644
+index 1d41f90ee0..0f34f371cc 100644
 --- a/src/bin/pg_config/nls.mk
 +++ b/src/bin/pg_config/nls.mk
@@ -1,4 +1,4 @@
 # src/bin/pg_config/nls.mk
 -CATALOG_NAME     = pg_config
 +CATALOG_NAME     = pg_server_config
- AVAIL_LANGUAGES  = cs de es fr he it ja ko pl pt_BR ro ru sv tr uk vi zh_CN zh_TW
+ AVAIL_LANGUAGES  = cs de es fr he it ja ko nb pl pt_BR ro ru sv ta tr zh_CN zh_TW
 GETTEXT_FILES    = pg_config.c ../../common/config_info.c ../../common/exec.c
--- a/SPECS/postgresql.spec
+++ b/SPECS/postgresql.spec
@ -38,7 +38,6 @@
 %{!?pltcl:%global pltcl 1}
 %{!?plperl:%global plperl 1}
 %{!?ssl:%global ssl 1}
-%{!?icu:%global icu 1}
 %{!?kerberos:%global kerberos 1}
 %{!?ldap:%global ldap 1}
 %{!?nls:%global nls 1}
@ -58,28 +57,28 @@

 Summary: PostgreSQL client programs
 Name: postgresql
-%global majorversion 12
-Version: %{majorversion}.12
-Release: 1%{?dist}
+%global majorversion 10
+Version: %{majorversion}.23
+Release: 3%{?dist}

 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
 License: PostgreSQL
+Group: Applications/Databases
 Url: http://www.postgresql.org/

 # This SRPM includes a copy of the previous major release, which is needed for
 # in-place upgrade of an old database.  In most cases it will not be critical
 # that this be kept up with the latest minor release of the previous series;
 # but update when bugs affecting pg_dump output are fixed.
-%global prevmajorversion 10
-%global prevversion %{prevmajorversion}.21
+%global prevversion 9.2.24
+%global prevmajorversion 9.2
 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
 %global precise_version %{?epoch:%epoch:}%version-%release

-%global setup_version 8.6
+%global setup_version 8.7

 %global service_name postgresql.service
-
 Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
 # The PDF file is generated by generate-pdf.sh, which see for comments
 Source1: postgresql-%{version}-US.pdf
@ -106,9 +105,12 @@ Patch1: rpm-pgsql.patch
 Patch2: postgresql-logging.patch
 Patch5: postgresql-var-run-socket.patch
 Patch6: postgresql-man.patch
-Patch8: postgresql-external-libpq.patch
+Patch8: postgresql-no-libs.patch
 Patch9: postgresql-server-pg_config.patch
-Patch10: postgresql-12.5-contrib-dblink-expected-out.patch
+Patch10: postgresql-10.15-contrib-dblink-expected-out.patch
+Patch11: postgresql-10.23-CVE-2023-2454.patch
+Patch12: postgresql-10.23-CVE-2023-2455.patch
+Patch13: postgresql-10.23-CVE-2023-5869.patch

 BuildRequires: gcc
 BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk
@ -172,10 +174,6 @@ BuildRequires: systemtap-sdt-devel
 BuildRequires: libselinux-devel
 %endif

-%if %icu
-BuildRequires:	libicu-devel
-%endif
-
 # https://bugzilla.redhat.com/1464368
 %global __provides_exclude_from %{_libdir}/pgsql

@ -191,6 +189,7 @@ postgresql-server sub-package.

 %package server
 Summary: The programs needed to create and run a PostgreSQL server
+Group: Applications/Databases
 Requires: %{name}%{?_isa} = %precise_version
 Requires(pre): /usr/sbin/useradd
 # We require this to be present for %%{_prefix}/lib/tmpfiles.d
@ -214,6 +213,7 @@ and maintain PostgreSQL databases.

 %package docs
 Summary: Extra documentation for PostgreSQL
+Group: Applications/Databases
 Requires: %{name}%{?_isa} = %precise_version
 # Just for more intuitive documentation installation
 Provides: %{name}-doc = %precise_version
@ -226,6 +226,7 @@ and source files for the PostgreSQL tutorial.

 %package contrib
 Summary: Extension modules distributed with PostgreSQL
+Group: Applications/Databases
 Requires: %{name}%{?_isa} = %precise_version

 %description contrib
@ -235,21 +236,19 @@ included in the PostgreSQL distribution.

 %package server-devel
 Summary: PostgreSQL development header files and libraries
-%if %icu
-Requires:	libicu-devel
-%endif
-%if %kerberos
-Requires:	krb5-devel
-%endif
+Group: Development/Libraries

 %description server-devel
-The postgresql-server-devel package contains the header files and configuration
-needed to compile PostgreSQL server extension.
+The postgresql-server-devel package contains the header files and libraries
+needed to compile C or C++ applications which will directly interact
+with a PostgreSQL database management server.  It also contains the ecpg
+Embedded C Postgres preprocessor. You need to install this package if you want
+to develop applications which will interact with a PostgreSQL server.
+

 %package test-rpm-macros
 Summary: Convenience RPM macros for build-time testing against PostgreSQL server
 Requires: %{name}-server = %precise_version
-BuildArch: noarch

 %description test-rpm-macros
 This package is meant to be added as BuildRequires: dependency of other packages
@ -268,8 +267,9 @@ counterparts.
 %if %upgrade
 %package upgrade
 Summary: Support for upgrading from the previous major release of PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version
-Provides: bundled(postgresql-server) = %prevversion
+Provides: bundled(postgresql-libs) = %prevversion

 %description upgrade
 The postgresql-upgrade package contains the pg_upgrade utility and supporting
@ -279,6 +279,7 @@ version of PostgreSQL.

 %package upgrade-devel
 Summary: Support for build of extensions required for upgrade process
+Group: Development/Libraries
 Requires: %{name}-upgrade%{?_isa} = %precise_version

 %description upgrade-devel
@ -291,6 +292,7 @@ process.
 %if %plperl
 %package plperl
 Summary: The Perl procedural language for PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 %if %runselftest
@ -307,6 +309,7 @@ Install this if you want to write database functions in Perl.
 %if %plpython
 %package plpython
 Summary: The Python2 procedural language for PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version
 Provides: %{name}-plpython2 = %precise_version

@ -320,6 +323,7 @@ Install this if you want to write database functions in Python 2.
 %if %plpython3
 %package plpython3
 Summary: The Python3 procedural language for PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version

 %description plpython3
@ -332,6 +336,7 @@ Install this if you want to write database functions in Python 3.
 %if %pltcl
 %package pltcl
 Summary: The Tcl procedural language for PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version

 %description pltcl
@ -344,6 +349,7 @@ Install this if you want to write database functions in Tcl.
 %if %test
 %package test
 Summary: The test suite distributed with PostgreSQL
+Group: Applications/Databases
 Requires: %{name}-server%{?_isa} = %precise_version
 Requires: %{name}-server-devel%{?_isa} = %precise_version

@ -355,14 +361,8 @@ benchmarks.


 %prep
-(
-  cd "$(dirname "%{SOURCE0}")"
-  sha256sum -c %{SOURCE16}
-%if %upgrade
-  sha256sum -c %{SOURCE17}
-%endif
-)
-%setup -q -a 12 -n postgresql-%{version}
+( cd %_sourcedir; sha256sum -c %{SOURCE16}; sha256sum -c %{SOURCE17} )
+%setup -q -a 12
 %patch1 -p1
 %patch2 -p1
 %patch5 -p1
@ -370,6 +370,9 @@ benchmarks.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1

 # We used to run autoconf here, but there's no longer any real need to,
 # since Postgres ships with a reasonably modern configure script.
@ -470,9 +473,6 @@ common_configure_options='
 	--with-system-tzdata=%_datadir/zoneinfo
 	--datadir=%_datadir/pgsql
 	--with-systemd
-%if %icu
-	--with-icu
-%endif
 '

 %if %plpython3
@ -484,21 +484,9 @@ export PYTHON=/usr/bin/python3
 	--with-python

 # Fortunately we don't need to build much except plpython itself.
-%global python_subdirs       \\\
-	src/pl/plpython          \\\
-	contrib/hstore_plpython  \\\
-	contrib/jsonb_plpython   \\\
-	contrib/ltree_plpython
-
-for dir in %python_subdirs; do
-	%make_build -C "$dir" all
-done
-
+make %{?_smp_mflags} -C src/pl/plpython all
 # save built form in a directory that "make distclean" won't touch
-for dir in %python_subdirs; do
-	rm -rf "${dir}3" # shouldn't exist, unless --short-circuit
-	cp -a "$dir" "${dir}3"
-done
+cp -a src/pl/plpython src/pl/plpython3

 # must also save this version of Makefile.global for later
 cp src/Makefile.global src/Makefile.global.python3
@ -517,7 +505,7 @@ PYTHON=/usr/bin/python2

 unset PYTHON

-%make_build world
+make %{?_smp_mflags} world

 # Have to hack makefile to put correct path into tutorial scripts
 sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile
@ -557,25 +545,17 @@ test_failure=0
 	mv src/Makefile.global src/Makefile.global.save
 	cp src/Makefile.global.python3 src/Makefile.global
 	touch -r src/Makefile.global.save src/Makefile.global
+	# because "make check" does "make install" on the whole tree,
+	# we must temporarily install plpython3 as src/pl/plpython,
+	# since that is the subdirectory src/pl/Makefile knows about
+	mv src/pl/plpython src/pl/plpython2
+	mv src/pl/plpython3 src/pl/plpython

-	for dir in %python_subdirs; do
-		# because "make check" does "make install" on the whole tree,
-		# we must temporarily install *plpython3 dir as *plpython,
-		# since that is the subdirectory src/pl/Makefile knows about
-		mv "$dir" "${dir}2"
-		mv "${dir}3" "$dir"
-	done
-
-	for dir in %python_subdirs; do
-		run_testsuite "$dir"
-	done
-
-	for dir in %python_subdirs; do
-		# and clean up our mess
-		mv "$dir" "${dir}3"
-		mv "${dir}2" "${dir}"
-	done
+	run_testsuite "src/pl/plpython"

+	# and clean up our mess
+	mv src/pl/plpython src/pl/plpython3
+	mv src/pl/plpython2 src/pl/plpython
 	mv -f src/Makefile.global.save src/Makefile.global
 %endif
 	run_testsuite "contrib"
@ -618,9 +598,6 @@ upgrade_configure ()
 		--enable-debug \
 		--enable-cassert \
 %endif
-%if %icu
-		--with-icu \
-%endif
 %if %plperl
 		--with-perl \
 %endif
@ -638,14 +615,11 @@ upgrade_configure ()
 %if %plpython3
 	export PYTHON=/usr/bin/python3
 	upgrade_configure --with-python
-	for dir in %python_subdirs; do
-		# Previous version doesn't necessarily have this.
-		test -d "$dir" || continue
-		%make_build -C "$dir" all
-
-		# save aside the only one file which we are interested here
-		cp "$dir"/*plpython3.so ./
-	done
+	# upstream fixed this later 7107d58ec5a3c45967e77525809612a5f89b97f3
+	make %{?_smp_mflags} -C src/backend submake-errcodes
+	make %{?_smp_mflags} -C src/pl/plpython all
+	# save aside the only one file which we are interested here
+	cp src/pl/plpython/plpython3.so ./
 	unset PYTHON
 	make distclean
 %endif
@ -693,9 +667,9 @@ rm -r $RPM_BUILD_ROOT/%_includedir/pgsql/internal/
 	mv src/Makefile.global src/Makefile.global.save
 	cp src/Makefile.global.python3 src/Makefile.global
 	touch -r src/Makefile.global.save src/Makefile.global
-	for dir in %python_subdirs; do
-		%make_install -C "${dir}3"
-	done
+	pushd src/pl/plpython3
+	make DESTDIR=$RPM_BUILD_ROOT install
+	popd
 	mv -f src/Makefile.global.save src/Makefile.global
 %endif

@ -742,10 +716,8 @@ rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
 	make DESTDIR=$RPM_BUILD_ROOT install
 	make -C contrib DESTDIR=$RPM_BUILD_ROOT install
 %if %plpython3
-	for file in *plpython3.so; do
-		install -m 755 "$file" \
-			$RPM_BUILD_ROOT/%_libdir/pgsql/postgresql-%prevmajorversion/lib
-	done
+	install -m 755 plpython3.so \
+		$RPM_BUILD_ROOT/%_libdir/pgsql/postgresql-%prevmajorversion/lib
 %endif
 	popd

@ -753,8 +725,10 @@ rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
 	pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/postgresql-%{prevmajorversion}
 	rm bin/clusterdb
 	rm bin/createdb
+	rm bin/createlang
 	rm bin/createuser
 	rm bin/dropdb
+	rm bin/droplang
 	rm bin/dropuser
 	rm bin/ecpg
 	rm bin/initdb
@ -762,7 +736,6 @@ rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
 	rm bin/pg_dump
 	rm bin/pg_dumpall
 	rm bin/pg_restore
-	rm bin/pgbench
 	rm bin/psql
 	rm bin/reindexdb
 	rm bin/vacuumdb
@ -824,23 +797,30 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plperl.so
 rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plpython2.so
 %endif

+# initialize file lists
+cp /dev/null main.lst
+cp /dev/null server.lst
+cp /dev/null contrib.lst
+cp /dev/null plperl.lst
+cp /dev/null pltcl.lst
+cp /dev/null plpython.lst
+cp /dev/null plpython3.lst
+
 %if %nls
 find_lang_bins ()
 {
 	lstfile=$1 ; shift
-	cp /dev/null "$lstfile"
 	for binary; do
 		%find_lang "$binary"-%{majorversion}
-		cat "$binary"-%{majorversion}.lang >>"$lstfile"
+		cat "$binary"-%{majorversion}.lang >>$lstfile
 	done
 }
 find_lang_bins devel.lst pg_server_config
 find_lang_bins server.lst \
-	initdb pg_basebackup pg_controldata pg_ctl pg_resetwal pg_rewind plpgsql \
-	postgres pg_checksums
+	initdb pg_basebackup pg_controldata pg_ctl pg_resetwal pg_rewind plpgsql postgres
 find_lang_bins contrib.lst \
 	pg_archivecleanup pg_test_fsync pg_test_timing pg_waldump
-find_lang_bins main.lst \
+find_lang_bins  main.lst \
 	pg_dump pg_upgrade pgscripts psql
 %if %plperl
 find_lang_bins plperl.lst plperl
@ -879,10 +859,14 @@ find_lang_bins pltcl.lst pltcl
 make -C postgresql-setup-%{setup_version} check
 %endif

+
+%clean
+
+
 # FILES sections.
 %files -f main.lst
 %doc doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO
-%doc COPYRIGHT README HISTORY
+%doc COPYRIGHT README HISTORY doc/bug.template
 %doc README.rpm-dist
 %{_bindir}/clusterdb
 %{_bindir}/createdb
@ -929,14 +913,13 @@ make -C postgresql-setup-%{setup_version} check
 %{_bindir}/pg_waldump
 %{_bindir}/pgbench
 %{_bindir}/vacuumlo
-%dir %{_datadir}/pgsql/contrib
-%dir %{_datadir}/pgsql/extension
 %{_datadir}/pgsql/extension/adminpack*
 %{_datadir}/pgsql/extension/amcheck*
 %{_datadir}/pgsql/extension/autoinc*
 %{_datadir}/pgsql/extension/bloom*
 %{_datadir}/pgsql/extension/btree_gin*
 %{_datadir}/pgsql/extension/btree_gist*
+%{_datadir}/pgsql/extension/chkpass*
 %{_datadir}/pgsql/extension/citext*
 %{_datadir}/pgsql/extension/cube*
 %{_datadir}/pgsql/extension/dblink*
@ -950,18 +933,6 @@ make -C postgresql-setup-%{setup_version} check
 %{_datadir}/pgsql/extension/intagg*
 %{_datadir}/pgsql/extension/intarray*
 %{_datadir}/pgsql/extension/isn*
-%if %{plperl}
-%{_datadir}/pgsql/extension/jsonb_plperl*
-%endif
-%if %{plpython}
-%{_datadir}/pgsql/extension/jsonb_plpythonu*
-%{_datadir}/pgsql/extension/jsonb_plpython2u*
-%endif
-%if %{plpython3}
-%{_datadir}/pgsql/extension/jsonb_plpythonu*
-%{_datadir}/pgsql/extension/jsonb_plpython2u*
-%{_datadir}/pgsql/extension/jsonb_plpython3u*
-%endif
 %{_datadir}/pgsql/extension/lo*
 %{_datadir}/pgsql/extension/ltree*
 %{_datadir}/pgsql/extension/moddatetime*
@ -980,6 +951,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_datadir}/pgsql/extension/seg*
 %{_datadir}/pgsql/extension/tablefunc*
 %{_datadir}/pgsql/extension/tcn*
+%{_datadir}/pgsql/extension/timetravel*
 %{_datadir}/pgsql/extension/tsm_system_rows*
 %{_datadir}/pgsql/extension/tsm_system_time*
 %{_datadir}/pgsql/extension/unaccent*
@ -992,6 +964,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_libdir}/pgsql/bloom.so
 %{_libdir}/pgsql/btree_gin.so
 %{_libdir}/pgsql/btree_gist.so
+%{_libdir}/pgsql/chkpass.so
 %{_libdir}/pgsql/citext.so
 %{_libdir}/pgsql/cube.so
 %{_libdir}/pgsql/dblink.so
@ -1007,28 +980,13 @@ make -C postgresql-setup-%{setup_version} check
 %if %plpython
 %{_libdir}/pgsql/hstore_plpython2.so
 %endif
-%if %plpython3
-%{_libdir}/pgsql/hstore_plpython3.so
-%endif
 %{_libdir}/pgsql/insert_username.so
 %{_libdir}/pgsql/isn.so
-%if %plperl
-%{_libdir}/pgsql/jsonb_plperl.so
-%endif
-%if %plpython
-%{_libdir}/pgsql/jsonb_plpython2.so
-%endif
-%if %plpython3
-%{_libdir}/pgsql/jsonb_plpython3.so
-%endif
 %{_libdir}/pgsql/lo.so
 %{_libdir}/pgsql/ltree.so
 %if %plpython
 %{_libdir}/pgsql/ltree_plpython2.so
 %endif
-%if %plpython3
-%{_libdir}/pgsql/ltree_plpython3.so
-%endif
 %{_libdir}/pgsql/moddatetime.so
 %{_libdir}/pgsql/pageinspect.so
 %{_libdir}/pgsql/passwordcheck.so
@ -1046,6 +1004,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_libdir}/pgsql/tablefunc.so
 %{_libdir}/pgsql/tcn.so
 %{_libdir}/pgsql/test_decoding.so
+%{_libdir}/pgsql/timetravel.so
 %{_libdir}/pgsql/tsm_system_rows.so
 %{_libdir}/pgsql/tsm_system_time.so
 %{_libdir}/pgsql/unaccent.so
@ -1085,7 +1044,6 @@ make -C postgresql-setup-%{setup_version} check
 %{_bindir}/pg_recvlogical
 %{_bindir}/pg_resetwal
 %{_bindir}/pg_rewind
-%{_bindir}/pg_checksums
 %{_bindir}/postgres
 %{_bindir}/postgresql-setup
 %{_bindir}/postgresql-upgrade
@ -1093,6 +1051,7 @@ make -C postgresql-setup-%{setup_version} check
 %dir %{_datadir}/pgsql
 %{_datadir}/pgsql/*.sample
 %dir %{_datadir}/pgsql/contrib
+%{_datadir}/pgsql/conversion_create.sql
 %dir %{_datadir}/pgsql/extension
 %{_datadir}/pgsql/extension/plpgsql*
 %{_datadir}/pgsql/information_schema.sql
@ -1106,7 +1065,6 @@ make -C postgresql-setup-%{setup_version} check
 %{_datadir}/pgsql/tsearch_data/
 %dir %{_datadir}/postgresql-setup
 %{_datadir}/postgresql-setup/library.sh
-%dir %{_libdir}/pgsql
 %{_libdir}/pgsql/*_and_*.so
 %{_libdir}/pgsql/dict_snowball.so
 %{_libdir}/pgsql/euc2004_sjis2004.so
@ -1127,12 +1085,11 @@ make -C postgresql-setup-%{setup_version} check
 %{_mandir}/man1/pg_receivewal.*
 %{_mandir}/man1/pg_resetwal.*
 %{_mandir}/man1/pg_rewind.*
-%{_mandir}/man1/pg_checksums.*
 %{_mandir}/man1/postgres.*
 %{_mandir}/man1/postgresql-new-systemd-unit.*
 %{_mandir}/man1/postgresql-setup.*
-%{_mandir}/man1/postgresql-upgrade.*
 %{_mandir}/man1/postmaster.*
+%{_mandir}/man1/postgresql-upgrade.*
 %{_sbindir}/postgresql-new-systemd-unit
 %{_tmpfilesdir}/postgresql.conf
 %{_unitdir}/*postgresql*.service
@ -1148,10 +1105,9 @@ make -C postgresql-setup-%{setup_version} check

 %files server-devel -f devel.lst
 %{_bindir}/pg_server_config
-%dir %{_datadir}/pgsql
-%{_datadir}/pgsql/errcodes.txt
 %dir %{_includedir}/pgsql
-%{_includedir}/pgsql/server
+%dir %{_includedir}/pgsql/server
+%{_includedir}/pgsql/server/*
 %{_libdir}/pgsql/pgxs/
 %{_mandir}/man1/pg_server_config.*
 %{_mandir}/man3/SPI_*
@ -1166,8 +1122,6 @@ make -C postgresql-setup-%{setup_version} check
 %files static
 %{_libdir}/libpgcommon.a
 %{_libdir}/libpgport.a
-%{_libdir}/libpgcommon_shlib.a
-%{_libdir}/libpgport_shlib.a


 %if %upgrade
@ -1176,14 +1130,12 @@ make -C postgresql-setup-%{setup_version} check
 %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config
 %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib
 %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pgxs
-%exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig
 %{_libdir}/pgsql/postgresql-%{prevmajorversion}/share


 %files upgrade-devel
 %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config
 %{_libdir}/pgsql/postgresql-%{prevmajorversion}/include
-%{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig
 %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pgxs
 %{macrosdir}/macros.%name-upgrade
 %endif
@ -1225,218 +1177,114 @@ make -C postgresql-setup-%{setup_version} check


 %changelog
-* Fri Sep 30 2022 Filip Januš <fjanus@redhat.com> - 12.12-1
- Resolves: #2131177
- Update to version 12.12
+* Mon Dec 18 2023 Lubos Kloucek <lubos.kloucek@oracle.com> - 10.23-3
+- Resolves: CVE-2023-5869

-* Thu May 19 2022 Filip Januš <fjanus@redhat.com> - 12.11-2
+* Tue Aug 08 2023 David Sloboda <david.x.sloboda@oracle.com> - 10.23-2.0.1
+- Fixed postgresql port binding issue during bootup [Orabug: 35103668]
+
+* Wed Jul 19 2023 Dominik Rehák <drehak@redhat.com> - 10.23-2
+- Backport fixes for CVE-2023-2454 and CVE-2023-2455
+- Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)
+- Resolves: #2207931
+
+* Wed Nov 16 2022 Filip Januš <fjanus@redhat.com> - 10.23-1
+- Resolves: CVE-2022-2625
+- Rebase to 10.23
+
+* Mon May 16 2022 Filip Januš <fjanus@redhat.com> - 10.21-1
 - Resolves: CVE-2022-1552
- Release bump due to wrongly reported CVE of libpq
-  Build after reverted changes in libpq package
+- Update to 10.21
+- Release notes: https://www.postgresql.org/docs/release/10.21/

-* Mon May 16 2022 Filip Januš <fjanus@redhat.com> - 12.11-1
- Resolves: CVE-2022-1552
- Update to 12.11
- Release notes: https://www.postgresql.org/docs/release/12.11/
+* Mon Dec 13 2021 Filip Januš <fjanus@redhat.com> - 10.19-2
+- Add missing files into file section of server package
+  postgresql-setup v8.6 newly provides postgresql-upgrade

-* Tue Nov 30 2021 Filip Januš <fjanus@redhat.com> - 12.9-3
- Add missing files from postgresql-setup v8.6
- Realted: #1935301
+* Mon Dec 06 2021 Filip Januš <fjanus@redhat.com> - 10.19-1
+- Update to 10.19
+- Resolves: CVE-2021-23214

-* Mon Nov 29 2021 Marek Kulik <mkulik@redhat.com> - 12.9-2
- Update postgresql-setup to 8.6 (#1935301)
+* Mon Nov 29 2021 Marek Kulik <mkulik@redhat.com> - 10.17-4
+- Update postgresql-setup to 8.6 (#2024568)

-* Mon Nov 15 2021 Filip Januš <fjanus@redhat.com> - 12.9-1
- Update to 12.9
- Resolves: #2007213
+* Wed Nov 03 2021 Filip Januš <fjanus@redhat.com> - 10.17-3
+- Fix tmp files deprecated path
+- Resolves: #1992263

-* Fri Nov 05 2021 Filip Januš <fjanus@redhat.com> - 12.7-3
- Using correct path to tmpfiles
- Resolves: #2016991
-
-* Wed Jul 14 2021 Filip Januš <fjanus@redhat.com> - 12.7-2
+* Wed Jul 14 2021 Filip Januš <fjanus@redhat.com> - 10.17-2
 - Enable ssl for upgrade server
-  Resolves: #1981518
+  Resolves: #1982701

-* Tue Jun 1 2021 Filip Januš <fjanus@redhat.com> 12.7-1
- Update to 12.7
-  Resolves: #1964511
-  Fix: CVE-2021-32027,CVE-2021-32028
+* Tue Jun 1 2021 Filip Januš <fjanus@redhat.com> - 10.17-1
+- Update to 10.17
+  Resolves: #1964521
+  Fix: CVE-2021-32027, CVE-2021-32028

-* Tue Nov 17 2020 Patrik Novotný <panovotn@redhat.com> - 12.5-1
- Rebase to upstream release 12.5
-  Resolves: rhbz#1898330
-  Resolves: rhbz#1898224
-  Resolves: rhbz#1898244
+* Wed Nov 18 2020 Patrik Novotný <panovotn@redhat.com> - 10.15-1
+- Rebase to upstream release 10.15
+  Resolves: rhbz#1898214
+  Resolves: rhbz#1898342
+  Resolves: rhbz#1898248

-* Tue Nov 26 2019 Patrik Novotný <panovotn@redhat.com> - 12.1-3
- Release bump for 8.2.0 BZ#1776805
+* Tue Aug 11 2020 Patrik Novotný <panovotn@redhat.com> - 10.14-1
+- Rebase to upstream release 10.14
+  Fixes RHBZ#1727803
+  Fixes RHBZ#1741489
+  Fixes RHBZ#1709196

-* Tue Nov 19 2019 Patrik Novotný <panovotn@redhat.com> - 12.1-2
- Release bump for rebuild against libpq-12.1-3
+* Tue May 12 2020 Patrik Novotný <panovotn@redhat.com> - 10.13-1
+- Rebase to upstream release 10.13
+  Fixes RHBZ#1727803
+  Fixes RHBZ#1741489
+  Fixes RHBZ#1709196

-* Tue Nov 12 2019 Patrik Novotný <panovotn@redhat.com> - 12.1-1
- Rebase to upstream release 12.1
+* Thu Nov 15 2018 Pavel Raiskup <praiskup@redhat.com> - 10.6-1
+- update to 10.6 per release notes:
+  https://www.postgresql.org/docs/10/release-10-6.html

-* Thu Oct 03 2019 Patrik Novotný <panovotn@redhat.com> - 12.0-1
- Rebase to upstream release 12.0
-
-* Thu Sep 12 2019 Patrik Novotný <panovotn@redhat.com> - 12.0-0.3
- Rebase to upstream beta release 12beta4
- postgresql-server-devel requires krb5-devel
-
-* Thu Aug 08 2019 Petr Kubat <pkubat@redhat.com> - 12.0-0.2
- Rebase to upstream beta release 12beta3
-
-* Wed Jul 03 2019 Patrik Novotný <panovotn@redhat.com> - 12.0-0.1
- Rebase to upstream beta release 12beta2
-
-* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 11.3-2
- Perl 5.30 rebuild
-
-* Thu May 09 2019 Patrik Novotný <panovotn@redhat.com> - 11.3-1
- Rebase to upstream release 11.3
-  https://www.postgresql.org/docs/11/release-11-3.html
-
-* Tue Mar 05 2019 Pavel Raiskup <praiskup@redhat.com> - 11.2-3
- update postgresql-setup to 8.4 (related to rhbz#1668301)
-
-* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 11.2-2
- Rebuild for readline 8.0
-
-* Thu Feb 14 2019 Patrik Novotný <panovotn@redhat.com> - 11.2-1
- Rebase to upstream release 11.2
-
-* Thu Feb 14 2019 Pavel Raiskup <praiskup@redhat.com> - 11.1-5
- protect against building server against older libpq library
-
-* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Jan 22 2019 Pavel Raiskup <praiskup@redhat.com> - 11.1-3
- build with ICU support, to provide more opt-in collations
-
-* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 11.1-2
- Rebuilt for libcrypt.so.2 (#1666033)
-
-* Wed Nov 07 2018 Patrik Novotný <panovotn@redhat.com> - 11.1-1
- Rebase to upstream release 11.1
-  https://www.postgresql.org/docs/11/release-11-1.html
-
-* Fri Oct 26 2018 Pavel Raiskup <praiskup@redhat.com> - 11.0-2
- build also contrib *plpython3 modules
-
-* Tue Oct 16 2018 Pavel Raiskup <praiskup@redhat.com> - 11.0-1
- new upstream release, per release notes:
-  https://www.postgresql.org/docs/11/static/release-11.html
-
-* Wed Sep 05 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-4
- build without postgresql-libs; libraries moved to libpq and libecpg
-
-* Mon Aug 27 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-3
- devel subpackage provides postgresql-server-devel and libecpg-devel
-  (first step for rhbz#1618698)
-
-* Mon Aug 27 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-2
- packaging cleanup
- devel subpackage to provide libpq-devel (first step for rhbz#1618698)
-
-* Wed Aug 08 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-1
+* Fri Aug 10 2018 Pavel Raiskup <praiskup@redhat.com> - 10.5-1
 - update to 10.5 per release notes:
  https://www.postgresql.org/docs/10/static/release-10-5.html

-* Thu Aug 02 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-8
+* Thu Aug 02 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-4
 - new postgresql-setup, the %%postgresql_tests* macros now start
  the build-time server on random port number

-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 10.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Wed Aug 01 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-3
+- gcc is fixed (rhbz#1600395), dropping the workaround patch

-* Thu Jul 12 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-6
- drop ppc64 patch, gcc is already fixed (rhbz#1544349)
- move pg_config*.mo files into devel subpackage
+* Thu Jul 12 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-2
+- fix pg_config-*.mo collision with libpq-devel

-* Mon Jul 09 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-5
- re-enable -O3 for 64bit PPC boxes
- explicitly set PYTHON=python2, /bin/python doesn't exist fc29+
-
-* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 10.4-4
- Perl 5.28 rebuild
-
-* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 10.4-3
- Perl 5.28 rebuild
-
-* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 10.4-2
- Rebuilt for Python 3.7
-
-* Wed May 09 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-1
- update to 10.4 per release notes:
-  https://www.postgresql.org/docs/10/static/release-10-4.html
+* Thu Jul 12 2018 Pavel Raiskup <praiskup@redhat.com> - 10.4-1
+- sync with fedora rawhide

 * Thu Apr 26 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-5
 - pltcl: drop tcl-pltcl dependency (rhbz#1571181)

 * Thu Apr 19 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-4
- upgrade: package plpython*.so modules
+- fix upgrade subpackage (sync with F28+)

-* Mon Apr 16 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-3
- upgrade: package plperl.so and pltcl.so
- upgrade: package contrib modules
- upgrade: drop dynamic libraries
+* Wed Apr 18 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-3
+- missing *-devel => *-server-devel* changes (rhbz#1569041)

 * Fri Apr 13 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-2
- define %%precise_version helper macro
- drop explicit libpq.so provide from *-libs
- update postgresql-setup tarball
- add postgresql-test-rpm-macros package
+- don't build *-libs subpackage
+- don't collide with libpq{,-devel}
+- sync with fedora rawhide

 * Thu Mar 01 2018 Pavel Raiskup <praiskup@redhat.com> - 10.3-1
 - update to 10.3 per release notes:
  https://www.postgresql.org/docs/10/static/release-10-3.html

-* Thu Feb 08 2018 Petr Kubat <pkubat@redhat.com> - 10.2-1
- update to 10.2 per release notes:
-  https://www.postgresql.org/docs/10/static/release-10-2.html
+* Tue Dec 19 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-2
+- build plpython3 subpackage

-* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 10.1-5
- Rebuilt for switch to libxcrypt
-
-* Tue Dec 19 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-4
- configure with --with-systemd (rhbz#1414314)
- disable startup timeout of PostgreSQL service (rhbz#1525477)
-
-* Wed Dec 13 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-3
- unify %%configure options for python2/python3 configure
- drop --with-krb5 option, not supported since PostgreSQL 9.4
- python packaging - requires/provides s/python/python2/
-
-* Tue Nov 14 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-2
- postgresql-setup v7.0
-
-* Wed Nov 08 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-1
- update to 10.1 per release notes:
-  https://www.postgresql.org/docs/10/static/release-10-1.html
-
-* Mon Nov 06 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-4
- rebase to new postgresql-setup 6.0 version, to fix CVE-2017-15097
-
-* Thu Oct 12 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-3
- confess that we bundle setup scripts and previous version of ourseleves
- provide %%postgresql_upgrade_prefix macro
-
-* Mon Oct 09 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-2
- stricter separation of files in upgrade/upgrade-devel
-
-* Mon Oct 09 2017 Jozef Mlich <jmlich@redhat.com> - 10.0-2
- support for upgrade with extenstions
-  i.e the postgresql-upgrade-devel subpackage was added (rhbz#1475177)
-
-* Fri Oct 06 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-1
- update to 10.0 per release notes:
-  https://www.postgresql.org/docs/10/static/release-10.html
-
-* Tue Sep 05 2017 Pavel Raiskup <praiskup@redhat.com> - 9.6.5-2
- move %%_libdir/pgsql into *-libs subpackage
+* Tue Dec 19 2017 Pavel Raiskup <praiskup@redhat.com> - 10.1-1
+- sync with Fedora 28 state
+- fix prevmajorversion to 9.2 (RHEL7 version)
+- reset Release to 1, for RHEL8 purposes

 * Tue Aug 29 2017 Pavel Raiskup <praiskup@redhat.com> - 9.6.5-1
 - update to 9.6.5 per release notes:
@ -1672,8 +1520,8 @@ make -C postgresql-setup-%{setup_version} check
  http://www.postgresql.org/docs/9.3/static/release-9-3-4.html

 * Thu Mar 13 2014 Jozef Mlich <jmlich@redhat.com> - 9.3.3-2
- Fix WAL replay of locking an updated tuple
-  kudos to Alvaro Herrera
+- Fix WAL replay of locking an updated tuple 
+  kudos to Alvaro Herrera 

 * Thu Feb 20 2014 Jozef Mlich <jmlich@redhat.com> - 9.3.3-1
 - update to 9.3.3 minor version per release notes:
@ -2463,5 +2311,5 @@ Resolves: #161470
 - Default to compiling libpq and ECPG as fully thread-safe

 - 7.4 Origin.  See previous spec files for previous history. Adapted
- from Red Hat and PGDG's 7.3.4 RPM, directly descended from
+- from Red Hat and PGDG's 7.3.4 RPM, directly descended from 
 - postgresql-7.3.4-2 as shipped in Fedora Core 1.
				`@ -1 +0,0 @@`
				`d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1 postgresql-10.21.tar.bz2`
				`@ -0,0 +1 @@`
				`94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 postgresql-10.23.tar.bz2`
				`@ -1 +0,0 @@`
				`34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c postgresql-12.12.tar.bz2`
				`@ -0,0 +1 @@`
				`a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 postgresql-9.2.24.tar.bz2`