From 4191abe795f011b0add6ebcf67a79db4df60abbe Mon Sep 17 00:00:00 2001 From: Filip Janus Date: Mon, 19 Aug 2024 14:09:46 +0200 Subject: [PATCH] Add related changes to update to 16.4 3 patches were accepted by upstream, so downstream ones were removed Related: RHEL-53916 --- postgresql-libxml2.patch | 37 ---------- postgresql-openssl32.patch | 142 ------------------------------------- postgresql15-libxml2.patch | 37 ---------- postgresql16.spec | 7 +- 4 files changed, 1 insertion(+), 222 deletions(-) delete mode 100644 postgresql-libxml2.patch delete mode 100644 postgresql-openssl32.patch delete mode 100644 postgresql15-libxml2.patch diff --git a/postgresql-libxml2.patch b/postgresql-libxml2.patch deleted file mode 100644 index 98a53f4..0000000 --- a/postgresql-libxml2.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fixes for GCC 14 and libxml2 2.12.0 "error: Make more xmlError structs constant" - -xml.c: In function ‘pg_xml_init’: -xml.c:1177:52: error: passing argument 2 of ‘xmlSetStructuredErrorFunc’ from incompatible pointer type [-Wincompatible-pointer-types] - 1177 | xmlSetStructuredErrorFunc((void *) errcxt, xml_errorHandler); - | ^~~~~~~~~~~~~~~~ - | | - | void (*)(void *, xmlError *) {aka void (*)(void *, struct _xmlError *)} -In file included from /usr/include/libxml2/libxml/valid.h:15, - from /usr/include/libxml2/libxml/parser.h:19, - from xml.c:50: -/usr/include/libxml2/libxml/xmlerror.h:898:57: note: expected ‘xmlStructuredErrorFunc’ {aka ‘void (*)(void *, const struct _xmlError *)’} but argument is of type ‘void (*)(void *, xmlError *)’ {aka ‘void (*)(void *, struct _xmlError *)’} - 898 | xmlStructuredErrorFunc handler); - | ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~ - -diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c -index d3db75eb87..619f908c6d 100644 ---- a/src/backend/utils/adt/xml.c -+++ b/src/backend/utils/adt/xml.c -@@ -124,7 +124,7 @@ static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID, - xmlParserCtxtPtr ctxt); - static void xml_errsave(Node *escontext, PgXmlErrorContext *errcxt, - int sqlcode, const char *msg); --static void xml_errorHandler(void *data, xmlErrorPtr error); -+static void xml_errorHandler(void *data, const xmlError *error); - static int errdetail_for_xml_code(int code); - static void chopStringInfoNewlines(StringInfo str); - static void appendStringInfoLineSeparator(StringInfo str); -@@ -2044,7 +2044,7 @@ xml_errsave(Node *escontext, PgXmlErrorContext *errcxt, - * Error handler for libxml errors and warnings - */ - static void --xml_errorHandler(void *data, xmlErrorPtr error) -+xml_errorHandler(void *data, const xmlError *error) - { - PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data; - xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt; diff --git a/postgresql-openssl32.patch b/postgresql-openssl32.patch deleted file mode 100644 index 683ffc5..0000000 --- a/postgresql-openssl32.patch +++ /dev/null @@ -1,142 +0,0 @@ -Backport of commit b2b1f12882fb561c7d474b834044dd8ed570bfea to 16.1 - -Use BIO_{get,set}_app_data instead of BIO_{get,set}_data. - -We should have done it this way all along, but we accidentally got -away with using the wrong BIO field up until OpenSSL 3.2. There, -the library's BIO routines that we rely on use the "data" field -for their own purposes, and our conflicting use causes assorted -weird behaviors up to and including core dumps when SSL connections -are attempted. Switch to using the approved field for the purpose, -i.e. app_data. - -While at it, remove our configure probes for BIO_get_data as well -as the fallback implementation. BIO_{get,set}_app_data have been -there since long before any OpenSSL version that we still support, -even in the back branches. - -Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor -change in an error message spelling that evidently came in with 3.2. - -Tristan Partin and Bo Andreson. Back-patch to all supported branches. - -Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com ---- - -diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c -index 31b6a6eacdf0..1b8b32c5b39e 100644 ---- a/src/backend/libpq/be-secure-openssl.c -+++ b/src/backend/libpq/be-secure-openssl.c -@@ -842,11 +842,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor) - * to retry; do we need to adopt their logic for that? - */ - --#ifndef HAVE_BIO_GET_DATA --#define BIO_get_data(bio) (bio->ptr) --#define BIO_set_data(bio, data) (bio->ptr = data) --#endif -- - static BIO_METHOD *my_bio_methods = NULL; - - static int -@@ -856,7 +851,7 @@ my_sock_read(BIO *h, char *buf, int size) - - if (buf != NULL) - { -- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size); -+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size); - BIO_clear_retry_flags(h); - if (res <= 0) - { -@@ -876,7 +871,7 @@ my_sock_write(BIO *h, const char *buf, int size) - { - int res = 0; - -- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size); -+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size); - BIO_clear_retry_flags(h); - if (res <= 0) - { -@@ -952,7 +947,7 @@ my_SSL_set_fd(Port *port, int fd) - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); - goto err; - } -- BIO_set_data(bio, port); -+ BIO_set_app_data(bio, port); - - BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(port->ssl, bio, bio); -diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c -index 4aeaf08312ce..e669bdbf1d2d 100644 ---- a/src/interfaces/libpq/fe-secure-openssl.c -+++ b/src/interfaces/libpq/fe-secure-openssl.c -@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name) - * to retry; do we need to adopt their logic for that? - */ - --#ifndef HAVE_BIO_GET_DATA --#define BIO_get_data(bio) (bio->ptr) --#define BIO_set_data(bio, data) (bio->ptr = data) --#endif -- - static BIO_METHOD *my_bio_methods; - - static int -@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size) - { - int res; - -- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size); -+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size); - BIO_clear_retry_flags(h); - if (res < 0) - { -@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size) - { - int res; - -- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size); -+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size); - BIO_clear_retry_flags(h); - if (res < 0) - { -@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd) - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); - goto err; - } -- BIO_set_data(bio, conn); -+ BIO_set_app_data(bio, conn); - - SSL_set_bio(conn->ssl, bio, bio); - BIO_set_fd(bio, fd, BIO_NOCLOSE); -diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl -index a049fd2ff03a..d921f1dde9fa 100644 ---- a/src/test/ssl/t/001_ssltests.pl -+++ b/src/test/ssl/t/001_ssltests.pl -@@ -776,7 +776,7 @@ sub switch_server_cert - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt " - . sslkey('client-revoked.key'), - "certificate authorization fails with revoked client cert", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, -@@ -881,7 +881,7 @@ sub switch_server_cert - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt " - . sslkey('client-revoked.key'), - "certificate authorization fails with revoked client cert with server-side CRL directory", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, -@@ -894,7 +894,7 @@ sub switch_server_cert - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt " - . sslkey('client-revoked-utf8.key'), - "certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, diff --git a/postgresql15-libxml2.patch b/postgresql15-libxml2.patch deleted file mode 100644 index ffc87ef..0000000 --- a/postgresql15-libxml2.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fixes for GCC 14 and libxml2 2.12.0 "error: Make more xmlError structs constant" - -xml.c: In function ‘pg_xml_init’: -xml.c:1177:52: error: passing argument 2 of ‘xmlSetStructuredErrorFunc’ from incompatible pointer type [-Wincompatible-pointer-types] - 1177 | xmlSetStructuredErrorFunc((void *) errcxt, xml_errorHandler); - | ^~~~~~~~~~~~~~~~ - | | - | void (*)(void *, xmlError *) {aka void (*)(void *, struct _xmlError *)} -In file included from /usr/include/libxml2/libxml/valid.h:15, - from /usr/include/libxml2/libxml/parser.h:19, - from xml.c:50: -/usr/include/libxml2/libxml/xmlerror.h:898:57: note: expected ‘xmlStructuredErrorFunc’ {aka ‘void (*)(void *, const struct _xmlError *)’} but argument is of type ‘void (*)(void *, xmlError *)’ {aka ‘void (*)(void *, struct _xmlError *)’} - 898 | xmlStructuredErrorFunc handler); - | ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~ - -diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c -index 6411f56b99..0eb39fcfc2 100644 ---- a/src/backend/utils/adt/xml.c -+++ b/src/backend/utils/adt/xml.c -@@ -119,7 +119,7 @@ struct PgXmlErrorContext - - static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID, - xmlParserCtxtPtr ctxt); --static void xml_errorHandler(void *data, xmlErrorPtr error); -+static void xml_errorHandler(void *data, const xmlError *error); - static void xml_ereport_by_code(int level, int sqlcode, - const char *msg, int errcode); - static void chopStringInfoNewlines(StringInfo str); -@@ -1749,7 +1749,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg) - * Error handler for libxml errors and warnings - */ - static void --xml_errorHandler(void *data, xmlErrorPtr error) -+xml_errorHandler(void *data, const xmlError *error) - { - PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data; - xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt; diff --git a/postgresql16.spec b/postgresql16.spec index a6eda7a..019dd8f 100644 --- a/postgresql16.spec +++ b/postgresql16.spec @@ -95,9 +95,6 @@ Patch9: postgresql-server-pg_config.patch # rhbz#1940964 Patch10: postgresql-datalayout-mismatch-on-s390.patch Patch12: postgresql-no-libecpg.patch -Patch13: postgresql-libxml2.patch -Patch14: postgresql15-libxml2.patch -Patch15: postgresql-openssl32.patch # This macro is used for package names in the files section %if %?postgresql_default @@ -521,8 +518,6 @@ goal of accelerating analytics queries. %endif %patch 9 -p1 %patch 10 -p1 -%patch 13 -p1 -%patch 15 -p1 %if ! %external_libpq @@ -539,7 +534,6 @@ tar xfj %{SOURCE3} find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \; %endif -%patch 14 -p1 -d postgresql-%{prevversion} # apply once SOURCE3 is extracted %endif @@ -1199,6 +1193,7 @@ make -C postgresql-setup-%{setup_version} check %{_datadir}/pgsql/system_constraints.sql %{_datadir}/pgsql/system_functions.sql %{_datadir}/pgsql/system_views.sql +%{_datadir}/pgsql/fix-CVE-2024-4317.sql %{_datadir}/pgsql/timezonesets/ %{_datadir}/pgsql/tsearch_data/ %dir %{_datadir}/postgresql-setup