Add related changes to update to 16.4

3 patches were accepted by upstream, so downstream ones were removed Related: RHEL-53916
2024-08-19 14:09:46 +02:00 · 2024-08-19 14:09:46 +02:00 · 4191abe795
commit 4191abe795
parent ff344be343
4 changed files with 1 additions and 222 deletions
--- a/postgresql-libxml2.patch
+++ b/postgresql-libxml2.patch
@ -1,37 +0,0 @@
-Fixes for GCC 14 and libxml2 2.12.0 "error: Make more xmlError structs constant"
-
-xml.c: In function ‘pg_xml_init’:
-xml.c:1177:52: error: passing argument 2 of ‘xmlSetStructuredErrorFunc’ from incompatible pointer type [-Wincompatible-pointer-types]
- 1177 |         xmlSetStructuredErrorFunc((void *) errcxt, xml_errorHandler);
-      |                                                    ^~~~~~~~~~~~~~~~
-      |                                                    |
-      |                                                    void (*)(void *, xmlError *) {aka void (*)(void *, struct _xmlError *)}
-In file included from /usr/include/libxml2/libxml/valid.h:15,
-                 from /usr/include/libxml2/libxml/parser.h:19,
-                 from xml.c:50:
-/usr/include/libxml2/libxml/xmlerror.h:898:57: note: expected ‘xmlStructuredErrorFunc’ {aka ‘void (*)(void *, const struct _xmlError *)’} but argument is of type ‘void (*)(void *, xmlError *)’ {aka ‘void (*)(void *, struct _xmlError *)’}
-  898 |                                  xmlStructuredErrorFunc handler);
-      |                                  ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
-
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index d3db75eb87..619f908c6d 100644
--- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -124,7 +124,7 @@ static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- 										   xmlParserCtxtPtr ctxt);
- static void xml_errsave(Node *escontext, PgXmlErrorContext *errcxt,
- 						int sqlcode, const char *msg);
-static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, const xmlError *error);
- static int	errdetail_for_xml_code(int code);
- static void chopStringInfoNewlines(StringInfo str);
- static void appendStringInfoLineSeparator(StringInfo str);
-@@ -2044,7 +2044,7 @@ xml_errsave(Node *escontext, PgXmlErrorContext *errcxt,
-  * Error handler for libxml errors and warnings
-  */
- static void
-xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, const xmlError *error)
- {
- 	PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- 	xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
--- a/postgresql-openssl32.patch
+++ b/postgresql-openssl32.patch
@ -1,142 +0,0 @@
-Backport of commit b2b1f12882fb561c7d474b834044dd8ed570bfea to 16.1
-
-Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
-We should have done it this way all along, but we accidentally got
-away with using the wrong BIO field up until OpenSSL 3.2.  There,
-the library's BIO routines that we rely on use the "data" field
-for their own purposes, and our conflicting use causes assorted
-weird behaviors up to and including core dumps when SSL connections
-are attempted.  Switch to using the approved field for the purpose,
-i.e. app_data.
-
-While at it, remove our configure probes for BIO_get_data as well
-as the fallback implementation.  BIO_{get,set}_app_data have been
-there since long before any OpenSSL version that we still support,
-even in the back branches.
-
-Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
-change in an error message spelling that evidently came in with 3.2.
-
-Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
-
-Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
---
-
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index 31b6a6eacdf0..1b8b32c5b39e 100644
--- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -842,11 +842,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
-  * to retry; do we need to adopt their logic for that?
-  */
- 
-#ifndef HAVE_BIO_GET_DATA
-#define BIO_get_data(bio) (bio->ptr)
-#define BIO_set_data(bio, data) (bio->ptr = data)
-#endif
-
- static BIO_METHOD *my_bio_methods = NULL;
- 
- static int
-@@ -856,7 +851,7 @@ my_sock_read(BIO *h, char *buf, int size)
- 
- 	if (buf != NULL)
- 	{
-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- 		BIO_clear_retry_flags(h);
- 		if (res <= 0)
- 		{
-@@ -876,7 +871,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- 	int			res = 0;
- 
-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- 	BIO_clear_retry_flags(h);
- 	if (res <= 0)
- 	{
-@@ -952,7 +947,7 @@ my_SSL_set_fd(Port *port, int fd)
- 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- 		goto err;
- 	}
-	BIO_set_data(bio, port);
-+	BIO_set_app_data(bio, port);
- 
- 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
- 	SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 4aeaf08312ce..e669bdbf1d2d 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
-  * to retry; do we need to adopt their logic for that?
-  */
- 
-#ifndef HAVE_BIO_GET_DATA
-#define BIO_get_data(bio) (bio->ptr)
-#define BIO_set_data(bio, data) (bio->ptr = data)
-#endif
-
- static BIO_METHOD *my_bio_methods;
- 
- static int
-@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- 	int			res;
- 
-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- 	BIO_clear_retry_flags(h);
- 	if (res < 0)
- 	{
-@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- 	int			res;
- 
-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- 	BIO_clear_retry_flags(h);
- 	if (res < 0)
- 	{
-@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- 		goto err;
- 	}
-	BIO_set_data(bio, conn);
-+	BIO_set_app_data(bio, conn);
- 
- 	SSL_set_bio(conn->ssl, bio, bio);
- 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
-index a049fd2ff03a..d921f1dde9fa 100644
--- a/src/test/ssl/t/001_ssltests.pl
-+++ b/src/test/ssl/t/001_ssltests.pl
-@@ -776,7 +776,7 @@ sub switch_server_cert
- 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- 	  . sslkey('client-revoked.key'),
- 	"certificate authorization fails with revoked client cert",
-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- 	# temporarily(?) skip this check due to timing issue
- 	#	log_like => [
- 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -881,7 +881,7 @@ sub switch_server_cert
- 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- 	  . sslkey('client-revoked.key'),
- 	"certificate authorization fails with revoked client cert with server-side CRL directory",
-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- 	# temporarily(?) skip this check due to timing issue
- 	#	log_like => [
- 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -894,7 +894,7 @@ sub switch_server_cert
- 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
- 	  . sslkey('client-revoked-utf8.key'),
- 	"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- 	# temporarily(?) skip this check due to timing issue
- 	#	log_like => [
- 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
--- a/postgresql15-libxml2.patch
+++ b/postgresql15-libxml2.patch
@ -1,37 +0,0 @@
-Fixes for GCC 14 and libxml2 2.12.0 "error: Make more xmlError structs constant"
-
-xml.c: In function ‘pg_xml_init’:
-xml.c:1177:52: error: passing argument 2 of ‘xmlSetStructuredErrorFunc’ from incompatible pointer type [-Wincompatible-pointer-types]
- 1177 |         xmlSetStructuredErrorFunc((void *) errcxt, xml_errorHandler);
-      |                                                    ^~~~~~~~~~~~~~~~
-      |                                                    |
-      |                                                    void (*)(void *, xmlError *) {aka void (*)(void *, struct _xmlError *)}
-In file included from /usr/include/libxml2/libxml/valid.h:15,
-                 from /usr/include/libxml2/libxml/parser.h:19,
-                 from xml.c:50:
-/usr/include/libxml2/libxml/xmlerror.h:898:57: note: expected ‘xmlStructuredErrorFunc’ {aka ‘void (*)(void *, const struct _xmlError *)’} but argument is of type ‘void (*)(void *, xmlError *)’ {aka ‘void (*)(void *, struct _xmlError *)’}
-  898 |                                  xmlStructuredErrorFunc handler);
-      |                                  ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
-
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index 6411f56b99..0eb39fcfc2 100644
--- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -119,7 +119,7 @@ struct PgXmlErrorContext
- 
- static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- 										   xmlParserCtxtPtr ctxt);
-static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, const xmlError *error);
- static void xml_ereport_by_code(int level, int sqlcode,
- 								const char *msg, int errcode);
- static void chopStringInfoNewlines(StringInfo str);
-@@ -1749,7 +1749,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg)
-  * Error handler for libxml errors and warnings
-  */
- static void
-xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, const xmlError *error)
- {
- 	PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- 	xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
--- a/postgresql16.spec
+++ b/postgresql16.spec
@ -95,9 +95,6 @@ Patch9: postgresql-server-pg_config.patch
 # rhbz#1940964
 Patch10: postgresql-datalayout-mismatch-on-s390.patch
 Patch12: postgresql-no-libecpg.patch
-Patch13: postgresql-libxml2.patch
-Patch14: postgresql15-libxml2.patch
-Patch15: postgresql-openssl32.patch

 # This macro is used for package names in the files section
 %if %?postgresql_default
@ -521,8 +518,6 @@ goal of accelerating analytics queries.
 %endif
 %patch 9 -p1
 %patch 10 -p1
-%patch 13 -p1
-%patch 15 -p1


 %if ! %external_libpq
@ -539,7 +534,6 @@ tar xfj %{SOURCE3}
 find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \;
 %endif

-%patch 14 -p1 -d postgresql-%{prevversion}

 # apply once SOURCE3 is extracted
 %endif
@ -1199,6 +1193,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_datadir}/pgsql/system_constraints.sql
 %{_datadir}/pgsql/system_functions.sql
 %{_datadir}/pgsql/system_views.sql
+%{_datadir}/pgsql/fix-CVE-2024-4317.sql
 %{_datadir}/pgsql/timezonesets/
 %{_datadir}/pgsql/tsearch_data/
 %dir %{_datadir}/postgresql-setup