From caadcd6c6f4bac6da6dac2ffd886ebea2f10f344 Mon Sep 17 00:00:00 2001
From: Filip Janus <fjanus@redhat.com>
Date: Mon, 1 Dec 2025 16:17:27 +0000
Subject: [PATCH] Update to 16.11

- Fix CVE-2025-12818: libpq undersizes allocations, via integer wraparound
  Integer wraparound in PostgreSQL libpq client library functions allows
  an application input provider or network peer to cause libpq to undersize
  an allocation and write out-of-bounds by hundreds of megabytes, resulting
  in segmentation fault.

Resolves: RHEL-128802 [rhel-10.2]
Resolves: RHEL-128801 [rhel-10.1.z]
---
 .gitignore        | 2 ++
 postgresql16.spec | 9 +++++++--
 sources           | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5f29fe1..b3000b8 100755
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,5 @@
 /postgresql-16.10.tar.bz2.sha256
 /postgresql-13.22.tar.bz2
 /postgresql-13.22.tar.bz2.sha256
+/postgresql-16.11.tar.bz2
+/postgresql-16.11.tar.bz2.sha256
diff --git a/postgresql16.spec b/postgresql16.spec
index 1a4212f..9f4a19a 100644
--- a/postgresql16.spec
+++ b/postgresql16.spec
@@ -47,8 +47,8 @@
 
 Summary: PostgreSQL client programs
 Name: %{majorname}%{majorversion}
-Version: %{majorversion}.10
-Release: 3%{?dist}
+Version: %{majorversion}.11
+Release: 1%{?dist}
 
 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@@ -1348,6 +1348,11 @@ make -C postgresql-setup-%{setup_version} check
 
 
 %changelog
+* Mon Dec 01 2025 Filip Janus <fjanus@redhat.com> - 16.11-1
+- Update to 16.11
+- Resolves: RHEL-128802 (CVE-2025-12818) [rhel-10.2]
+- Resolves: RHEL-128801 (CVE-2025-12818) [rhel-10.1.z]
+
 * Mon Nov 10 2025 Filip Janus <fjanus@redhat.com> - 16.10-3
 - Add tmpfiles.d configuration for PostgreSQL 16
 - Ensures proper directory permissions for /var/lib/pgsql
diff --git a/sources b/sources
index 931144c..79cc699 100755
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
-SHA512 (postgresql-16.10.tar.bz2) = b6de80d522f863b0d9dd8c2bf4f71bea309bd07586859e309a9821e7f6fd5839557dc396351e7b61aebf492bf8c8a053a324f059a1dee621ac1a6d5e8eccea22
-SHA512 (postgresql-16.10.tar.bz2.sha256) = 2489a4a2074c7be5c352153ab899681f0761db5dfce8fe315be19783d91613c033570a2f5f85145e5608550e1636231abbeb96aacaa8a94f463caf0c02af48a1
+SHA512 (postgresql-16.11.tar.bz2) = f11f8f3e5855cfce27108a1bd2122c5a7a1ff37c6d9366d7a96a041aab67a4e4a31e54f0757b6b97c72d841acdcaa97d3eaa765213d4899b2cf7047c549012b8
+SHA512 (postgresql-16.11.tar.bz2.sha256) = 3c07dc85608f8cee5071bd7d404feff1c767afb468a8f41225b73d5df05334dca9a3465e16307a3b5b21c1a44684deab0c496fbd03b9d061e4a9559684876671
 SHA512 (postgresql-13.22.tar.bz2) = 0f578526aad852285de001369dd1c8308f03479c8f4f6c1a1d066b6b77103e340df95b9ab41df3f959c4e17d4fb0c0441b02a04d3e6c01cfcd40a2632c3ac7eb
 SHA512 (postgresql-13.22.tar.bz2.sha256) = e93c92f5bf1d091e7381abaf2d5076dec2390e5f65396eb887c92c50f7df659b296b1688991b8894b91bb409c616d4ce07312b115246b1a864e6b741172a6d7b
 SHA512 (postgresql-setup-8.9.tar.gz) = 118e9ebf858722a38b0e90324bc1b49fc7058cda601ca0a7e78c94e7b95e89d6dbbc46f377626364b068614ced3cde3cb4733973ad2d71bf17892ad773657ef7