From b8b716903984550a985e9ab6c07b642ced5feac1 Mon Sep 17 00:00:00 2001
From: gordonwwang <gordonwwang@tencent.com>
Date: Fri, 30 Aug 2024 10:42:50 +0800
Subject: [PATCH 1/2] Upgrade to version 16.4 - fix CVE-2024-4317

---
 postgresql16.spec | 9 +++++++--
 sources           | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/postgresql16.spec b/postgresql16.spec
index 6e8a71e..51f2df9 100644
--- a/postgresql16.spec
+++ b/postgresql16.spec
@@ -52,8 +52,8 @@
 
 Summary:       PostgreSQL client programs
 Name:          %{majorname}%{majorversion}
-Version: 	   %{majorversion}.1
-Release:       3%{?dist}
+Version: 	   %{majorversion}.4
+Release:       1%{?dist}
 License:       PostgreSQL
 Url:           http://www.postgresql.org/
 Source0:       https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
@@ -1035,6 +1035,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_datadir}/pgsql/system_constraints.sql
 %{_datadir}/pgsql/system_functions.sql
 %{_datadir}/pgsql/system_views.sql
+%{_datadir}/pgsql/fix-CVE-2024-4317.sql
 %{_datadir}/pgsql/timezonesets/
 %{_datadir}/pgsql/tsearch_data/
 %dir %{_datadir}/postgresql-setup
@@ -1174,6 +1175,10 @@ make -C postgresql-setup-%{setup_version} check
 
 
 %changelog
+* Fri Aug 30 2024 Wang Guodong <gordonwwang@tencent.com> - 16.4-1
+- Upgrade to version 16.4
+- fix CVE-2024-4317
+
 * Fri Aug 16 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 16.1-3
 - Rebuilt for loongarch release
 
diff --git a/sources b/sources
index 3e5ab48..982c55d 100755
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (postgresql-15.5.tar.bz2) = 9ed9d160b3cef99954ccd47a970c107b7e3b0196a7d848f740bf3c52a1c626f6f457814c97f37b9f0467bb07734e19806a15bd9cf3c39445e1d89e75b37064cc
-SHA512 (postgresql-16.1.tar.bz2) = 69f4635e5841452599f13b47df41ce2425ab34b4e4582fd2c635bc78d561fa36c5b03eccb4ae6569872dc74775be1b5a62dee20c9a4f12a43339250128352918
+SHA512 (postgresql-16.4.tar.bz2) = f2070299f0857a270317ac984f8393374cf00d4f32a082fe3c5481e36c560595ea711fed95e40d1bc90c5089edf8f165649d443d8b9c68614e1c83fc91268e96
 SHA512 (postgresql-setup-8.9.tar.gz) = 118e9ebf858722a38b0e90324bc1b49fc7058cda601ca0a7e78c94e7b95e89d6dbbc46f377626364b068614ced3cde3cb4733973ad2d71bf17892ad773657ef7
-- 
Gitee


From 528d3882836e6b03e365dbc45e29f9e8087040f2 Mon Sep 17 00:00:00 2001
From: gordonwwang <gordonwwang@tencent.com>
Date: Fri, 30 Aug 2024 10:48:44 +0800
Subject: [PATCH 2/2] update log: fix CVE-2024-7348

---
 postgresql16.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postgresql16.spec b/postgresql16.spec
index 51f2df9..8a57bc5 100644
--- a/postgresql16.spec
+++ b/postgresql16.spec
@@ -1177,7 +1177,7 @@ make -C postgresql-setup-%{setup_version} check
 %changelog
 * Fri Aug 30 2024 Wang Guodong <gordonwwang@tencent.com> - 16.4-1
 - Upgrade to version 16.4
-- fix CVE-2024-4317
+- CVEs fixed: CVE-2024-7348, CVE-2024-4317
 
 * Fri Aug 16 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 16.1-3
 - Rebuilt for loongarch release
-- 
Gitee