diff --git a/fix-cve-CVE-2024-10979-01.patch b/fix-cve-CVE-2024-10979-01.patch new file mode 100644 index 0000000000000000000000000000000000000000..41b6a7359cb5ac75e601746bc6fe349655fc2973 --- /dev/null +++ b/fix-cve-CVE-2024-10979-01.patch @@ -0,0 +1,485 @@ +From c7d7ea970d073a6653a3401bc19ae0f453fe4b19 Mon Dec 17 00:00:00 2001 +From: zhuhongbo +Date: Mon, 30 Dec 2024 17:17:36 +0800 +Subject: [PATCH] fix cve CVE-2024-10979 +--- + doc/src/sgml/ref/set.sgml | 4 +- + doc/src/sgml/regress.sgml | 6 +- + src/test/regress/expected/date.out | 10 +- + src/test/regress/expected/horology.out | 43 ++-- + src/test/regress/expected/timestamptz.out | 241 +++------------------- + src/test/regress/pg_regress.c | 2 +- + src/test/regress/sql/horology.sql | 4 +- + src/test/regress/sql/timestamptz.sql | 16 -- + 8 files changed, 65 insertions(+), 261 deletions(-) + +diff --git a/src/test/regress/expected/date.out b/src/test/regress/expected/date.out +index b603745077..e715444127 100644 +--- a/src/test/regress/expected/date.out ++++ b/src/test/regress/expected/date.out +@@ -1106,7 +1106,7 @@ SELECT DATE_TRUNC('MILLENNIUM', TIMESTAMP '1970-03-20 04:30:00.00000'); -- 1001 + SELECT DATE_TRUNC('MILLENNIUM', DATE '1970-03-20'); -- 1001-01-01 + date_trunc + ------------------------------ +- Thu Jan 01 00:00:00 1001 PST ++ Thu Jan 01 00:00:00 1001 LMT + (1 row) + + SELECT DATE_TRUNC('CENTURY', TIMESTAMP '1970-03-20 04:30:00.00000'); -- 1901 +@@ -1130,13 +1130,13 @@ SELECT DATE_TRUNC('CENTURY', DATE '2004-08-10'); -- 2001-01-01 + SELECT DATE_TRUNC('CENTURY', DATE '0002-02-04'); -- 0001-01-01 + date_trunc + ------------------------------ +- Mon Jan 01 00:00:00 0001 PST ++ Mon Jan 01 00:00:00 0001 LMT + (1 row) + + SELECT DATE_TRUNC('CENTURY', DATE '0055-08-10 BC'); -- 0100-01-01 BC + date_trunc + --------------------------------- +- Tue Jan 01 00:00:00 0100 PST BC ++ Tue Jan 01 00:00:00 0100 LMT BC + (1 row) + + SELECT DATE_TRUNC('DECADE', DATE '1993-12-25'); -- 1990-01-01 +@@ -1148,13 +1148,13 @@ SELECT DATE_TRUNC('DECADE', DATE '1993-12-25'); -- 1990-01-01 + SELECT DATE_TRUNC('DECADE', DATE '0004-12-25'); -- 0001-01-01 BC + date_trunc + --------------------------------- +- Sat Jan 01 00:00:00 0001 PST BC ++ Sat Jan 01 00:00:00 0001 LMT BC + (1 row) + + SELECT DATE_TRUNC('DECADE', DATE '0002-12-31 BC'); -- 0011-01-01 BC + date_trunc + --------------------------------- +- Mon Jan 01 00:00:00 0011 PST BC ++ Mon Jan 01 00:00:00 0011 LMT BC + (1 row) + + -- +diff --git a/src/test/regress/expected/horology.out b/src/test/regress/expected/horology.out +index 2666deea88..b7feaa3a8d 100644 +--- a/src/test/regress/expected/horology.out ++++ b/src/test/regress/expected/horology.out +@@ -1,7 +1,18 @@ + -- + -- HOROLOGY + -- +-SET DateStyle = 'Postgres, MDY'; ++SHOW TimeZone; -- Many of these tests depend on the prevailing settings ++ TimeZone ++--------------------- ++ America/Los_Angeles ++(1 row) ++ ++SHOW DateStyle; ++ DateStyle ++--------------- ++ Postgres, MDY ++(1 row) ++ + -- + -- Test various input formats + -- +@@ -754,12 +765,12 @@ SELECT '' AS "64", d1 + interval '1 year' AS one_year FROM TIMESTAMPTZ_TBL; + | Sat Feb 14 17:32:01 1998 PST + | Sun Feb 15 17:32:01 1998 PST + | Mon Feb 16 17:32:01 1998 PST +- | Thu Feb 16 17:32:01 0096 PST BC +- | Sun Feb 16 17:32:01 0098 PST +- | Fri Feb 16 17:32:01 0598 PST +- | Wed Feb 16 17:32:01 1098 PST +- | Sun Feb 16 17:32:01 1698 PST +- | Fri Feb 16 17:32:01 1798 PST ++ | Thu Feb 16 17:32:01 0096 LMT BC ++ | Sun Feb 16 17:32:01 0098 LMT ++ | Fri Feb 16 17:32:01 0598 LMT ++ | Wed Feb 16 17:32:01 1098 LMT ++ | Sun Feb 16 17:32:01 1698 LMT ++ | Fri Feb 16 17:32:01 1798 LMT + | Wed Feb 16 17:32:01 1898 PST + | Mon Feb 16 17:32:01 1998 PST + | Sun Feb 16 17:32:01 2098 PST +@@ -825,12 +836,12 @@ SELECT '' AS "64", d1 - interval '1 year' AS one_year FROM TIMESTAMPTZ_TBL; + | Wed Feb 14 17:32:01 1996 PST + | Thu Feb 15 17:32:01 1996 PST + | Fri Feb 16 17:32:01 1996 PST +- | Mon Feb 16 17:32:01 0098 PST BC +- | Thu Feb 16 17:32:01 0096 PST +- | Tue Feb 16 17:32:01 0596 PST +- | Sun Feb 16 17:32:01 1096 PST +- | Thu Feb 16 17:32:01 1696 PST +- | Tue Feb 16 17:32:01 1796 PST ++ | Mon Feb 16 17:32:01 0098 LMT BC ++ | Thu Feb 16 17:32:01 0096 LMT ++ | Tue Feb 16 17:32:01 0596 LMT ++ | Sun Feb 16 17:32:01 1096 LMT ++ | Thu Feb 16 17:32:01 1696 LMT ++ | Tue Feb 16 17:32:01 1796 LMT + | Sun Feb 16 17:32:01 1896 PST + | Fri Feb 16 17:32:01 1996 PST + | Thu Feb 16 17:32:01 2096 PST +@@ -2760,13 +2771,13 @@ RESET DateStyle; + SELECT to_timestamp('0097/Feb/16 --> 08:14:30', 'YYYY/Mon/DD --> HH:MI:SS'); + to_timestamp + ------------------------------ +- Sat Feb 16 08:14:30 0097 PST ++ Sat Feb 16 08:14:30 0097 LMT + (1 row) + + SELECT to_timestamp('97/2/16 8:14:30', 'FMYYYY/FMMM/FMDD FMHH:FMMI:FMSS'); + to_timestamp + ------------------------------ +- Sat Feb 16 08:14:30 0097 PST ++ Sat Feb 16 08:14:30 0097 LMT + (1 row) + + SELECT to_timestamp('1985 January 12', 'YYYY FMMonth DD'); +@@ -2785,7 +2796,7 @@ SELECT to_timestamp('My birthday-> Year: 1976, Month: May, Day: 16', + SELECT to_timestamp('1,582nd VIII 21', 'Y,YYYth FMRM DD'); + to_timestamp + ------------------------------ +- Sat Aug 21 00:00:00 1582 PST ++ Sat Aug 21 00:00:00 1582 LMT + (1 row) + + SELECT to_timestamp('15 "text between quote marks" 98 54 45', +diff --git a/src/test/regress/expected/timestamptz.out b/src/test/regress/expected/timestamptz.out +index 580279e93d..a55669328e 100644 +--- a/src/test/regress/expected/timestamptz.out ++++ b/src/test/regress/expected/timestamptz.out +@@ -297,12 +297,12 @@ SELECT '' AS "64", d1 FROM TIMESTAMPTZ_TBL; + | Fri Feb 14 17:32:01 1997 PST + | Sat Feb 15 17:32:01 1997 PST + | Sun Feb 16 17:32:01 1997 PST +- | Tue Feb 16 17:32:01 0097 PST BC +- | Sat Feb 16 17:32:01 0097 PST +- | Thu Feb 16 17:32:01 0597 PST +- | Tue Feb 16 17:32:01 1097 PST +- | Sat Feb 16 17:32:01 1697 PST +- | Thu Feb 16 17:32:01 1797 PST ++ | Tue Feb 16 17:32:01 0097 LMT BC ++ | Sat Feb 16 17:32:01 0097 LMT ++ | Thu Feb 16 17:32:01 0597 LMT ++ | Tue Feb 16 17:32:01 1097 LMT ++ | Sat Feb 16 17:32:01 1697 LMT ++ | Thu Feb 16 17:32:01 1797 LMT + | Tue Feb 16 17:32:01 1897 PST + | Sun Feb 16 17:32:01 1997 PST + | Sat Feb 16 17:32:01 2097 PST +@@ -385,12 +385,12 @@ SELECT '' AS "15", d1 FROM TIMESTAMPTZ_TBL + ----+--------------------------------- + | -infinity + | Wed Dec 31 16:00:00 1969 PST +- | Tue Feb 16 17:32:01 0097 PST BC +- | Sat Feb 16 17:32:01 0097 PST +- | Thu Feb 16 17:32:01 0597 PST +- | Tue Feb 16 17:32:01 1097 PST +- | Sat Feb 16 17:32:01 1697 PST +- | Thu Feb 16 17:32:01 1797 PST ++ | Tue Feb 16 17:32:01 0097 LMT BC ++ | Sat Feb 16 17:32:01 0097 LMT ++ | Thu Feb 16 17:32:01 0597 LMT ++ | Tue Feb 16 17:32:01 1097 LMT ++ | Sat Feb 16 17:32:01 1697 LMT ++ | Thu Feb 16 17:32:01 1797 LMT + | Tue Feb 16 17:32:01 1897 PST + | Wed Feb 28 17:32:01 1996 PST + | Thu Feb 29 17:32:01 1996 PST +@@ -453,12 +453,12 @@ SELECT '' AS "63", d1 FROM TIMESTAMPTZ_TBL + | Fri Feb 14 17:32:01 1997 PST + | Sat Feb 15 17:32:01 1997 PST + | Sun Feb 16 17:32:01 1997 PST +- | Tue Feb 16 17:32:01 0097 PST BC +- | Sat Feb 16 17:32:01 0097 PST +- | Thu Feb 16 17:32:01 0597 PST +- | Tue Feb 16 17:32:01 1097 PST +- | Sat Feb 16 17:32:01 1697 PST +- | Thu Feb 16 17:32:01 1797 PST ++ | Tue Feb 16 17:32:01 0097 LMT BC ++ | Sat Feb 16 17:32:01 0097 LMT ++ | Thu Feb 16 17:32:01 0597 LMT ++ | Tue Feb 16 17:32:01 1097 LMT ++ | Sat Feb 16 17:32:01 1697 LMT ++ | Thu Feb 16 17:32:01 1797 LMT + | Tue Feb 16 17:32:01 1897 PST + | Sun Feb 16 17:32:01 1997 PST + | Sat Feb 16 17:32:01 2097 PST +@@ -485,12 +485,12 @@ SELECT '' AS "16", d1 FROM TIMESTAMPTZ_TBL + | -infinity + | Wed Dec 31 16:00:00 1969 PST + | Thu Jan 02 00:00:00 1997 PST +- | Tue Feb 16 17:32:01 0097 PST BC +- | Sat Feb 16 17:32:01 0097 PST +- | Thu Feb 16 17:32:01 0597 PST +- | Tue Feb 16 17:32:01 1097 PST +- | Sat Feb 16 17:32:01 1697 PST +- | Thu Feb 16 17:32:01 1797 PST ++ | Tue Feb 16 17:32:01 0097 LMT BC ++ | Sat Feb 16 17:32:01 0097 LMT ++ | Thu Feb 16 17:32:01 0597 LMT ++ | Tue Feb 16 17:32:01 1097 LMT ++ | Sat Feb 16 17:32:01 1697 LMT ++ | Thu Feb 16 17:32:01 1797 LMT + | Tue Feb 16 17:32:01 1897 PST + | Wed Feb 28 17:32:01 1996 PST + | Thu Feb 29 17:32:01 1996 PST +@@ -689,199 +689,6 @@ SELECT '' AS "54", d1 - timestamp with time zone '1997-01-02' AS diff + | @ 1460 days 17 hours 32 mins 1 sec + (56 rows) + +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'year', d1) AS year, date_part( 'month', d1) AS month, +- date_part( 'day', d1) AS day, date_part( 'hour', d1) AS hour, +- date_part( 'minute', d1) AS minute, date_part( 'second', d1) AS second +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- 54 | timestamptz | year | month | day | hour | minute | second +-----+--------------------------------+------+-------+-----+------+--------+-------- +- | Wed Dec 31 16:00:00 1969 PST | 1969 | 12 | 31 | 16 | 0 | 0 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:02 1997 PST | 1997 | 2 | 10 | 17 | 32 | 2 +- | Mon Feb 10 17:32:01.4 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1.4 +- | Mon Feb 10 17:32:01.5 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1.5 +- | Mon Feb 10 17:32:01.6 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1.6 +- | Thu Jan 02 00:00:00 1997 PST | 1997 | 1 | 2 | 0 | 0 | 0 +- | Thu Jan 02 03:04:05 1997 PST | 1997 | 1 | 2 | 3 | 4 | 5 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Tue Jun 10 17:32:01 1997 PDT | 1997 | 6 | 10 | 17 | 32 | 1 +- | Sat Sep 22 18:19:20 2001 PDT | 2001 | 9 | 22 | 18 | 19 | 20 +- | Wed Mar 15 08:14:01 2000 PST | 2000 | 3 | 15 | 8 | 14 | 1 +- | Wed Mar 15 04:14:02 2000 PST | 2000 | 3 | 15 | 4 | 14 | 2 +- | Wed Mar 15 02:14:03 2000 PST | 2000 | 3 | 15 | 2 | 14 | 3 +- | Wed Mar 15 03:14:04 2000 PST | 2000 | 3 | 15 | 3 | 14 | 4 +- | Wed Mar 15 01:14:05 2000 PST | 2000 | 3 | 15 | 1 | 14 | 5 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:00 1997 PST | 1997 | 2 | 10 | 17 | 32 | 0 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 2 | 10 | 9 | 32 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 2 | 10 | 9 | 32 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 2 | 10 | 9 | 32 | 1 +- | Mon Feb 10 14:32:01 1997 PST | 1997 | 2 | 10 | 14 | 32 | 1 +- | Thu Jul 10 14:32:01 1997 PDT | 1997 | 7 | 10 | 14 | 32 | 1 +- | Tue Jun 10 18:32:01 1997 PDT | 1997 | 6 | 10 | 18 | 32 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 2 | 10 | 17 | 32 | 1 +- | Tue Feb 11 17:32:01 1997 PST | 1997 | 2 | 11 | 17 | 32 | 1 +- | Wed Feb 12 17:32:01 1997 PST | 1997 | 2 | 12 | 17 | 32 | 1 +- | Thu Feb 13 17:32:01 1997 PST | 1997 | 2 | 13 | 17 | 32 | 1 +- | Fri Feb 14 17:32:01 1997 PST | 1997 | 2 | 14 | 17 | 32 | 1 +- | Sat Feb 15 17:32:01 1997 PST | 1997 | 2 | 15 | 17 | 32 | 1 +- | Sun Feb 16 17:32:01 1997 PST | 1997 | 2 | 16 | 17 | 32 | 1 +- | Sun Feb 16 17:32:01 1997 PST | 1997 | 2 | 16 | 17 | 32 | 1 +- | Wed Feb 28 17:32:01 1996 PST | 1996 | 2 | 28 | 17 | 32 | 1 +- | Thu Feb 29 17:32:01 1996 PST | 1996 | 2 | 29 | 17 | 32 | 1 +- | Fri Mar 01 17:32:01 1996 PST | 1996 | 3 | 1 | 17 | 32 | 1 +- | Mon Dec 30 17:32:01 1996 PST | 1996 | 12 | 30 | 17 | 32 | 1 +- | Tue Dec 31 17:32:01 1996 PST | 1996 | 12 | 31 | 17 | 32 | 1 +- | Wed Jan 01 17:32:01 1997 PST | 1997 | 1 | 1 | 17 | 32 | 1 +- | Fri Feb 28 17:32:01 1997 PST | 1997 | 2 | 28 | 17 | 32 | 1 +- | Sat Mar 01 17:32:01 1997 PST | 1997 | 3 | 1 | 17 | 32 | 1 +- | Tue Dec 30 17:32:01 1997 PST | 1997 | 12 | 30 | 17 | 32 | 1 +- | Wed Dec 31 17:32:01 1997 PST | 1997 | 12 | 31 | 17 | 32 | 1 +- | Fri Dec 31 17:32:01 1999 PST | 1999 | 12 | 31 | 17 | 32 | 1 +- | Sat Jan 01 17:32:01 2000 PST | 2000 | 1 | 1 | 17 | 32 | 1 +- | Sun Dec 31 17:32:01 2000 PST | 2000 | 12 | 31 | 17 | 32 | 1 +- | Mon Jan 01 17:32:01 2001 PST | 2001 | 1 | 1 | 17 | 32 | 1 +-(56 rows) +- +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'quarter', d1) AS quarter, date_part( 'msec', d1) AS msec, +- date_part( 'usec', d1) AS usec +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- 54 | timestamptz | quarter | msec | usec +-----+--------------------------------+---------+-------+---------- +- | Wed Dec 31 16:00:00 1969 PST | 4 | 0 | 0 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:02 1997 PST | 1 | 2000 | 2000000 +- | Mon Feb 10 17:32:01.4 1997 PST | 1 | 1400 | 1400000 +- | Mon Feb 10 17:32:01.5 1997 PST | 1 | 1500 | 1500000 +- | Mon Feb 10 17:32:01.6 1997 PST | 1 | 1600 | 1600000 +- | Thu Jan 02 00:00:00 1997 PST | 1 | 0 | 0 +- | Thu Jan 02 03:04:05 1997 PST | 1 | 5000 | 5000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Tue Jun 10 17:32:01 1997 PDT | 2 | 1000 | 1000000 +- | Sat Sep 22 18:19:20 2001 PDT | 3 | 20000 | 20000000 +- | Wed Mar 15 08:14:01 2000 PST | 1 | 1000 | 1000000 +- | Wed Mar 15 04:14:02 2000 PST | 1 | 2000 | 2000000 +- | Wed Mar 15 02:14:03 2000 PST | 1 | 3000 | 3000000 +- | Wed Mar 15 03:14:04 2000 PST | 1 | 4000 | 4000000 +- | Wed Mar 15 01:14:05 2000 PST | 1 | 5000 | 5000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:00 1997 PST | 1 | 0 | 0 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 09:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 09:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 09:32:01 1997 PST | 1 | 1000 | 1000000 +- | Mon Feb 10 14:32:01 1997 PST | 1 | 1000 | 1000000 +- | Thu Jul 10 14:32:01 1997 PDT | 3 | 1000 | 1000000 +- | Tue Jun 10 18:32:01 1997 PDT | 2 | 1000 | 1000000 +- | Mon Feb 10 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Tue Feb 11 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Wed Feb 12 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Thu Feb 13 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Fri Feb 14 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Sat Feb 15 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Sun Feb 16 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Sun Feb 16 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Wed Feb 28 17:32:01 1996 PST | 1 | 1000 | 1000000 +- | Thu Feb 29 17:32:01 1996 PST | 1 | 1000 | 1000000 +- | Fri Mar 01 17:32:01 1996 PST | 1 | 1000 | 1000000 +- | Mon Dec 30 17:32:01 1996 PST | 4 | 1000 | 1000000 +- | Tue Dec 31 17:32:01 1996 PST | 4 | 1000 | 1000000 +- | Wed Jan 01 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Fri Feb 28 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Sat Mar 01 17:32:01 1997 PST | 1 | 1000 | 1000000 +- | Tue Dec 30 17:32:01 1997 PST | 4 | 1000 | 1000000 +- | Wed Dec 31 17:32:01 1997 PST | 4 | 1000 | 1000000 +- | Fri Dec 31 17:32:01 1999 PST | 4 | 1000 | 1000000 +- | Sat Jan 01 17:32:01 2000 PST | 1 | 1000 | 1000000 +- | Sun Dec 31 17:32:01 2000 PST | 4 | 1000 | 1000000 +- | Mon Jan 01 17:32:01 2001 PST | 1 | 1000 | 1000000 +-(56 rows) +- +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'isoyear', d1) AS isoyear, date_part( 'week', d1) AS week, +- date_part( 'dow', d1) AS dow +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- 54 | timestamptz | isoyear | week | dow +-----+--------------------------------+---------+------+----- +- | Wed Dec 31 16:00:00 1969 PST | 1970 | 1 | 3 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:02 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01.4 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01.5 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01.6 1997 PST | 1997 | 7 | 1 +- | Thu Jan 02 00:00:00 1997 PST | 1997 | 1 | 4 +- | Thu Jan 02 03:04:05 1997 PST | 1997 | 1 | 4 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Tue Jun 10 17:32:01 1997 PDT | 1997 | 24 | 2 +- | Sat Sep 22 18:19:20 2001 PDT | 2001 | 38 | 6 +- | Wed Mar 15 08:14:01 2000 PST | 2000 | 11 | 3 +- | Wed Mar 15 04:14:02 2000 PST | 2000 | 11 | 3 +- | Wed Mar 15 02:14:03 2000 PST | 2000 | 11 | 3 +- | Wed Mar 15 03:14:04 2000 PST | 2000 | 11 | 3 +- | Wed Mar 15 01:14:05 2000 PST | 2000 | 11 | 3 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:00 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 09:32:01 1997 PST | 1997 | 7 | 1 +- | Mon Feb 10 14:32:01 1997 PST | 1997 | 7 | 1 +- | Thu Jul 10 14:32:01 1997 PDT | 1997 | 28 | 4 +- | Tue Jun 10 18:32:01 1997 PDT | 1997 | 24 | 2 +- | Mon Feb 10 17:32:01 1997 PST | 1997 | 7 | 1 +- | Tue Feb 11 17:32:01 1997 PST | 1997 | 7 | 2 +- | Wed Feb 12 17:32:01 1997 PST | 1997 | 7 | 3 +- | Thu Feb 13 17:32:01 1997 PST | 1997 | 7 | 4 +- | Fri Feb 14 17:32:01 1997 PST | 1997 | 7 | 5 +- | Sat Feb 15 17:32:01 1997 PST | 1997 | 7 | 6 +- | Sun Feb 16 17:32:01 1997 PST | 1997 | 7 | 0 +- | Sun Feb 16 17:32:01 1997 PST | 1997 | 7 | 0 +- | Wed Feb 28 17:32:01 1996 PST | 1996 | 9 | 3 +- | Thu Feb 29 17:32:01 1996 PST | 1996 | 9 | 4 +- | Fri Mar 01 17:32:01 1996 PST | 1996 | 9 | 5 +- | Mon Dec 30 17:32:01 1996 PST | 1997 | 1 | 1 +- | Tue Dec 31 17:32:01 1996 PST | 1997 | 1 | 2 +- | Wed Jan 01 17:32:01 1997 PST | 1997 | 1 | 3 +- | Fri Feb 28 17:32:01 1997 PST | 1997 | 9 | 5 +- | Sat Mar 01 17:32:01 1997 PST | 1997 | 9 | 6 +- | Tue Dec 30 17:32:01 1997 PST | 1998 | 1 | 2 +- | Wed Dec 31 17:32:01 1997 PST | 1998 | 1 | 3 +- | Fri Dec 31 17:32:01 1999 PST | 1999 | 52 | 5 +- | Sat Jan 01 17:32:01 2000 PST | 1999 | 52 | 6 +- | Sun Dec 31 17:32:01 2000 PST | 2000 | 52 | 0 +- | Mon Jan 01 17:32:01 2001 PST | 2001 | 1 | 1 +-(56 rows) +- + -- TO_CHAR() + SELECT '' AS to_char_1, to_char(d1, 'DAY Day day DY Dy dy MONTH Month month RM MON Mon mon') + FROM TIMESTAMPTZ_TBL; +diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c +index d1f4cc750b..7ff196aff0 100644 +--- a/src/test/regress/pg_regress.c ++++ b/src/test/regress/pg_regress.c +@@ -824,7 +824,7 @@ initialize_environment(void) + /* + * Set timezone and datestyle for datetime-related tests + */ +- putenv("PGTZ=PST8PDT"); ++ putenv("PGTZ=America/Los_Angeles"); + putenv("PGDATESTYLE=Postgres, MDY"); + + /* +diff --git a/src/test/regress/sql/horology.sql b/src/test/regress/sql/horology.sql +index fe9a520cb9..6eafbc15ed 100644 +--- a/src/test/regress/sql/horology.sql ++++ b/src/test/regress/sql/horology.sql +@@ -1,7 +1,9 @@ + -- + -- HOROLOGY + -- +-SET DateStyle = 'Postgres, MDY'; ++ ++SHOW TimeZone; -- Many of these tests depend on the prevailing settings ++SHOW DateStyle; + + -- + -- Test various input formats +diff --git a/src/test/regress/sql/timestamptz.sql b/src/test/regress/sql/timestamptz.sql +index a3d6b8bd38..5b223ac777 100644 +--- a/src/test/regress/sql/timestamptz.sql ++++ b/src/test/regress/sql/timestamptz.sql +@@ -191,22 +191,6 @@ SELECT '' AS "54", d1 - timestamp with time zone '1997-01-02' AS diff + FROM TIMESTAMPTZ_TBL + WHERE d1 BETWEEN timestamp with time zone '1902-01-01' AND timestamp with time zone '2038-01-01'; + +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'year', d1) AS year, date_part( 'month', d1) AS month, +- date_part( 'day', d1) AS day, date_part( 'hour', d1) AS hour, +- date_part( 'minute', d1) AS minute, date_part( 'second', d1) AS second +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'quarter', d1) AS quarter, date_part( 'msec', d1) AS msec, +- date_part( 'usec', d1) AS usec +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- +-SELECT '' AS "54", d1 as timestamptz, +- date_part( 'isoyear', d1) AS isoyear, date_part( 'week', d1) AS week, +- date_part( 'dow', d1) AS dow +- FROM TIMESTAMPTZ_TBL WHERE d1 BETWEEN '1902-01-01' AND '2038-01-01'; +- + -- TO_CHAR() + SELECT '' AS to_char_1, to_char(d1, 'DAY Day day DY Dy dy MONTH Month month RM MON Mon mon') + FROM TIMESTAMPTZ_TBL; +-- +2.47.0 + diff --git a/fix-cve-CVE-2024-10979.patch b/fix-cve-CVE-2024-10979.patch new file mode 100644 index 0000000000000000000000000000000000000000..eae2a7ec63d5e61a2c04e29461099c60591aa37c --- /dev/null +++ b/fix-cve-CVE-2024-10979.patch @@ -0,0 +1,291 @@ +From c7d7ea970d073a6653a3401bc19ae0f453fe4b19 Mon Dec 17 00:00:00 2001 +From: zhuhongbo +Date: Mon, 30 Dec 2024 17:16:48 +0800 +Subject: [PATCH] fix cve CVE-2024-10979 +--- + doc/src/sgml/plperl.sgml | 13 +++++++ + src/pl/plperl/GNUmakefile | 4 +- + src/pl/plperl/input/plperl_env.source | 52 ++++++++++++++++++++++++++ + src/pl/plperl/output/plperl_env.source | 49 ++++++++++++++++++++++++ + src/pl/plperl/plc_trusted.pl | 24 ++++++++++++ + src/test/regress/regress.c | 27 +++++++++++++ + 6 files changed, 167 insertions(+), 2 deletions(-) + create mode 100644 src/pl/plperl/input/plperl_env.source + create mode 100644 src/pl/plperl/output/plperl_env.source + +diff --git a/src/pl/plperl/GNUmakefile b/src/pl/plperl/GNUmakefile +index bcc5be0e2a..ebade79348 100644 +--- a/src/pl/plperl/GNUmakefile ++++ b/src/pl/plperl/GNUmakefile +@@ -47,8 +47,8 @@ PERLCHUNKS = plc_perlboot.pl plc_trusted.pl + # Force rpath to be used even though we disable it everywhere else + SHLIB_LINK += $(rpath) + +-REGRESS_OPTS = --dbname=$(PL_TESTDB) --load-extension=plperl --load-extension=plperlu +-REGRESS = plperl plperl_lc plperl_trigger plperl_shared plperl_elog plperl_util plperl_init plperlu plperl_array ++REGRESS_OPTS = --dbname=$(PL_TESTDB) --dlpath=$(top_builddir)/src/test/regress --load-extension=plperl --load-extension=plperlu ++REGRESS = plperl plperl_lc plperl_trigger plperl_shared plperl_elog plperl_util plperl_init plperlu plperl_array plperl_env + # if Perl can support two interpreters in one backend, + # test plperl-and-plperlu cases + ifneq ($(PERL),) +diff --git a/src/pl/plperl/input/plperl_env.source b/src/pl/plperl/input/plperl_env.source +new file mode 100644 +index 0000000000..8fe526e1b8 +--- /dev/null ++++ b/src/pl/plperl/input/plperl_env.source +@@ -0,0 +1,52 @@ ++-- ++-- Test the environment setting ++-- ++ ++CREATE FUNCTION get_environ() ++ RETURNS text[] ++ AS '@libdir@/regress@DLSUFFIX@', 'get_environ' ++ LANGUAGE C STRICT; ++ ++-- fetch the process environment ++ ++CREATE FUNCTION process_env () RETURNS text[] ++LANGUAGE plpgsql AS ++$$ ++ ++declare ++ res text[]; ++ tmp text[]; ++ f record; ++begin ++ for f in select unnest(get_environ()) as t loop ++ tmp := regexp_split_to_array(f.t, '='); ++ if array_length(tmp, 1) = 2 then ++ res := res || tmp; ++ end if; ++ end loop; ++ return res; ++end ++ ++$$; ++ ++-- plperl should not be able to affect the process environment ++ ++DO ++$$ ++ $ENV{TEST_PLPERL_ENV_FOO} = "shouldfail"; ++ untie %ENV; ++ $ENV{TEST_PLPERL_ENV_FOO} = "testval"; ++ my $penv = spi_exec_query("select unnest(process_env()) as pe"); ++ my %received; ++ for (my $f = 0; $f < $penv->{processed}; $f += 2) ++ { ++ my $k = $penv->{rows}[$f]->{pe}; ++ my $v = $penv->{rows}[$f+1]->{pe}; ++ $received{$k} = $v; ++ } ++ unless (exists $received{TEST_PLPERL_ENV_FOO}) ++ { ++ elog(NOTICE, "environ unaffected") ++ } ++ ++$$ LANGUAGE plperl; +diff --git a/src/pl/plperl/output/plperl_env.source b/src/pl/plperl/output/plperl_env.source +new file mode 100644 +index 0000000000..37b7e23d5c +--- /dev/null ++++ b/src/pl/plperl/output/plperl_env.source +@@ -0,0 +1,51 @@ ++-- ++-- Test the environment setting ++-- ++CREATE FUNCTION get_environ() ++ RETURNS text[] ++ AS '@libdir@/regress@DLSUFFIX@', 'get_environ' ++ LANGUAGE C STRICT; ++-- fetch the process environment ++CREATE FUNCTION process_env () RETURNS text[] ++LANGUAGE plpgsql AS ++$$ ++ ++declare ++ res text[]; ++ tmp text[]; ++ f record; ++begin ++ for f in select unnest(get_environ()) as t loop ++ tmp := regexp_split_to_array(f.t, '='); ++ if array_length(tmp, 1) = 2 then ++ res := res || tmp; ++ end if; ++ end loop; ++ return res; ++end ++ ++$$; ++-- plperl should not be able to affect the process environment ++DO ++$$ ++ $ENV{TEST_PLPERL_ENV_FOO} = "shouldfail"; ++ untie %ENV; ++ $ENV{TEST_PLPERL_ENV_FOO} = "testval"; ++ my $penv = spi_exec_query("select unnest(process_env()) as pe"); ++ my %received; ++ for (my $f = 0; $f < $penv->{processed}; $f += 2) ++ { ++ my $k = $penv->{rows}[$f]->{pe}; ++ my $v = $penv->{rows}[$f+1]->{pe}; ++ $received{$k} = $v; ++ } ++ unless (exists $received{TEST_PLPERL_ENV_FOO}) ++ { ++ elog(NOTICE, "environ unaffected") ++ } ++ ++$$ LANGUAGE plperl; ++WARNING: attempted alteration of $ENV{TEST_PLPERL_ENV_FOO} at line 12. ++CONTEXT: PL/Perl anonymous code block ++NOTICE: environ unaffected ++CONTEXT: PL/Perl anonymous code block +diff --git a/src/pl/plperl/plc_trusted.pl b/src/pl/plperl/plc_trusted.pl +index cd61882eb6..a57cd229a5 100644 +--- a/src/pl/plperl/plc_trusted.pl ++++ b/src/pl/plperl/plc_trusted.pl +@@ -25,3 +25,27 @@ require Carp; + require Carp::Heavy; + require warnings; + require feature if $] >= 5.010000; ++ ++#<<< protect next line from perltidy so perlcritic annotation works ++package PostgreSQL::InServer::WarnEnv; ## no critic (RequireFilenameMatchesPackage) ++#>>> ++ ++use strict; ++use warnings; ++use Tie::Hash; ++our @ISA = qw(Tie::StdHash); ++ ++sub STORE { warn "attempted alteration of \$ENV{$_[1]}"; } ++sub DELETE { warn "attempted deletion of \$ENV{$_[1]}"; } ++sub CLEAR { warn "attempted clearance of ENV hash"; } ++ ++# Remove magic property of %ENV. Changes to this will now not be reflected in ++# the process environment. ++*main::ENV = {%ENV}; ++ ++# Block %ENV changes from trusted PL/Perl, and warn. We changed %ENV to just a ++# normal hash, yet the application may be expecting the usual Perl %ENV ++# magic. Blocking and warning avoids silent application breakage. The user can ++# untie or otherwise disable this, e.g. if the lost mutation is unimportant ++# and modifying the code to stop that mutation would be onerous. ++tie %main::ENV, 'PostgreSQL::InServer::WarnEnv', %ENV or die $!; +diff --git a/src/test/regress/regress.c b/src/test/regress/regress.c +index 8d0eec95a8..cedf794315 100644 +--- a/src/test/regress/regress.c ++++ b/src/test/regress/regress.c +@@ -16,6 +16,7 @@ + #include "executor/executor.h" + #include "executor/spi.h" + #include "miscadmin.h" ++#include "utils/array.h" + #include "utils/builtins.h" + #include "utils/geo_decls.h" + #include "utils/memutils.h" +@@ -38,6 +39,7 @@ extern char *reverse_name(char *string); + extern int oldstyle_length(int n, text *t); + extern Datum int44in(PG_FUNCTION_ARGS); + extern Datum int44out(PG_FUNCTION_ARGS); ++extern Datum get_environ(PG_FUNCTION_ARGS); + extern Datum regress_putenv(PG_FUNCTION_ARGS); + extern Datum wait_pid(PG_FUNCTION_ARGS); + +@@ -742,6 +744,31 @@ int44out(PG_FUNCTION_ARGS) + PG_RETURN_CSTRING(result); + } + ++PG_FUNCTION_INFO_V1(get_environ); ++ ++Datum ++get_environ(PG_FUNCTION_ARGS) ++{ ++ extern char **environ; ++ int nvals = 0; ++ ArrayType *result; ++ Datum *env; ++ char **s; ++ int i; ++ ++ for (s = environ; *s; s++) ++ nvals++; ++ ++ env = palloc(nvals * sizeof(Datum)); ++ ++ for (i = 0; i < nvals; i++) ++ env[i] = CStringGetTextDatum(environ[i]); ++ ++ result = construct_array(env, nvals, TEXTOID, -1, false, 'i'); ++ ++ PG_RETURN_POINTER(result); ++} ++ + PG_FUNCTION_INFO_V1(regress_putenv); + + Datum +-- +2.47.0 + + +From 00f9f611f09001c9f0f1d3d62bc5bbafb8418a11 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Mon, 11 Nov 2024 13:57:21 -0500 +Subject: [PATCH 2/2] Fix cross-version upgrade tests. + +TestUpgradeXversion knows how to make the main regression database's +references to pg_regress.so be version-independent. But it doesn't +do that for plperl's database, so that the C function added by +commit b7e3a52a8 is causing cross-version upgrade test failures. +Path of least resistance is to just drop the function at the end +of the new test. + +In <= v14, also take the opportunity to clean up the generated +test files. + +Security: CVE-2024-10979 +--- + src/pl/plperl/GNUmakefile | 1 + + src/pl/plperl/input/plperl_env.source | 3 +++ + src/pl/plperl/output/plperl_env.source | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/src/pl/plperl/GNUmakefile b/src/pl/plperl/GNUmakefile +index ebade79348..b136effdd5 100644 +--- a/src/pl/plperl/GNUmakefile ++++ b/src/pl/plperl/GNUmakefile +@@ -113,6 +113,7 @@ submake: + + clean distclean maintainer-clean: clean-lib + rm -f SPI.c Util.c $(OBJS) perlchunks.h plperl_opmask.h ++ rm -f sql/plperl_env.sql expected/plperl_env.out + rm -rf $(pg_regress_clean_files) + + else # can't build +diff --git a/src/pl/plperl/input/plperl_env.source b/src/pl/plperl/input/plperl_env.source +index 8fe526e1b8..49f03acb1d 100644 +--- a/src/pl/plperl/input/plperl_env.source ++++ b/src/pl/plperl/input/plperl_env.source +@@ -50,3 +50,6 @@ $$ + } + + $$ LANGUAGE plperl; ++ ++-- clean up to simplify cross-version upgrade testing ++DROP FUNCTION get_environ(); +diff --git a/src/pl/plperl/output/plperl_env.source b/src/pl/plperl/output/plperl_env.source +index 37b7e23d5c..ef75d5d555 100644 +--- a/src/pl/plperl/output/plperl_env.source ++++ b/src/pl/plperl/output/plperl_env.source +@@ -47,3 +47,5 @@ $$ + CONTEXT: PL/Perl anonymous code block + NOTICE: environ unaffected + CONTEXT: PL/Perl anonymous code block ++-- clean up to simplify cross-version upgrade testing ++DROP FUNCTION get_environ(); +-- +2.47.0 + diff --git a/postgresql.spec b/postgresql.spec index 76b428f3a42ca573347a4d63871a854bd3418a4c..c5176a1ba45e0dbb9364ba708e2dffb5fc769c2c 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -63,7 +63,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 9.2 Version: 9.2.24 -Release: 9%{?dist}.1 +Release: 9%{?dist}.2 # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -167,8 +167,15 @@ Patch21: postgresql-CVE-2022-1552.patch # Upstream commit: 18b585155a891784ca8985f595ebc0dde94e0d43 # BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2247169 Patch22: postgresql-CVE-2023-5869.patch + +# Backport fix for: CVE-2024-7348 +# Upstream commit: 79c7a7e29695a32fef2e65682be224b8d61ec972 +# Upstream commit: 1b85e65846aa16ede7aeddd67a9bd16ec73a18ae +# BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2303682 #add by uos Patch23: 0001-cve-fix-CVE-2024-7348.patch +Patch24: fix-cve-CVE-2024-10979.patch +Patch25: fix-cve-CVE-2024-10979-01.patch #end BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk help2man @@ -418,6 +425,8 @@ benchmarks. %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 +%patch25 -p1 # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -1215,6 +1224,9 @@ fi %endif %changelog +* Mon Dec 30 2024 zhuhongbo - 9.2.24-9.2 +- cve: fix CVE-2024-10979 + * Tue Nov 19 2024 zhuhongbo - 9.2.24-9.1 - cve: fix CVE-2024-7348