diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..c78b4a70e76b22a0d3104a44387cf95d842a12c1 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +*.pdf filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..f83b4bd3c768a40e6ef621c40db22be9d29c8b7f --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/postgresql-13 diff --git a/CVE-2021-23214.patch b/CVE-2021-23214.patch deleted file mode 100644 index 318c20132efd7583c20e7c3d6414223df56da572..0000000000000000000000000000000000000000 --- a/CVE-2021-23214.patch +++ /dev/null @@ -1,108 +0,0 @@ -From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:01:43 -0500 -Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake. - -The server collects up to a bufferload of data whenever it reads data -from the client socket. When SSL or GSS encryption is requested -during startup, any additional data received with the initial -request message remained in the buffer, and would be treated as -already-decrypted data once the encryption handshake completed. -Thus, a man-in-the-middle with the ability to inject data into the -TCP connection could stuff some cleartext data into the start of -a supposedly encryption-protected database session. - -This could be abused to send faked SQL commands to the server, -although that would only work if the server did not demand any -authentication data. (However, a server relying on SSL certificate -authentication might well not do so.) - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23214 ---- - src/backend/libpq/pqcomm.c | 12 ++++++++++++ - src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++ - src/include/libpq/libpq.h | 1 + - 3 files changed, 37 insertions(+) - -diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c -index ee2cd86866da..93f2e0b81d32 100644 ---- a/src/backend/libpq/pqcomm.c -+++ b/src/backend/libpq/pqcomm.c -@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) - } - } - -+/* -------------------------------- -+ * pq_buffer_has_data - is any buffered data available to read? -+ * -+ * This will *not* attempt to read more data. -+ * -------------------------------- -+ */ -+bool -+pq_buffer_has_data(void) -+{ -+ return (PqRecvPointer < PqRecvLength); -+} -+ - - /* -------------------------------- - * pq_startmsgread - begin reading a message from the client. -diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c -index 5775fc0c0910..1e0936e5b482 100644 ---- a/src/backend/postmaster/postmaster.c -+++ b/src/backend/postmaster/postmaster.c -@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the SSL handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after SSL request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another SSL negotiation request, and a GSS request should only -@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the GSS handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after GSSAPI encryption request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another GSS negotiation request, and an SSL request should only -diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h -index b1152475ace5..54c5fa779773 100644 ---- a/src/include/libpq/libpq.h -+++ b/src/include/libpq/libpq.h -@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen); - extern int pq_getbyte(void); - extern int pq_peekbyte(void); - extern int pq_getbyte_if_available(unsigned char *c); -+extern bool pq_buffer_has_data(void); - extern int pq_putbytes(const char *s, size_t len); - - /* diff --git a/CVE-2021-23222.patch b/CVE-2021-23222.patch deleted file mode 100644 index 0bd5ada95e7e5d55ff31c95837218655acb49754..0000000000000000000000000000000000000000 --- a/CVE-2021-23222.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:14:56 -0500 -Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption - handshake. - -libpq collects up to a bufferload of data whenever it reads data from -the socket. When SSL or GSS encryption is requested during startup, -any additional data received with the server's yes-or-no reply -remained in the buffer, and would be treated as already-decrypted data -once the encryption handshake completed. Thus, a man-in-the-middle -with the ability to inject data into the TCP connection could stuff -some cleartext data into the start of a supposedly encryption-protected -database session. - -This could probably be abused to inject faked responses to the -client's first few queries, although other details of libpq's behavior -make that harder than it sounds. A different line of attack is to -exfiltrate the client's password, or other sensitive data that might -be sent early in the session. That has been shown to be possible with -a server vulnerable to CVE-2021-23214. - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23222 ---- - doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ - src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 54 insertions(+) - -diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml -index e26619e1b53d..b692648fca47 100644 ---- a/doc/src/sgml/protocol.sgml -+++ b/doc/src/sgml/protocol.sgml -@@ -1471,6 +1471,20 @@ SELCT 1/0; - and proceed without requesting SSL. - - -+ -+ When SSL encryption can be performed, the server -+ is expected to send only the single S byte and then -+ wait for the frontend to initiate an SSL handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their SSL library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial SSLRequest can also be used in a connection that is being - opened to send a CancelRequest message. -@@ -1532,6 +1546,20 @@ SELCT 1/0; - encryption. - - -+ -+ When GSSAPI encryption can be performed, the server -+ is expected to send only the single G byte and then -+ wait for the frontend to initiate a GSSAPI handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their GSSAPI library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial GSSENCRequest can also be used in a connection that is being - opened to send a CancelRequest message. -diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c -index f80f4e98d8e0..57aee9518308 100644 ---- a/src/interfaces/libpq/fe-connect.c -+++ b/src/interfaces/libpq/fe-connect.c -@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_client(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the SSL -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after SSL response\n")); -+ goto error_return; -+ } -+ - /* SSL handshake done, ready to send startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; -@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_gss(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the GSS -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); -+ goto error_return; -+ } -+ - /* All set for startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; diff --git a/postgresql-12.22.tar.bz2 b/postgresql-12.22.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..dc3ab0b2cfbfde7f12ac4a59c12e60cf04635fcb --- /dev/null +++ b/postgresql-12.22.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b +size 21305304 diff --git a/postgresql-12.22.tar.bz2.sha256 b/postgresql-12.22.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..81a18f5baba652bc4d16e8e9790f4049b752e81b --- /dev/null +++ b/postgresql-12.22.tar.bz2.sha256 @@ -0,0 +1 @@ +8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b postgresql-12.22.tar.bz2 diff --git a/postgresql-12.7.tar.bz2 b/postgresql-12.7.tar.bz2 deleted file mode 100644 index 408ea5a5faed306c4aad3ae2d18d2932fc5cba5a..0000000000000000000000000000000000000000 Binary files a/postgresql-12.7.tar.bz2 and /dev/null differ diff --git a/postgresql-12.7.tar.bz2.sha256 b/postgresql-12.7.tar.bz2.sha256 deleted file mode 100644 index 7bbec0d68bb9caf613e4c5cea6dff3529a62ace3..0000000000000000000000000000000000000000 --- a/postgresql-12.7.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 postgresql-12.7.tar.bz2 diff --git a/postgresql-13.20-US.pdf b/postgresql-13.20-US.pdf new file mode 100644 index 0000000000000000000000000000000000000000..9aee2299c15e8f74dfd7fa55e6bd081c79755002 --- /dev/null +++ b/postgresql-13.20-US.pdf @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:038f5c5fc78c805e75176c440e38338029487ca664e275a6f37de0f9c1a33eff +size 13627275 diff --git a/postgresql-13.20.tar.bz2 b/postgresql-13.20.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..7dc2653fc705449a3428d0038e0e4350e8fcf7a9 --- /dev/null +++ b/postgresql-13.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +size 21730844 diff --git a/postgresql-13.20.tar.bz2.sha256 b/postgresql-13.20.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..020a3a4f73fa6f9e32ca377c81faa1cd18fb3825 --- /dev/null +++ b/postgresql-13.20.tar.bz2.sha256 @@ -0,0 +1 @@ +8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 postgresql-13.20.tar.bz2 diff --git a/postgresql-13.3-US.pdf b/postgresql-13.3-US.pdf deleted file mode 100644 index 542844ef03da4dc9cb1a4b9393c7fb783772e43c..0000000000000000000000000000000000000000 Binary files a/postgresql-13.3-US.pdf and /dev/null differ diff --git a/postgresql-13.3-sw.patch b/postgresql-13.3-sw.patch new file mode 100755 index 0000000000000000000000000000000000000000..8d60909a8931eb0f7c17fcb583ebf82081a8cf6d --- /dev/null +++ b/postgresql-13.3-sw.patch @@ -0,0 +1,66 @@ +diff -Naur postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c +--- postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c 2022-09-16 11:31:15.100000000 +0800 ++++ postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c 2022-09-16 11:32:01.060000000 +0800 +@@ -41,7 +41,7 @@ + #ifdef __i386__ + #define BF_ASM 0 /* 1 */ + #define BF_SCALE 1 +-#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) ++#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) || defined(__sw_64__) + #define BF_ASM 0 + #define BF_SCALE 1 + #else +diff -Naur postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h +--- postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h 1970-01-01 08:00:00.000000000 +0800 ++++ postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h 2022-09-16 13:37:10.630000000 +0800 +@@ -0,0 +1,26 @@ ++/*------------------------------------------------------------------------- ++ * ++ * arch-arm.h ++ * Atomic operations considerations specific to ARM ++ * ++ * Portions Copyright (c) 2013-2020, PostgreSQL Global Development Group ++ * ++ * NOTES: ++ * ++ * src/include/port/atomics/arch-arm.h ++ * ++ *------------------------------------------------------------------------- ++ */ ++ ++/* intentionally no include guards, should only be included by atomics.h */ ++#ifndef INSIDE_ATOMICS_H ++#error "should be included via atomics.h" ++#endif ++ ++/* ++ * 64 bit atomics on ARM32 are implemented using kernel fallbacks and thus ++ * might be slow, so disable entirely. On ARM64 that problem doesn't exist. ++ */ ++#if !defined(_sw_64__) ++#define PG_DISABLE_64_BIT_ATOMICS ++#endif /* __sw_64__ || __sw_64 */ +diff -Naur postgresql-13.3.org/src/include/port/atomics.h postgresql-13.3.sw/src/include/port/atomics.h +--- postgresql-13.3.org/src/include/port/atomics.h 2022-09-16 11:31:15.640000000 +0800 ++++ postgresql-13.3.sw/src/include/port/atomics.h 2022-09-16 13:36:15.370000000 +0800 +@@ -68,6 +68,8 @@ + #include "port/atomics/arch-arm.h" + #elif defined(__i386__) || defined(__i386) || defined(__x86_64__) + #include "port/atomics/arch-x86.h" ++#elif defined(__sw_64__) ++#include "port/atomics/arch-sw_64.h" + #elif defined(__ia64__) || defined(__ia64) + #include "port/atomics/arch-ia64.h" + #elif defined(__ppc__) || defined(__powerpc__) || defined(__ppc64__) || defined(__powerpc64__) +diff -Naur postgresql-13.3.org/src/include/storage/s_lock.h postgresql-13.3.sw/src/include/storage/s_lock.h +--- postgresql-13.3.org/src/include/storage/s_lock.h 2022-09-16 11:31:15.560000000 +0800 ++++ postgresql-13.3.sw/src/include/storage/s_lock.h 2022-09-16 11:43:30.940000000 +0800 +@@ -320,7 +320,7 @@ + * We use the int-width variant of the builtin because it works on more chips + * than other widths. + */ +-#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64) ++#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64) || defined(__sw_64__) || defined(__sw_64) + #ifdef HAVE_GCC__SYNC_INT32_TAS + #define HAS_TEST_AND_SET + diff --git a/postgresql-13.3.tar.bz2 b/postgresql-13.3.tar.bz2 deleted file mode 100644 index cd1774994fa0062d5650b2418ccf64c4e998c90e..0000000000000000000000000000000000000000 Binary files a/postgresql-13.3.tar.bz2 and /dev/null differ diff --git a/postgresql-13.3.tar.bz2.sha256 b/postgresql-13.3.tar.bz2.sha256 deleted file mode 100644 index 7898d34af591ae255a822e5d7fe86f61fad94682..0000000000000000000000000000000000000000 --- a/postgresql-13.3.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 postgresql-13.3.tar.bz2 diff --git a/postgresql-13.spec b/postgresql-13.spec index fb1bc3a67f50024aa1bf612a55fca2ab831c3607..3d577be0885acc68e881aedcb2a998f767b5272a 100644 --- a/postgresql-13.spec +++ b/postgresql-13.spec @@ -1,6 +1,11 @@ %{!?beta:%global beta 0} %{!?test:%global test 1} +%ifarch riscv64 loongarch64 +# Fail to pass tests on riscv64 +%{!?llvmjit:%global llvmjit 0} +%else %{!?llvmjit:%global llvmjit 1} +%endif %{!?external_libpq:%global external_libpq 0} %{!?upgrade:%global upgrade 0} %{!?plpython:%global plpython 0} @@ -17,97 +22,137 @@ %{!?pam:%global pam 1} %{!?sdt:%global sdt 1} %{!?selinux:%global selinux 1} +%ifarch sw_64 +%{!?runselftest:%global runselftest 0} +%else %{!?runselftest:%global runselftest 1} +%endif + %global _default_patch_flags --no-backup-if-mismatch + %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) -%global _privatelibs lib(pq|pgtypes|ecpg_compat|ecpg)\\.so* -%global __provides_exclude %{_privatelibs} -%global __requires_exclude %{_privatelibs} -Summary: PostgreSQL client programs -Name: postgresql-13 +Summary: PostgreSQL client programs +Name: postgresql-13 %global majorversion 13 -Version: %{majorversion}.3 -Release: 3 -License: PostgreSQL -Url: http://www.postgresql.org/ +Version: %{majorversion}.20 +Release: 1 + +# The PostgreSQL license is very similar to other MIT licenses, but the OSI +# recognizes it as an independent license, so we do as well. +License: PostgreSQL +Url: http://www.postgresql.org/ + %global prevmajorversion 12 -%global prevversion %{prevmajorversion}.7 +%global prevversion %{prevmajorversion}.22 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global precise_version %{?epoch:%epoch:}%version-%release -%global setup_version 8.5 + +%global setup_version 8.7 + %global service_name postgresql.service -Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 -Source1: postgresql-%{version}-US.pdf -Source2: generate-pdf.sh -Source3: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2 -Source4: Makefile.regress -Source9: postgresql.tmpfiles.d -Source10: postgresql.pam -Source11: postgresql-bashprofile -Source12: https://github.com/devexp-db/postgresql-setup/releases/download/v%{setup_version}/postgresql-setup-%{setup_version}.tar.gz -Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256 -Source17: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2.sha256 -Patch1: rpm-pgsql.patch -Patch2: postgresql-logging.patch -Patch5: postgresql-var-run-socket.patch -Patch6: postgresql-man.patch -Patch8: postgresql-external-libpq.patch -Patch9: postgresql-server-pg_config.patch -Patch10: postgresql-no-libecpg.patch -Patch11: postgresql-datalayout-mismatch-on-s390.patch -# https://github.com/postgres/postgres/commit/e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 -Patch12: CVE-2021-23214.patch -# https://github.com/postgres/postgres/commit/844b3169204c28cd086c1b4fae4a2cbdd0540640 -Patch13: CVE-2021-23222.patch -BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk -BuildRequires: perl(ExtUtils::Embed), perl-devel perl-generators readline-devel zlib-devel -BuildRequires: systemd systemd-devel util-linux multilib-rpm-config + +Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 +Source1: postgresql-%{version}-US.pdf +Source2: generate-pdf.sh +Source3: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2 +Source4: Makefile.regress +Source9: postgresql.tmpfiles.d +Source10: postgresql.pam +Source11: postgresql-bashprofile + + +# git: https://github.com/devexp-db/postgresql-setup +Source12: https://github.com/devexp-db/postgresql-setup/releases/download/v%{setup_version}/postgresql-setup-%{setup_version}.tar.gz + +# Those here are just to enforce packagers check that the tarball was downloaded +# correctly. Also, this allows us check that packagers-only tarballs do not +# differ with publicly released ones. +Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256 +Source17: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2.sha256 + +# Comments for these patches are in the patch files. +Patch1: rpm-pgsql.patch +Patch2: postgresql-logging.patch +Patch5: postgresql-var-run-socket.patch +Patch6: postgresql-man.patch +Patch8: postgresql-external-libpq.patch +Patch9: postgresql-server-pg_config.patch +Patch10: postgresql-no-libecpg.patch +Patch11: postgresql-datalayout-mismatch-on-s390.patch +Patch15: postgresql-13.3-sw.patch +Patch17: postgresql-pgcrypto-openssl3-tests.patch + + +BuildRequires: gcc +BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk +BuildRequires: perl(ExtUtils::Embed), perl-devel +BuildRequires: perl-generators +BuildRequires: readline-devel zlib-devel +BuildRequires: systemd systemd-devel util-linux +BuildRequires: multilib-rpm-config %if %external_libpq -BuildRequires: libpq-devel >= %version +BuildRequires: libpq-devel >= %version %endif -BuildRequires: docbook-style-xsl -BuildRequires: m4 elinks docbook-utils help2man +BuildRequires: docbook-style-xsl + +# postgresql-setup build requires +BuildRequires: m4 elinks docbook-utils help2man + %if %plpython -BuildRequires: python2-devel +BuildRequires: python2-devel %endif + %if %plpython3 -BuildRequires: python3-devel +BuildRequires: python3-devel %endif + %if %pltcl -BuildRequires: tcl-devel +BuildRequires: tcl-devel %endif + %if %ssl -BuildRequires: openssl-devel +BuildRequires: openssl-devel %endif + %if %kerberos -BuildRequires: krb5-devel +BuildRequires: krb5-devel %endif + %if %ldap -BuildRequires: openldap-devel +BuildRequires: openldap-devel %endif + %if %nls -BuildRequires: gettext >= 0.10.35 +BuildRequires: gettext >= 0.10.35 %endif + %if %uuid -BuildRequires: uuid-devel +BuildRequires: uuid-devel %endif + %if %xml -BuildRequires: libxml2-devel libxslt-devel +BuildRequires: libxml2-devel libxslt-devel %endif + %if %pam -BuildRequires: pam-devel +BuildRequires: pam-devel %endif + %if %sdt -BuildRequires: systemtap-sdt-devel +BuildRequires: systemtap-sdt-devel %endif + %if %selinux -BuildRequires: libselinux-devel +BuildRequires: libselinux-devel %endif + %if %icu -BuildRequires: libicu-devel +BuildRequires: libicu-devel %endif + %global __provides_exclude_from %{_libdir}/pgsql + %description PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to @@ -117,158 +162,202 @@ PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. +%if ! %external_libpq +%package private-libs +Summary: The shared libraries required only for this build of PostgreSQL server +Group: Applications/Databases +# for /sbin/ldconfig +Requires(post): glibc +Requires(postun): glibc + +%description private-libs +The postgresql-private-libs package provides the shared libraries for this +build of PostgreSQL server and plugins build with this version of server. +For shared libraries used by client packages that need to connect to a +PostgreSQL server, install libpq package instead. + + +%package private-devel +Summary: PostgreSQL development header files for this build of PostgreSQL server +Group: Development/Libraries +Requires: %{name}-private-libs%{?_isa} = %precise_version +# Conflict is desired here, a user must pick one or another +Conflicts: libpq-devel + +%description private-devel +The postgresql-private-devel package contains the header files and libraries +needed to compile C or C++ applications which will directly interact +with a PostgreSQL database management server. +You need to install this package if you want to develop applications which +will interact with a PostgreSQL server. +%endif + + %package server -Summary: The programs needed to create and run a PostgreSQL server -Requires: %{name} = %precise_version +Summary: The programs needed to create and run a PostgreSQL server +Requires: %{name}%{?_isa} = %precise_version Requires(pre): /usr/sbin/useradd -Requires: systemd +Requires: systemd %{?systemd_requires} -Provides: %{name}-server(:MODULE_COMPAT_%{majorversion}) -Provides: bundled(postgresql-13-setup) = %setup_version -conflicts: postgresql-server +Provides: %{name}-server(:MODULE_COMPAT_%{majorversion}) +Provides: bundled(postgresql-setup) = %setup_version + %description server PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql-server package contains the programs needed to create and run a PostgreSQL server, which will in turn allow you to create and maintain PostgreSQL databases. + %package docs -Summary: Extra documentation for PostgreSQL -Requires: %{name} = %precise_version -Provides: %{name}-doc = %precise_version -conflicts: postgresql-docs +Summary: Extra documentation for PostgreSQL +Requires: %{name}%{?_isa} = %precise_version +Provides: %{name}-doc = %precise_version + %description docs The postgresql-docs package contains some additional documentation for PostgreSQL. Currently, this includes the main documentation in PDF format and source files for the PostgreSQL tutorial. + %package contrib -Summary: Extension modules distributed with PostgreSQL -Requires: %{name} = %precise_version -conflicts: postgresql-contrib +Summary: Extension modules distributed with PostgreSQL +Requires: %{name}%{?_isa} = %precise_version + %description contrib The postgresql-contrib package contains various extension modules that are included in the PostgreSQL distribution. + %package server-devel -Summary: PostgreSQL development header files and libraries +Summary: PostgreSQL development header files and libraries %if %icu -Requires: libicu-devel +Requires: libicu-devel %endif %if %kerberos -Requires: krb5-devel +Requires: krb5-devel %endif -conflicts: postgresql-server-devel + %description server-devel The postgresql-server-devel package contains the header files and configuration needed to compile PostgreSQL server extension. %package test-rpm-macros -Summary: Convenience RPM macros for build-time testing against PostgreSQL server -Requires: %{name}-server = %precise_version -BuildArch: noarch -conflicts: postgresql-test-rpm-macros +Summary: Convenience RPM macros for build-time testing against PostgreSQL server +Requires: %{name}-server = %precise_version +BuildArch: noarch + %description test-rpm-macros This package is meant to be added as BuildRequires: dependency of other packages that want to run build-time testsuite against running PostgreSQL server. + %package static -Summary: Statically linked PostgreSQL libraries -Requires: %{name}-server-devel = %precise_version -conflicts: postgresql-static +Summary: Statically linked PostgreSQL libraries +Requires: %{name}-server-devel%{?_isa} = %precise_version + %description static Statically linked PostgreSQL libraries that do not have dynamically linked counterparts. -%if %upgrade + +%if %upgrade %package upgrade -Summary: Support for upgrading from the previous major release of PostgreSQL -Requires: %{name}-server = %precise_version -Provides: bundled(postgresql-server) = %prevversion -conflicts: postgresql-upgrade +Summary: Support for upgrading from the previous major release of PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version +Provides: bundled(postgresql-server) = %prevversion + %description upgrade The postgresql-upgrade package contains the pg_upgrade utility and supporting files needed for upgrading a PostgreSQL database from the previous major version of PostgreSQL. + %package upgrade-devel -Summary: Support for build of extensions required for upgrade process -Requires: %{name}-upgrade = %precise_version -conflicts: postgresql-upgrade-devel +Summary: Support for build of extensions required for upgrade process +Requires: %{name}-upgrade%{?_isa} = %precise_version + %description upgrade-devel The postgresql-devel package contains the header files and libraries needed to compile C or C++ applications which are necessary in upgrade process. %endif -%if %plperl + +%if %plperl %package plperl -Summary: The Perl procedural language for PostgreSQL -Requires: %{name}-server = %precise_version -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: The Perl procedural language for PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %if %runselftest -BuildRequires: perl(Opcode) perl(Data::Dumper) +BuildRequires: perl(Opcode) +BuildRequires: perl(Data::Dumper) %endif -conflicts: postgresql-plperl + %description plperl The postgresql-plperl package contains the PL/Perl procedural language, which is an extension to the PostgreSQL database server. Install this if you want to write database functions in Perl. %endif -%if %plpython + +%if %plpython %package plpython -Summary: The Python2 procedural language for PostgreSQL -Requires: %{name}-server = %precise_version -Provides: %{name}-plpython2 = %precise_version -conflicts: postgresql-plpython +Summary: The Python2 procedural language for PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version +Provides: %{name}-plpython2 = %precise_version + %description plpython The postgresql-plpython package contains the PL/Python procedural language, which is an extension to the PostgreSQL database server. Install this if you want to write database functions in Python 2. %endif -%if %plpython3 + +%if %plpython3 %package plpython3 -Summary: The Python3 procedural language for PostgreSQL -Requires: %{name}-server = %precise_version -conflicts: postgresql-plpython3 +Summary: The Python3 procedural language for PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version + %description plpython3 The postgresql-plpython3 package contains the PL/Python3 procedural language, which is an extension to the PostgreSQL database server. Install this if you want to write database functions in Python 3. %endif -%if %pltcl + +%if %pltcl %package pltcl -Summary: The Tcl procedural language for PostgreSQL -Requires: %{name}-server = %precise_version -conflicts: postgresql-pltcl +Summary: The Tcl procedural language for PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version + %description pltcl The postgresql-pltcl package contains the PL/Tcl procedural language, which is an extension to the PostgreSQL database server. Install this if you want to write database functions in Tcl. %endif -%if %test + +%if %test %package test -Summary: The test suite distributed with PostgreSQL -Requires: %{name}-server = %precise_version -Requires: %{name}-server-devel = %precise_version -conflicts: postgresql-test +Summary: The test suite distributed with PostgreSQL +Requires: %{name}-server%{?_isa} = %precise_version +Requires: %{name}-server-devel%{?_isa} = %precise_version + %description test The postgresql-test package contains files needed for various tests for the PostgreSQL database management system, including regression tests and benchmarks. %endif -%if %llvmjit +%if %llvmjit %package llvmjit -Summary: Just-in-time compilation support for PostgreSQL -Requires: %{name}-server = %{version}-%{release} llvm => 5.0 -Provides: postgresql-llvmjit >= %{version}-%{release} -BuildRequires: llvm-devel >= 5.0 clang-devel >= 5.0 -conflicts: postgresql-llvmjit +Summary: Just-in-time compilation support for PostgreSQL +Requires: %{name}-server%{?_isa} = %{version}-%{release} +Requires: llvm => 5.0 +Provides: postgresql-llvmjit >= %{version}-%{release} +BuildRequires: llvm-devel >= 5.0 clang-devel >= 5.0 + %description llvmjit The postgresql-llvmjit package contains support for just-in-time compiling parts of PostgreSQL queries. Using LLVM it @@ -285,33 +374,50 @@ goal of accelerating analytics queries. %endif ) %setup -q -a 12 -n postgresql-%{version} -%patch1 -p1 -%patch2 -p1 -%patch5 -p1 -%patch6 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 %if %external_libpq -%patch8 -p1 +%patch -P 8 -p1 %else -%patch10 -p1 +%patch -P 10 -p1 +%endif +%patch -P 9 -p1 +%patch -P 11 -p1 +%ifarch sw_64 +%patch -P 15 -p1 %endif -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 +%patch -P 17 -p1 + +# We used to run autoconf here, but there's no longer any real need to, +# since Postgres ships with a reasonably modern configure script. + cp -p %{SOURCE1} . + %if ! %external_libpq %global private_soname private%{majorversion} find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \; %endif + %if %upgrade tar xfj %{SOURCE3} + +# libpq from this upgrade-only build is dropped and the libpq from the main +# version is used. Use the same major hack therefore. %if ! %external_libpq find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \; %endif + +# apply once SOURCE3 is extracted %endif + +# remove .gitignore files to ensure none get into the RPMs (bug #642210) find . -type f -name .gitignore | xargs rm + %build +# fail quickly and obviously if user tries to build as root %if %runselftest if [ x"`id -u`" = x0 ]; then echo "postgresql's regression tests fail if run as root." @@ -320,6 +426,9 @@ find . -type f -name .gitignore | xargs rm exit 1 fi %endif + +# Building postgresql-setup + cd postgresql-setup-%{setup_version} export pgsetup_cv_os_family=redhat %configure \ @@ -327,14 +436,28 @@ export pgsetup_cv_os_family=redhat PGVERSION=%{version} \ PGMAJORVERSION=%{majorversion} \ NAME_DEFAULT_PREV_SERVICE=postgresql + make %{?_smp_mflags} unset pgsetup_cv_os_family cd .. + +# Fiddling with CFLAGS. + CFLAGS="${CFLAGS:-%optflags}" +# Strip out -ffast-math from CFLAGS.... CFLAGS=`echo $CFLAGS|xargs -n 1|grep -v ffast-math|xargs -n 100` export CFLAGS + +# plpython requires separate configure/build runs to build against python 2 +# versus python 3. Our strategy is to do the python 3 run first, then make +# distclean and do it again for the "normal" build. Note that the installed +# Makefile.global will reflect the python 2 build, which seems appropriate +# since that's still considered the default plpython version. common_configure_options=' --disable-rpath +%ifarch riscv64 loongarch64 + --disable-spinlocks +%endif %if %beta --enable-debug --enable-cassert @@ -384,36 +507,64 @@ common_configure_options=' --with-llvm %endif ' + %if %plpython3 + export PYTHON=/usr/bin/python3 + +# These configure options must match main build %configure $common_configure_options \ --with-python + +# Fortunately we don't need to build much except plpython itself. %global python_subdirs \\\ src/pl/plpython \\\ contrib/hstore_plpython \\\ contrib/jsonb_plpython \\\ contrib/ltree_plpython + for dir in %python_subdirs; do %make_build -C "$dir" all done + +# save built form in a directory that "make distclean" won't touch for dir in %python_subdirs; do rm -rf "${dir}3" # shouldn't exist, unless --short-circuit cp -a "$dir" "${dir}3" done + +# must also save this version of Makefile.global for later cp src/Makefile.global src/Makefile.global.python3 + make distclean + %endif # %%plpython3 + PYTHON=/usr/bin/python2 + +# Normal (python2) build begins here %configure $common_configure_options \ %if %plpython --with-python %endif + unset PYTHON + %make_build world + +# Have to hack makefile to put correct path into tutorial scripts sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile make %{?_smp_mflags} -C src/tutorial NO_PGXS=1 all rm -f src/tutorial/GNUmakefile + +# The object files shouldn't be copied to rpm bz#1187514 rm -f src/tutorial/*.o + +# run_testsuite WHERE +# ------------------- +# Run 'make check' in WHERE path. When that command fails, return the logs +# given by PostgreSQL build system and set 'test_failure=1'. This function +# never exits directly nor stops rpmbuild where `set -e` is enabled. run_testsuite() { make -k -C "$1" MAX_CONNECTIONS=5 check && return 0 || test_failure=1 @@ -427,7 +578,9 @@ run_testsuite() done ) } + test_failure=0 + %if %runselftest run_testsuite "src/test/regress" make clean -C "src/test/regress" @@ -437,6 +590,7 @@ test_failure=0 mv src/Makefile.global src/Makefile.global.save cp src/Makefile.global.python3 src/Makefile.global touch -r src/Makefile.global.save src/Makefile.global + for dir in %python_subdirs; do # because "make check" does "make install" on the whole tree, # we must temporarily install *plpython3 dir as *plpython, @@ -444,37 +598,48 @@ test_failure=0 mv "$dir" "${dir}2" mv "${dir}3" "$dir" done + for dir in %python_subdirs; do run_testsuite "$dir" done + for dir in %python_subdirs; do # and clean up our mess mv "$dir" "${dir}3" mv "${dir}2" "${dir}" done + mv -f src/Makefile.global.save src/Makefile.global %endif run_testsuite "contrib" %endif + +# "assert(ALL_TESTS_OK)" test "$test_failure" -eq 0 + %if %test # undo the "make clean" above make all -C src/test/regress %endif + %if %upgrade pushd postgresql-%{prevversion} + # The upgrade build can be pretty stripped-down, but make sure that # any options that affect on-disk file layout match the previous # major release! + # The set of built server modules here should ideally create superset # of modules we used to ship in %%prevversion (in the installation # the user will upgrade from), including *-contrib or *-pl* # subpackages. This increases chances that the upgrade from # %%prevversion will work smoothly. + upgrade_configure () { # Note we intentionally do not use %%configure here, because we *don't* want # its ideas about installation paths. + # The -fno-aggressive-loop-optimizations is hack for #993532 PYTHON="${PYTHON-/usr/bin/python2}" \ CFLAGS="$CFLAGS -fno-aggressive-loop-optimizations" ./configure \ @@ -482,6 +647,9 @@ upgrade_configure () --host=%{_host} \ --prefix=%prev_prefix \ --disable-rpath \ +%ifarch riscv64 loongarch64 + --disable-spinlocks \ +%endif %if %beta --enable-debug \ --enable-cassert \ @@ -499,6 +667,7 @@ upgrade_configure () --with-system-tzdata=/usr/share/zoneinfo \ "$@" } + %if %plpython3 export PYTHON=/usr/bin/python3 upgrade_configure --with-python @@ -506,26 +675,34 @@ upgrade_configure () # Previous version doesn't necessarily have this. test -d "$dir" || continue %make_build -C "$dir" all + # save aside the only one file which we are interested here cp "$dir"/*plpython3.so ./ done unset PYTHON make distclean %endif + upgrade_configure \ %if %plpython --with-python %endif + make %{?_smp_mflags} all make -C contrib %{?_smp_mflags} all popd %endif # %%upgrade + %install cd postgresql-setup-%{setup_version} make install DESTDIR=$RPM_BUILD_ROOT cd .. + +# For some reason, having '%%doc %%{_pkgdocdir}/README.rpm-dist' in %%files +# causes FTBFS (at least on RHEL6), see rhbz#1250006. mv $RPM_BUILD_ROOT/%{_pkgdocdir}/README.rpm-dist ./ + cat > $RPM_BUILD_ROOT%{_sysconfdir}/postgresql-setup/upgrade/postgresql.conf < $RPM_BUILD_ROOT%macrosdir/macros.postgresql-upgrade + cat < $RPM_BUILD_ROOT%macrosdir/macros.%name-upgrade %%postgresql_upgrade_prefix %prev_prefix EOF %endif + + %if %test # tests. There are many files included here that are unnecessary, # but include them anyway for completeness. We replace the original @@ -635,18 +847,24 @@ EOF > $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile chmod 0644 $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile %endif + rm -rf doc/html # HACK! allow 'rpmbuild -bi --short-circuit' mv $RPM_BUILD_ROOT%{_docdir}/pgsql/html doc rm -rf $RPM_BUILD_ROOT%{_docdir}/pgsql + +# remove files not to be packaged rm $RPM_BUILD_ROOT%{_libdir}/libpgfeutils.a + %if !%plperl rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plperl.so %endif + %if !%plpython rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plpython2.so rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpythonu* rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpython2u* %endif + %if %nls find_lang_bins () { @@ -675,6 +893,7 @@ find_lang_bins plperl.lst plperl find_lang_bins plpython.lst plpython %endif %if %plpython3 +# plpython3 shares message files with plpython find_lang_bins plpython3.lst plpython %endif %if %pltcl @@ -690,17 +909,21 @@ find_lang_bins pltcl.lst pltcl %post server %systemd_post %service_name + %preun server %systemd_preun %service_name + %postun server %systemd_postun_with_restart %service_name + %check %if %runselftest make -C postgresql-setup-%{setup_version} check %endif +# FILES sections. %files -f main.lst %doc doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO %doc COPYRIGHT README HISTORY @@ -733,6 +956,8 @@ make -C postgresql-setup-%{setup_version} check %{_mandir}/man1/vacuumdb.* %{_mandir}/man7/* %if %llvmjit +# Install bitcode directory along with the main package, +# so that extensions can use this dir. %dir %{_libdir}/pgsql/bitcode %endif %if ! %external_libpq @@ -744,6 +969,7 @@ make -C postgresql-setup-%{setup_version} check %doc doc/html %{_libdir}/pgsql/tutorial/ + %files contrib -f contrib.lst %doc contrib/spi/*.example %{_bindir}/oid2name @@ -966,6 +1192,7 @@ make -C postgresql-setup-%{setup_version} check %config(noreplace) /etc/pam.d/postgresql %endif + %files server-devel -f devel.lst %{_bindir}/pg_server_config %dir %{_datadir}/pgsql @@ -973,26 +1200,43 @@ make -C postgresql-setup-%{setup_version} check %dir %{_includedir}/pgsql %{_includedir}/pgsql/server %{_libdir}/pgsql/pgxs/ -%{_includedir}/* -%{_libdir}/{pgsql/pgxs/} -%exclude %{_libdir}/pkgconfig/*.pc -%{_libdir}/{libecpg,libecpg_compat,libpgtypes,libpq}.so* -%{_libdir}/libpq.a %{_mandir}/man1/pg_server_config.* %{_mandir}/man3/SPI_* %{macrosdir}/macros.postgresql +%if ! %external_libpq +%files private-libs +%{_libdir}/libpq.so.* +%endif + +%if ! %external_libpq +%files private-devel +%{_bindir}/pg_config +%{_includedir}/libpq-events.h +%{_includedir}/libpq-fe.h +%{_includedir}/postgres_ext.h +%{_includedir}/pgsql/internal/*.h +%{_includedir}/pgsql/internal/libpq/pqcomm.h +%{_includedir}/libpq/*.h +%{_libdir}/pkgconfig/*.pc +%{_libdir}/libpq.so +%{_includedir}/pg_config*.h +%endif + + %files test-rpm-macros %{_datadir}/postgresql-setup/postgresql_pkg_tests.sh %{macrosdir}/macros.postgresql-test + %files static %{_libdir}/libpgcommon.a %{_libdir}/libpgport.a %{_libdir}/libpgcommon_shlib.a %{_libdir}/libpgport_shlib.a -%if %upgrade + +%if %upgrade %files upgrade %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config @@ -1001,60 +1245,66 @@ make -C postgresql-setup-%{setup_version} check %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig %{_libdir}/pgsql/postgresql-%{prevmajorversion}/share + %files upgrade-devel %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config %{_libdir}/pgsql/postgresql-%{prevmajorversion}/include %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pgxs -%{macrosdir}/macros.postgresql-upgrade +%{macrosdir}/macros.%name-upgrade %endif -%if %llvmjit +%if %llvmjit %files llvmjit %defattr(-,root,root) %{_libdir}/pgsql/bitcode/* %{_libdir}/pgsql/llvmjit.so %{_libdir}/pgsql/llvmjit_types.bc %endif -%if %plperl +%if %plperl %files plperl -f plperl.lst %{_datadir}/pgsql/extension/bool_plperl* %{_datadir}/pgsql/extension/plperl* %{_libdir}/pgsql/bool_plperl.so %{_libdir}/pgsql/plperl.so %endif -%if %pltcl + +%if %pltcl %files pltcl -f pltcl.lst %{_datadir}/pgsql/extension/pltcl* %{_libdir}/pgsql/pltcl.so %endif -%if %plpython + +%if %plpython %files plpython -f plpython.lst %{_datadir}/pgsql/extension/plpython2* %{_datadir}/pgsql/extension/plpythonu* %{_libdir}/pgsql/plpython2.so %endif -%if %plpython3 + +%if %plpython3 %files plpython3 -f plpython3.lst %{_datadir}/pgsql/extension/plpython3* %{_libdir}/pgsql/plpython3.so %endif -%if %test + +%if %test %files test %attr(-,postgres,postgres) %{_libdir}/pgsql/test %endif + %changelog -* Mon Mar 14 2022 wangkai - %{majorversion}.3-3 -- Fix CVE-2021-23214 CVE-2021-23222 +* Thu Feb 20 2025 Funda Wang - 13.20-1 +- update to 13.20 -* Thu Sep 16 2021 huanghaitao - %{majorversion}.3-2 +* Thu Sep 16 2021 huanghaitao - 13.3-2 - Add __requires_exclude macros, delete redundant requirements -* Tue Sep 14 2021 huanghaitao - %{majorversion}.3-1 +* Tue Sep 14 2021 huanghaitao - 13.3-1 - package init diff --git a/postgresql-man.patch b/postgresql-man.patch index 6b0ed00b807a552d1c6358d21110491ea29a29b9..789fb79e7d4d9d7c45abd0f25cb9309cccb71c1b 100644 --- a/postgresql-man.patch +++ b/postgresql-man.patch @@ -6,8 +6,8 @@ RHBZ#948933). diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src/sgml/man1/ecpg.1 --- postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 2020-11-09 23:38:03.000000000 +0100 +++ postgresql-13.1/doc/src/sgml/man1/ecpg.1 2020-11-18 09:26:40.547324791 +0100 -@@ -81,6 +81,11 @@ ORACLE\&. - Define a C preprocessor symbol\&. +@@ -86,6 +86,11 @@ + 1\&. .RE .PP +\fB\-h \fR @@ -18,7 +18,7 @@ diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src \fB\-h\fR .RS 4 Process header files\&. When this option is specified, the output file extension becomes -@@ -144,6 +149,11 @@ Allow question mark as placeholder for c +@@ -149,6 +154,11 @@ .RE .RE .PP diff --git a/postgresql-pgcrypto-openssl3-tests.patch b/postgresql-pgcrypto-openssl3-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..16399a4efdc02b532c88f285978720b0be443d85 --- /dev/null +++ b/postgresql-pgcrypto-openssl3-tests.patch @@ -0,0 +1,102 @@ +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400 +@@ -4,20 +4,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- pgp_sym_decrypt +------------------ +- Secret message. +-(1 row) +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400 +@@ -594,13 +594,6 @@ + (1 row) + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- pgp_pub_decrypt +------------------ +- Secret msg +-(1 row) +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + pgp_pub_decrypt + ----------------- +diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile +--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400 +@@ -5,7 +5,7 @@ + INT_TESTS = sha2 + + OSSL_SRCS = openssl.c pgp-mpi-openssl.c +-OSSL_TESTS = sha2 des 3des cast5 ++OSSL_TESTS = sha2 + + ZLIB_TST = pgp-compression + ZLIB_OFF_TST = pgp-zlib-DISABLED +@@ -49,12 +49,13 @@ + pgcrypto--1.0--1.1.sql + PGFILEDESC = "pgcrypto - cryptographic functions" + +-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ ++REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \ + $(CF_TESTS) \ +- crypt-des crypt-md5 crypt-blowfish crypt-xdes \ ++ crypt-md5 \ + pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \ + pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info + ++#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \ + EXTRA_CLEAN = gen-rtab + + ifdef USE_PGXS +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400 +@@ -5,16 +5,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400 +@@ -606,9 +606,6 @@ + from keytbl, encdata where keytbl.id=1 and encdata.id=1; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) diff --git a/postgresql-setup-8.5.tar.gz b/postgresql-setup-8.5.tar.gz deleted file mode 100644 index d7b376cb9caeb351a35197c9a0af2546b50c130f..0000000000000000000000000000000000000000 Binary files a/postgresql-setup-8.5.tar.gz and /dev/null differ diff --git a/postgresql-setup-8.7.tar.gz b/postgresql-setup-8.7.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..76e36be6ade6968b87953acfac6d690b207a38d6 --- /dev/null +++ b/postgresql-setup-8.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d674925d16951b7271c1ccacd17245c144c6203ce8191fc97326468e5a7fe17 +size 153274