packages/postgresql-13
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

13.20

Browse Source
This commit is contained in:
Funda Wang 2025-03-12 10:25:43 +08:00
parent 04e7c6e5a1
commit c5a7fbe885
20 changed files with 586 additions and 382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored Normal file
View File

@ -0,0 +1,3 @@
*.pdf filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text

2
.lfsconfig Normal file
View File

@ -0,0 +1,2 @@
[lfs]
url = https://artlfs.openeuler.openatom.cn/src-openEuler/postgresql-13

108
CVE-2021-23214.patch
View File

@ -1,108 +0,0 @@
From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 8 Nov 2021 11:01:43 -0500
Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake.
The server collects up to a bufferload of data whenever it reads data
from the client socket. When SSL or GSS encryption is requested
during startup, any additional data received with the initial
request message remained in the buffer, and would be treated as
already-decrypted data once the encryption handshake completed.
Thus, a man-in-the-middle with the ability to inject data into the
TCP connection could stuff some cleartext data into the start of
a supposedly encryption-protected database session.
This could be abused to send faked SQL commands to the server,
although that would only work if the server did not demand any
authentication data. (However, a server relying on SSL certificate
authentication might well not do so.)
To fix, throw a protocol-violation error if the internal buffer
is not empty after the encryption handshake.
Our thanks to Jacob Champion for reporting this problem.
Security: CVE-2021-23214
---
src/backend/libpq/pqcomm.c | 12 ++++++++++++
src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++
src/include/libpq/libpq.h | 1 +
3 files changed, 37 insertions(+)
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
index ee2cd86866da..93f2e0b81d32 100644
--- a/src/backend/libpq/pqcomm.c
+++ b/src/backend/libpq/pqcomm.c
@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s)
}
}
+/* --------------------------------
+ * pq_buffer_has_data - is any buffered data available to read?
+ *
+ * This will *not* attempt to read more data.
+ * --------------------------------
+ */
+bool
+pq_buffer_has_data(void)
+{
+ return (PqRecvPointer < PqRecvLength);
+}
+
/* --------------------------------
* pq_startmsgread - begin reading a message from the client.
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 5775fc0c0910..1e0936e5b482 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
return STATUS_ERROR;
#endif
+ /*
+ * At this point we should have no data already buffered. If we do,
+ * it was received before we performed the SSL handshake, so it wasn't
+ * encrypted and indeed may have been injected by a man-in-the-middle.
+ * We report this case to the client.
+ */
+ if (pq_buffer_has_data())
+ ereport(FATAL,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("received unencrypted data after SSL request"),
+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+
/*
* regular startup packet, cancel, etc packet should follow, but not
* another SSL negotiation request, and a GSS request should only
@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
return STATUS_ERROR;
#endif
+ /*
+ * At this point we should have no data already buffered. If we do,
+ * it was received before we performed the GSS handshake, so it wasn't
+ * encrypted and indeed may have been injected by a man-in-the-middle.
+ * We report this case to the client.
+ */
+ if (pq_buffer_has_data())
+ ereport(FATAL,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("received unencrypted data after GSSAPI encryption request"),
+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+
/*
* regular startup packet, cancel, etc packet should follow, but not
* another GSS negotiation request, and an SSL request should only
diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
index b1152475ace5..54c5fa779773 100644
--- a/src/include/libpq/libpq.h
+++ b/src/include/libpq/libpq.h
@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen);
extern int pq_getbyte(void);
extern int pq_peekbyte(void);
extern int pq_getbyte_if_available(unsigned char *c);
+extern bool pq_buffer_has_data(void);
extern int pq_putbytes(const char *s, size_t len);
/*

123
CVE-2021-23222.patch
View File

@ -1,123 +0,0 @@
From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 8 Nov 2021 11:14:56 -0500
Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption
handshake.
libpq collects up to a bufferload of data whenever it reads data from
the socket. When SSL or GSS encryption is requested during startup,
any additional data received with the server's yes-or-no reply
remained in the buffer, and would be treated as already-decrypted data
once the encryption handshake completed. Thus, a man-in-the-middle
with the ability to inject data into the TCP connection could stuff
some cleartext data into the start of a supposedly encryption-protected
database session.
This could probably be abused to inject faked responses to the
client's first few queries, although other details of libpq's behavior
make that harder than it sounds. A different line of attack is to
exfiltrate the client's password, or other sensitive data that might
be sent early in the session. That has been shown to be possible with
a server vulnerable to CVE-2021-23214.
To fix, throw a protocol-violation error if the internal buffer
is not empty after the encryption handshake.
Our thanks to Jacob Champion for reporting this problem.
Security: CVE-2021-23222
---
doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++
src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index e26619e1b53d..b692648fca47 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional -->
and proceed without requesting <acronym>SSL</acronym>.
</para>
+ <para>
+ When <acronym>SSL</acronym> encryption can be performed, the server
+ is expected to send only the single <literal>S</literal> byte and then
+ wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
+ If additional bytes are available to read at this point, it likely
+ means that a man-in-the-middle is attempting to perform a
+ buffer-stuffing attack
+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
+ Frontends should be coded either to read exactly one byte from the
+ socket before turning the socket over to their SSL library, or to
+ treat it as a protocol violation if they find they have read additional
+ bytes.
+ </para>
+
<para>
An initial SSLRequest can also be used in a connection that is being
opened to send a CancelRequest message.
@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional -->
encryption.
</para>
+ <para>
+ When <acronym>GSSAPI</acronym> encryption can be performed, the server
+ is expected to send only the single <literal>G</literal> byte and then
+ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake.
+ If additional bytes are available to read at this point, it likely
+ means that a man-in-the-middle is attempting to perform a
+ buffer-stuffing attack
+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
+ Frontends should be coded either to read exactly one byte from the
+ socket before turning the socket over to their GSSAPI library, or to
+ treat it as a protocol violation if they find they have read additional
+ bytes.
+ </para>
+
<para>
An initial GSSENCRequest can also be used in a connection that is being
opened to send a CancelRequest message.
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index f80f4e98d8e0..57aee9518308 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn)
pollres = pqsecure_open_client(conn);
if (pollres == PGRES_POLLING_OK)
{
+ /*
+ * At this point we should have no data already buffered.
+ * If we do, it was received before we performed the SSL
+ * handshake, so it wasn't encrypted and indeed may have
+ * been injected by a man-in-the-middle.
+ */
+ if (conn->inCursor != conn->inEnd)
+ {
+ appendPQExpBufferStr(&conn->errorMessage,
+ libpq_gettext("received unencrypted data after SSL response\n"));
+ goto error_return;
+ }
+
/* SSL handshake done, ready to send startup packet */
conn->status = CONNECTION_MADE;
return PGRES_POLLING_WRITING;
@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn)
pollres = pqsecure_open_gss(conn);
if (pollres == PGRES_POLLING_OK)
{
+ /*
+ * At this point we should have no data already buffered.
+ * If we do, it was received before we performed the GSS
+ * handshake, so it wasn't encrypted and indeed may have
+ * been injected by a man-in-the-middle.
+ */
+ if (conn->inCursor != conn->inEnd)
+ {
+ appendPQExpBufferStr(&conn->errorMessage,
+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n"));
+ goto error_return;
+ }
+
/* All set for startup packet */
conn->status = CONNECTION_MADE;
return PGRES_POLLING_WRITING;

3
postgresql-12.22.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b
size 21305304

1
postgresql-12.22.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b postgresql-12.22.tar.bz2

BIN
postgresql-12.7.tar.bz2
View File

Binary file not shown.

1
postgresql-12.7.tar.bz2.sha256
View File

@ -1 +0,0 @@
8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 postgresql-12.7.tar.bz2

3
postgresql-13.20-US.pdf Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:038f5c5fc78c805e75176c440e38338029487ca664e275a6f37de0f9c1a33eff
size 13627275

3
postgresql-13.20.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288
size 21730844

1
postgresql-13.20.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 postgresql-13.20.tar.bz2

BIN
postgresql-13.3-US.pdf
View File

Binary file not shown.

66
postgresql-13.3-sw.patch Executable file
View File

@ -0,0 +1,66 @@
diff -Naur postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c
--- postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c 2022-09-16 11:31:15.100000000 +0800
+++ postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c 2022-09-16 11:32:01.060000000 +0800
@@ -41,7 +41,7 @@
#ifdef __i386__
#define BF_ASM 0 /* 1 */
#define BF_SCALE 1
-#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
+#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) || defined(__sw_64__)
#define BF_ASM 0
#define BF_SCALE 1
#else
diff -Naur postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h
--- postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h 1970-01-01 08:00:00.000000000 +0800
+++ postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h 2022-09-16 13:37:10.630000000 +0800
@@ -0,0 +1,26 @@
+/*-------------------------------------------------------------------------
+ *
+ * arch-arm.h
+ * Atomic operations considerations specific to ARM
+ *
+ * Portions Copyright (c) 2013-2020, PostgreSQL Global Development Group
+ *
+ * NOTES:
+ *
+ * src/include/port/atomics/arch-arm.h
+ *
+ *-------------------------------------------------------------------------
+ */
+
+/* intentionally no include guards, should only be included by atomics.h */
+#ifndef INSIDE_ATOMICS_H
+#error "should be included via atomics.h"
+#endif
+
+/*
+ * 64 bit atomics on ARM32 are implemented using kernel fallbacks and thus
+ * might be slow, so disable entirely. On ARM64 that problem doesn't exist.
+ */
+#if !defined(_sw_64__)
+#define PG_DISABLE_64_BIT_ATOMICS
+#endif /* __sw_64__ || __sw_64 */
diff -Naur postgresql-13.3.org/src/include/port/atomics.h postgresql-13.3.sw/src/include/port/atomics.h
--- postgresql-13.3.org/src/include/port/atomics.h 2022-09-16 11:31:15.640000000 +0800
+++ postgresql-13.3.sw/src/include/port/atomics.h 2022-09-16 13:36:15.370000000 +0800
@@ -68,6 +68,8 @@
#include "port/atomics/arch-arm.h"
#elif defined(__i386__) || defined(__i386) || defined(__x86_64__)
#include "port/atomics/arch-x86.h"
+#elif defined(__sw_64__)
+#include "port/atomics/arch-sw_64.h"
#elif defined(__ia64__) || defined(__ia64)
#include "port/atomics/arch-ia64.h"
#elif defined(__ppc__) || defined(__powerpc__) || defined(__ppc64__) || defined(__powerpc64__)
diff -Naur postgresql-13.3.org/src/include/storage/s_lock.h postgresql-13.3.sw/src/include/storage/s_lock.h
--- postgresql-13.3.org/src/include/storage/s_lock.h 2022-09-16 11:31:15.560000000 +0800
+++ postgresql-13.3.sw/src/include/storage/s_lock.h 2022-09-16 11:43:30.940000000 +0800
@@ -320,7 +320,7 @@
* We use the int-width variant of the builtin because it works on more chips
* than other widths.
*/
-#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64)
+#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64) || defined(__sw_64__) || defined(__sw_64)
#ifdef HAVE_GCC__SYNC_INT32_TAS
#define HAS_TEST_AND_SET

BIN
postgresql-13.3.tar.bz2
View File

Binary file not shown.

1
postgresql-13.3.tar.bz2.sha256
View File

@ -1 +0,0 @@
3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 postgresql-13.3.tar.bz2

408
postgresql-13.spec
View File

@ -1,6 +1,11 @@
%{!?beta:%global beta 0} %{!?beta:%global beta 0}
%{!?test:%global test 1} %{!?test:%global test 1}
%ifarch riscv64 loongarch64
# Fail to pass tests on riscv64
%{!?llvmjit:%global llvmjit 0}
%else
%{!?llvmjit:%global llvmjit 1} %{!?llvmjit:%global llvmjit 1}
%endif
%{!?external_libpq:%global external_libpq 0} %{!?external_libpq:%global external_libpq 0}
%{!?upgrade:%global upgrade 0} %{!?upgrade:%global upgrade 0}
%{!?plpython:%global plpython 0} %{!?plpython:%global plpython 0}
@ -17,26 +22,36 @@
%{!?pam:%global pam 1} %{!?pam:%global pam 1}
%{!?sdt:%global sdt 1} %{!?sdt:%global sdt 1}
%{!?selinux:%global selinux 1} %{!?selinux:%global selinux 1}
%ifarch sw_64
%{!?runselftest:%global runselftest 0}
%else
%{!?runselftest:%global runselftest 1} %{!?runselftest:%global runselftest 1}
%endif
%global _default_patch_flags --no-backup-if-mismatch %global _default_patch_flags --no-backup-if-mismatch
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
%global _privatelibs lib(pq|pgtypes|ecpg_compat|ecpg)\\.so*
%global __provides_exclude %{_privatelibs}
%global __requires_exclude %{_privatelibs}
Summary: PostgreSQL client programs Summary: PostgreSQL client programs
Name: postgresql-13 Name: postgresql-13
%global majorversion 13 %global majorversion 13
Version: %{majorversion}.3 Version: %{majorversion}.20
Release: 3 Release: 1
# The PostgreSQL license is very similar to other MIT licenses, but the OSI
# recognizes it as an independent license, so we do as well.
License: PostgreSQL License: PostgreSQL
Url: http://www.postgresql.org/ Url: http://www.postgresql.org/
%global prevmajorversion 12 %global prevmajorversion 12
%global prevversion %{prevmajorversion}.7 %global prevversion %{prevmajorversion}.22
%global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
%global precise_version %{?epoch:%epoch:}%version-%release %global precise_version %{?epoch:%epoch:}%version-%release
%global setup_version 8.5
%global setup_version 8.7
%global service_name postgresql.service %global service_name postgresql.service
Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
Source1: postgresql-%{version}-US.pdf Source1: postgresql-%{version}-US.pdf
Source2: generate-pdf.sh Source2: generate-pdf.sh
@ -45,9 +60,18 @@ Source4: Makefile.regress
Source9: postgresql.tmpfiles.d Source9: postgresql.tmpfiles.d
Source10: postgresql.pam Source10: postgresql.pam
Source11: postgresql-bashprofile Source11: postgresql-bashprofile
# git: https://github.com/devexp-db/postgresql-setup
Source12: https://github.com/devexp-db/postgresql-setup/releases/download/v%{setup_version}/postgresql-setup-%{setup_version}.tar.gz Source12: https://github.com/devexp-db/postgresql-setup/releases/download/v%{setup_version}/postgresql-setup-%{setup_version}.tar.gz
# Those here are just to enforce packagers check that the tarball was downloaded
# correctly. Also, this allows us check that packagers-only tarballs do not
# differ with publicly released ones.
Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256 Source16: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256
Source17: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2.sha256 Source17: https://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2.sha256
# Comments for these patches are in the patch files.
Patch1: rpm-pgsql.patch Patch1: rpm-pgsql.patch
Patch2: postgresql-logging.patch Patch2: postgresql-logging.patch
Patch5: postgresql-var-run-socket.patch Patch5: postgresql-var-run-socket.patch
@ -56,58 +80,79 @@ Patch8: postgresql-external-libpq.patch
Patch9: postgresql-server-pg_config.patch Patch9: postgresql-server-pg_config.patch
Patch10: postgresql-no-libecpg.patch Patch10: postgresql-no-libecpg.patch
Patch11: postgresql-datalayout-mismatch-on-s390.patch Patch11: postgresql-datalayout-mismatch-on-s390.patch
# https://github.com/postgres/postgres/commit/e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Patch15: postgresql-13.3-sw.patch
Patch12: CVE-2021-23214.patch Patch17: postgresql-pgcrypto-openssl3-tests.patch
# https://github.com/postgres/postgres/commit/844b3169204c28cd086c1b4fae4a2cbdd0540640
Patch13: CVE-2021-23222.patch
BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk BuildRequires: gcc
BuildRequires: perl(ExtUtils::Embed), perl-devel perl-generators readline-devel zlib-devel BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk
BuildRequires: systemd systemd-devel util-linux multilib-rpm-config BuildRequires: perl(ExtUtils::Embed), perl-devel
BuildRequires: perl-generators
BuildRequires: readline-devel zlib-devel
BuildRequires: systemd systemd-devel util-linux
BuildRequires: multilib-rpm-config
%if %external_libpq %if %external_libpq
BuildRequires: libpq-devel >= %version BuildRequires: libpq-devel >= %version
%endif %endif
BuildRequires: docbook-style-xsl BuildRequires: docbook-style-xsl
# postgresql-setup build requires
BuildRequires: m4 elinks docbook-utils help2man BuildRequires: m4 elinks docbook-utils help2man
%if %plpython %if %plpython
BuildRequires: python2-devel BuildRequires: python2-devel
%endif %endif
%if %plpython3 %if %plpython3
BuildRequires: python3-devel BuildRequires: python3-devel
%endif %endif
%if %pltcl %if %pltcl
BuildRequires: tcl-devel BuildRequires: tcl-devel
%endif %endif
%if %ssl %if %ssl
BuildRequires: openssl-devel BuildRequires: openssl-devel
%endif %endif
%if %kerberos %if %kerberos
BuildRequires: krb5-devel BuildRequires: krb5-devel
%endif %endif
%if %ldap %if %ldap
BuildRequires: openldap-devel BuildRequires: openldap-devel
%endif %endif
%if %nls %if %nls
BuildRequires: gettext >= 0.10.35 BuildRequires: gettext >= 0.10.35
%endif %endif
%if %uuid %if %uuid
BuildRequires: uuid-devel BuildRequires: uuid-devel
%endif %endif
%if %xml %if %xml
BuildRequires: libxml2-devel libxslt-devel BuildRequires: libxml2-devel libxslt-devel
%endif %endif
%if %pam %if %pam
BuildRequires: pam-devel BuildRequires: pam-devel
%endif %endif
%if %sdt %if %sdt
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
%endif %endif
%if %selinux %if %selinux
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
%endif %endif
%if %icu %if %icu
BuildRequires: libicu-devel BuildRequires: libicu-devel
%endif %endif
%global __provides_exclude_from %{_libdir}/pgsql %global __provides_exclude_from %{_libdir}/pgsql
%description %description
PostgreSQL is an advanced Object-Relational database management system (DBMS). PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to The base postgresql package contains the client programs that you'll need to
@ -117,39 +162,73 @@ PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package. postgresql-server sub-package.
%if ! %external_libpq
%package private-libs
Summary: The shared libraries required only for this build of PostgreSQL server
Group: Applications/Databases
# for /sbin/ldconfig
Requires(post): glibc
Requires(postun): glibc
%description private-libs
The postgresql-private-libs package provides the shared libraries for this
build of PostgreSQL server and plugins build with this version of server.
For shared libraries used by client packages that need to connect to a
PostgreSQL server, install libpq package instead.
%package private-devel
Summary: PostgreSQL development header files for this build of PostgreSQL server
Group: Development/Libraries
Requires: %{name}-private-libs%{?_isa} = %precise_version
# Conflict is desired here, a user must pick one or another
Conflicts: libpq-devel
%description private-devel
The postgresql-private-devel package contains the header files and libraries
needed to compile C or C++ applications which will directly interact
with a PostgreSQL database management server.
You need to install this package if you want to develop applications which
will interact with a PostgreSQL server.
%endif
%package server %package server
Summary: The programs needed to create and run a PostgreSQL server Summary: The programs needed to create and run a PostgreSQL server
Requires: %{name} = %precise_version Requires: %{name}%{?_isa} = %precise_version
Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/useradd
Requires: systemd Requires: systemd
%{?systemd_requires} %{?systemd_requires}
Provides: %{name}-server(:MODULE_COMPAT_%{majorversion}) Provides: %{name}-server(:MODULE_COMPAT_%{majorversion})
Provides: bundled(postgresql-13-setup) = %setup_version Provides: bundled(postgresql-setup) = %setup_version
conflicts: postgresql-server
%description server %description server
PostgreSQL is an advanced Object-Relational database management system (DBMS). PostgreSQL is an advanced Object-Relational database management system (DBMS).
The postgresql-server package contains the programs needed to create The postgresql-server package contains the programs needed to create
and run a PostgreSQL server, which will in turn allow you to create and run a PostgreSQL server, which will in turn allow you to create
and maintain PostgreSQL databases. and maintain PostgreSQL databases.
%package docs %package docs
Summary: Extra documentation for PostgreSQL Summary: Extra documentation for PostgreSQL
Requires: %{name} = %precise_version Requires: %{name}%{?_isa} = %precise_version
Provides: %{name}-doc = %precise_version Provides: %{name}-doc = %precise_version
conflicts: postgresql-docs
%description docs %description docs
The postgresql-docs package contains some additional documentation for The postgresql-docs package contains some additional documentation for
PostgreSQL. Currently, this includes the main documentation in PDF format PostgreSQL. Currently, this includes the main documentation in PDF format
and source files for the PostgreSQL tutorial. and source files for the PostgreSQL tutorial.
%package contrib %package contrib
Summary: Extension modules distributed with PostgreSQL Summary: Extension modules distributed with PostgreSQL
Requires: %{name} = %precise_version Requires: %{name}%{?_isa} = %precise_version
conflicts: postgresql-contrib
%description contrib %description contrib
The postgresql-contrib package contains various extension modules that are The postgresql-contrib package contains various extension modules that are
included in the PostgreSQL distribution. included in the PostgreSQL distribution.
%package server-devel %package server-devel
Summary: PostgreSQL development header files and libraries Summary: PostgreSQL development header files and libraries
%if %icu %if %icu
@ -158,7 +237,7 @@ Requires: libicu-devel
%if %kerberos %if %kerberos
Requires: krb5-devel Requires: krb5-devel
%endif %endif
conflicts: postgresql-server-devel
%description server-devel %description server-devel
The postgresql-server-devel package contains the header files and configuration The postgresql-server-devel package contains the header files and configuration
needed to compile PostgreSQL server extension. needed to compile PostgreSQL server extension.
@ -167,108 +246,118 @@ needed to compile PostgreSQL server extension.
Summary: Convenience RPM macros for build-time testing against PostgreSQL server Summary: Convenience RPM macros for build-time testing against PostgreSQL server
Requires: %{name}-server = %precise_version Requires: %{name}-server = %precise_version
BuildArch: noarch BuildArch: noarch
conflicts: postgresql-test-rpm-macros
%description test-rpm-macros %description test-rpm-macros
This package is meant to be added as BuildRequires: dependency of other packages This package is meant to be added as BuildRequires: dependency of other packages
that want to run build-time testsuite against running PostgreSQL server. that want to run build-time testsuite against running PostgreSQL server.
%package static %package static
Summary: Statically linked PostgreSQL libraries Summary: Statically linked PostgreSQL libraries
Requires: %{name}-server-devel = %precise_version Requires: %{name}-server-devel%{?_isa} = %precise_version
conflicts: postgresql-static
%description static %description static
Statically linked PostgreSQL libraries that do not have dynamically linked Statically linked PostgreSQL libraries that do not have dynamically linked
counterparts. counterparts.
%if %upgrade
%if %upgrade
%package upgrade %package upgrade
Summary: Support for upgrading from the previous major release of PostgreSQL Summary: Support for upgrading from the previous major release of PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
Provides: bundled(postgresql-server) = %prevversion Provides: bundled(postgresql-server) = %prevversion
conflicts: postgresql-upgrade
%description upgrade %description upgrade
The postgresql-upgrade package contains the pg_upgrade utility and supporting The postgresql-upgrade package contains the pg_upgrade utility and supporting
files needed for upgrading a PostgreSQL database from the previous major files needed for upgrading a PostgreSQL database from the previous major
version of PostgreSQL. version of PostgreSQL.
%package upgrade-devel %package upgrade-devel
Summary: Support for build of extensions required for upgrade process Summary: Support for build of extensions required for upgrade process
Requires: %{name}-upgrade = %precise_version Requires: %{name}-upgrade%{?_isa} = %precise_version
conflicts: postgresql-upgrade-devel
%description upgrade-devel %description upgrade-devel
The postgresql-devel package contains the header files and libraries The postgresql-devel package contains the header files and libraries
needed to compile C or C++ applications which are necessary in upgrade needed to compile C or C++ applications which are necessary in upgrade
process. process.
%endif %endif
%if %plperl
%if %plperl
%package plperl %package plperl
Summary: The Perl procedural language for PostgreSQL Summary: The Perl procedural language for PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
%if %runselftest %if %runselftest
BuildRequires: perl(Opcode) perl(Data::Dumper) BuildRequires: perl(Opcode)
BuildRequires: perl(Data::Dumper)
%endif %endif
conflicts: postgresql-plperl
%description plperl %description plperl
The postgresql-plperl package contains the PL/Perl procedural language, The postgresql-plperl package contains the PL/Perl procedural language,
which is an extension to the PostgreSQL database server. which is an extension to the PostgreSQL database server.
Install this if you want to write database functions in Perl. Install this if you want to write database functions in Perl.
%endif %endif
%if %plpython
%if %plpython
%package plpython %package plpython
Summary: The Python2 procedural language for PostgreSQL Summary: The Python2 procedural language for PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
Provides: %{name}-plpython2 = %precise_version Provides: %{name}-plpython2 = %precise_version
conflicts: postgresql-plpython
%description plpython %description plpython
The postgresql-plpython package contains the PL/Python procedural language, The postgresql-plpython package contains the PL/Python procedural language,
which is an extension to the PostgreSQL database server. which is an extension to the PostgreSQL database server.
Install this if you want to write database functions in Python 2. Install this if you want to write database functions in Python 2.
%endif %endif
%if %plpython3
%if %plpython3
%package plpython3 %package plpython3
Summary: The Python3 procedural language for PostgreSQL Summary: The Python3 procedural language for PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
conflicts: postgresql-plpython3
%description plpython3 %description plpython3
The postgresql-plpython3 package contains the PL/Python3 procedural language, The postgresql-plpython3 package contains the PL/Python3 procedural language,
which is an extension to the PostgreSQL database server. which is an extension to the PostgreSQL database server.
Install this if you want to write database functions in Python 3. Install this if you want to write database functions in Python 3.
%endif %endif
%if %pltcl
%if %pltcl
%package pltcl %package pltcl
Summary: The Tcl procedural language for PostgreSQL Summary: The Tcl procedural language for PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
conflicts: postgresql-pltcl
%description pltcl %description pltcl
The postgresql-pltcl package contains the PL/Tcl procedural language, The postgresql-pltcl package contains the PL/Tcl procedural language,
which is an extension to the PostgreSQL database server. which is an extension to the PostgreSQL database server.
Install this if you want to write database functions in Tcl. Install this if you want to write database functions in Tcl.
%endif %endif
%if %test
%if %test
%package test %package test
Summary: The test suite distributed with PostgreSQL Summary: The test suite distributed with PostgreSQL
Requires: %{name}-server = %precise_version Requires: %{name}-server%{?_isa} = %precise_version
Requires: %{name}-server-devel = %precise_version Requires: %{name}-server-devel%{?_isa} = %precise_version
conflicts: postgresql-test
%description test %description test
The postgresql-test package contains files needed for various tests for the The postgresql-test package contains files needed for various tests for the
PostgreSQL database management system, including regression tests and PostgreSQL database management system, including regression tests and
benchmarks. benchmarks.
%endif %endif
%if %llvmjit
%if %llvmjit
%package llvmjit %package llvmjit
Summary: Just-in-time compilation support for PostgreSQL Summary: Just-in-time compilation support for PostgreSQL
Requires: %{name}-server = %{version}-%{release} llvm => 5.0 Requires: %{name}-server%{?_isa} = %{version}-%{release}
Requires: llvm => 5.0
Provides: postgresql-llvmjit >= %{version}-%{release} Provides: postgresql-llvmjit >= %{version}-%{release}
BuildRequires: llvm-devel >= 5.0 clang-devel >= 5.0 BuildRequires: llvm-devel >= 5.0 clang-devel >= 5.0
conflicts: postgresql-llvmjit
%description llvmjit %description llvmjit
The postgresql-llvmjit package contains support for The postgresql-llvmjit package contains support for
just-in-time compiling parts of PostgreSQL queries. Using LLVM it just-in-time compiling parts of PostgreSQL queries. Using LLVM it
@ -285,33 +374,50 @@ goal of accelerating analytics queries.
%endif %endif
) )
%setup -q -a 12 -n postgresql-%{version} %setup -q -a 12 -n postgresql-%{version}
%patch1 -p1 %patch -P 1 -p1
%patch2 -p1 %patch -P 2 -p1
%patch5 -p1 %patch -P 5 -p1
%patch6 -p1 %patch -P 6 -p1
%if %external_libpq %if %external_libpq
%patch8 -p1 %patch -P 8 -p1
%else %else
%patch10 -p1 %patch -P 10 -p1
%endif %endif
%patch9 -p1 %patch -P 9 -p1
%patch11 -p1 %patch -P 11 -p1
%patch12 -p1 %ifarch sw_64
%patch13 -p1 %patch -P 15 -p1
%endif
%patch -P 17 -p1
# We used to run autoconf here, but there's no longer any real need to,
# since Postgres ships with a reasonably modern configure script.
cp -p %{SOURCE1} . cp -p %{SOURCE1} .
%if ! %external_libpq %if ! %external_libpq
%global private_soname private%{majorversion} %global private_soname private%{majorversion}
find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \; find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \;
%endif %endif
%if %upgrade %if %upgrade
tar xfj %{SOURCE3} tar xfj %{SOURCE3}
# libpq from this upgrade-only build is dropped and the libpq from the main
# version is used. Use the same major hack therefore.
%if ! %external_libpq %if ! %external_libpq
find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \; find . -type f -name Makefile -exec sed -i -e "s/SO_MAJOR_VERSION=\s\?\([0-9]\+\)/SO_MAJOR_VERSION= %{private_soname}-\1/" {} \;
%endif %endif
# apply once SOURCE3 is extracted
%endif %endif
# remove .gitignore files to ensure none get into the RPMs (bug #642210)
find . -type f -name .gitignore | xargs rm find . -type f -name .gitignore | xargs rm
%build %build
# fail quickly and obviously if user tries to build as root
%if %runselftest %if %runselftest
if [ x"`id -u`" = x0 ]; then if [ x"`id -u`" = x0 ]; then
echo "postgresql's regression tests fail if run as root." echo "postgresql's regression tests fail if run as root."
@ -320,6 +426,9 @@ find . -type f -name .gitignore | xargs rm
exit 1 exit 1
fi fi
%endif %endif
# Building postgresql-setup
cd postgresql-setup-%{setup_version} cd postgresql-setup-%{setup_version}
export pgsetup_cv_os_family=redhat export pgsetup_cv_os_family=redhat
%configure \ %configure \
@ -327,14 +436,28 @@ export pgsetup_cv_os_family=redhat
PGVERSION=%{version} \ PGVERSION=%{version} \
PGMAJORVERSION=%{majorversion} \ PGMAJORVERSION=%{majorversion} \
NAME_DEFAULT_PREV_SERVICE=postgresql NAME_DEFAULT_PREV_SERVICE=postgresql
make %{?_smp_mflags} make %{?_smp_mflags}
unset pgsetup_cv_os_family unset pgsetup_cv_os_family
cd .. cd ..
# Fiddling with CFLAGS.
CFLAGS="${CFLAGS:-%optflags}" CFLAGS="${CFLAGS:-%optflags}"
# Strip out -ffast-math from CFLAGS....
CFLAGS=`echo $CFLAGS|xargs -n 1|grep -v ffast-math|xargs -n 100` CFLAGS=`echo $CFLAGS|xargs -n 1|grep -v ffast-math|xargs -n 100`
export CFLAGS export CFLAGS
# plpython requires separate configure/build runs to build against python 2
# versus python 3. Our strategy is to do the python 3 run first, then make
# distclean and do it again for the "normal" build. Note that the installed
# Makefile.global will reflect the python 2 build, which seems appropriate
# since that's still considered the default plpython version.
common_configure_options=' common_configure_options='
--disable-rpath --disable-rpath
%ifarch riscv64 loongarch64
--disable-spinlocks
%endif
%if %beta %if %beta
--enable-debug --enable-debug
--enable-cassert --enable-cassert
@ -384,36 +507,64 @@ common_configure_options='
--with-llvm --with-llvm
%endif %endif
' '
%if %plpython3 %if %plpython3
export PYTHON=/usr/bin/python3 export PYTHON=/usr/bin/python3
# These configure options must match main build
%configure $common_configure_options \ %configure $common_configure_options \
--with-python --with-python
# Fortunately we don't need to build much except plpython itself.
%global python_subdirs \\\ %global python_subdirs \\\
src/pl/plpython \\\ src/pl/plpython \\\
contrib/hstore_plpython \\\ contrib/hstore_plpython \\\
contrib/jsonb_plpython \\\ contrib/jsonb_plpython \\\
contrib/ltree_plpython contrib/ltree_plpython
for dir in %python_subdirs; do for dir in %python_subdirs; do
%make_build -C "$dir" all %make_build -C "$dir" all
done done
# save built form in a directory that "make distclean" won't touch
for dir in %python_subdirs; do for dir in %python_subdirs; do
rm -rf "${dir}3" # shouldn't exist, unless --short-circuit rm -rf "${dir}3" # shouldn't exist, unless --short-circuit
cp -a "$dir" "${dir}3" cp -a "$dir" "${dir}3"
done done
# must also save this version of Makefile.global for later
cp src/Makefile.global src/Makefile.global.python3 cp src/Makefile.global src/Makefile.global.python3
make distclean make distclean
%endif # %%plpython3 %endif # %%plpython3
PYTHON=/usr/bin/python2 PYTHON=/usr/bin/python2
# Normal (python2) build begins here
%configure $common_configure_options \ %configure $common_configure_options \
%if %plpython %if %plpython
--with-python --with-python
%endif %endif
unset PYTHON unset PYTHON
%make_build world %make_build world
# Have to hack makefile to put correct path into tutorial scripts
sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile
make %{?_smp_mflags} -C src/tutorial NO_PGXS=1 all make %{?_smp_mflags} -C src/tutorial NO_PGXS=1 all
rm -f src/tutorial/GNUmakefile rm -f src/tutorial/GNUmakefile
# The object files shouldn't be copied to rpm bz#1187514
rm -f src/tutorial/*.o rm -f src/tutorial/*.o
# run_testsuite WHERE
# -------------------
# Run 'make check' in WHERE path. When that command fails, return the logs
# given by PostgreSQL build system and set 'test_failure=1'. This function
# never exits directly nor stops rpmbuild where `set -e` is enabled.
run_testsuite() run_testsuite()
{ {
make -k -C "$1" MAX_CONNECTIONS=5 check && return 0 || test_failure=1 make -k -C "$1" MAX_CONNECTIONS=5 check && return 0 || test_failure=1
@ -427,7 +578,9 @@ run_testsuite()
done done
) )
} }
test_failure=0 test_failure=0
%if %runselftest %if %runselftest
run_testsuite "src/test/regress" run_testsuite "src/test/regress"
make clean -C "src/test/regress" make clean -C "src/test/regress"
@ -437,6 +590,7 @@ test_failure=0
mv src/Makefile.global src/Makefile.global.save mv src/Makefile.global src/Makefile.global.save
cp src/Makefile.global.python3 src/Makefile.global cp src/Makefile.global.python3 src/Makefile.global
touch -r src/Makefile.global.save src/Makefile.global touch -r src/Makefile.global.save src/Makefile.global
for dir in %python_subdirs; do for dir in %python_subdirs; do
# because "make check" does "make install" on the whole tree, # because "make check" does "make install" on the whole tree,
# we must temporarily install *plpython3 dir as *plpython, # we must temporarily install *plpython3 dir as *plpython,
@ -444,37 +598,48 @@ test_failure=0
mv "$dir" "${dir}2" mv "$dir" "${dir}2"
mv "${dir}3" "$dir" mv "${dir}3" "$dir"
done done
for dir in %python_subdirs; do for dir in %python_subdirs; do
run_testsuite "$dir" run_testsuite "$dir"
done done
for dir in %python_subdirs; do for dir in %python_subdirs; do
# and clean up our mess # and clean up our mess
mv "$dir" "${dir}3" mv "$dir" "${dir}3"
mv "${dir}2" "${dir}" mv "${dir}2" "${dir}"
done done
mv -f src/Makefile.global.save src/Makefile.global mv -f src/Makefile.global.save src/Makefile.global
%endif %endif
run_testsuite "contrib" run_testsuite "contrib"
%endif %endif
# "assert(ALL_TESTS_OK)"
test "$test_failure" -eq 0 test "$test_failure" -eq 0
%if %test %if %test
# undo the "make clean" above # undo the "make clean" above
make all -C src/test/regress make all -C src/test/regress
%endif %endif
%if %upgrade %if %upgrade
pushd postgresql-%{prevversion} pushd postgresql-%{prevversion}
# The upgrade build can be pretty stripped-down, but make sure that # The upgrade build can be pretty stripped-down, but make sure that
# any options that affect on-disk file layout match the previous # any options that affect on-disk file layout match the previous
# major release! # major release!
# The set of built server modules here should ideally create superset # The set of built server modules here should ideally create superset
# of modules we used to ship in %%prevversion (in the installation # of modules we used to ship in %%prevversion (in the installation
# the user will upgrade from), including *-contrib or *-pl* # the user will upgrade from), including *-contrib or *-pl*
# subpackages. This increases chances that the upgrade from # subpackages. This increases chances that the upgrade from
# %%prevversion will work smoothly. # %%prevversion will work smoothly.
upgrade_configure () upgrade_configure ()
{ {
# Note we intentionally do not use %%configure here, because we *don't* want # Note we intentionally do not use %%configure here, because we *don't* want
# its ideas about installation paths. # its ideas about installation paths.
# The -fno-aggressive-loop-optimizations is hack for #993532 # The -fno-aggressive-loop-optimizations is hack for #993532
PYTHON="${PYTHON-/usr/bin/python2}" \ PYTHON="${PYTHON-/usr/bin/python2}" \
CFLAGS="$CFLAGS -fno-aggressive-loop-optimizations" ./configure \ CFLAGS="$CFLAGS -fno-aggressive-loop-optimizations" ./configure \
@ -482,6 +647,9 @@ upgrade_configure ()
--host=%{_host} \ --host=%{_host} \
--prefix=%prev_prefix \ --prefix=%prev_prefix \
--disable-rpath \ --disable-rpath \
%ifarch riscv64 loongarch64
--disable-spinlocks \
%endif
%if %beta %if %beta
--enable-debug \ --enable-debug \
--enable-cassert \ --enable-cassert \
@ -499,6 +667,7 @@ upgrade_configure ()
--with-system-tzdata=/usr/share/zoneinfo \ --with-system-tzdata=/usr/share/zoneinfo \
"$@" "$@"
} }
%if %plpython3 %if %plpython3
export PYTHON=/usr/bin/python3 export PYTHON=/usr/bin/python3
upgrade_configure --with-python upgrade_configure --with-python
@ -506,26 +675,34 @@ upgrade_configure ()
# Previous version doesn't necessarily have this. # Previous version doesn't necessarily have this.
test -d "$dir" || continue test -d "$dir" || continue
%make_build -C "$dir" all %make_build -C "$dir" all
# save aside the only one file which we are interested here # save aside the only one file which we are interested here
cp "$dir"/*plpython3.so ./ cp "$dir"/*plpython3.so ./
done done
unset PYTHON unset PYTHON
make distclean make distclean
%endif %endif
upgrade_configure \ upgrade_configure \
%if %plpython %if %plpython
--with-python --with-python
%endif %endif
make %{?_smp_mflags} all make %{?_smp_mflags} all
make -C contrib %{?_smp_mflags} all make -C contrib %{?_smp_mflags} all
popd popd
%endif # %%upgrade %endif # %%upgrade
%install %install
cd postgresql-setup-%{setup_version} cd postgresql-setup-%{setup_version}
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
cd .. cd ..
# For some reason, having '%%doc %%{_pkgdocdir}/README.rpm-dist' in %%files
# causes FTBFS (at least on RHEL6), see rhbz#1250006.
mv $RPM_BUILD_ROOT/%{_pkgdocdir}/README.rpm-dist ./ mv $RPM_BUILD_ROOT/%{_pkgdocdir}/README.rpm-dist ./
cat > $RPM_BUILD_ROOT%{_sysconfdir}/postgresql-setup/upgrade/postgresql.conf <<EOF cat > $RPM_BUILD_ROOT%{_sysconfdir}/postgresql-setup/upgrade/postgresql.conf <<EOF
id postgresql id postgresql
major %{prevmajorversion} major %{prevmajorversion}
@ -535,8 +712,22 @@ engine %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin
description "Upgrade data from system PostgreSQL version (PostgreSQL %{prevmajorversion})" description "Upgrade data from system PostgreSQL version (PostgreSQL %{prevmajorversion})"
redhat_sockets_hack no redhat_sockets_hack no
EOF EOF
make DESTDIR=$RPM_BUILD_ROOT install-world make DESTDIR=$RPM_BUILD_ROOT install-world
# We ship pg_config through libpq-devel
mv $RPM_BUILD_ROOT/%_mandir/man1/pg_{,server_}config.1 mv $RPM_BUILD_ROOT/%_mandir/man1/pg_{,server_}config.1
%if %external_libpq
rm $RPM_BUILD_ROOT/%_includedir/pg_config*.h
rm $RPM_BUILD_ROOT/%_includedir/libpq/libpq-fs.h
rm $RPM_BUILD_ROOT/%_includedir/postgres_ext.h
rm -r $RPM_BUILD_ROOT/%_includedir/pgsql/internal/
%else
ln -s pg_server_config $RPM_BUILD_ROOT/%_bindir/pg_config
rm $RPM_BUILD_ROOT/%{_libdir}/libpq.a
%endif
%if %plpython3 %if %plpython3
mv src/Makefile.global src/Makefile.global.save mv src/Makefile.global src/Makefile.global.save
cp src/Makefile.global.python3 src/Makefile.global cp src/Makefile.global.python3 src/Makefile.global
@ -546,27 +737,45 @@ mv $RPM_BUILD_ROOT/%_mandir/man1/pg_{,server_}config.1
done done
mv -f src/Makefile.global.save src/Makefile.global mv -f src/Makefile.global.save src/Makefile.global
%endif %endif
# make sure these directories exist even if we suppressed all contrib modules
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/contrib install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/contrib
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/extension install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/extension
# multilib header hack
for header in \ for header in \
%{_includedir}/pgsql/server/pg_config.h \ %{_includedir}/pgsql/server/pg_config.h \
%{_includedir}/pgsql/server/pg_config_ext.h %{_includedir}/pgsql/server/pg_config_ext.h
do do
%multilib_fix_c_header --file "$header" %multilib_fix_c_header --file "$header"
done done
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial install -d -m 755 $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial
cp -p src/tutorial/* $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial cp -p src/tutorial/* $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial
%if %pam %if %pam
install -d $RPM_BUILD_ROOT/etc/pam.d install -d $RPM_BUILD_ROOT/etc/pam.d
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postgresql install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postgresql
%endif %endif
# Create the directory for sockets.
install -d -m 755 $RPM_BUILD_ROOT%{?_localstatedir}/run/postgresql install -d -m 755 $RPM_BUILD_ROOT%{?_localstatedir}/run/postgresql
# ... and make a tmpfiles script to recreate it at reboot.
mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir} mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir}
install -m 0644 %{SOURCE9} $RPM_BUILD_ROOT%{_tmpfilesdir}/postgresql.conf install -m 0644 %{SOURCE9} $RPM_BUILD_ROOT%{_tmpfilesdir}/postgresql.conf
# PGDATA needs removal of group and world permissions due to pg_pwd hole.
install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/data install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/data
# backups of data go here...
install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/backups install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/backups
# postgres' .bash_profile
install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/.bash_profile install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/.bash_profile
rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1 rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
%if %upgrade %if %upgrade
pushd postgresql-%{prevversion} pushd postgresql-%{prevversion}
make DESTDIR=$RPM_BUILD_ROOT install make DESTDIR=$RPM_BUILD_ROOT install
@ -578,6 +787,7 @@ rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
done done
%endif %endif
popd popd
# remove stuff we don't actually need for upgrade purposes # remove stuff we don't actually need for upgrade purposes
pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/postgresql-%{prevmajorversion} pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/postgresql-%{prevmajorversion}
rm bin/clusterdb rm bin/clusterdb
@ -612,10 +822,12 @@ rm $RPM_BUILD_ROOT/%{_datadir}/man/man1/ecpg.1
rm share/extension/*.sql rm share/extension/*.sql
rm share/extension/*.control rm share/extension/*.control
popd popd
cat <<EOF > $RPM_BUILD_ROOT%macrosdir/macros.postgresql-upgrade cat <<EOF > $RPM_BUILD_ROOT%macrosdir/macros.%name-upgrade
%%postgresql_upgrade_prefix %prev_prefix %%postgresql_upgrade_prefix %prev_prefix
EOF EOF
%endif %endif
%if %test %if %test
# tests. There are many files included here that are unnecessary, # tests. There are many files included here that are unnecessary,
# but include them anyway for completeness. We replace the original # but include them anyway for completeness. We replace the original
@ -635,18 +847,24 @@ EOF
> $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile > $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile
chmod 0644 $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile chmod 0644 $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile
%endif %endif
rm -rf doc/html # HACK! allow 'rpmbuild -bi --short-circuit' rm -rf doc/html # HACK! allow 'rpmbuild -bi --short-circuit'
mv $RPM_BUILD_ROOT%{_docdir}/pgsql/html doc mv $RPM_BUILD_ROOT%{_docdir}/pgsql/html doc
rm -rf $RPM_BUILD_ROOT%{_docdir}/pgsql rm -rf $RPM_BUILD_ROOT%{_docdir}/pgsql
# remove files not to be packaged
rm $RPM_BUILD_ROOT%{_libdir}/libpgfeutils.a rm $RPM_BUILD_ROOT%{_libdir}/libpgfeutils.a
%if !%plperl %if !%plperl
rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plperl.so rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plperl.so
%endif %endif
%if !%plpython %if !%plpython
rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plpython2.so rm -f $RPM_BUILD_ROOT%{_bindir}/pgsql/hstore_plpython2.so
rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpythonu* rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpythonu*
rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpython2u* rm -f $RPM_BUILD_ROOT%{_datadir}/pgsql/extension/*_plpython2u*
%endif %endif
%if %nls %if %nls
find_lang_bins () find_lang_bins ()
{ {
@ -675,6 +893,7 @@ find_lang_bins plperl.lst plperl
find_lang_bins plpython.lst plpython find_lang_bins plpython.lst plpython
%endif %endif
%if %plpython3 %if %plpython3
# plpython3 shares message files with plpython
find_lang_bins plpython3.lst plpython find_lang_bins plpython3.lst plpython
%endif %endif
%if %pltcl %if %pltcl
@ -690,17 +909,21 @@ find_lang_bins pltcl.lst pltcl
%post server %post server
%systemd_post %service_name %systemd_post %service_name
%preun server %preun server
%systemd_preun %service_name %systemd_preun %service_name
%postun server %postun server
%systemd_postun_with_restart %service_name %systemd_postun_with_restart %service_name
%check %check
%if %runselftest %if %runselftest
make -C postgresql-setup-%{setup_version} check make -C postgresql-setup-%{setup_version} check
%endif %endif
# FILES sections.
%files -f main.lst %files -f main.lst
%doc doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO %doc doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO
%doc COPYRIGHT README HISTORY %doc COPYRIGHT README HISTORY
@ -733,6 +956,8 @@ make -C postgresql-setup-%{setup_version} check
%{_mandir}/man1/vacuumdb.* %{_mandir}/man1/vacuumdb.*
%{_mandir}/man7/* %{_mandir}/man7/*
%if %llvmjit %if %llvmjit
# Install bitcode directory along with the main package,
# so that extensions can use this dir.
%dir %{_libdir}/pgsql/bitcode %dir %{_libdir}/pgsql/bitcode
%endif %endif
%if ! %external_libpq %if ! %external_libpq
@ -744,6 +969,7 @@ make -C postgresql-setup-%{setup_version} check
%doc doc/html %doc doc/html
%{_libdir}/pgsql/tutorial/ %{_libdir}/pgsql/tutorial/
%files contrib -f contrib.lst %files contrib -f contrib.lst
%doc contrib/spi/*.example %doc contrib/spi/*.example
%{_bindir}/oid2name %{_bindir}/oid2name
@ -966,6 +1192,7 @@ make -C postgresql-setup-%{setup_version} check
%config(noreplace) /etc/pam.d/postgresql %config(noreplace) /etc/pam.d/postgresql
%endif %endif
%files server-devel -f devel.lst %files server-devel -f devel.lst
%{_bindir}/pg_server_config %{_bindir}/pg_server_config
%dir %{_datadir}/pgsql %dir %{_datadir}/pgsql
@ -973,26 +1200,43 @@ make -C postgresql-setup-%{setup_version} check
%dir %{_includedir}/pgsql %dir %{_includedir}/pgsql
%{_includedir}/pgsql/server %{_includedir}/pgsql/server
%{_libdir}/pgsql/pgxs/ %{_libdir}/pgsql/pgxs/
%{_includedir}/*
%{_libdir}/{pgsql/pgxs/}
%exclude %{_libdir}/pkgconfig/*.pc
%{_libdir}/{libecpg,libecpg_compat,libpgtypes,libpq}.so*
%{_libdir}/libpq.a
%{_mandir}/man1/pg_server_config.* %{_mandir}/man1/pg_server_config.*
%{_mandir}/man3/SPI_* %{_mandir}/man3/SPI_*
%{macrosdir}/macros.postgresql %{macrosdir}/macros.postgresql
%if ! %external_libpq
%files private-libs
%{_libdir}/libpq.so.*
%endif
%if ! %external_libpq
%files private-devel
%{_bindir}/pg_config
%{_includedir}/libpq-events.h
%{_includedir}/libpq-fe.h
%{_includedir}/postgres_ext.h
%{_includedir}/pgsql/internal/*.h
%{_includedir}/pgsql/internal/libpq/pqcomm.h
%{_includedir}/libpq/*.h
%{_libdir}/pkgconfig/*.pc
%{_libdir}/libpq.so
%{_includedir}/pg_config*.h
%endif
%files test-rpm-macros %files test-rpm-macros
%{_datadir}/postgresql-setup/postgresql_pkg_tests.sh %{_datadir}/postgresql-setup/postgresql_pkg_tests.sh
%{macrosdir}/macros.postgresql-test %{macrosdir}/macros.postgresql-test
%files static %files static
%{_libdir}/libpgcommon.a %{_libdir}/libpgcommon.a
%{_libdir}/libpgport.a %{_libdir}/libpgport.a
%{_libdir}/libpgcommon_shlib.a %{_libdir}/libpgcommon_shlib.a
%{_libdir}/libpgport_shlib.a %{_libdir}/libpgport_shlib.a
%if %upgrade
%if %upgrade
%files upgrade %files upgrade
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin
%exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config
@ -1001,60 +1245,66 @@ make -C postgresql-setup-%{setup_version} check
%exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig %exclude %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/share %{_libdir}/pgsql/postgresql-%{prevmajorversion}/share
%files upgrade-devel %files upgrade-devel
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config %{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin/pg_config
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/include %{_libdir}/pgsql/postgresql-%{prevmajorversion}/include
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pkgconfig
%{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pgxs %{_libdir}/pgsql/postgresql-%{prevmajorversion}/lib/pgxs
%{macrosdir}/macros.postgresql-upgrade %{macrosdir}/macros.%name-upgrade
%endif %endif
%if %llvmjit
%if %llvmjit
%files llvmjit %files llvmjit
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/pgsql/bitcode/* %{_libdir}/pgsql/bitcode/*
%{_libdir}/pgsql/llvmjit.so %{_libdir}/pgsql/llvmjit.so
%{_libdir}/pgsql/llvmjit_types.bc %{_libdir}/pgsql/llvmjit_types.bc
%endif %endif
%if %plperl
%if %plperl
%files plperl -f plperl.lst %files plperl -f plperl.lst
%{_datadir}/pgsql/extension/bool_plperl* %{_datadir}/pgsql/extension/bool_plperl*
%{_datadir}/pgsql/extension/plperl* %{_datadir}/pgsql/extension/plperl*
%{_libdir}/pgsql/bool_plperl.so %{_libdir}/pgsql/bool_plperl.so
%{_libdir}/pgsql/plperl.so %{_libdir}/pgsql/plperl.so
%endif %endif
%if %pltcl
%if %pltcl
%files pltcl -f pltcl.lst %files pltcl -f pltcl.lst
%{_datadir}/pgsql/extension/pltcl* %{_datadir}/pgsql/extension/pltcl*
%{_libdir}/pgsql/pltcl.so %{_libdir}/pgsql/pltcl.so
%endif %endif
%if %plpython
%if %plpython
%files plpython -f plpython.lst %files plpython -f plpython.lst
%{_datadir}/pgsql/extension/plpython2* %{_datadir}/pgsql/extension/plpython2*
%{_datadir}/pgsql/extension/plpythonu* %{_datadir}/pgsql/extension/plpythonu*
%{_libdir}/pgsql/plpython2.so %{_libdir}/pgsql/plpython2.so
%endif %endif
%if %plpython3
%if %plpython3
%files plpython3 -f plpython3.lst %files plpython3 -f plpython3.lst
%{_datadir}/pgsql/extension/plpython3* %{_datadir}/pgsql/extension/plpython3*
%{_libdir}/pgsql/plpython3.so %{_libdir}/pgsql/plpython3.so
%endif %endif
%if %test
%if %test
%files test %files test
%attr(-,postgres,postgres) %{_libdir}/pgsql/test %attr(-,postgres,postgres) %{_libdir}/pgsql/test
%endif %endif
%changelog
* Mon Mar 14 2022 wangkai <wangkai385@huawei.com> - %{majorversion}.3-3
- Fix CVE-2021-23214 CVE-2021-23222
* Thu Sep 16 2021 huanghaitao <huanghaitao8@huawei.com> - %{majorversion}.3-2 %changelog
* Thu Feb 20 2025 Funda Wang <fundawang@yeah.net> - 13.20-1
- update to 13.20
* Thu Sep 16 2021 huanghaitao <huanghaitao8@huawei.com> - 13.3-2
- Add __requires_exclude macros, delete redundant requirements - Add __requires_exclude macros, delete redundant requirements
* Tue Sep 14 2021 huanghaitao <huanghaitao8@huawei.com> - %{majorversion}.3-1 * Tue Sep 14 2021 huanghaitao <huanghaitao8@huawei.com> - 13.3-1
- package init - package init

6
postgresql-man.patch
View File

@ -6,8 +6,8 @@ RHBZ#948933).
diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src/sgml/man1/ecpg.1 diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src/sgml/man1/ecpg.1
--- postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 2020-11-09 23:38:03.000000000 +0100 --- postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 2020-11-09 23:38:03.000000000 +0100
+++ postgresql-13.1/doc/src/sgml/man1/ecpg.1 2020-11-18 09:26:40.547324791 +0100 +++ postgresql-13.1/doc/src/sgml/man1/ecpg.1 2020-11-18 09:26:40.547324791 +0100
@@ -81,6 +81,11 @@ ORACLE\&. @@ -86,6 +86,11 @@
Define a C preprocessor symbol\&. 1\&.
.RE .RE
.PP .PP
+\fB\-h \fR +\fB\-h \fR
@ -18,7 +18,7 @@ diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src
\fB\-h\fR \fB\-h\fR
.RS 4 .RS 4
Process header files\&. When this option is specified, the output file extension becomes Process header files\&. When this option is specified, the output file extension becomes
@@ -144,6 +149,11 @@ Allow question mark as placeholder for c @@ -149,6 +154,11 @@
.RE .RE
.RE .RE
.PP .PP

102
postgresql-pgcrypto-openssl3-tests.patch Normal file
View File

@ -0,0 +1,102 @@
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400
@@ -4,20 +4,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
- pgp_sym_decrypt
------------------
- Secret message.
-(1 row)
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400
@@ -594,13 +594,6 @@
(1 row)
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
- pgp_pub_decrypt
------------------
- Secret msg
-(1 row)
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
pgp_pub_decrypt
-----------------
diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile
--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400
@@ -5,7 +5,7 @@
INT_TESTS = sha2
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
-OSSL_TESTS = sha2 des 3des cast5
+OSSL_TESTS = sha2
ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED
@@ -49,12 +49,13 @@
pgcrypto--1.0--1.1.sql
PGFILEDESC = "pgcrypto - cryptographic functions"
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \
$(CF_TESTS) \
- crypt-des crypt-md5 crypt-blowfish crypt-xdes \
+ crypt-md5 \
pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
+#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \
EXTRA_CLEAN = gen-rtab
ifdef USE_PGXS
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400
@@ -5,16 +5,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400
@@ -606,9 +606,6 @@
from keytbl, encdata where keytbl.id=1 and encdata.id=1;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))

BIN
postgresql-setup-8.5.tar.gz
View File

Binary file not shown.

3
postgresql-setup-8.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1d674925d16951b7271c1ccacd17245c144c6203ce8191fc97326468e5a7fe17
size 153274