upgrade libpq to 13.7,fix CVE-2021-32027,CVE-2022-1552
This commit is contained in:
duyiwei
parent
a40a906bfd
commit
1e989f65f9
@ -7,11 +7,11 @@ directory whose path happens to include "postgres" or "pgsql" already.
|
||||
However, datadir and sysconfdir are already set up in the specfile's
|
||||
configure call, so we do not have to append anything to them.
|
||||
|
||||
|
||||
diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Makefile.global.in
|
||||
--- postgresql-9.0.1.orig/src/Makefile.global.in 2010-10-01 10:25:44.000000000 -0400
|
||||
+++ postgresql-9.0.1/src/Makefile.global.in 2010-10-11 11:52:05.224975308 -0400
|
||||
@@ -55,8 +55,7 @@
|
||||
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
|
||||
index 9a6265b3a0..c9371a07c4 100644
|
||||
--- a/src/Makefile.global.in
|
||||
+++ b/src/Makefile.global.in
|
||||
@@ -82,8 +82,7 @@ vpathsearch = `for f in $(addsuffix /$(1),$(subst :, ,. $(VPATH))); do test -r $
|
||||
# Installation directories
|
||||
#
|
||||
# These are set by the equivalent --xxxdir configure options. We
|
||||
@ -21,7 +21,7 @@ diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Mak
|
||||
#
|
||||
# In a PGXS build, we cannot use the values inserted into Makefile.global
|
||||
# by configure, since the installation tree may have been relocated.
|
||||
@@ -74,45 +73,23 @@
|
||||
@@ -101,45 +100,23 @@ datarootdir := @datarootdir@
|
||||
bindir := @bindir@
|
||||
|
||||
datadir := @datadir@
|
||||
|
||||
@ -13,10 +13,10 @@ to be updated. (Of course, a user who dislikes this behavior can still
|
||||
override it via postgresql.conf.)
|
||||
|
||||
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
|
||||
index 9481f2d..75532c7 100644
|
||||
index 4dde819652..8c2f601333 100644
|
||||
--- a/src/backend/utils/misc/guc.c
|
||||
+++ b/src/backend/utils/misc/guc.c
|
||||
@@ -3196,7 +3196,7 @@ static struct config_string ConfigureNamesString[] =
|
||||
@@ -4159,7 +4159,7 @@ static struct config_string ConfigureNamesString[] =
|
||||
},
|
||||
&Unix_socket_directories,
|
||||
#ifdef HAVE_UNIX_SOCKETS
|
||||
@ -26,10 +26,10 @@ index 9481f2d..75532c7 100644
|
||||
"",
|
||||
#endif
|
||||
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
|
||||
index feeff9e..3e3d784 100644
|
||||
index 4ff0c6c700..6ccd96b1f2 100644
|
||||
--- a/src/bin/initdb/initdb.c
|
||||
+++ b/src/bin/initdb/initdb.c
|
||||
@@ -1234,7 +1234,7 @@ setup_config(void)
|
||||
@@ -1091,7 +1091,7 @@ setup_config(void)
|
||||
|
||||
#ifdef HAVE_UNIX_SOCKETS
|
||||
snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'",
|
||||
@ -39,15 +39,15 @@ index feeff9e..3e3d784 100644
|
||||
snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''");
|
||||
#endif
|
||||
diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h
|
||||
index e278fa0..9ee15d4 100644
|
||||
index 8f3ec6bde1..066daf3f08 100644
|
||||
--- a/src/include/pg_config_manual.h
|
||||
+++ b/src/include/pg_config_manual.h
|
||||
@@ -169,7 +169,7 @@
|
||||
* here's where to twiddle it. You can also override this at runtime
|
||||
* with the postmaster's -k switch.
|
||||
@@ -201,7 +201,7 @@
|
||||
* support them yet.
|
||||
*/
|
||||
#ifndef WIN32
|
||||
-#define DEFAULT_PGSOCKET_DIR "/tmp"
|
||||
+#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql"
|
||||
|
||||
/*
|
||||
* This is the default event source for Windows event log.
|
||||
#else
|
||||
#define DEFAULT_PGSOCKET_DIR ""
|
||||
#endif
|
||||
|
||||
@ -1,9 +1,13 @@
|
||||
The libpq package is supposed to be used for all the PostgreSQL modules
|
||||
available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
|
||||
depend on appropriate libpq ABI version (picked at build-time).
|
||||
commit 75040c3388d9a7dd5ad2bee53cbcc8bf3d35cd17
|
||||
Author: Honza Horak <hhorak@redhat.com>
|
||||
Date: Fri Oct 30 20:16:50 2020 +0100
|
||||
|
||||
The libpq package is supposed to be used for all the PostgreSQL modules
|
||||
available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
|
||||
depend on appropriate libpq ABI version (picked at build-time).
|
||||
|
||||
diff --git a/config/Makefile b/config/Makefile
|
||||
index 67e7998f55..86612a42c3 100644
|
||||
index 67e7998..86612a4 100644
|
||||
--- a/config/Makefile
|
||||
+++ b/config/Makefile
|
||||
@@ -8,6 +8,7 @@ include $(top_builddir)/src/Makefile.global
|
||||
@ -16,7 +20,7 @@ index 67e7998f55..86612a42c3 100644
|
||||
$(MKDIR_P) '$(DESTDIR)$(pgxsdir)/config'
|
||||
diff --git a/config/build-exports-gnu-ld b/config/build-exports-gnu-ld
|
||||
new file mode 100755
|
||||
index 0000000000..bdcfb40d48
|
||||
index 0000000000..84c48e3ade
|
||||
--- /dev/null
|
||||
+++ b/config/build-exports-gnu-ld
|
||||
@@ -0,0 +1,41 @@
|
||||
@ -62,10 +66,10 @@ index 0000000000..bdcfb40d48
|
||||
+echo " *;"
|
||||
+close_block
|
||||
diff --git a/src/Makefile.shlib b/src/Makefile.shlib
|
||||
index 95b82a6dea..a7065d02a4 100644
|
||||
index 373d73caef..d5bd5468cd 100644
|
||||
--- a/src/Makefile.shlib
|
||||
+++ b/src/Makefile.shlib
|
||||
@@ -221,7 +221,7 @@ ifeq ($(PORTNAME), linux)
|
||||
@@ -231,7 +231,7 @@ ifeq ($(PORTNAME), linux)
|
||||
ifdef soname
|
||||
LINK.shared += -Wl,-soname,$(soname)
|
||||
endif
|
||||
@ -75,15 +79,21 @@ index 95b82a6dea..a7065d02a4 100644
|
||||
ifneq (,$(exports_file))
|
||||
LINK.shared += -Wl,--version-script=$(exports_file)
|
||||
diff --git a/src/interfaces/libpq/exports.txt b/src/interfaces/libpq/exports.txt
|
||||
index d6a38d0df8..29bebeac7e 100644
|
||||
index bbc1f90..fc3ef8a 100644
|
||||
--- a/src/interfaces/libpq/exports.txt
|
||||
+++ b/src/interfaces/libpq/exports.txt
|
||||
@@ -171,4 +171,4 @@ PQsslAttributeNames 168
|
||||
@@ -171,11 +171,11 @@ PQsslAttributeNames 168
|
||||
PQsslAttribute 169
|
||||
PQsetErrorContextVisibility 170
|
||||
PQresultVerboseErrorMessage 171
|
||||
-PQencryptPasswordConn 172
|
||||
+PQencryptPasswordConn 172 10
|
||||
--
|
||||
2.17.0
|
||||
|
||||
-PQresultMemorySize 173
|
||||
+PQresultMemorySize 173 12
|
||||
PQhostaddr 174
|
||||
PQgssEncInUse 175
|
||||
PQgetgssctx 176
|
||||
-PQsetSSLKeyPassHook_OpenSSL 177
|
||||
+PQsetSSLKeyPassHook_OpenSSL 177 13
|
||||
PQgetSSLKeyPassHook_OpenSSL 178
|
||||
PQdefaultSSLKeyPassHook_OpenSSL 179
|
||||
32
libpq.spec
32
libpq.spec
@ -1,17 +1,21 @@
|
||||
Name: libpq
|
||||
Version: 11.16
|
||||
Version: 13.7
|
||||
Release: 1
|
||||
Summary: A share library of PostgreSQL
|
||||
Summary: PostgreSQL client library
|
||||
License: PostgreSQL
|
||||
Url: http://www.postgresql.org/
|
||||
Source0: https://ftp.postgresql.org/pub/source/v11.16/postgresql-11.16.tar.bz2
|
||||
|
||||
Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
|
||||
Patch0001: libpq-10.3-rpm-pgsql.patch
|
||||
Patch0002: libpq-10.3-var-run-socket.patch
|
||||
Patch0003: libpq-10.4-symbol-versioning.patch
|
||||
Patch0003: libpq-12.1-symbol-versioning.patch
|
||||
|
||||
BuildRequires: gcc glibc-devel bison flex gawk zlib-devel openssl-devel
|
||||
BuildRequires: krb5-devel openldap-devel gettext multilib-rpm-config
|
||||
Obsoletes: postgresql-libs < 11
|
||||
|
||||
Obsoletes: postgresql-libs < 14
|
||||
Provides: postgresql-libs = %{version}-%{release}
|
||||
|
||||
%description
|
||||
PostgreSQL is a powerful, open source object-relational database system
|
||||
that uses and extends the SQL language combined with many features that
|
||||
@ -23,9 +27,11 @@ or interface.
|
||||
Summary: Development files for building PostgreSQL client tools
|
||||
Requires: libpq%{?_isa} = %{version}-%{release}
|
||||
Provides: postgresql-devel = %{version}-%{release}
|
||||
Obsoletes: postgresql-devel < 11
|
||||
Obsoletes: postgresql-devel < 14
|
||||
|
||||
%description devel
|
||||
The development package of libpq
|
||||
|
||||
%prep
|
||||
%autosetup -n postgresql-%{version} -p1
|
||||
|
||||
@ -34,6 +40,7 @@ export SYMBOL_VERSION_PREFIX=RHPG_
|
||||
%configure --disable-rpath --with-ldap --with-openssl --with-gssapi \
|
||||
--enable-nls --without-readline --datadir=%_datadir/pgsql
|
||||
%global build_subdirs \\\
|
||||
src/port \\\
|
||||
src/interfaces/libpq \\\
|
||||
src/bin/pg_config \\\
|
||||
src/include
|
||||
@ -45,17 +52,19 @@ done
|
||||
for subdir in %build_subdirs; do
|
||||
%make_install -C "$subdir"
|
||||
done
|
||||
|
||||
find $RPM_BUILD_ROOT -name '*.a' -delete
|
||||
rm -r $RPM_BUILD_ROOT%_includedir/pgsql/server
|
||||
|
||||
%multilib_fix_c_header --file "%_includedir/pg_config.h"
|
||||
%multilib_fix_c_header --file "%_includedir/pg_config_ext.h"
|
||||
|
||||
cp /dev/null libpq.lst
|
||||
%find_lang libpq5-11
|
||||
cat libpq5-11.lang >>libpq.lst
|
||||
%find_lang libpq5-13
|
||||
cat libpq5-13.lang >>libpq.lst
|
||||
cp /dev/null libpq-devel.lst
|
||||
%find_lang pg_config-11
|
||||
cat pg_config-11.lang >>libpq-devel.lst
|
||||
%find_lang pg_config-13
|
||||
cat pg_config-13.lang >>libpq-devel.lst
|
||||
|
||||
%files -f libpq.lst
|
||||
%license COPYRIGHT
|
||||
@ -70,6 +79,9 @@ cat pg_config-11.lang >>libpq-devel.lst
|
||||
%_libdir/pkgconfig/libpq.pc
|
||||
|
||||
%changelog
|
||||
* Mon Jun 13 2022 duyiwei <duyiwei@kylinos.cn> - 13.7-1
|
||||
- upgrade libpq to 13.7,fix CVE-2021-32027,CVE-2022-1552
|
||||
|
||||
* Thu May 19 2022 yangweidong <yangweidong9@huawei.com> - 11.16-1
|
||||
- Upgrade libpq to 11.16, fix CVES: CVE-2021-32028 CVE-2021-3677 CVE-2021-23222
|
||||
|
||||
|
||||
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user