[packages/postgresql] up to 14.8 (fixes CVE-2022-41862 CVE-2023-2454 CVE-2023-2455)
atler
atler at pld-linux.org
Tue May 16 13:54:12 CEST 2023
commit a718bd62c7e180c36afc525c9785a1d26904835b
Author: Jan Palus <atler at pld-linux.org>
Date: Tue May 16 13:26:36 2023 +0200
up to 14.8 (fixes CVE-2022-41862 CVE-2023-2454 CVE-2023-2455)
- require openssl >= 1.1.1 for X509_get_signature_info symbol
ac.patch | 2 +-
llvm15.patch | 195 --------------------------------------------------------
postgresql.spec | 10 ++-
3 files changed, 5 insertions(+), 202 deletions(-)
---
diff --git a/postgresql.spec b/postgresql.spec
index 6a83ccd..2eba9a9 100644
--- a/postgresql.spec
+++ b/postgresql.spec
@@ -34,12 +34,12 @@ Summary(tr.UTF-8): Veri Tabanı Yönetim Sistemi
Summary(uk.UTF-8): PostgreSQL - система керування базами даних
Summary(zh_CN.UTF-8): PostgreSQL 客户端程序和库文件
Name: postgresql
-Version: %{mver}.5
+Version: %{mver}.8
Release: 1
License: BSD
Group: Applications/Databases
Source0: https://ftp.postgresql.org/pub/source/v%{version}/%{name}-%{version}.tar.bz2
-# Source0-md5: 1b319af2ece7fbf836d2d9533e91aa9b
+# Source0-md5: d089f6f4f15f5b278252e867f3a45fd7
Source1: %{name}.init
Source2: pgsql-Database-HOWTO-html.tar.gz
# Source2-md5: 5b656ddf1db41965761f85204a14398e
@@ -54,7 +54,6 @@ Patch3: ac.patch
Patch5: %{name}-heimdal.patch
Patch6: %{name}-link.patch
-Patch7: llvm15.patch
URL: https://www.postgresql.org/
BuildRequires: autoconf >= 2.69
BuildRequires: automake
@@ -78,7 +77,7 @@ BuildRequires: libxslt-progs
%{?with_llvm:BuildRequires: llvm-devel >= 3.9}
BuildRequires: ncurses-devel >= 5.0
%{?with_ldap:BuildRequires: openldap-devel}
-BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel >= 1.1.1
BuildRequires: pam-devel
%if %{with perl}
BuildRequires: perl-Scalar-List-Utils
@@ -494,7 +493,7 @@ Summary(pl.UTF-8): Biblioteki dzielone programu PostgreSQL
Summary(pt_BR.UTF-8): Biblioteca compartilhada do PostgreSQL
Summary(zh_CN.UTF-8): PostgreSQL 客户所需要的共享库
Group: Libraries
-Requires: openssl%{?_isa} >= 1.0.1
+Requires: openssl%{?_isa} >= 1.1.1
%description libs
PostgreSQL shared libraries.
@@ -803,7 +802,6 @@ Różne moduły dołączone do PostgreSQL-a.
%patch5 -p1
%patch6 -p1
-%patch7 -p1
# force rebuild of bison/flex files
find src -name \*.l -o -name \*.y | xargs touch
diff --git a/ac.patch b/ac.patch
index d45b38a..b0340cf 100644
--- a/ac.patch
+++ b/ac.patch
@@ -2,7 +2,7 @@
+++ postgresql-14.0/configure.ac 2021-11-09 09:38:45.296275820 +0100
@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch un
- AC_INIT([PostgreSQL], [14.5], [pgsql-bugs at lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [14.8], [pgsql-bugs at lists.postgresql.org], [], [https://www.postgresql.org/])
-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
-Untested combinations of 'autoconf' and PostgreSQL versions are not
diff --git a/llvm15.patch b/llvm15.patch
deleted file mode 100644
index c0c2cd2..0000000
--- a/llvm15.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From d033f8f8bea9c7b5c4ae43a95b569ceccdaddd7a Mon Sep 17 00:00:00 2001
-From: Thomas Munro <tmunro at postgresql.org>
-Date: Wed, 19 Oct 2022 22:32:14 +1300
-Subject: [PATCH] Track LLVM 15 changes.
-
-Per https://llvm.org/docs/OpaquePointers.html, support for non-opaque
-pointers still exists and we can request that on our context. We have
-until LLVM 16 to move to opaque pointers, a much larger change.
-
-Back-patch to 11, where LLVM support arrived.
-
-Author: Thomas Munro <thomas.munro at gmail.com>
-Author: Andres Freund <andres at anarazel.de>
-Discussion: https://postgr.es/m/CAMHz58Sf_xncdyqsekoVsNeKcruKootLtVH6cYXVhhUR1oKPCg%40mail.gmail.com
----
- configure | 89 +++++++++++++++++++++++++
- configure.ac | 3 +
- src/backend/jit/llvm/llvmjit.c | 18 +++++
- src/backend/jit/llvm/llvmjit_inline.cpp | 1 +
- 4 files changed, 111 insertions(+)
-
-diff --git a/configure b/configure
-index 57ec071cf9..a15c2253d5 100755
---- a/configure
-+++ b/configure
-@@ -7259,6 +7259,95 @@ if test x"$pgac_cv_prog_CLANGXX_cxxflags__fexcess_precision_standard" = x"yes";
- fi
-
-
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANG} supports -Xclang -no-opaque-pointers, for BITCODE_CFLAGS" >&5
-+$as_echo_n "checking whether ${CLANG} supports -Xclang -no-opaque-pointers, for BITCODE_CFLAGS... " >&6; }
-+if ${pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers+:} false; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ pgac_save_CFLAGS=$CFLAGS
-+pgac_save_CC=$CC
-+CC=${CLANG}
-+CFLAGS="${BITCODE_CFLAGS} -Xclang -no-opaque-pointers"
-+ac_save_c_werror_flag=$ac_c_werror_flag
-+ac_c_werror_flag=yes
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+
-+int
-+main ()
-+{
-+
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_compile "$LINENO"; then :
-+ pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers=yes
-+else
-+ pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+ac_c_werror_flag=$ac_save_c_werror_flag
-+CFLAGS="$pgac_save_CFLAGS"
-+CC="$pgac_save_CC"
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" >&5
-+$as_echo "$pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" >&6; }
-+if test x"$pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" = x"yes"; then
-+ BITCODE_CFLAGS="${BITCODE_CFLAGS} -Xclang -no-opaque-pointers"
-+fi
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANGXX} supports -Xclang -no-opaque-pointers, for BITCODE_CXXFLAGS" >&5
-+$as_echo_n "checking whether ${CLANGXX} supports -Xclang -no-opaque-pointers, for BITCODE_CXXFLAGS... " >&6; }
-+if ${pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers+:} false; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ pgac_save_CXXFLAGS=$CXXFLAGS
-+pgac_save_CXX=$CXX
-+CXX=${CLANGXX}
-+CXXFLAGS="${BITCODE_CXXFLAGS} -Xclang -no-opaque-pointers"
-+ac_save_cxx_werror_flag=$ac_cxx_werror_flag
-+ac_cxx_werror_flag=yes
-+ac_ext=cpp
-+ac_cpp='$CXXCPP $CPPFLAGS'
-+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-+
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+
-+int
-+main ()
-+{
-+
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_cxx_try_compile "$LINENO"; then :
-+ pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers=yes
-+else
-+ pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+ac_ext=c
-+ac_cpp='$CPP $CPPFLAGS'
-+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_compiler_gnu=$ac_cv_c_compiler_gnu
-+
-+ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-+CXXFLAGS="$pgac_save_CXXFLAGS"
-+CXX="$pgac_save_CXX"
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" >&5
-+$as_echo "$pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" >&6; }
-+if test x"$pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" = x"yes"; then
-+ BITCODE_CXXFLAGS="${BITCODE_CXXFLAGS} -Xclang -no-opaque-pointers"
-+fi
-+
-+
- NOT_THE_CFLAGS=""
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANG} supports -Wunused-command-line-argument, for NOT_THE_CFLAGS" >&5
- $as_echo_n "checking whether ${CLANG} supports -Wunused-command-line-argument, for NOT_THE_CFLAGS... " >&6; }
-diff --git a/configure.ac b/configure.ac
-index 227bc896b6..6d13ae5888 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -600,6 +600,9 @@ if test "$with_llvm" = yes ; then
- PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, BITCODE_CFLAGS, [-fexcess-precision=standard])
- PGAC_PROG_VARCXX_VARFLAGS_OPT(CLANGXX, BITCODE_CXXFLAGS, [-fexcess-precision=standard])
-
-+ PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, BITCODE_CFLAGS, [-Xclang -no-opaque-pointers])
-+ PGAC_PROG_VARCXX_VARFLAGS_OPT(CLANGXX, BITCODE_CXXFLAGS, [-Xclang -no-opaque-pointers])
-+
- NOT_THE_CFLAGS=""
- PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, NOT_THE_CFLAGS, [-Wunused-command-line-argument])
- if test -n "$NOT_THE_CFLAGS"; then
-diff --git a/src/backend/jit/llvm/llvmjit.c b/src/backend/jit/llvm/llvmjit.c
-index fb29449573..199fff4f77 100644
---- a/src/backend/jit/llvm/llvmjit.c
-+++ b/src/backend/jit/llvm/llvmjit.c
-@@ -798,6 +798,16 @@ llvm_session_initialize(void)
- LLVMInitializeNativeAsmPrinter();
- LLVMInitializeNativeAsmParser();
-
-+ /*
-+ * When targeting an LLVM version with opaque pointers enabled by
-+ * default, turn them off for the context we build our code in. We don't
-+ * need to do so for other contexts (e.g. llvm_ts_context). Once the IR is
-+ * generated, it carries the necessary information.
-+ */
-+#if LLVM_VERSION_MAJOR > 14
-+ LLVMContextSetOpaquePointers(LLVMGetGlobalContext(), false);
-+#endif
-+
- /*
- * Synchronize types early, as that also includes inferring the target
- * triple.
-@@ -1112,7 +1122,11 @@ llvm_resolve_symbols(LLVMOrcDefinitionGeneratorRef GeneratorObj, void *Ctx,
- LLVMOrcJITDylibRef JD, LLVMOrcJITDylibLookupFlags JDLookupFlags,
- LLVMOrcCLookupSet LookupSet, size_t LookupSetSize)
- {
-+#if LLVM_VERSION_MAJOR > 14
-+ LLVMOrcCSymbolMapPairs symbols = palloc0(sizeof(LLVMOrcCSymbolMapPair) * LookupSetSize);
-+#else
- LLVMOrcCSymbolMapPairs symbols = palloc0(sizeof(LLVMJITCSymbolMapPair) * LookupSetSize);
-+#endif
- LLVMErrorRef error;
- LLVMOrcMaterializationUnitRef mu;
-
-@@ -1230,7 +1244,11 @@ llvm_create_jit_instance(LLVMTargetMachineRef tm)
- * Symbol resolution support for "special" functions, e.g. a call into an
- * SQL callable function.
- */
-+#if LLVM_VERSION_MAJOR > 14
-+ ref_gen = LLVMOrcCreateCustomCAPIDefinitionGenerator(llvm_resolve_symbols, NULL, NULL);
-+#else
- ref_gen = LLVMOrcCreateCustomCAPIDefinitionGenerator(llvm_resolve_symbols, NULL);
-+#endif
- LLVMOrcJITDylibAddGenerator(LLVMOrcLLJITGetMainJITDylib(lljit), ref_gen);
-
- return lljit;
-diff --git a/src/backend/jit/llvm/llvmjit_inline.cpp b/src/backend/jit/llvm/llvmjit_inline.cpp
-index 9bb4b672a7..774d9e8b66 100644
---- a/src/backend/jit/llvm/llvmjit_inline.cpp
-+++ b/src/backend/jit/llvm/llvmjit_inline.cpp
-@@ -62,6 +62,7 @@ extern "C"
- #include <llvm/IR/ModuleSummaryIndex.h>
- #include <llvm/Linker/IRMover.h>
- #include <llvm/Support/ManagedStatic.h>
-+#include <llvm/Support/MemoryBuffer.h>
-
-
- /*
---
-2.30.2
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/postgresql.git/commitdiff/a718bd62c7e180c36afc525c9785a1d26904835b
More information about the pld-cvs-commit
mailing list