diff options
author | Jan Palus | 2023-05-16 11:26:36 (GMT) |
---|---|---|
committer | Jan Palus | 2023-05-16 11:26:36 (GMT) |
commit | a718bd62c7e180c36afc525c9785a1d26904835b (patch) | |
tree | e0e59317b0f1f4b2c4fab482d29953cf7f455d0b | |
parent | 8ad5813932d74254a3f643213d44e485000f3225 (diff) | |
download | postgresql-a718bd62c7e180c36afc525c9785a1d26904835b.zip postgresql-a718bd62c7e180c36afc525c9785a1d26904835b.tar.gz |
up to 14.8 (fixes CVE-2022-41862 CVE-2023-2454 CVE-2023-2455)
- require openssl >= 1.1.1 for X509_get_signature_info symbol
-rw-r--r-- | ac.patch | 2 | ||||
-rw-r--r-- | llvm15.patch | 195 | ||||
-rw-r--r-- | postgresql.spec | 10 |
3 files changed, 5 insertions, 202 deletions
@@ -2,7 +2,7 @@ +++ postgresql-14.0/configure.ac 2021-11-09 09:38:45.296275820 +0100 @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch un - AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.8], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/llvm15.patch b/llvm15.patch deleted file mode 100644 index c0c2cd2..0000000 --- a/llvm15.patch +++ /dev/null @@ -1,195 +0,0 @@ -From d033f8f8bea9c7b5c4ae43a95b569ceccdaddd7a Mon Sep 17 00:00:00 2001 -From: Thomas Munro <tmunro@postgresql.org> -Date: Wed, 19 Oct 2022 22:32:14 +1300 -Subject: [PATCH] Track LLVM 15 changes. - -Per https://llvm.org/docs/OpaquePointers.html, support for non-opaque -pointers still exists and we can request that on our context. We have -until LLVM 16 to move to opaque pointers, a much larger change. - -Back-patch to 11, where LLVM support arrived. - -Author: Thomas Munro <thomas.munro@gmail.com> -Author: Andres Freund <andres@anarazel.de> -Discussion: https://postgr.es/m/CAMHz58Sf_xncdyqsekoVsNeKcruKootLtVH6cYXVhhUR1oKPCg%40mail.gmail.com ---- - configure | 89 +++++++++++++++++++++++++ - configure.ac | 3 + - src/backend/jit/llvm/llvmjit.c | 18 +++++ - src/backend/jit/llvm/llvmjit_inline.cpp | 1 + - 4 files changed, 111 insertions(+) - -diff --git a/configure b/configure -index 57ec071cf9..a15c2253d5 100755 ---- a/configure -+++ b/configure -@@ -7259,6 +7259,95 @@ if test x"$pgac_cv_prog_CLANGXX_cxxflags__fexcess_precision_standard" = x"yes"; - fi - - -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANG} supports -Xclang -no-opaque-pointers, for BITCODE_CFLAGS" >&5 -+$as_echo_n "checking whether ${CLANG} supports -Xclang -no-opaque-pointers, for BITCODE_CFLAGS... " >&6; } -+if ${pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ pgac_save_CFLAGS=$CFLAGS -+pgac_save_CC=$CC -+CC=${CLANG} -+CFLAGS="${BITCODE_CFLAGS} -Xclang -no-opaque-pointers" -+ac_save_c_werror_flag=$ac_c_werror_flag -+ac_c_werror_flag=yes -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+int -+main () -+{ -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers=yes -+else -+ pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers=no -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+ac_c_werror_flag=$ac_save_c_werror_flag -+CFLAGS="$pgac_save_CFLAGS" -+CC="$pgac_save_CC" -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" >&5 -+$as_echo "$pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" >&6; } -+if test x"$pgac_cv_prog_CLANG_cflags__Xclang__no_opaque_pointers" = x"yes"; then -+ BITCODE_CFLAGS="${BITCODE_CFLAGS} -Xclang -no-opaque-pointers" -+fi -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANGXX} supports -Xclang -no-opaque-pointers, for BITCODE_CXXFLAGS" >&5 -+$as_echo_n "checking whether ${CLANGXX} supports -Xclang -no-opaque-pointers, for BITCODE_CXXFLAGS... " >&6; } -+if ${pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ pgac_save_CXXFLAGS=$CXXFLAGS -+pgac_save_CXX=$CXX -+CXX=${CLANGXX} -+CXXFLAGS="${BITCODE_CXXFLAGS} -Xclang -no-opaque-pointers" -+ac_save_cxx_werror_flag=$ac_cxx_werror_flag -+ac_cxx_werror_flag=yes -+ac_ext=cpp -+ac_cpp='$CXXCPP $CPPFLAGS' -+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu -+ -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+int -+main () -+{ -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_cxx_try_compile "$LINENO"; then : -+ pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers=yes -+else -+ pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers=no -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+ac_ext=c -+ac_cpp='$CPP $CPPFLAGS' -+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_compiler_gnu=$ac_cv_c_compiler_gnu -+ -+ac_cxx_werror_flag=$ac_save_cxx_werror_flag -+CXXFLAGS="$pgac_save_CXXFLAGS" -+CXX="$pgac_save_CXX" -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" >&5 -+$as_echo "$pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" >&6; } -+if test x"$pgac_cv_prog_CLANGXX_cxxflags__Xclang__no_opaque_pointers" = x"yes"; then -+ BITCODE_CXXFLAGS="${BITCODE_CXXFLAGS} -Xclang -no-opaque-pointers" -+fi -+ -+ - NOT_THE_CFLAGS="" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CLANG} supports -Wunused-command-line-argument, for NOT_THE_CFLAGS" >&5 - $as_echo_n "checking whether ${CLANG} supports -Wunused-command-line-argument, for NOT_THE_CFLAGS... " >&6; } -diff --git a/configure.ac b/configure.ac -index 227bc896b6..6d13ae5888 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -600,6 +600,9 @@ if test "$with_llvm" = yes ; then - PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, BITCODE_CFLAGS, [-fexcess-precision=standard]) - PGAC_PROG_VARCXX_VARFLAGS_OPT(CLANGXX, BITCODE_CXXFLAGS, [-fexcess-precision=standard]) - -+ PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, BITCODE_CFLAGS, [-Xclang -no-opaque-pointers]) -+ PGAC_PROG_VARCXX_VARFLAGS_OPT(CLANGXX, BITCODE_CXXFLAGS, [-Xclang -no-opaque-pointers]) -+ - NOT_THE_CFLAGS="" - PGAC_PROG_VARCC_VARFLAGS_OPT(CLANG, NOT_THE_CFLAGS, [-Wunused-command-line-argument]) - if test -n "$NOT_THE_CFLAGS"; then -diff --git a/src/backend/jit/llvm/llvmjit.c b/src/backend/jit/llvm/llvmjit.c -index fb29449573..199fff4f77 100644 ---- a/src/backend/jit/llvm/llvmjit.c -+++ b/src/backend/jit/llvm/llvmjit.c -@@ -798,6 +798,16 @@ llvm_session_initialize(void) - LLVMInitializeNativeAsmPrinter(); - LLVMInitializeNativeAsmParser(); - -+ /* -+ * When targeting an LLVM version with opaque pointers enabled by -+ * default, turn them off for the context we build our code in. We don't -+ * need to do so for other contexts (e.g. llvm_ts_context). Once the IR is -+ * generated, it carries the necessary information. -+ */ -+#if LLVM_VERSION_MAJOR > 14 -+ LLVMContextSetOpaquePointers(LLVMGetGlobalContext(), false); -+#endif -+ - /* - * Synchronize types early, as that also includes inferring the target - * triple. -@@ -1112,7 +1122,11 @@ llvm_resolve_symbols(LLVMOrcDefinitionGeneratorRef GeneratorObj, void *Ctx, - LLVMOrcJITDylibRef JD, LLVMOrcJITDylibLookupFlags JDLookupFlags, - LLVMOrcCLookupSet LookupSet, size_t LookupSetSize) - { -+#if LLVM_VERSION_MAJOR > 14 -+ LLVMOrcCSymbolMapPairs symbols = palloc0(sizeof(LLVMOrcCSymbolMapPair) * LookupSetSize); -+#else - LLVMOrcCSymbolMapPairs symbols = palloc0(sizeof(LLVMJITCSymbolMapPair) * LookupSetSize); -+#endif - LLVMErrorRef error; - LLVMOrcMaterializationUnitRef mu; - -@@ -1230,7 +1244,11 @@ llvm_create_jit_instance(LLVMTargetMachineRef tm) - * Symbol resolution support for "special" functions, e.g. a call into an - * SQL callable function. - */ -+#if LLVM_VERSION_MAJOR > 14 -+ ref_gen = LLVMOrcCreateCustomCAPIDefinitionGenerator(llvm_resolve_symbols, NULL, NULL); -+#else - ref_gen = LLVMOrcCreateCustomCAPIDefinitionGenerator(llvm_resolve_symbols, NULL); -+#endif - LLVMOrcJITDylibAddGenerator(LLVMOrcLLJITGetMainJITDylib(lljit), ref_gen); - - return lljit; -diff --git a/src/backend/jit/llvm/llvmjit_inline.cpp b/src/backend/jit/llvm/llvmjit_inline.cpp -index 9bb4b672a7..774d9e8b66 100644 ---- a/src/backend/jit/llvm/llvmjit_inline.cpp -+++ b/src/backend/jit/llvm/llvmjit_inline.cpp -@@ -62,6 +62,7 @@ extern "C" - #include <llvm/IR/ModuleSummaryIndex.h> - #include <llvm/Linker/IRMover.h> - #include <llvm/Support/ManagedStatic.h> -+#include <llvm/Support/MemoryBuffer.h> - - - /* --- -2.30.2 - diff --git a/postgresql.spec b/postgresql.spec index 6a83ccd..2eba9a9 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -34,12 +34,12 @@ Summary(tr.UTF-8): Veri Tabanı Yönetim Sistemi Summary(uk.UTF-8): PostgreSQL - система керування базами даних Summary(zh_CN.UTF-8): PostgreSQL 客户端程序和库文件 Name: postgresql -Version: %{mver}.5 +Version: %{mver}.8 Release: 1 License: BSD Group: Applications/Databases Source0: https://ftp.postgresql.org/pub/source/v%{version}/%{name}-%{version}.tar.bz2 -# Source0-md5: 1b319af2ece7fbf836d2d9533e91aa9b +# Source0-md5: d089f6f4f15f5b278252e867f3a45fd7 Source1: %{name}.init Source2: pgsql-Database-HOWTO-html.tar.gz # Source2-md5: 5b656ddf1db41965761f85204a14398e @@ -54,7 +54,6 @@ Patch3: ac.patch Patch5: %{name}-heimdal.patch Patch6: %{name}-link.patch -Patch7: llvm15.patch URL: https://www.postgresql.org/ BuildRequires: autoconf >= 2.69 BuildRequires: automake @@ -78,7 +77,7 @@ BuildRequires: libxslt-progs %{?with_llvm:BuildRequires: llvm-devel >= 3.9} BuildRequires: ncurses-devel >= 5.0 %{?with_ldap:BuildRequires: openldap-devel} -BuildRequires: openssl-devel >= 1.0.1 +BuildRequires: openssl-devel >= 1.1.1 BuildRequires: pam-devel %if %{with perl} BuildRequires: perl-Scalar-List-Utils @@ -494,7 +493,7 @@ Summary(pl.UTF-8): Biblioteki dzielone programu PostgreSQL Summary(pt_BR.UTF-8): Biblioteca compartilhada do PostgreSQL Summary(zh_CN.UTF-8): PostgreSQL 客户所需要的共享库 Group: Libraries -Requires: openssl%{?_isa} >= 1.0.1 +Requires: openssl%{?_isa} >= 1.1.1 %description libs PostgreSQL shared libraries. @@ -803,7 +802,6 @@ Różne moduły dołączone do PostgreSQL-a. %patch5 -p1 %patch6 -p1 -%patch7 -p1 # force rebuild of bison/flex files find src -name \*.l -o -name \*.y | xargs touch |