From 45cd57e732697fc6b5648a2f1fbb67b500a70693 Mon Sep 17 00:00:00 2001
From: gordonwwang <gordonwwang@tencent.com>
Date: Tue, 29 Aug 2023 17:34:56 +0800
Subject: [PATCH] 1. Upgrade to version 15.4; 2. Use sysusers configuration to
 setup user & group; 3. CVEs fixed: CVE-2023-39417 CVE-2023-39418;

---
 postgresql.spec     | 46 +++++++++++++++++----------------------------
 postgresql.sysusers |  1 +
 sources             |  4 ++--
 3 files changed, 20 insertions(+), 31 deletions(-)
 create mode 100644 postgresql.sysusers

diff --git a/postgresql.spec b/postgresql.spec
index ee23524..333e5b5 100644
--- a/postgresql.spec
+++ b/postgresql.spec
@@ -1,24 +1,3 @@
-# This is the PostgreSQL Global Development Group Official RPMset spec file,
-# or a derivative thereof.
-# Copyright 2003-2009 Lamar Owen <lowen@pari.edu> <lamar.owen@wgcr.org>
-# and others listed.                 ** vi: ts=4 sw=4 noexpandtab nosmarttab
-
-# Major Contributors:
-# ---------------
-# Lamar Owen
-# Trond Eivind Glomsrd <teg@redhat.com>
-# Thomas Lockhart
-# Reinhard Max
-# Karl DeBisschop
-# Peter Eisentraut
-# Joe Conway
-# Andrew Overholt
-# David Jee
-# Kaj J. Niemi
-# Sander Steffann
-# Tom Lane
-# and others in the Changelog....
-
 # This spec file and ancillary files are licensed in accordance with
 # The PostgreSQL license.
 
@@ -55,7 +34,7 @@
 %undefine _package_note_file
 
 %global prevmajorversion 14
-%global prevversion %{prevmajorversion}.3
+%global prevversion %{prevmajorversion}.9
 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
 %global precise_version %version-%release
 %global setup_version 8.8
@@ -65,8 +44,8 @@
 
 Summary:       PostgreSQL client programs
 Name:          postgresql
-Version:       15.3
-Release:       3%{?dist}
+Version:       15.4
+Release:       1%{?dist}
 License:       PostgreSQL
 Url:           http://www.postgresql.org/
 Source0:       https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
@@ -76,6 +55,7 @@ Source3:       Makefile.regress
 Source4:       postgresql.tmpfiles.d
 Source5:       postgresql.pam
 Source6:       postgresql-bashprofile
+Source7: 	   postgresql.sysusers
 
 Patch3001:     rpm-pgsql.patch
 Patch3002:     postgresql-logging.patch
@@ -185,11 +165,13 @@ will interact with a PostgreSQL server.
 %package server
 Summary:       The programs needed to create and run a PostgreSQL server
 BuildRequires: util-linux
+# User and group creation with sysusers
+BuildRequires:  systemd-rpm-macros
+%{?sysusers_requires_compat}
 Requires:      %{name} = %precise_version
 Requires:      util-linux
 Requires:      systemd
 %{?systemd_requires}
-Requires(pre): /usr/sbin/useradd
 Provides:      %{name}-server(:MODULE_COMPAT_%{majorversion})
 Provides:      bundled(postgresql-setup) = %setup_version
 
@@ -291,7 +273,6 @@ process.
 %package plperl
 Summary:       The Perl procedural language for PostgreSQL
 Requires:      %{name}-server = %precise_version
-Requires:      perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 %if %runselftest
 BuildRequires: perl(Opcode) perl(Data::Dumper)
 %endif
@@ -614,6 +595,9 @@ install -d -m 755 $RPM_BUILD_ROOT%{?_localstatedir}/run/postgresql
 mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir}
 install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_tmpfilesdir}/postgresql.conf
 
+# sysusers config for postgres user/group
+install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/postgresql.conf
+
 install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/data
 install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/backups
 
@@ -727,9 +711,7 @@ find_lang_bins pltcl.lst pltcl
 %endif
 
 %pre server
-/usr/sbin/groupadd -g 26 -o -r postgres >/dev/null 2>&1 || :
-/usr/sbin/useradd -M -N -g postgres -o -r -d /var/lib/pgsql -s /bin/bash \
-	-c "PostgreSQL Server" -u 26 postgres >/dev/null 2>&1 || :
+%sysusers_create_compat %{SOURCE7}
 
 %post server
 %systemd_post %service_name
@@ -1004,6 +986,7 @@ make -C postgresql-setup-%{setup_version} check
 %{_mandir}/man1/postmaster.*
 %{_sbindir}/postgresql-new-systemd-unit
 %{_tmpfilesdir}/postgresql.conf
+%{_sysusersdir}/postgresql.conf
 %{_unitdir}/*postgresql*.service
 %attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql
 %attr(644,postgres,postgres) %config(noreplace) %{?_localstatedir}/lib/pgsql/.bash_profile
@@ -1110,6 +1093,11 @@ make -C postgresql-setup-%{setup_version} check
 
 
 %changelog
+* Tue Aug 29 2023 Wang Guodong <gordonwwang@tencent.com> - 15.4-1
+- Upgrade to version 15.4
+- Use sysusers configuration to setup user & group
+- CVEs fixed: CVE-2023-39417 CVE-2023-39418
+
 * Wed Aug 23 2023 rockerzhu <rockerzhu@tencent.com> - 15.3-3
 - Rebuilt for icu 73.2
 
diff --git a/postgresql.sysusers b/postgresql.sysusers
new file mode 100644
index 0000000..afc7799
--- /dev/null
+++ b/postgresql.sysusers
@@ -0,0 +1 @@
+u postgres 26 "PostgreSQL Server" /var/lib/pgsql /bin/bash
diff --git a/sources b/sources
index 6b023b8..fb6cb44 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (postgresql-15.3.tar.bz2) = cac97edeb40df1e8f2162f401b465751132929d7249495ef001e950645a2db46343bd732e7bd6504a7f795e25aea66724f2f4ab0065e3d9331b36db4b3a3bec6
-SHA512 (postgresql-14.3.tar.bz2) = 70e6f67b5729a23f80b92b04e3fad2e09596b939660e3ddebf499d06af946459a45a019279e05413673e7b65d09a28a0440ed3c2ae565068466ed37e2d4f6f17
+SHA512 (postgresql-15.4.tar.bz2) = 37dd3e8b644d10c4f55963e07344ff4b0079adbae60052306f230f15e4ef4662b89e84a63dacc87cbf926c80b186d064a391283dd16e29ab47f7acc8a9860d0b
+SHA512 (postgresql-14.9.tar.bz2) = 8a7f74c5fd1ec5339085f357b3044dd0d763e3368bd42b5d68497eba5cbf71e9c76a329580d8aa3145aa98a157f28df548c4a6dc2d880db5c0156baa231f5d24
 SHA512 (postgresql-setup-8.8.tar.gz) = 4569e5ba83b16556312b89cd6762eb55902eb9265ce9ceb0e0fe18755e1ab7217ea748df465c4402e24d19b55b25702deab92030510dc722db8fcbc0cb639053
-- 
Gitee