From 45cd57e732697fc6b5648a2f1fbb67b500a70693 Mon Sep 17 00:00:00 2001 From: gordonwwang Date: Tue, 29 Aug 2023 17:34:56 +0800 Subject: [PATCH] 1. Upgrade to version 15.4; 2. Use sysusers configuration to setup user & group; 3. CVEs fixed: CVE-2023-39417 CVE-2023-39418; --- postgresql.spec | 46 +++++++++++++++++---------------------------- postgresql.sysusers | 1 + sources | 4 ++-- 3 files changed, 20 insertions(+), 31 deletions(-) create mode 100644 postgresql.sysusers diff --git a/postgresql.spec b/postgresql.spec index ee23524..333e5b5 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -1,24 +1,3 @@ -# This is the PostgreSQL Global Development Group Official RPMset spec file, -# or a derivative thereof. -# Copyright 2003-2009 Lamar Owen -# and others listed. ** vi: ts=4 sw=4 noexpandtab nosmarttab - -# Major Contributors: -# --------------- -# Lamar Owen -# Trond Eivind Glomsrd -# Thomas Lockhart -# Reinhard Max -# Karl DeBisschop -# Peter Eisentraut -# Joe Conway -# Andrew Overholt -# David Jee -# Kaj J. Niemi -# Sander Steffann -# Tom Lane -# and others in the Changelog.... - # This spec file and ancillary files are licensed in accordance with # The PostgreSQL license. @@ -55,7 +34,7 @@ %undefine _package_note_file %global prevmajorversion 14 -%global prevversion %{prevmajorversion}.3 +%global prevversion %{prevmajorversion}.9 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global precise_version %version-%release %global setup_version 8.8 @@ -65,8 +44,8 @@ Summary: PostgreSQL client programs Name: postgresql -Version: 15.3 -Release: 3%{?dist} +Version: 15.4 +Release: 1%{?dist} License: PostgreSQL Url: http://www.postgresql.org/ Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 @@ -76,6 +55,7 @@ Source3: Makefile.regress Source4: postgresql.tmpfiles.d Source5: postgresql.pam Source6: postgresql-bashprofile +Source7: postgresql.sysusers Patch3001: rpm-pgsql.patch Patch3002: postgresql-logging.patch @@ -185,11 +165,13 @@ will interact with a PostgreSQL server. %package server Summary: The programs needed to create and run a PostgreSQL server BuildRequires: util-linux +# User and group creation with sysusers +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} Requires: %{name} = %precise_version Requires: util-linux Requires: systemd %{?systemd_requires} -Requires(pre): /usr/sbin/useradd Provides: %{name}-server(:MODULE_COMPAT_%{majorversion}) Provides: bundled(postgresql-setup) = %setup_version @@ -291,7 +273,6 @@ process. %package plperl Summary: The Perl procedural language for PostgreSQL Requires: %{name}-server = %precise_version -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %if %runselftest BuildRequires: perl(Opcode) perl(Data::Dumper) %endif @@ -614,6 +595,9 @@ install -d -m 755 $RPM_BUILD_ROOT%{?_localstatedir}/run/postgresql mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir} install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_tmpfilesdir}/postgresql.conf +# sysusers config for postgres user/group +install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/postgresql.conf + install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/data install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/pgsql/backups @@ -727,9 +711,7 @@ find_lang_bins pltcl.lst pltcl %endif %pre server -/usr/sbin/groupadd -g 26 -o -r postgres >/dev/null 2>&1 || : -/usr/sbin/useradd -M -N -g postgres -o -r -d /var/lib/pgsql -s /bin/bash \ - -c "PostgreSQL Server" -u 26 postgres >/dev/null 2>&1 || : +%sysusers_create_compat %{SOURCE7} %post server %systemd_post %service_name @@ -1004,6 +986,7 @@ make -C postgresql-setup-%{setup_version} check %{_mandir}/man1/postmaster.* %{_sbindir}/postgresql-new-systemd-unit %{_tmpfilesdir}/postgresql.conf +%{_sysusersdir}/postgresql.conf %{_unitdir}/*postgresql*.service %attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql %attr(644,postgres,postgres) %config(noreplace) %{?_localstatedir}/lib/pgsql/.bash_profile @@ -1110,6 +1093,11 @@ make -C postgresql-setup-%{setup_version} check %changelog +* Tue Aug 29 2023 Wang Guodong - 15.4-1 +- Upgrade to version 15.4 +- Use sysusers configuration to setup user & group +- CVEs fixed: CVE-2023-39417 CVE-2023-39418 + * Wed Aug 23 2023 rockerzhu - 15.3-3 - Rebuilt for icu 73.2 diff --git a/postgresql.sysusers b/postgresql.sysusers new file mode 100644 index 0000000..afc7799 --- /dev/null +++ b/postgresql.sysusers @@ -0,0 +1 @@ +u postgres 26 "PostgreSQL Server" /var/lib/pgsql /bin/bash diff --git a/sources b/sources index 6b023b8..fb6cb44 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (postgresql-15.3.tar.bz2) = cac97edeb40df1e8f2162f401b465751132929d7249495ef001e950645a2db46343bd732e7bd6504a7f795e25aea66724f2f4ab0065e3d9331b36db4b3a3bec6 -SHA512 (postgresql-14.3.tar.bz2) = 70e6f67b5729a23f80b92b04e3fad2e09596b939660e3ddebf499d06af946459a45a019279e05413673e7b65d09a28a0440ed3c2ae565068466ed37e2d4f6f17 +SHA512 (postgresql-15.4.tar.bz2) = 37dd3e8b644d10c4f55963e07344ff4b0079adbae60052306f230f15e4ef4662b89e84a63dacc87cbf926c80b186d064a391283dd16e29ab47f7acc8a9860d0b +SHA512 (postgresql-14.9.tar.bz2) = 8a7f74c5fd1ec5339085f357b3044dd0d763e3368bd42b5d68497eba5cbf71e9c76a329580d8aa3145aa98a157f28df548c4a6dc2d880db5c0156baa231f5d24 SHA512 (postgresql-setup-8.8.tar.gz) = 4569e5ba83b16556312b89cd6762eb55902eb9265ce9ceb0e0fe18755e1ab7217ea748df465c4402e24d19b55b25702deab92030510dc722db8fcbc0cb639053 -- Gitee