diff --git a/postgresql-pgcrypto-openssl3-init.patch b/postgresql-pgcrypto-openssl3-init.patch new file mode 100644 index 0000000000000000000000000000000000000000..7656ba5df605b313a2dde5d15f8126726f4ea59a --- /dev/null +++ b/postgresql-pgcrypto-openssl3-init.patch @@ -0,0 +1,33 @@ +Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad +author Daniel Gustafsson + +The PX layer in pgcrypto is handling digest padding on its own uniformly +for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate +doesn't flush the last block in case padding is enabled so explicitly +disable it as we don't use it. + +This will be backpatched to all supported version once there is sufficient +testing in the buildfarm of OpenSSL 3. + +diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c +--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400 ++++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400 +@@ -379,6 +379,8 @@ + { + if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) + return PXE_CIPHER_INIT; ++ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0)) ++ return PXE_CIPHER_INIT; + if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) + return PXE_CIPHER_INIT; + if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) +@@ -403,6 +405,8 @@ + { + if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) + return PXE_CIPHER_INIT; ++ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0)) ++ return PXE_CIPHER_INIT; + if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) + return PXE_CIPHER_INIT; + if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) + diff --git a/postgresql-pgcrypto-openssl3-tests.patch b/postgresql-pgcrypto-openssl3-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..16399a4efdc02b532c88f285978720b0be443d85 --- /dev/null +++ b/postgresql-pgcrypto-openssl3-tests.patch @@ -0,0 +1,102 @@ +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400 +@@ -4,20 +4,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- pgp_sym_decrypt +------------------ +- Secret message. +-(1 row) +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400 +@@ -594,13 +594,6 @@ + (1 row) + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- pgp_pub_decrypt +------------------ +- Secret msg +-(1 row) +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + pgp_pub_decrypt + ----------------- +diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile +--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400 +@@ -5,7 +5,7 @@ + INT_TESTS = sha2 + + OSSL_SRCS = openssl.c pgp-mpi-openssl.c +-OSSL_TESTS = sha2 des 3des cast5 ++OSSL_TESTS = sha2 + + ZLIB_TST = pgp-compression + ZLIB_OFF_TST = pgp-zlib-DISABLED +@@ -49,12 +49,13 @@ + pgcrypto--1.0--1.1.sql + PGFILEDESC = "pgcrypto - cryptographic functions" + +-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ ++REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \ + $(CF_TESTS) \ +- crypt-des crypt-md5 crypt-blowfish crypt-xdes \ ++ crypt-md5 \ + pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \ + pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info + ++#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \ + EXTRA_CLEAN = gen-rtab + + ifdef USE_PGXS +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400 +@@ -5,16 +5,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400 +@@ -606,9 +606,6 @@ + from keytbl, encdata where keytbl.id=1 and encdata.id=1; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) diff --git a/postgresql.spec b/postgresql.spec index f2c8a362e43a2f0887b06ef1c46e37a40a4d1c9d..bb51323217690318e0e448f3e5afe0bed40902f2 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -1,6 +1,6 @@ %{!?beta:%global beta 0} %{!?test:%global test 1} -%ifarch riscv64 +%ifarch riscv64 loongarch64 # Fail to pass tests on riscv64 %{!?llvmjit:%global llvmjit 0} %else @@ -36,7 +36,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 13 Version: %{majorversion}.3 -Release: 7 +Release: 8 # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -84,6 +84,9 @@ Patch12: CVE-2021-23214.patch Patch13: CVE-2021-23222.patch Patch14: postgresql-subtransaction-test.patch Patch15: postgresql-13.3-sw.patch +Patch16: postgresql-pgcrypto-openssl3-init.patch +Patch17: postgresql-pgcrypto-openssl3-tests.patch + BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk @@ -163,6 +166,36 @@ PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. +%if ! %external_libpq +%package private-libs +Summary: The shared libraries required only for this build of PostgreSQL server +Group: Applications/Databases +# for /sbin/ldconfig +Requires(post): glibc +Requires(postun): glibc + +%description private-libs +The postgresql-private-libs package provides the shared libraries for this +build of PostgreSQL server and plugins build with this version of server. +For shared libraries used by client packages that need to connect to a +PostgreSQL server, install libpq package instead. + + +%package private-devel +Summary: PostgreSQL development header files for this build of PostgreSQL server +Group: Development/Libraries +Requires: %{name}-private-libs%{?_isa} = %precise_version +# Conflict is desired here, a user must pick one or another +Conflicts: libpq-devel + +%description private-devel +The postgresql-private-devel package contains the header files and libraries +needed to compile C or C++ applications which will directly interact +with a PostgreSQL database management server. +You need to install this package if you want to develop applications which +will interact with a PostgreSQL server. +%endif + %package server Summary: The programs needed to create and run a PostgreSQL server @@ -362,6 +395,8 @@ goal of accelerating analytics queries. %ifarch sw_64 %patch15 -p1 %endif +%patch16 -p1 +%patch17 -p1 # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -428,7 +463,7 @@ export CFLAGS # since that's still considered the default plpython version. common_configure_options=' --disable-rpath -%ifarch riscv64 +%ifarch riscv64 loongarch64 --disable-spinlocks %endif %if %beta @@ -620,7 +655,7 @@ upgrade_configure () --host=%{_host} \ --prefix=%prev_prefix \ --disable-rpath \ -%ifarch riscv64 +%ifarch riscv64 loongarch64 --disable-spinlocks \ %endif %if %beta @@ -690,6 +725,16 @@ make DESTDIR=$RPM_BUILD_ROOT install-world # We ship pg_config through libpq-devel mv $RPM_BUILD_ROOT/%_mandir/man1/pg_{,server_}config.1 +%if %external_libpq +rm $RPM_BUILD_ROOT/%_includedir/pg_config*.h +rm $RPM_BUILD_ROOT/%_includedir/libpq/libpq-fs.h +rm $RPM_BUILD_ROOT/%_includedir/postgres_ext.h +rm -r $RPM_BUILD_ROOT/%_includedir/pgsql/internal/ +%else +ln -s pg_server_config $RPM_BUILD_ROOT/%_bindir/pg_config +rm $RPM_BUILD_ROOT/%{_libdir}/libpq.a +%endif + %if %plpython3 mv src/Makefile.global src/Makefile.global.save @@ -1163,14 +1208,29 @@ make -C postgresql-setup-%{setup_version} check %dir %{_includedir}/pgsql %{_includedir}/pgsql/server %{_libdir}/pgsql/pgxs/ -%{_includedir}/* -%{_libdir}/{pgsql/pgxs/,pkgconfig/*.pc} -%{_libdir}/{libecpg,libecpg_compat,libpgtypes,libpq}.so* -%{_libdir}/libpq.a %{_mandir}/man1/pg_server_config.* %{_mandir}/man3/SPI_* %{macrosdir}/macros.%name +%if ! %external_libpq +%files private-libs +%{_libdir}/libpq.so.* +%endif + +%if ! %external_libpq +%files private-devel +%{_bindir}/pg_config +%{_includedir}/libpq-events.h +%{_includedir}/libpq-fe.h +%{_includedir}/postgres_ext.h +%{_includedir}/pgsql/internal/*.h +%{_includedir}/pgsql/internal/libpq/pqcomm.h +%{_includedir}/libpq/*.h +%{_libdir}/pkgconfig/*.pc +%{_libdir}/libpq.so +%{_includedir}/pg_config*.h +%endif + %files test-rpm-macros %{_datadir}/postgresql-setup/postgresql_pkg_tests.sh @@ -1248,6 +1308,14 @@ make -C postgresql-setup-%{setup_version} check %changelog +* Fri Jun 9 2023 dillon chen - 13.3-8 +- Fix build error for loongarch64 +- Fix issue: confilct between libpq-devel and postgresql-devel +- guess init spec from redhat +- change redhat spec:rm private package and add files to server-devel +- so add delete lines to Fix issue +- Next: write oe libpq and postgresql spec by myself + * Tue Oct 25 2022 wuzx - 13.3-7 - Add sw64 architecture