diff --git a/CVE-2021-23214.patch b/CVE-2021-23214.patch deleted file mode 100644 index 318c20132efd7583c20e7c3d6414223df56da572..0000000000000000000000000000000000000000 --- a/CVE-2021-23214.patch +++ /dev/null @@ -1,108 +0,0 @@ -From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:01:43 -0500 -Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake. - -The server collects up to a bufferload of data whenever it reads data -from the client socket. When SSL or GSS encryption is requested -during startup, any additional data received with the initial -request message remained in the buffer, and would be treated as -already-decrypted data once the encryption handshake completed. -Thus, a man-in-the-middle with the ability to inject data into the -TCP connection could stuff some cleartext data into the start of -a supposedly encryption-protected database session. - -This could be abused to send faked SQL commands to the server, -although that would only work if the server did not demand any -authentication data. (However, a server relying on SSL certificate -authentication might well not do so.) - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23214 ---- - src/backend/libpq/pqcomm.c | 12 ++++++++++++ - src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++ - src/include/libpq/libpq.h | 1 + - 3 files changed, 37 insertions(+) - -diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c -index ee2cd86866da..93f2e0b81d32 100644 ---- a/src/backend/libpq/pqcomm.c -+++ b/src/backend/libpq/pqcomm.c -@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) - } - } - -+/* -------------------------------- -+ * pq_buffer_has_data - is any buffered data available to read? -+ * -+ * This will *not* attempt to read more data. -+ * -------------------------------- -+ */ -+bool -+pq_buffer_has_data(void) -+{ -+ return (PqRecvPointer < PqRecvLength); -+} -+ - - /* -------------------------------- - * pq_startmsgread - begin reading a message from the client. -diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c -index 5775fc0c0910..1e0936e5b482 100644 ---- a/src/backend/postmaster/postmaster.c -+++ b/src/backend/postmaster/postmaster.c -@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the SSL handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after SSL request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another SSL negotiation request, and a GSS request should only -@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the GSS handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after GSSAPI encryption request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another GSS negotiation request, and an SSL request should only -diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h -index b1152475ace5..54c5fa779773 100644 ---- a/src/include/libpq/libpq.h -+++ b/src/include/libpq/libpq.h -@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen); - extern int pq_getbyte(void); - extern int pq_peekbyte(void); - extern int pq_getbyte_if_available(unsigned char *c); -+extern bool pq_buffer_has_data(void); - extern int pq_putbytes(const char *s, size_t len); - - /* diff --git a/CVE-2021-23222.patch b/CVE-2021-23222.patch deleted file mode 100644 index 0bd5ada95e7e5d55ff31c95837218655acb49754..0000000000000000000000000000000000000000 --- a/CVE-2021-23222.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:14:56 -0500 -Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption - handshake. - -libpq collects up to a bufferload of data whenever it reads data from -the socket. When SSL or GSS encryption is requested during startup, -any additional data received with the server's yes-or-no reply -remained in the buffer, and would be treated as already-decrypted data -once the encryption handshake completed. Thus, a man-in-the-middle -with the ability to inject data into the TCP connection could stuff -some cleartext data into the start of a supposedly encryption-protected -database session. - -This could probably be abused to inject faked responses to the -client's first few queries, although other details of libpq's behavior -make that harder than it sounds. A different line of attack is to -exfiltrate the client's password, or other sensitive data that might -be sent early in the session. That has been shown to be possible with -a server vulnerable to CVE-2021-23214. - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23222 ---- - doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ - src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 54 insertions(+) - -diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml -index e26619e1b53d..b692648fca47 100644 ---- a/doc/src/sgml/protocol.sgml -+++ b/doc/src/sgml/protocol.sgml -@@ -1471,6 +1471,20 @@ SELCT 1/0; - and proceed without requesting SSL. - - -+ -+ When SSL encryption can be performed, the server -+ is expected to send only the single S byte and then -+ wait for the frontend to initiate an SSL handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their SSL library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial SSLRequest can also be used in a connection that is being - opened to send a CancelRequest message. -@@ -1532,6 +1546,20 @@ SELCT 1/0; - encryption. - - -+ -+ When GSSAPI encryption can be performed, the server -+ is expected to send only the single G byte and then -+ wait for the frontend to initiate a GSSAPI handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their GSSAPI library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial GSSENCRequest can also be used in a connection that is being - opened to send a CancelRequest message. -diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c -index f80f4e98d8e0..57aee9518308 100644 ---- a/src/interfaces/libpq/fe-connect.c -+++ b/src/interfaces/libpq/fe-connect.c -@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_client(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the SSL -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after SSL response\n")); -+ goto error_return; -+ } -+ - /* SSL handshake done, ready to send startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; -@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_gss(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the GSS -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); -+ goto error_return; -+ } -+ - /* All set for startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; diff --git a/postgresql-13.3.tar.bz2 b/postgresql-12.16.tar.bz2 similarity index 68% rename from postgresql-13.3.tar.bz2 rename to postgresql-12.16.tar.bz2 index cd1774994fa0062d5650b2418ccf64c4e998c90e..d76b4bf61245c7648e2bfb7532c7f9a2c4875460 100644 Binary files a/postgresql-13.3.tar.bz2 and b/postgresql-12.16.tar.bz2 differ diff --git a/postgresql-12.16.tar.bz2.sha256 b/postgresql-12.16.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..aca50b6f7d6e649784c02f5b9bcc1504a1a5e5c5 --- /dev/null +++ b/postgresql-12.16.tar.bz2.sha256 @@ -0,0 +1 @@ +c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 postgresql-12.16.tar.bz2 diff --git a/postgresql-12.7.tar.bz2.sha256 b/postgresql-12.7.tar.bz2.sha256 deleted file mode 100644 index 7bbec0d68bb9caf613e4c5cea6dff3529a62ace3..0000000000000000000000000000000000000000 --- a/postgresql-12.7.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 postgresql-12.7.tar.bz2 diff --git a/postgresql-13.3-US.pdf b/postgresql-13.12-US.pdf similarity index 69% rename from postgresql-13.3-US.pdf rename to postgresql-13.12-US.pdf index 542844ef03da4dc9cb1a4b9393c7fb783772e43c..96e9b71e91e4a30234ef54302f6ce56daa61ee2d 100644 Binary files a/postgresql-13.3-US.pdf and b/postgresql-13.12-US.pdf differ diff --git a/postgresql-12.7.tar.bz2 b/postgresql-13.12.tar.bz2 similarity index 67% rename from postgresql-12.7.tar.bz2 rename to postgresql-13.12.tar.bz2 index 408ea5a5faed306c4aad3ae2d18d2932fc5cba5a..46ad4624eb8759a2834d5728ab15641b47dbcb93 100644 Binary files a/postgresql-12.7.tar.bz2 and b/postgresql-13.12.tar.bz2 differ diff --git a/postgresql-13.12.tar.bz2.sha256 b/postgresql-13.12.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..0d34232f40088a2ba7c2657de4ff20fed1b963f6 --- /dev/null +++ b/postgresql-13.12.tar.bz2.sha256 @@ -0,0 +1 @@ +0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b postgresql-13.12.tar.bz2 diff --git a/postgresql-13.3.tar.bz2.sha256 b/postgresql-13.3.tar.bz2.sha256 deleted file mode 100644 index 7898d34af591ae255a822e5d7fe86f61fad94682..0000000000000000000000000000000000000000 --- a/postgresql-13.3.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 postgresql-13.3.tar.bz2 diff --git a/postgresql-pgcrypto-openssl3-tests.patch b/postgresql-pgcrypto-openssl3-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..16399a4efdc02b532c88f285978720b0be443d85 --- /dev/null +++ b/postgresql-pgcrypto-openssl3-tests.patch @@ -0,0 +1,102 @@ +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400 +@@ -4,20 +4,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- pgp_sym_decrypt +------------------ +- Secret message. +-(1 row) +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out +--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400 +@@ -594,13 +594,6 @@ + (1 row) + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- pgp_pub_decrypt +------------------ +- Secret msg +-(1 row) +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + pgp_pub_decrypt + ----------------- +diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile +--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400 +@@ -5,7 +5,7 @@ + INT_TESTS = sha2 + + OSSL_SRCS = openssl.c pgp-mpi-openssl.c +-OSSL_TESTS = sha2 des 3des cast5 ++OSSL_TESTS = sha2 + + ZLIB_TST = pgp-compression + ZLIB_OFF_TST = pgp-zlib-DISABLED +@@ -49,12 +49,13 @@ + pgcrypto--1.0--1.1.sql + PGFILEDESC = "pgcrypto - cryptographic functions" + +-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ ++REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \ + $(CF_TESTS) \ +- crypt-des crypt-md5 crypt-blowfish crypt-xdes \ ++ crypt-md5 \ + pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \ + pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info + ++#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \ + EXTRA_CLEAN = gen-rtab + + ifdef USE_PGXS +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400 +@@ -5,16 +5,6 @@ + -- Checking ciphers + select pgp_sym_decrypt(dearmor(' + -----BEGIN PGP MESSAGE----- +-Comment: dat1.blowfish.sha1.mdc.s2k3.z0 +- +-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS +-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= +-=JcP+ +------END PGP MESSAGE----- +-'), 'foobar'); +- +-select pgp_sym_decrypt(dearmor(' +------BEGIN PGP MESSAGE----- + Comment: dat1.aes.sha1.mdc.s2k3.z0 + + jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest +diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql +--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400 ++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400 +@@ -606,9 +606,6 @@ + from keytbl, encdata where keytbl.id=1 and encdata.id=1; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) +-from keytbl, encdata where keytbl.id=2 and encdata.id=2; +- +-select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) + from keytbl, encdata where keytbl.id=3 and encdata.id=3; + + select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) diff --git a/postgresql.spec b/postgresql.spec index f2c8a362e43a2f0887b06ef1c46e37a40a4d1c9d..a080707df6cd25640b45b07c420d5663325f0ef7 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -1,6 +1,6 @@ %{!?beta:%global beta 0} %{!?test:%global test 1} -%ifarch riscv64 +%ifarch riscv64 loongarch64 # Fail to pass tests on riscv64 %{!?llvmjit:%global llvmjit 0} %else @@ -35,8 +35,8 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 13 -Version: %{majorversion}.3 -Release: 7 +Version: %{majorversion}.12 +Release: 1 # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -44,7 +44,7 @@ License: PostgreSQL Url: http://www.postgresql.org/ %global prevmajorversion 12 -%global prevversion %{prevmajorversion}.7 +%global prevversion %{prevmajorversion}.16 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global precise_version %{?epoch:%epoch:}%version-%release @@ -80,10 +80,10 @@ Patch8: postgresql-external-libpq.patch Patch9: postgresql-server-pg_config.patch Patch10: postgresql-no-libecpg.patch Patch11: postgresql-datalayout-mismatch-on-s390.patch -Patch12: CVE-2021-23214.patch -Patch13: CVE-2021-23222.patch Patch14: postgresql-subtransaction-test.patch Patch15: postgresql-13.3-sw.patch +Patch17: postgresql-pgcrypto-openssl3-tests.patch + BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk @@ -163,6 +163,36 @@ PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. +%if ! %external_libpq +%package private-libs +Summary: The shared libraries required only for this build of PostgreSQL server +Group: Applications/Databases +# for /sbin/ldconfig +Requires(post): glibc +Requires(postun): glibc + +%description private-libs +The postgresql-private-libs package provides the shared libraries for this +build of PostgreSQL server and plugins build with this version of server. +For shared libraries used by client packages that need to connect to a +PostgreSQL server, install libpq package instead. + + +%package private-devel +Summary: PostgreSQL development header files for this build of PostgreSQL server +Group: Development/Libraries +Requires: %{name}-private-libs%{?_isa} = %precise_version +# Conflict is desired here, a user must pick one or another +Conflicts: libpq-devel + +%description private-devel +The postgresql-private-devel package contains the header files and libraries +needed to compile C or C++ applications which will directly interact +with a PostgreSQL database management server. +You need to install this package if you want to develop applications which +will interact with a PostgreSQL server. +%endif + %package server Summary: The programs needed to create and run a PostgreSQL server @@ -345,23 +375,21 @@ goal of accelerating analytics queries. %endif ) %setup -q -a 12 -n postgresql-%{version} -%patch1 -p1 -%patch2 -p1 -%patch5 -p1 -%patch6 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 %if %external_libpq -%patch8 -p1 +%patch -P 8 -p1 %else -%patch10 -p1 +%patch -P 10 -p1 %endif -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 +%patch -P 9 -p1 +%patch -P 11 -p1 %ifarch sw_64 -%patch15 -p1 +%patch -P 15 -p1 %endif +%patch -P 17 -p1 # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -428,7 +456,7 @@ export CFLAGS # since that's still considered the default plpython version. common_configure_options=' --disable-rpath -%ifarch riscv64 +%ifarch riscv64 loongarch64 --disable-spinlocks %endif %if %beta @@ -620,7 +648,7 @@ upgrade_configure () --host=%{_host} \ --prefix=%prev_prefix \ --disable-rpath \ -%ifarch riscv64 +%ifarch riscv64 loongarch64 --disable-spinlocks \ %endif %if %beta @@ -690,6 +718,16 @@ make DESTDIR=$RPM_BUILD_ROOT install-world # We ship pg_config through libpq-devel mv $RPM_BUILD_ROOT/%_mandir/man1/pg_{,server_}config.1 +%if %external_libpq +rm $RPM_BUILD_ROOT/%_includedir/pg_config*.h +rm $RPM_BUILD_ROOT/%_includedir/libpq/libpq-fs.h +rm $RPM_BUILD_ROOT/%_includedir/postgres_ext.h +rm -r $RPM_BUILD_ROOT/%_includedir/pgsql/internal/ +%else +ln -s pg_server_config $RPM_BUILD_ROOT/%_bindir/pg_config +rm $RPM_BUILD_ROOT/%{_libdir}/libpq.a +%endif + %if %plpython3 mv src/Makefile.global src/Makefile.global.save @@ -1163,14 +1201,29 @@ make -C postgresql-setup-%{setup_version} check %dir %{_includedir}/pgsql %{_includedir}/pgsql/server %{_libdir}/pgsql/pgxs/ -%{_includedir}/* -%{_libdir}/{pgsql/pgxs/,pkgconfig/*.pc} -%{_libdir}/{libecpg,libecpg_compat,libpgtypes,libpq}.so* -%{_libdir}/libpq.a %{_mandir}/man1/pg_server_config.* %{_mandir}/man3/SPI_* %{macrosdir}/macros.%name +%if ! %external_libpq +%files private-libs +%{_libdir}/libpq.so.* +%endif + +%if ! %external_libpq +%files private-devel +%{_bindir}/pg_config +%{_includedir}/libpq-events.h +%{_includedir}/libpq-fe.h +%{_includedir}/postgres_ext.h +%{_includedir}/pgsql/internal/*.h +%{_includedir}/pgsql/internal/libpq/pqcomm.h +%{_includedir}/libpq/*.h +%{_libdir}/pkgconfig/*.pc +%{_libdir}/libpq.so +%{_includedir}/pg_config*.h +%endif + %files test-rpm-macros %{_datadir}/postgresql-setup/postgresql_pkg_tests.sh @@ -1248,6 +1301,17 @@ make -C postgresql-setup-%{setup_version} check %changelog +* Fri Aug 11 2023 Funda Wang - 13.12-1 +- New version 13.12 + +* Fri Jun 9 2023 dillon chen - 13.3-8 +- Fix build error for loongarch64 +- Fix issue: confilct between libpq-devel and postgresql-devel +- guess init spec from redhat +- change redhat spec:rm private package and add files to server-devel +- so add delete lines to Fix issue +- Next: write oe libpq and postgresql spec by myself + * Tue Oct 25 2022 wuzx - 13.3-7 - Add sw64 architecture