diff --git a/CVE-2021-23214.patch b/CVE-2021-23214.patch deleted file mode 100644 index 318c20132efd7583c20e7c3d6414223df56da572..0000000000000000000000000000000000000000 --- a/CVE-2021-23214.patch +++ /dev/null @@ -1,108 +0,0 @@ -From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:01:43 -0500 -Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake. - -The server collects up to a bufferload of data whenever it reads data -from the client socket. When SSL or GSS encryption is requested -during startup, any additional data received with the initial -request message remained in the buffer, and would be treated as -already-decrypted data once the encryption handshake completed. -Thus, a man-in-the-middle with the ability to inject data into the -TCP connection could stuff some cleartext data into the start of -a supposedly encryption-protected database session. - -This could be abused to send faked SQL commands to the server, -although that would only work if the server did not demand any -authentication data. (However, a server relying on SSL certificate -authentication might well not do so.) - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23214 ---- - src/backend/libpq/pqcomm.c | 12 ++++++++++++ - src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++ - src/include/libpq/libpq.h | 1 + - 3 files changed, 37 insertions(+) - -diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c -index ee2cd86866da..93f2e0b81d32 100644 ---- a/src/backend/libpq/pqcomm.c -+++ b/src/backend/libpq/pqcomm.c -@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) - } - } - -+/* -------------------------------- -+ * pq_buffer_has_data - is any buffered data available to read? -+ * -+ * This will *not* attempt to read more data. -+ * -------------------------------- -+ */ -+bool -+pq_buffer_has_data(void) -+{ -+ return (PqRecvPointer < PqRecvLength); -+} -+ - - /* -------------------------------- - * pq_startmsgread - begin reading a message from the client. -diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c -index 5775fc0c0910..1e0936e5b482 100644 ---- a/src/backend/postmaster/postmaster.c -+++ b/src/backend/postmaster/postmaster.c -@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the SSL handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after SSL request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another SSL negotiation request, and a GSS request should only -@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the GSS handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after GSSAPI encryption request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); -+ - /* - * regular startup packet, cancel, etc packet should follow, but not - * another GSS negotiation request, and an SSL request should only -diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h -index b1152475ace5..54c5fa779773 100644 ---- a/src/include/libpq/libpq.h -+++ b/src/include/libpq/libpq.h -@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen); - extern int pq_getbyte(void); - extern int pq_peekbyte(void); - extern int pq_getbyte_if_available(unsigned char *c); -+extern bool pq_buffer_has_data(void); - extern int pq_putbytes(const char *s, size_t len); - - /* diff --git a/CVE-2021-23222.patch b/CVE-2021-23222.patch deleted file mode 100644 index 0bd5ada95e7e5d55ff31c95837218655acb49754..0000000000000000000000000000000000000000 --- a/CVE-2021-23222.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Nov 2021 11:14:56 -0500 -Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption - handshake. - -libpq collects up to a bufferload of data whenever it reads data from -the socket. When SSL or GSS encryption is requested during startup, -any additional data received with the server's yes-or-no reply -remained in the buffer, and would be treated as already-decrypted data -once the encryption handshake completed. Thus, a man-in-the-middle -with the ability to inject data into the TCP connection could stuff -some cleartext data into the start of a supposedly encryption-protected -database session. - -This could probably be abused to inject faked responses to the -client's first few queries, although other details of libpq's behavior -make that harder than it sounds. A different line of attack is to -exfiltrate the client's password, or other sensitive data that might -be sent early in the session. That has been shown to be possible with -a server vulnerable to CVE-2021-23214. - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23222 ---- - doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ - src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 54 insertions(+) - -diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml -index e26619e1b53d..b692648fca47 100644 ---- a/doc/src/sgml/protocol.sgml -+++ b/doc/src/sgml/protocol.sgml -@@ -1471,6 +1471,20 @@ SELCT 1/0; - and proceed without requesting SSL. - - -+ -+ When SSL encryption can be performed, the server -+ is expected to send only the single S byte and then -+ wait for the frontend to initiate an SSL handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their SSL library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial SSLRequest can also be used in a connection that is being - opened to send a CancelRequest message. -@@ -1532,6 +1546,20 @@ SELCT 1/0; - encryption. - - -+ -+ When GSSAPI encryption can be performed, the server -+ is expected to send only the single G byte and then -+ wait for the frontend to initiate a GSSAPI handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (CVE-2021-23222). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their GSSAPI library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ -+ - - An initial GSSENCRequest can also be used in a connection that is being - opened to send a CancelRequest message. -diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c -index f80f4e98d8e0..57aee9518308 100644 ---- a/src/interfaces/libpq/fe-connect.c -+++ b/src/interfaces/libpq/fe-connect.c -@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_client(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the SSL -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after SSL response\n")); -+ goto error_return; -+ } -+ - /* SSL handshake done, ready to send startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; -@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn) - pollres = pqsecure_open_gss(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the GSS -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); -+ goto error_return; -+ } -+ - /* All set for startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; diff --git a/postgresql-13.3.tar.bz2 b/postgresql-12.16.tar.bz2 similarity index 68% rename from postgresql-13.3.tar.bz2 rename to postgresql-12.16.tar.bz2 index cd1774994fa0062d5650b2418ccf64c4e998c90e..d76b4bf61245c7648e2bfb7532c7f9a2c4875460 100644 Binary files a/postgresql-13.3.tar.bz2 and b/postgresql-12.16.tar.bz2 differ diff --git a/postgresql-12.16.tar.bz2.sha256 b/postgresql-12.16.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..aca50b6f7d6e649784c02f5b9bcc1504a1a5e5c5 --- /dev/null +++ b/postgresql-12.16.tar.bz2.sha256 @@ -0,0 +1 @@ +c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 postgresql-12.16.tar.bz2 diff --git a/postgresql-12.7.tar.bz2.sha256 b/postgresql-12.7.tar.bz2.sha256 deleted file mode 100644 index 7bbec0d68bb9caf613e4c5cea6dff3529a62ace3..0000000000000000000000000000000000000000 --- a/postgresql-12.7.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 postgresql-12.7.tar.bz2 diff --git a/postgresql-13.3-US.pdf b/postgresql-13.12-US.pdf similarity index 69% rename from postgresql-13.3-US.pdf rename to postgresql-13.12-US.pdf index 542844ef03da4dc9cb1a4b9393c7fb783772e43c..96e9b71e91e4a30234ef54302f6ce56daa61ee2d 100644 Binary files a/postgresql-13.3-US.pdf and b/postgresql-13.12-US.pdf differ diff --git a/postgresql-12.7.tar.bz2 b/postgresql-13.12.tar.bz2 similarity index 67% rename from postgresql-12.7.tar.bz2 rename to postgresql-13.12.tar.bz2 index 408ea5a5faed306c4aad3ae2d18d2932fc5cba5a..46ad4624eb8759a2834d5728ab15641b47dbcb93 100644 Binary files a/postgresql-12.7.tar.bz2 and b/postgresql-13.12.tar.bz2 differ diff --git a/postgresql-13.12.tar.bz2.sha256 b/postgresql-13.12.tar.bz2.sha256 new file mode 100644 index 0000000000000000000000000000000000000000..0d34232f40088a2ba7c2657de4ff20fed1b963f6 --- /dev/null +++ b/postgresql-13.12.tar.bz2.sha256 @@ -0,0 +1 @@ +0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b postgresql-13.12.tar.bz2 diff --git a/postgresql-13.3.tar.bz2.sha256 b/postgresql-13.3.tar.bz2.sha256 deleted file mode 100644 index 7898d34af591ae255a822e5d7fe86f61fad94682..0000000000000000000000000000000000000000 --- a/postgresql-13.3.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 postgresql-13.3.tar.bz2 diff --git a/postgresql-subtransaction-test.patch b/postgresql-subtransaction-test.patch deleted file mode 100644 index e470e18da996986a1b2fc587d7b658f3556e4e95..0000000000000000000000000000000000000000 --- a/postgresql-subtransaction-test.patch +++ /dev/null @@ -1,56 +0,0 @@ -Fix subtransaction test for Python 3.10 - -Starting with Python 3.10, the stacktrace looks differently: - - PL/Python function "subtransaction_exit_subtransaction_in_with", line 3, in - - s.__exit__(None, None, None) - + PL/Python function "subtransaction_exit_subtransaction_in_with", line 2, in - + with plpy.subtransaction() as s: -Using try/except specifically makes the error look always the same. - -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1959080 - -diff -up postgresql-13.2/src/pl/plpython/expected/plpython_subtransaction.out.patchnew postgresql-13.2/src/pl/plpython/expected/plpython_subtransaction.out ---- postgresql-13.2/src/pl/plpython/expected/plpython_subtransaction.out.patchnew 2021-02-08 22:54:11.000000000 +0100 -+++ postgresql-13.2/src/pl/plpython/expected/plpython_subtransaction.out 2021-05-11 21:04:25.085586012 +0200 -@@ -171,8 +171,11 @@ with plpy.subtransaction() as s: - $$ LANGUAGE plpythonu; - CREATE FUNCTION subtransaction_exit_subtransaction_in_with() RETURNS void - AS $$ --with plpy.subtransaction() as s: -- s.__exit__(None, None, None) -+try: -+ with plpy.subtransaction() as s: -+ s.__exit__(None, None, None) -+except ValueError as e: -+ raise ValueError(e) - $$ LANGUAGE plpythonu; - SELECT subtransaction_exit_without_enter(); - ERROR: ValueError: this subtransaction has not been entered -@@ -224,8 +227,8 @@ PL/Python function "subtransaction_enter - SELECT subtransaction_exit_subtransaction_in_with(); - ERROR: ValueError: this subtransaction has already been exited - CONTEXT: Traceback (most recent call last): -- PL/Python function "subtransaction_exit_subtransaction_in_with", line 3, in -- s.__exit__(None, None, None) -+ PL/Python function "subtransaction_exit_subtransaction_in_with", line 6, in -+ raise ValueError(e) - PL/Python function "subtransaction_exit_subtransaction_in_with" - -- Make sure we don't get a "current transaction is aborted" error - SELECT 1 as test; -diff -up postgresql-13.2/src/pl/plpython/sql/plpython_subtransaction.sql.patchnew postgresql-13.2/src/pl/plpython/sql/plpython_subtransaction.sql ---- postgresql-13.2/src/pl/plpython/sql/plpython_subtransaction.sql.patchnew 2021-02-08 22:54:11.000000000 +0100 -+++ postgresql-13.2/src/pl/plpython/sql/plpython_subtransaction.sql 2021-05-11 21:02:34.386415376 +0200 -@@ -121,8 +121,11 @@ $$ LANGUAGE plpythonu; - - CREATE FUNCTION subtransaction_exit_subtransaction_in_with() RETURNS void - AS $$ --with plpy.subtransaction() as s: -- s.__exit__(None, None, None) -+try: -+ with plpy.subtransaction() as s: -+ s.__exit__(None, None, None) -+except ValueError as e: -+ raise ValueError(e) - $$ LANGUAGE plpythonu; - - SELECT subtransaction_exit_without_enter(); diff --git a/postgresql.spec b/postgresql.spec index 7c969efdc4b258318789e56af3493579781c2530..b8b11328f19dc56d6de9571da6f8f91e24e5074e 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -35,8 +35,8 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 13 -Version: %{majorversion}.3 -Release: 8 +Version: %{majorversion}.12 +Release: 1 # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -44,7 +44,7 @@ License: PostgreSQL Url: http://www.postgresql.org/ %global prevmajorversion 12 -%global prevversion %{prevmajorversion}.7 +%global prevversion %{prevmajorversion}.16 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion} %global precise_version %{?epoch:%epoch:}%version-%release @@ -80,9 +80,6 @@ Patch8: postgresql-external-libpq.patch Patch9: postgresql-server-pg_config.patch Patch10: postgresql-no-libecpg.patch Patch11: postgresql-datalayout-mismatch-on-s390.patch -Patch12: CVE-2021-23214.patch -Patch13: CVE-2021-23222.patch -Patch14: postgresql-subtransaction-test.patch Patch15: postgresql-13.3-sw.patch BuildRequires: gcc @@ -345,22 +342,19 @@ goal of accelerating analytics queries. %endif ) %setup -q -a 12 -n postgresql-%{version} -%patch1 -p1 -%patch2 -p1 -%patch5 -p1 -%patch6 -p1 +%patch -P1 -p1 +%patch -P2 -p1 +%patch -P5 -p1 +%patch -P6 -p1 %if %external_libpq -%patch8 -p1 +%patch -P8 -p1 %else -%patch10 -p1 +%patch -P10 -p1 %endif -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 +%patch -P9 -p1 +%patch -P11 -p1 %ifarch sw_64 -%patch15 -p1 +%patch -P15 -p1 %endif # We used to run autoconf here, but there's no longer any real need to, @@ -1248,6 +1242,9 @@ make -C postgresql-setup-%{setup_version} check %changelog +* Mon Aug 14 2023 Funda Wang - 13.12-1 +- New version 13.12 + * Tue Apr 18 2023 Wenlong Zhang - 13.3-8 - Fix build error for loongarch64