From 699f879abdfd4cd5124f08368fa07680736927f7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 29 2019 11:39:07 +0000 Subject: import postgresql-9.2.24-1.el7_5 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dfc7670 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/postgresql-8.4.22.tar.bz2 +SOURCES/postgresql-9.2.24-US.pdf +SOURCES/postgresql-9.2.24.tar.bz2 diff --git a/.postgresql.metadata b/.postgresql.metadata new file mode 100644 index 0000000..595226a --- /dev/null +++ b/.postgresql.metadata @@ -0,0 +1,3 @@ +66a1286c4983121af35b76c97b97288013edc151 SOURCES/postgresql-8.4.22.tar.bz2 +1e15ef97f43382f8bcb750e7300bc1a7275dc096 SOURCES/postgresql-9.2.24-US.pdf +63d6966ccdbab6aae1f9754fdb8e341ada1ef653 SOURCES/postgresql-9.2.24.tar.bz2 diff --git a/SOURCES/Makefile.regress b/SOURCES/Makefile.regress new file mode 100644 index 0000000..43c7ba4 --- /dev/null +++ b/SOURCES/Makefile.regress @@ -0,0 +1,67 @@ +# +# Simplified makefile for running the PostgreSQL regression tests +# in an RPM installation +# + +# maximum simultaneous connections for parallel tests +MAXCONNOPT = +ifdef MAX_CONNECTIONS +MAXCONNOPT += --max-connections=$(MAX_CONNECTIONS) +endif + +# locale +NOLOCALE = +ifdef NO_LOCALE +NOLOCALE += --no-locale +endif + +srcdir := . + +REGRESS_OPTS += --dlpath=. + +pg_regress_locale_flags = $(if $(ENCODING),--encoding=$(ENCODING)) $(NOLOCALE) + +pg_regress_installcheck = ./pg_regress --inputdir=$(srcdir) --psqldir='/usr/bin' $(pg_regress_locale_flags) + +# Test input and expected files. These are created by pg_regress itself, so we +# don't have a rule to create them. We do need rules to clean them however. +ifile_list := $(subst .source,, $(notdir $(wildcard $(srcdir)/input/*.source))) +input_files := $(foreach file, $(ifile_list), sql/$(file).sql) +ofile_list := $(subst .source,, $(notdir $(wildcard $(srcdir)/output/*.source))) +output_files := $(foreach file, $(ofile_list), expected/$(file).out) + +abs_srcdir := $(shell pwd) +abs_builddir := $(shell pwd) + +check: installcheck-parallel + +installcheck: cleandirs + $(pg_regress_installcheck) $(REGRESS_OPTS) --schedule=$(srcdir)/serial_schedule $(EXTRA_TESTS) + +installcheck-parallel: cleandirs + $(pg_regress_installcheck) $(REGRESS_OPTS) --schedule=$(srcdir)/parallel_schedule $(MAXCONNOPT) $(EXTRA_TESTS) + +# The tests command the server to write into testtablespace and results. +# On a SELinux-enabled system this will fail unless we mark those directories +# as writable by the server. +cleandirs: + -rm -rf testtablespace results + mkdir testtablespace results + [ -x /usr/bin/chcon ] && /usr/bin/chcon -u system_u -r object_r -t postgresql_db_t testtablespace results + +# old interfaces follow... + +runcheck: check +runtest: installcheck +runtest-parallel: installcheck-parallel + + +## +## Clean up +## + +clean distclean maintainer-clean: + rm -f $(output_files) $(input_files) + rm -rf testtablespace + rm -rf results tmp_check log + rm -f regression.diffs regression.out regress.out run_check.out diff --git a/SOURCES/README.rpm-dist b/SOURCES/README.rpm-dist new file mode 100644 index 0000000..2d7482b --- /dev/null +++ b/SOURCES/README.rpm-dist @@ -0,0 +1,356 @@ +README.rpm-dist +----------------------------------------------------------------------------- +Version 9.2, for the PostgreSQL 9.2 RPM set. +Devrim Gündüz +----------------------------------------------------------------------------- + +Contents: + 1.) Introduction and QuickStart + 2.) Upgrading an installation + 3.) PostgreSQL RPM packages and rationale + 4.) Starting multiple postmasters + 5.) Regression Testing + 6.) Starting postmaster automatically on startup + 7.) Grand Unified Configuration(GUC) File + 8.) Logging set up + 9.) Rebuilding from the source RPM +10.) Contrib files +11.) Further Information Resource + +INTRODUCTION +----------------------------------------------------------------------------- +This document exists to explain the layout of the RPMs for PostgreSQL, to +describe various RPM specifics, and to document special features found +in the RPMset. + +This document is written to be applicable to version 9.2 of PostgreSQL, +which is the current version of the RPMs as of this writing. More to the +point, versions prior to 9.2 are not documented here. + +This document is intended for use only with the RPMs supplied in Red Hat +Enterprise Linux, CentOS and Fedora. Note that there are also "PGDG" +RPMs available directly from the upstream PostgreSQL project. Those are +slightly different. + +QUICKSTART (note that this requires postgresql-server installed) +----------------------------------------------------------------------------- +For a fresh installation, you will need to initialize the cluster first. Run: + + postgresql-setup initdb + +as root, and it will prepare a new database cluster for you. Then you will +need to start PostgreSQL. Again as root, run: + + systemctl start postgresql.service + +This command will start a postmaster that willl listen on localhost and Unix +socket 5432 only. Edit /var/lib/pgsql/data/postgresql.conf and pg_hba.conf +if you want to allow remote access -- see the section on Grand Unified +Configuration. + +You will probably also want to do + + systemctl enable postgresql.service + +so that the postmaster is automatically started during future reboots. + +The file /var/lib/pgsql/.bash_profile is packaged to help with the +setting of environment variables. You may edit this file, and it won't be +overwritten during an upgrade. However, enhancements and bugfixes may +be added to this file, so be sure to check .bash_profile.rpmnew after +upgrading. + +The user 'postgres' is created during installation of the server subpackage. +This user by default is UID and GID 26. The user has the default shell set to +bash, and the home directory set to /var/lib/pgsql. This user also has no +default password, so the only way to become this user is to su to it from root. +If you want to be able to su to it from a non-root account or log in directly +as 'postgres' you will need to set a password using passwd. + +UPGRADING AN INSTALLATION +----------------------------------------------------------------------------- +For a minor-version upgrade (such as 9.2.1 to 9.2.2), just install the +new RPMs; there's usually nothing more to it than that. Upgrading +across a major release of PostgreSQL (for example, from 9.1.x to 9.2.x) +requires more effort. + +If you are upgrading across more than one major release of PostgreSQL +(for example, from 8.3.x to 9.0.x), you will need to follow the "traditional" +dump and reload process to bring your data into the new version. That is: +*before* upgrading, run pg_dumpall to extract all your data into a SQL file. +Shut down the old postmaster, upgrade to the new version RPMs, initdb, +and run the dump file through psql to restore your data. + +In some major releases, the RPMs also support in-place upgrade from the +immediately previous major release. Currently, you can upgrade in-place +from 9.1.x to 9.2.x. This is much faster than a dump and reload. +To do an in-place upgrade: +* shut down the old postmaster ("systemctl stop postgresql.service") +* optionally make a backup of /var/lib/pgsql/data/ (recommended!) +* install the new version's RPMs (install all the ones you had before, + plus postgresql-upgrade) +* as root, run "postgresql-setup upgrade" +* update the configuration files /var/lib/pgsql/data/*.conf with any + customizations you had before (your old configuration files are in + /var/lib/pgsql/data-old/) +* as root, run "systemctl start postgresql.service" +* the postgresql-upgrade RPM can be removed after the update is complete, + as can /var/lib/pgsql/data-old/ + +NOTE: The in-place upgrade process is new and relatively poorly tested, +so if your data is critical it's a really good idea to make a tarball +backup of /var/lib/pgsql/data/ before running the upgrade. This will +let you get back to where you were in case of disaster. + +POSTGRESQL RPM PACKAGES AND RATIONALE. +----------------------------------------------------------------------------- +PostgreSQL is split up into multiple packages so that users can 'pick and +choose' what pieces are needed, and what dependencies are required. + +The RPMset is packaged in the following subpackages: + +postgresql: Key client programs and documentation +postgresql-libs: Client shared libraries +postgresql-server: Server executables and data files +postgresql-devel: Development libraries and include files +postgresql-test: The regression tests and associated files +postgresql-upgrade: Support files for upgrading from previous major version +postgresql-docs: Extra documentation, such as the tutorial files +postgresql-contrib: Add-on loadable modules and programs +postgresql-plperl: PL/Perl procedural language +postgresql-plpython: PL/Python procedural language (for Python 2) +postgresql-plpython3: PL/Python procedural language (for Python 3) +postgresql-pltcl: PL/Tcl procedural language + +You have to install postgresql and postgresql-libs to do anything. +postgresql-server is needed unless you only plan to use the clients to work +with a remote PostgreSQL server. The others are optional. + +Note that there are no postgresql-perl, postgresql-jdbc, postgresql-odbc, +postgresql-python, postgresql-tcl, or postgresql-tk subpackages any longer. +Those programs have been split off into separate source distributions. +They are still available, but in some cases not under those RPM names. + +RPM FILE LOCATIONS. +----------------------------------------------------------------------------- +To be in compliance with the Linux FHS, the PostgreSQL RPMs install files in +a manner not consistent with most of the PostgreSQL documentation. According +to the standard PostgreSQL documentation, PostgreSQL is installed under the +directory /usr/local/pgsql, with executables, source, and data existing in +various subdirectories. + +Different distributions have different ideas of some of these file locations. +In particular, the documentation directory can be /usr/doc, /usr/doc/packages, +/usr/share/doc, /usr/share/doc/packages, or some other similar path. + +However, the Red Hat / CentOS / Fedora RPM's install the files like +this: + +Executables: /usr/bin +Libraries: /usr/lib (or /usr/lib64 on 64-bit machines) +Documentation: /usr/share/doc/postgresql-docs-x.y.z/html +Contrib documentation: /usr/share/doc/postgresql-contrib-x.y.z +Source: not installed +Data: /var/lib/pgsql/data +Backup area: /var/lib/pgsql/backups +Templates: /usr/share/pgsql +Procedural Languages: /usr/lib/pgsql or /usr/lib64/pgsql +Development Headers: /usr/include/pgsql +Other shared data: /usr/share/pgsql +Regression tests: /usr/lib/pgsql/test/regress (in the -test package) + or /usr/lib64/pgsql/test/regress + +While it may seem gratuitous to place these files in different locations, the +FHS requires it -- distributions should not ever touch /usr/local. It may +also seem like more work to keep track of where everything is -- but, that's +the beauty of RPM -- you don't have to keep track of the files, RPM does it +for you. + +These RPMs are designed to be LSB-compliant -- if you find this not to be the +case, please let us know by way of the pgsqlrpms-hackers@pgfoundry.org +mailing list. + +MULTIPLE POSTMASTERS +------------------------------------------------------------------------------- +The postgresql-server RPM contains a systemd "unit" file, postgresql.service, +that is used to start the PostgreSQL postmaster. If you need to run multiple +postmasters on one machine, you can create additional unit files derived +from this one. + +As an example, let us create a secondary postmaster called, creatively enough, +'secondary'. Here are the steps: +1.) Create a file named /etc/systemd/system/secondary.service. + (Note that user-created unit files must go into /etc not /lib!) + Put these lines in it: + .include /lib/systemd/system/postgresql.service + [Service] + Environment=PGPORT=nnnn + Environment=PGDATA=/path/to/data/directory + Replace "nnnn" and "/path/to/data/directory" with appropriate + settings that don't conflict with any other postmaster. +2.) As root, do "/bin/systemctl daemon-reload" to ensure systemd has + noticed your updates to the service file. +3.) Create the target PGDATA directory, making sure that its parent + directories have appropriate ownership and permissions. +4.) Initdb the target PGDATA with 'postgresql-setup initdb secondary'. +5.) Edit postgresql.conf in the target PGDATA to change settings as needed. +6.) Start the new postmaster with 'systemctl start secondary.service'. + You will probably also want to do 'systemctl enable secondary.service' + so that the new postmaster is automatically started in future reboots. + +When doing a major-version upgrade of a secondary postmaster, add the +service name to the postgresql-setup command, for example 'postgresql-setup +upgrade secondary'. This will let postgresql-setup find the correct data +directory from the service file. + +If you are running SELinux in enforcing mode (which is highly recommended, +particularly for network-exposed services like PostgreSQL) you will need to +adjust SELinux policy to allow the postmaster to use non-default PGPORT or +PGDATA settings. To allow use of a non-default port, say 5433, do this +as root: + semanage port -a -t postgresql_port_t -p tcp 5433 +To allow use of a non-default data directory, say /special/pgdata, do: + semanage fcontext -a -t postgresql_db_t "/special/pgdata(/.*)?" +If you already created the directory, follow that with: + restorecon -R /special/pgdata +These settings are persistent across reboots. For more information +see "man semanage". + +REGRESSION TESTING +------------------------------------------------------------------------------- +If you install the postgresql-test RPM then you can run the PostgreSQL +regression tests. These tests stress your database installation and produce +results that give you assurances that the installation is complete, and that +your database machine is up to the task. + +To run the regression tests under the RPM installation, make sure that the +postmaster has been started (if not, su to root and do "systemctl start +postgresql.service"), su to postgres, cd to /usr/lib/pgsql/test/regress +(or /usr/lib64/pgsql/test/regress on a 64-bit machine), +and execute "make check". +This command will start the regression tests and will both show the +results to the screen and store the results in the file regress.out. + +If any tests fail, see the file regression.diffs in that directory for details, +and read the "Regression Tests" section of the PostgreSQL documentation to +find out whether the differences are actually significant. If you need help +interpreting the results, contact the pgsql-general list at +postgresql.org. + +After testing, run "make clean" to remove the files generated by the test +script. Then you can remove the postgresql-test RPM, if you wish. + +STARTING POSTMASTER AUTOMATICALLY AT SYSTEM STARTUP +------------------------------------------------------------------------------- +Fedora / Red Hat / CentOS use the systemd package to manage server startup. +A systemd unit file for PostgreSQL is provided in the server package, as +/lib/systemd/system/postgresql.service. To start the postmaster manually, +as root run + systemctl start postgresql.service +To shut the postmaster down, + systemctl stop postgresql.service +These two commands only change the postmaster's current status. If you +want the postmaster to be started automatically during future system startups, +run + systemctl enable postgresql.service +To undo that again, + systemctl disable postgresql.service +See "man systemctl" for other possible subcommands. + +GRAND UNIFIED CONFIGURATION (GUC) FILE +------------------------------------------------------------------------------- +The PostgreSQL server has many tunable parameters -- the file +/var/lib/pgsql/data/postgresql.conf is the master configuration file for the +whole system. + +The RPM ships with a mostly-default file -- you will need to tune the +parameters for your installation. In particular, you might want to allow +nonlocal TCP/IP socket connections -- in order to allow these, you will need +to edit the postgresql.conf file. The line in question contains the string +'listen_addresses' -- you need to both uncomment the line and set the value +to '*' to get the postmaster to accept nonlocal connections. You'll also need +to adjust pg_hba.conf appropriately. + +LOGGING SET UP +------------------------------------------------------------------------------- +By default, the postmaster's stderr log is directed into files placed in a +pg_log subdirectory of the data directory (ie, /var/lib/pgsql/data/pg_log). +The out-of-the-box configuration rotates among seven files, one for each +day of the week. You can adjust this by changing postgresql.conf settings. + +REBUILDING FROM SOURCE RPM +------------------------------------------------------------------------------- +If your distribution is not supported by the binary RPMs from PostgreSQL.org, +you will need to rebuild from the source RPM. + +If you have not previously rebuilt any RPMs, set up the required environment: +make a work directory, say ~/rpmwork, then cd into it and do + mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS +Then make a file ~/.rpmmacros containing + %_topdir + +Download the postgresql .src.rpm for the release you want and place it in +the SRPMS subdirectory, then cd there and execute + rpmbuild --rebuild postgresql-nnn.src.rpm +The results will appear under the RPMS subdirectory. + +You will have to have a full development environment to rebuild the RPM set. +If rpmbuild complains of lack of certain packages, install them and try +again. In some cases, you can disable features to avoid needing some +development packages, as detailed next. + +This release of the RPMset includes the ability to conditionally build +sets of packages. The parameters, their defaults, and the meanings are: + +beta 0 #build with cassert and do not strip the binaries +runselftest 1 #do "make check" during the build +test 1 #build the postgresql-test package +upgrade 1 #build the postgresql-upgrade package +plpython 1 #build the PL/Python procedural language package +plpython3 1 #build the PL/Python3 procedural language package +pltcl 1 #build the PL/Tcl procedural language package +plperl 1 #build the PL/Perl procedural language package +ssl 1 #build with OpenSSL support +kerberos 1 #build with Kerberos 5 support +ldap 1 #build with LDAP support +nls 1 #build with national language support +pam 1 #build with PAM support +sdt 1 #build with SystemTap support +xml 1 #build with XML support +pgfts 1 #build with --enable-thread-safety +selinux 1 #build contrib/selinux +uuid 1 #build contrib/uuid-ossp + +To use these defines, invoke a rebuild like this: +rpmbuild --rebuild --define 'plpython 0' --define 'pltcl 0' \ + --define 'test 0' --define 'runselftest 0' --define 'kerberos 0' \ + postgresql-9.2.0-1.src.rpm +This line would disable the plpython, pltcl, and test subpackages, disable +the regression test run during build, and disable kerberos support. + +You might need to disable runselftest if there is an installed version of +PostgreSQL that is a different major version from what you are trying to +build. The self test tends to pick up the installed libpq.so shared library +in place of the one being built :-(, so if that isn't compatible the test will +fail. Also, you can't use runselftest when doing the build as root. + +More of these conditionals will be added in the future. + +CONTRIB FILES +------------------------------------------------------------------------------- +The contents of the contrib tree are packaged into the -contrib subpackage +and are processed with make and make install. There is documentation in +/usr/share/doc/postgresql-contrib-VERSION for these modules. Most of the +modules are in /usr/lib/pgsql (or /usr/lib64/pgsql) for loadable +modules, and binaries are in /usr/bin. In the future these files may be +split out, depending upon function and dependencies. + +MORE INFORMATION +------------------------------------------------------------------------------- +You can get more information at http://www.postgresql.org and +http://yum.pgsqlrpms.org + +Please help make this packaging better -- let us know if you find problems, or +better ways of doing things. You can reach us by e-mail at +pgsqlrpms-hackers@pgfoundry.org +------------------------------------------------------------------------------- diff --git a/SOURCES/ecpg_config.h b/SOURCES/ecpg_config.h new file mode 100644 index 0000000..6fecfcb --- /dev/null +++ b/SOURCES/ecpg_config.h @@ -0,0 +1,29 @@ +/* + * Kluge to support multilib installation of both 32- and 64-bit RPMS: + * we need to arrange that header files that appear in both RPMs are + * identical. Hence, this file is architecture-independent and calls + * in an arch-dependent file that will appear in just one RPM. + * + * To avoid breaking arches not explicitly supported by Red Hat, we + * use this indirection file *only* on known multilib arches. + * + * Note: this may well fail if user tries to use gcc's -I- option. + * But that option is deprecated anyway. + */ +#if defined(__x86_64__) +#include "ecpg_config_x86_64.h" +#elif defined(__i386__) +#include "ecpg_config_i386.h" +#elif defined(__ppc64__) || defined(__powerpc64__) +#include "ecpg_config_ppc64.h" +#elif defined(__ppc__) || defined(__powerpc__) +#include "ecpg_config_ppc.h" +#elif defined(__s390x__) +#include "ecpg_config_s390x.h" +#elif defined(__s390__) +#include "ecpg_config_s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "ecpg_config_sparc64.h" +#elif defined(__sparc__) +#include "ecpg_config_sparc.h" +#endif diff --git a/SOURCES/generate-pdf.sh b/SOURCES/generate-pdf.sh new file mode 100755 index 0000000..1365bb4 --- /dev/null +++ b/SOURCES/generate-pdf.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +# This script builds the PDF version of the PostgreSQL documentation. +# +# In principle we could do this as part of the RPM build, but there are +# good reasons not to: +# 1. The build would take longer and have a larger BuildRequires footprint. +# 2. The generated PDF has timestamps in it, which would inevitably result +# in multilib conflicts due to slightly different timestamps. +# So instead, we run this manually when rebasing to a new upstream release, +# and treat the resulting PDF as a separate Source file. +# +# You will need to have the docbook packages installed to run this. +# Expect it to take about 20 minutes and use about 160MB of disk. + +set -e + +# Pass package version (e.g., 9.1.2) as argument +VERSION=$1 + +TARGETFILE=postgresql-$VERSION-US.pdf + +echo Building $TARGETFILE ... + +# Unpack postgresql + +rm -rf postgresql-$VERSION + +tar xfj postgresql-$VERSION.tar.bz2 + +cd postgresql-$VERSION + +# Apply any patches that affect the PDF documentation + +patch -p1 < ../postgresql-multi-sockets.patch + +# Configure ... + +./configure >/dev/null + +# Build the PDF docs + +cd doc/src/sgml + +make postgres-US.pdf >make.log + +mv -f postgres-US.pdf ../../../../$TARGETFILE + +# Clean up + +cd ../../../.. + +rm -rf postgresql-$VERSION + +exit 0 diff --git a/SOURCES/initdb.sh b/SOURCES/initdb.sh new file mode 100755 index 0000000..c238574 --- /dev/null +++ b/SOURCES/initdb.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# +# Legacy action script for "service postgresql initdb" + +# Find the name of the service +SERVICE_NAME=$(basename $(dirname "$0")) +if [ x"$SERVICE_NAME" = x. ] +then + SERVICE_NAME=postgresql +fi + +echo Hint: the preferred way to do this is now '"postgresql-setup initdb"' >&2 + +/usr/bin/postgresql-setup initdb "$SERVICE_NAME" + +exit $? diff --git a/SOURCES/pg_config.h b/SOURCES/pg_config.h new file mode 100644 index 0000000..97ef2ba --- /dev/null +++ b/SOURCES/pg_config.h @@ -0,0 +1,29 @@ +/* + * Kluge to support multilib installation of both 32- and 64-bit RPMS: + * we need to arrange that header files that appear in both RPMs are + * identical. Hence, this file is architecture-independent and calls + * in an arch-dependent file that will appear in just one RPM. + * + * To avoid breaking arches not explicitly supported by Red Hat, we + * use this indirection file *only* on known multilib arches. + * + * Note: this may well fail if user tries to use gcc's -I- option. + * But that option is deprecated anyway. + */ +#if defined(__x86_64__) +#include "pg_config_x86_64.h" +#elif defined(__i386__) +#include "pg_config_i386.h" +#elif defined(__ppc64__) || defined(__powerpc64__) +#include "pg_config_ppc64.h" +#elif defined(__ppc__) || defined(__powerpc__) +#include "pg_config_ppc.h" +#elif defined(__s390x__) +#include "pg_config_s390x.h" +#elif defined(__s390__) +#include "pg_config_s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "pg_config_sparc64.h" +#elif defined(__sparc__) +#include "pg_config_sparc.h" +#endif diff --git a/SOURCES/postgresql-9.2.4-aarch64-atomic-upgrade.patch b/SOURCES/postgresql-9.2.4-aarch64-atomic-upgrade.patch new file mode 100644 index 0000000..2b8c82e --- /dev/null +++ b/SOURCES/postgresql-9.2.4-aarch64-atomic-upgrade.patch @@ -0,0 +1,34 @@ +diff --git a/postgresql-9.1.9/src/include/storage/s_lock.h b/postgresql-9.1.9/src/include/storage/s_lock.h +index 987fb9c..1ba718c 100644 +--- a/postgresql-9.1.9/src/include/storage/s_lock.h ++++ b/postgresql-9.1.9/src/include/storage/s_lock.h +@@ -296,6 +296,29 @@ tas(volatile slock_t *lock) + #endif /* __arm__ */ + + ++/* ++ * On ARM64, we use __sync_lock_test_and_set(int *, int) if available. ++ */ ++#if defined(__aarch64__) || defined(__aarch64) ++#ifdef HAVE_GCC_INT_ATOMICS ++#define HAS_TEST_AND_SET ++ ++#define TAS(lock) tas(lock) ++ ++typedef int slock_t; ++ ++static __inline__ int ++tas(volatile slock_t *lock) ++{ ++ return __sync_lock_test_and_set(lock, 1); ++} ++ ++#define S_UNLOCK(lock) __sync_lock_release(lock) ++ ++#endif /* HAVE_GCC_INT_ATOMICS */ ++#endif /* __aarch64__ */ ++ ++ + /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ + #if defined(__s390__) || defined(__s390x__) + #define HAS_TEST_AND_SET diff --git a/SOURCES/postgresql-9.2.4-upgrade-and-perm-problems.patch b/SOURCES/postgresql-9.2.4-upgrade-and-perm-problems.patch new file mode 100644 index 0000000..4cdcc77 --- /dev/null +++ b/SOURCES/postgresql-9.2.4-upgrade-and-perm-problems.patch @@ -0,0 +1,54 @@ +diff --git a/contrib/pg_upgrade/server.c b/contrib/pg_upgrade/server.c +index c5ecb84..a519a9e 100644 +--- a/contrib/pg_upgrade/server.c ++++ b/contrib/pg_upgrade/server.c +@@ -166,7 +166,6 @@ static void + stop_postmaster_atexit(void) + { + stop_postmaster(true); +- + } + + +@@ -235,7 +234,23 @@ start_postmaster(ClusterInfo *cluster) + false, + "%s", cmd); + +- /* Check to see if we can connect to the server; if not, report it. */ ++ /* ++ * We set this here to make sure atexit() shuts down the server, ++ * but only if we started the server successfully. We do it ++ * before checking for connectivity in case the server started but ++ * there is a connectivity failure. If pg_ctl did not return success, ++ * we will exit below. ++ */ ++ if (pg_ctl_return) ++ os_info.running_cluster = cluster; ++ ++ /* ++ * pg_ctl -w might have failed because the server couldn't be started, ++ * or there might have been a connection problem in _checking_ if the ++ * server has started. Therefore, even if pg_ctl failed, we continue ++ * and test for connectivity in case we get a connection reason for the ++ * failure. ++ */ + if ((conn = get_db_conn(cluster, "template1")) == NULL || + PQstatus(conn) != CONNECTION_OK) + { +@@ -249,12 +264,13 @@ start_postmaster(ClusterInfo *cluster) + } + PQfinish(conn); + +- /* If the connection didn't fail, fail now */ ++ /* ++ * If pg_ctl failed, and the connection didn't fail, fail now. This ++ * could happen if the server was already running. ++ */ + if (!pg_ctl_return) + pg_log(PG_FATAL, "pg_ctl failed to start the %s server, or connection failed\n", + CLUSTER_NAME(cluster)); +- +- os_info.running_cluster = cluster; + } + + diff --git a/SOURCES/postgresql-9.2.4-upgrade-from-8.4.13.patch b/SOURCES/postgresql-9.2.4-upgrade-from-8.4.13.patch new file mode 100644 index 0000000..816cf2f --- /dev/null +++ b/SOURCES/postgresql-9.2.4-upgrade-from-8.4.13.patch @@ -0,0 +1,13 @@ +diff --git a/postgresql-8.4.13/src/backend/utils/misc/guc.c b/postgresql-8.4.13/src/backend/utils/misc/guc.c +index 0ceb89f..03f4f79 100644 +--- a/postgresql-8.4.13/src/backend/utils/misc/guc.c ++++ b/postgresql-8.4.13/src/backend/utils/misc/guc.c +@@ -2421,7 +2421,7 @@ static struct config_string ConfigureNamesString[] = + GUC_SUPERUSER_ONLY + }, + &UnixSocketDir, +- "", assign_canonical_path, NULL ++ "/var/run/postgresql/", assign_canonical_path, NULL + }, + + { diff --git a/SOURCES/postgresql-CVE-2018-10915.patch b/SOURCES/postgresql-CVE-2018-10915.patch new file mode 100644 index 0000000..33535a3 --- /dev/null +++ b/SOURCES/postgresql-CVE-2018-10915.patch @@ -0,0 +1,1282 @@ +From c0af30b47db023b87c4eb6b55190a8c081697241 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Fri, 7 Sep 2012 16:02:23 -0400 +Subject: [PATCH 1/4] Centralize libpq's low-level code for dropping a + connection. + +Create an internal function pqDropConnection that does the physical socket +close and cleans up closely-associated state. This removes a bunch of ad +hoc, not always consistent closure code. The ulterior motive is to have a +single place to wait for a spawned child backend to exit, but this seems +like good cleanup even if that never happens. + +I went back and forth on whether to include "conn->status = CONNECTION_BAD" +in pqDropConnection's actions, but for the moment decided not to. Only a +minority of the call sites actually want that, and in any case it's +arguable that conn->status is slightly higher-level state, and thus not +part of this function's purview. + +Upstream commit: 210eb9b743c0645df05e5c8be4490ba4f09fc871 +--- + src/interfaces/libpq/fe-connect.c | 95 +++++++++++------------------ + src/interfaces/libpq/fe-misc.c | 5 +- + src/interfaces/libpq/fe-protocol3.c | 4 +- + src/interfaces/libpq/libpq-int.h | 1 + + 4 files changed, 38 insertions(+), 67 deletions(-) + +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index 28b96a6..6985118 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -363,6 +363,28 @@ static void default_threadlock(int acquire); + pgthreadlock_t pg_g_threadlock = default_threadlock; + + ++/* ++ * pqDropConnection ++ * ++ * Close any physical connection to the server, and reset associated ++ * state inside the connection object. We don't release state that ++ * would be needed to reconnect, though. ++ */ ++void ++pqDropConnection(PGconn *conn) ++{ ++ /* Drop any SSL state */ ++ pqsecure_close(conn); ++ /* Close the socket itself */ ++ if (conn->sock >= 0) ++ closesocket(conn->sock); ++ conn->sock = -1; ++ /* Discard any unread/unsent data */ ++ conn->inStart = conn->inCursor = conn->inEnd = 0; ++ conn->outCount = 0; ++} ++ ++ + /* + * Connecting to a Database + * +@@ -1477,12 +1499,7 @@ connectDBStart(PGconn *conn) + return 1; + + connect_errReturn: +- if (conn->sock >= 0) +- { +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; +- } ++ pqDropConnection(conn); + conn->status = CONNECTION_BAD; + return 0; + } +@@ -1720,8 +1737,7 @@ keep_going: /* We will come back to here until there is + { + if (!connectNoDelay(conn)) + { +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1731,8 +1747,7 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to non-blocking mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1743,8 +1758,7 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to close-on-exec mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1792,8 +1806,7 @@ keep_going: /* We will come back to here until there is + + if (err) + { +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1880,11 +1893,7 @@ keep_going: /* We will come back to here until there is + * failure and keep going if there are more addresses. + */ + connectFailureMessage(conn, SOCK_ERRNO); +- if (conn->sock >= 0) +- { +- closesocket(conn->sock); +- conn->sock = -1; +- } ++ pqDropConnection(conn); + + /* + * Try the next address, if any. +@@ -1929,6 +1938,7 @@ keep_going: /* We will come back to here until there is + * error message. + */ + connectFailureMessage(conn, optval); ++ pqDropConnection(conn); + + /* + * If more addresses remain, keep trying, just as in the +@@ -1936,11 +1946,6 @@ keep_going: /* We will come back to here until there is + */ + if (conn->addr_cur->ai_next != NULL) + { +- if (conn->sock >= 0) +- { +- closesocket(conn->sock); +- conn->sock = -1; +- } + conn->addr_cur = conn->addr_cur->ai_next; + conn->status = CONNECTION_NEEDED; + goto keep_going; +@@ -2215,12 +2220,8 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->allow_ssl_try = false; + /* Must drop the old connection */ +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_NEEDED; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + goto keep_going; + } + } +@@ -2330,13 +2331,8 @@ keep_going: /* We will come back to here until there is + { + conn->pversion = PG_PROTOCOL(2, 0); + /* Must drop the old connection */ +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_NEEDED; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + goto keep_going; + } + +@@ -2401,12 +2397,8 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->wait_ssl_try = false; + /* Must drop the old connection */ +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_NEEDED; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + goto keep_going; + } + +@@ -2421,13 +2413,8 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->allow_ssl_try = false; + /* Must drop the old connection */ +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_NEEDED; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + goto keep_going; + } + #endif +@@ -2587,13 +2574,8 @@ keep_going: /* We will come back to here until there is + PQclear(res); + conn->send_appname = false; + /* Must drop the old connection */ +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_NEEDED; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + goto keep_going; + } + } +@@ -2987,12 +2969,7 @@ closePGconn(PGconn *conn) + /* + * Close the connection, reset all transient state, flush I/O buffers. + */ +- if (conn->sock >= 0) +- { +- pqsecure_close(conn); +- closesocket(conn->sock); +- } +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_BAD; /* Well, not really _bad_ - just + * absent */ + conn->asyncStatus = PGASYNC_IDLE; +@@ -3022,8 +2999,6 @@ closePGconn(PGconn *conn) + if (conn->lobjfuncs) + free(conn->lobjfuncs); + conn->lobjfuncs = NULL; +- conn->inStart = conn->inCursor = conn->inEnd = 0; +- conn->outCount = 0; + #ifdef ENABLE_GSS + { + OM_uint32 min_s; +diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c +index 8b0d8ef..c1c5c75 100644 +--- a/src/interfaces/libpq/fe-misc.c ++++ b/src/interfaces/libpq/fe-misc.c +@@ -815,11 +815,8 @@ definitelyEOF: + + /* Come here if lower-level code already set a suitable errorMessage */ + definitelyFailed: ++ pqDropConnection(conn); + conn->status = CONNECTION_BAD; /* No more connection to backend */ +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; +- + return -1; + } + +diff --git a/src/interfaces/libpq/fe-protocol3.c b/src/interfaces/libpq/fe-protocol3.c +index f997257..b130b4c 100644 +--- a/src/interfaces/libpq/fe-protocol3.c ++++ b/src/interfaces/libpq/fe-protocol3.c +@@ -457,9 +457,7 @@ handleSyncLoss(PGconn *conn, char id, int msgLength) + pqSaveErrorResult(conn); + conn->asyncStatus = PGASYNC_READY; /* drop out of GetResult wait loop */ + +- pqsecure_close(conn); +- closesocket(conn->sock); +- conn->sock = -1; ++ pqDropConnection(conn); + conn->status = CONNECTION_BAD; /* No more connection to backend */ + } + +diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h +index bc2be3c..70b956b 100644 +--- a/src/interfaces/libpq/libpq-int.h ++++ b/src/interfaces/libpq/libpq-int.h +@@ -489,6 +489,7 @@ extern char *const pgresStatus[]; + + /* === in fe-connect.c === */ + ++extern void pqDropConnection(PGconn *conn); + extern int pqPacketSend(PGconn *conn, char pack_type, + const void *buf, size_t buf_len); + extern bool pqGetHomeDirectory(char *buf, int bufsize); +-- +2.17.1 + + +From 299e76cdeebf150f51cf29fa4269ae02cf6e7f24 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Thu, 12 Nov 2015 13:03:53 -0500 +Subject: [PATCH 2/4] Fix unwanted flushing of libpq's input buffer when socket + EOF is seen. + +In commit 210eb9b743c0645d I centralized libpq's logic for closing down +the backend communication socket, and made the new pqDropConnection +routine always reset the I/O buffers to empty. Many of the call sites +previously had not had such code, and while that amounted to an oversight +in some cases, there was one place where it was intentional and necessary +*not* to flush the input buffer: pqReadData should never cause that to +happen, since we probably still want to process whatever data we read. + +This is the true cause of the problem Robert was attempting to fix in +c3e7c24a1d60dc6a, namely that libpq no longer reported the backend's final +ERROR message before reporting "server closed the connection unexpectedly". +But that only accidentally fixed it, by invoking parseInput before the +input buffer got flushed; and very likely there are timing scenarios +where we'd still lose the message before processing it. + +To fix, pass a flag to pqDropConnection to tell it whether to flush the +input buffer or not. On review I think flushing is actually correct for +every other call site. + +Back-patch to 9.3 where the problem was introduced. In HEAD, also improve +the comments added by c3e7c24a1d60dc6a. + +Upstream commit: db6e8e1624a8f0357373450136c850f2b6e7fc8a +--- + src/interfaces/libpq/fe-connect.c | 38 +++++++++++++++++------------ + src/interfaces/libpq/fe-misc.c | 3 ++- + src/interfaces/libpq/fe-protocol3.c | 4 +-- + src/interfaces/libpq/libpq-int.h | 2 +- + 4 files changed, 27 insertions(+), 20 deletions(-) + +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index 6985118..c22901d 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -369,9 +369,13 @@ pgthreadlock_t pg_g_threadlock = default_threadlock; + * Close any physical connection to the server, and reset associated + * state inside the connection object. We don't release state that + * would be needed to reconnect, though. ++ * ++ * We can always flush the output buffer, since there's no longer any hope ++ * of sending that data. However, unprocessed input data might still be ++ * valuable, so the caller must tell us whether to flush that or not. + */ + void +-pqDropConnection(PGconn *conn) ++pqDropConnection(PGconn *conn, bool flushInput) + { + /* Drop any SSL state */ + pqsecure_close(conn); +@@ -379,8 +383,10 @@ pqDropConnection(PGconn *conn) + if (conn->sock >= 0) + closesocket(conn->sock); + conn->sock = -1; +- /* Discard any unread/unsent data */ +- conn->inStart = conn->inCursor = conn->inEnd = 0; ++ /* Optionally discard any unread data */ ++ if (flushInput) ++ conn->inStart = conn->inCursor = conn->inEnd = 0; ++ /* Always discard any unsent data */ + conn->outCount = 0; + } + +@@ -1499,7 +1505,7 @@ connectDBStart(PGconn *conn) + return 1; + + connect_errReturn: +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_BAD; + return 0; + } +@@ -1737,7 +1743,7 @@ keep_going: /* We will come back to here until there is + { + if (!connectNoDelay(conn)) + { +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1747,7 +1753,7 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to non-blocking mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1758,7 +1764,7 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to close-on-exec mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1806,7 +1812,7 @@ keep_going: /* We will come back to here until there is + + if (err) + { +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->addr_cur = addr_cur->ai_next; + continue; + } +@@ -1893,7 +1899,7 @@ keep_going: /* We will come back to here until there is + * failure and keep going if there are more addresses. + */ + connectFailureMessage(conn, SOCK_ERRNO); +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + + /* + * Try the next address, if any. +@@ -1938,7 +1944,7 @@ keep_going: /* We will come back to here until there is + * error message. + */ + connectFailureMessage(conn, optval); +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + + /* + * If more addresses remain, keep trying, just as in the +@@ -2220,7 +2226,7 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->allow_ssl_try = false; + /* Must drop the old connection */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_NEEDED; + goto keep_going; + } +@@ -2331,7 +2337,7 @@ keep_going: /* We will come back to here until there is + { + conn->pversion = PG_PROTOCOL(2, 0); + /* Must drop the old connection */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_NEEDED; + goto keep_going; + } +@@ -2397,7 +2403,7 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->wait_ssl_try = false; + /* Must drop the old connection */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_NEEDED; + goto keep_going; + } +@@ -2413,7 +2419,7 @@ keep_going: /* We will come back to here until there is + /* only retry once */ + conn->allow_ssl_try = false; + /* Must drop the old connection */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_NEEDED; + goto keep_going; + } +@@ -2574,7 +2580,7 @@ keep_going: /* We will come back to here until there is + PQclear(res); + conn->send_appname = false; + /* Must drop the old connection */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_NEEDED; + goto keep_going; + } +@@ -2969,7 +2975,7 @@ closePGconn(PGconn *conn) + /* + * Close the connection, reset all transient state, flush I/O buffers. + */ +- pqDropConnection(conn); ++ pqDropConnection(conn, true); + conn->status = CONNECTION_BAD; /* Well, not really _bad_ - just + * absent */ + conn->asyncStatus = PGASYNC_IDLE; +diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c +index c1c5c75..58c9ce0 100644 +--- a/src/interfaces/libpq/fe-misc.c ++++ b/src/interfaces/libpq/fe-misc.c +@@ -815,7 +815,8 @@ definitelyEOF: + + /* Come here if lower-level code already set a suitable errorMessage */ + definitelyFailed: +- pqDropConnection(conn); ++ /* Do *not* drop any already-read data; caller still wants it */ ++ pqDropConnection(conn, false); + conn->status = CONNECTION_BAD; /* No more connection to backend */ + return -1; + } +diff --git a/src/interfaces/libpq/fe-protocol3.c b/src/interfaces/libpq/fe-protocol3.c +index b130b4c..88ff74a 100644 +--- a/src/interfaces/libpq/fe-protocol3.c ++++ b/src/interfaces/libpq/fe-protocol3.c +@@ -456,8 +456,8 @@ handleSyncLoss(PGconn *conn, char id, int msgLength) + /* build an error result holding the error message */ + pqSaveErrorResult(conn); + conn->asyncStatus = PGASYNC_READY; /* drop out of GetResult wait loop */ +- +- pqDropConnection(conn); ++ /* flush input data since we're giving up on processing it */ ++ pqDropConnection(conn, true); + conn->status = CONNECTION_BAD; /* No more connection to backend */ + } + +diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h +index 70b956b..8843ccb 100644 +--- a/src/interfaces/libpq/libpq-int.h ++++ b/src/interfaces/libpq/libpq-int.h +@@ -489,7 +489,7 @@ extern char *const pgresStatus[]; + + /* === in fe-connect.c === */ + +-extern void pqDropConnection(PGconn *conn); ++extern void pqDropConnection(PGconn *conn, bool flushInput); + extern int pqPacketSend(PGconn *conn, char pack_type, + const void *buf, size_t buf_len); + extern bool pqGetHomeDirectory(char *buf, int bufsize); +-- +2.17.1 + + +From 3b08b525a118be43a334045409b1bad9cfaeb438 Mon Sep 17 00:00:00 2001 +From: Heikki Linnakangas +Date: Wed, 7 Jun 2017 14:01:46 +0300 +Subject: [PATCH 3/4] Clear auth context correctly when re-connecting after + failed auth attempt. + +If authentication over an SSL connection fails, with sslmode=prefer, +libpq will reconnect without SSL and retry. However, we did not clear +the variables related to GSS, SSPI, and SASL authentication state, when +reconnecting. Because of that, the second authentication attempt would +always fail with a "duplicate GSS/SASL authentication request" error. +pg_SSPI_startup did not check for duplicate authentication requests like +the corresponding GSS and SASL functions, so with SSPI, you would leak +some memory instead. + +Another way this could manifest itself, on version 10, is if you list +multiple hostnames in the "host" parameter. If the first server requests +Kerberos or SCRAM authentication, but it fails, the attempts to connect to +the other servers will also fail with "duplicate authentication request" +errors. + +To fix, move the clearing of authentication state from closePGconn to +pgDropConnection, so that it is cleared also when re-connecting. + +Patch by Michael Paquier, with some kibitzing by me. + +Backpatch down to 9.3. 9.2 has the same bug, but the code around closing +the connection is somewhat different, so that this patch doesn't apply. +To fix this in 9.2, I think we would need to back-port commit 210eb9b743 +first, and then apply this patch. However, given that we only bumped into +this in our own testing, we haven't heard any reports from users about +this, and that 9.2 will be end-of-lifed in a couple of months anyway, it +doesn't seem worth the risk and trouble. + +Discussion: https://www.postgresql.org/message-id/CAB7nPqRuOUm0MyJaUy9L3eXYJU3AKCZ-0-03=-aDTZJGV4GyWw@mail.gmail.com + +Upstream commit: f2fa0c6514b6c5b7bccfe5050f6791dea1113c2e +--- + src/interfaces/libpq/fe-auth.c | 7 ++- + src/interfaces/libpq/fe-connect.c | 76 +++++++++++++++++-------------- + 2 files changed, 47 insertions(+), 36 deletions(-) + +diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c +index d10bd9f..ee961d9 100644 +--- a/src/interfaces/libpq/fe-auth.c ++++ b/src/interfaces/libpq/fe-auth.c +@@ -618,7 +618,12 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate) + SECURITY_STATUS r; + TimeStamp expire; + +- conn->sspictx = NULL; ++ if (conn->sspictx) ++ { ++ printfPQExpBuffer(&conn->errorMessage, ++ libpq_gettext("duplicate SSPI authentication request\n")); ++ return STATUS_ERROR; ++ } + + /* + * Retreive credentials handle +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index c22901d..6dbcbc6 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -379,15 +379,56 @@ pqDropConnection(PGconn *conn, bool flushInput) + { + /* Drop any SSL state */ + pqsecure_close(conn); ++ + /* Close the socket itself */ + if (conn->sock >= 0) + closesocket(conn->sock); + conn->sock = -1; ++ + /* Optionally discard any unread data */ + if (flushInput) + conn->inStart = conn->inCursor = conn->inEnd = 0; ++ + /* Always discard any unsent data */ + conn->outCount = 0; ++ ++ /* Free authentication state */ ++#ifdef ENABLE_GSS ++ { ++ OM_uint32 min_s; ++ ++ if (conn->gctx) ++ gss_delete_sec_context(&min_s, &conn->gctx, GSS_C_NO_BUFFER); ++ if (conn->gtarg_nam) ++ gss_release_name(&min_s, &conn->gtarg_nam); ++ if (conn->ginbuf.length) ++ gss_release_buffer(&min_s, &conn->ginbuf); ++ if (conn->goutbuf.length) ++ gss_release_buffer(&min_s, &conn->goutbuf); ++ } ++#endif ++#ifdef ENABLE_SSPI ++ if (conn->ginbuf.length) ++ free(conn->ginbuf.value); ++ conn->ginbuf.length = 0; ++ conn->ginbuf.value = NULL; ++ if (conn->sspitarget) ++ free(conn->sspitarget); ++ conn->sspitarget = NULL; ++ if (conn->sspicred) ++ { ++ FreeCredentialsHandle(conn->sspicred); ++ free(conn->sspicred); ++ conn->sspicred = NULL; ++ } ++ if (conn->sspictx) ++ { ++ DeleteSecurityContext(conn->sspictx); ++ free(conn->sspictx); ++ conn->sspictx = NULL; ++ } ++ conn->usesspi = 0; ++#endif + } + + +@@ -3005,41 +3046,6 @@ closePGconn(PGconn *conn) + if (conn->lobjfuncs) + free(conn->lobjfuncs); + conn->lobjfuncs = NULL; +-#ifdef ENABLE_GSS +- { +- OM_uint32 min_s; +- +- if (conn->gctx) +- gss_delete_sec_context(&min_s, &conn->gctx, GSS_C_NO_BUFFER); +- if (conn->gtarg_nam) +- gss_release_name(&min_s, &conn->gtarg_nam); +- if (conn->ginbuf.length) +- gss_release_buffer(&min_s, &conn->ginbuf); +- if (conn->goutbuf.length) +- gss_release_buffer(&min_s, &conn->goutbuf); +- } +-#endif +-#ifdef ENABLE_SSPI +- if (conn->ginbuf.length) +- free(conn->ginbuf.value); +- conn->ginbuf.length = 0; +- conn->ginbuf.value = NULL; +- if (conn->sspitarget) +- free(conn->sspitarget); +- conn->sspitarget = NULL; +- if (conn->sspicred) +- { +- FreeCredentialsHandle(conn->sspicred); +- free(conn->sspicred); +- conn->sspicred = NULL; +- } +- if (conn->sspictx) +- { +- DeleteSecurityContext(conn->sspictx); +- free(conn->sspictx); +- conn->sspictx = NULL; +- } +-#endif + } + + /* +-- +2.17.1 + + +From f25aa65f201df8925c39373aa10dfee19253d03e Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Mon, 6 Aug 2018 10:53:35 -0400 +Subject: [PATCH 4/4] Fix failure to reset libpq's state fully between + connection attempts. + +The logic in PQconnectPoll() did not take care to ensure that all of +a PGconn's internal state variables were reset before trying a new +connection attempt. If we got far enough in the connection sequence +to have changed any of these variables, and then decided to try a new +server address or server name, the new connection might be completed +with some state that really only applied to the failed connection. + +While this has assorted bad consequences, the only one that is clearly +a security issue is that password_needed didn't get reset, so that +if the first server asked for a password and the second didn't, +PQconnectionUsedPassword() would return an incorrect result. This +could be leveraged by unprivileged users of dblink or postgres_fdw +to allow them to use server-side login credentials that they should +not be able to use. + +Other notable problems include the possibility of forcing a v2-protocol +connection to a server capable of supporting v3, or overriding +"sslmode=prefer" to cause a non-encrypted connection to a server that +would have accepted an encrypted one. Those are certainly bugs but +it's harder to paint them as security problems in themselves. However, +forcing a v2-protocol connection could result in libpq having a wrong +idea of the server's standard_conforming_strings setting, which opens +the door to SQL-injection attacks. The extent to which that's actually +a problem, given the prerequisite that the attacker needs control of +the client's connection parameters, is unclear. + +These problems have existed for a long time, but became more easily +exploitable in v10, both because it introduced easy ways to force libpq +to abandon a connection attempt at a late stage and then try another one +(rather than just giving up), and because it provided an easy way to +specify multiple target hosts. + +Fix by rearranging PQconnectPoll's state machine to provide centralized +places to reset state properly when moving to a new target host or when +dropping and retrying a connection to the same host. + +Tom Lane, reviewed by Noah Misch. Our thanks to Andrew Krasichkov +for finding and reporting the problem. + +Security: CVE-2018-10915 + +Upstream commit: 243de06be96d6001d01f2ec7c4573aad8b657195 +--- + src/interfaces/libpq/fe-connect.c | 301 +++++++++++++++++++----------- + src/interfaces/libpq/libpq-int.h | 2 + + 2 files changed, 196 insertions(+), 107 deletions(-) + +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index 6dbcbc6..ca06337 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -368,7 +368,8 @@ pgthreadlock_t pg_g_threadlock = default_threadlock; + * + * Close any physical connection to the server, and reset associated + * state inside the connection object. We don't release state that +- * would be needed to reconnect, though. ++ * would be needed to reconnect, though, nor local state that might still ++ * be useful later. + * + * We can always flush the output buffer, since there's no longer any hope + * of sending that data. However, unprocessed input data might still be +@@ -432,6 +433,64 @@ pqDropConnection(PGconn *conn, bool flushInput) + } + + ++/* ++ * pqDropServerData ++ * ++ * Clear all connection state data that was received from (or deduced about) ++ * the server. This is essential to do between connection attempts to ++ * different servers, else we may incorrectly hold over some data from the ++ * old server. ++ * ++ * It would be better to merge this into pqDropConnection, perhaps, but ++ * right now we cannot because that function is called immediately on ++ * detection of connection loss (cf. pqReadData, for instance). This data ++ * should be kept until we are actually starting a new connection. ++ */ ++static void ++pqDropServerData(PGconn *conn) ++{ ++ PGnotify *notify; ++ pgParameterStatus *pstatus; ++ ++ /* Forget pending notifies */ ++ notify = conn->notifyHead; ++ while (notify != NULL) ++ { ++ PGnotify *prev = notify; ++ ++ notify = notify->next; ++ free(prev); ++ } ++ conn->notifyHead = conn->notifyTail = NULL; ++ ++ /* Reset ParameterStatus data, as well as variables deduced from it */ ++ pstatus = conn->pstatus; ++ while (pstatus != NULL) ++ { ++ pgParameterStatus *prev = pstatus; ++ ++ pstatus = pstatus->next; ++ free(prev); ++ } ++ conn->pstatus = NULL; ++ conn->client_encoding = PG_SQL_ASCII; ++ conn->std_strings = false; ++ conn->sversion = 0; ++ ++ /* Drop large-object lookup data */ ++ if (conn->lobjfuncs) ++ free(conn->lobjfuncs); ++ conn->lobjfuncs = NULL; ++ ++ /* Reset assorted other per-connection state */ ++ conn->last_sqlstate[0] = '\0'; ++ conn->auth_req_received = false; ++ conn->password_needed = false; ++ conn->be_pid = 0; ++ conn->be_key = 0; ++} ++ ++ + /* + * Connecting to a Database + * +@@ -1517,22 +1576,14 @@ connectDBStart(PGconn *conn) + goto connect_errReturn; + } + +-#ifdef USE_SSL +- /* setup values based on SSL mode */ +- if (conn->sslmode[0] == 'd') /* "disable" */ +- conn->allow_ssl_try = false; +- else if (conn->sslmode[0] == 'a') /* "allow" */ +- conn->wait_ssl_try = true; +-#endif +- + /* +- * Set up to try to connect, with protocol 3.0 as the first attempt. ++ * Set up to try to connect to the first address. + */ + conn->addrlist = addrs; + conn->addr_cur = addrs; + conn->addrlist_family = hint.ai_family; +- conn->pversion = PG_PROTOCOL(3, 0); +- conn->send_appname = true; ++ conn->try_next_addr = false; ++ conn->is_new_addr = true; + conn->status = CONNECTION_NEEDED; + + /* +@@ -1546,6 +1597,12 @@ connectDBStart(PGconn *conn) + return 1; + + connect_errReturn: ++ ++ /* ++ * If we managed to open a socket, close it immediately rather than ++ * waiting till PQfinish. (The application cannot have gotten the socket ++ * from PQsocket yet, so this doesn't risk breaking anything.) ++ */ + pqDropConnection(conn, true); + conn->status = CONNECTION_BAD; + return 0; +@@ -1607,6 +1664,7 @@ connectDBComplete(PGconn *conn) + case PGRES_POLLING_READING: + if (pqWaitTimed(1, 0, conn, finish_time)) + { ++ /* hard failure, eg select() problem, aborts everything */ + conn->status = CONNECTION_BAD; + return 0; + } +@@ -1615,6 +1673,7 @@ connectDBComplete(PGconn *conn) + case PGRES_POLLING_WRITING: + if (pqWaitTimed(0, 1, conn, finish_time)) + { ++ /* hard failure, eg select() problem, aborts everything */ + conn->status = CONNECTION_BAD; + return 0; + } +@@ -1663,6 +1722,7 @@ connectDBComplete(PGconn *conn) + PostgresPollingStatusType + PQconnectPoll(PGconn *conn) + { ++ bool need_new_connection = false; + PGresult *res; + char sebuf[256]; + int optval; +@@ -1723,6 +1783,69 @@ PQconnectPoll(PGconn *conn) + + keep_going: /* We will come back to here until there is + * nothing left to do. */ ++ ++ /* Time to advance to next address? */ ++ if (conn->try_next_addr) ++ { ++ if (conn->addr_cur && conn->addr_cur->ai_next) ++ { ++ conn->addr_cur = conn->addr_cur->ai_next; ++ conn->is_new_addr = true; ++ } ++ else ++ { ++ /* ++ * Oops, no more addresses. An appropriate error message is ++ * already set up, so just set the right status. ++ */ ++ goto error_return; ++ } ++ conn->try_next_addr = false; ++ } ++ ++ /* Reset connection state machine? */ ++ if (conn->is_new_addr) ++ { ++ /* ++ * (Re) initialize our connection control variables for a set of ++ * connection attempts to a single server address. These variables ++ * must persist across individual connection attempts, but we must ++ * reset them when we start to consider a new address (since it might ++ * not be the same server). ++ */ ++ conn->pversion = PG_PROTOCOL(3, 0); ++ conn->send_appname = true; ++#ifdef USE_SSL ++ /* initialize these values based on SSL mode */ ++ conn->allow_ssl_try = (conn->sslmode[0] != 'd'); /* "disable" */ ++ conn->wait_ssl_try = (conn->sslmode[0] == 'a'); /* "allow" */ ++#endif ++ ++ conn->is_new_addr = false; ++ need_new_connection = true; ++ } ++ ++ /* Force a new connection (perhaps to the same server as before)? */ ++ if (need_new_connection) ++ { ++ /* Drop any existing connection */ ++ pqDropConnection(conn, true); ++ ++ /* Reset all state obtained from old server */ ++ pqDropServerData(conn); ++ ++ /* Drop any PGresult we might have, too */ ++ conn->asyncStatus = PGASYNC_IDLE; ++ conn->xactStatus = PQTRANS_IDLE; ++ pqClearAsyncResult(conn); ++ ++ /* Reset conn->status to put the state machine in the right state */ ++ conn->status = CONNECTION_NEEDED; ++ ++ need_new_connection = false; ++ } ++ ++ /* Now try to advance the state machine for this connection */ + switch (conn->status) + { + case CONNECTION_NEEDED: +@@ -1730,12 +1853,24 @@ keep_going: /* We will come back to here until there is + /* + * Try to initiate a connection to one of the addresses + * returned by pg_getaddrinfo_all(). conn->addr_cur is the +- * next one to try. We fail when we run out of addresses. ++ * next one to try. ++ * ++ * The extra level of braces here is historical. It's not ++ * worth reindenting this whole switch case to remove 'em. + */ +- while (conn->addr_cur != NULL) + { + struct addrinfo *addr_cur = conn->addr_cur; + ++ if (addr_cur == NULL) ++ { ++ /* ++ * Ooops, no more addresses. An appropriate error ++ * message is already set up, so just set the right ++ * status. ++ */ ++ goto error_return; ++ } ++ + /* Remember current address for possible error msg */ + memcpy(&conn->raddr.addr, addr_cur->ai_addr, + addr_cur->ai_addrlen); +@@ -1761,32 +1896,34 @@ keep_going: /* We will come back to here until there is + if (conn->sock == -1) + { + /* +- * ignore socket() failure if we have more addresses +- * to try ++ * Silently ignore socket() failure if we have more ++ * addresses to try; this reduces useless chatter in ++ * cases where the address list includes both IPv4 and ++ * IPv6 but kernel only accepts one family. + */ + if (addr_cur->ai_next != NULL) + { +- conn->addr_cur = addr_cur->ai_next; +- continue; ++ conn->try_next_addr = true; ++ goto keep_going; + } + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not create socket: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- break; ++ goto error_return; + } + + /* + * Select socket options: no delay of outgoing data for +- * TCP sockets, nonblock mode, close-on-exec. Fail if any +- * of this fails. ++ * TCP sockets, nonblock mode, close-on-exec. Try the ++ * next address if any of this fails. + */ + if (!IS_AF_UNIX(addr_cur->ai_family)) + { + if (!connectNoDelay(conn)) + { +- pqDropConnection(conn, true); +- conn->addr_cur = addr_cur->ai_next; +- continue; ++ /* error message already created */ ++ conn->try_next_addr = true; ++ goto keep_going; + } + } + if (!pg_set_noblock(conn->sock)) +@@ -1794,9 +1931,8 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to non-blocking mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- pqDropConnection(conn, true); +- conn->addr_cur = addr_cur->ai_next; +- continue; ++ conn->try_next_addr = true; ++ goto keep_going; + } + + #ifdef F_SETFD +@@ -1805,9 +1941,8 @@ keep_going: /* We will come back to here until there is + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not set socket to close-on-exec mode: %s\n"), + SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf))); +- pqDropConnection(conn, true); +- conn->addr_cur = addr_cur->ai_next; +- continue; ++ conn->try_next_addr = true; ++ goto keep_going; + } + #endif /* F_SETFD */ + +@@ -1853,9 +1988,8 @@ keep_going: /* We will come back to here until there is + + if (err) + { +- pqDropConnection(conn, true); +- conn->addr_cur = addr_cur->ai_next; +- continue; ++ conn->try_next_addr = true; ++ goto keep_going; + } + } + +@@ -1934,25 +2068,13 @@ keep_going: /* We will come back to here until there is + } + + /* +- * This connection failed --- set up error report, then +- * close socket (do it this way in case close() affects +- * the value of errno...). We will ignore the connect() +- * failure and keep going if there are more addresses. ++ * This connection failed. Add the error report to ++ * conn->errorMessage, then try the next address if any. + */ + connectFailureMessage(conn, SOCK_ERRNO); +- pqDropConnection(conn, true); +- +- /* +- * Try the next address, if any. +- */ +- conn->addr_cur = addr_cur->ai_next; +- } /* loop over addresses */ +- +- /* +- * Ooops, no more addresses. An appropriate error message is +- * already set up, so just set the right status. +- */ +- goto error_return; ++ conn->try_next_addr = true; ++ goto keep_going; ++ } + } + + case CONNECTION_STARTED: +@@ -1985,19 +2107,13 @@ keep_going: /* We will come back to here until there is + * error message. + */ + connectFailureMessage(conn, optval); +- pqDropConnection(conn, true); + + /* +- * If more addresses remain, keep trying, just as in the +- * case where connect() returned failure immediately. ++ * Try the next address if any, just as in the case where ++ * connect() returned failure immediately. + */ +- if (conn->addr_cur->ai_next != NULL) +- { +- conn->addr_cur = conn->addr_cur->ai_next; +- conn->status = CONNECTION_NEEDED; +- goto keep_going; +- } +- goto error_return; ++ conn->try_next_addr = true; ++ goto keep_going; + } + + /* Fill in the client address */ +@@ -2266,12 +2382,13 @@ keep_going: /* We will come back to here until there is + { + /* only retry once */ + conn->allow_ssl_try = false; +- /* Must drop the old connection */ +- pqDropConnection(conn, true); +- conn->status = CONNECTION_NEEDED; ++ need_new_connection = true; + goto keep_going; + } ++ /* Else it's a hard failure */ ++ goto error_return; + } ++ /* Else, return POLLING_READING or POLLING_WRITING status */ + return pollres; + #else /* !USE_SSL */ + /* can't get here */ +@@ -2377,9 +2494,7 @@ keep_going: /* We will come back to here until there is + if (PG_PROTOCOL_MAJOR(conn->pversion) >= 3) + { + conn->pversion = PG_PROTOCOL(2, 0); +- /* Must drop the old connection */ +- pqDropConnection(conn, true); +- conn->status = CONNECTION_NEEDED; ++ need_new_connection = true; + goto keep_going; + } + +@@ -2430,6 +2545,9 @@ keep_going: /* We will come back to here until there is + /* OK, we read the message; mark data consumed */ + conn->inStart = conn->inCursor; + ++ /* Check to see if we should mention pgpassfile */ ++ dot_pg_pass_warning(conn); ++ + #ifdef USE_SSL + + /* +@@ -2443,9 +2561,7 @@ keep_going: /* We will come back to here until there is + { + /* only retry once */ + conn->wait_ssl_try = false; +- /* Must drop the old connection */ +- pqDropConnection(conn, true); +- conn->status = CONNECTION_NEEDED; ++ need_new_connection = true; + goto keep_going; + } + +@@ -2454,14 +2570,13 @@ keep_going: /* We will come back to here until there is + * then do a non-SSL retry + */ + if (conn->sslmode[0] == 'p' /* "prefer" */ +- && conn->allow_ssl_try ++ && conn->ssl != NULL ++ && conn->allow_ssl_try /* redundant? */ + && !conn->wait_ssl_try) /* redundant? */ + { + /* only retry once */ + conn->allow_ssl_try = false; +- /* Must drop the old connection */ +- pqDropConnection(conn, true); +- conn->status = CONNECTION_NEEDED; ++ need_new_connection = true; + goto keep_going; + } + #endif +@@ -2620,9 +2735,7 @@ keep_going: /* We will come back to here until there is + { + PQclear(res); + conn->send_appname = false; +- /* Must drop the old connection */ +- pqDropConnection(conn, true); +- conn->status = CONNECTION_NEEDED; ++ need_new_connection = true; + goto keep_going; + } + } +@@ -2702,8 +2815,6 @@ keep_going: /* We will come back to here until there is + + error_return: + +- dot_pg_pass_warning(conn); +- + /* + * We used to close the socket at this point, but that makes it awkward + * for those above us if they wish to remove this socket from their own +@@ -2830,13 +2941,7 @@ makeEmptyPGconn(void) + conn->std_strings = false; /* unless server says differently */ + conn->verbosity = PQERRORS_DEFAULT; + conn->sock = -1; +- conn->auth_req_received = false; +- conn->password_needed = false; + conn->dot_pgpass_used = false; +-#ifdef USE_SSL +- conn->allow_ssl_try = true; +- conn->wait_ssl_try = false; +-#endif + + /* + * We try to send at least 8K at a time, which is the usual size of pipe +@@ -2987,10 +3092,9 @@ freePGconn(PGconn *conn) + static void + closePGconn(PGconn *conn) + { +- PGnotify *notify; +- pgParameterStatus *pstatus; +- + /* ++ * If possible, send Terminate message to close the connection politely. ++ * + * Note that the protocol doesn't allow us to send Terminate messages + * during the startup phase. + */ +@@ -3020,32 +3124,15 @@ closePGconn(PGconn *conn) + conn->status = CONNECTION_BAD; /* Well, not really _bad_ - just + * absent */ + conn->asyncStatus = PGASYNC_IDLE; ++ conn->xactStatus = PQTRANS_IDLE; + pqClearAsyncResult(conn); /* deallocate result */ + resetPQExpBuffer(&conn->errorMessage); + pg_freeaddrinfo_all(conn->addrlist_family, conn->addrlist); + conn->addrlist = NULL; + conn->addr_cur = NULL; +- notify = conn->notifyHead; +- while (notify != NULL) +- { +- PGnotify *prev = notify; + +- notify = notify->next; +- free(prev); +- } +- conn->notifyHead = conn->notifyTail = NULL; +- pstatus = conn->pstatus; +- while (pstatus != NULL) +- { +- pgParameterStatus *prev = pstatus; +- +- pstatus = pstatus->next; +- free(prev); +- } +- conn->pstatus = NULL; +- if (conn->lobjfuncs) +- free(conn->lobjfuncs); +- conn->lobjfuncs = NULL; ++ /* Reset all state obtained from server, too */ ++ pqDropServerData(conn); + } + + /* +diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h +index 8843ccb..eaa80b6 100644 +--- a/src/interfaces/libpq/libpq-int.h ++++ b/src/interfaces/libpq/libpq-int.h +@@ -375,6 +375,8 @@ struct pg_conn + bool sigpipe_flag; /* can we mask SIGPIPE via MSG_NOSIGNAL? */ + + /* Transient state needed while establishing connection */ ++ bool try_next_addr; /* time to advance to next address? */ ++ bool is_new_addr; /* need to (re)initialize for new address? */ + struct addrinfo *addrlist; /* list of possible backend addresses */ + struct addrinfo *addr_cur; /* the one currently being tried */ + int addrlist_family; /* needed to know how to free addrlist */ +-- +2.17.1 + diff --git a/SOURCES/postgresql-bashprofile b/SOURCES/postgresql-bashprofile new file mode 100644 index 0000000..1cd70d3 --- /dev/null +++ b/SOURCES/postgresql-bashprofile @@ -0,0 +1,4 @@ +[ -f /etc/profile ] && source /etc/profile + +PGDATA=/var/lib/pgsql/data +export PGDATA diff --git a/SOURCES/postgresql-check-db-dir b/SOURCES/postgresql-check-db-dir new file mode 100644 index 0000000..4266c7a --- /dev/null +++ b/SOURCES/postgresql-check-db-dir @@ -0,0 +1,57 @@ +#!/bin/sh + +# This script verifies that the postgresql data directory has been correctly +# initialized. We do not want to automatically initdb it, because that has +# a risk of catastrophic failure (ie, overwriting a valuable database) in +# corner cases, such as a remotely mounted database on a volume that's a +# bit slow to mount. But we can at least emit a message advising newbies +# what to do. + +PGDATA="$1" + +if [ -z "$PGDATA" ] +then + echo "Usage: $0 database-path" + exit 1 +fi + +# PGVERSION is the full package version, e.g., 9.1.2 +# Note: the specfile inserts the correct value during package build +PGVERSION=xxxx +# PGMAJORVERSION is major version, e.g., 9.1 (this should match PG_VERSION) +PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'` +# PREVMAJORVERSION is the previous major version, e.g., 8.4, for upgrades +# Note: the specfile inserts the correct value during package build +PREVMAJORVERSION=xxxx +# PGDOCDIR is the directory containing the package's documentation +# Note: the specfile inserts the correct value during package build +PGDOCDIR=xxxx + +# Check for the PGDATA structure +if [ -f "$PGDATA/PG_VERSION" ] && [ -d "$PGDATA/base" ] +then + # Check version of existing PGDATA + if [ x`cat "$PGDATA/PG_VERSION"` = x"$PGMAJORVERSION" ] + then + : A-OK + elif [ x`cat "$PGDATA/PG_VERSION"` = x"$PREVMAJORVERSION" ] + then + echo $"An old version of the database format was found." + echo $"Use \"postgresql-setup upgrade\" to upgrade to version $PGMAJORVERSION." + echo $"See $PGDOCDIR/README.rpm-dist for more information." + exit 1 + else + echo $"An old version of the database format was found." + echo $"You need to dump and reload before using PostgreSQL $PGMAJORVERSION." + echo $"See $PGDOCDIR/README.rpm-dist for more information." + exit 1 + fi +else + # No existing PGDATA! Warn the user to initdb it. + echo $"\"$PGDATA\" is missing or empty." + echo $"Use \"postgresql-setup initdb\" to initialize the database cluster." + echo $"See $PGDOCDIR/README.rpm-dist for more information." + exit 1 +fi + +exit 0 diff --git a/SOURCES/postgresql-config-comment.patch b/SOURCES/postgresql-config-comment.patch new file mode 100644 index 0000000..9df0221 --- /dev/null +++ b/SOURCES/postgresql-config-comment.patch @@ -0,0 +1,19 @@ +Add note warning users that Postgres' port number is forced in the service +file, mainly because it's traditional in Red Hat installations to set it +there rather than in postgresql.conf. (There are minor usability benefits +to doing it this way though, for example that the postmaster's port number +is visible in "ps" as part of its command line.) + + +diff -Naur postgresql-9.2rc1.orig/src/backend/utils/misc/postgresql.conf.sample postgresql-9.2rc1/src/backend/utils/misc/postgresql.conf.sample +--- postgresql-9.2rc1.orig/src/backend/utils/misc/postgresql.conf.sample 2012-08-23 18:06:49.000000000 -0400 ++++ postgresql-9.2rc1/src/backend/utils/misc/postgresql.conf.sample 2012-09-01 21:57:55.498629897 -0400 +@@ -61,6 +61,8 @@ + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) ++# Note: In RHEL/Fedora installations, you can't set the port number here; ++# adjust it in the service file instead. + #max_connections = 100 # (change requires restart) + # Note: Increasing max_connections costs ~400 bytes of shared memory per + # connection slot, plus lock space (see max_locks_per_transaction). diff --git a/SOURCES/postgresql-logging.patch b/SOURCES/postgresql-logging.patch new file mode 100644 index 0000000..a051014 --- /dev/null +++ b/SOURCES/postgresql-logging.patch @@ -0,0 +1,41 @@ +Default to stderr-based logging with a week's worth of daily logfiles. + + +diff -Naur postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample postgresql-9.1rc1/src/backend/utils/misc/postgresql.conf.sample +--- postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample 2011-08-18 17:23:13.000000000 -0400 ++++ postgresql-9.1rc1/src/backend/utils/misc/postgresql.conf.sample 2011-08-18 18:39:39.697526799 -0400 +@@ -279,7 +279,7 @@ + # requires logging_collector to be on. + + # This is used when logging to stderr: +-#logging_collector = off # Enable capturing of stderr and csvlog ++logging_collector = on # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) +@@ -287,11 +287,11 @@ + # These are only used if logging_collector is on: + #log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +-#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, ++log_filename = 'postgresql-%a.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +-#log_truncate_on_rotation = off # If on, an existing log file with the ++log_truncate_on_rotation = on # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on +@@ -299,9 +299,9 @@ + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +-#log_rotation_age = 1d # Automatic rotation of logfiles will ++log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +-#log_rotation_size = 10MB # Automatic rotation of logfiles will ++log_rotation_size = 0 # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + diff --git a/SOURCES/postgresql-man.patch b/SOURCES/postgresql-man.patch new file mode 100644 index 0000000..de989f5 --- /dev/null +++ b/SOURCES/postgresql-man.patch @@ -0,0 +1,49 @@ +# PostgreSQL manual page completion + +### ecpg ### + +diff -up postgresql-9.2.4/doc/src/sgml/man1/ecpg.1.broken postgresql-9.2.4/doc/src/sgml/man1/ecpg.1 +--- postgresql-9.2.4/doc/src/sgml/man1/ecpg.1.broken 2013-06-05 10:54:39.610443837 +0200 ++++ postgresql-9.2.4/doc/src/sgml/man1/ecpg.1 2013-06-05 10:59:24.115997253 +0200 +@@ -81,6 +81,11 @@ INFORMIX_SE\&. + Define a C preprocessor symbol\&. + .RE + .PP ++\fB\-h \fR ++.RS 4 ++Parse a header file, this option includes otion \fB\-c\fR\&. ++.RE ++.PP + \fB\-i\fR + .RS 4 + Parse system include files as well\&. +@@ -129,6 +134,11 @@ Allow question mark as placeholder for c + .RE + .RE + .PP ++\fB\-\-regression\fR ++.RS 4 ++Run in regression testing mode\&. ++.RE ++.PP + \fB\-t\fR + .RS 4 + Turn on autocommit of transactions\&. In this mode, each SQL command is automatically committed unless it is inside an explicit transaction block\&. In the default mode, commands are committed only when + +### initdb ### + +diff -up postgresql-9.2.4/doc/src/sgml/man1/initdb.1.broken postgresql-9.2.4/doc/src/sgml/man1/initdb.1 +--- postgresql-9.2.4/doc/src/sgml/man1/initdb.1.broken 2013-06-06 10:26:48.405835762 +0200 ++++ postgresql-9.2.4/doc/src/sgml/man1/initdb.1 2013-06-06 10:29:46.084209958 +0200 +@@ -227,6 +227,11 @@ determines that an error prevented it fr + .PP + Other options: + .PP ++\fB\-s\fR, \fB\-\-show\fR ++.RS 4 ++Print the internal settings, then exit\&. ++.RE ++.PP + \fB\-V\fR, \fB\-\-version\fR + .RS 4 + Print the diff --git a/SOURCES/postgresql-multi-sockets.patch b/SOURCES/postgresql-multi-sockets.patch new file mode 100644 index 0000000..9dc1c3d --- /dev/null +++ b/SOURCES/postgresql-multi-sockets.patch @@ -0,0 +1,1243 @@ +Back-port of upstream 9.3 patch to support multiple sockets +(upstream git commits c9b0cbe98bd783e24a8c4d8d8ac472a494b81292 and +d2286a98ef3fb88bafb57381b4c20b8b878827f1, plus updates of derived +documentation files). + +Note the patch also touches html-stamp and man-stamp in doc/src/sgml/; +this is to keep the makefiles from trying to rebuild the derived doc +files. We don't want that to happen because the BuildRequires for the +package don't include the necessary documentation tools. Those diff +hunks *must be at the end* so that those files are newer than the +master doc files. + +diff --git a/contrib/pg_upgrade/server.c b/contrib/pg_upgrade/server.c +index 0940e00..c5ecb84 100644 +--- a/contrib/pg_upgrade/server.c ++++ b/contrib/pg_upgrade/server.c +@@ -197,7 +197,8 @@ start_postmaster(ClusterInfo *cluster) + snprintf(socket_string + strlen(socket_string), + sizeof(socket_string) - strlen(socket_string), + " -c %s='%s'", +- (GET_MAJOR_VERSION(cluster->major_version) < 903) ? ++ /* assume 9.1 build will not have unix_socket_directories patch */ ++ (GET_MAJOR_VERSION(cluster->major_version) < 902) ? + "unix_socket_directory" : "unix_socket_directories", + cluster->sockdir); + #endif +diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml +index b9664cb..94e166d 100644 +--- a/doc/src/sgml/client-auth.sgml ++++ b/doc/src/sgml/client-auth.sgml +@@ -838,7 +838,7 @@ omicron bryanh guest1 + unix_socket_permissions (and possibly + unix_socket_group) configuration parameters as + described in . Or you +- could set the unix_socket_directory ++ could set the unix_socket_directories + configuration parameter to place the socket file in a suitably + restricted directory. + +diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml +index 51d7da9..cb5c5d2 100644 +--- a/doc/src/sgml/config.sgml ++++ b/doc/src/sgml/config.sgml +@@ -453,17 +453,24 @@ SET ENABLE_SEQSCAN TO OFF; + + + +- +- unix_socket_directory (string) ++ ++ unix_socket_directories (string) + +- unix_socket_directory configuration parameter ++ unix_socket_directories configuration parameter + + + +- Specifies the directory of the Unix-domain socket on which the +- server is to listen for +- connections from client applications. The default is normally +- /tmp, but can be changed at build time. ++ Specifies the directory of the Unix-domain socket(s) on which the ++ server is to listen for connections from client applications. ++ Multiple sockets can be created by listing multiple directories ++ separated by commas. Whitespace between entries is ++ ignored; surround a directory name with double quotes if you need ++ to include whitespace or commas in the name. ++ An empty value ++ specifies not listening on any Unix-domain sockets, in which case ++ only TCP/IP sockets can be used to connect to the server. ++ The default value is normally ++ /tmp, but that can be changed at build time. + This parameter can only be set at server start. + + +@@ -472,8 +479,8 @@ SET ENABLE_SEQSCAN TO OFF; + .s.PGSQL.nnnn where + nnnn is the server's port number, an ordinary file + named .s.PGSQL.nnnn.lock will be +- created in the unix_socket_directory directory. Neither +- file should ever be removed manually. ++ created in each of the unix_socket_directories directories. ++ Neither file should ever be removed manually. + + + +@@ -490,8 +497,8 @@ SET ENABLE_SEQSCAN TO OFF; + + + +- Sets the owning group of the Unix-domain socket. (The owning +- user of the socket is always the user that starts the ++ Sets the owning group of the Unix-domain socket(s). (The owning ++ user of the sockets is always the user that starts the + server.) In combination with the parameter + unix_socket_permissions this can be used as + an additional access control mechanism for Unix-domain connections. +@@ -514,7 +521,7 @@ SET ENABLE_SEQSCAN TO OFF; + + + +- Sets the access permissions of the Unix-domain socket. Unix-domain ++ Sets the access permissions of the Unix-domain socket(s). Unix-domain + sockets use the usual Unix file system permission set. + The parameter value is expected to be a numeric mode + specified in the format accepted by the +@@ -6624,7 +6631,7 @@ LOG: CleanUpLock: deleting: lock(0xb7acd844) id(24688,24696,0,0,0,1) + + + +- unix_socket_directory = x ++ unix_socket_directories = x + + + +diff --git a/doc/src/sgml/html/app-postgres.html b/doc/src/sgml/html/app-postgres.html +index b1f4e31..b6359a8 100644 +--- a/doc/src/sgml/html/app-postgres.html ++++ b/doc/src/sgml/html/app-postgres.html +@@ -574,11 +574,19 @@ CLASS="REPLACEABLE" + CLASS="COMMAND" + >postgres is to listen for +- connections from client applications. The default is normally ++ connections from client applications. The value can also be a ++ comma-separated list of directories. An empty value ++ specifies not listening on any Unix-domain sockets, in which case ++ only TCP/IP sockets can be used to connect to the server. ++ The default value is normally + /tmp, but can be changed at build time. ++>, but that can be changed at build time. ++ Specifying this option is equivalent to setting the unix_socket_directories configuration parameter. +

. Or you + could set the unix_socket_directoryunix_socket_directories + configuration parameter to place the socket file in a suitably + restricted directory. +diff --git a/doc/src/sgml/html/bookindex.html b/doc/src/sgml/html/bookindex.html +index 5e25f95..1562ffe 100644 +--- a/doc/src/sgml/html/bookindex.html ++++ b/doc/src/sgml/html/bookindex.html +@@ -17250,7 +17250,7 @@ HREF="xfunc-c.html#DFUNC" + >
unix_socket_directory configuration parameter, ++>unix_socket_directories configuration parameter, + Connection Settingslocal + connections is to use a Unix domain socket directory (unix_socket_directoryunix_socket_directories) that has write permission only + for a trusted local user. This prevents a malicious user from creating + their own socket file in that directory. If you are concerned that +diff --git a/doc/src/sgml/html/runtime-config-connection.html b/doc/src/sgml/html/runtime-config-connection.html +index 74f096e..0ba6987 100644 +--- a/doc/src/sgml/html/runtime-config-connection.html ++++ b/doc/src/sgml/html/runtime-config-connection.html +@@ -274,24 +274,31 @@ CLASS="VARNAME" + >
unix_socket_directoryunix_socket_directories (string)

Specifies the directory of the Unix-domain socket on which the +- server is to listen for +- connections from client applications. The default is normally ++> Specifies the directory of the Unix-domain socket(s) on which the ++ server is to listen for connections from client applications. ++ Multiple sockets can be created by listing multiple directories ++ separated by commas. Whitespace between entries is ++ ignored; surround a directory name with double quotes if you need ++ to include whitespace or commas in the name. ++ An empty value ++ specifies not listening on any Unix-domain sockets, in which case ++ only TCP/IP sockets can be used to connect to the server. ++ The default value is normally + /tmp, but can be changed at build time. ++>, but that can be changed at build time. + This parameter can only be set at server start. +

.lock will be +- created in the unix_socket_directory directory. Neither +- file should ever be removed manually. ++>unix_socket_directories directories. ++ Neither file should ever be removed manually. +

This parameter is irrelevant on Windows, which does not have +@@ -344,8 +351,8 @@ CLASS="TYPE" + >)

Sets the owning group of the Unix-domain socket. (The owning +- user of the socket is always the user that starts the ++> Sets the owning group of the Unix-domain socket(s). (The owning ++ user of the sockets is always the user that starts the + server.) In combination with the parameter + )

Sets the access permissions of the Unix-domain socket. Unix-domain ++> Sets the access permissions of the Unix-domain socket(s). Unix-domain + sockets use the usual Unix file system permission set. + The parameter value is expected to be a numeric mode + specified in the format accepted by the +diff --git a/doc/src/sgml/html/runtime-config-short.html b/doc/src/sgml/html/runtime-config-short.html +index 8c39c2f..f0d7080 100644 +--- a/doc/src/sgml/html/runtime-config-short.html ++++ b/doc/src/sgml/html/runtime-config-short.html +@@ -330,7 +330,7 @@ CLASS="REPLACEABLE" + >unix_socket_directory = unix_socket_directories = x + Specifies the directory of the Unix-domain socket on which + postgres is to listen for +- connections from client applications. The default is normally +- /tmp, but can be changed at build time. ++ connections from client applications. The value can also be a ++ comma-separated list of directories. An empty value ++ specifies not listening on any Unix-domain sockets, in which case ++ only TCP/IP sockets can be used to connect to the server. ++ The default value is normally ++ /tmp, but that can be changed at build time. ++ Specifying this option is equivalent to setting the configuration parameter. + + + +diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml +index cfd3532..e6c9eaa 100644 +--- a/doc/src/sgml/runtime.sgml ++++ b/doc/src/sgml/runtime.sgml +@@ -1800,7 +1800,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 + + The simplest way to prevent spoofing for local + connections is to use a Unix domain socket directory () that has write permission only ++ linkend="guc-unix-socket-directories">) that has write permission only + for a trusted local user. This prevents a malicious user from creating + their own socket file in that directory. If you are concerned that + some applications might still reference /tmp for the +diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c +index aeeffd7..b7e0d09 100644 +--- a/src/backend/libpq/pqcomm.c ++++ b/src/backend/libpq/pqcomm.c +@@ -42,7 +42,7 @@ + * StreamServerPort - Open postmaster's server port + * StreamConnection - Create new connection with client + * StreamClose - Close a client/backend connection +- * TouchSocketFile - Protect socket file against /tmp cleaners ++ * TouchSocketFiles - Protect socket files against /tmp cleaners + * pq_init - initialize libpq at backend startup + * pq_comm_reset - reset libpq during error recovery + * pq_close - shutdown libpq at backend exit +@@ -103,8 +103,8 @@ int Unix_socket_permissions; + char *Unix_socket_group; + + +-/* Where the Unix socket file is */ +-static char sock_path[MAXPGPATH]; ++/* Where the Unix socket files are (list of palloc'd strings) */ ++static List *sock_paths = NIL; + + + /* +@@ -141,8 +141,8 @@ static int internal_flush(void); + static void pq_set_nonblocking(bool nonblocking); + + #ifdef HAVE_UNIX_SOCKETS +-static int Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName); +-static int Setup_AF_UNIX(void); ++static int Lock_AF_UNIX(char *unixSocketDir, char *unixSocketPath); ++static int Setup_AF_UNIX(char *sock_path); + #endif /* HAVE_UNIX_SOCKETS */ + + +@@ -236,29 +236,43 @@ pq_close(int code, Datum arg) + + /* StreamDoUnlink() + * Shutdown routine for backend connection +- * If a Unix socket is used for communication, explicitly close it. ++ * If any Unix sockets are used for communication, explicitly close them. + */ + #ifdef HAVE_UNIX_SOCKETS + static void + StreamDoUnlink(int code, Datum arg) + { +- Assert(sock_path[0]); +- unlink(sock_path); ++ ListCell *l; ++ ++ /* Loop through all created sockets... */ ++ foreach(l, sock_paths) ++ { ++ char *sock_path = (char *) lfirst(l); ++ ++ unlink(sock_path); ++ } ++ /* Since we're about to exit, no need to reclaim storage */ ++ sock_paths = NIL; + } + #endif /* HAVE_UNIX_SOCKETS */ + + /* + * StreamServerPort -- open a "listening" port to accept connections. + * +- * Successfully opened sockets are added to the ListenSocket[] array, +- * at the first position that isn't PGINVALID_SOCKET. ++ * family should be AF_UNIX or AF_UNSPEC; portNumber is the port number. ++ * For AF_UNIX ports, hostName should be NULL and unixSocketDir must be ++ * specified. For TCP ports, hostName is either NULL for all interfaces or ++ * the interface to listen on, and unixSocketDir is ignored (can be NULL). ++ * ++ * Successfully opened sockets are added to the ListenSocket[] array (of ++ * length MaxListen), at the first position that isn't PGINVALID_SOCKET. + * + * RETURNS: STATUS_OK or STATUS_ERROR + */ + + int + StreamServerPort(int family, char *hostName, unsigned short portNumber, +- char *unixSocketName, ++ char *unixSocketDir, + pgsocket ListenSocket[], int MaxListen) + { + pgsocket fd; +@@ -275,6 +289,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber, + int listen_index = 0; + int added = 0; + ++#ifdef HAVE_UNIX_SOCKETS ++ char unixSocketPath[MAXPGPATH]; ++#endif + #if !defined(WIN32) || defined(IPV6_V6ONLY) + int one = 1; + #endif +@@ -288,10 +305,22 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber, + #ifdef HAVE_UNIX_SOCKETS + if (family == AF_UNIX) + { +- /* Lock_AF_UNIX will also fill in sock_path. */ +- if (Lock_AF_UNIX(portNumber, unixSocketName) != STATUS_OK) ++ /* ++ * Create unixSocketPath from portNumber and unixSocketDir and lock ++ * that file path ++ */ ++ UNIXSOCK_PATH(unixSocketPath, portNumber, unixSocketDir); ++ if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN) ++ { ++ ereport(LOG, ++ (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)", ++ unixSocketPath, ++ (int) (UNIXSOCK_PATH_BUFLEN - 1)))); + return STATUS_ERROR; +- service = sock_path; ++ } ++ if (Lock_AF_UNIX(unixSocketDir, unixSocketPath) != STATUS_OK) ++ return STATUS_ERROR; ++ service = unixSocketPath; + } + else + #endif /* HAVE_UNIX_SOCKETS */ +@@ -434,7 +463,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber, + (IS_AF_UNIX(addr->ai_family)) ? + errhint("Is another postmaster already running on port %d?" + " If not, remove socket file \"%s\" and retry.", +- (int) portNumber, sock_path) : ++ (int) portNumber, service) : + errhint("Is another postmaster already running on port %d?" + " If not, wait a few seconds and retry.", + (int) portNumber))); +@@ -445,7 +474,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber, + #ifdef HAVE_UNIX_SOCKETS + if (addr->ai_family == AF_UNIX) + { +- if (Setup_AF_UNIX() != STATUS_OK) ++ if (Setup_AF_UNIX(service) != STATUS_OK) + { + closesocket(fd); + break; +@@ -492,18 +521,8 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber, + * Lock_AF_UNIX -- configure unix socket file path + */ + static int +-Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName) ++Lock_AF_UNIX(char *unixSocketDir, char *unixSocketPath) + { +- UNIXSOCK_PATH(sock_path, portNumber, unixSocketName); +- if (strlen(sock_path) >= UNIXSOCK_PATH_BUFLEN) +- { +- ereport(LOG, +- (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)", +- sock_path, +- (int) (UNIXSOCK_PATH_BUFLEN - 1)))); +- return STATUS_ERROR; +- } +- + /* + * Grab an interlock file associated with the socket file. + * +@@ -512,13 +531,23 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName) + * more portable, and second, it lets us remove any pre-existing socket + * file without race conditions. + */ +- CreateSocketLockFile(sock_path, true); ++ CreateSocketLockFile(unixSocketPath, true, unixSocketDir); + + /* + * Once we have the interlock, we can safely delete any pre-existing + * socket file to avoid failure at bind() time. + */ +- unlink(sock_path); ++ unlink(unixSocketPath); ++ ++ /* ++ * Arrange to unlink the socket file(s) at proc_exit. If this is the ++ * first one, set up the on_proc_exit function to do it; then add this ++ * socket file to the list of files to unlink. ++ */ ++ if (sock_paths == NIL) ++ on_proc_exit(StreamDoUnlink, 0); ++ ++ sock_paths = lappend(sock_paths, pstrdup(unixSocketPath)); + + return STATUS_OK; + } +@@ -528,11 +557,8 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName) + * Setup_AF_UNIX -- configure unix socket permissions + */ + static int +-Setup_AF_UNIX(void) ++Setup_AF_UNIX(char *sock_path) + { +- /* Arrange to unlink the socket file at exit */ +- on_proc_exit(StreamDoUnlink, 0); +- + /* + * Fix socket ownership/permission if requested. Note we must do this + * before we listen() to avoid a window where unwanted connections could +@@ -714,20 +740,24 @@ StreamClose(pgsocket sock) + } + + /* +- * TouchSocketFile -- mark socket file as recently accessed ++ * TouchSocketFiles -- mark socket files as recently accessed + * + * This routine should be called every so often to ensure that the socket +- * file has a recent mod date (ordinary operations on sockets usually won't +- * change the mod date). That saves it from being removed by ++ * files have a recent mod date (ordinary operations on sockets usually won't ++ * change the mod date). That saves them from being removed by + * overenthusiastic /tmp-directory-cleaner daemons. (Another reason we should + * never have put the socket file in /tmp...) + */ + void +-TouchSocketFile(void) ++TouchSocketFiles(void) + { +- /* Do nothing if we did not create a socket... */ +- if (sock_path[0] != '\0') ++ ListCell *l; ++ ++ /* Loop through all created sockets... */ ++ foreach(l, sock_paths) + { ++ char *sock_path = (char *) lfirst(l); ++ + /* + * utime() is POSIX standard, utimes() is a common alternative. If we + * have neither, there's no way to affect the mod or access time of +diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c +index 07aca31..e84a18c 100644 +--- a/src/backend/postmaster/postmaster.c ++++ b/src/backend/postmaster/postmaster.c +@@ -160,7 +160,9 @@ static Backend *ShmemBackendArray; + + /* The socket number we are listening for connections on */ + int PostPortNumber; +-char *UnixSocketDir; ++/* The directory names for Unix socket(s) */ ++char *Unix_socket_directories; ++/* The TCP listen address(es) */ + char *ListenAddresses; + + /* +@@ -636,7 +638,7 @@ PostmasterMain(int argc, char *argv[]) + break; + + case 'k': +- SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV); ++ SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV); + break; + + case 'l': +@@ -880,7 +882,7 @@ PostmasterMain(int argc, char *argv[]) + /* Need a modifiable copy of ListenAddresses */ + rawstring = pstrdup(ListenAddresses); + +- /* Parse string into list of identifiers */ ++ /* Parse string into list of hostnames */ + if (!SplitIdentifierString(rawstring, ',', &elemlist)) + { + /* syntax error in list */ +@@ -896,12 +898,12 @@ PostmasterMain(int argc, char *argv[]) + if (strcmp(curhost, "*") == 0) + status = StreamServerPort(AF_UNSPEC, NULL, + (unsigned short) PostPortNumber, +- UnixSocketDir, ++ NULL, + ListenSocket, MAXLISTEN); + else + status = StreamServerPort(AF_UNSPEC, curhost, + (unsigned short) PostPortNumber, +- UnixSocketDir, ++ NULL, + ListenSocket, MAXLISTEN); + + if (status == STATUS_OK) +@@ -920,7 +922,7 @@ PostmasterMain(int argc, char *argv[]) + curhost))); + } + +- if (!success && list_length(elemlist)) ++ if (!success && elemlist != NIL) + ereport(FATAL, + (errmsg("could not create any TCP/IP sockets"))); + +@@ -967,13 +969,54 @@ PostmasterMain(int argc, char *argv[]) + #endif + + #ifdef HAVE_UNIX_SOCKETS +- status = StreamServerPort(AF_UNIX, NULL, +- (unsigned short) PostPortNumber, +- UnixSocketDir, +- ListenSocket, MAXLISTEN); +- if (status != STATUS_OK) +- ereport(WARNING, +- (errmsg("could not create Unix-domain socket"))); ++ if (Unix_socket_directories) ++ { ++ char *rawstring; ++ List *elemlist; ++ ListCell *l; ++ int success = 0; ++ ++ /* Need a modifiable copy of Unix_socket_directories */ ++ rawstring = pstrdup(Unix_socket_directories); ++ ++ /* Parse string into list of directories */ ++ if (!SplitDirectoriesString(rawstring, ',', &elemlist)) ++ { ++ /* syntax error in list */ ++ ereport(FATAL, ++ (errcode(ERRCODE_INVALID_PARAMETER_VALUE), ++ errmsg("invalid list syntax for \"unix_socket_directories\""))); ++ } ++ ++ foreach(l, elemlist) ++ { ++ char *socketdir = (char *) lfirst(l); ++ ++ status = StreamServerPort(AF_UNIX, NULL, ++ (unsigned short) PostPortNumber, ++ socketdir, ++ ListenSocket, MAXLISTEN); ++ ++ if (status == STATUS_OK) ++ { ++ success++; ++ /* record the first successful Unix socket in lockfile */ ++ if (success == 1) ++ AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir); ++ } ++ else ++ ereport(WARNING, ++ (errmsg("could not create Unix-domain socket in directory \"%s\"", ++ socketdir))); ++ } ++ ++ if (!success && elemlist != NIL) ++ ereport(FATAL, ++ (errmsg("could not create any Unix-domain sockets"))); ++ ++ list_free_deep(elemlist); ++ pfree(rawstring); ++ } + #endif + + /* +@@ -1561,14 +1604,14 @@ ServerLoop(void) + } + + /* +- * Touch Unix socket and lock file every 58 minutes, to ensure that ++ * Touch Unix socket and lock files every 58 minutes, to ensure that + * they are not removed by overzealous /tmp-cleaning tasks. We assume + * no one runs cleaners with cutoff times of less than an hour ... + */ + if (now - last_touch_time >= 58 * SECS_PER_MINUTE) + { +- TouchSocketFile(); +- TouchSocketLockFile(); ++ TouchSocketFiles(); ++ TouchSocketLockFiles(); + last_touch_time = now; + } + } +diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c +index 39017ff..318ac38 100644 +--- a/src/backend/tcop/postgres.c ++++ b/src/backend/tcop/postgres.c +@@ -3393,7 +3393,7 @@ process_postgres_switches(int argc, char *argv[], GucContext ctx, + break; + + case 'k': +- SetConfigOption("unix_socket_directory", optarg, ctx, gucsource); ++ SetConfigOption("unix_socket_directories", optarg, ctx, gucsource); + break; + + case 'l': +diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c +index d4abfe3..e8217ac 100644 +--- a/src/backend/utils/adt/varlena.c ++++ b/src/backend/utils/adt/varlena.c +@@ -2446,6 +2446,119 @@ SplitIdentifierString(char *rawstring, char separator, + } + + ++/* ++ * SplitDirectoriesString --- parse a string containing directory names ++ * ++ * This is similar to SplitIdentifierString, except that the parsing ++ * rules are meant to handle pathnames instead of identifiers: there is ++ * no downcasing, embedded spaces are allowed, the max length is MAXPGPATH-1, ++ * and we apply canonicalize_path() to each extracted string. Because of the ++ * last, the returned strings are separately palloc'd rather than being ++ * pointers into rawstring --- but we still scribble on rawstring. ++ * ++ * Inputs: ++ * rawstring: the input string; must be modifiable! ++ * separator: the separator punctuation expected between directories ++ * (typically ',' or ';'). Whitespace may also appear around ++ * directories. ++ * Outputs: ++ * namelist: filled with a palloc'd list of directory names. ++ * Caller should list_free_deep() this even on error return. ++ * ++ * Returns TRUE if okay, FALSE if there is a syntax error in the string. ++ * ++ * Note that an empty string is considered okay here. ++ */ ++bool ++SplitDirectoriesString(char *rawstring, char separator, ++ List **namelist) ++{ ++ char *nextp = rawstring; ++ bool done = false; ++ ++ *namelist = NIL; ++ ++ while (isspace((unsigned char) *nextp)) ++ nextp++; /* skip leading whitespace */ ++ ++ if (*nextp == '\0') ++ return true; /* allow empty string */ ++ ++ /* At the top of the loop, we are at start of a new directory. */ ++ do ++ { ++ char *curname; ++ char *endp; ++ ++ if (*nextp == '\"') ++ { ++ /* Quoted name --- collapse quote-quote pairs */ ++ curname = nextp + 1; ++ for (;;) ++ { ++ endp = strchr(nextp + 1, '\"'); ++ if (endp == NULL) ++ return false; /* mismatched quotes */ ++ if (endp[1] != '\"') ++ break; /* found end of quoted name */ ++ /* Collapse adjacent quotes into one quote, and look again */ ++ memmove(endp, endp + 1, strlen(endp)); ++ nextp = endp; ++ } ++ /* endp now points at the terminating quote */ ++ nextp = endp + 1; ++ } ++ else ++ { ++ /* Unquoted name --- extends to separator or end of string */ ++ curname = endp = nextp; ++ while (*nextp && *nextp != separator) ++ { ++ /* trailing whitespace should not be included in name */ ++ if (!isspace((unsigned char) *nextp)) ++ endp = nextp + 1; ++ nextp++; ++ } ++ if (curname == endp) ++ return false; /* empty unquoted name not allowed */ ++ } ++ ++ while (isspace((unsigned char) *nextp)) ++ nextp++; /* skip trailing whitespace */ ++ ++ if (*nextp == separator) ++ { ++ nextp++; ++ while (isspace((unsigned char) *nextp)) ++ nextp++; /* skip leading whitespace for next */ ++ /* we expect another name, so done remains false */ ++ } ++ else if (*nextp == '\0') ++ done = true; ++ else ++ return false; /* invalid syntax */ ++ ++ /* Now safe to overwrite separator with a null */ ++ *endp = '\0'; ++ ++ /* Truncate path if it's overlength */ ++ if (strlen(curname) >= MAXPGPATH) ++ curname[MAXPGPATH - 1] = '\0'; ++ ++ /* ++ * Finished isolating current name --- add it to list ++ */ ++ curname = pstrdup(curname); ++ canonicalize_path(curname); ++ *namelist = lappend(*namelist, curname); ++ ++ /* Loop back if we didn't reach end of string */ ++ } while (!done); ++ ++ return true; ++} ++ ++ + /***************************************************************************** + * Comparison Functions used for bytea + * +diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c +index f994af6..db5303c 100644 +--- a/src/backend/utils/init/miscinit.c ++++ b/src/backend/utils/init/miscinit.c +@@ -49,8 +49,8 @@ + + ProcessingMode Mode = InitProcessing; + +-/* Note: we rely on this to initialize as zeroes */ +-static char socketLockFile[MAXPGPATH]; ++/* List of lock files to be removed at proc exit */ ++static List *lock_files = NIL; + + + /* ---------------------------------------------------------------- +@@ -640,32 +640,35 @@ GetUserNameFromId(Oid roleid) + */ + + /* +- * proc_exit callback to remove a lockfile. ++ * proc_exit callback to remove lockfiles. + */ + static void +-UnlinkLockFile(int status, Datum filename) ++UnlinkLockFiles(int status, Datum arg) + { +- char *fname = (char *) DatumGetPointer(filename); ++ ListCell *l; + +- if (fname != NULL) ++ foreach(l, lock_files) + { +- if (unlink(fname) != 0) +- { +- /* Should we complain if the unlink fails? */ +- } +- free(fname); ++ char *curfile = (char *) lfirst(l); ++ ++ unlink(curfile); ++ /* Should we complain if the unlink fails? */ + } ++ /* Since we're about to exit, no need to reclaim storage */ ++ lock_files = NIL; + } + + /* + * Create a lockfile. + * +- * filename is the name of the lockfile to create. ++ * filename is the path name of the lockfile to create. + * amPostmaster is used to determine how to encode the output PID. ++ * socketDir is the Unix socket directory path to include (possibly empty). + * isDDLock and refName are used to determine what error message to produce. + */ + static void + CreateLockFile(const char *filename, bool amPostmaster, ++ const char *socketDir, + bool isDDLock, const char *refName) + { + int fd; +@@ -891,12 +894,7 @@ CreateLockFile(const char *filename, bool amPostmaster, + DataDir, + (long) MyStartTime, + PostPortNumber, +-#ifdef HAVE_UNIX_SOCKETS +- (*UnixSocketDir != '\0') ? UnixSocketDir : DEFAULT_PGSOCKET_DIR +-#else +- "" +-#endif +- ); ++ socketDir); + + /* + * In a standalone backend, the next line (LOCK_FILE_LINE_LISTEN_ADDR) +@@ -941,9 +939,14 @@ CreateLockFile(const char *filename, bool amPostmaster, + } + + /* +- * Arrange for automatic removal of lockfile at proc_exit. ++ * Arrange to unlink the lock file(s) at proc_exit. If this is the ++ * first one, set up the on_proc_exit function to do it; then add this ++ * lock file to the list of files to unlink. + */ +- on_proc_exit(UnlinkLockFile, PointerGetDatum(strdup(filename))); ++ if (lock_files == NIL) ++ on_proc_exit(UnlinkLockFiles, 0); ++ ++ lock_files = lappend(lock_files, pstrdup(filename)); + } + + /* +@@ -952,41 +955,50 @@ CreateLockFile(const char *filename, bool amPostmaster, + * When this is called, we must have already switched the working + * directory to DataDir, so we can just use a relative path. This + * helps ensure that we are locking the directory we should be. ++ * ++ * Note that the socket directory path line is initially written as empty. ++ * postmaster.c will rewrite it upon creating the first Unix socket. + */ + void + CreateDataDirLockFile(bool amPostmaster) + { +- CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, true, DataDir); ++ CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, "", true, DataDir); + } + + /* + * Create a lockfile for the specified Unix socket file. + */ + void +-CreateSocketLockFile(const char *socketfile, bool amPostmaster) ++CreateSocketLockFile(const char *socketfile, bool amPostmaster, ++ const char *socketDir) + { + char lockfile[MAXPGPATH]; + + snprintf(lockfile, sizeof(lockfile), "%s.lock", socketfile); +- CreateLockFile(lockfile, amPostmaster, false, socketfile); +- /* Save name of lockfile for TouchSocketLockFile */ +- strcpy(socketLockFile, lockfile); ++ CreateLockFile(lockfile, amPostmaster, socketDir, false, socketfile); + } + + /* +- * TouchSocketLockFile -- mark socket lock file as recently accessed ++ * TouchSocketLockFiles -- mark socket lock files as recently accessed + * +- * This routine should be called every so often to ensure that the lock file +- * has a recent mod or access date. That saves it ++ * This routine should be called every so often to ensure that the socket ++ * lock files have a recent mod or access date. That saves them + * from being removed by overenthusiastic /tmp-directory-cleaner daemons. + * (Another reason we should never have put the socket file in /tmp...) + */ + void +-TouchSocketLockFile(void) ++TouchSocketLockFiles(void) + { +- /* Do nothing if we did not create a socket... */ +- if (socketLockFile[0] != '\0') ++ ListCell *l; ++ ++ foreach(l, lock_files) + { ++ char *socketLockFile = (char *) lfirst(l); ++ ++ /* No need to touch the data directory lock file, we trust */ ++ if (strcmp(socketLockFile, DIRECTORY_LOCK_FILE) == 0) ++ continue; ++ + /* + * utime() is POSIX standard, utimes() is a common alternative; if we + * have neither, fall back to actually reading the file (which only +@@ -1018,8 +1030,10 @@ TouchSocketLockFile(void) + * Add (or replace) a line in the data directory lock file. + * The given string should not include a trailing newline. + * +- * Caution: this erases all following lines. In current usage that is OK +- * because lines are added in order. We could improve it if needed. ++ * Note: because we don't truncate the file, if we were to rewrite a line ++ * with less data than it had before, there would be garbage after the last ++ * line. We don't ever actually do that, so not worth adding another kernel ++ * call to cover the possibility. + */ + void + AddToDataDirLockFile(int target_line, const char *str) +@@ -1027,8 +1041,10 @@ AddToDataDirLockFile(int target_line, const char *str) + int fd; + int len; + int lineno; +- char *ptr; +- char buffer[BLCKSZ]; ++ char *srcptr; ++ char *destptr; ++ char srcbuffer[BLCKSZ]; ++ char destbuffer[BLCKSZ]; + + fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0); + if (fd < 0) +@@ -1039,7 +1055,7 @@ AddToDataDirLockFile(int target_line, const char *str) + DIRECTORY_LOCK_FILE))); + return; + } +- len = read(fd, buffer, sizeof(buffer) - 1); ++ len = read(fd, srcbuffer, sizeof(srcbuffer) - 1); + if (len < 0) + { + ereport(LOG, +@@ -1049,37 +1065,51 @@ AddToDataDirLockFile(int target_line, const char *str) + close(fd); + return; + } +- buffer[len] = '\0'; ++ srcbuffer[len] = '\0'; + + /* +- * Skip over lines we are not supposed to rewrite. ++ * Advance over lines we are not supposed to rewrite, then copy them ++ * to destbuffer. + */ +- ptr = buffer; ++ srcptr = srcbuffer; + for (lineno = 1; lineno < target_line; lineno++) + { +- if ((ptr = strchr(ptr, '\n')) == NULL) ++ if ((srcptr = strchr(srcptr, '\n')) == NULL) + { + elog(LOG, "incomplete data in \"%s\": found only %d newlines while trying to add line %d", + DIRECTORY_LOCK_FILE, lineno - 1, target_line); + close(fd); + return; + } +- ptr++; ++ srcptr++; + } ++ memcpy(destbuffer, srcbuffer, srcptr - srcbuffer); ++ destptr = destbuffer + (srcptr - srcbuffer); + + /* + * Write or rewrite the target line. + */ +- snprintf(ptr, buffer + sizeof(buffer) - ptr, "%s\n", str); ++ snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s\n", str); ++ destptr += strlen(destptr); ++ ++ /* ++ * If there are more lines in the old file, append them to destbuffer. ++ */ ++ if ((srcptr = strchr(srcptr, '\n')) != NULL) ++ { ++ srcptr++; ++ snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s", ++ srcptr); ++ } + + /* + * And rewrite the data. Since we write in a single kernel call, this + * update should appear atomic to onlookers. + */ +- len = strlen(buffer); ++ len = strlen(destbuffer); + errno = 0; + if (lseek(fd, (off_t) 0, SEEK_SET) != 0 || +- (int) write(fd, buffer, len) != len) ++ (int) write(fd, destbuffer, len) != len) + { + /* if write didn't set errno, assume problem is no disk space */ + if (errno == 0) +diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c +index e5ee0f8..1428cb6 100644 +--- a/src/backend/utils/misc/guc.c ++++ b/src/backend/utils/misc/guc.c +@@ -2894,14 +2894,18 @@ static struct config_string ConfigureNamesString[] = + }, + + { +- {"unix_socket_directory", PGC_POSTMASTER, CONN_AUTH_SETTINGS, +- gettext_noop("Sets the directory where the Unix-domain socket will be created."), ++ {"unix_socket_directories", PGC_POSTMASTER, CONN_AUTH_SETTINGS, ++ gettext_noop("Sets the directories where Unix-domain sockets will be created."), + NULL, + GUC_SUPERUSER_ONLY + }, +- &UnixSocketDir, ++ &Unix_socket_directories, ++#ifdef HAVE_UNIX_SOCKETS ++ DEFAULT_PGSOCKET_DIR, ++#else + "", +- check_canonical_path, NULL, NULL ++#endif ++ NULL, NULL, NULL + }, + + { +diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample +index 013a91a..c0ab61c 100644 +--- a/src/backend/utils/misc/postgresql.conf.sample ++++ b/src/backend/utils/misc/postgresql.conf.sample +@@ -67,7 +67,8 @@ + # Note: Increasing max_connections costs ~400 bytes of shared memory per + # connection slot, plus lock space (see max_locks_per_transaction). + #superuser_reserved_connections = 3 # (change requires restart) +-#unix_socket_directory = '' # (change requires restart) ++#unix_socket_directories = '/tmp' # comma-separated list of directories ++ # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c +index 23fa468..452ac0b 100644 +--- a/src/bin/initdb/initdb.c ++++ b/src/bin/initdb/initdb.c +@@ -991,7 +991,7 @@ static void + setup_config(void) + { + char **conflines; +- char repltok[TZ_STRLEN_MAX + 100]; ++ char repltok[MAXPGPATH]; + char path[MAXPGPATH]; + const char *default_timezone; + +@@ -1013,6 +1013,15 @@ setup_config(void) + n_buffers * (BLCKSZ / 1024)); + conflines = replace_token(conflines, "#shared_buffers = 32MB", repltok); + ++#ifdef HAVE_UNIX_SOCKETS ++ snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'", ++ DEFAULT_PGSOCKET_DIR); ++#else ++ snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''"); ++#endif ++ conflines = replace_token(conflines, "#unix_socket_directories = '/tmp'", ++ repltok); ++ + #if DEF_PGPORT != 5432 + snprintf(repltok, sizeof(repltok), "#port = %d", DEF_PGPORT); + conflines = replace_token(conflines, "#port = 5432", repltok); +diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c +index 66ef6bd..b815ef2 100644 +--- a/src/bin/pg_ctl/pg_ctl.c ++++ b/src/bin/pg_ctl/pg_ctl.c +@@ -561,7 +561,7 @@ test_postmaster_connection(bool do_checkpoint) + hostaddr = optlines[LOCK_FILE_LINE_LISTEN_ADDR - 1]; + + /* +- * While unix_socket_directory can accept relative ++ * While unix_socket_directories can accept relative + * directories, libpq's host parameter must have a + * leading slash to indicate a socket directory. So, + * ignore sockdir if it's relative, and try to use TCP +diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h +index 6dd91ba..2bfec2b 100644 +--- a/src/include/libpq/libpq.h ++++ b/src/include/libpq/libpq.h +@@ -44,12 +44,12 @@ typedef struct + /* + * prototypes for functions in pqcomm.c + */ +-extern int StreamServerPort(int family, char *hostName, +- unsigned short portNumber, char *unixSocketName, pgsocket ListenSocket[], +- int MaxListen); ++extern int StreamServerPort(int family, char *hostName, ++ unsigned short portNumber, char *unixSocketDir, ++ pgsocket ListenSocket[], int MaxListen); + extern int StreamConnection(pgsocket server_fd, Port *port); + extern void StreamClose(pgsocket sock); +-extern void TouchSocketFile(void); ++extern void TouchSocketFiles(void); + extern void pq_init(void); + extern void pq_comm_reset(void); + extern int pq_getbytes(char *s, size_t len); +diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h +index 1051ca4..e6c663c 100644 +--- a/src/include/miscadmin.h ++++ b/src/include/miscadmin.h +@@ -424,7 +424,7 @@ extern char *local_preload_libraries_string; + * 2 data directory path + * 3 postmaster start timestamp (time_t representation) + * 4 port number +- * 5 socket directory path (empty on Windows) ++ * 5 first Unix socket directory path (empty if none) + * 6 first listen_address (IP address or "*"; empty if no TCP port) + * 7 shared memory key (not present on Windows) + * +@@ -443,8 +443,9 @@ extern char *local_preload_libraries_string; + #define LOCK_FILE_LINE_SHMEM_KEY 7 + + extern void CreateDataDirLockFile(bool amPostmaster); +-extern void CreateSocketLockFile(const char *socketfile, bool amPostmaster); +-extern void TouchSocketLockFile(void); ++extern void CreateSocketLockFile(const char *socketfile, bool amPostmaster, ++ const char *socketDir); ++extern void TouchSocketLockFiles(void); + extern void AddToDataDirLockFile(int target_line, const char *str); + extern bool RecheckDataDirLockFile(void); + extern void ValidatePgVersion(const char *path); +diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h +index 683ce3c..080a8ca 100644 +--- a/src/include/postmaster/postmaster.h ++++ b/src/include/postmaster/postmaster.h +@@ -19,7 +19,7 @@ extern int ReservedBackends; + extern int PostPortNumber; + extern int Unix_socket_permissions; + extern char *Unix_socket_group; +-extern char *UnixSocketDir; ++extern char *Unix_socket_directories; + extern char *ListenAddresses; + extern bool ClientAuthInProgress; + extern int PreAuthDelay; +diff --git a/src/include/utils/builtins.h b/src/include/utils/builtins.h +index 4bf07e4..c830243 100644 +--- a/src/include/utils/builtins.h ++++ b/src/include/utils/builtins.h +@@ -754,6 +754,8 @@ extern int varstr_cmp(char *arg1, int len1, char *arg2, int len2, Oid collid); + extern List *textToQualifiedNameList(text *textval); + extern bool SplitIdentifierString(char *rawstring, char separator, + List **namelist); ++extern bool SplitDirectoriesString(char *rawstring, char separator, ++ List **namelist); + extern Datum replace_text(PG_FUNCTION_ARGS); + extern text *replace_text_regexp(text *src_text, void *regexp, + text *replace_text, bool glob); +diff --git a/doc/src/sgml/html-stamp b/doc/src/sgml/html-stamp +index e69de29..fcf9276 100644 +--- a/doc/src/sgml/html-stamp ++++ b/doc/src/sgml/html-stamp +@@ -0,0 +1 @@ ++hack +diff --git a/doc/src/sgml/man-stamp b/doc/src/sgml/man-stamp +index e69de29..fcf9276 100644 +--- a/doc/src/sgml/man-stamp ++++ b/doc/src/sgml/man-stamp +@@ -0,0 +1 @@ ++hack diff --git a/SOURCES/postgresql-perl-rpath.patch b/SOURCES/postgresql-perl-rpath.patch new file mode 100644 index 0000000..59c199b --- /dev/null +++ b/SOURCES/postgresql-perl-rpath.patch @@ -0,0 +1,22 @@ +We configure Postgres with --disable-rpath because for the most part we +want to leave it to ldconfig to determine where libraries are. However, +for some reason the Perl package puts libperl.so in a nonstandard place +and doesn't add that place to the ldconfig search path. I think this +is a Perl packaging bug, myself, but apparently it's not going to change. +So work around it by adding an rpath spec to plperl.so (only). +Per bug #162198. + + +diff -Naur postgresql-9.1.5.orig/src/pl/plperl/GNUmakefile postgresql-9.1.5/src/pl/plperl/GNUmakefile +--- postgresql-9.1.5.orig/src/pl/plperl/GNUmakefile 2012-08-14 18:41:04.000000000 -0400 ++++ postgresql-9.1.5/src/pl/plperl/GNUmakefile 2012-08-17 11:15:09.457116708 -0400 +@@ -43,6 +43,9 @@ + + SHLIB_LINK = $(perl_embed_ldflags) + ++# Force rpath to be used even though we disable it everywhere else ++SHLIB_LINK += $(rpath) ++ + REGRESS_OPTS = --dbname=$(PL_TESTDB) --load-extension=plperl --load-extension=plperlu + REGRESS = plperl plperl_lc plperl_trigger plperl_shared plperl_elog plperl_util plperl_init plperlu plperl_array + # if Perl can support two interpreters in one backend, diff --git a/SOURCES/postgresql-setup b/SOURCES/postgresql-setup new file mode 100755 index 0000000..3af2ff8 --- /dev/null +++ b/SOURCES/postgresql-setup @@ -0,0 +1,299 @@ +#!/bin/bash +# +# postgresql-setup - Initialization and upgrade operations for PostgreSQL + +# For SELinux we need to use 'runuser' not 'su' +if [ -x /sbin/runuser ]; then + SU=runuser +else + SU=su +fi + +if test "$(id -u)" -eq 0; then + cmd= + for v in PGSETUP_DEBUG PGSETUP_INITDB_OPTIONS PGSETUP_PGUPGRADE_OPTIONS; do + eval var_content=\$$v + test -z "$var_content" && continue + cmd+=$v="$(printf %q "$var_content") " + done + cmd+=$(printf %q "$(readlink -f "$0")") + for arg; do cmd+=" $(printf %q "$arg")" ; done + # Drop root privileges asap. It's not recommended to run postgresql-setup + # script under root nowadays; so we take the liberty to switch to the + # PostgreSQL admin user (by default 'postgres') without any other option. + exec $SU -s /bin/sh postgres -c "$cmd" +fi + +die () { echo >&2 "$*"; exit 1; } + +test "$(id -u)" -eq 0 && exit 1 + +# ensure privacy +umask 0077 + +: ${RESTORECON=/sbin/restorecon} +test -x $RESTORECON || RESTORECON=: + +test x"$PGSETUP_DEBUG" != x && set -x + +# PGVERSION is the full package version, e.g., 9.0.2 +# Note: the specfile inserts the correct value during package build +PGVERSION=xxxx + +# PGMAJORVERSION is the major version, e.g. 9.0 +PGMAJORVERSION=xxxx + +# PGENGINE is the directory containing the postmaster executable +PGENGINE=xxxx + +# PREVMAJORVERSION is the previous major version, e.g., 8.4, for upgrades +PREVMAJORVERSION=xxxx + +# PREVPGENGINE is the directory containing the previous postmaster executable +PREVPGENGINE=xxxx + +USER=postgres + +# Absorb configuration settings from the specified systemd service file, +# or the default "postgresql" service if not specified +SERVICE_NAME="$2" +if [ x"$SERVICE_NAME" = x ]; then + SERVICE_NAME=postgresql +fi + +# Pathname of the RPM distribution README +README_RPM_DIST=xxxx + +USAGE_STRING=$" +Usage: $0 {initdb|upgrade} [SERVICE_NAME] + +Script is aimed to help sysadmin with basic database cluster administration. + +The SERVICE_NAME is used for selection of proper unit configuration file; For +more info and howto/when use this script please look at the docu file +$README_RPM_DIST. The 'postgresql' +string is used when no SERVICE_NAME is explicitly passed. + +Available operation mode: + initdb Create a new PostgreSQL database cluster. This is usually the + first action you perform after PostgreSQL server installation. + upgrade Upgrade PostgreSQL database cluster to be usable with new + server. Use this if you upgraded your PostgreSQL server to + newer major version (currently from $PREVMAJORVERSION \ +to $PGMAJORVERSION). + +Environment: + PGSETUP_INITDB_OPTIONS Options carried by this variable are passed to + subsequent call of \`initdb\` binary (see man + initdb(1)). This variable is used also during + 'upgrade' mode because the new cluster is actually + re-initialized from the old one. + PGSETUP_PGUPGRADE_OPTIONS Options in this variable are passed next to the + subsequent call of \`pg_upgrade\`. For more info + about possible options please look at man + pg_upgrade(1). + PGSETUP_DEBUG Set to '1' if you want to see debugging output." + +# note that these options are useful at least for help2man processing +case "$1" in + --version) + echo "postgresql-setup $PGVERSION" + exit 0 + ;; + --help|--usage) + echo "$USAGE_STRING" + exit 0 + ;; +esac + +# this parsing technique fails for PGDATA pathnames containing spaces, +# but there's not much I can do about it given systemctl's output format... +PGDATA=`systemctl show -p Environment "${SERVICE_NAME}.service" | + sed 's/^Environment=//' | tr ' ' '\n' | + sed -n 's/^PGDATA=//p' | tail -n 1` +if [ x"$PGDATA" = x ]; then + echo "failed to find PGDATA setting in ${SERVICE_NAME}.service" + exit 1 +fi + +PGPORT=`systemctl show -p Environment "${SERVICE_NAME}.service" | + sed 's/^Environment=//' | tr ' ' '\n' | + sed -n 's/^PGPORT=//p' | tail -n 1` +if [ x"$PGPORT" = x ]; then + echo "failed to find PGPORT setting in ${SERVICE_NAME}.service" + exit 1 +fi + +# Log file for initdb +PGLOG=/var/lib/pgsql/initdb.log + +# Log file for pg_upgrade +PGUPLOG=/var/lib/pgsql/pgupgrade.log + +export PGDATA +export PGPORT + +script_result=0 + +test -w /var/lib/pgsql || { + echo >&2 $"The /var/lib/pgsql directory has wrong permissions." + echo >&2 $"Please make sure the directory is writable by postgres." + exit 1 +} + +# code shared between initdb and upgrade actions +perform_initdb(){ + if [ ! -e "$PGDATA" ]; then + mkdir "$PGDATA" || return 1 + fi + $RESTORECON "$PGDATA" + test -w "$PGDATA" || die "$PGDATA is not writeable by $USER" + + # Create the initdb log file if needed + if [ ! -e "$PGLOG" ]; then + touch "$PGLOG" || return 1 + fi + $RESTORECON "$PGLOG" + test -w "$PGLOG" || echo "$PGLOG is not writeable by $USER" + + # Initialize the database + initdbcmd=( + "$PGENGINE/initdb" --pgdata="$PGDATA" + --auth=ident + ) + eval "initdbcmd+=( $PGSETUP_INITDB_OPTIONS )" + + "${initdbcmd[@]}" >> "$PGLOG" 2>&1 < /dev/null + + mkdir "$PGDATA/pg_log" + $RESTORECON "$PGDATA/pg_log" + + if [ -f "$PGDATA/PG_VERSION" ]; then + return 0 + fi + return 1 +} + +initdb(){ + if [ -f "$PGDATA/PG_VERSION" ]; then + echo $"Data directory is not empty!" + echo + script_result=1 + else + echo -n $"Initializing database ... " + if perform_initdb; then + echo $"OK" + else + echo $"failed, see $PGLOG" + script_result=1 + fi + echo + fi +} + +upgrade(){ + # must see previous version in PG_VERSION + if [ ! -f "$PGDATA/PG_VERSION" -o \ + x`cat "$PGDATA/PG_VERSION"` != x"$PREVMAJORVERSION" ] + then + echo + echo $"Cannot upgrade because the database in $PGDATA is not of" + echo $"compatible previous version $PREVMAJORVERSION." + echo + exit 1 + fi + if [ ! -x "$PGENGINE/pg_upgrade" ]; then + echo + echo $"Please install the postgresql-upgrade RPM." + echo + exit 5 + fi + + # Set up log file for pg_upgrade + rm -f "$PGUPLOG" + touch "$PGUPLOG" || exit 1 + $RESTORECON "$PGUPLOG" + + # Move old DB to PGDATAOLD + PGDATAOLD="${PGDATA}-old" + rm -rf "$PGDATAOLD" + mv "$PGDATA" "$PGDATAOLD" || exit 1 + + # Create configuration file for upgrade process + HBA_CONF_BACKUP="$PGDATAOLD/pg_hba.conf.postgresql-setup.`date +%s`" + HBA_CONF_BACKUP_EXISTS=0 + + if [ ! -f $HBA_CONF_BACKUP ]; then + mv "$PGDATAOLD/pg_hba.conf" "$HBA_CONF_BACKUP" + HBA_CONF_BACKUP_EXISTS=1 + + # For fluent upgrade 'postgres' user should be able to connect + # to any database without password. Temporarily, no other type + # of connection is needed. + echo "local all postgres ident" > "$PGDATAOLD/pg_hba.conf" + fi + + echo -n $"Upgrading database: " + + # Create empty new-format database + if perform_initdb; then + eval "add_options=( $PGSETUP_PGUPGRADE_OPTIONS )" + # Do the upgrade + ( cd # pg_upgrade writes to $PWD + "$PGENGINE/pg_upgrade" \ + --old-bindir="$PREVPGENGINE" \ + --new-bindir="$PGENGINE" \ + --old-datadir="$PGDATAOLD" \ + --new-datadir="$PGDATA" \ + --link \ + --old-port="$PGPORT" \ + --new-port="$PGPORT" \ + --user=postgres \ + "${add_options[@]}" \ + >> "$PGUPLOG" 2>&1 < /dev/null + ) + + if [ $? -ne 0 ]; then + # pg_upgrade failed + script_result=1 + fi + else + # initdb failed + script_result=1 + fi + + # Move back the backed-up pg_hba.conf regardless of the script_result. + if [ x$HBA_CONF_BACKUP_EXISTS = x1 ]; then + mv -f "$HBA_CONF_BACKUP" "$PGDATAOLD/pg_hba.conf" + fi + + if [ $script_result -eq 0 ]; then + echo $"OK" + echo + echo $"The configuration files were replaced by default configuration." + echo $"The previous configuration and data are stored in folder" + echo $PGDATAOLD. + else + # Clean up after failure + rm -rf "$PGDATA" + mv "$PGDATAOLD" "$PGDATA" + echo $"failed" + fi + echo + echo $"See $PGUPLOG for details." +} + +# See how we were called. +case "$1" in + initdb) + initdb + ;; + upgrade) + upgrade + ;; + *) + echo >&2 "$USAGE_STRING" + exit 2 +esac + +exit $script_result diff --git a/SOURCES/postgresql-var-run-socket.patch b/SOURCES/postgresql-var-run-socket.patch new file mode 100644 index 0000000..41ab3a0 --- /dev/null +++ b/SOURCES/postgresql-var-run-socket.patch @@ -0,0 +1,73 @@ +Change the built-in default socket directory to be /var/run/postgresql. +For backwards compatibility with (probably non-libpq-based) clients that +might still expect to find the socket in /tmp, also create a socket in +/tmp. This is to resolve communication problems with clients operating +under systemd's PrivateTmp environment, which won't be using the same +global /tmp directory as the server; see bug #825448. + +Note that we apply the socket directory change at the level of the +hard-wired defaults in the C code, not by just twiddling the setting in +postgresql.conf.sample; this is so that the change will take effect on +server package update, without requiring any existing postgresql.conf +to be updated. (Of course, a user who dislikes this behavior can still +override it via postgresql.conf.) + +This patch must be applied after postgresql-multi-sockets.patch, at +least until 9.3 when that will be part of the upstream package. + +diff --git a/contrib/pg_upgrade/test.sh b/contrib/pg_upgrade/test.sh +index d44c599..845b417 100644 +--- a/contrib/pg_upgrade/test.sh ++++ b/contrib/pg_upgrade/test.sh +@@ -121,6 +121,12 @@ logdir=$PWD/log + rm -rf "$logdir" + mkdir "$logdir" + ++# we want the Unix sockets in $temp_root ++PGHOST=$temp_root ++export PGHOST ++ ++POSTMASTER_OPTS="$POSTMASTER_OPTS -c unix_socket_directories='$PGHOST'" ++ + # enable echo so the user can see what is being executed + set -x + +diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c +index 1428cb6..3613732 100644 +--- a/src/backend/utils/misc/guc.c ++++ b/src/backend/utils/misc/guc.c +@@ -2901,7 +2901,7 @@ static struct config_string ConfigureNamesString[] = + }, + &Unix_socket_directories, + #ifdef HAVE_UNIX_SOCKETS +- DEFAULT_PGSOCKET_DIR, ++ DEFAULT_PGSOCKET_DIR ", /tmp", + #else + "", + #endif +diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c +index 452ac0b..ce6ca96 100644 +--- a/src/bin/initdb/initdb.c ++++ b/src/bin/initdb/initdb.c +@@ -1015,7 +1015,7 @@ setup_config(void) + + #ifdef HAVE_UNIX_SOCKETS + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'", +- DEFAULT_PGSOCKET_DIR); ++ DEFAULT_PGSOCKET_DIR ", /tmp"); + #else + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''"); + #endif +diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h +index ee7dab0..f3e3ed9 100644 +--- a/src/include/pg_config_manual.h ++++ b/src/include/pg_config_manual.h +@@ -144,7 +144,7 @@ + * here's where to twiddle it. You can also override this at runtime + * with the postmaster's -k switch. + */ +-#define DEFAULT_PGSOCKET_DIR "/tmp" ++#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql" + + /* + * The random() function is expected to yield values between 0 and diff --git a/SOURCES/postgresql.pam b/SOURCES/postgresql.pam new file mode 100644 index 0000000..1d78594 --- /dev/null +++ b/SOURCES/postgresql.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/SOURCES/postgresql.service b/SOURCES/postgresql.service new file mode 100644 index 0000000..4a55a66 --- /dev/null +++ b/SOURCES/postgresql.service @@ -0,0 +1,59 @@ +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, the +# best way is to create a file "/etc/systemd/system/postgresql.service", +# containing +# .include /lib/systemd/system/postgresql.service +# ...make your changes here... +# For more info about custom unit files, see +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# For example, if you want to change the server's port number to 5433, +# create a file named "/etc/systemd/system/postgresql.service" containing: +# .include /lib/systemd/system/postgresql.service +# [Service] +# Environment=PGPORT=5433 +# This will override the setting appearing below. + +# Note: changing PGPORT or PGDATA will typically require adjusting SELinux +# configuration as well; see /usr/share/doc/postgresql-*/README.rpm-dist. + +# Note: do not use a PGDATA pathname containing spaces, or you will +# break postgresql-setup. + +# Note: in F-17 and beyond, /usr/lib/... is recommended in the .include line +# though /lib/... will still work. + +[Unit] +Description=PostgreSQL database server +After=network.target + +[Service] +Type=forking + +User=postgres +Group=postgres + +# Port number for server to listen on +Environment=PGPORT=5432 + +# Location of database directory +Environment=PGDATA=/var/lib/pgsql/data + +# Where to send early-startup messages from the server (before the logging +# options of postgresql.conf take effect) +# This is normally controlled by the global default set by systemd +# StandardOutput=syslog + +# Disable OOM kill on the postmaster +OOMScoreAdjust=-1000 + +ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGDATA} +ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o "-p ${PGPORT}" -w -t 300 +ExecStop=/usr/bin/pg_ctl stop -D ${PGDATA} -s -m fast +ExecReload=/usr/bin/pg_ctl reload -D ${PGDATA} -s + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/postgresql.tmpfiles.d b/SOURCES/postgresql.tmpfiles.d new file mode 100644 index 0000000..d8d960d --- /dev/null +++ b/SOURCES/postgresql.tmpfiles.d @@ -0,0 +1 @@ +d /var/run/postgresql 0755 postgres postgres - diff --git a/SOURCES/rpm-pgsql.patch b/SOURCES/rpm-pgsql.patch new file mode 100644 index 0000000..aec64ac --- /dev/null +++ b/SOURCES/rpm-pgsql.patch @@ -0,0 +1,72 @@ +For the RPMs, we want the custom installation directories to end in +/pgsql not /postgresql. This is historical but not worth changing. + +Notice that this patch also makes the appending of /pgsql unconditional. +This is to avoid unexpected behavior if the RPM is built in a working +directory whose path happens to include "postgres" or "pgsql" already. +However, datadir and sysconfdir are already set up in the specfile's +configure call, so we do not have to append anything to them. + + +diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Makefile.global.in +--- postgresql-9.0.1.orig/src/Makefile.global.in 2010-10-01 10:25:44.000000000 -0400 ++++ postgresql-9.0.1/src/Makefile.global.in 2010-10-11 11:52:05.224975308 -0400 +@@ -55,8 +55,7 @@ + # Installation directories + # + # These are set by the equivalent --xxxdir configure options. We +-# append "postgresql" to some of them, if the string does not already +-# contain "pgsql" or "postgres", in order to avoid directory clutter. ++# append "pgsql" to some of them, in order to avoid directory clutter. + # + # In a PGXS build, we cannot use the values inserted into Makefile.global + # by configure, since the installation tree may have been relocated. +@@ -74,45 +73,23 @@ + bindir := @bindir@ + + datadir := @datadir@ +-ifeq "$(findstring pgsql, $(datadir))" "" +-ifeq "$(findstring postgres, $(datadir))" "" +-override datadir := $(datadir)/postgresql +-endif +-endif + + sysconfdir := @sysconfdir@ +-ifeq "$(findstring pgsql, $(sysconfdir))" "" +-ifeq "$(findstring postgres, $(sysconfdir))" "" +-override sysconfdir := $(sysconfdir)/postgresql +-endif +-endif + + libdir := @libdir@ + + pkglibdir = $(libdir) +-ifeq "$(findstring pgsql, $(pkglibdir))" "" +-ifeq "$(findstring postgres, $(pkglibdir))" "" +-override pkglibdir := $(pkglibdir)/postgresql +-endif +-endif ++override pkglibdir := $(pkglibdir)/pgsql + + includedir := @includedir@ + + pkgincludedir = $(includedir) +-ifeq "$(findstring pgsql, $(pkgincludedir))" "" +-ifeq "$(findstring postgres, $(pkgincludedir))" "" +-override pkgincludedir := $(pkgincludedir)/postgresql +-endif +-endif ++override pkgincludedir := $(pkgincludedir)/pgsql + + mandir := @mandir@ + + docdir := @docdir@ +-ifeq "$(findstring pgsql, $(docdir))" "" +-ifeq "$(findstring postgres, $(docdir))" "" +-override docdir := $(docdir)/postgresql +-endif +-endif ++override docdir := $(docdir)/pgsql + + htmldir := @htmldir@ + diff --git a/SOURCES/upgrade.sh b/SOURCES/upgrade.sh new file mode 100755 index 0000000..c542494 --- /dev/null +++ b/SOURCES/upgrade.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# +# Legacy action script for "service postgresql upgrade" + +# Find the name of the service +SERVICE_NAME=$(basename $(dirname "$0")) +if [ x"$SERVICE_NAME" = x. ] +then + SERVICE_NAME=postgresql +fi + +echo Hint: the preferred way to do this is now '"postgresql-setup upgrade"' >&2 + +/usr/bin/postgresql-setup upgrade "$SERVICE_NAME" + +exit $? diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec new file mode 100644 index 0000000..1c12079 --- /dev/null +++ b/SPECS/postgresql.spec @@ -0,0 +1,2012 @@ +# This is the PostgreSQL Global Development Group Official RPMset spec file, +# or a derivative thereof. +# Copyright 2003-2009 Lamar Owen +# and others listed. + +# Major Contributors: +# --------------- +# Lamar Owen +# Trond Eivind Glomsrd +# Thomas Lockhart +# Reinhard Max +# Karl DeBisschop +# Peter Eisentraut +# Joe Conway +# Andrew Overholt +# David Jee +# Kaj J. Niemi +# Sander Steffann +# Tom Lane +# and others in the Changelog.... + +# This spec file and ancillary files are licensed in accordance with +# The PostgreSQL license. + +# In this file you can find the default build package list macros. +# These can be overridden by defining on the rpm command line: +# rpm --define 'packagename 1' .... to force the package to build. +# rpm --define 'packagename 0' .... to force the package NOT to build. +# The base package, the libs package, the devel package, and the server package +# always get built. + +%{!?beta:%global beta 0} +%{?beta:%global __os_install_post /usr/lib/rpm/brp-compress} + +%{!?test:%global test 1} +%{!?upgrade:%global upgrade 1} +%{!?plpython:%global plpython 1} +%if 0%{?fedora} > 12 +%{!?plpython3:%global plpython3 1} +%else +%{!?plpython3:%global plpython3 0} +%endif +%{!?pltcl:%global pltcl 1} +%{!?plperl:%global plperl 1} +%{!?ssl:%global ssl 1} +%{!?kerberos:%global kerberos 1} +%{!?ldap:%global ldap 1} +%{!?nls:%global nls 1} +%{!?uuid:%global uuid 1} +%{!?xml:%global xml 1} +%{!?pam:%global pam 1} +%{!?sdt:%global sdt 1} +%{!?selinux:%global selinux 1} +%{!?runselftest:%global runselftest 1} + +# By default, patch(1) creates backup files when chunks apply with offsets. +# Turn that off to ensure such files don't get included in RPMs. +%global _default_patch_flags --no-backup-if-mismatch + +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + +Summary: PostgreSQL client programs +Name: postgresql +%global majorversion 9.2 +Version: 9.2.24 +Release: 1%{?dist} + +# The PostgreSQL license is very similar to other MIT licenses, but the OSI +# recognizes it as an independent license, so we do as well. +License: PostgreSQL +Group: Applications/Databases +Url: http://www.postgresql.org/ + +# This number must be NVR-greater than any PG version shipped in F15: +%global first_systemd_version 0:9.0.99 + +# This SRPM includes a copy of the previous major release, which is needed for +# in-place upgrade of an old database. In most cases it will not be critical +# that this be kept up with the latest minor release of the previous series; +# but update when bugs affecting pg_dump output are fixed. +%global prevversion 8.4.22 +%global prevmajorversion 8.4 + +Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 +# The PDF file is generated by generate-pdf.sh, which see for comments +Source1: postgresql-%{version}-US.pdf +# generate-pdf.sh is not used during RPM build, but include for documentation +Source2: generate-pdf.sh +Source3: ftp://ftp.postgresql.org/pub/source/v%{prevversion}/postgresql-%{prevversion}.tar.bz2 +Source4: postgresql-check-db-dir +Source5: Makefile.regress +Source6: pg_config.h +Source7: ecpg_config.h +Source8: README.rpm-dist +Source9: postgresql-setup +Source10: postgresql.service +Source11: initdb.sh +Source12: upgrade.sh +Source13: postgresql.tmpfiles.d +Source14: postgresql.pam +Source15: postgresql-bashprofile + +# Comments for these patches are in the patch files. +Patch1: rpm-pgsql.patch +Patch2: postgresql-logging.patch +Patch3: postgresql-perl-rpath.patch +Patch4: postgresql-config-comment.patch +Patch5: postgresql-multi-sockets.patch +Patch6: postgresql-var-run-socket.patch + +# Comments for these patches are in the patch files. +Patch8: postgresql-man.patch + +# Add support for atomic operations TAS/S_UNLOCK in |aarch64. +# ~> upstream (612ecf311b) +# ~> #970661 +Patch11: postgresql-9.2.4-aarch64-atomic-upgrade.patch + +# Force older postgres to create socket file in /var/run/postgresql +# ~> downstream +Patch12: postgresql-9.2.4-upgrade-from-8.4.13.patch + +# When user complicates access of 'postgres' user to the database, the +# pg_upgrade can left the old server running - and re-run of pg_upgrade thus +# does not help. This patch stops the server in described scenario properly. +# ~> not yet upstream, patch by Bruce Momjian: +# ~> http://www.postgresql.org/message-id/20130812193347.GD12510@momjian.us +# ~> #896161 +Patch13: postgresql-9.2.4-upgrade-and-perm-problems.patch + +# Backport fix for CVE-2018-10915 +# Upstream commit: 210eb9b743c0645df05e5c8be4490ba4f09fc871 +# Upstream commit: db6e8e1624a8f0357373450136c850f2b6e7fc8a +# Upstream commit: f2fa0c6514b6c5b7bccfe5050f6791dea1113c2e +# Upstream commit: 243de06be96d6001d01f2ec7c4573aad8b657195 +Patch14: postgresql-CVE-2018-10915.patch + +BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk help2man +BuildRequires: perl(ExtUtils::Embed), perl-devel +BuildRequires: readline-devel zlib-devel +BuildRequires: systemd-units + +%if %plpython +BuildRequires: python-devel +%endif + +%if %plpython3 +BuildRequires: python3-devel +%endif + +%if %pltcl +BuildRequires: tcl-devel +%endif + +%if %ssl +BuildRequires: openssl-devel +%endif + +%if %kerberos +BuildRequires: krb5-devel +%endif + +%if %ldap +BuildRequires: openldap-devel +%endif + +%if %nls +BuildRequires: gettext >= 0.10.35 +%endif + +%if %uuid +BuildRequires: uuid-devel +%endif + +%if %xml +BuildRequires: libxml2-devel libxslt-devel +%endif + +%if %pam +BuildRequires: pam-devel +%endif + +%if %sdt +BuildRequires: systemtap-sdt-devel +%endif + +%if %selinux +BuildRequires: libselinux-devel +%endif + +# main package requires -libs subpackage +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description +PostgreSQL is an advanced Object-Relational database management system (DBMS). +The base postgresql package contains the client programs that you'll need to +access a PostgreSQL DBMS server, as well as HTML documentation for the whole +system. These client programs can be located on the same machine as the +PostgreSQL server, or on a remote machine that accesses a PostgreSQL server +over a network connection. The PostgreSQL server can be found in the +postgresql-server sub-package. + + +%package libs +Summary: The shared libraries required for any PostgreSQL clients +Group: Applications/Databases +Provides: libpq.so = %{version}-%{release} +# for /sbin/ldconfig +Requires(post): glibc +Requires(postun): glibc + +%description libs +The postgresql-libs package provides the essential shared libraries for any +PostgreSQL client program or interface. You will need to install this package +to use any other PostgreSQL package or any clients that need to connect to a +PostgreSQL server. + + +%package server +Summary: The programs needed to create and run a PostgreSQL server +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires(pre): /usr/sbin/useradd +# We require this to be present for %%{_prefix}/lib/tmpfiles.d +Requires: systemd-units +# Make sure it's there when scriptlets run, too +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +# This is actually needed for the %%triggerun script but Requires(triggerun) +# is not valid. We can use post because this particular %%triggerun script +# should fire just after this package is installed. +Requires(post): systemd-sysv +Requires(post): chkconfig + +%description server +PostgreSQL is an advanced Object-Relational database management system (DBMS). +The postgresql-server package contains the programs needed to create +and run a PostgreSQL server, which will in turn allow you to create +and maintain PostgreSQL databases. + + +%package docs +Summary: Extra documentation for PostgreSQL +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description docs +The postgresql-docs package contains some additional documentation for +PostgreSQL. Currently, this includes the main documentation in PDF format +and source files for the PostgreSQL tutorial. + + +%package contrib +Summary: Extension modules distributed with PostgreSQL +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description contrib +The postgresql-contrib package contains various extension modules that are +included in the PostgreSQL distribution. + + +%package devel +Summary: PostgreSQL development header files and libraries +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +The postgresql-devel package contains the header files and libraries +needed to compile C or C++ applications which will directly interact +with a PostgreSQL database management server. It also contains the ecpg +Embedded C Postgres preprocessor. You need to install this package if you want +to develop applications which will interact with a PostgreSQL server. + + +%package static +Summary: Statically linked PostgreSQL libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} + +%description static +Statically linked PostgreSQL libraries that do not have dynamically linked +counterparts. + + +%if %upgrade +%package upgrade +Summary: Support for upgrading from the previous major release of PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description upgrade +The postgresql-upgrade package contains the pg_upgrade utility and supporting +files needed for upgrading a PostgreSQL database from the previous major +version of PostgreSQL. +%endif + + +%if %plperl +%package plperl +Summary: The Perl procedural language for PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description plperl +The postgresql-plperl package contains the PL/Perl procedural language, +which is an extension to the PostgreSQL database server. +Install this if you want to write database functions in Perl. +%endif + +%if %plpython +%package plpython +Summary: The Python2 procedural language for PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} + +%description plpython +The postgresql-plpython package contains the PL/Python procedural language, +which is an extension to the PostgreSQL database server. +Install this if you want to write database functions in Python 2. +%endif + +%if %plpython3 +%package plpython3 +Summary: The Python3 procedural language for PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} + +%description plpython3 +The postgresql-plpython3 package contains the PL/Python3 procedural language, +which is an extension to the PostgreSQL database server. +Install this if you want to write database functions in Python 3. +%endif + +%if %pltcl +%package pltcl +Summary: The Tcl procedural language for PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} + +%description pltcl +The postgresql-pltcl package contains the PL/Tcl procedural language, +which is an extension to the PostgreSQL database server. +Install this if you want to write database functions in Tcl. +%endif + +%if %test +%package test +Summary: The test suite distributed with PostgreSQL +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{version}-%{release} +Requires: %{name}-devel%{?_isa} = %{version}-%{release} + +%description test +The postgresql-test package contains files needed for various tests for the +PostgreSQL database management system, including regression tests and +benchmarks. +%endif + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch8 -p1 +%patch13 -p1 +%patch14 -p1 + +# We used to run autoconf here, but there's no longer any real need to, +# since Postgres ships with a reasonably modern configure script. + +# add ppc64p7 support (https://fedoraproject.org/wiki/Features/Power7Subarch) +# hopefully need for this will go away next time upstream updates config.sub +sed -i -e "s/ppc64-\*/ppc64-\* \| ppc64p7-\*/" config/config.sub + +cp -p %{SOURCE1} . + +%if %upgrade +tar xfj %{SOURCE3} +# make sure older version is up-to-date on config.guess/config.sub; +# not always necessary, but PG 9.2 knows about aarch64 while 9.1 doesn't +# (and also see the ppc64p7 hack above) +cp -p config/config.guess postgresql-%{prevversion}/config/config.guess +cp -p config/config.sub postgresql-%{prevversion}/config/config.sub + +pushd postgresql-%{prevversion} +%patch11 -p2 +%patch12 -p2 +popd +%endif + +# remove .gitignore files to ensure none get into the RPMs (bug #642210) +find . -type f -name .gitignore | xargs rm + +# prep the setup script, including insertion of some values it needs +sed -e 's|^PGVERSION=.*$|PGVERSION=%{version}|' \ + -e 's|^PGMAJORVERSION=.*$|PGMAJORVERSION=%{majorversion}|' \ + -e 's|^PGENGINE=.*$|PGENGINE=%{_bindir}|' \ + -e 's|^PREVMAJORVERSION=.*$|PREVMAJORVERSION=%{prevmajorversion}|' \ + -e 's|^PREVPGENGINE=.*$|PREVPGENGINE=%{_libdir}/pgsql/postgresql-%{prevmajorversion}/bin|' \ + -e 's|^README_RPM_DIST=.*$|README_RPM_DIST=%{_pkgdocdir}/%(basename %{SOURCE8})|' \ + <%{SOURCE9} >postgresql-setup +touch -r %{SOURCE9} postgresql-setup +chmod +x postgresql-setup +help2man -N -m "Postgresql RPM-dist manual" ./postgresql-setup -o postgresql-setup.1 + +# prep the startup check script, including insertion of some values it needs +sed -e 's|^PGVERSION=.*$|PGVERSION=%{version}|' \ + -e 's|^PREVMAJORVERSION=.*$|PREVMAJORVERSION=%{prevmajorversion}|' \ + -e 's|^PGDOCDIR=.*$|PGDOCDIR=%{_pkgdocdir}|' \ + <%{SOURCE4} >postgresql-check-db-dir +touch -r %{SOURCE4} postgresql-check-db-dir + +%build + +# fail quickly and obviously if user tries to build as root +%if %runselftest + if [ x"`id -u`" = x0 ]; then + echo "postgresql's regression tests fail if run as root." + echo "If you really need to build the RPM as root, use" + echo "--define='runselftest 0' to skip the regression tests." + exit 1 + fi +%endif + +# Fiddling with CFLAGS. + +CFLAGS="${CFLAGS:-%optflags}" +%ifarch %{power64} +# See the bug #1051075, ppc64 should benefit from -O3 +CFLAGS=`echo $CFLAGS | xargs -n 1 | sed 's|-O2|-O3|g' | xargs -n 100` +%endif +# Strip out -ffast-math from CFLAGS.... +CFLAGS=`echo $CFLAGS|xargs -n 1|grep -v ffast-math|xargs -n 100` +# Add LINUX_OOM_SCORE_ADJ=0 to ensure child processes reset postmaster's oom_score_adj +CFLAGS="$CFLAGS -DLINUX_OOM_SCORE_ADJ=0" +export CFLAGS + +# plpython requires separate configure/build runs to build against python 2 +# versus python 3. Our strategy is to do the python 3 run first, then make +# distclean and do it again for the "normal" build. Note that the installed +# Makefile.global will reflect the python 2 build, which seems appropriate +# since that's still considered the default plpython version. +%if %plpython3 + +export PYTHON=/usr/bin/python3 + +# These configure options must match main build +%configure --disable-rpath \ +%if %beta + --enable-debug \ + --enable-cassert \ +%endif +%if %plperl + --with-perl \ +%endif +%if %pltcl + --with-tcl \ + --with-tclconfig=%{_libdir} \ +%endif +%if %plpython3 + --with-python \ +%endif +%if %ldap + --with-ldap \ +%endif +%if %ssl + --with-openssl \ +%endif +%if %pam + --with-pam \ +%endif +%if %kerberos + --with-krb5 \ + --with-gssapi \ +%endif +%if %uuid + --with-ossp-uuid \ +%endif +%if %xml + --with-libxml \ + --with-libxslt \ +%endif +%if %nls + --enable-nls \ +%endif +%if %sdt + --enable-dtrace \ +%endif +%if %selinux + --with-selinux \ +%endif + --with-system-tzdata=%{_datadir}/zoneinfo \ + --datadir=%{_datadir}/pgsql + +# Fortunately we don't need to build much except plpython itself +cd src/backend +make submake-errcodes +cd ../.. +cd src/pl/plpython +make %{?_smp_mflags} all +cd .. +# save built form in a directory that "make distclean" won't touch +cp -a plpython plpython3 +cd ../.. + +# must also save this version of Makefile.global for later +cp src/Makefile.global src/Makefile.global.python3 + +make distclean + +%endif + +unset PYTHON + +# Normal (not python3) build begins here + +%configure --disable-rpath \ +%if %beta + --enable-debug \ + --enable-cassert \ +%endif +%if %plperl + --with-perl \ +%endif +%if %pltcl + --with-tcl \ + --with-tclconfig=%{_libdir} \ +%endif +%if %plpython + --with-python \ +%endif +%if %ldap + --with-ldap \ +%endif +%if %ssl + --with-openssl \ +%endif +%if %pam + --with-pam \ +%endif +%if %kerberos + --with-krb5 \ + --with-gssapi \ +%endif +%if %uuid + --with-ossp-uuid \ +%endif +%if %xml + --with-libxml \ + --with-libxslt \ +%endif +%if %nls + --enable-nls \ +%endif +%if %sdt + --enable-dtrace \ +%endif +%if %selinux + --with-selinux \ +%endif + --with-system-tzdata=/usr/share/zoneinfo \ + --datadir=/usr/share/pgsql + +make %{?_smp_mflags} world + +# Have to hack makefile to put correct path into tutorial scripts +sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile +make %{?_smp_mflags} -C src/tutorial NO_PGXS=1 all +rm -f src/tutorial/GNUmakefile + +%if %runselftest + pushd src/test/regress + make all + make MAX_CONNECTIONS=5 check + make clean + popd + pushd src/pl + make MAX_CONNECTIONS=5 check + popd +%if %plpython3 + # must install Makefile.global that selects python3 + mv src/Makefile.global src/Makefile.global.save + cp src/Makefile.global.python3 src/Makefile.global + touch -r src/Makefile.global.save src/Makefile.global + # because "make check" does "make install" on the whole tree, + # we must temporarily install plpython3 as src/pl/plpython, + # since that is the subdirectory src/pl/Makefile knows about + mv src/pl/plpython src/pl/plpython2 + mv src/pl/plpython3 src/pl/plpython + pushd src/pl/plpython + make MAX_CONNECTIONS=5 check + popd + # and clean up our mess + mv src/pl/plpython src/pl/plpython3 + mv src/pl/plpython2 src/pl/plpython + mv -f src/Makefile.global.save src/Makefile.global +%endif + pushd contrib + make MAX_CONNECTIONS=5 check + popd + + pushd src/interfaces/ecpg + make MAX_CONNECTIONS=5 check + popd +%endif + +# undo the "make clean" above +%if %test + pushd src/test/regress + make all + popd +%endif + +%if %upgrade + pushd postgresql-%{prevversion} + + # The upgrade build can be pretty stripped-down, but make sure that + # any options that affect on-disk file layout match the previous + # major release! Also, note we intentionally do not use %%configure + # here, because we *don't* want its ideas about installation paths. + + # The -fno-aggressive-loop-optimizations is hack for #993532 + CFLAGS="$CFLAGS -fno-aggressive-loop-optimizations" ./configure \ + --build=%{_build} \ + --host=%{_host} \ + --prefix=%{_libdir}/pgsql/postgresql-%{prevmajorversion} \ + --disable-rpath \ +%if %beta + --enable-debug \ + --enable-cassert \ +%endif + --with-system-tzdata=/usr/share/zoneinfo + + make %{?_smp_mflags} all + + popd +%endif + +%install + +make DESTDIR=$RPM_BUILD_ROOT install-world + +%if %plpython3 + mv src/Makefile.global src/Makefile.global.save + cp src/Makefile.global.python3 src/Makefile.global + touch -r src/Makefile.global.save src/Makefile.global + pushd src/pl/plpython3 + make DESTDIR=$RPM_BUILD_ROOT install + popd + mv -f src/Makefile.global.save src/Makefile.global +%endif + +# make sure these directories exist even if we suppressed all contrib modules +install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/contrib +install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/pgsql/extension + +# multilib header hack; note pg_config.h is installed in two places! +# we only apply this to known Red Hat multilib arches, per bug #177564 +case `uname -i` in + i386 | x86_64 | ppc | ppc64 | s390 | s390x | sparc | sparc64 ) + mv $RPM_BUILD_ROOT/usr/include/pg_config.h $RPM_BUILD_ROOT/usr/include/pg_config_`uname -i`.h + install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/usr/include/ + mv $RPM_BUILD_ROOT/usr/include/pgsql/server/pg_config.h $RPM_BUILD_ROOT/usr/include/pgsql/server/pg_config_`uname -i`.h + install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/usr/include/pgsql/server/ + mv $RPM_BUILD_ROOT/usr/include/ecpg_config.h $RPM_BUILD_ROOT/usr/include/ecpg_config_`uname -i`.h + install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/usr/include/ + ;; + *) + ;; +esac + +install -d -m 755 $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial +cp -p src/tutorial/* $RPM_BUILD_ROOT%{_libdir}/pgsql/tutorial + +install -m 755 postgresql-setup $RPM_BUILD_ROOT%{_bindir}/postgresql-setup +install -p -m 644 postgresql-setup.1 $RPM_BUILD_ROOT%{_mandir}/man1 + +install -m 755 postgresql-check-db-dir $RPM_BUILD_ROOT%{_bindir}/postgresql-check-db-dir + +install -d $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_unitdir}/postgresql.service + +install -d $RPM_BUILD_ROOT/usr/libexec/initscripts/legacy-actions/postgresql +install -m 755 %{SOURCE11} $RPM_BUILD_ROOT/usr/libexec/initscripts/legacy-actions/postgresql/initdb +install -m 755 %{SOURCE12} $RPM_BUILD_ROOT/usr/libexec/initscripts/legacy-actions/postgresql/upgrade + +%if %pam +install -d $RPM_BUILD_ROOT/etc/pam.d +install -m 644 %{SOURCE14} $RPM_BUILD_ROOT/etc/pam.d/postgresql +%endif + +# Create the directory for sockets. +install -d -m 755 $RPM_BUILD_ROOT/var/run/postgresql + +# ... and make a tmpfiles script to recreate it at reboot. +mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir} +install -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_tmpfilesdir}/postgresql.conf + +# PGDATA needs removal of group and world permissions due to pg_pwd hole. +install -d -m 700 $RPM_BUILD_ROOT/var/lib/pgsql/data + +# backups of data go here... +install -d -m 700 $RPM_BUILD_ROOT/var/lib/pgsql/backups + +# postgres' .bash_profile +install -m 644 %{SOURCE15} $RPM_BUILD_ROOT/var/lib/pgsql/.bash_profile + + +%if %upgrade + pushd postgresql-%{prevversion} + make DESTDIR=$RPM_BUILD_ROOT install + popd + + # remove stuff we don't actually need for upgrade purposes + pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/postgresql-%{prevmajorversion} + rm bin/clusterdb + rm bin/createdb + rm bin/createlang + rm bin/createuser + rm bin/dropdb + rm bin/droplang + rm bin/dropuser + rm bin/ecpg + rm bin/initdb + rm bin/pg_config + rm bin/pg_dump + rm bin/pg_dumpall + rm bin/pg_restore + rm bin/psql + rm bin/reindexdb + rm bin/vacuumdb + rm -rf include + rm lib/dict_snowball.so + rm lib/libecpg* + rm lib/libpg* + rm lib/libpq* + rm -rf lib/pgxs + rm lib/plpgsql.so + rm -rf share/doc + rm -rf share/man + rm -rf share/tsearch_data + rm share/*.bki + rm share/*description + rm share/*.sample + rm share/*.sql + rm share/*.txt + popd +%endif + + +%if %test + # tests. There are many files included here that are unnecessary, + # but include them anyway for completeness. We replace the original + # Makefiles, however. + mkdir -p $RPM_BUILD_ROOT%{_libdir}/pgsql/test + cp -a src/test/regress $RPM_BUILD_ROOT%{_libdir}/pgsql/test + # pg_regress binary should be only in one subpackage, + # there will be a symlink from -test to -devel + rm -f $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/pg_regress + ln -sf ../../pgxs/src/test/regress/pg_regress $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/pg_regress + pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress + rm -f GNUmakefile Makefile *.o + chmod 0755 pg_regress regress.so + popd + cp %{SOURCE5} $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile + chmod 0644 $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile +%endif + +# Fix some more documentation +cp %{SOURCE8} README.rpm-dist +rm -rf doc/html # HACK! allow 'rpmbuild -bi --short-circuit' +mv $RPM_BUILD_ROOT%{_docdir}/pgsql/html doc +rm -rf $RPM_BUILD_ROOT%{_docdir}/pgsql + +# remove files not to be packaged +rm $RPM_BUILD_ROOT%{_libdir}/{libecpg,libpq,libecpg_compat,libpgtypes}.a +%if !%upgrade +rm -f $RPM_BUILD_ROOT%{_bindir}/pg_upgrade +rm -f $RPM_BUILD_ROOT%{_libdir}/pgsql/pg_upgrade_support.so +rm -f $RPM_BUILD_ROOT%{_mandir}/man1/pg_upgrade.* +%endif + +# initialize file lists +cp /dev/null main.lst +cp /dev/null libs.lst +cp /dev/null server.lst +cp /dev/null devel.lst +cp /dev/null plperl.lst +cp /dev/null pltcl.lst +cp /dev/null plpython.lst +cp /dev/null plpython3.lst + +%if %nls +%find_lang ecpg-%{majorversion} +cat ecpg-%{majorversion}.lang >>devel.lst +%find_lang ecpglib6-%{majorversion} +cat ecpglib6-%{majorversion}.lang >>libs.lst +%find_lang initdb-%{majorversion} +cat initdb-%{majorversion}.lang >>server.lst +%find_lang libpq5-%{majorversion} +cat libpq5-%{majorversion}.lang >>libs.lst +%find_lang pg_basebackup-%{majorversion} +cat pg_basebackup-%{majorversion}.lang >>server.lst +%find_lang pg_controldata-%{majorversion} +cat pg_controldata-%{majorversion}.lang >>server.lst +%find_lang pg_ctl-%{majorversion} +cat pg_ctl-%{majorversion}.lang >>server.lst +%find_lang pg_config-%{majorversion} +cat pg_config-%{majorversion}.lang >>main.lst +%find_lang pg_dump-%{majorversion} +cat pg_dump-%{majorversion}.lang >>main.lst +%find_lang pg_resetxlog-%{majorversion} +cat pg_resetxlog-%{majorversion}.lang >>server.lst +%find_lang pgscripts-%{majorversion} +cat pgscripts-%{majorversion}.lang >>main.lst +%if %plperl +%find_lang plperl-%{majorversion} +cat plperl-%{majorversion}.lang >>plperl.lst +%endif +%find_lang plpgsql-%{majorversion} +cat plpgsql-%{majorversion}.lang >>server.lst +%if %plpython +%find_lang plpython-%{majorversion} +cat plpython-%{majorversion}.lang >>plpython.lst +%endif +%if %plpython3 +# plpython3 shares message files with plpython +%find_lang plpython-%{majorversion} +cat plpython-%{majorversion}.lang >>plpython3.lst +%endif +%if %pltcl +%find_lang pltcl-%{majorversion} +cat pltcl-%{majorversion}.lang >>pltcl.lst +%endif +%find_lang postgres-%{majorversion} +cat postgres-%{majorversion}.lang >>server.lst +%find_lang psql-%{majorversion} +cat psql-%{majorversion}.lang >>main.lst +%endif + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%pre server +/usr/sbin/groupadd -g 26 -o -r postgres >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g postgres -o -r -d /var/lib/pgsql -s /bin/bash \ + -c "PostgreSQL Server" -u 26 postgres >/dev/null 2>&1 || : + +%post server +%if 0%{?systemd_post:1} +%systemd_post postgresql.service +%else +if [ $1 -eq 1 ]; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi +%endif + +# Run this when upgrading from SysV initscript to native systemd unit +%triggerun server -- postgresql-server < %{first_systemd_version} +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply postgresql +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save postgresql >/dev/null 2>&1 || : + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del postgresql >/dev/null 2>&1 || : +/bin/systemctl try-restart postgresql.service >/dev/null 2>&1 || : + +%preun server +%if 0%{?systemd_preun:1} +%systemd_preun postgresql.service +%else +if [ $1 -eq 0 ]; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable postgresql.service >/dev/null 2>&1 || : + /bin/systemctl stop postgresql.service >/dev/null 2>&1 || : +fi +%endif + +%postun server +%if 0%{?systemd_postun_with_restart:1} +%systemd_postun_with_restart postgresql.service +%else +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ]; then + # Package upgrade, not uninstall + /bin/systemctl try-restart postgresql.service >/dev/null 2>&1 || : +fi +%endif + +# FILES section. + +%files -f main.lst +%doc doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO +%doc COPYRIGHT README HISTORY doc/bug.template +%doc README.rpm-dist +%doc doc/html +%{_bindir}/clusterdb +%{_bindir}/createdb +%{_bindir}/createlang +%{_bindir}/createuser +%{_bindir}/dropdb +%{_bindir}/droplang +%{_bindir}/dropuser +%{_bindir}/pg_config +%{_bindir}/pg_dump +%{_bindir}/pg_dumpall +%{_bindir}/pg_restore +%{_bindir}/psql +%{_bindir}/reindexdb +%{_bindir}/vacuumdb +%{_mandir}/man1/clusterdb.* +%{_mandir}/man1/createdb.* +%{_mandir}/man1/createlang.* +%{_mandir}/man1/createuser.* +%{_mandir}/man1/dropdb.* +%{_mandir}/man1/droplang.* +%{_mandir}/man1/dropuser.* +%{_mandir}/man1/pg_config.* +%{_mandir}/man1/pg_dump.* +%{_mandir}/man1/pg_dumpall.* +%{_mandir}/man1/pg_restore.* +%{_mandir}/man1/psql.* +%{_mandir}/man1/reindexdb.* +%{_mandir}/man1/vacuumdb.* +%{_mandir}/man7/* +%dir %{_libdir}/pgsql + +%files docs +%doc *-US.pdf +%{_libdir}/pgsql/tutorial/ + +%files contrib +%{_datadir}/pgsql/extension/adminpack* +%{_datadir}/pgsql/extension/autoinc* +%{_datadir}/pgsql/extension/btree_gin* +%{_datadir}/pgsql/extension/btree_gist* +%{_datadir}/pgsql/extension/chkpass* +%{_datadir}/pgsql/extension/citext* +%{_datadir}/pgsql/extension/cube* +%{_datadir}/pgsql/extension/dblink* +%{_datadir}/pgsql/extension/dict_int* +%{_datadir}/pgsql/extension/dict_xsyn* +%{_datadir}/pgsql/extension/earthdistance* +%{_datadir}/pgsql/extension/file_fdw* +%{_datadir}/pgsql/extension/fuzzystrmatch* +%{_datadir}/pgsql/extension/hstore* +%{_datadir}/pgsql/extension/insert_username* +%{_datadir}/pgsql/extension/intagg* +%{_datadir}/pgsql/extension/intarray* +%{_datadir}/pgsql/extension/isn* +%{_datadir}/pgsql/extension/lo* +%{_datadir}/pgsql/extension/ltree* +%{_datadir}/pgsql/extension/moddatetime* +%{_datadir}/pgsql/extension/pageinspect* +%{_datadir}/pgsql/extension/pg_buffercache* +%{_datadir}/pgsql/extension/pg_freespacemap* +%{_datadir}/pgsql/extension/pg_stat_statements* +%{_datadir}/pgsql/extension/pg_trgm* +%{_datadir}/pgsql/extension/pgcrypto* +%{_datadir}/pgsql/extension/pgrowlocks* +%{_datadir}/pgsql/extension/pgstattuple* +%{_datadir}/pgsql/extension/refint* +%{_datadir}/pgsql/extension/seg* +%{_datadir}/pgsql/extension/tablefunc* +%{_datadir}/pgsql/extension/tcn* +%{_datadir}/pgsql/extension/test_parser* +%{_datadir}/pgsql/extension/timetravel* +%{_datadir}/pgsql/extension/tsearch2* +%{_datadir}/pgsql/extension/unaccent* +%{_libdir}/pgsql/_int.so +%{_libdir}/pgsql/adminpack.so +%{_libdir}/pgsql/auth_delay.so +%{_libdir}/pgsql/autoinc.so +%{_libdir}/pgsql/auto_explain.so +%{_libdir}/pgsql/btree_gin.so +%{_libdir}/pgsql/btree_gist.so +%{_libdir}/pgsql/chkpass.so +%{_libdir}/pgsql/citext.so +%{_libdir}/pgsql/cube.so +%{_libdir}/pgsql/dblink.so +%{_libdir}/pgsql/dict_int.so +%{_libdir}/pgsql/dict_xsyn.so +%{_libdir}/pgsql/dummy_seclabel.so +%{_libdir}/pgsql/earthdistance.so +%{_libdir}/pgsql/file_fdw.so +%{_libdir}/pgsql/fuzzystrmatch.so +%{_libdir}/pgsql/hstore.so +%{_libdir}/pgsql/insert_username.so +%{_libdir}/pgsql/isn.so +%{_libdir}/pgsql/lo.so +%{_libdir}/pgsql/ltree.so +%{_libdir}/pgsql/moddatetime.so +%{_libdir}/pgsql/pageinspect.so +%{_libdir}/pgsql/passwordcheck.so +%{_libdir}/pgsql/pg_buffercache.so +%{_libdir}/pgsql/pg_freespacemap.so +%{_libdir}/pgsql/pg_trgm.so +%{_libdir}/pgsql/pgcrypto.so +%{_libdir}/pgsql/pgrowlocks.so +%{_libdir}/pgsql/pgstattuple.so +%{_libdir}/pgsql/pg_stat_statements.so +%{_libdir}/pgsql/refint.so +%{_libdir}/pgsql/seg.so +%{_libdir}/pgsql/tablefunc.so +%{_libdir}/pgsql/tcn.so +%{_libdir}/pgsql/test_parser.so +%{_libdir}/pgsql/timetravel.so +%{_libdir}/pgsql/tsearch2.so +%{_libdir}/pgsql/unaccent.so +%if %selinux +%{_datadir}/pgsql/contrib/sepgsql.sql +%{_libdir}/pgsql/sepgsql.so +%endif +%if %ssl +%{_datadir}/pgsql/extension/sslinfo* +%{_libdir}/pgsql/sslinfo.so +%endif +%if %uuid +%{_datadir}/pgsql/extension/uuid-ossp* +%{_libdir}/pgsql/uuid-ossp.so +%endif +%if %xml +%{_datadir}/pgsql/extension/xml2* +%{_libdir}/pgsql/pgxml.so +%endif +%{_bindir}/oid2name +%{_bindir}/pg_archivecleanup +%{_bindir}/pg_standby +%{_bindir}/pg_test_fsync +%{_bindir}/pg_test_timing +%{_bindir}/pgbench +%{_bindir}/vacuumlo +%{_mandir}/man1/oid2name.* +%{_mandir}/man1/pg_archivecleanup.* +%{_mandir}/man1/pg_standby.* +%{_mandir}/man1/pg_test_fsync.* +%{_mandir}/man1/pg_test_timing.* +%{_mandir}/man1/pgbench.* +%{_mandir}/man1/vacuumlo.* +%{_mandir}/man3/dblink* +%doc contrib/spi/*.example + +%files libs -f libs.lst +%doc COPYRIGHT +%{_libdir}/libpq.so.* +%{_libdir}/libecpg.so.* +%{_libdir}/libpgtypes.so.* +%{_libdir}/libecpg_compat.so.* + +%files server -f server.lst +%{_unitdir}/postgresql.service +%dir /usr/libexec/initscripts/legacy-actions/postgresql +/usr/libexec/initscripts/legacy-actions/postgresql/* +%if %pam +%config(noreplace) /etc/pam.d/postgresql +%endif +%{_bindir}/initdb +%{_bindir}/pg_basebackup +%{_bindir}/pg_controldata +%{_bindir}/pg_ctl +%{_bindir}/pg_receivexlog +%{_bindir}/pg_resetxlog +%{_bindir}/postgres +%{_bindir}/postmaster +%{_bindir}/postgresql-setup +%{_bindir}/postgresql-check-db-dir +%{_mandir}/man1/initdb.* +%{_mandir}/man1/pg_basebackup.* +%{_mandir}/man1/pg_controldata.* +%{_mandir}/man1/pg_ctl.* +%{_mandir}/man1/pg_receivexlog.* +%{_mandir}/man1/pg_resetxlog.* +%{_mandir}/man1/postgres.* +%{_mandir}/man1/postgresql-setup.* +%{_mandir}/man1/postmaster.* +%{_datadir}/pgsql/postgres.bki +%{_datadir}/pgsql/postgres.description +%{_datadir}/pgsql/postgres.shdescription +%{_datadir}/pgsql/system_views.sql +%{_datadir}/pgsql/*.sample +%{_datadir}/pgsql/timezonesets/ +%{_datadir}/pgsql/tsearch_data/ +%{_libdir}/pgsql/dict_snowball.so +%{_libdir}/pgsql/plpgsql.so +%dir %{_datadir}/pgsql +%dir %{_datadir}/pgsql/contrib +%dir %{_datadir}/pgsql/extension +%{_datadir}/pgsql/extension/plpgsql* +%{_tmpfilesdir}/postgresql.conf +%attr(755,postgres,postgres) %dir /var/run/postgresql +%attr(700,postgres,postgres) %dir /var/lib/pgsql +%attr(700,postgres,postgres) %dir /var/lib/pgsql/data +%attr(700,postgres,postgres) %dir /var/lib/pgsql/backups +%attr(644,postgres,postgres) %config(noreplace) /var/lib/pgsql/.bash_profile +%{_libdir}/pgsql/libpqwalreceiver.so +%{_libdir}/pgsql/*_and_*.so +%{_libdir}/pgsql/euc2004_sjis2004.so +%{_datadir}/pgsql/conversion_create.sql +%{_datadir}/pgsql/information_schema.sql +%{_datadir}/pgsql/snowball_create.sql +%{_datadir}/pgsql/sql_features.txt + +%files devel -f devel.lst +/usr/include/* +%{_bindir}/ecpg +%{_libdir}/libpq.so +%{_libdir}/libecpg.so +%{_libdir}/libecpg_compat.so +%{_libdir}/libpgtypes.so +%{_libdir}/pgsql/pgxs/ +%{_mandir}/man1/ecpg.* +%{_mandir}/man3/SPI_* + +%files static +%{_libdir}/libpgport.a + +%if %upgrade +%files upgrade +%{_bindir}/pg_upgrade +%{_libdir}/pgsql/pg_upgrade_support.so +%{_libdir}/pgsql/postgresql-%{prevmajorversion} +%{_mandir}/man1/pg_upgrade.* +%endif + +%if %plperl +%files plperl -f plperl.lst +%{_datadir}/pgsql/extension/plperl* +%{_libdir}/pgsql/plperl.so +%endif + +%if %pltcl +%files pltcl -f pltcl.lst +%{_datadir}/pgsql/extension/pltcl* +%{_libdir}/pgsql/pltcl.so +%{_bindir}/pltcl_delmod +%{_bindir}/pltcl_listmod +%{_bindir}/pltcl_loadmod +%{_datadir}/pgsql/unknown.pltcl +%endif + +%if %plpython +%files plpython -f plpython.lst +%{_datadir}/pgsql/extension/plpythonu* +%{_datadir}/pgsql/extension/plpython2* +%{_libdir}/pgsql/plpython2.so +%endif + +%if %plpython3 +%files plpython3 -f plpython3.lst +%{_datadir}/pgsql/extension/plpython3* +%{_libdir}/pgsql/plpython3.so +%endif + +%if %test +%files test +%defattr(-,postgres,postgres) +%attr(-,postgres,postgres) %{_libdir}/pgsql/test/* +%attr(-,postgres,postgres) %dir %{_libdir}/pgsql/test +%endif + +%changelog +* Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 +- update to the latest 9.2 release +- fix CVE-2018-10915 + +* Mon Nov 06 2017 Pavel Raiskup - 9.2.23-3 +- setup: keep PGSETUP_* variables after switching to not-privileged user + +* Mon Oct 23 2017 Pavel Raiskup - 9.2.23-2 +- fix CVE-2017-12172 + +* Tue Aug 29 2017 Petr Kubat - 9.2.23-1 +- update to 9.2.23 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-23.html + +* Thu Aug 24 2017 Petr Kubat - 9.2.22-1 +- update to 9.2.22 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-22.html + +* Thu May 11 2017 Petr Kubat - 9.2.21-1 +- update to 9.2.21 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-21.html + http://www.postgresql.org/docs/9.2/static/release-9-2-20.html + http://www.postgresql.org/docs/9.2/static/release-9-2-19.html + +* Wed Feb 22 2017 Pavel Raiskup - 9.2.18-2 +- package libpgport.a (rhbz#1305979) + +* Wed Aug 17 2016 Petr Kubat - 9.2.18-1 +- update to 9.2.18 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-18.html + http://www.postgresql.org/docs/9.2/static/release-9-2-17.html + http://www.postgresql.org/docs/9.2/static/release-9-2-16.html + +* Thu Jun 30 2016 Petr Kubat - 9.2.15-2 +- fix postgresql-setup to work if postgres user is set to /bin/nologin (#1122143) + +* Fri Feb 12 2016 Pavel Kajaba - 9.2.15-1 +- update to 9.2.15 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-15.html + +* Tue Oct 20 2015 Pavel Raiskup - 9.2.14-1 +- update to 9.2.14 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-14.html + +* Thu Jun 11 2015 Pavel Raiskup - 9.2.13-1 +- update to 9.2.13 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-13.html + +* Wed Jun 03 2015 Pavel Raiskup - 9.2.12-1 +- update to 9.2.12 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-12.html + +* Mon May 25 2015 Pavel Raiskup - 9.2.11-1 +- update to 9.2.11 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-11.html + +* Tue Mar 10 2015 Pavel Raiskup - 9.2.10-2 +- enable ecpg testsuite + +* Thu Feb 05 2015 Pavel Raiskup - 9.2.10-1 +- update to 9.2.10 per release notes + http://www.postgresql.org/docs/9.2/static/release-9-2-10.html + http://www.postgresql.org/docs/9.2/static/release-9-2-9.html + http://www.postgresql.org/docs/9.2/static/release-9-2-8.html + (rhbz#1198672 rhbz#1198673) + +* Tue Feb 18 2014 Pavel Raiskup - 9.2.7-1 +- update to 9.2.7 per release notes (#1065845) + http://www.postgresql.org/docs/9.2/static/release-9-2-7.html + +* Fri Jan 24 2014 Daniel Mach - 9.2.6-7 +- Mass rebuild 2014-01-24 + +* Thu Jan 23 2014 Pavel Raiskup - 9.2.6-6 +- fix typos related to postgresql-setup (#1055965) + +* Wed Jan 22 2014 Jozef Mlich - 9.2.6-5 +- revamp postgresql-setup a little (#1055965) + +* Fri Jan 10 2014 Pavel Raiskup - 9.2.6-4 +- build with -O3 on ppc64 (#1051075) + +* Fri Dec 27 2013 Daniel Mach - 9.2.6-3 +- Mass rebuild 2013-12-27 + +* Tue Dec 17 2013 Pavel Raiskup - 9.2.6-2 +- don't fail if user has badly configured 'postgres' user access (#1043477) + +* Thu Dec 12 2013 Jozef Mlich - 9.2.6-1 +- Resolves #1038688 +- rebase to 9.2.6 see changes at + http://www.postgresql.org/docs/9.2/static/release-9-2-6.html + +* Wed Oct 23 2013 Jozef Mlich - 9.2.5-3 +- Resolves: #1019762 +- Diff hunk order is important in this patch + +* Mon Oct 21 2013 Jozef Mlich - 9.2.5-2 +- Resolves: #1019762 +- additionally fixes rpmdiff filelist problem with + /usr/share/doc/postgresql-9.2.5/html/bookindex.html.orig + +* Mon Oct 21 2013 Jozef Mlich - 9.2.5-1 +- rebase postgresql to 9.2.5 #1019762 + http://www.postgresql.org/docs/9.2/static/release-9-2-5.html + +* Tue Aug 20 2013 Pavel Raiskup - 9.2.4-6 +- disable aggressive loop optimizations for old codebase (#993532) +- upgrade: stop old server in case of permissions problem (#896161) + +* Mon Jul 29 2013 Pavel Raiskup - 9.2.4-5 +- %%beta implies debug everywhere (also in upgrade part of build) +- allow `rpmbuild -bi --short-circuit` +- upgrade: setup previous (RHEL6) version as 8.14.3 +- upgrade: start old postgres with socket file in /var/run/postgresql + +* Wed Jul 24 2013 Pavel Raiskup - 9.2.4-5 +- split aarch64 patch to allow build without postgresql-upgrade + +* Tue Jul 09 2013 Pavel Raiskup - 9.2.4-4 +- do not use -b for manual page fixes + +* Thu Jun 20 2013 Pavel Raiskup - 9.2.4-3 +- fix README.rpm-dist for the bug (#969050) +- replace hard-wired path with %%{_datadir} + +* Thu Jun 13 2013 Pavel Raiskup - 9.2.4-3 +- add atomic operations support for aarch64 to preupgrade version also (#970661) +- apply the forgotten man-page-day patch (#948933) + +* Thu Jun 13 2013 Jan Stanek - 9.2.4-3 +- added patch for manual pages (#948933) + +* Tue Jun 11 2013 Pavel Raiskup - 9.2.4-2 +- postgresql-setup: don't create whole path to server's data to make sure that + the parent directory has correct permissions (#972425) + +* Wed Jun 05 2013 Pavel Raiskup - 9.2.4-2 +- fix rpmlint warnings +- fix aarch64 build by defining missing atomic operations (#970661) + +* Thu Apr 4 2013 Tom Lane 9.2.4-1 +- Update to PostgreSQL 9.2.4, for various fixes described at + http://www.postgresql.org/docs/9.2/static/release-9-2-4.html + including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 +Resolves: #929223, #929255, #929328 +- fix build for aarch64 and ppc64p7 + +* Thu Feb 7 2013 Tom Lane 9.2.3-1 +- Update to PostgreSQL 9.2.3, for various fixes described at + http://www.postgresql.org/docs/9.2/static/release-9-2-3.html + including the fix for CVE-2013-0255 +Resolves: #908722 +- Make the package build with selinux option disabled +Resolves: #894367 +- Include old version of pg_controldata in postgresql-upgrade subpackage +Related: #896161 + +* Thu Jan 3 2013 Tom Lane 9.2.2-3 +- Prevent creation of TCP socket during pg_upgrade regression test, so that + concurrent RPM builds on the same machine won't fail +Resolves: #891531 +- Make sure $PGDATA/pg_log/ gets the right SELinux label in postgresql-setup +Resolves: #891547 + +* Wed Dec 19 2012 Tom Lane 9.2.2-2 +- Make building of plpython3 dependent on Fedora version, per guidelines +Resolves: #888419 + +* Thu Dec 6 2012 Tom Lane 9.2.2-1 +- Update to PostgreSQL 9.2.2, for various fixes described at + http://www.postgresql.org/docs/9.2/static/release-9-2-2.html +- Use new systemd install/uninstall trigger macros conditionally, + so that package can still be installed on pre-F18 branches + +* Mon Sep 24 2012 Tom Lane 9.2.1-1 +- Update to PostgreSQL 9.2.1, for various fixes described at + http://www.postgresql.org/docs/9.2/static/release-9-2-1.html + including a nasty data-loss bug +- Adopt new systemd macros for server package install/uninstall triggers +Resolves: #850277 + +* Mon Sep 10 2012 Tom Lane 9.2.0-1 +- Update to PostgreSQL 9.2.0 (major version bump); + in-place upgrade support now works from 9.1.x as the previous version +- Add postgresql-plpython3 subpackage with PL/Python built against Python 3 + +* Tue Aug 28 2012 Tom Lane 9.1.5-2 +- Remove unnecessary ldconfig calls in pre/post triggers +Resolves: #849344 + +* Fri Aug 17 2012 Tom Lane 9.1.5-1 +- Update to PostgreSQL 9.1.5, for various fixes described at + http://www.postgresql.org/docs/9.1/static/release-9-1-5.html + including the fixes for CVE-2012-3488, CVE-2012-3489 + +* Mon Aug 13 2012 Tom Lane 9.1.4-5 +- Back-port upstream support for postmaster listening on multiple Unix sockets +- Configure postmaster to create sockets in both /var/run/postgresql and /tmp; + the former is now the default place for libpq to contact the postmaster. +Resolves: #825448 +- Annotate postgresql.conf about not setting port number there +- Minor specfile cleanup per suggestions from Tom Callaway +Related: #845110 + +* Sat Jul 21 2012 Fedora Release Engineering - 9.1.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jul 14 2012 Tom Lane 9.1.4-3 +- Update code to use oom_score_adj not oom_adj, thereby suppressing + whining in the kernel log +- Add "legacy action" scripts to support "service postgresql initdb" and + "service postgresql upgrade" in a now-approved fashion (requires a + recent version of initscripts to work) +Resolves: #800416 + +* Mon Jun 11 2012 Petr Pisar - 9.1.4-2 +- Perl 5.16 rebuild + +* Mon Jun 4 2012 Tom Lane 9.1.4-1 +- Update to PostgreSQL 9.1.4, for various fixes described at + http://www.postgresql.org/docs/9.1/static/release-9-1-4.html + including the fixes for CVE-2012-2143, CVE-2012-2655 +Resolves: #826606 +- Update previous version (embedded in postgresql-upgrade) to 9.0.8 + because fix in whole-row variable dumping could be needed for upgrades +- Revert fix for bug #800416, per fedora-packaging discussion at + http://lists.fedoraproject.org/pipermail/packaging/2012-April/008314.html + "service postgresql initdb" is dead and will stay that way + +* Sat Mar 17 2012 Tom Lane 9.1.3-3 +- Fix postgresql-setup to rely on systemd to parse the unit file, instead + of using ad-hoc code +Resolves: #804290 + +* Tue Mar 13 2012 Tom Lane 9.1.3-2 +- Fix postgresql-setup to look for unit file in /usr/lib and to ignore + comments therein +Resolves: #802835 +- Resurrect a now-mostly-dummy postgresql init script, so that people can + keep on using "service postgresql initdb" if they wish +Resolves: #800416 + +* Mon Feb 27 2012 Tom Lane 9.1.3-1 +- Update to PostgreSQL 9.1.3, for various fixes described at + http://www.postgresql.org/docs/9.1/static/release-9-1-3.html + including the fixes for CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 +Resolves: #797918 + +* Mon Jan 9 2012 Tom Lane 9.1.2-2 +- Make systemd unit file more user-friendly by resurrecting the old init + script's checks for data directory presence and version match +Resolves: #771496 + +* Mon Dec 5 2011 Tom Lane 9.1.2-1 +- Update to PostgreSQL 9.1.2, for various fixes described at + http://www.postgresql.org/docs/9.1/static/release-9-1-2.html + +* Wed Nov 02 2011 Honza Horak 9.1.1-2 +- Create a symlink of pg_regress instead of full copy; + Don't strip symbols from regress libs +Related: #729012 + +* Mon Sep 26 2011 Tom Lane 9.1.1-1 +- Update to PostgreSQL 9.1.1, for various fixes described at + http://www.postgresql.org/docs/9.1/static/release-9-1-1.html +- Enable build (but not test) of contrib/sepgsql +- Clean up specfile build options so that turning options off works again + +* Mon Sep 12 2011 Tom Lane 9.1.0-1 +- Update to PostgreSQL 9.1.0 (major version bump); + in-place upgrade support now works from 9.0.x as the previous version + +* Wed Jul 27 2011 Tom Lane 9.0.4-8 +- Convert to systemd startup support +Resolves: #696427 + +* Thu Jul 21 2011 Petr Sabata - 9.0.4-7 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 9.0.4-6 +- Perl mass rebuild + +* Wed Jul 6 2011 Tom Lane 9.0.4-5 +- Remove erroneously-included Default-Start line from LSB init block +Related: #717024 + +* Fri Jun 17 2011 Marcela Mašláňová 9.0.4-4 +- Perl mass rebuild +- incorporate upstream patch to make it build with Perl 5.14 + +* Fri Jun 10 2011 Tom Lane 9.0.4-3 +- Work around gcc 4.6.0 bug (temporary backport from next upstream release) + +* Tue May 10 2011 Tom Lane 9.0.4-2 +- Add LSB init block to initscript, to ensure sane ordering at system boot +Resolves: #703215 + +* Mon Apr 18 2011 Tom Lane 9.0.4-1 +- Update to PostgreSQL 9.0.4, for various fixes described at + http://www.postgresql.org/docs/9.0/static/release-9-0-4.html +- Add %%{?_isa} to cross-subpackage Requires, per latest packaging guidelines + +* Wed Feb 09 2011 Fedora Release Engineering - 9.0.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Feb 3 2011 Tom Lane 9.0.3-2 +- Remove filter-requires-perl-Pg.sh, which doesn't seem to be needed now that + PyGreSQL has been split out; and our use of it isn't compatible with rpm 4.9 + anyway + +* Tue Feb 1 2011 Tom Lane 9.0.3-1 +- Update to PostgreSQL 9.0.3, for various fixes described at + http://www.postgresql.org/docs/9.0/static/release-9-0-3.html + including the fix for CVE-2010-4015 +Resolves: #674296 + +* Tue Dec 28 2010 Tom Lane 9.0.2-1 +- Update to PostgreSQL 9.0.2 (major version bump) +- Create infrastructure for in-place database upgrade using pg_upgrade +Resolves: #398221 + +* Thu Dec 16 2010 Tom Lane 8.4.6-1 +- Update to PostgreSQL 8.4.6, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-6.html +- Ensure we don't package any .gitignore files from the source tarball +Related: #642210 + +* Tue Oct 5 2010 Tom Lane 8.4.5-1 +- Update to PostgreSQL 8.4.5, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-5.html + including the fix for CVE-2010-3433 +Related: #639371 +- Add -p "$pidfile" to initscript's status call to improve corner cases. +Related: #561010 + +* Sat Jul 31 2010 Orcan Ogetbil - 8.4.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild +- Duplicate COPYRIGHT in -libs subpackage, per revised packaging guidelines + +* Wed Jun 02 2010 Marcela Maslanova - 8.4.4-2 +- Mass rebuild with perl-5.12.0 + +* Mon May 17 2010 Tom Lane 8.4.4-1 +- Update to PostgreSQL 8.4.4, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-4.html + including fixes for CVE-2010-1169 and CVE-2010-1170 +Resolves: #593032 + +* Sun Mar 14 2010 Tom Lane 8.4.3-1 +- Update to PostgreSQL 8.4.3, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-3.html + +* Mon Feb 22 2010 Tom Lane 8.4.2-8 +- Bring init script into some modicum of compliance with Fedora/LSB standards +Resolves: #201043 + +* Thu Feb 18 2010 Tom "spot" Callaway 8.4.2-7 +- adjust license tag to reflect OSI decision + +* Tue Jan 26 2010 Tom Lane 8.4.2-6 +- Emit explicit error message if user tries to build RPM as root +Related: #558921 + +* Wed Jan 20 2010 Tom Lane 8.4.2-5 +- Latest version of systemtap needs the probes.o file to be built again +Resolves: #557266 +- Provide script and instructions for building the documentation PDF + +* Mon Jan 11 2010 Tom Lane 8.4.2-4 +- Arrange for the postmaster, but not any of its child processes, to be run + with oom_adj -17. This compensates for the OOM killer not being smart about + accounting for shared memory usage. + +* Sat Jan 9 2010 Tom Lane 8.4.2-3 +- Remove the postgresql-python and postgresql-tcl subpackages. These files + are now broken out as their own packages (PyGreSQL and tcl-pgtcl, + respectively), to reflect the now longstanding split of upstream projects. +Related: #452306, #452321 + +* Tue Jan 5 2010 Tom Lane 8.4.2-2 +- Remove static libraries (.a files) from package, per packaging guidelines +- Change %%define to %%global, per packaging guidelines + +* Wed Dec 16 2009 Tom Lane 8.4.2-1 +- Update to PostgreSQL 8.4.2, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-2.html + including two security issues +Related: #546321 +Related: #547662 +- Use -N not the obsolete -n in useradd call +Resolves: #495727 +- Clean up specfile to eliminate rpmlint gripes, mainly by removing + no-longer-needed provisions for superseding rh-postgresql + +* Mon Dec 7 2009 Stepan Kasal - 8.4.1-5 +- rebuild against perl 5.10.1 + +* Thu Oct 15 2009 Tom Lane 8.4.1-4 +- add sparc/sparc64 to multilib header support + +* Mon Sep 21 2009 Tom Lane 8.4.1-3 +- Ensure pgstartup.log gets the right ownership/permissions during initdb +Resolves: #498959 + +* Wed Sep 16 2009 Tomas Mraz - 8.4.1-2 +- Use password-auth common PAM configuration instead of system-auth + +* Wed Sep 9 2009 Tom Lane 8.4.1-1 +- Update to PostgreSQL 8.4.1, for various fixes described at + http://www.postgresql.org/docs/8.4/static/release-8-4-1.html + including two security issues +Related: #522085 +Related: #522092 + +* Tue Sep 01 2009 Karsten Hopp 8.4.0-3.2 +- bump release and build again with the correct libssl + +* Tue Sep 01 2009 Karsten Hopp 8.4.0-3.1 +- disable dtrace on s390x as a workaround until #520469 has been fixed + +* Fri Aug 21 2009 Tomas Mraz - 8.4.0-3 +- rebuilt with new openssl + +* Thu Aug 20 2009 Tom "spot" Callaway 8.4.0-2 +- update License tag to MIT (PostgreSQL calls it "BSD", but it is MIT) +- Note: This changes nothing from a license compatibility perspective. + +* Mon Aug 17 2009 Tom Lane 8.4.0-1 +- Update to PostgreSQL 8.4.0. See release notes at + http://www.postgresql.org/docs/8.4/static/release-8-4.html + +* Sun Jul 26 2009 Fedora Release Engineering - 8.3.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sat Mar 21 2009 Tom Lane 8.3.7-1 +- Update to PostgreSQL 8.3.7, for various fixes described at + http://www.postgresql.org/docs/8.3/static/release-8-3-7.html + notably the fix for CVE-2009-0922 + +* Tue Mar 10 2009 Tom Lane 8.3.6-4 +- Prevent dependent packages from needing to include sys/sdt.h + (unintended side effect of previous patch) +- Use -O1 on alpha, per report from Oliver Falk; -O2 tickles gcc bugs + +* Sun Mar 8 2009 Tom Lane 8.3.6-3 +- Enable tracing via systemtap +Resolves: #488941 + +* Thu Feb 26 2009 Fedora Release Engineering - 8.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Feb 7 2009 Tom Lane 8.3.6-1 +- Update to PostgreSQL 8.3.6, for various fixes described at + http://www.postgresql.org/docs/8.3/static/release-8-3-6.html + +* Wed Jan 21 2009 Dennis Gilmore 8.3.5-4 +- use -O1 on sparc64 + +* Sat Jan 17 2009 Tomas Mraz - 8.3.5-3 +- rebuild with new openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 8.3.5-2 +- Rebuild for Python 2.6 + +* Sun Nov 2 2008 Tom Lane 8.3.5-1 +- Update to PostgreSQL 8.3.5. +- Improve display from init script's initdb action, per Michael Schwendt + +* Thu Sep 25 2008 Tom Lane 8.3.4-1 +- Update to PostgreSQL 8.3.4. + +* Mon Jul 28 2008 Tom Lane 8.3.3-3 +- Fix build failure caused by new default patch fuzz = 0 policy in rawhide. + +* Fri Jun 20 2008 Tom Lane 8.3.3-2 +- Install Pgtcl in /usr/lib/tcl$TCL_VERSION, not directly in /usr/lib. + Needed because tcl 8.5 no longer puts /usr/lib into its package search path. + NOTE: do not back-port this change into branches using pre-8.5 tcl, because + /usr/lib/tcl8.4 had been a symlink to /usr/share/tcl8.4, and /usr/share + is exactly where we must not put Pgtcl. +Resolves: #228263 + +* Wed Jun 11 2008 Tom Lane 8.3.3-1 +- Update to PostgreSQL 8.3.3. +- Remove postgresql-prefer-ncurses.patch, no longer needed in recent + Fedora releases because libtermcap is gone. + +* Sat May 17 2008 Tom Lane 8.3.1-5 +- rebuild because of buildsystem hiccup + +* Sat May 17 2008 Tom Lane 8.3.1-4 +- Enable LDAP support +Resolves: #445315 +- Use -Wl,--as-needed to suppress bogus dependencies for libraries that + are really only needed by some of the subpackages + +* Mon Apr 28 2008 Tom Lane 8.3.1-3 +- Fix build breakage on PPC due to incorrect configure test +Related: #444317 + +* Sat Apr 26 2008 Tom Lane 8.3.1-2 +- Clean up cross-subpackage Requires: to ensure that updating any one + subpackage brings in the matching versions of others. +Resolves: #444271 + +* Tue Mar 25 2008 Tom Lane 8.3.1-1 +- Update to PostgreSQL 8.3.1. + +* Tue Mar 18 2008 Tom "spot" Callaway 8.3.0-3 +- add Requires for versioned perl (libperl.so) + +* Wed Feb 6 2008 Tom Lane 8.3.0-2 +- Enable the new GSSAPI support in 8.3.0. + +* Mon Feb 4 2008 Tom Lane 8.3.0-1 +- Update to PostgreSQL 8.3.0. + +* Fri Jan 18 2008 Tom Lane 8.3RC2-1 +- Update to PostgreSQL 8.3RC2 (not waiting for 8.3.0 because Fedora 9 alpha + should be 8.3-based not 8.2-based). +- Update to pgtcl 1.6.2 + +* Mon Jan 7 2008 Tom Lane 8.2.6-1 +- Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, + CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 +- Make initscript and pam config files be installed unconditionally; + seems new buildroots don't necessarily have those directories in place + +* Wed Dec 5 2007 Tom Lane 8.2.5-2 +- Rebuild for new openssl + +* Thu Sep 20 2007 Tom Lane 8.2.5-1 +- Update to PostgreSQL 8.2.5 and pgtcl 1.6.0 + +* Tue Sep 4 2007 Tom Lane 8.2.4-6 +- Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x) + +* Sat Aug 25 2007 Tom Lane 8.2.4-5 +- Use nicer solution for tzdata file substitution: upstream discussion + concluded that hardwiring the path was better than a symlink after all. + +* Wed Aug 22 2007 Tom Lane 8.2.4-4 +- Use tzdata package's data files instead of private copy, so that + postgresql-server need not be turned for routine timezone updates +- Don't remove postgres user/group during RPM uninstall, per Fedora + packaging guidelines +- Seems we need an explicit BuildRequires on gawk now +- Rebuild to fix Fedora toolchain issues + +* Sun Aug 12 2007 Tom Lane 8.2.4-3 +- Recent perl changes in rawhide mean we need a more specific BuildRequires + +* Wed Jun 20 2007 Tom Lane 8.2.4-2 +- Fix oversight in postgresql-test makefile: pg_regress isn't a shell script + anymore. Per upstream bug 3398. + +* Tue Apr 24 2007 Tom Lane 8.2.4-1 +- Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs +Resolves: #237682 + +* Wed Feb 14 2007 Karsten Hopp 8.2.3-2 +- rebuild with tcl-8.4 + +* Wed Feb 7 2007 Tom Lane 8.2.3-1 +- Update to PostgreSQL 8.2.3 due to regression induced by security fix +Resolves: #227522 + +* Sun Feb 4 2007 Tom Lane 8.2.2-1 +- Update to PostgreSQL 8.2.2 to fix CVE-2007-0555, CVE-2007-0556 +Related: #225496 + +* Fri Jan 12 2007 Tom Lane 8.2.1-2 +- Split -pl subpackage into three new packages to reduce dependencies + and track upstream project's packaging. + +* Wed Jan 10 2007 Tom Lane 8.2.1-1 +- Update to PostgreSQL 8.2.1 +- Update to pgtcl 1.5.3 +- Be sure we link to libncurses, not libtermcap which is disappearing in Fedora + +* Thu Dec 7 2006 Jeremy Katz - 8.2.0-2 +- rebuild for python 2.5 + +* Mon Dec 4 2006 Tom Lane 8.2.0-1 +- Update to PostgreSQL 8.2.0 +- Update to PyGreSQL 3.8.1 +- Fix chcon arguments in test/regress/Makefile +Related: #201035 +- Adjust init script to not fool /etc/rc.d/rc +Resolves: #161470 +- Change init script to not do initdb automatically, but require + manual "service postgresql initdb" for safety. Per upstream discussions. + +* Wed Jul 12 2006 Jesse Keating - 8.1.4-1.1 +- rebuild + +* Mon May 22 2006 Tom Lane 8.1.4-1 +- Update to PostgreSQL 8.1.4 (includes fixes for CVE-2006-2313, CVE-2006-2314; + see bug #192173) +- Update to PyGreSQL 3.8 +- Suppress noise from chcon, per bug #187744 + +* Mon Mar 27 2006 Tom Lane 8.1.3-2 +- Remove JDBC from this build; we will package it as separate SRPM + +* Mon Feb 13 2006 Jesse Keating - 8.1.3-1.1 +- rebump for build order issues during double-long bump + +* Mon Feb 13 2006 Tom Lane 8.1.3-1 +- Update to PostgreSQL 8.1.3 (fixes bug #180617, CVE-2006-0553) +- Update to jdbc driver build 405 +- Modify multilib header hack to not break non-RH arches, per bug #177564 + +* Tue Feb 07 2006 Jesse Keating - 8.1.2-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 9 2006 Tom Lane 8.1.2-1 +- Update to PostgreSQL 8.1.2 +- Repair extraneous quote in pgtcl configure script ... odd that bash + didn't use to spit up on this. + +* Thu Dec 15 2005 Tom Lane 8.1.1-3 +- fix pg_config.h for 64-bit and ppc platforms +- update Makefile.regress (needs to --load-language=plpgsql) + +* Wed Dec 14 2005 Tom Lane 8.1.1-2 +- oops, looks like we want uname -i not uname -m + +* Wed Dec 14 2005 Tom Lane 8.1.1-1 +- Update to PostgreSQL 8.1.1 +- Make pg_config.h architecture-independent for multilib installs; + put the original pg_config.h into pg_config_$ARCH.h + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Sat Nov 12 2005 Tom Lane 8.1.0-4 +- Update included PDF-format manual to 8.1. + +* Wed Nov 9 2005 Tom Lane 8.1.0-3 +- Rebuild due to openssl library update. + +* Wed Nov 9 2005 Tom Lane 8.1.0-2 +- Rebuild due to openssl library update. + +* Mon Nov 7 2005 Tom Lane 8.1.0-1 +- Update to PostgreSQL 8.1.0, PyGreSQL 3.7, and jdbc driver build 404 +- Fix PAM config file (must have account not only auth) (bug #167040) +- Add BuildPrereq: libxslt-devel (bug #170141) +- Sync with PGDG SRPM as much as feasible + +* Fri Oct 14 2005 Tomas Mraz +- use include instead of pam_stack in pam config + +* Tue Oct 4 2005 Tom Lane 8.0.4-2 +- Add rpath to plperl.so (bug #162198) + +* Tue Oct 4 2005 Tom Lane 8.0.4-1 +- Update to PostgreSQL 8.0.4, PyGreSQL 3.6.2, and jdbc driver build 312 +- Adjust pgtcl link command to ensure it binds to correct libpq (bug #166665) +- Remove obsolete Conflicts: against other python versions (bug #166754) +- Add /etc/pam.d/postgresql (bug #167040) +- Include contrib/xml2 in build (bug #167492) + +* Tue May 10 2005 Tom Lane 8.0.3-1 +- Update to PostgreSQL 8.0.3 (includes security and data-loss fixes; see + bz#156727, CAN-2005-1409, CAN-2005-1410) +- Update to jdbc driver build 311 +- Recreate postgres user after superseding an rh-postgresql install (bug #151911) +- Ensure postgresql server is restarted if running during an upgrade + +* Thu Apr 14 2005 Florian La Roche 8.0.2-2 +- rebuild for postgresql-tcl + +* Tue Apr 12 2005 Tom Lane 8.0.2-1 +- Update to PostgreSQL 8.0.2. + +* Fri Mar 11 2005 Tom Lane 8.0.1-5 +- Remove unwanted rpath specification from pgtcl (bz#150649) + +* Wed Mar 2 2005 Tom Lane 8.0.1-4 +- Attach Obsoletes: declarations for rh-postgresql to subpackages (bz#144435) +- Make Requires: and Prereq: package linkages specify release not only + version, as per recent mailing list discussion. + +* Tue Mar 1 2005 Tomas Mraz 8.0.1-3 +- rebuild with openssl-0.9.7e + +* Mon Feb 21 2005 Tom Lane 8.0.1-2 +- Repair improper error message in init script when PGVERSION doesn't match. +- Arrange for auto update of version embedded in init script. + +* Sun Jan 30 2005 Tom Lane 8.0.1-1 +- Update to PostgreSQL 8.0.1. +- Add versionless symlinks to jar files (bz#145744) + +* Wed Jan 19 2005 Tom Lane 8.0.0-1 +- Update to PostgreSQL 8.0.0, PyGreSQL 3.6.1, pgtcl 1.5.2, + and jdbc driver build 309. +- Extensive cleanout of obsolete cruft in patch set. +- Regression tests are run during RPM build (NOTE: cannot build as root when + this is enabled). +- Postmaster stderr goes someplace useful, not /dev/null (bz#76503, #103767) +- Make init script return a useful exit status (bz#80782) +- Move docs' tutorial directory to %%{_libdir}/pgsql/tutorial, since it + includes .so files that surely do not belong under /usr/share. +- Remove useless .sgml files from docs RPM (bz#134450) +- Put regression tests under /usr/lib64 on 64-bit archs, since .so files + are not architecture-independent. + +* Wed Jan 12 2005 Tim Waugh 7.4.6-5 +- Rebuilt for new readline. + +* Tue Jan 11 2005 Dan Walsh 7.4.6-4 +- Add restorecon to postgresql.init in order to restore database to correct +- SELinux context. + +* Thu Dec 16 2004 Tom Lane 7.4.6-3 +- Update to PyGreSQL 3.6 (to fix bug #142711) +- Adjust a few file permissions (bug #142431) +- Assign %%{_libdir}/pgsql to base package instead of -server (bug #74003) + +* Mon Nov 15 2004 Tom Lane 7.4.6-2 +- Rebuild so python components play with python 2.4 (bug 139160) + +* Sat Oct 23 2004 Tom Lane 7.4.6-1 +- Update to PostgreSQL 7.4.6 (bugs 136947, 136949) +- Make init script more paranoid about mkdir step of initializing a new + database (bugs 136947, 136949) + +* Wed Oct 20 2004 Tom Lane 7.4.5-4 +- Remove contrib/oidjoins stuff from installed fileset; it's of no use + to ordinary users and has a security issue (bugs 136300, 136301) +- adjust chkconfig priority (bug 128852) + +* Tue Oct 05 2004 Tom Lane 7.4.5-3 +- Solve the stale lockfile problem (bugs 71295, 96981, 134090) +- Use runuser instead of su for SELinux (bug 134588) + +* Mon Aug 30 2004 Tom Lane 7.4.5-2 +- Update to PyGreSQL 3.5. + +* Tue Aug 24 2004 Tom Lane 7.4.5-1 +- Update to PostgreSQL 7.4.5. +- Update JDBC jars to driver build 215. +- Add Obsoletes: entries for rh-postgresql packages, per bug 129278. + +* Sat Jul 10 2004 Tom Lane 7.4.3-3 +- Undo ill-considered chkconfig change that causes server to start + immediately upon install. Mea culpa (bug 127552). + +* Sat Jul 03 2004 Tom Lane 7.4.3-2 +- Update JDBC jars to driver build 214. + +* Wed Jun 23 2004 Tom Lane 7.4.3-1 +- Update to PostgreSQL 7.4.3. +- Uninstalling server RPM stops postmaster first, per bug 114846. +- Fix su commands to not assume PG user's shell is sh-like, per bug 124024. +- Fix permissions on postgresql-python doc files, per bug 124822. +- Minor postgresql.init improvements. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed Mar 10 2004 Tom Lane 7.4.2-1 +- Update to PostgreSQL 7.4.2; sync with community SRPM as much as possible. +- Support PGOPTS from /etc/sysconfig/pgsql, per bug 111504. +- Fix permissions on /etc/sysconfig/pgsql, per bug 115278. +- SELinux patch in init file: always su +- rebuilt + +* Wed Feb 25 2004 Tom Lane +- Update to PostgreSQL 7.4.1. +- Rebuilt + +* Tue Feb 24 2004 Tom Lane +- Fix chown syntax in postgresql.init also. +- Rebuilt + +* Mon Feb 23 2004 Tim Waugh +- Use ':' instead of '.' as separator for chown. + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Jan 9 2004 Lamar Owen +- 7.4.1-1PGDG +- Merge Sander Steffann's changes up to 7.4-0.5PGDG +- Proper 7.4.1 JDBC jars this time. +- Patch for no pl/python from Alvaro + +* Fri Dec 05 2003 David Jee 7.4-5 +- Rebuild for Perl 5.8.2. + +* Mon Dec 01 2003 David Jee 7.4-4 +- Add PyGreSQL patch for deprecated column pg_type.typprtlen [Bug #111263] +- Add headers patch which moves ecpg headers to /usr/include/ecpg + [Bug #111195] + +* Fri Nov 28 2003 David Jee 7.4-3 +- uncomment buildrequires tcl-devel + +* Fri Nov 28 2003 David Jee 7.4-2 +- rebuild + +* Mon Nov 24 2003 David Jee 7.4-1 +- initial Red Hat build +- move jars to /usr/share/java +- fix rpm-multilib patch to use sysconfig + +* Fri Nov 21 2003 Lamar Owen +- 7.4-0.1PGDG +- Development JDBC jars in addition to the 7.3 jars; will replace the +- 7.3 jars once 7.4 official jars are released. +- Changed to use the bzip2 source to save a little size. +- Removed some commented out portions of the specfile. +- Removed the 7.3.4 PDF docs. Will replace with 7.4 PDF's once they +- are ready. + +* Tue Nov 18 2003 Kaj J. Niemi 7.4-0.1 +- 7.4 +- Fixed Patch #1 (now rpm-pgsql-7.4.patch) +- Fixed Patch #2 (now rpm-multilib-7.4.patch): +- Patch #4 is unnecessary (upstream) +- Fixed Patch #6 (now postgresql-7.4-src-tutorial.patch) +- Added Patch #8 (postgresql-7.4-com_err.patch) as com_err() + is provided by e2fsprogs and CPPFLAGS gets lost somewhere + inside configure (bad macro?) +- No 7.4 PDF docs available yet (Source #17) +- PyGreSQL is separated from the upstream distribution but + we include it as usual (Source #18) +- Default to compiling libpq and ECPG as fully thread-safe + +- 7.4 Origin. See previous spec files for previous history. Adapted +- from Red Hat and PGDG's 7.3.4 RPM, directly descended from +- postgresql-7.3.4-2 as shipped in Fedora Core 1.