summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch13
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch9
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch (renamed from meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch)22
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch116
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch131
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch17
-rw-r--r--meta-oe/recipes-dbs/postgresql/postgresql.inc29
-rw-r--r--meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb (renamed from meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb)6
8 files changed, 57 insertions, 286 deletions
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
index 0dc6ece6d..90b741949 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
@@ -1,4 +1,4 @@
1From b06a228a5fd1589fc9bed654b3288b321fc21aa1 Mon Sep 17 00:00:00 2001 1From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001
2From: "Richard W.M. Jones" <rjones@redhat.com> 2From: "Richard W.M. Jones" <rjones@redhat.com>
3Date: Sun, 20 Nov 2016 15:04:52 +0000 3Date: Sun, 20 Nov 2016 15:04:52 +0000
4Subject: [PATCH] Add support for RISC-V. 4Subject: [PATCH] Add support for RISC-V.
@@ -9,9 +9,11 @@ extending the existing aarch64 macro works.
9 src/include/storage/s_lock.h | 5 +++-- 9 src/include/storage/s_lock.h | 5 +++--
10 1 file changed, 3 insertions(+), 2 deletions(-) 10 1 file changed, 3 insertions(+), 2 deletions(-)
11 11
12diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h
13index dccbd29..ad60429 100644
12--- a/src/include/storage/s_lock.h 14--- a/src/include/storage/s_lock.h
13+++ b/src/include/storage/s_lock.h 15+++ b/src/include/storage/s_lock.h
14@@ -316,11 +316,12 @@ tas(volatile slock_t *lock) 16@@ -317,11 +317,12 @@ tas(volatile slock_t *lock)
15 17
16 /* 18 /*
17 * On ARM and ARM64, we use __sync_lock_test_and_set(int *, int) if available. 19 * On ARM and ARM64, we use __sync_lock_test_and_set(int *, int) if available.
@@ -25,7 +27,7 @@ extending the existing aarch64 macro works.
25 #ifdef HAVE_GCC__SYNC_INT32_TAS 27 #ifdef HAVE_GCC__SYNC_INT32_TAS
26 #define HAS_TEST_AND_SET 28 #define HAS_TEST_AND_SET
27 29
28@@ -337,7 +338,7 @@ tas(volatile slock_t *lock) 30@@ -338,7 +339,7 @@ tas(volatile slock_t *lock)
29 #define S_UNLOCK(lock) __sync_lock_release(lock) 31 #define S_UNLOCK(lock) __sync_lock_release(lock)
30 32
31 #endif /* HAVE_GCC__SYNC_INT32_TAS */ 33 #endif /* HAVE_GCC__SYNC_INT32_TAS */
@@ -33,4 +35,7 @@ extending the existing aarch64 macro works.
33+#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ 35+#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */
34 36
35 37
36 /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ 38 /*
39--
402.34.1
41
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
index e9bc6240d..02f4c9e51 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
@@ -1,4 +1,4 @@
1From 71fbee3888ee889a269eded5585ed7591bcbe9dd Mon Sep 17 00:00:00 2001 1From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com> 2From: Changqing Li <changqing.li@windriver.com>
3Date: Mon, 28 Dec 2020 16:38:21 +0800 3Date: Mon, 28 Dec 2020 16:38:21 +0800
4Subject: [PATCH] Improve reproducibility, 4Subject: [PATCH] Improve reproducibility,
@@ -22,9 +22,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
22 src/common/Makefile | 3 --- 22 src/common/Makefile | 3 ---
23 1 file changed, 3 deletions(-) 23 1 file changed, 3 deletions(-)
24 24
25diff --git a/src/common/Makefile b/src/common/Makefile
26index 880722f..7a9b9d4 100644
25--- a/src/common/Makefile 27--- a/src/common/Makefile
26+++ b/src/common/Makefile 28+++ b/src/common/Makefile
27@@ -31,9 +31,6 @@ include $(top_builddir)/src/Makefile.glo 29@@ -31,9 +31,6 @@ include $(top_builddir)/src/Makefile.global
28 # don't include subdirectory-path-dependent -I and -L switches 30 # don't include subdirectory-path-dependent -I and -L switches
29 STD_CPPFLAGS := $(filter-out -I$(top_srcdir)/src/include -I$(top_builddir)/src/include,$(CPPFLAGS)) 31 STD_CPPFLAGS := $(filter-out -I$(top_srcdir)/src/include -I$(top_builddir)/src/include,$(CPPFLAGS))
30 STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/common -L$(top_builddir)/src/port,$(LDFLAGS)) 32 STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/common -L$(top_builddir)/src/port,$(LDFLAGS))
@@ -34,3 +36,6 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
34 override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\"" 36 override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\""
35 override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\"" 37 override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\""
36 override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" 38 override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\""
39--
402.34.1
41
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
index db9769f82..3d969cc7e 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
@@ -1,7 +1,7 @@
1From eba2c940afcd83521f591ccf6b49eca06908ea8e Mon Sep 17 00:00:00 2001 1From 053e8fc51bd9688100ce284a9c7afab88656386f Mon Sep 17 00:00:00 2001
2From: Yi Fan Yu <yifan.yu@windriver.com> 2From: Yi Fan Yu <yifan.yu@windriver.com>
3Date: Fri, 5 Feb 2021 17:15:42 -0500 3Date: Fri, 5 Feb 2021 17:15:42 -0500
4Subject: [PATCH] configure.in: bypass autoconf 2.69 version check 4Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check
5 5
6for upgrade to autoconf 2.71 6for upgrade to autoconf 2.71
7 7
@@ -9,24 +9,24 @@ Upstream-Status: Inappropriate [disable feature]
9 9
10Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 10Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
11--- 11---
12 configure.in | 4 ---- 12 configure.ac | 4 ----
13 1 file changed, 4 deletions(-) 13 1 file changed, 4 deletions(-)
14 14
15diff --git a/configure.in b/configure.in 15diff --git a/configure.ac b/configure.ac
16index fb14dcc..a2b4a4f 100644 16index 7170f26..daf85b9 100644
17--- a/configure.in 17--- a/configure.ac
18+++ b/configure.in 18+++ b/configure.ac
19@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros 19@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
20 20
21 AC_INIT([PostgreSQL], [13.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) 21 AC_INIT([PostgreSQL], [14.1], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
22 22
23-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. 23-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
24-Untested combinations of 'autoconf' and PostgreSQL versions are not 24-Untested combinations of 'autoconf' and PostgreSQL versions are not
25-recommended. You can remove the check from 'configure.in' but it is then 25-recommended. You can remove the check from 'configure.ac' but it is then
26-your responsibility whether the result works or not.])]) 26-your responsibility whether the result works or not.])])
27 AC_COPYRIGHT([Copyright (c) 1996-2020, PostgreSQL Global Development Group]) 27 AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group])
28 AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) 28 AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
29 AC_CONFIG_AUX_DIR(config) 29 AC_CONFIG_AUX_DIR(config)
30-- 30--
312.17.1 312.34.1
32 32
diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
deleted file mode 100644
index 58bf81062..000000000
--- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
+++ /dev/null
@@ -1,116 +0,0 @@
1From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001
2From: Tom Lane <tgl@sss.pgh.pa.us>
3Date: Mon, 8 Nov 2021 11:01:43 -0500
4Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption
5 handshake.
6
7The server collects up to a bufferload of data whenever it reads data
8from the client socket. When SSL or GSS encryption is requested
9during startup, any additional data received with the initial
10request message remained in the buffer, and would be treated as
11already-decrypted data once the encryption handshake completed.
12Thus, a man-in-the-middle with the ability to inject data into the
13TCP connection could stuff some cleartext data into the start of
14a supposedly encryption-protected database session.
15
16This could be abused to send faked SQL commands to the server,
17although that would only work if the server did not demand any
18authentication data. (However, a server relying on SSL certificate
19authentication might well not do so.)
20
21To fix, throw a protocol-violation error if the internal buffer
22is not empty after the encryption handshake.
23
24Our thanks to Jacob Champion for reporting this problem.
25
26Security: CVE-2021-23214
27
28Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951]
29CVE: CVE-2021-23214
30
31Signed-off-by: Changqing Li <changqing.li@windriver.com>
32
33---
34 src/backend/libpq/pqcomm.c | 11 +++++++++++
35 src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++-
36 src/include/libpq/libpq.h | 1 +
37 3 files changed, 34 insertions(+), 1 deletion(-)
38
39diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
40index ee2cd86..4dd1c02 100644
41--- a/src/backend/libpq/pqcomm.c
42+++ b/src/backend/libpq/pqcomm.c
43@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s)
44 }
45 }
46
47+/* -------------------------------
48+ * pq_buffer_has_data - is any buffered data available to read?
49+ *
50+ * This will *not* attempt to read more data.
51+ * --------------------------------
52+ */
53+bool
54+pq_buffer_has_data(void)
55+{
56+ return (PqRecvPointer < PqRecvLength);
57+}
58
59 /* --------------------------------
60 * pq_startmsgread - begin reading a message from the client.
61diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
62index 5775fc0..1fcc3f8 100644
63--- a/src/backend/postmaster/postmaster.c
64+++ b/src/backend/postmaster/postmaster.c
65@@ -2049,6 +2049,17 @@ retry1:
66 return STATUS_ERROR;
67 #endif
68
69+ /*
70+ * At this point we should have no data already buffered. If we do,
71+ * it was received before we performed the SSL handshake, so it wasn't
72+ * encrypted and indeed may have been injected by a man-in-the-middle.
73+ * We report this case to the client.
74+ */
75+ if (pq_buffer_has_data())
76+ ereport(FATAL,
77+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
78+ errmsg("received unencrypted data after SSL request"),
79+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
80 /*
81 * regular startup packet, cancel, etc packet should follow, but not
82 * another SSL negotiation request, and a GSS request should only
83@@ -2080,7 +2091,17 @@ retry1:
84 if (GSSok == 'G' && secure_open_gssapi(port) == -1)
85 return STATUS_ERROR;
86 #endif
87-
88+ /*
89+ * At this point we should have no data already buffered. If we do,
90+ * it was received before we performed the GSS handshake, so it wasn't
91+ * encrypted and indeed may have been injected by a man-in-the-middle.
92+ * We report this case to the client.
93+ */
94+ if (pq_buffer_has_data())
95+ ereport(FATAL,
96+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
97+ errmsg("received unencrypted data after GSSAPI encryption request"),
98+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
99 /*
100 * regular startup packet, cancel, etc packet should follow, but not
101 * another GSS negotiation request, and an SSL request should only
102diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
103index b115247..9969692 100644
104--- a/src/include/libpq/libpq.h
105+++ b/src/include/libpq/libpq.h
106@@ -73,6 +73,7 @@ extern int pq_getbyte(void);
107 extern int pq_peekbyte(void);
108 extern int pq_getbyte_if_available(unsigned char *c);
109 extern int pq_putbytes(const char *s, size_t len);
110+extern bool pq_buffer_has_data(void);
111
112 /*
113 * prototypes for functions in be-secure.c
114--
1152.17.1
116
diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
deleted file mode 100644
index 42b78539b..000000000
--- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
+++ /dev/null
@@ -1,131 +0,0 @@
1From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001
2From: Tom Lane <tgl@sss.pgh.pa.us>
3Date: Mon, 8 Nov 2021 11:14:56 -0500
4Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption
5 handshake.
6
7libpq collects up to a bufferload of data whenever it reads data from
8the socket. When SSL or GSS encryption is requested during startup,
9any additional data received with the server's yes-or-no reply
10remained in the buffer, and would be treated as already-decrypted data
11once the encryption handshake completed. Thus, a man-in-the-middle
12with the ability to inject data into the TCP connection could stuff
13some cleartext data into the start of a supposedly encryption-protected
14database session.
15
16This could probably be abused to inject faked responses to the
17client's first few queries, although other details of libpq's behavior
18make that harder than it sounds. A different line of attack is to
19exfiltrate the client's password, or other sensitive data that might
20be sent early in the session. That has been shown to be possible with
21a server vulnerable to CVE-2021-23214.
22
23To fix, throw a protocol-violation error if the internal buffer
24is not empty after the encryption handshake.
25
26Our thanks to Jacob Champion for reporting this problem.
27
28Security: CVE-2021-23222
29
30Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45]
31CVE: CVE-2021-23222
32
33Signed-off-by: Changqing Li <changqing.li@windriver.com>
34---
35 doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++
36 src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++
37 2 files changed, 54 insertions(+)
38
39diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
40index e26619e1b5..b692648fca 100644
41--- a/doc/src/sgml/protocol.sgml
42+++ b/doc/src/sgml/protocol.sgml
43@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional -->
44 and proceed without requesting <acronym>SSL</acronym>.
45 </para>
46
47+ <para>
48+ When <acronym>SSL</acronym> encryption can be performed, the server
49+ is expected to send only the single <literal>S</literal> byte and then
50+ wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
51+ If additional bytes are available to read at this point, it likely
52+ means that a man-in-the-middle is attempting to perform a
53+ buffer-stuffing attack
54+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
55+ Frontends should be coded either to read exactly one byte from the
56+ socket before turning the socket over to their SSL library, or to
57+ treat it as a protocol violation if they find they have read additional
58+ bytes.
59+ </para>
60+
61 <para>
62 An initial SSLRequest can also be used in a connection that is being
63 opened to send a CancelRequest message.
64@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional -->
65 encryption.
66 </para>
67
68+ <para>
69+ When <acronym>GSSAPI</acronym> encryption can be performed, the server
70+ is expected to send only the single <literal>G</literal> byte and then
71+ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake.
72+ If additional bytes are available to read at this point, it likely
73+ means that a man-in-the-middle is attempting to perform a
74+ buffer-stuffing attack
75+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
76+ Frontends should be coded either to read exactly one byte from the
77+ socket before turning the socket over to their GSSAPI library, or to
78+ treat it as a protocol violation if they find they have read additional
79+ bytes.
80+ </para>
81+
82 <para>
83 An initial GSSENCRequest can also be used in a connection that is being
84 opened to send a CancelRequest message.
85diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
86index f80f4e98d8..57aee95183 100644
87--- a/src/interfaces/libpq/fe-connect.c
88+++ b/src/interfaces/libpq/fe-connect.c
89@@ -3076,6 +3076,19 @@ keep_going: /* We will come back to here until there is
90 pollres = pqsecure_open_client(conn);
91 if (pollres == PGRES_POLLING_OK)
92 {
93+ /*
94+ * At this point we should have no data already buffered.
95+ * If we do, it was received before we performed the SSL
96+ * handshake, so it wasn't encrypted and indeed may have
97+ * been injected by a man-in-the-middle.
98+ */
99+ if (conn->inCursor != conn->inEnd)
100+ {
101+ appendPQExpBufferStr(&conn->errorMessage,
102+ libpq_gettext("received unencrypted data after SSL response\n"));
103+ goto error_return;
104+ }
105+
106 /* SSL handshake done, ready to send startup packet */
107 conn->status = CONNECTION_MADE;
108 return PGRES_POLLING_WRITING;
109@@ -3175,6 +3188,19 @@ keep_going: /* We will come back to here until there is
110 pollres = pqsecure_open_gss(conn);
111 if (pollres == PGRES_POLLING_OK)
112 {
113+ /*
114+ * At this point we should have no data already buffered.
115+ * If we do, it was received before we performed the GSS
116+ * handshake, so it wasn't encrypted and indeed may have
117+ * been injected by a man-in-the-middle.
118+ */
119+ if (conn->inCursor != conn->inEnd)
120+ {
121+ appendPQExpBufferStr(&conn->errorMessage,
122+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n"));
123+ goto error_return;
124+ }
125+
126 /* All set for startup packet */
127 conn->status = CONNECTION_MADE;
128 return PGRES_POLLING_WRITING;
129--
1302.17.1
131
diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
index ba2ee29f0..fa46912ee 100644
--- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
@@ -1,7 +1,7 @@
1From 7e2af4de19be58bc9d551c41ce2750396d357f34 Mon Sep 17 00:00:00 2001 1From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com> 2From: Changqing Li <changqing.li@windriver.com>
3Date: Tue, 27 Nov 2018 13:25:15 +0800 3Date: Tue, 27 Nov 2018 13:25:15 +0800
4Subject: [PATCH] PATCH] not check libperl under cross compiling 4Subject: [PATCH] not check libperl under cross compiling
5 5
6Upstream-Status: Inappropriate [configuration] 6Upstream-Status: Inappropriate [configuration]
7 7
@@ -16,12 +16,14 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
16update patch to version 11.1 16update patch to version 11.1
17Signed-off-by: Changqing Li <changqing.li@windriver.com> 17Signed-off-by: Changqing Li <changqing.li@windriver.com>
18--- 18---
19 configure.in | 2 +- 19 configure.ac | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-) 20 1 file changed, 1 insertion(+), 1 deletion(-)
21 21
22--- a/configure.in 22diff --git a/configure.ac b/configure.ac
23+++ b/configure.in 23index fba79ee..7170f26 100644
24@@ -2206,7 +2206,7 @@ Use --without-tcl to disable building PL 24--- a/configure.ac
25+++ b/configure.ac
26@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.])
25 fi 27 fi
26 28
27 # check for <perl.h> 29 # check for <perl.h>
@@ -30,3 +32,6 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
30 ac_save_CPPFLAGS=$CPPFLAGS 32 ac_save_CPPFLAGS=$CPPFLAGS
31 CPPFLAGS="$CPPFLAGS $perl_includespec" 33 CPPFLAGS="$CPPFLAGS $perl_includespec"
32 AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])], 34 AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])],
35--
362.34.1
37
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-oe/recipes-dbs/postgresql/postgresql.inc
index e609ac33e..257d27b11 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql.inc
+++ b/meta-oe/recipes-dbs/postgresql/postgresql.inc
@@ -19,11 +19,11 @@ DESCRIPTION = "\
19" 19"
20HOMEPAGE = "http://www.postgresql.com" 20HOMEPAGE = "http://www.postgresql.com"
21LICENSE = "BSD-0-Clause" 21LICENSE = "BSD-0-Clause"
22DEPENDS = "libnsl2 zlib readline tzcode-native" 22DEPENDS = "libnsl2 readline tzcode-native"
23 23
24ARM_INSTRUCTION_SET = "arm" 24ARM_INSTRUCTION_SET = "arm"
25 25
26SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \ 26SRC_URI = "https://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \
27 file://postgresql.init \ 27 file://postgresql.init \
28 file://postgresql-profile \ 28 file://postgresql-profile \
29 file://postgresql.pam \ 29 file://postgresql.pam \
@@ -43,7 +43,6 @@ CFLAGS += "-I${STAGING_INCDIR}/${PYTHON_DIR} -I${STAGING_INCDIR}/tcl8.6"
43SYSTEMD_SERVICE:${PN} = "postgresql.service" 43SYSTEMD_SERVICE:${PN} = "postgresql.service"
44SYSTEMD_AUTO_ENABLE:${PN} = "disable" 44SYSTEMD_AUTO_ENABLE:${PN} = "disable"
45 45
46DEPENDS:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-systemctl-native', '', d)}"
47pkg_postinst:${PN} () { 46pkg_postinst:${PN} () {
48 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd sysvinit', 'true', 'false', d)}; then 47 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd sysvinit', 'true', 'false', d)}; then
49 if [ -n "$D" ]; then 48 if [ -n "$D" ]; then
@@ -53,23 +52,29 @@ pkg_postinst:${PN} () {
53 fi 52 fi
54} 53}
55 54
56enable_pam = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" 55PACKAGECONFIG ??= " \
57PACKAGECONFIG ??= "${enable_pam} openssl python uuid libxml tcl nls libxml perl" 56 ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)} \
58PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," 57 openssl python uuid libxml tcl perl zlib \
59PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl ac_cv_file__dev_urandom=yes,openssl," 58"
60PACKAGECONFIG[python] = "--with-python,--without-python,python3,python3"
61PACKAGECONFIG[uuid] = "--with-uuid=e2fs,--without-uuid,util-linux,"
62PACKAGECONFIG[tcl] = "--with-tcl --with-tclconfig=${STAGING_BINDIR_CROSS},--without-tcl,tcl tcl-native," 59PACKAGECONFIG[tcl] = "--with-tcl --with-tclconfig=${STAGING_BINDIR_CROSS},--without-tcl,tcl tcl-native,"
63PACKAGECONFIG[nls] = "--enable-nls,--disable-nls,,"
64PACKAGECONFIG[libxml] = "--with-libxml,--without-libxml,libxml2,libxml2"
65PACKAGECONFIG[perl] = "--with-perl,--without-perl,perl,perl" 60PACKAGECONFIG[perl] = "--with-perl,--without-perl,perl,perl"
61PACKAGECONFIG[python] = "--with-python,--without-python,python3,python3"
62PACKAGECONFIG[gssapi] = "--with-gssapi,--without-gssapi,krb5"
63PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
64PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
65PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd systemd-systemctl-native"
66PACKAGECONFIG[uuid] = "--with-uuid=e2fs,--without-uuid,util-linux"
67PACKAGECONFIG[libxml] = "--with-libxml,--without-libxml,libxml2,libxml2"
68PACKAGECONFIG[libxslt] = "--with-libxslt,--without-libxslt,libxslt"
69PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
70PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4"
71PACKAGECONFIG[openssl] = "--with-ssl=openssl,ac_cv_file__dev_urandom=yes,openssl"
66 72
67EXTRA_OECONF += "--enable-thread-safety --disable-rpath \ 73EXTRA_OECONF += "--enable-thread-safety --disable-rpath \
68 --datadir=${datadir}/${BPN} \ 74 --datadir=${datadir}/${BPN} \
69 --sysconfdir=${sysconfdir}/${BPN} \ 75 --sysconfdir=${sysconfdir}/${BPN} \
70" 76"
71EXTRA_OECONF:sh4 += "--disable-spinlocks" 77EXTRA_OECONF:sh4 += "--disable-spinlocks"
72EXTRA_OECONF:aarch64 += "--disable-spinlocks"
73 78
74DEBUG_OPTIMIZATION:remove:mips = " -Og" 79DEBUG_OPTIMIZATION:remove:mips = " -Og"
75DEBUG_OPTIMIZATION:append:mips = " -O" 80DEBUG_OPTIMIZATION:append:mips = " -O"
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb
index 2ed0fa49b..1112cc21d 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb
@@ -6,9 +6,7 @@ SRC_URI += "\
6 file://not-check-libperl.patch \ 6 file://not-check-libperl.patch \
7 file://0001-Add-support-for-RISC-V.patch \ 7 file://0001-Add-support-for-RISC-V.patch \
8 file://0001-Improve-reproducibility.patch \ 8 file://0001-Improve-reproducibility.patch \
9 file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ 9 file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \
10 file://CVE-2021-23214.patch \
11 file://CVE-2021-23222.patch \
12" 10"
13 11
14SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" 12SRC_URI[sha256sum] = "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f"