mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

postgresql: upgrade to release 13.1

Browse Source 
Fixes CVE-2020-25694, plus a bunch more CVE that don't look relevant.

* --with-krb5 no longer exists, neither does --disable-shared
* remove internal-zlib.patch.1:
  zlib is only used by pg_* tools / contrib/pgcrypto
* remove postgresql-libs-leak.patch:
  some relic from pre-gbuild times, not clear what the point is for
  static libs
* remove postgresql-9.2.1-libreoffice.patch:
  another dmake .mk file relic, and the win32 nmake build system was
  removed
* add postgres-msvc-build.patch.1 to fix Cygwin perl and openssl
* on WNT, libpq.dll is now built, no longer static lib

Change-Id: Ic0232a28801b2f604d9f4e33d5621ae3362defaa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109640
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
This commit is contained in:
Michael Stahl
2021-01-19 15:38:05 +01:00
parent 4b55847b81
commit 234833f782
13 changed files with 170 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
RepositoryExternal.mk
View File

@@ -3052,7 +3052,7 @@ else # !SYSTEM_POSTGRESQL
define gb_LinkTarget__use_postgresql
$(call gb_LinkTarget_use_external_project,$(1),postgresql)
$(call gb_LinkTarget_use_external_project,$(1),postgresql,full)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,postgresql)/src/include \
@@ -3060,19 +3060,25 @@ $(call gb_LinkTarget_set_include,$(1),\
$$(INCLUDE) \
)
ifeq ($(OS),WNT)
$(eval $(call gb_Helper_register_packages_for_install,postgresqlsdbc,\
postgresql \
))
$(call gb_LinkTarget_add_libs,$(1),\
$(call gb_UnpackedTarball_get_dir,postgresql)/$(gb_MSBUILD_CONFIG)/libpq/libpq.lib \
)
else # WNT
$(call gb_LinkTarget_add_libs,$(1),\
$(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \
$(call gb_UnpackedTarball_get_dir,postgresql)/src/common/libpgcommon$(gb_StaticLibrary_PLAINEXT) \
$(call gb_UnpackedTarball_get_dir,postgresql)/src/port/libpgport$(gb_StaticLibrary_PLAINEXT) \
)
ifeq ($(OS),WNT)
$(call gb_LinkTarget_use_external,$(1),openssl)
$(call gb_LinkTarget_use_system_win32_libs,$(1),\
secur32 \
ws2_32 \
)
endif
endif # WNT
endef

4
download.lst
View File

@@ -220,8 +220,8 @@ export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
export POPPLER_TARBALL := poppler-21.01.0.tar.xz
export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126
export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2
export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
export PYTHON_SHA256SUM := 5f41968a95afe9bc12192d7e6861aab31e80a46c46fa59d3d837def6a4cd4d37
export PYTHON_TARBALL := Python-3.8.4.tar.xz
export QRCODEGEN_SHA256SUM := fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a

16
external/postgresql/ExternalPackage_postgresql.mk vendored Normal file
View File

@@ -0,0 +1,16 @@
# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
#
# This file is part of the LibreOffice project.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
$(eval $(call gb_ExternalPackage_ExternalPackage,postgresql,postgresql))
$(eval $(call gb_ExternalPackage_use_external_project,postgresql,postgresql))
$(eval $(call gb_ExternalPackage_add_file,postgresql,$(LIBO_LIB_FOLDER)/libpq.dll,$(gb_MSBUILD_CONFIG)/libpq/libpq.dll))
# vim: set noet sw=4 ts=4:

16
external/postgresql/ExternalProject_postgresql.mk vendored
View File

@@ -12,7 +12,6 @@ $(eval $(call gb_ExternalProject_ExternalProject,postgresql))
$(eval $(call gb_ExternalProject_use_externals,postgresql,\
$(if $(ENABLE_LDAP),openldap) \
openssl \
zlib \
))
$(eval $(call gb_ExternalProject_register_targets,postgresql,\
@@ -26,8 +25,9 @@ $(eval $(call gb_ExternalProject_use_nmake,postgresql,build))
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_Trace_StartRange,postgresql,EXTERNAL)
$(call gb_ExternalProject_run,build,\
nmake -f win32.mak USE_SSL=1 USE_LDAP=1 \
,src)
MSBFLAGS=/p:Platform=$(gb_MSBUILD_PLATFORM) \
$(PERL) build.pl $(gb_MSBUILD_CONFIG) libpq \
,src/tools/msvc)
$(call gb_Trace_EndRange,postgresql,EXTERNAL)
else
@@ -57,22 +57,26 @@ postgresql_LDFLAGS += \
endif
# note: as of 13.1, zlib is not needed by libpq
# passing MAKELEVEL=0 is required to find internal headers
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_Trace_StartRange,postgresql,EXTERNAL)
$(call gb_ExternalProject_run,build,\
./configure \
--without-readline --disable-shared --with-ldap \
--without-readline \
--without-zlib \
--with-ldap \
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
$(if $(DISABLE_OPENSSL),,--with-openssl \
$(if $(WITH_KRB5), --with-krb5) \
$(if $(WITH_GSSAPI),--with-gssapi)) \
$(if $(ENABLE_LDAP),,--with-ldap=no) \
CFLAGS="-fPIC" \
CPPFLAGS="$(postgresql_CPPFLAGS)" \
LDFLAGS="$(postgresql_LDFLAGS)" \
$(if $(ENABLE_LDAP),EXTRA_LDAP_LIBS="-llber -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4") \
&& cd src/interfaces/libpq \
&& MAKEFLAGS= && $(MAKE) all-static-lib)
&& MAKEFLAGS= && $(MAKE) MAKELEVEL=0 all-static-lib)
$(call gb_Trace_EndRange,postgresql,EXTERNAL)
endif

6
external/postgresql/Module_postgresql.mk vendored
View File

@@ -14,4 +14,10 @@ $(eval $(call gb_Module_add_targets,postgresql,\
UnpackedTarball_postgresql \
))
ifeq ($(OS),WNT)
$(eval $(call gb_Module_add_targets,postgresql,\
ExternalPackage_postgresql \
))
endif # WNT
# vim: set noet sw=4 ts=4:

11
external/postgresql/UnpackedTarball_postgresql.mk vendored
View File

@@ -13,19 +13,12 @@ $(eval $(call gb_UnpackedTarball_set_tarball,postgresql,$(POSTGRESQL_TARBALL),,p
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,postgresql,config))
$(eval $(call gb_UnpackedTarball_set_patchlevel,postgresql,3))
$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
external/postgresql/postgresql-libs-leak.patch \
external/postgresql/postgresql-9.2.1-libreoffice.patch \
external/postgresql/windows.patch.0 \
external/postgresql/postgresql.exit.patch.0 \
external/postgresql/postgres-msvc-build.patch.1 \
))
ifeq ($(SYSTEM_ZLIB),)
$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
external/postgresql/internal-zlib.patch.1 \
))
endif
$(eval $(call gb_UnpackedTarball_add_file,postgresql,src/tools/msvc/config.pl,external/postgresql/config.pl))
# vim: set noet sw=4 ts=4:

1
external/postgresql/config.pl vendored Normal file
View File

@@ -0,0 +1 @@
$config->{openssl} = "$ENV{WORKDIR}/UnpackedTarball/openssl";

29
external/postgresql/internal-zlib.patch.1 vendored
View File

@@ -1,29 +0,0 @@
diff -up postgresql/configure.dt postgresql/configure
--- postgresql/configure.dt 2016-11-03 17:34:17.282388226 +0100
+++ postgresql/configure 2016-11-03 17:34:35.004202484 +0100
@@ -8566,13 +8566,13 @@ fi
if test "$with_zlib" = yes; then
-{ $as_echo "$as_me:$LINENO: checking for inflate in -lz" >&5
-$as_echo_n "checking for inflate in -lz... " >&6; }
+{ $as_echo "$as_me:$LINENO: checking for inflate in -lzlib" >&5
+$as_echo_n "checking for inflate in -lzlib... " >&6; }
if test "${ac_cv_lib_z_inflate+set}" = set; then
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lz $LIBS"
+LIBS="-lzlib $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -8636,7 +8636,7 @@ if test "x$ac_cv_lib_z_inflate" = x""yes
#define HAVE_LIBZ 1
_ACEOF
- LIBS="-lz $LIBS"
+ LIBS="-lzlib $LIBS"
else
{ { $as_echo "$as_me:$LINENO: error: zlib library not found

110
external/postgresql/postgres-msvc-build.patch.1 vendored Normal file
View File

@@ -0,0 +1,110 @@
Cygwin perl calls /bin/sh which can't resolve to .exe
Also Cygwin perl has $Config{osname} different from MSWin32, and why even check that?
--- postgresql/src/tools/msvc/build.pl.orig 2021-01-19 17:36:09.801463500 +0100
+++ postgresql/src/tools/msvc/build.pl 2021-01-19 17:36:20.426821300 +0100
@@ -55,13 +55,13 @@
if ($buildwhat)
{
system(
- "msbuild $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
+ "msbuild.exe $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
);
}
else
{
system(
- "msbuild pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
+ "msbuild.exe pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
);
}
--- postgresql/src/tools/msvc/Project.pm.orig 2021-01-19 17:59:18.799237700 +0100
+++ postgresql/src/tools/msvc/Project.pm 2021-01-19 17:59:48.487711700 +0100
@@ -22,7 +22,7 @@
my $self = {
name => $name,
type => $type,
- guid => $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE',
+ guid => Win32::GuidGen(),
files => {},
references => [],
libraries => [],
--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 18:03:04.594229100 +0100
+++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 18:04:13.677610100 +0100
@@ -59,7 +59,7 @@
{
my $self = shift;
- if ($^O eq "MSWin32")
+ if (1) #($^O eq "MSWin32")
{
# Examine CL help output to determine if we are in 32 or 64-bit mode.
my $output = `cl /? 2>&1`;
@@ -1081,7 +1081,7 @@
}
if ($fld ne "")
{
- $flduid{$fld} = $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE';
+ $flduid{$fld} = Win32::GuidGen();
print $sln <<EOF;
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "$fld", "$fld", "$flduid{$fld}"
EndProject
--- postgresql/src/tools/msvc/VSObjectFactory.pm.orig 2021-01-19 18:06:42.633421700 +0100
+++ postgresql/src/tools/msvc/VSObjectFactory.pm 2021-01-19 18:06:28.663523200 +0100
@@ -111,7 +111,7 @@
sub DetermineVisualStudioVersion
{
- if ($^O eq "MSWin32")
+ if (1) # ($^O eq "MSWin32")
{
# To determine version of Visual Studio we use nmake as it has
# existed for a long time and still exists in current Visual
--- postgresql/src/tools/msvc/Mkvcbuild.pm.orig 2021-01-19 18:23:59.830153900 +0100
+++ postgresql/src/tools/msvc/Mkvcbuild.pm 2021-01-19 18:24:04.095411300 +0100
@@ -9,7 +9,7 @@
use warnings;
use Carp;
-use if ($^O eq "MSWin32"), 'Win32';
+use Win32;
use Project;
use Solution;
use Cwd;
--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 20:27:21.366237600 +0100
+++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 20:28:17.773662900 +0100
@@ -126,7 +126,8 @@
# openssl.exe is in the specified directory.
# Quote the .exe name in case it has spaces
my $opensslcmd =
- qq("$self->{options}->{openssl}\\bin\\openssl.exe" version 2>&1);
+ qq("$self->{options}->{openssl}\\apps\\openssl.exe" version 2>&1);
+ print "$opensslcmd";
my $sslout = `$opensslcmd`;
$? >> 8 == 0
@@ -964,8 +964,8 @@
# On both Win32 and Win64 the same library
# names are used without a debugging context.
$dbgsuffix = 0;
- $libsslpath = '\lib\libssl.lib';
- $libcryptopath = '\lib\libcrypto.lib';
+ $libsslpath = '\libssl.lib';
+ $libcryptopath = '\libcrypto.lib';
}
$proj->AddLibrary($self->{options}->{openssl} . $libsslpath,
@@ -990,9 +990,9 @@
# to be here, so don't ask for it in last
# parameter.
$proj->AddLibrary(
- $self->{options}->{openssl} . '\lib\ssleay32.lib', 0);
+ $self->{options}->{openssl} . '\ssleay32.lib', 0);
$proj->AddLibrary(
- $self->{options}->{openssl} . '\lib\libeay32.lib', 0);
+ $self->{options}->{openssl} . '\libeay32.lib', 0);
}
}
}

74
external/postgresql/postgresql-9.2.1-libreoffice.patch vendored
View File

@@ -1,74 +0,0 @@
--- misc/build/postgresql-9.1.1/src/interfaces/libpq/Makefile 2011-09-22 23:57:57.000000000 +0200
+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/Makefile 2011-12-15 09:02:18.000000000 +0100
@@ -148,3 +148,6 @@
maintainer-clean: distclean maintainer-clean-lib
$(MAKE) -C test $@
rm -f libpq-dist.rc
+
+libpq-flags.mk:
+ @printf '%s\n' 'LIBPQ_DEP_LIBS+=$(SHLIB_LINK)' > '$@'
--- misc/build/postgresql-9.1.1/src/interfaces/libpq/win32.mak 2011-12-14 14:28:59.000000000 +0100
+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/win32.mak 2011-12-15 09:11:37.000000000 +0100
@@ -11,14 +11,12 @@
!ENDIF
!IFDEF DEBUG
-OPT=/Od /Zi /MDd
+OPT=/Od /Zi
LOPT=/DEBUG
-DEBUGDEF=/D _DEBUG
-OUTFILENAME=libpqd
+OUTFILENAME=libpq
!ELSE
OPT=/O2 /MD
LOPT=
-DEBUGDEF=/D NDEBUG
OUTFILENAME=libpq
!ENDIF
@@ -67,18 +66,11 @@
CPP=cl.exe
RSC=rc.exe
-!IFDEF DEBUG
-OUTDIR=.\Debug
-INTDIR=.\Debug
-CPP_OBJS=.\Debug/
-!ELSE
-OUTDIR=.\Release
-INTDIR=.\Release
-CPP_OBJS=.\Release/
-!ENDIF
-
+OUTDIR=.
+INTDIR=.
+CPP_OBJS=./
-ALL : config "$(OUTDIR)\$(OUTFILENAME).lib" "$(OUTDIR)\$(OUTFILENAME).dll"
+ALL : config "$(OUTDIR)\$(OUTFILENAME).lib"
CLEAN :
-@erase "$(INTDIR)\getaddrinfo.obj"
@@ -178,10 +170,11 @@
"$(OUTDIR)" :
if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. /I "$(SSL_INC)" \
+CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. $(SOLARINC) /I $(WORKDIR)/UnpackedTarball/openssl/include \
/D "FRONTEND" $(DEBUGDEF) \
/D "WIN32" /D "_WINDOWS" /Fp"$(INTDIR)\libpq.pch" \
/Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c \
+ /D "_CRT_NONSTDC_NO_DEPRECATE" \
/D "_CRT_SECURE_NO_DEPRECATE" $(ADD_DEFINES)
!IFDEF USE_SSL
@@ -222,7 +215,7 @@
<<
"$(INTDIR)\libpq.res" : "$(INTDIR)" libpq-dist.rc
- $(RSC) $(RSC_PROJ) libpq-dist.rc
+ $(RSC) $(SOLARINC) $(RSC_PROJ) libpq-dist.rc
"$(OUTDIR)\$(OUTFILENAME).dll" : "$(OUTDIR)" "$(INTDIR)\libpq.res"

40
external/postgresql/postgresql-libs-leak.patch vendored
View File

@@ -1,40 +0,0 @@
diff --recursive -u misc/build/postgresql-9.1.1/configure.in misc/build/postgresql-9.1.1.patched/configure.in
--- misc/build/postgresql-9.1.1/configure.in 2011-09-22 23:57:57.000000000 +0200
+++ misc/build/postgresql-9.1.1.patched/configure.in 2012-02-03 11:42:45.000000000 +0100
@@ -903,18 +903,9 @@
*** Not using spinlocks will cause poor performance.])
fi
-if test "$with_gssapi" = yes ; then
- if test "$PORTNAME" != "win32"; then
- AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
- [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
- else
- LIBS="$LIBS -lgssapi32"
- fi
-fi
-
if test "$with_krb5" = yes ; then
if test "$PORTNAME" != "win32"; then
- AC_SEARCH_LIBS(com_err, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken' com_err 'com_err -lssl -lcrypto'], [],
+ AC_SEARCH_LIBS(com_err, [com_err 'com_err -lssl -lcrypto' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
[AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])])
AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
[AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])])
@@ -924,6 +915,15 @@
fi
fi
+if test "$with_gssapi" = yes ; then
+ if test "$PORTNAME" != "win32"; then
+ AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
+ [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
+ else
+ LIBS="$LIBS -lgssapi32"
+ fi
+fi
+
if test "$with_openssl" = yes ; then
dnl Order matters!
if test "$PORTNAME" != "win32"; then

8
external/postgresql/postgresql.exit.patch.0 vendored
View File

@@ -2,16 +2,16 @@
--- configure
+++ configure
@@ -24565,6 +24565,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+#include <stdlib.h>
typedef long int ac_int64;
/*
@@ -24702,6 +24702,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+#include <stdlib.h>
typedef long long int ac_int64;

6
solenv/flatpak-manifest.in
View File

@@ -387,10 +387,10 @@
"dest-filename": "external/tarballs/poppler-21.01.0.tar.xz"
},
{
"url": "https://dev-www.libreoffice.org/src/postgresql-9.2.24.tar.bz2",
"sha256": "a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126",
"url": "https://dev-www.libreoffice.org/src/postgresql-13.1.tar.bz2",
"sha256": "12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f",
"type": "file",
"dest-filename": "external/tarballs/postgresql-9.2.24.tar.bz2"
"dest-filename": "external/tarballs/postgresql-13.1.tar.bz2"
},
{
"url": "https://dev-www.libreoffice.org/src/QR-Code-generator-1.4.0.tar.gz",