From 6f2e35359f2dedfa302ab91d3096366de13f2eb3 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 8 Nov 2017 07:01:14 +0100
Subject: [PATCH] postgresql-setup: fix CVE-2017-15097

Fixed by updating the postgresql-setup tarball.

Resolves: CVE-2017-15097
Version: 10.0-4
---
 .gitignore      | 2 +-
 postgresql.spec | 9 +++++++--
 sources         | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5db7ae7..52617e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,5 @@
 /postgresql-10.0.tar.bz2.sha256
 /postgresql-9.6.5.tar.bz2
 /postgresql-9.6.5.tar.bz2.sha256
-/postgresql-setup-5.1.tar.gz
+/postgresql-setup-6.0.tar.gz
 /postgresql-10.0-US.pdf
diff --git a/postgresql.spec b/postgresql.spec
index 56eb289..7c305c7 100644
--- a/postgresql.spec
+++ b/postgresql.spec
@@ -63,7 +63,7 @@ Summary: PostgreSQL client programs
 Name: postgresql
 %global majorversion 10
 Version: 10.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 
 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@@ -79,7 +79,7 @@ Url: http://www.postgresql.org/
 %global prevmajorversion 9.6
 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
 
-%global setup_version 5.1
+%global setup_version 6.0
 
 %global service_name postgresql.service
 Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
@@ -1078,8 +1078,10 @@ make -C postgresql-setup-%{setup_version} check
 %{_mandir}/man1/pg_resetwal.*
 %{_mandir}/man1/pg_rewind.*
 %{_mandir}/man1/postgres.*
+%{_mandir}/man1/postgresql-new-systemd-unit.*
 %{_mandir}/man1/postgresql-setup.*
 %{_mandir}/man1/postmaster.*
+%{_sbindir}/postgresql-new-systemd-unit
 %{_tmpfilesdir}/postgresql.conf
 %{_unitdir}/*postgresql*.service
 %attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql
@@ -1159,6 +1161,9 @@ make -C postgresql-setup-%{setup_version} check
 %endif
 
 %changelog
+* Mon Nov 06 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-4
+- rebase to new postgresql-setup 6.0 version, to fix CVE-2017-15097
+
 * Thu Oct 12 2017 Pavel Raiskup <praiskup@redhat.com> - 10.0-3
 - confess that we bundle setup scripts and previous version of ourseleves
 - provide %%postgresql_upgrade_prefix macro
diff --git a/sources b/sources
index 73f17ba..2bb8f23 100644
--- a/sources
+++ b/sources
@@ -2,5 +2,5 @@ SHA512 (postgresql-10.0.tar.bz2) = 88295af13db77a85a604c925aa627d383fdac62c11851
 SHA512 (postgresql-10.0.tar.bz2.sha256) = 69b10891bf6b99d3f0b05e17ac58d6148fdc73f59008fdfe7baab238515b5961b638afed3f0a3c4fd4786479bd53d16f413d8f22cd9c5d9a0f5df829aedbc04f
 SHA512 (postgresql-9.6.5.tar.bz2) = ad35c27ea55b18005ea61b49d6994718df86519b3f99addd0ecb17ece1f1c34764eb5194f8961c45cfa75703d810baf54433f8538cfd43a70bd908e1e5878df9
 SHA512 (postgresql-9.6.5.tar.bz2.sha256) = 8cfe5bfb00689ae30b6a3ddbccb8c74c0be244e2317ffa33dc89e56838d8b06a81a59cef0a204fff4f8ef23f7cffd7579b96b2d9207a5efb069e2160c2381a05
-SHA512 (postgresql-setup-5.1.tar.gz) = f901c2f5f0b60a51a46fce1abf3a9854b97d1f1337a4659d73d3e2930518a35eef94de400d259f2a799652ac6acef9575b9d474cc929641f2659aed195254981
+SHA512 (postgresql-setup-6.0.tar.gz) = 4fa02b35d3b2d1d79193fd3a6af02532b5a6736dbae23cad485492acd4eb0c5f25159f36eb445a63eac0097ec4c52f57c58b0960fa012577c24daac5a032b243
 SHA512 (postgresql-10.0-US.pdf) = 16991add93157fd846ba4be5d290ab8f37a94097ea285898080f5dca302fd0ae65a521eccf22a3a9ce44902aefdd7019de945cc532ebecb009bfbc18b1b2f72e