From f95c6455f36e0cc7c32faa65880cc5a75ff7e4b0 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@redhat.com>
Date: Fri, 17 Aug 2012 11:48:18 -0400
Subject: [PATCH] Update to PostgreSQL 9.1.5

---
 .gitignore                      |  4 ++--
 README.rpm-dist                 | 34 ++++++++++++++++++++++++++-------
 postgresql-config-comment.patch | 29 +++++++++++-----------------
 postgresql-perl-rpath.patch     |  8 ++++----
 postgresql.service              |  3 +++
 postgresql.spec                 | 11 ++++++++---
 sources                         |  4 ++--
 7 files changed, 57 insertions(+), 36 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7ea9ff9..663da36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-/postgresql-9.1.4.tar.bz2
-/postgresql-9.1.4-US.pdf
+/postgresql-9.1.5.tar.bz2
+/postgresql-9.1.5-US.pdf
 /postgresql-9.0.8.tar.bz2
diff --git a/README.rpm-dist b/README.rpm-dist
index c7cb21f..6d2d920 100644
--- a/README.rpm-dist
+++ b/README.rpm-dist
@@ -172,17 +172,24 @@ MULTIPLE POSTMASTERS
 -------------------------------------------------------------------------------
 The postgresql-server RPM contains a systemd "unit" file, postgresql.service,
 that is used to start the PostgreSQL postmaster.  If you need to run multiple
-postmasters on one machine, you should clone this file and modify it as
-necessary.
+postmasters on one machine, you can create additional unit files derived
+from this one.
 
 As an example, let us create a secondary postmaster called, creatively enough,
 'secondary'.  Here are the steps:
-1.)	Copy /lib/systemd/system/postgresql.service to
-	/etc/systemd/system/secondary.service.
+1.)	Create a file named /etc/systemd/system/secondary.service.
 	(Note that user-created unit files must go into /etc not /lib!)
-2.)	Edit /etc/systemd/system/secondary.service to change the PGDATA and
-	PGPORT settings so they don't conflict with any other postmaster.
-3.)	Create the target PGDATA directory.
+	Put these lines in it:
+		.include /lib/systemd/system/postgresql.service
+		[Service]
+		Environment=PGPORT=nnnn
+		Environment=PGDATA=/path/to/data/directory
+	Replace "nnnn" and "/path/to/data/directory" with appropriate
+	settings that don't conflict with any other postmaster.
+2.)	As root, do "/bin/systemctl daemon-reload" to ensure systemd has
+	noticed your updates to the service file.
+3.)	Create the target PGDATA directory, making sure that its parent
+	directories have appropriate ownership and permissions.
 4.)	Initdb the target PGDATA with 'postgresql-setup initdb secondary'.
 5.)	Edit postgresql.conf in the target PGDATA to change settings as needed.
 6.)	Start the new postmaster with 'systemctl start secondary.service'.
@@ -194,6 +201,19 @@ service name in the postgresql-setup command, for example 'postgresql-setup
 upgrade secondary'.  This will let postgresql-setup find the correct data
 directory from the service file.
 
+If you are running SELinux in enforcing mode (which is highly recommended,
+particularly for network-exposed services like PostgreSQL) you will need to
+adjust SELinux policy to allow the postmaster to use non-default PGPORT or
+PGDATA settings.  To allow use of a non-default port, say 5433, do this
+as root:
+	semanage port -a -t postgresql_port_t -p tcp 5433
+To allow use of a non-default data directory, say /special/pgdata, do:
+	semanage fcontext -a -t postgresql_db_t "/special/pgdata(/.*)?"
+If you already created the directory, follow that with:
+	restorecon -R /special/pgdata
+These settings are persistent across reboots.  For more information
+see "man semanage".
+
 REGRESSION TESTING
 -------------------------------------------------------------------------------
 If you install the postgresql-test RPM then you can run the PostgreSQL
diff --git a/postgresql-config-comment.patch b/postgresql-config-comment.patch
index 58c62b5..f392802 100644
--- a/postgresql-config-comment.patch
+++ b/postgresql-config-comment.patch
@@ -1,26 +1,19 @@
-Add notes warning users that the data directory and port number are
-forced in the service file (the latter now mostly because it's traditional
-in Red Hat installations to set it there rather than in postgresql.conf).
+Add note warning users that Postgres' port number is forced in the service
+file, mainly because it's traditional in Red Hat installations to set it
+there rather than in postgresql.conf.  (There are minor usability benefits
+to doing it this way though, for example that the postmaster's port number
+is visible in "ps" as part of its command line.)
 
 
-diff -Naur postgresql-9.1.4.orig/src/backend/utils/misc/postgresql.conf.sample postgresql-9.1.4/src/backend/utils/misc/postgresql.conf.sample
---- postgresql-9.1.4.orig/src/backend/utils/misc/postgresql.conf.sample	2012-05-31 19:07:09.000000000 -0400
-+++ postgresql-9.1.4/src/backend/utils/misc/postgresql.conf.sample	2012-08-13 12:15:10.939846705 -0400
-@@ -38,6 +38,8 @@
- # The default values of these variables are driven from the -D command-line
- # option or PGDATA environment variable, represented here as ConfigDir.
- 
-+# Note: In RHEL/Fedora installations, you can't set data_directory here;
-+# adjust it in the service file instead.
- #data_directory = 'ConfigDir'		# use data in another directory
- 					# (change requires restart)
- #hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
-@@ -60,6 +62,8 @@
- 					# comma-separated list of addresses;
+diff -Naur postgresql-9.1.5.orig/src/backend/utils/misc/postgresql.conf.sample postgresql-9.1.5/src/backend/utils/misc/postgresql.conf.sample
+--- postgresql-9.1.5.orig/src/backend/utils/misc/postgresql.conf.sample	2012-08-14 18:41:04.000000000 -0400
++++ postgresql-9.1.5/src/backend/utils/misc/postgresql.conf.sample	2012-08-17 11:37:03.400210802 -0400
+@@ -61,6 +61,8 @@
  					# defaults to 'localhost', '*' = all
  					# (change requires restart)
+ #port = 5432				# (change requires restart)
 +# Note: In RHEL/Fedora installations, you can't set the port number here;
 +# adjust it in the service file instead.
- #port = 5432				# (change requires restart)
  #max_connections = 100			# (change requires restart)
  # Note:  Increasing max_connections costs ~400 bytes of shared memory per
+ # connection slot, plus lock space (see max_locks_per_transaction).
diff --git a/postgresql-perl-rpath.patch b/postgresql-perl-rpath.patch
index d28a502..59c199b 100644
--- a/postgresql-perl-rpath.patch
+++ b/postgresql-perl-rpath.patch
@@ -7,9 +7,9 @@ So work around it by adding an rpath spec to plperl.so (only).
 Per bug #162198.
 
 
-diff -Naur postgresql-9.1rc1.orig/src/pl/plperl/GNUmakefile postgresql-9.1rc1/src/pl/plperl/GNUmakefile
---- postgresql-9.1rc1.orig/src/pl/plperl/GNUmakefile	2011-08-18 17:23:13.000000000 -0400
-+++ postgresql-9.1rc1/src/pl/plperl/GNUmakefile	2011-08-18 18:42:43.653729368 -0400
+diff -Naur postgresql-9.1.5.orig/src/pl/plperl/GNUmakefile postgresql-9.1.5/src/pl/plperl/GNUmakefile
+--- postgresql-9.1.5.orig/src/pl/plperl/GNUmakefile	2012-08-14 18:41:04.000000000 -0400
++++ postgresql-9.1.5/src/pl/plperl/GNUmakefile	2012-08-17 11:15:09.457116708 -0400
 @@ -43,6 +43,9 @@
  
  SHLIB_LINK = $(perl_embed_ldflags)
@@ -18,5 +18,5 @@ diff -Naur postgresql-9.1rc1.orig/src/pl/plperl/GNUmakefile postgresql-9.1rc1/sr
 +SHLIB_LINK += $(rpath)
 +
  REGRESS_OPTS = --dbname=$(PL_TESTDB) --load-extension=plperl  --load-extension=plperlu
- REGRESS = plperl plperl_trigger plperl_shared plperl_elog plperl_util plperl_init plperlu plperl_array
+ REGRESS = plperl plperl_lc plperl_trigger plperl_shared plperl_elog plperl_util plperl_init plperlu plperl_array
  # if Perl can support two interpreters in one backend,
diff --git a/postgresql.service b/postgresql.service
index 6545b6e..4a55a66 100644
--- a/postgresql.service
+++ b/postgresql.service
@@ -14,6 +14,9 @@
 #	Environment=PGPORT=5433
 # This will override the setting appearing below.
 
+# Note: changing PGPORT or PGDATA will typically require adjusting SELinux
+# configuration as well; see /usr/share/doc/postgresql-*/README.rpm-dist.
+
 # Note: do not use a PGDATA pathname containing spaces, or you will
 # break postgresql-setup.
 
diff --git a/postgresql.spec b/postgresql.spec
index a5e1ce3..2d6e3cf 100644
--- a/postgresql.spec
+++ b/postgresql.spec
@@ -52,8 +52,8 @@
 Summary: PostgreSQL client programs
 Name: postgresql
 %global majorversion 9.1
-Version: 9.1.4
-Release: 5%{?dist}
+Version: 9.1.5
+Release: 1%{?dist}
 
 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@@ -939,12 +939,17 @@ fi
 %endif
 
 %changelog
+* Fri Aug 17 2012 Tom Lane <tgl@redhat.com> 9.1.5-1
+- Update to PostgreSQL 9.1.5, for various fixes described at
+  http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
+  including the fixes for CVE-2012-3488, CVE-2012-3489
+
 * Mon Aug 13 2012 Tom Lane <tgl@redhat.com> 9.1.4-5
 - Back-port upstream support for postmaster listening on multiple Unix sockets
 - Configure postmaster to create sockets in both /var/run/postgresql and /tmp;
   the former is now the default place for libpq to contact the postmaster.
 Resolves: #825448
-- Annotate postgresql.config about not setting port number there
+- Annotate postgresql.conf about not setting port number there
 - Minor specfile cleanup per suggestions from Tom Callaway
 Related: #845110
 
diff --git a/sources b/sources
index f80623d..bf53086 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-a8035688dba988b782725ac1aec60186  postgresql-9.1.4.tar.bz2
-16153e524a263f7c1e66f5bbc71b8976  postgresql-9.1.4-US.pdf
+c784decb60615aa94c6a31601bc6ffd2  postgresql-9.1.5.tar.bz2
+c497cce8d81a733200584e653c9177f5  postgresql-9.1.5-US.pdf
 0e830b0f6538e04b788c3208060256ef  postgresql-9.0.8.tar.bz2