From 6bcab53b120eebe369d4b6fc77eaeb1cff0bd8b4 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@fedoraproject.org>
Date: Jan 07 2008 19:01:59 +0000
Subject: Update to PostgreSQL 8.2.6 to fix CVE-2007-6600 and others


---

diff --git a/.cvsignore b/.cvsignore
index d4d00b1..530812c 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,4 @@
-postgresql-8.2.5.tar.bz2
+postgresql-8.2.6.tar.bz2
 PyGreSQL-3.8.1.tgz
 pgtcl1.6.0.tar.gz
 pgtcldocs-20070115.zip
diff --git a/postgresql-ac-version.patch b/postgresql-ac-version.patch
new file mode 100644
index 0000000..2533e04
--- /dev/null
+++ b/postgresql-ac-version.patch
@@ -0,0 +1,20 @@
+Upstream has a policy of only supporting one autoconf version with any
+given PostgreSQL version; which is good for ensuring repeatable results
+for PostgreSQL, but it's not very tenable in the Fedora/RHEL world.
+Dike out the check.
+
+
+diff -Naur postgresql-8.2.6.orig/configure.in postgresql-8.2.6/configure.in
+--- postgresql-8.2.6.orig/configure.in	2008-01-03 16:40:50.000000000 -0500
++++ postgresql-8.2.6/configure.in	2008-01-04 11:25:42.000000000 -0500
+@@ -19,10 +19,6 @@
+ 
+ AC_INIT([PostgreSQL], [8.2.6], [pgsql-bugs@postgresql.org])
+ 
+-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.59], [], [m4_fatal([Autoconf version 2.59 is required.
+-Untested combinations of 'autoconf' and PostgreSQL versions are not
+-recommended.  You can remove the check from 'configure.in' but it is then
+-your responsibility whether the result works or not.])])
+ AC_COPYRIGHT([Copyright (c) 1996-2006, PostgreSQL Global Development Group])
+ AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
+ AC_CONFIG_AUX_DIR(config)
diff --git a/postgresql.spec b/postgresql.spec
index 73918f0..724f530 100755
--- a/postgresql.spec
+++ b/postgresql.spec
@@ -80,8 +80,8 @@
 
 Summary: PostgreSQL client programs and libraries
 Name: postgresql
-Version: 8.2.5
-Release: 2%{?dist}
+Version: 8.2.6
+Release: 1%{?dist}
 License: BSD
 Group: Applications/Databases
 Url: http://www.postgresql.org/ 
@@ -101,6 +101,7 @@ Source19: http://pgfoundry.org/projects/pgtclng/pgtcl1.6.0.tar.gz
 Source20: http://pgfoundry.org/projects/pgtclng/pgtcldocs-20070115.zip
 
 Patch1: rpm-pgsql.patch
+Patch2: postgresql-ac-version.patch
 Patch3: postgresql-logging.patch
 Patch4: postgresql-test.patch
 Patch5: pgtcl-no-rpath.patch
@@ -339,6 +340,7 @@ system, including regression tests and benchmarks.
 %prep
 %setup -q 
 %patch1 -p1
+%patch2 -p1
 %patch3 -p1
 %patch4 -p1
 # patch5 is applied later
@@ -822,6 +824,10 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Mon Jan  7 2008 Tom Lane <tgl@redhat.com> 8.2.6-1
+- Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772,
+  CVE-2007-6067, CVE-2007-6600, CVE-2007-6601
+
 * Wed Dec  5 2007 Tom Lane <tgl@redhat.com> 8.2.5-2
 - Rebuild for new openssl
 
diff --git a/sources b/sources
index 2a6b0b0..97c8686 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-bb1cd309ea72f070cb964736f5755847  postgresql-8.2.5.tar.bz2
+17b9049b4fcad42ee95410833c1db228  postgresql-8.2.6.tar.bz2
 5575979dac93c9c5795d7693a8f91c86  PyGreSQL-3.8.1.tgz
 25eda4bb40fb3d4ec9b205a1fdc1bbbc  pgtcl1.6.0.tar.gz
 8ce98e93b238c3329d0fe43810442c44  pgtcldocs-20070115.zip